| View previous topic :: View next topic |
| Author |
Message |
maplecheck
Expert Cheater
![]() Reputation: 0
Joined: 22 Jan 2006
Posts: 139
|
 Posted: Fri Feb 25, 2011 11:42 pm Post subject: need help for complex function |
 |
|
how to write complex function?
I need an example.
eg. I break on write at 0x00200000, and I want to break with the value = 123456, how to do?
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 474
Joined: 09 May 2003
Posts: 25929
Location: The netherlands
|
| Posted: Sat Feb 26, 2011 6:18 am Post subject: |
|
|
you can set a databreakpoint at 0x00200000 , then in the breakpointlist rightclick the breakpoint and set the break condition
But if you want to do it fully automated:
| Code: |
function debugger_onBreakpoint()
--assuming there is only 1 breakpoint. More at the same time can and will fuck up
--as there isn't a solid way to determine which bp got hit
local value=readInteger(0x00200000)
if (value == 123456) then
return 0 --break
else
return 1 --continue without break
end
end
debug_setBreakpoint(0x00200000, 4,bptWrite)
|
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
maplecheck
Expert Cheater
![]() Reputation: 0
Joined: 22 Jan 2006
Posts: 139
|
| Posted: Sat Feb 26, 2011 8:38 pm Post subject: |
|
|
| I copy the code and do it, it always show an error: "All debug registers are used up"
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 474
Joined: 09 May 2003
Posts: 25929
Location: The netherlands
|
| Posted: Sat Feb 26, 2011 8:47 pm Post subject: |
|
|
the game you're debugging probably has used all the debug registers (or you've been debugging yourself)
you could try to override it. Go to the threadlist, rightclick each thread and choose "Clear debug registers"
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
maplecheck
Expert Cheater
![]() Reputation: 0
Joined: 22 Jan 2006
Posts: 139
|
| Posted: Sat Feb 26, 2011 9:10 pm Post subject: |
|
|
sorry , I copied the code to breakpoint condition , so it always execute debug_setBreakpoint(0x00200000, 4,bptWrite)
I execute at lua box , it work fine, but I want set the condition by manual, how to do?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 474
Joined: 09 May 2003
Posts: 25929
Location: The netherlands
|
| Posted: Sat Feb 26, 2011 9:31 pm Post subject: |
|
|
you could also update the lua script with a debug_removeBreakpoint(0x00200000)
anyhow, select the address you want to break on (select 4 bytes if possible) rightclick and set a data breakpoint (write)
then go to the breakpointlist, rightclick and set the breakpoint condition you would like (Write a LUA format condition that when returns true will cause a break. e.g ( readInteger(0x00200000) == 123456 )
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
maplecheck
Expert Cheater
![]() Reputation: 0
Joined: 22 Jan 2006
Posts: 139
|
| Posted: Sat Feb 26, 2011 9:56 pm Post subject: |
|
|
thank you.
but this way doesn't found out what write
I means :
the value of 0x00200000 is always change, and I want to find out what write the 0x00200000=123456? how to get the address 0x00200000=123456?
I know do "Find out what writes this address", but it get too most opcodes, I only find out 0x00200000=123456
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 474
Joined: 09 May 2003
Posts: 25929
Location: The netherlands
|
| Posted: Sat Feb 26, 2011 10:05 pm Post subject: |
|
|
ok, to recap:
You want to find the code that writes the value 123456 at address 0x00200000
One way is to pause the process, use the "Find out what writes to this address" on the address, go to the breakpointlist and set the condition: readInteger(0x00200000) == 123456, and continue the process and it'll show it in the usual found code dialog and the more info dialogs will contain the rgister states of when it wrote the specific value
Another method:
use this script:
| Code: |
EIPofInstructionAfterTheOneThatWrites123456=0;
function debugger_onBreakpoint()
--assuming there is only 1 breakpoint. More at the same time can and will fuck up
--as there isn't a solid way to determine which bp got hit
local value=readInteger(0x00200000)
if (value == 123456) then
EIPofInstructionAfterTheOneThatWrites123456=EIP
--perhaps also store other registers
return 1 --continue
else
return 1 --continue without break
end
end
debug_removeBreakpoint(0x00200000)
debug_setBreakpoint(0x00200000, 4,bptWrite)
|
then a while later after 123456 has been written you can do a :
return EIPofInstructionAfterTheOneThatWrites123456 and you'll get the EIP address of the instruction right behind the instruction that writes it (in decimal format)
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
maplecheck
Expert Cheater
![]() Reputation: 0
Joined: 22 Jan 2006
Posts: 139
|
| Posted: Sat Feb 26, 2011 10:36 pm Post subject: |
|
|
thank you. sorry for my bad english.
you also don't understand my means
eg:
4000 mov eax,1
4001 mov [100000],eax
-
5000 mov eax,2
5001 mov [100000],eax
the value of 100000 is changed 1 and 2.
now, I want to find out what write the 0x00100000=1, the code at 4000
but I use your way, it find at 5000
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
