View previous topic :: View next topic |
Author |
Message |
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Tue Mar 01, 2011 7:04 am Post subject: Change register at breakpoint |
|
|
the following code will change the eax register to 0 when the breakpoint at 0x00420f3e hits and then continues after handling it
If you use it on the 32-bit tutorial that comes with ce 6 it will cause the health in step 2 to not go down
Code: |
changeregaddress=0x00420f3e --change this to the address you want
debug_removeBreakpoint(changeregaddress) --remove it if it was set
function debugger_onBreakpoint()
if (EIP == changeregaddress) then
hasChangedARegister=true --obsolete in 6.1
EAX=0
changedEAX=true --obsolete in 6.1
debug_continueFromBreakpoint(0) --run (bug in 6.0: it's always run)
return 1 --I handled it so don't tell the user
else
return 0 --unexpected breakpoint, show the the user
end
end
debug_setBreakpoint(changeregaddress)
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
n1vX Advanced Cheater Reputation: 0
Joined: 27 May 2007 Posts: 61
|
Posted: Mon Mar 21, 2011 10:32 pm Post subject: |
|
|
This script just handle 1 breakpoint, how to handle several breakpoint ?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Mon Mar 21, 2011 11:40 pm Post subject: |
|
|
Just set a second breakpoint
Then also check if the current eip is that second breakpoint
e.g after the else, or replace the return 0 / 1 with a variable (retval=0 /retval=1) that is set and only at the end of the function return with the value (return retval)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Refocus How do I cheat? Reputation: 0
Joined: 03 Apr 2011 Posts: 7
|
Posted: Wed Apr 06, 2011 6:28 pm Post subject: |
|
|
Very nice tut Dark Byte! Good to see some more activity in the LUA section.
|
|
Back to top |
|
|
Popinman32 Cheater Reputation: 0
Joined: 23 Jul 2010 Posts: 29
|
Posted: Tue Apr 19, 2011 3:10 pm Post subject: |
|
|
Could this method be used to print the value of a register?
_________________
I had a life? O.o
I thought my job was to collect information and help, then one day hope to use it. :S |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Tue Apr 19, 2011 10:37 pm Post subject: |
|
|
sure, you can add a line to write the register to the output of the lua console, or to a file, or a memo in a self created form with memo object (next version will have more display methods)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
listito Cheater Reputation: 0
Joined: 31 Dec 2010 Posts: 35
|
Posted: Wed Apr 20, 2011 8:53 pm Post subject: |
|
|
lol, this is just the answer of my question in another subforum
dark, how about the performance of eip=anything? it decrewases the software performance too much?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Thu Apr 21, 2011 3:09 am Post subject: |
|
|
it will only break on the given breakpoints. The eip check is only for cases when you have set multiple breakpoints or are tracing (it will be slower than the normal break and trace)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
HelloBuddySup :-) How do I cheat? Reputation: 0
Joined: 09 Feb 2014 Posts: 8
|
Posted: Sun Feb 09, 2014 6:01 pm Post subject: Re: Change register at breakpoint |
|
|
Dark Byte wrote: | the following code will change the eax register to 0 when the breakpoint at 0x00420f3e hits and then continues after handling it
If you use it on the 32-bit tutorial that comes with ce 6 it will cause the health in step 2 to not go down
Code: |
changeregaddress=0x00420f3e --change this to the address you want
debug_removeBreakpoint(changeregaddress) --remove it if it was set
function debugger_onBreakpoint()
if (EIP == changeregaddress) then
hasChangedARegister=true --obsolete in 6.1
EAX=0
changedEAX=true --obsolete in 6.1
debug_continueFromBreakpoint(0) --run (bug in 6.0: it's always run)
return 1 --I handled it so don't tell the user
else
return 0 --unexpected breakpoint, show the the user
end
end
debug_setBreakpoint(changeregaddress)
|
|
'Ello, I was wondering how could I use this with writeBytes?
Help is always appreciated, thanks!
|
|
Back to top |
|
|
ta_trainer Advanced Cheater Reputation: 0
Joined: 24 Dec 2006 Posts: 76
|
Posted: Thu Feb 12, 2015 4:48 am Post subject: |
|
|
Dark Byte wrote: | Just set a second breakpoint
Then also check if the current eip is that second breakpoint
e.g after the else, or replace the return 0 / 1 with a variable (retval=0 /retval=1) that is set and only at the end of the function return with the value (return retval) |
is there a limitation on the number of breakpoints I can use in this way?
if there is a limitation.
if there is a limitation, would removing/setting breakpoints dynamiccaly (debug_removeBreakpoint) be a feasible workaround.
something like this:
<code>
<debug_addBreakpoint1>
<do something>
<debug_removeBreakpoint1>
<debug_addBreakpoint2>
then
<code>
<on breakpoint 2>
<do something>
<debug_removeBreakpoint2>
<add back brakpoint 1>
as long as I keep the sequence in sync with the code execution.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Thu Feb 12, 2015 5:00 am Post subject: |
|
|
it depends on the target. if the reason you do this is because of integrity checks, then 4, else infinite (software breakpoints change the first byte of an instruction)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
skillcoder How do I cheat? Reputation: 0
Joined: 28 Mar 2015 Posts: 1
|
Posted: Sat Mar 28, 2015 7:49 am Post subject: Mapping one-byte registers |
|
|
I found that one-byte registers not mapping to LUA vars (LIKE AL/AH, BL/BH, CL/CH, DL/DH ...)
I had to use a terrible/agly way
to get DL
Code: | ("0x"..string.sub(string.format("%x", EDX), -2, -1))+0 |
AND to set it to CC
Code: | EDX=('0x'..string.sub(string.format("%x", EDX), 1, -3)..'CC')+0 |
May u can add mapping for OTHER registers not only for EAX, EBX, ECX, EDX, ...
Or if i noob give me code for get/set one-byte register without STRING manipulations
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Sat Mar 28, 2015 8:51 am Post subject: |
|
|
AL and AH are part of EAX (RAX in 64-bit) so it won't make sense to map them into those (and would cause a giant overhead)
what you can use :
[code]
x=dwordToByteTable(0x11223344)
AL=x[1]
AH=x[2]
AX=byteTableToWord(x)
[code]
use byteTableToDword(bytetable) to build the EAX register back with the new values if you changed them
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
|