| View previous topic :: View next topic |
| Author |
Message |
ainiyang
How do I cheat?
![]() Reputation: 0
Joined: 01 Apr 2010
Posts: 6
|
 Posted: Thu Jul 15, 2010 10:48 am Post subject: if DbgUiIssueRemoteBreakin had been hook.... |
 |
|
hi,Dark Byte.
I have some questions to ask.
if DbgUiIssueRemoteBreakin had been hook. like as
{
xor eax,eax
rtn
}
so ,I can not receive messages[EXCEPTION_DEBUG_EVENT].resulting in CE have been waiting for messages.How should I go to modify in order to receive information on.
Forgive me, my English is poor.Look forward to your reply. |
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25831
Location: The netherlands
|
| Posted: Thu Jul 15, 2010 12:52 pm Post subject: |
|
|
Not sure what you mean.
You mean if YOU changed it to that or something else?
If something else, and it's preventing restoration then use kernelmode debugging
In ce 6.0 you could use VEHDebugging as well
If you mean you did it yourself and you're asking how to get ce to handle it properly, not sure. As far as I understand DbgUiIssueRemoteBreakin just causes a breakpoint exception to be triggered in a thread that doesn't have a breakpoint set. Only feature of ce that makes use of that is memview->debug->break
And to receive information about the target process then is just set breakpoints manually on positions where you expect the eip instruction to come or access. (e.g find out a value that constantly changes and then find what writes that address and you've got your often used code)
Also, just breaking at random positions is useless most of the time anyhow
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
ainiyang
How do I cheat?
![]() Reputation: 0
Joined: 01 Apr 2010
Posts: 6
|
| Posted: Fri Jul 16, 2010 12:26 am Post subject: |
|
|
thanks for your reply.i have not expressed a clear.
because (DebugActiveProcess call ----DbgUiDebugActiveProcess---DbgUiIssueRemoteBreakin.
DbgUiIssueRemoteBreakin need Remote thread injection.
I do not want call DbgUiIssueRemoteBreakin.
so i hook it like
NTSTATUS VTDbgUiIssueRemoteBreakin(HANDLE Process)
{
return STATUS_SUCCESS;
}
But this makes CE not receive EXCEPTION_DEBUG_EVENT .
when i use "find out what accesss this address " ,
CE suspended animation.How can I do this,I hope that in the last 'LOAD_DLL_DEBUG_EVENT' let CE that already receive EXCEPTION_DEBUG_EVENT/.
forgive me,my English very poor.If you can get your response, I am very grateful |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25831
Location: The netherlands
|
| Posted: Fri Jul 16, 2010 3:00 am Post subject: |
|
|
have you tried waiting 30 seconds ? Does ce give an error message then ? And what is that error ?
When attaching ce only waits for the create_process_event
try this one:
http://cheatengine.org/temp/CheatEngine60Alpha9.rar
before you attach go to memory view->view->debug events, and then attach to process
Check which which events do happen.
And of course, alternatively, again, kernelmode debugging , it can do most of the normal windows api debugging
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
