Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Find out what addresses this instruction accesses

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Source
View previous topic :: View next topic  
Author Message
H4x0rBattie
Cheater
Reputation: 0

Joined: 10 Nov 2016
Posts: 49

PostPosted: Thu Aug 31, 2017 4:25 pm    Post subject: Find out what addresses this instruction accesses Reply with quote

Hi.

I've an instruction like this:

ASM
Code:

145623710                 mov     rax, [rcx+8]


How does 'Find out what addresses this instruction accesses' differs in terms of setting a breakpoint?

I've just got a working debugger implemented in .NET that currently works with "Find out what accesses this address" && "Find out what writes to this address"

I studied already a bit from: https://pdos.csail.mit.edu/6.828/2005/readings/i386/s12_02.htm

I tried to set "Break on instruction execution only" flag (bit field) but I don't get any address list unlike I get with CE.

Thanks

_________________
Back to top
View user's profile Send private message Visit poster's website
H4x0rBattie
Cheater
Reputation: 0

Joined: 10 Nov 2016
Posts: 49

PostPosted: Sat Sep 09, 2017 1:18 pm    Post subject: Reply with quote

I figured it all out. One could expect to receive at least a basic hint but nothing. Well this topic is is one of the most advanced features in CE.

Regardless here is the solution:

1) Set your debugger to track instruction execution on the instruction you need: flags in hex 0x403 -> dr7.Value = 0x403

2)

My VEH debugger is fully coded in .NET so I do it this way:

if (evt.DebugInfo.Exception.ExceptionRecord.ExceptionCode == EXCEPTION_SINGLE_STEP) ...

Then set the RF after getting a context from the thread that caused the expection (debug loop is posted here for those who work with C++, use google like I did)

ctx.EFlags |= RESUME_FLAG;


3)

RemoveBreakPoint(evt.ThreadId); for the thread that caused it

4)

Then handle the exception and set the breakpoint immediately back to track any new instruction execution


This allows me to track the exact time for how long a function executed. Really cool feature Smile

That's all I am going to share on this topic, figure the rest out on your own like I did.

_________________
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Source All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites