IDA Pro跟踪选项（Tracing options）

Action name:SetupTracing

This dialog box allows you to specify different settings related to the tracing features.

Trace buffer size

This setting indicates how many tracing events can fit in the trace buffer.

If the debugger must insert a new event and the buffer is full,

the oldest tracing event will be removed.

However,if you specify a size of 0,the buffer size isn't limited.

Notice that,for example,in the case of an instructions trace,

all executed instructions could be logged,which would quickly fill

up the memory!

Trace file

If a filename is specified,all future traced events will be appended to it.

Trace directory

The directory were trace files for the current database will be saved.If not

specified,the IDB directory will be used.

Stop condition

This IDC expression will be evaluated before the execution

of each instruction.If the expression returns true,the debugger will

suspend the execution.Please note that you can use register names in

the condition.

Tracing

-Trace over debugger segments

If selected,the debugger will not go step by step in debugger segments

(segments not available in the database).

-Trace over library functions

If selected,the debugger will not go step by step in library functions.

Enabling these options will speed up the execution,as many instructions

(from debugger segments and/or library functions)will not be traced.

Disabling these options can quickly fill the Tracing window,as all

instructions in DLLs and system functions will be executed step by step.

Notice that both options influence the way instruction and function tracings

will work.

Internally,the debugger proceeds like this:

-memorize the return address associated with the last executed call

instruction in database segments(the previously saved one is overwriten).

-setup a temporary breakpoint on this address once the IP is in a debugger

segment or library function,disable step by step,and run the thread.

-reenable step by step once this temporary breakpoint is reached.

-Do not log already logged IP

If selected,already executed instructions will not be logged if

they are executed again.

-Skip loops

If selected,tracing will be temporarily disabled for some loops

constructs.

Highlight

-Highlight instructions in IDA views

If selected,recorded instructions will be displayed in IDA views(disassembly

views)with a different background color.

-Main color

The main background color for traced instructions.

-Diff color

The background color for the instructions recorded and being diffed against the

currently loaded trace.

Instruction tracing

-Log if same IP

If selected,the debugger will also log all register modifications occuring

during the execution of prefixed instructions like REP MOVSB,...

Function tracing

-Log return instructions

If selected,the debugger will also log function returns.

If disabled,only function calls are logged.

Basic block tracing

-Log basic block instructions

If selected,all instructions from the current basic block will be logged

and displayed in the'Tracing'window,instead of only the last instruction of

the basic block.

以下为中文翻译：

操作名称：SetupTracing

此对话框允许您指定与描摹功能相关的不同设置。

跟踪缓冲区大小

此设置指示跟踪缓冲区中可以容纳多少跟踪事件。

如果调试器必须插入一个新事件并且缓冲区已满，

最早的跟踪事件将被删除。

但是，如果指定大小为0，则缓冲区大小不受限制。

请注意，例如，在指令跟踪的情况下，

可以记录所有执行的指令，这将很快填满

上内存！

跟踪文件

如果指定了文件名，所有未来跟踪的事件都将附加到它。

跟踪目录

当前数据库的跟踪文件目录将被保存。如果不

指定，将使用IDB目录。

停止条件

执行前进行评估

每条指令。如果表达式返回真，调试器将

暂停执行。请注意，您可以在

条件。

追踪

-跟踪调试器段

段中逐步进行

（数据库中不可用的段）。

-跟踪库函数

如果选中，调试器将不会在库函数中逐步执行。

启用这些选项将加快执行速度，因为许多指令

（来自调试器段和/或库函数）不会被跟踪。

禁用这些选项可以快速填满Tracing窗口，因为所有

DLL和系统函数中的指令将逐步执行。

跟踪的方式

将工作。

在内部，调试器是这样进行的：

-记住与最后执行的调用关联的返回地址

数据库段中的指令（先前保存的指令被覆盖）。

-一旦IP在调试器中，就在此地址上设置一个临时断点

段或库函数，逐步禁用，运行线程。

-到达临时断点后逐步重新启用。

-不要记录已经记录的IP

如果选择，已经执行的指令将不会被记录，如果

他们再次被处决。

-跳过循环

如果选中，将暂时禁用某些循环的跟踪

结构体。

强调

-在IDA视图中突出显示指令

如果选中，录制的指令将显示在IDA视图中（反汇编

视图）具有不同的背景颜色。

-主色

跟踪指令的主要背景色。

-差异颜色

记录的指令的背景颜色并与

当前加载的跟踪。

指令追踪

-如果IP相同则记录

如果选中，调试器还将记录所有发生的寄存器修改

在执行诸如REP MOVSB之类的前缀指令期间，...

函数追踪

-日志返回说明

如果选中，调试器还将记录函数返回。

如果禁用，则仅记录函数调用。

基本块跟踪

-记录基本块指令

记录当前基本块中的所有指令

并显示在“跟踪”窗口中，而不仅仅是最后一条指令

基本块。