| View previous topic :: View next topic |
| Author |
Message |
toffler
Cheater
![]() Reputation: 0
Joined: 27 Sep 2012
Posts: 38
|
 Posted: Wed Feb 05, 2014 12:54 pm Post subject: How to find a jump origin? |
 |
|
I have this code:
| Code: |
12345600 call dword ptr [edx+12]
12345603 push ecx
|
When I put a breakpoint at the first line, it doesn't trigger, when I put it at the second line, it does.
So I assume there is a jump to 12345603, is that correct?
I run assembly code search for *12345603 but it only found the instruction itself.
I again assume that maybe that jump instruction gets the jump address indirectly from a pointer.
If that's the case how do I find where I jump to 12345603 from?
Thank you!
|
|
| Back to top |
|
 |
mgr.inz.Player
I post too much
 Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Wed Feb 05, 2014 1:51 pm Post subject: |
|
|
place breakpoint just before that call
Also, try different debugger (windows debugger, VEH debugger)
and instead "hardware breakpoints" try "int3"
(CE Settings -> Debugger Options)
_________________
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25788
Location: The netherlands
|
| Posted: Wed Feb 05, 2014 2:02 pm Post subject: |
|
|
Try the code dissect tool. With luck it may find out the code that jumps to that line when it's done.
Alternatively, if you can use kernelmode debug (and probably an intel cpu only) then run this before setting the breakpoint:
| Code: |
debug_setLastBranchRecording(true)
|
Then when the breakpoint has been hit use debug_getLastBranchRecord(0) to find out what called the line you're at.
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
toffler
Cheater
![]() Reputation: 0
Joined: 27 Sep 2012
Posts: 38
|
| Posted: Thu Feb 06, 2014 9:35 am Post subject: |
|
|
How do I use dissect code tool?
It's just a window that tells me after I run it that it found tons of conditional and unconditional jumps, how does it help me?
Also, how to use debug_getLastBranchRecord? What does it return and how to print it?
... and how do I know if I can use "kernelmode debug"?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25788
Location: The netherlands
|
| Posted: Thu Feb 06, 2014 10:04 am Post subject: |
|
|
Select the module you wish to dissect (assuming it's in a module)
Once it's done all jump destinations that have been found will have a line on front stating the origin and the type of jump
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
toffler
Cheater
![]() Reputation: 0
Joined: 27 Sep 2012
Posts: 38
|
| Posted: Thu Feb 06, 2014 12:30 pm Post subject: |
|
|
Ah, ok, nothing appears near this line.
Is there anything else I can do?
Is there a way to print all instruction addresses the program executes via lua, as if I'd press and hold F7?
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
