View previous topic :: View next topic |
Author |
Message |
DarkS1d3 Newbie cheater Reputation: 0
Joined: 27 Dec 2014 Posts: 11
|
Posted: Sat Jan 23, 2016 3:41 pm Post subject: Bugs CE 6.5 |
|
|
"break and trace"
Code: | If you use "break and trace" (Jump over calls) and you run into a popup window
By this time your "break and trace" will pause untill you close the window.
However if you close the "break and trace" window the and close the window that paused the debugger the debugger will crash.
This should be fixed (also please add a stop button to break and trace just incase you are looking for those windows) |
Assembler issue ( AA Script ) new from 6.4
Code: |
If you place "mov fs:[00000000],eax" in the disable part it will miscalculate the bytes when you disable the script, this does not happen all the time but i noted it very quickly
miscalculate as in edit (7 bytes) 1 byte to much (not 6 as it should) |
- please consider adding "Place breakpoints on all callers" when you right click on a function top.
CE is already capable of calculating all calls and jumps, the info is already there just lacking the feature.
-add a settings where you can choose to keep the set breakpoints after application crash (if you start it up again)
Something else that would be a huge game changer in CE is to allow the user to rename functions (place a nickname) just like IDA does, that way it would be easier to decode what is happening
Call 00000000 = Call 00000000 (MyNameFunction) (simular as a comment but visible on all callers)
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Sat Jan 23, 2016 5:34 pm Post subject: |
|
|
for the last part use a userdefined symbol.
that way the disassembler and assembler will show the name instead of the hexadecimal value
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
DarkS1d3 Newbie cheater Reputation: 0
Joined: 27 Dec 2014 Posts: 11
|
Posted: Sun Jan 24, 2016 7:51 am Post subject: |
|
|
Dark Byte wrote: | for the last part use a userdefined symbol.
that way the disassembler and assembler will show the name instead of the hexadecimal value |
Thanks for that works great, cant believe i missed that feature.
however just like comments, breakpoints it would be nice if you can save them when you relaunch CE or the application later on, not just in the moment.
A nice solution would be to make a file for each processname you attach (no need to save it manually) where Set comments, Breakpoints, userdefine symbols where saved and if you open it up later it just load the file. (Maybe even snapchat of dissected memory, that way you only need to rerun it once for every version of the FileVersion)
This later on could add nice features like IDA's "sigmake" where CE could automatically create AoB's of the userdefine symbols/ comments (when you choose too) and then load it if there have been a game/ applicaiton update to find the new locations.
PS when you are in MemView you can right click and copy things, you should consider adding Copy Address atm you need to copy Address, Bytes and Opcodes / Addresses and Opcodes
|
|
Back to top |
|
|
DarkS1d3 Newbie cheater Reputation: 0
Joined: 27 Dec 2014 Posts: 11
|
Posted: Mon Jan 25, 2016 3:39 pm Post subject: |
|
|
Scanning bug
Code: |
Negative and positive values
if you have -100 and it raise to 50 it is not higher then -100
Same if you use less then and bigger then ("If Value bigger then -5000" all positive values will dissaper and other way around)
however this have been for ong not just latest version
|
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4300
|
Posted: Mon Jan 25, 2016 4:23 pm Post subject: |
|
|
That's not a bug. By default CE treats all integer data as unsigned. Example:
What you're doing:
First scan for -100 (4-byte).
Next scan for 50.
(50 > -100)
What CE is doing:
First scan for 4,294,967,196 (4-byte).
Next scan for 50.
(50 < 4,294,967,196)
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
DarkS1d3 Newbie cheater Reputation: 0
Joined: 27 Dec 2014 Posts: 11
|
Posted: Mon Feb 22, 2016 10:25 am Post subject: |
|
|
ParkourPenguin wrote: | That's not a bug. By default CE treats all integer data as unsigned. Example:
What you're doing:
First scan for -100 (4-byte).
Next scan for 50.
(50 > -100)
What CE is doing:
First scan for 4,294,967,196 (4-byte).
Next scan for 50.
(50 < 4,294,967,196) |
I think that should be depending on the actually search settings else its get very complicated if lets say you have a X location
X = 10
then you move to X = 50 and search increased
then you move to X -5 you need to search increased again
This will lead to that you save alot of search results that wasent supposed to be saved while u try to sort them out.
--------------------------------------
anyway another dissasembler bug (not important but it may lead to something worst if its not specificly this case)
mov ecx,[edi+ecx+04] will equal to mov ecx,[ecx+edi+04] when used in [disable]
Since the end result will still work its not that bad however bytewize
8B 4C 39 04 << what it translates too
8B 4C 0F 04 << should be
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4300
|
|
Back to top |
|
|
DarkS1d3 Newbie cheater Reputation: 0
Joined: 27 Dec 2014 Posts: 11
|
|
Back to top |
|
|
DarkS1d3 Newbie cheater Reputation: 0
Joined: 27 Dec 2014 Posts: 11
|
Posted: Sat Mar 19, 2016 7:01 pm Post subject: |
|
|
I would like to clerify my last report i have checked it a bit more and it is when the debugger is paused but triggered.
When a breakpoint have been set (track and trace or just a breakpoint) and you use step over instead of step into calls. and a popup box appers within that function the debugger is still triggered but "paused"
if you disable a breakpoint somewhere in this state it will change the opcode and ruin the bytes so it will crash
|
|
Back to top |
|
|
|