| View previous topic :: View next topic |
| Author |
Message |
leacks
Cheater
![]() Reputation: 0
Joined: 12 Feb 2008
Posts: 36
|
 Posted: Wed Feb 16, 2011 8:28 pm Post subject: How to set the breakpoint address? |
 |
|
I use kernelmode.
I search from the TfrmModifyRegisters.
I find SetBreakpoint.
Then I guess set breakpoint address from
| Code: |
case breakpoint.debugregister of
0: currentthread.context.Dr0 := breakpoint.address;
1: currentthread.context.Dr1 := breakpoint.address;
2: currentthread.context.Dr2 := breakpoint.address;
3: currentthread.context.Dr3 := breakpoint.address;
end;
|
How it works of the currentthread.context?
Then I have noticed currentthread.setContext.
But I set the breakpoint does not enter DBKDebug_SetDebuggerState.
So it enter newkernelhandler.SetThreadContext.
| Code: | | type TSetThreadContext=function(hThread: THandle; const lpContext: TContext): BOOL; stdcall; |
I don't know this function. What it do?
I want to know the breakpoint address use what driver?
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25788
Location: The netherlands
|
| Posted: Wed Feb 16, 2011 8:56 pm Post subject: |
|
|
Only if you use globaldebug or the thread whose context is set is frozen it will use a separate method of setting breakpoints.
In this case it is just setting the breakpoint using SetThreadContext, so handlename and the context struct
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
leacks
Cheater
![]() Reputation: 0
Joined: 12 Feb 2008
Posts: 36
|
| Posted: Thu Feb 17, 2011 1:41 am Post subject: |
|
|
When I set the eip to hack game will be detected.
So I need know the set eip step.
Then I find set eip, that use breakpoint.
If the address be run.
The ce6.0 will run IOCTL_CE_SETDEBUGGERSTATE to hack game.
If the address no be run. The IOCTL_CE_SETDEBUGGERSTATE no be run.
Therefore, there should be IOCTL_xxxx is when I set a breakpoint when running.
But I can't find it.
==========
ps. I use kernelmode. No use Global & Ability.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25788
Location: The netherlands
|
| Posted: Thu Feb 17, 2011 9:56 pm Post subject: |
|
|
| Quote: |
When I set the eip to hack game will be detected.
|
that means you MUST use global debug else it will be detected
and if you use global debug it will use the setdebuggerstate ioctl
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
leacks
Cheater
![]() Reputation: 0
Joined: 12 Feb 2008
Posts: 36
|
| Posted: Wed Mar 09, 2011 9:28 pm Post subject: |
|
|
I spent a lot of time.
I find
| Code: | | result:=newkernelhandler.SetThreadContext(hthread, lpContext); |
The SetThreadContext in windows api,that be detected.
If I comment it.Then the game did not detect the hack.
Have other way to replaced it?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25788
Location: The netherlands
|
| Posted: Wed Mar 09, 2011 9:59 pm Post subject: |
|
|
try kernelmode global debug and use DBKDebug_GD_SetBreakpoint
or check the state of the debug registers in the thread and do not change them when they are already set
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
leacks
Cheater
![]() Reputation: 0
Joined: 12 Feb 2008
Posts: 36
|
| Posted: Thu Mar 10, 2011 1:47 am Post subject: |
|
|
Ths. Dark Byte.
The way is ok.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
