| View previous topic :: View next topic |
| Author |
Message |
m_miro
Newbie cheater
![]() Reputation: 0
Joined: 31 Jul 2019
Posts: 19
|
 Posted: Thu Aug 08, 2019 6:07 am Post subject: Why doesn't function debugger_onBreakpoint fire? |
 |
|
I made a lua script that breaks upon a certain value being written to a certain memory address.
Here is the script
| Code: | debug_setBreakpoint(0x20801000,1,bptWrite)
function debugger_onBreakpoint()
memAdr = 0x20801000
memAdrVal = readBytes(memAdr,1,false)
if(memAdrVal == 0x50) then
speak("ding ding ding")
return 0
else
speak("nope")
return 1
end
end
|
For some reason I can't get the function debugger_onBreakpoint to fire consistently even when I'm watching the memory address change to the certain value that its supposed break upon changing to. Sometimes it does, but most of the time it does not. I thought maybe the script is firing and its returning 1 so I added speak calls so I know if it does return 1 or 0.
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 472
Joined: 09 May 2003
Posts: 25875
Location: The netherlands
|
| Posted: Thu Aug 08, 2019 6:35 am Post subject: |
|
|
Try this:
| Code: |
memAdr = 0x20801000
function debugger_onBreakpoint()
local memAdrVal = readBytes(memAdr,1,false)
print(string.format("val=%d", memAdrVal))
return 1
end
debug_setBreakpoint(memAdr,1,bptWrite)
|
or even
| Code: |
memAdr = 0x20801000
function mybp()
local memAdrVal = readBytes(memAdr,1,false)
print(string.format("val=%.8x", memAdrVal))
return 0 --small discrepancy with the onBreakpoint and custom break
end
debug_setBreakpoint(memAdr,1,bptWrite,mybp)
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
m_miro
Newbie cheater
![]() Reputation: 0
Joined: 31 Jul 2019
Posts: 19
|
| Posted: Thu Aug 08, 2019 7:10 am Post subject: |
|
|
| I tried both of them and neither of them broke nor printed any values.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 472
Joined: 09 May 2003
Posts: 25875
Location: The netherlands
|
| Posted: Thu Aug 08, 2019 7:13 am Post subject: |
|
|
Which debugger interface do you use ? Try the windows interface
And are you using ce 6.7 or later ?
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
m_miro
Newbie cheater
![]() Reputation: 0
Joined: 31 Jul 2019
Posts: 19
|
| Posted: Thu Aug 08, 2019 7:18 am Post subject: |
|
|
| I'm not sure what a debugger interface is and I'm using ce 6.8.3 I used the lua function debug_getCurrentDebuggerInterface to determine my interface and it was 1 which according to the wiki is windows.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 472
Joined: 09 May 2003
Posts: 25875
Location: The netherlands
|
| Posted: Thu Aug 08, 2019 7:58 am Post subject: |
|
|
then i'm not sure. (besides it being the wrong process, kernel memory, or emulator memory)
When you use "find what writes to this address" it does find them all ?
the address is correct?
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
m_miro
Newbie cheater
![]() Reputation: 0
Joined: 31 Jul 2019
Posts: 19
|
| Posted: Thu Aug 08, 2019 8:20 am Post subject: |
|
|
Nothing appears when I use find what writes to this address.
I did get it to crash once. I set a breakpoint on the address 20801000 after pressing the execute script button it crashed upon breaking.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 472
Joined: 09 May 2003
Posts: 25875
Location: The netherlands
|
| Posted: Thu Aug 08, 2019 8:26 am Post subject: |
|
|
ok, what are you trying to do?
What is the process? An emulator? Physical memory ?
Is it a kernel controlled address like the timer ?
Is cheat engine even attached to the process?
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
m_miro
Newbie cheater
![]() Reputation: 0
Joined: 31 Jul 2019
Posts: 19
|
| Posted: Thu Aug 08, 2019 8:54 am Post subject: |
|
|
The process is Jet Set Radio PC port.
I am trying to figure out how the game reads its character model files. It copies what I think is characters model file into memory. At the beginning of every file there are 4 bytes 504C4159 in ascii they are PLAY.
To figure out when process writes the bytes into memory I used the script in my first post. It always writes to the same address 0x20801000. So the script checks that address for the first byte in the file 50 which is P. If it finds it supposed to break and alert me, if it doesn't then it continues.
Cheat engine is attached to process and I do not know what kernel controlled address is.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 472
Joined: 09 May 2003
Posts: 25875
Location: The netherlands
|
| Posted: Thu Aug 08, 2019 9:06 am Post subject: |
|
|
It likely doesn't write the bytes but maps it into memory instead
look into mapviewofsection and mapviewoffile and try hooking there
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
m_miro
Newbie cheater
![]() Reputation: 0
Joined: 31 Jul 2019
Posts: 19
|
| Posted: Thu Aug 08, 2019 9:26 am Post subject: |
|
|
| I can't find the address for mapviewofsection and mapviewoffile isn't listed the referenced functions list nor does is it break when a breakpoint is placed on it. Also I attempted to use break on access instead of break on write and it did break. Both via the script and manually in the memory editor.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 472
Joined: 09 May 2003
Posts: 25875
Location: The netherlands
|
| Posted: Thu Aug 08, 2019 10:52 am Post subject: |
|
|
also check readfile as that read happens in kernelmode it won't be caughtbusing usermode bp's
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
m_miro
Newbie cheater
![]() Reputation: 0
Joined: 31 Jul 2019
Posts: 19
|
| Posted: Thu Aug 08, 2019 11:46 am Post subject: |
|
|
placing bps on readfile works it breaks, breaks and traces, and finds out what address the instruction writes to, but the script doesnt fire, even with pressing the execute button.
| Code: | function debugger_onBreakpoint()
memAdr = 0x20801000
memAdrVal = readBytes(memAdr,1,false)
if(memAdrVal == 0x50) then
speak("ding ding ding")
return 0
else
speak("nope")
return 1
end
end |
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 472
Joined: 09 May 2003
Posts: 25875
Location: The netherlands
|
| Posted: Thu Aug 08, 2019 1:10 pm Post subject: |
|
|
there is no usermode code that writes there. Maybe not even kernelmode code if it uses DMA transfer
so breakpoints won't trigger
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
m_miro
Newbie cheater
![]() Reputation: 0
Joined: 31 Jul 2019
Posts: 19
|
| Posted: Thu Aug 08, 2019 5:40 pm Post subject: |
|
|
I'm not sure what you're saying, breakpoint triggered at ReadFile. Are you saying the break on write trigger wont break?
I don't know why, but it is working now. I placed a breakpoint on 0x2080100 of size 4 bytes and one on 0x20801008 which is another consistently loaded character 'l'. When it loaded in the character data it broke and said "ding ding ding". I am confused.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
