Cheat Engine

fasmotol · How do I cheat? Reputation: 0 Joined: 06 Feb 2013 Posts: 4

Hi all!
i gotta some sort of crackme (i cannot patch the binary). crackcode is located in a .dll of mine. the only problem i experienced is about DrX registers:
i need to set hardware breakpoint at specified address:
i set corresponding fields (Dr0 and Dr7) of CONTEXT structure in my SEH handler (yeah, app raises a couple of exceptions intentionally) - all dr registers are zeroed, though other changed registers not (general purpose ones).
i also tried to create a thread by dll exported function, that suspends app's main thread and pathces CONTEXT structure, but the result is the same.
app doesn't call SetThreadContext, it has no SEH handlers... i'm at a loss, guys.

Dark Byte · Posted: Wed Feb 06, 2013 3:43 am Post subject:

Are you sure DR7 is set properly? If not, windows will return 0 for all the DRx registers (not just dr7)

fasmotol · How do I cheat? Reputation: 0 Joined: 06 Feb 2013 Posts: 4

Hm... Bits 0;1 of Dr7 are flags for Dr0? or i messed up something? or bits 6;7 are flags for Dr0? have nointel manuals near me, sorry.

fasmotol · How do I cheat? Reputation: 0 Joined: 06 Feb 2013 Posts: 4

I finally gotcha intel manuals, i set everything according to that manual, but the problem still isn't solved:
my SEH handler affects eip too, so when i use debugger i see the right content in Dr regs immediately after handler has been executed - only when eip is the same as in CONTEXT struct. but making a single step in debugger clears all Dr registers!

fasmotol · How do I cheat? Reputation: 0 Joined: 06 Feb 2013 Posts: 4

SOLUTION:
U just need to set corresponding L bit;
(facepalm)