View previous topic :: View next topic |
Author |
Message |
Redouane Master Cheater Reputation: 3
Joined: 05 Sep 2013 Posts: 363 Location: Algeria
|
Posted: Sun Aug 23, 2015 9:14 am Post subject: Int 3 in a program's memory |
|
|
I found this while debugging a game,the part that contains many 'int 3' instructions delimits two functions.
1- Why is the 'int 3' instruction used here? (I read that it's used for debugging,to implement breakpoints,but what is it doing here?)
2- Is that part of the memory used by the game (ie. if I change some bytes there,is there a risk to crash the application?)
Thanks
Description: |
|
Filesize: |
13.38 KB |
Viewed: |
10014 Time(s) |
|
|
|
Back to top |
|
|
Gniarf Grandmaster Cheater Supreme Reputation: 43
Joined: 12 Mar 2012 Posts: 1285
|
Posted: Sun Aug 23, 2015 9:35 am Post subject: |
|
|
1-Take the developer's perspective: obviously your program is never meant to execute those instructions that are outside functions so if by mistake (like a corrupt function pointer...) your program does execute them it'll immediately trigger a breakpoint allowing you (the dev) to look at it, closer to where it started going wrong than if the program executed the next function (ie: when functions are padded with nops).
2-You can safely modify those bytes and/or put your hacks there (I've done that many times). However if the game has integrity checks, they'll likely also check this padding.
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
Back to top |
|
|
Fresco Grandmaster Cheater Reputation: 4
Joined: 07 Nov 2010 Posts: 600
|
Posted: Sun Aug 23, 2015 9:54 am Post subject: |
|
|
Perhaps the game has it's own debugger in the background!
I saw that once in Need For Speed Most Wanted 2005
If that's the case then yes, changing those instructions may, but most of times will not, crash the game.
In your case though:
From the snapshot, I can see that the int3's are outside of functions (i.e. methods). Compilers like C++ fill blank areas (mainly for alignment purposes) with int3 instructions, I mean areas between functions or methods.
So yes, In your case, you can safely replace the int3's with whatever you please.
If you ever encounter an int3 inside a function/method
Code: | push ebp
mob ebp,esp
//;more code
int3
//;more code
pop ebp
ret |
Then that's goind to affect the game for sure!
_________________
... Fresco |
|
Back to top |
|
|
Redouane Master Cheater Reputation: 3
Joined: 05 Sep 2013 Posts: 363 Location: Algeria
|
Posted: Sun Aug 23, 2015 10:07 am Post subject: |
|
|
Thanks for the help.
|
|
Back to top |
|
|
STN I post too much Reputation: 42
Joined: 09 Nov 2005 Posts: 2672
|
Posted: Sun Aug 23, 2015 12:01 pm Post subject: |
|
|
The devs could have nothing to do with it and it may simply be compiler generated or a simple exception handling routine or just padding. Chances are those instructions are never executed.
I won't read much into it, the game is single player indie game probably using one of those weird game engines
_________________
|
|
Back to top |
|
|
atom0s Moderator Reputation: 199
Joined: 25 Jan 2006 Posts: 8518 Location: 127.0.0.1
|
Posted: Sun Aug 23, 2015 1:38 pm Post subject: |
|
|
1. It is compiler generated padding between functions. Depending on the compiler, those bytes can also be generated as various different things. It is used (int3) in those paddings as a sure-fire method to crash the application if anything is ever to over-extend its proper execution bounds.
2. No, it is just simple padding. You can safely do things to them if you are looking for places for code-caves and similar.
_________________
- Retired. |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Sun Aug 23, 2015 2:36 pm Post subject: |
|
|
as everyone said, it's padding yes
One of the reasons it's not 0 is that 00 00 turns into add [eax],al which would make debugging things difficult if EAX contained something useful for debugging
e.g:
where the value at eax points just before the function it wants to be at
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Redouane Master Cheater Reputation: 3
Joined: 05 Sep 2013 Posts: 363 Location: Algeria
|
Posted: Sun Aug 23, 2015 3:36 pm Post subject: |
|
|
Thanks guys
|
|
Back to top |
|
|
|