Instruction tracing

 Action    name: ToggleTraceInstructions
 
This command starts instruction tracing. You can then use all the debugger commands as usual: the debugger will save all the modified register values for each instruction.

When you click on an instruction trace event in the trace window, IDA displays the corresponding register values preceding the execution of this instruction. In the 'Result' column of the Trace window, you can also see which registers were modified by this instruction. By using this information, you can for example quickly determine which instruction modified a specific register, or you can even backtrace the execution flow. Note that the IP register is never printed in the 'Result' column, although it is usually modified by almost any instruction (except perhaps some prefixed instructions like REP MOVSB, ...).

Internally, the debugger runs the current thread step by step to properly obtain all the required register values. This explains why instruction tracing is slower than a normal execution.

 See also Trace window
          Trace management
          Clear trace
          Function tracing
          Basic block tracing
          Add write trace
          Add read/write trace
          Add execution trace
          Tracing options
          Tracing submenu.
Index | Previous topic | Next topic