Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Weird Debugging Behaviour while "stepping"

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Ph3r0X
How do I cheat?
Reputation: 0

Joined: 22 Nov 2020
Posts: 5
Location: Germany
PostPosted: Sat Oct 15, 2022 1:47 pm    Post subject: Weird Debugging Behaviour while "stepping" Reply with quote

Hey guys, hi DarkByte,

first of all thanks a lot for creating this amazing tool.

To get straight to the point, I am trying to debug code that is used by multiple threads of the process. To be precise, I am trying to debug the 64-bit part of a WoW64 - x86 application, to understand the transition correctly.

So the way I am trying to do this is, I am placing a (hardware-)breakpoint on WoW64Cpu._BTProcessInit + 0x582 (64-bit code).

The trouble is starting when I try to step into/over and follow the code flow, the debug feature itself works, but it the code flow "randomly jumps around" inside of that codeblock.

Because the instructions aren't instructions changing the rip register (like jmp, call or ret), I am guessing the problem is caused by multiple threads accessing that code.

1) Am I right with this assumption, or did I overlook something?

2) (How) Can I fix this problem and normally debug these x64 functions?

To give some additional information, I am using the VEH-Debugger (Also used the local Windows debugger) and of course I am using 64-bit CE.

Here is the code I am trying to debug:

Code:

xchg    rsp,   r14
mov     r8d, [r14]
add      r14,  4
mov    [r13+3Ch], r8d
mov    [r13+48h], r14d
lea       r11, [r14+4]
mov    [r13+20h], edi
mov    [r13+24h], esi
mov    [r13+28h], ebx
mov    [r13+38h], ebp
pushfq
pop      r8
mov    [r13+44h], r8d


Afaik, this is a part of the function that resets the CPU to consistent state, the far jump from x86 ends up at the top of my brought up code.
r13 should be a structure storing the x86 register values (I'm not entirely sure).

To repeat it, when I try to debug that code and step into/over rip randomly jumps around in that code block (randomly).

Any help, ideas or explainations would be very nice Very Happy

I am trying to understand this whole WoW64 concept to create my own Heaven's Gate implementation...

Anyways, thanks for answers,
I hope the question isn't too stupid.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites