Memory Hacking Software

Discussions Regarding Memory Hacking Software
http://memoryhacking.com/forums/

Is there a way to track executed code

http://memoryhacking.com/forums/viewtopic.php?f=4&t=96

Page 1 of 1

Is there a way to track executed code

PostPosted: Mon Oct 30, 2006 9:52 pm
by *DEAD*
Hi, im in the process of hooking a game, and my task would be greatly simplified if i knew how to track the executed code. I have a feeling that Memory Hacking Software can do that, but i just haven't figured out how yet. For example, i want to click a button and then go back and look at the code which was executed when i clicked the button. Thank you.

PostPosted: Wed Nov 01, 2006 10:42 am
by L. Spiro
Use the debugger (which is unfortunately a little unstable at the moment, but a new one is on its way).

Breakpoint where you want to follow the code and step trough the code as it executes.

Currently no software (I have seen countless pages of people searching for this feature) supports logging of the executed code for later review, however the new debugger I am writing will have this (the current one does already, but it is hidden/disabled).

My future logging feature will not only allow you to follow code after it has been executed, forwards and back, but it will also allow you to compare logs to see what new code was executed.
This is the best way to find all code related to firing your weapon, for example.



For now, the debugger can do what you need, however it might eventually give you a blue screen of death.
If this happens, don’t worry about it; the kernel-mode driver will not load again, and you will never get a blue screen of death again.


L. Spiro

PostPosted: Mon Nov 06, 2006 6:25 pm
by *DEAD*
haha, im not alone then. unfortunately even figuring out where to break a large program is a shot in the dark, but its a start i guess. I cant wait till the code execution tracker is complete, infact this is not the first place ive asked about this.

Great work spiro

Olly

PostPosted: Tue Nov 07, 2006 8:46 am
by AlaXul
In Olly, you can setup traces, to monitor registers and sequences of executed instructions. Though this simply creates a txt file type of log that you need to review manually.

PostPosted: Tue Nov 07, 2006 1:31 pm
by *DEAD*
hmm, but is it possible to see what accessed those registers. my problem now is setting a breakpoint which isnt set off by every other function.

i should also ask (this is my first attempt at any such thing, so im showing my noobity), is there some format that a procedure has in memory. like, is there a pointer that points to it which can be located or something.

PostPosted: Fri Nov 10, 2006 5:36 pm
by L. Spiro
There are cases wherein there are pointers to functions in memory, but no guarantee of such thing and even if there is a pointer to your function, you wouldn’t recognize it.


To set a breakpoint on code that is executed often, set conditions on the breakpoint so that the program is only stopped when you want it to be (given that a register is such value or etc.)

This can be done in both Memory Hacking Software and OllyDbg.
Memory Hacking Software has a wizard for this that makes it simple. As for OllyDbg, I wouldn’t know how.


L. Spiro
All times are UTC + 7 hours
Page 1 of 1
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/