| View previous topic :: View next topic |
| Author |
Message |
SwaggaJackin'
Master Cheater
 Reputation: 2
Joined: 06 Nov 2009
Posts: 312
|
 Posted: Tue Sep 28, 2010 1:52 pm Post subject: Help getting a debugger attached to dead rising 2 |
 |
|
I've found the game makes 2 calls to IsDebuggerPresent:
00ADEEAB
00AE5381
both call the IsDebuggerPresent() function at:
75A03510
I've bypassed the function with an assembler script:
| Code: |
[ENABLE]
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(exit)
75A0351D:
jmp newmem
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
mov eax, 0
ret
exit:
jmp returnhere
[DISABLE]
dealloc(newmem)
75A0351D:
ret
nop
nop
nop
nop
|
Now normally the moment you attach a debugger the game crashes immediatley, with the script in place, it isn't immediate but the game eventually crashes within a few seconds (5-7).
How can I go about finding where the other debug check is (if there is one)?
Or is this "2nd" crash the cause of a crc check done by GFWL? I don't believe this to be the case otherwise it would crash once the memory was modified with the script.
Thanks.
|
|
| Back to top |
|
 |
Geri
Moderator
![]() Reputation: 112
Joined: 05 Feb 2010
Posts: 5627
|
| Posted: Tue Sep 28, 2010 2:55 pm Post subject: |
|
|
I was able to attach debugger's for Windows Live games.
With these options:
Use kernelmode debugger.
Try to prevent detection of the debugger
Handle breakpoints not caused by CE
I don't know about this game. Didn't check it yet, seems it got bad critics.
_________________
|
|
| Back to top |
|
|
SwaggaJackin'
Master Cheater
Reputation: 2
Joined: 06 Nov 2009
Posts: 312
|
| Posted: Tue Sep 28, 2010 3:08 pm Post subject: |
|
|
| Geri wrote: | I was able to attach debugger's for Windows Live games.
With these options:
Use kernelmode debugger.
Try to prevent detection of the debugger
Handle breakpoints not caused by CE
I don't know about this game. Didn't check it yet, seems it got bad critics. |
Kernel mode debugger isn't an option, I'm on Vista x64 and DBVM just crashes my system. It's not even the issue here.
Preventing detection of the debugger gives me the same result as my script above. It doesn't crash immediately, but it does within a few seconds after the debugger is attached.
Anyone got any ideas? 
EDIT: Found the crc check and bypassed it.
However, the game still crashes when the debugger is attached, so it's not the crc check doing it.
=/
Last edited by SwaggaJackin' on Wed Sep 29, 2010 9:54 am; edited 1 time in total |
|
| Back to top |
|
|
Geri
Moderator
![]() Reputation: 112
Joined: 05 Feb 2010
Posts: 5627
|
| Posted: Tue Sep 28, 2010 9:56 pm Post subject: |
|
|
Don't know but there is a trainer out there alredy, no clue if it's working. Why do You want to hack it so badly? Is it such a good game? If You say so, maybe I should try it out. I am just afraid it will be another silly "from console to PC" dumbness with stupid gameplay.
CE6 maybe with VEHDebugger? Don't know if it would work.
_________________
|
|
| Back to top |
|
|
SwaggaJackin'
Master Cheater
Reputation: 2
Joined: 06 Nov 2009
Posts: 312
|
| Posted: Tue Sep 28, 2010 10:15 pm Post subject: |
|
|
| Does it matter? I just wanna know how.
|
|
| Back to top |
|
|
Geri
Moderator
![]() Reputation: 112
Joined: 05 Feb 2010
Posts: 5627
|
| Posted: Tue Sep 28, 2010 10:24 pm Post subject: |
|
|
Sorry. 
No it doesn't matter I was just curious if You want to hack it because the game is so awesome or just because it is a challenge. Didn't want to ask stupid questions. 
So I guess it didn't work with CE6 either. No more clues from my part now unfortunately. It was just a guess.
_________________
|
|
| Back to top |
|
|
SwaggaJackin'
Master Cheater
Reputation: 2
Joined: 06 Nov 2009
Posts: 312
|
| Posted: Wed Sep 29, 2010 9:54 am Post subject: |
|
|
Found an error on my CRC bypass, although the address was static, it does not remain the same each launch. Updated:
| Code: |
[ENABLE]
aobscan(xlive_crc,8B FF 55 8B EC 83 EC 20 53 56 57 8D 45 E0 33 F6 50 FF 75 0C 8B F9 8B 4D 08 89 75 E0 89 75 E4 89)
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(exit)
xlive_crc:
jmp newmem
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
retn 0c
nop
exit:
jmp returnhere
[DISABLE]
aobscan(xlive_crc,E9 A9 10 D5 9A 83 EC 20 53 56 57 8D 45 E0 33 F6 50 FF 75 0C 8B F9 8B 4D 08 89 75 E0 89 75 E4 89)
dealloc(newmem)
xlive_crc:
mov edi,edi //originalcode
push ebp //originalcode
mov ebp,esp //originalcode
|
Attaching a debugger still crashes however.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 474
Joined: 09 May 2003
Posts: 25952
Location: The netherlands
|
| Posted: Wed Sep 29, 2010 1:35 pm Post subject: |
|
|
for gfwl you really need 32-bit
kernelmode debug with global debugregisters
perhaps you could try to figure out why it crashes. (e.g debugregister overwritten, or selfdestruct because of a getthreadcontext check)
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
SwaggaJackin'
Master Cheater
Reputation: 2
Joined: 06 Nov 2009
Posts: 312
|
| Posted: Wed Sep 29, 2010 1:49 pm Post subject: |
|
|
| Alright, I'll try to find any terminate process functions and see when they are being called.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
