Skip to content

Commit

Permalink
Add usage example of tibt; FAQ about [arg1]
Browse files Browse the repository at this point in the history
  • Loading branch information
@torusrxxx
torusrxxx committed Jul 16, 2020
1 parent 6e3b1c4 commit cb9f532
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 1 deletion.
1 change: 1 addition & 0 deletions commands/index.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ This is the documentation of x64dbg commands.
FAQ:

- Please note that all integer constants are represented in hex. For example, after executing the following command, ``$i`` will be 256 (0x100): ``mov $i, 100`` . This also means a variable cannot begin with letters from A to F.
- Throughout this documentation, ``[arg1]`` (argument with a square bracket) represents an optional argument. ``arg1`` (argument without a square bracket) represents an mandatory argument. "[" and "]" represent memory reference operation in expression evaluation for the argument. If you don't want to refer to the content in the memory pointer, don't add "[" and "]".
- For commands with two or more arguments, a comma (,) is used to separate these arguments. Do not use a space to separate the arguments.
- x64dbg only supports integer in expressions. Strings, Floating point numbers and SSE/AVX data is not supported. Therefore you cannot use ``[eax]=="abcd"`` operator to compare strings. Instead, you can compare the first DWORD/QWORD of the string, or use an appropriate plugin which provides such feature.
- The "==" operator is used to test if both operands are equal. The "=" operator is used to transfer the value of the expression to the destination.
Expand Down
5 changes: 4 additions & 1 deletion commands/tracing/TraceIntoBeyondTraceRecord.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
# TraceIntoBeyondTraceRecord/tibt

Perform [StepInto](StepInto.md) until the program reaches somewhere outside the trace record.
Perform [StepInto](StepInto.md) until the program reaches somewhere outside the trace record. This is similar to `ticnd tr.hitcount(cip)==0&&arg1, arg2` except that it achieves higher performance by avoiding the expression function invocation.

Usage example: If you want to find out the forking point of the program when different inputs are provided, first enable or re-enable trace record to clean trace record data.
Then you trace while input A is provided. Finally you provide input B and execute `TraceIntoBeyondTraceRecord` command. The program will be paused where the instruction is never executed before.

## arguments

Expand Down

0 comments on commit cb9f532

Please sign in to comment.