Cheat Engine

[kipp8r]

Hi,

Firstly I found the info. from Dark Byte extremely useful on the thread viewtopic.php?t=3746

My question kinda of relates to this. I have my debug code attached to a game. My BP works but after a few breaks it crashes the game. I noticed that Dark Byte said that the RF flag does not work on windows so I tried to use the TF flag and clear the breakpoint then reset the breakpoint. Anyways heres the code.


if (WaitForDebugEvent( &devent , 150)) // wait 150 ms for debug event
{
dbgFlag = DBG_CONTINUE;
switch(devent.dwDebugEventCode)
{
case CREATE_PROCESS_DEBUG_EVENT:
h = ::OpenThread(THREAD_ALL_ACCESS, false, devent.dwThreadId);

setbreakpoint(h,&rx,dwStartAddress);
bHitbpSet = true;

break;
case EXIT_PROCESS_DEBUG_EVENT:
DebugActiveProcessStop(prc.pid);
::CloseHandle(h);
break;

case EXCEPTION_DEBUG_EVENT:
dbgFlag = DBG_EXCEPTION_NOT_HANDLED;
EXCEPTION_DEBUG_INFO edi = devent.u.Exception;
// new switch to see the different exceptions
switch (edi.ExceptionRecord.ExceptionCode)
{
case STATUS_SINGLE_STEP:
dbgFlag = DBG_CONTINUE;
// check to see if it is the correct breakpoint if (edi.ExceptionRecord.ExceptionAddress == (void*)dwStartAddress)
{ //Found our break
::GetThreadContext(h,&rx); //Reset the Breakpoint, move to the next instruction (single step) and set bp again
rx.EFlags |= 0x08;
rx.Dr0 = 0; // set debug register 0 to address to break
rx.Dr7 &= 0x3; // set debug register 7 first 2 bits to 0
SetThreadContext(h, &rx); // create break point at that address
bHitbpSet = false;


}


break;
}
if( !bSeenInitialBreakpoint && ( edi.ExceptionRecord.ExceptionCode == EXCEPTION_BREAKPOINT ) )
{
// This is the initial breakpoint, which is used to notify the debugger
// that the debuggee has initialized
//
// The debugger should handle this exception
//

dbgFlag = DBG_CONTINUE;

bSeenInitialBreakpoint = true;

}

break;


}

ContinueDebugEvent(devent.dwProcessId , devent.dwThreadId , dbgFlag);



}else{

// reset the bp?
if (!bHitbpSet){
setbreakpoint(h,&rx,dwStartAddress);
bHitbpSet = true;
}
}