| View previous topic :: View next topic |
| Author |
Message |
N00By
How do I cheat?
![]() Reputation: 0
Joined: 07 Oct 2007
Posts: 9
|
 Posted: Fri Jan 14, 2011 4:50 pm Post subject: [Question] Confused about kernel debugger |
 |
|
Hello,
I thought the kernel debugger might be used to debug ring0 protected processes. However when I want to break or set a breakpoint it doesn't work. It works fine in usermode proceses (just tried that on notepad).
I checked the settings and everything is set up for kernel debugging.
Could anyone tell me what's wrong?
I'm using "clean" Cheat Engine 6.0 from the main web site.
My OS is Windows 7.
I'm trying to debug HackShield protected process (protected with EagleNT driver) - little bit patched, but that shouldn't be issue.
Thank you for your answers
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 474
Joined: 09 May 2003
Posts: 25952
Location: The netherlands
|
| Posted: Fri Jan 14, 2011 5:00 pm Post subject: |
|
|
Kerneldebugger is not meant to debug ring-0 code. It's just a debugger interface that runs inside the kernel and captures it there before passing it on to the usermode part.
It does have the ability to single step ring-0 code, but it's a one try only thing. Once you've stepped into kernelmode code you're stuck and can never leave it
To enable this feature go to settings->debugger options and enable the option "Ability to step through kernel code"
(Also, it won't protect you from kernelcode aquiring spinlocks. If it aquires one, you're frozen)
If you want to set a breakpoint in kernelmode you must enable "use global debug routines" and this has never been tested with setting breakpoints in kernelmode
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
N00By
How do I cheat?
![]() Reputation: 0
Joined: 07 Oct 2007
Posts: 9
|
| Posted: Fri Jan 14, 2011 5:12 pm Post subject: |
|
|
I had all those options set up in the settings, but I still can't break. But nvm.
So I can't even use "Find out what R/A this address" option? Because that is the more important thing for me atm (I need to find out what accesses some buffer).
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 474
Joined: 09 May 2003
Posts: 25952
Location: The netherlands
|
| Posted: Fri Jan 14, 2011 5:20 pm Post subject: |
|
|
find out what read/accesses this address should work with global debug enabled. (Unless it's changed by a secondary process)
Enable that option, reboot your comp, and then try it on that game (don't try other apps first)
Also, check the threadlist of that game. Make sure that it has debugregister spots free to use (if not, try to clear them using the threadlist rightclick option)
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
N00By
How do I cheat?
![]() Reputation: 0
Joined: 07 Oct 2007
Posts: 9
|
| Posted: Fri Jan 14, 2011 5:46 pm Post subject: |
|
|
Global Debug enabled + Rebooted.
Debugger not attached -> ThreadList -> There are about 20 threads -> each of them has idr_n == 0 so there aren't any debug registers by default.
Attached debugger -> ThreadList -> 0 -> INVALID_HANDLE
Find out what r/a still doesn't work.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
