Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


CONTEXT_RECORD structure question

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
hhhuut
Grandmaster Cheater
Reputation: 6

Joined: 08 Feb 2015
Posts: 607
PostPosted: Sat Jan 16, 2016 9:18 am    Post subject: CONTEXT_RECORD structure question Reply with quote
Hey together,

If I install a VEH for example and the handler gets triggered, it receives an EXCEPTION_POINTERS structure which also contains a CONTEXT_RECORD structure.

This context record structrue contains the basic state (so all the registers, stack, etc.) of the processor (resp. the application) at the moment the exception occured. So far so good.

If I'd now want to make the program continue on another spot, I'd have to change the EIP register of course. My question now is if it'd be enough to do a command like
Code:
ContextRecord.Eip := cTargetAddress;

or if the "ContextRecord.Eip" variable is just a copy and it'd need a seperate ASM command like
Code:
asm
  mov eip,cTargetAddress
end;

to achieve that the application continues at "cTargetAddress"?
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 205

Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
PostPosted: Sat Jan 16, 2016 12:49 pm    Post subject: Reply with quote
You would need to be sure the other registers and stack are adjusted accordingly to the new location that you are trying to force the target to. Otherwise you are going to land up crashing due to an unbalanced stack or due to invalid register data.

For example if you want to set the Eip to execute a class function after the exception happens, you will need to be sure that ECX is set properly along with any other values and stack data that the call may be expecting.
_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
Dark Byte
Site Admin
Reputation: 471

Joined: 09 May 2003
Posts: 25814
Location: The netherlands
PostPosted: Sat Jan 16, 2016 2:19 pm    Post subject: Reply with quote
contextrecord.eip is what you need to change
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
hhhuut
Grandmaster Cheater
Reputation: 6

Joined: 08 Feb 2015
Posts: 607
PostPosted: Sat Jan 16, 2016 2:44 pm    Post subject: Reply with quote
Ok, thanks the both of you.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites