breakpoint on execute hw vs SW

Need Help With an Existing Feature in Memory Hacking Software? Ask Here

Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo

breakpoint on execute hw vs SW

Postby mezzo » Sun Nov 25, 2007 8:30 am

heyhey :-)

I'm messing with neverwinter nights, I created a script on a HW breakpoint (in the callback spot), that changes some values. Everything works as expected.. but since there are only 4 HW breakpoints, I switched them to software breakpoints instead.

But for some reason that doesn't work, the scripts aren't executed... Is this caused by the game figuring out that I'm messing with it ? Any ideas how I can see what is going on ?

I'm only doing the following (nothing too fancy):
Code: Select all
VOID On_BP_3( LPVOID lpvAddress, LPPROC_INFO_MHS lpProcInfo ) {

lpProcInfo->pcContext->Ebp |= 0x3E8;
lpProcInfo->bSetContext = TRUE;

//PrintF( "Breakpoint hit at 0x%08X.", (DWORD)lpvAddress);   
}


oh and one more question, is it possible to save breakpoints in between sessions ? I see a loading function in the menu, but nothing to save them...
- No thanks, I already have a penguin -
User avatar
mezzo
El Mariachi
 
Posts: 739
Joined: Mon Apr 30, 2007 10:27 pm
Location: Antwerp

Postby L. Spiro » Sun Nov 25, 2007 9:58 am

Software breakpoints are too slow to be practical.
You should find a way to use only hardware breakpoints (for read/write).
Software is best used with execute only.

If you had a software read/write breakpoint running you could not play the game.


Save breakpoints by right-clicking them in the list and selecting Save As.


L. Spiro
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Postby mezzo » Sun Nov 25, 2007 10:12 am

thnx I figured out the save function :-)

Software breakpoints are too slow to be practical.
You should find a way to use only hardware breakpoints (for read/write).
Software is best used with execute only.


actually I tested the script for the breakpoint with a HW execute breakpoint, and the script runs fine, but when I convert it to a software execute breakpoint, the script doesn't run anymore. Any ideas why that is ??

EDIT: I'm not using read/write software BP's, only execute ones, but the script doesn't run :-(
- No thanks, I already have a penguin -
User avatar
mezzo
El Mariachi
 
Posts: 739
Joined: Mon Apr 30, 2007 10:27 pm
Location: Antwerp

Postby Shynd » Sun Nov 25, 2007 11:29 am

I'm having the same issue in 4.0.0.6. Software execute breakpoints don't seem to hit at all, or even get applied. There's no change in memory, no 0xCC written to the address. In fact, even right-clicking anywhere in the Disassembler and choosing 'NOP Selected' does nothing. That's very odd.
User avatar
Shynd
Acker
 
Posts: 68
Joined: Fri Jan 05, 2007 2:11 am

Postby L. Spiro » Sun Nov 25, 2007 2:07 pm

MHS 4.0.0.7 automatically changes the page properties to writable if setting the breakpoint fails (hence this problem will not exist).


Due to my guest for the weekend I will not have time to advance much on MHS. I would have otherwise had MHS 4.0.0.7 ready later this night.
Since there will be an extra one or two days to wait, this sample release can be used to bide the time.
It has the Auto-Assembler, tons of new script functions, and all requested fix-ups thus far.
The Debugger can now be fully controlled via scripts.
http://www.memoryhacking.com/MemHack/MHS4.0.0.7.Test.rar


L. Spiro
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Postby mezzo » Sun Nov 25, 2007 8:53 pm

@shynd: Thanks for the confirmation, mate ! I was going gaga trying to figure out what I was doing wrong

@L.Spiro: whee, new features ! Going to try them out right now. Thanks already for all the work !! Can't wait to mess around with it :D
- No thanks, I already have a penguin -
User avatar
mezzo
El Mariachi
 
Posts: 739
Joined: Mon Apr 30, 2007 10:27 pm
Location: Antwerp

Postby Shynd » Mon Nov 26, 2007 1:18 am

Call me stupid but I can't find the Auto-Assembler in the Test that you uploaded.

By the way, I adore the debugging functions.
User avatar
Shynd
Acker
 
Posts: 68
Joined: Fri Jan 05, 2007 2:11 am

Postby L. Spiro » Mon Nov 26, 2007 7:20 am

Hit Ctrl-U on the main window.


L. Spiro
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Postby Shynd » Mon Nov 26, 2007 7:52 am

I hate to eat into your time with your guest, but can you give a precursory overview of how a simple codecave would work? Like...
Code: Select all
1004878:
mov ecx, [deadbeef]
jmp 100287E

1002878:
jmp 1004878
nop
...or something of that nature? Just the form in which labels work, I suppose, would be helpful. Thanks again.
User avatar
Shynd
Acker
 
Posts: 68
Joined: Fri Jan 05, 2007 2:11 am

Postby L. Spiro » Mon Nov 26, 2007 10:17 am

Code: Select all
Label( MyCode, 2048 )
Label( MyValue, 4 )
Label( Return )
Label( OriginalCode )
FullAccess( winmine.exe+4878, 90 )

; Original code location.  Overwritten with a JMP and NOP’s.
winmine.exe+4878 :
JMP MyCode
NOP
NOP
Return


MyCode :
MOV [MyValue], ECX ; Put ECX into our special location.

; The original code we overwrote. 
OriginalCode :
MOV EAX, ECX


; Go back to the game code.
JMP Return


MHS 4.0.0.7 will also have db so you would not need to allocate a second code cave.
Or you can use another address inside the same code cave as long as it does not overwrite your current value.


L. Spiro
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan


Return to Help

Who is online

Users browsing this forum: No registered users and 0 guests

cron