Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[MASM32] INT3 Detection

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
UnLmtD
Grandmaster Cheater
Reputation: 0

Joined: 13 Mar 2007
Posts: 894
Location: Canada
PostPosted: Wed Aug 01, 2007 10:59 am    Post subject: Reply with quote
I already got something of the sort. But this wont detect hardware breakpoints. If anyone wants to know how, Dual made a blog entry a long time ago about how to detect hardware breakpoints. His blog can be found at http://dualpage.muz.ro/ Look under the System & Kernel section.

Later.
_________________
Back to top
View user's profile Send private message
Ksbunker
Advanced Cheater
Reputation: 0

Joined: 18 Oct 2006
Posts: 88
PostPosted: Wed Aug 01, 2007 6:41 pm    Post subject: re: Reply with quote
"One thing you must remember when using the CONTEXT structure: it must be aligned on dword boundary else you'd get strange results under NT. You must put "align dword" just above the line that declares it, like this:" -Iczelion

Code:
align dword
MyContext CONTEXT <>


Thought i'd just mention that.
Back to top
View user's profile Send private message
appalsap
Moderator
Reputation: 0

Joined: 27 Apr 2006
Posts: 6753
Location: Pakistan
PostPosted: Wed Aug 01, 2007 6:50 pm    Post subject: Reply with quote
From the MSDN page:


    Remarks

    This function is used to retrieve the thread context of the specified thread. The function retrieves a selective context based on the value of the ContextFlags member of the context structure. The thread identified by the hThread parameter is typically being debugged, but the function can also operate when the thread is not being debugged.

    You cannot get a valid context for a running thread. Use the SuspendThread function to suspend the thread before calling GetThreadContext.

    If you call GetThreadContext for the current thread, the function returns successfully; however, the context returned is not valid.
Back to top
View user's profile Send private message
Ksbunker
Advanced Cheater
Reputation: 0

Joined: 18 Oct 2006
Posts: 88
PostPosted: Mon Aug 20, 2007 12:55 am    Post subject: re: Reply with quote
Thought i'd point out in my package of masm, the eip member of Context struct is "regEip" and not Eip. If anyone was using this and wondering why it wasn't working, just double check this member name.

Code:
CONTEXT STRUCT
  ContextFlags  DWORD      ?
  iDr0          DWORD      ?
  iDr1          DWORD      ?
  iDr2          DWORD      ?
  iDr3          DWORD      ?
  iDr6          DWORD      ?
  iDr7          DWORD      ?
  FloatSave     FLOATING_SAVE_AREA <>
  regGs         DWORD      ?
  regFs         DWORD      ?
  regEs         DWORD      ?
  regDs         DWORD      ?
  regEdi        DWORD      ?
  regEsi        DWORD      ?
  regEbx        DWORD      ?
  regEdx        DWORD      ?
  regEcx        DWORD      ?
  regEax        DWORD      ?
  regEbp        DWORD      ?
  regEip        DWORD      ?
  regCs         DWORD      ?
  regFlag       DWORD      ?
  regEsp        DWORD      ?
  regSs         DWORD      ?
  ExtendedRegisters db MAXIMUM_SUPPORTED_EXTENSION dup(?)
CONTEXT ENDS
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites