Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Breaking into CREATETHREAD

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Merlini
Advanced Cheater
Reputation: 2

Joined: 12 Jun 2016
Posts: 53

PostPosted: Thu Oct 06, 2016 12:23 pm    Post subject: Breaking into CREATETHREAD Reply with quote

How can I break into a script that uses createthread?

suppose I have something like:

[enable]
alloc(newmem,4096)
CREATETHREAD(code);
newmem:
code:
// some block that crashes the program
ret

I have not found a way to debug this block so far.
I could create autoassemble at a known location in the program,
the put a BP there, but is there a way to do this with createthread script?

Thank you.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25796
Location: The netherlands

PostPosted: Thu Oct 06, 2016 12:39 pm    Post subject: Reply with quote

put an infinite loop in the code
loopaddress:
jmp ahort loopaddress

then after assembling set a breakpoint after the loop and nop that loop

if veh debug, wait 5 seconds or so after createthread

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Merlini
Advanced Cheater
Reputation: 2

Joined: 12 Jun 2016
Posts: 53

PostPosted: Thu Oct 06, 2016 12:39 pm    Post subject: Reply with quote

EDIT: DB beat me to it

Thank you very much.

==============================
I think I found a way to do it.
I'll answer myself for posterity.

//Create a dbg label
label(dbg)
registersymbol(dbg)

// Call sleep to prevent program crash
push #5000 // 5 second delay
call sleep

// Open dbg in debugger and put bp
dbg:
{BlockthatCrashes}
Back to top
View user's profile Send private message
Bavarian
Cheater
Reputation: 0

Joined: 28 Feb 2018
Posts: 30

PostPosted: Sun Feb 03, 2019 10:10 am    Post subject: Reply with quote

for the sake of future readers. x64 snippet

Code:
  dbg_loop:
    sub rsp, 28 //x64 shadow and align
      mov rcx, #5000
      call kernel32.sleep
    add rsp, 28
    jmp dbg_loop
    //crash code to debug
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25796
Location: The netherlands

PostPosted: Sun Feb 03, 2019 10:26 am    Post subject: Reply with quote

or in 6.8.2 set the debugger to break on unexpecred breakpoints in regions you have allocated yourself
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
predprey
Master Cheater
Reputation: 24

Joined: 08 Oct 2015
Posts: 486

PostPosted: Tue Jul 30, 2019 10:52 pm    Post subject: Reply with quote

Dark Byte wrote:
or in 6.8.2 set the debugger to break on unexpecred breakpoints in regions you have allocated yourself


This method doesn't seem to be working. Maybe I'm missing something?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25796
Location: The netherlands

PostPosted: Tue Jul 30, 2019 11:43 pm    Post subject: Reply with quote

First attach the debugger to the process (So don't just open the process, but actually click on attach debugger to process)

Then make sure break on unexpected breakpoints is set in memoryview->debug->break on unexpected breakpoints->always

Then you can execute your script that has a breakpoint set
Code:

createthread(bla)

alloc(bla,4096)
bla:
db cc
nop
//the rest of your code
ret


It will then break after that nop instruction
Note though that single stepping from this isn't an option at the moment, but you can use this to set a breakpoint anywhere else in your threadcode

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
predprey
Master Cheater
Reputation: 24

Joined: 08 Oct 2015
Posts: 486

PostPosted: Wed Jul 31, 2019 12:47 am    Post subject: Reply with quote

Dark Byte wrote:
First attach the debugger to the process (So don't just open the process, but actually click on attach debugger to process)

Then make sure break on unexpected breakpoints is set in memoryview->debug->break on unexpected breakpoints->always

Then you can execute your script that has a breakpoint set
Code:

createthread(bla)

alloc(bla,4096)
bla:
db cc
nop
//the rest of your code
ret


It will then break after that nop instruction
Note though that single stepping from this isn't an option at the moment, but you can use this to set a breakpoint anywhere else in your threadcode


Ahhh... it works now, thank you. Didn't know I needed the "int 3" instruction. Incidentally, switched over to software breakpoints and was able break in the thread even without "Break on unexpected breakpoints" set. So for anyone who can't break into created threads on VEH debugger, try switching over to INT3 software BPs.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites