View previous topic :: View next topic |
Author |
Message |
Merlini Advanced Cheater
Reputation: 2
Joined: 12 Jun 2016 Posts: 53
|
Posted: Thu Oct 06, 2016 12:23 pm Post subject: Breaking into CREATETHREAD |
|
|
How can I break into a script that uses createthread?
suppose I have something like:
[enable]
alloc(newmem,4096)
CREATETHREAD(code);
newmem:
code:
// some block that crashes the program
ret
I have not found a way to debug this block so far.
I could create autoassemble at a known location in the program,
the put a BP there, but is there a way to do this with createthread script?
Thank you.
|
|
Back to top |
|
 |
Dark Byte Site Admin
Reputation: 470
Joined: 09 May 2003 Posts: 25796 Location: The netherlands
|
Posted: Thu Oct 06, 2016 12:39 pm Post subject: |
|
|
put an infinite loop in the code
loopaddress:
jmp ahort loopaddress
then after assembling set a breakpoint after the loop and nop that loop
if veh debug, wait 5 seconds or so after createthread
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
 |
Merlini Advanced Cheater
Reputation: 2
Joined: 12 Jun 2016 Posts: 53
|
Posted: Thu Oct 06, 2016 12:39 pm Post subject: |
|
|
EDIT: DB beat me to it
Thank you very much.
==============================
I think I found a way to do it.
I'll answer myself for posterity.
//Create a dbg label
label(dbg)
registersymbol(dbg)
// Call sleep to prevent program crash
push #5000 // 5 second delay
call sleep
// Open dbg in debugger and put bp
dbg:
{BlockthatCrashes}
|
|
Back to top |
|
 |
Bavarian Cheater
Reputation: 0
Joined: 28 Feb 2018 Posts: 30
|
Posted: Sun Feb 03, 2019 10:10 am Post subject: |
|
|
for the sake of future readers. x64 snippet
Code: | dbg_loop:
sub rsp, 28 //x64 shadow and align
mov rcx, #5000
call kernel32.sleep
add rsp, 28
jmp dbg_loop
//crash code to debug |
|
|
Back to top |
|
 |
Dark Byte Site Admin
Reputation: 470
Joined: 09 May 2003 Posts: 25796 Location: The netherlands
|
Posted: Sun Feb 03, 2019 10:26 am Post subject: |
|
|
or in 6.8.2 set the debugger to break on unexpecred breakpoints in regions you have allocated yourself
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
 |
predprey Master Cheater
Reputation: 24
Joined: 08 Oct 2015 Posts: 486
|
Posted: Tue Jul 30, 2019 10:52 pm Post subject: |
|
|
Dark Byte wrote: | or in 6.8.2 set the debugger to break on unexpecred breakpoints in regions you have allocated yourself |
This method doesn't seem to be working. Maybe I'm missing something?
|
|
Back to top |
|
 |
Dark Byte Site Admin
Reputation: 470
Joined: 09 May 2003 Posts: 25796 Location: The netherlands
|
Posted: Tue Jul 30, 2019 11:43 pm Post subject: |
|
|
First attach the debugger to the process (So don't just open the process, but actually click on attach debugger to process)
Then make sure break on unexpected breakpoints is set in memoryview->debug->break on unexpected breakpoints->always
Then you can execute your script that has a breakpoint set
Code: |
createthread(bla)
alloc(bla,4096)
bla:
db cc
nop
//the rest of your code
ret
|
It will then break after that nop instruction
Note though that single stepping from this isn't an option at the moment, but you can use this to set a breakpoint anywhere else in your threadcode
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
 |
predprey Master Cheater
Reputation: 24
Joined: 08 Oct 2015 Posts: 486
|
Posted: Wed Jul 31, 2019 12:47 am Post subject: |
|
|
Dark Byte wrote: | First attach the debugger to the process (So don't just open the process, but actually click on attach debugger to process)
Then make sure break on unexpected breakpoints is set in memoryview->debug->break on unexpected breakpoints->always
Then you can execute your script that has a breakpoint set
Code: |
createthread(bla)
alloc(bla,4096)
bla:
db cc
nop
//the rest of your code
ret
|
It will then break after that nop instruction
Note though that single stepping from this isn't an option at the moment, but you can use this to set a breakpoint anywhere else in your threadcode |
Ahhh... it works now, thank you. Didn't know I needed the "int 3" instruction. Incidentally, switched over to software breakpoints and was able break in the thread even without "Break on unexpected breakpoints" set. So for anyone who can't break into created threads on VEH debugger, try switching over to INT3 software BPs.
|
|
Back to top |
|
 |
|