-
Notifications
You must be signed in to change notification settings - Fork 142
Stop offsets
hasherezade edited this page Aug 24, 2024
·
12 revisions
In some cases, we may want to pause the execution of the traced module (it can be done for variety of reasons, i.e. to dump the unpacked module, connect a debugger after the antidebug checks passed, and so on).
It is possible to define a list of such offsets where the TinyTracer will wait.
By default, this list is expected to be in install32_64/stop_offsets.txt. The default path can be changed in run_me.bat (Windows) or tiny_runner.sh (Linux), by editing analogous lines.
Stop offsets are defined as relative offsets within the traced module (RVA). We may also specify how many times the execution should stop at particular offsets (by default it is 0 - meaning infinite times).