| View previous topic :: View next topic |
| Author |
Message |
TraxMate
Master Cheater
![]() Reputation: 0
Joined: 01 Mar 2008
Posts: 363
|
 Posted: Wed Apr 08, 2009 9:22 am Post subject: [C++] Debug registers (solved) |
 |
|
Hi, I'm trying to change the eip at address 0x01002FF5 (MineSweeper timer) but I have no clue on how to use SetThreadContext to change the eip. I have a handle to the thread and I can change the eip randomly. But how do I change it to change eip for that specific address? I've tried this (Pseudo code) | Code: | CONTEXT Context;
DWORD dwOldEIP;
ZeroMemory(&Context, sizeof(CONTEXT));
SuspendThread(hThread);
Context.ContextFlags = CONTEXT_FULL | CONTEXT_DEBUG_REGISTERS;
GetThreadContext(hThread, &Context);
dwOldEIP = Context.Eip; // Store the old eip value
Context.Eip = 0x0060EC45; // new eip value
SetThreadContext(hThread, &Context);
ResumeThread(hThread); |
It works but since I never specified wich addy to change the eip it just changes it for some random addy(don't know if it really does that..). So I was wondering how do I specify what address to debug?
Last edited by TraxMate on Thu Apr 09, 2009 4:16 am; edited 1 time in total |
|
| Back to top |
|
 |
Flyte
Peanuts!!!!
 Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
|
| Back to top |
|
|
TraxMate
Master Cheater
![]() Reputation: 0
Joined: 01 Mar 2008
Posts: 363
|
| Posted: Wed Apr 08, 2009 12:15 pm Post subject: |
|
|
Hmm, I still don't get it. This is my main debugging loop | Code: | DEBUG_EVENT DebugEvent;
for(;;)
{
WaitForDebugEvent(&DebugEvent, INFINITE);
switch(DebugEvent.dwDebugEventCode)
{
case EXCEPTION_DEBUG_EVENT:
CONTEXT Context;
Context.ContextFlags = CONTEXT_FULL | CONTEXT_DEBUG_REGISTERS;
SuspendThread(hThread);
GetThreadContext(hThread, &Context);
Context.Eip = 0x01002FFB;
SetThreadContext(&hThread, &Context);
ResumeThread(hThread);
break;
}
ContinueDebugEvent(DebugEvent.dwProcessId, DebugEvent.dwThreadId, DBG_CONTINUE);
} |
Is this right? MSDN are confusing me ..
|
|
| Back to top |
|
|
Flyte
Peanuts!!!!
Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
| Posted: Wed Apr 08, 2009 3:02 pm Post subject: |
|
|
| Code: | DEBUG_EVENT DebugEvent;
HANDLE hThread;
CONTEXT Context;
for(;;) {
WaitForDebugEvent(&DebugEvent, INFINITE);
switch(DebugEvent.dwDebugEventCode) {
case EXCEPTION_DEBUG_EVENT:
if(DebugEvent.u.Exception.ExceptionRecord.ExceptionCode == EXCEPTION_BREAKPOINT) {
if(DebugEvent.u.Exception.ExceptionRecord.ExceptionAddress == 0x0060EC45) {
if(hThread = OpenThread(THREAD_ALL_ACCESS, false, DebugEvent.dwThreadId)) {
Context.ContextFlags = CONTEXT_FULL;
GetThreadContext(hThread, &Context);
Context.Eip = 0x01002FFB;
SetThreadContext(hThread, &Context);
CloseHandle(hThread);
}
}
}
ContinueDebugEvent(DebugEvent.dwProcessId, DebugEvent.dwThreadId, DBG_CONTINUE);
break;
default:
ContinueDebugEvent(DebugEvent.dwProcessId, DebugEvent.dwThreadId, DBG_EXCEPTION_NOT_HANDLED);
}
} |
This should work. I just took the code you typed and made some modifications. Never bothered trying to compile it or test it out however, so there may need to be some minor changes.
Last edited by Flyte on Wed Apr 08, 2009 4:00 pm; edited 1 time in total |
|
| Back to top |
|
|
TraxMate
Master Cheater
![]() Reputation: 0
Joined: 01 Mar 2008
Posts: 363
|
| Posted: Wed Apr 08, 2009 3:45 pm Post subject: |
|
|
The code freezes the app im debugging but i guess that could be because i forgot to set a breakpoint  . I've been to busy just trying to get this to work that I completely forgot to set a breakpoint... I searched on google on how to set breakpoints but I didn't found anything useful. But I tried setting the breakpoint with CE and it worked.. kinda(it didn't freeze the app immediately). But after I clicked on one of the squares on minesweeper the app froze again. So how do I set a breakpoint ? 
|
|
| Back to top |
|
|
Flyte
Peanuts!!!!
Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
| Posted: Wed Apr 08, 2009 3:57 pm Post subject: |
|
|
| TraxMate wrote: | | The code freezes the app im debugging but i guess that could be because i forgot to set a breakpoint . I've been to busy just trying to get this to work that I completely forgot to set a breakpoint... I searched on google on how to set breakpoints but I didn't found anything useful. But I tried setting the breakpoint with CE and it worked.. kinda(it didn't freeze the app immediately). But after I clicked on one of the squares on minesweeper the app froze again. So how do I set a breakpoint ? |
Using SetThreadContext() on each thread, with the current context and the proper structure entry changed.
To fix the freezing, I made a small change above.
|
|
| Back to top |
|
|
&Vage
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Jul 2008
Posts: 1053
|
| Posted: Wed Apr 08, 2009 4:07 pm Post subject: |
|
|
| Does this use int1?
|
|
| Back to top |
|
|
Anden100
Grandmaster Cheater
![]() Reputation: 0
Joined: 20 Apr 2007
Posts: 668
|
| Posted: Wed Apr 08, 2009 4:08 pm Post subject: |
|
|
You should take a look inside CE's source. It has alot of useful stuff when it comes to debugging 
|
|
| Back to top |
|
|
TraxMate
Master Cheater
![]() Reputation: 0
Joined: 01 Mar 2008
Posts: 363
|
| Posted: Wed Apr 08, 2009 5:16 pm Post subject: |
|
|
@Flyte: Thx, the app doesn't freeze now. And how should I fill the struct? When I'm searching I see that everyone are using WriteProcessMemory() to set a BP.
@: What's the different between int1 and int3?
@Anden100: Looking at CE's source was one of the first thing I did. But CE's source is kinda messy and it's hard to find in it + that I don't code in delphi :p.
|
|
| Back to top |
|
|
xProPwnerx
Cheater
 Reputation: 0
Joined: 22 Mar 2009
Posts: 35
|
| Posted: Wed Apr 08, 2009 5:18 pm Post subject: |
|
|
c++ is difficult
_________________
|
|
| Back to top |
|
|
Flyte
Peanuts!!!!
Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
| Posted: Wed Apr 08, 2009 5:45 pm Post subject: |
|
|
| TraxMate wrote: | | @Flyte: Thx, the app doesn't freeze now. And how should I fill the struct? When I'm searching I see that everyone are using WriteProcessMemory() to set a BP. |
That's because they are using a software breakpoint, in which you actually write 0xCC to the address you want to break on. Debug registers are different, and are usually referred to as hardware breakpoints, as they don't actually touch the code itself (which is why they bypass CRC routines).
| Code: | CONTEXT Context;
Context.ContextFlags = CONTEXT_DEBUG_REGISTERS;
GetThreadContext(hThread, &Context);
// Dr0 -> Dr3 are usable debug registers.
Context.Dr0 = 0x0060EC45;
Context.Dr7 |= 1;
SetThreadContext(hThread, &Context); |
You have to do that for each thread.
| TraxMate wrote: | | @: What's the different between int1 and int3? |
Ignore him. He is the kind of person who posts useless bits of information into a relevant thread in an attempt to sound like he knows what he is talking about. At this point, you don't need to worry about bypassing protection.
Last edited by Flyte on Wed Apr 08, 2009 6:52 pm; edited 2 times in total |
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Wed Apr 08, 2009 6:33 pm Post subject: |
|
|
| >.> You forgot to set DR7... T.T
|
|
| Back to top |
|
|
Flyte
Peanuts!!!!
Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
| Posted: Wed Apr 08, 2009 6:51 pm Post subject: |
|
|
| dnsi0 wrote: | | >.> You forgot to set DR7... T.T |
You're right, been a long time since I touched these things. Post updated. Also, I can't remember whether or not hardware breakpoints raise EXCEPTION_SINGLE_STEP or EXCEPTION_BREAKPOINT, so that might have to be changed to.
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Wed Apr 08, 2009 6:52 pm Post subject: |
|
|
| Flyte wrote: | | dnsi0 wrote: | | >.> You forgot to set DR7... T.T |
You're right, been a long time since I touched these things. Post updated. Also, I can't remember whether or not hardware breakpoints raise EXCEPTION_SINGLE_STEP or EXCEPTION_BREAKPOINT, so that might have to be changed to. |
Its EXCEPTION_SINGLE_STEP. I studied this when I made MyBotV4.
|
|
| Back to top |
|
|
&Vage
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Jul 2008
Posts: 1053
|
| Posted: Wed Apr 08, 2009 7:14 pm Post subject: |
|
|
| @Flyte Your a dumbass for assuming that, if I knew I wouldn't be spending my time to type that post? Go back to where you came from.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
