| View previous topic :: View next topic |
| Author |
Message |
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
 Posted: Sat May 28, 2011 11:57 am Post subject: Setting a breakpoint |
 |
|
Hey guys,
How would I set a int3 breakpoint on an address? Any tutorials, i've done lots of research and I havn't found a good topic.
Thanks!
|
|
| Back to top |
|
 |
sponge
I'm a spammer
 Reputation: 1
Joined: 07 Nov 2006
Posts: 6009
|
| Posted: Sat May 28, 2011 12:08 pm Post subject: |
|
|
You place an int3 at that address... then handle the resulting exception when executed.
_________________
|
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Sat May 28, 2011 4:09 pm Post subject: |
|
|
You place the int3 like this?
memcpy ( (void*) dwAddress, (void*) '\x03', 1 );
|
|
| Back to top |
|
|
sponge
I'm a spammer
Reputation: 1
Joined: 07 Nov 2006
Posts: 6009
|
| Posted: Sat May 28, 2011 4:18 pm Post subject: |
|
|
int3...
_________________
|
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Sat May 28, 2011 5:42 pm Post subject: |
|
|
I see.
| Code: |
memcpy ( (void*) dwAddress, (void*) '\xCC', 1 )
|
Int 3 calls the debugger.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25788
Location: The netherlands
|
| Posted: Sat May 28, 2011 6:02 pm Post subject: |
|
|
Just a suggestion:
use
| Code: |
*(unsigned char *)dwAddress=0xcc;
|
or at least
| Code: |
memset(dwAddress,0xcc,1)
|
Or WriteProcessMemory
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Sat May 28, 2011 6:34 pm Post subject: |
|
|
After I set the int3 breakpoint, the debugger isn't called? I try to access the address by writing to it and it still won't invoke the debugger. Am I doing something wrong?
| Code: |
LPVOID lpPtr = VirtualAlloc ( NULL, 4, MEM_COMMIT, PAGE_EXECUTE_READWRITE );
memset ( lpPtr, 0xCC, 1 );
__try {
*(DWORD*) lpPtr = 10;
}
__except (true) {
// VEH
}
|
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25788
Location: The netherlands
|
| Posted: Sat May 28, 2011 6:41 pm Post subject: |
|
|
an int3 breakpoint is an EXECUTE breakpoint. You are just overwriting the byte at the given address
If you mean a hardware breakpoint use SetThreadContext and set the address in dr0,1,2 or 3 and set the appropriate bit in DR7
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Sat May 28, 2011 8:18 pm Post subject: |
|
|
Wouldn't a hardware breakpoint stop the whole thread?
See this is what I want to basically do, I want to set a breakpoint on address ex: 00400000 and when the game tries to access that address, it will send a EXCEPTION_BREAKPOINT to my VEH callback, then I can process the pointer from there.
EDIT
I came up with the code needed to set a hardware breakpoint:
| Code: |
void SetBreakpoint ( DWORD dwAddress )
{
CONTEXT threadInfo;
HANDLE hThread = getThread ();
SuspendThread ( hThread );
GetThreadContext ( hThread, &threadInfo );
threadInfo.Dr0 = dwAddress;
threadInfo.Dr7 = 1;
SetThreadContext ( hThread, &threadInfo );
ResumeThread ( hThread );
}
|
But that just stops the whole application. Now I realize that the thread may be the problem.. I never knew it was this frustrating.
|
|
| Back to top |
|
|
Innovation
Grandmaster Cheater
![]() Reputation: 12
Joined: 14 Aug 2008
Posts: 617
|
| Posted: Sat May 28, 2011 8:42 pm Post subject: |
|
|
Debugger flow control: Hardware breakpoints vs software breakpoints
You might want to take into account hardware breakpoints that are already enabled and assert that you are suspending the correct thread (and not the current thread). Also, you mentioned that you wanted it to break on access. 00b is "break on execution."
Last edited by Innovation on Sat May 28, 2011 9:08 pm; edited 5 times in total |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25788
Location: The netherlands
|
| Posted: Sat May 28, 2011 8:46 pm Post subject: |
|
|
That is again an on execute breakpoint
you must set bit 16 to 1 if you want to break on writes to the address (set bit 16 AND 17 to 1 if you want to break on read+write)
and set the CONTEXT_DEBUG_REGISTERS in the ContextFlags of the context structure (when calling GetThreadContext and SetThreadContext)
Also, in your VEH handlr make sure you do not do anything that causes an exception. That includes OutputDebugString
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Sat May 28, 2011 9:26 pm Post subject: |
|
|
| Innovation wrote: | Debugger flow control: Hardware breakpoints vs software breakpoints
You might want to take into account hardware breakpoints that are already enabled and assert that you are suspending the correct thread (and not the current thread). Also, you mentioned that you wanted it to break on access. 00b is "break on execution." |
Thanks man, helped.
Dark Byte:
I read that to set your breakpoint to break on reading / writing from an address its 11b. 11b in decimal is three. I also fixed up everything else. For some reason it pauses the application and doesn't allow it to continue.
| Code: |
void SetBreakpoint ( DWORD dwAddress )
{
CONTEXT threadInfo = {CONTEXT_DEBUG_REGISTERS};
HANDLE hThread = getThread ();
SuspendThread ( hThread );
GetThreadContext ( hThread, &threadInfo );
threadInfo.ContextFlags = CONTEXT_DEBUG_REGISTERS;
threadInfo.Dr0 = dwAddress;
threadInfo.Dr6 = 0;
threadInfo.Dr7 = 3;
SetThreadContext ( hThread, &threadInfo );
ResumeThread ( hThread );
}
|
| Code: |
// Write to address
lpPtr = VirtualAlloc ( NULL, 4, MEM_COMMIT, PAGE_EXECUTE_READWRITE );
SetBreakpoint ( (DWORD) lpPtr );
__try {
*(DWORD*) lpPtr = 10;
}
__except (true) {
} |
Am I doing something wrong?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25788
Location: The netherlands
|
| Posted: Sat May 28, 2011 9:33 pm Post subject: |
|
|
first part: you're putting the 3 at the wrong bit position, write the 3 at startbit 16, (and of course also set bit 0 to 1)
as for the hanging, no idea. Check your veh debugger, or the code after the exception handler.
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Innovation
Grandmaster Cheater
![]() Reputation: 12
Joined: 14 Aug 2008
Posts: 617
|
| Posted: Sat May 28, 2011 9:37 pm Post subject: |
|
|
x86 debug register
You need to write to individual bits of the DR7 register.
| Code: | threadInfo.Dr7 |= 0x00030001; // (3 << 16) | 1
threadInfo.Dr7 &= 0xFFF3FFFD; // ~((3 << 18) | 2) |
|
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Sun May 29, 2011 9:52 am Post subject: |
|
|
Thanks guys I got it working, my searching engine is one step away from being released. I just need to do some testing and make sure everything is stable.
You can lock the topic now.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
