View previous topic :: View next topic |
Author |
Message |
skyw4rrior Advanced Cheater Reputation: 0
Joined: 21 Aug 2005 Posts: 67
|
Posted: Sun Aug 21, 2005 12:29 am Post subject: What accesses an address |
|
|
Hi all.. im making a trainer for GUNBOUND and i need to know the code to do a little debugger routine to FIND WHAT ACCESSES AN ADRESS... I've read the CE source code, but it is too long and very hard to understand.. I'm trying to make this because the game has an address that changes constantly (address of the GIFT BUTTON)... i looked it into the CE debugger, in FIND WHAT ACCESSES THIS ADDRESS and noted that an address acesses it and, always, when the debugger detects it, the value of the register EBX is exactly that ADDRESS subtracted by 24... and now i have to do a code (in delphi) to find it (FIRST DETECT WHAT ACCESSES THAT ADDRESS and then READ THE VALUE OF EBX... PLZ.. I NEED UR HELP !!!
|
|
Back to top |
|
|
bitterbanana Cheater Reputation: 0
Joined: 28 Nov 2004 Posts: 44
|
Posted: Sun Aug 21, 2005 1:05 am Post subject: |
|
|
I believe dark byte did it this way:
1. set a breakpoint at the value's address.
2. when the breakpoint is reached, record the current command, which should be the function that accesses your value.
3. remove breakpoint and continue the program flow.
But I don't think you need to know how to do this. Just do some code-injecting to record the value of ebx in a static address.
Inject "mov [some address],ebx" into the code and the ebx register will be in that address. It might work if that's the only value that the function is writing to. If not, try tracing pointers.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25295 Location: The netherlands
|
Posted: Sun Aug 21, 2005 2:23 am Post subject: |
|
|
Find what accesses an address returns the code addresses that access a certain address
The address of that code is almost always the same unless the dll gets loaded in a different spot (which is unlikely) but the address will almost surely be different, and thus impossible to set a breakpoint at. (I also dont know the reason why you would want to find that address of code instead of the address it accesses it)
But I take it you want something like the "find out what addresses this code reads from" function like in the code list.
in that case
in a seperate thread in your app:
DebugActiveProcess
place a simple int3 byte at the start of the instruction and remember the original byte
waitfordebugevent
if it is a break event at the address you've set the breakpoint then use getthreadcontext to get the state of the registers like ebx
then restore the int3 byte with the original byte,
continuedebugevent
this will find the first time it accesses that code and then stop recording.
Also, I recommend watching thread creation so you can create the link between threadid and threadhandle so you can use getthreadcontext.
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
|