Is there a way to track executed code

Need Help With an Existing Feature in Memory Hacking Software? Ask Here

Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo

Is there a way to track executed code

Postby *DEAD* » Mon Oct 30, 2006 9:52 pm

Hi, im in the process of hooking a game, and my task would be greatly simplified if i knew how to track the executed code. I have a feeling that Memory Hacking Software can do that, but i just haven't figured out how yet. For example, i want to click a button and then go back and look at the code which was executed when i clicked the button. Thank you.
*DEAD*
I Have A Few Questions
 
Posts: 4
Joined: Mon Oct 30, 2006 9:49 pm

Postby L. Spiro » Wed Nov 01, 2006 10:42 am

Use the debugger (which is unfortunately a little unstable at the moment, but a new one is on its way).

Breakpoint where you want to follow the code and step trough the code as it executes.

Currently no software (I have seen countless pages of people searching for this feature) supports logging of the executed code for later review, however the new debugger I am writing will have this (the current one does already, but it is hidden/disabled).

My future logging feature will not only allow you to follow code after it has been executed, forwards and back, but it will also allow you to compare logs to see what new code was executed.
This is the best way to find all code related to firing your weapon, for example.



For now, the debugger can do what you need, however it might eventually give you a blue screen of death.
If this happens, don’t worry about it; the kernel-mode driver will not load again, and you will never get a blue screen of death again.


L. Spiro
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Postby *DEAD* » Mon Nov 06, 2006 6:25 pm

haha, im not alone then. unfortunately even figuring out where to break a large program is a shot in the dark, but its a start i guess. I cant wait till the code execution tracker is complete, infact this is not the first place ive asked about this.

Great work spiro
*DEAD*
I Have A Few Questions
 
Posts: 4
Joined: Mon Oct 30, 2006 9:49 pm

Olly

Postby AlaXul » Tue Nov 07, 2006 8:46 am

In Olly, you can setup traces, to monitor registers and sequences of executed instructions. Though this simply creates a txt file type of log that you need to review manually.
User avatar
AlaXul
Sir Hacks-A-Lot
 
Posts: 34
Joined: Thu Jul 27, 2006 7:50 am

Postby *DEAD* » Tue Nov 07, 2006 1:31 pm

hmm, but is it possible to see what accessed those registers. my problem now is setting a breakpoint which isnt set off by every other function.

i should also ask (this is my first attempt at any such thing, so im showing my noobity), is there some format that a procedure has in memory. like, is there a pointer that points to it which can be located or something.
*DEAD*
I Have A Few Questions
 
Posts: 4
Joined: Mon Oct 30, 2006 9:49 pm

Postby L. Spiro » Fri Nov 10, 2006 5:36 pm

There are cases wherein there are pointers to functions in memory, but no guarantee of such thing and even if there is a pointer to your function, you wouldn’t recognize it.


To set a breakpoint on code that is executed often, set conditions on the breakpoint so that the program is only stopped when you want it to be (given that a register is such value or etc.)

This can be done in both Memory Hacking Software and OllyDbg.
Memory Hacking Software has a wizard for this that makes it simple. As for OllyDbg, I wouldn’t know how.


L. Spiro
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan


Return to Help

Who is online

Users browsing this forum: No registered users and 0 guests

cron