Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Dr registers are zeroed after ZwResumeThread

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
fasmotol
How do I cheat?
Reputation: 0

Joined: 06 Feb 2013
Posts: 4

PostPosted: Wed Feb 06, 2013 2:53 am    Post subject: Dr registers are zeroed after ZwResumeThread Reply with quote

Hi all!
i gotta some sort of crackme (i cannot patch the binary). crackcode is located in a .dll of mine. the only problem i experienced is about DrX registers:
i need to set hardware breakpoint at specified address:
i set corresponding fields (Dr0 and Dr7) of CONTEXT structure in my SEH handler (yeah, app raises a couple of exceptions intentionally) - all dr registers are zeroed, though other changed registers not (general purpose ones).
i also tried to create a thread by dll exported function, that suspends app's main thread and pathces CONTEXT structure, but the result is the same.
app doesn't call SetThreadContext, it has no SEH handlers... i'm at a loss, guys.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 383

Joined: 09 May 2003
Posts: 22885
Location: The netherlands

PostPosted: Wed Feb 06, 2013 3:43 am    Post subject: Reply with quote

Are you sure DR7 is set properly? If not, windows will return 0 for all the DRx registers (not just dr7)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
fasmotol
How do I cheat?
Reputation: 0

Joined: 06 Feb 2013
Posts: 4

PostPosted: Wed Feb 06, 2013 5:11 am    Post subject: Reply with quote

Hm... Bits 0;1 of Dr7 are flags for Dr0? or i messed up something? or bits 6;7 are flags for Dr0? have nointel manuals near me, sorry.
Back to top
View user's profile Send private message
fasmotol
How do I cheat?
Reputation: 0

Joined: 06 Feb 2013
Posts: 4

PostPosted: Wed Feb 06, 2013 6:34 pm    Post subject: Reply with quote

I finally gotcha intel manuals, i set everything according to that manual, but the problem still isn't solved:
my SEH handler affects eip too, so when i use debugger i see the right content in Dr regs immediately after handler has been executed - only when eip is the same as in CONTEXT struct. but making a single step in debugger clears all Dr registers!
Back to top
View user's profile Send private message
fasmotol
How do I cheat?
Reputation: 0

Joined: 06 Feb 2013
Posts: 4

PostPosted: Fri Feb 08, 2013 2:49 am    Post subject: Reply with quote

SOLUTION:
U just need to set corresponding L bit;
(facepalm)
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites