| View previous topic :: View next topic |
| Author |
Message |
low_density
Expert Cheater
![]() Reputation: 1
Joined: 08 Aug 2009
Posts: 156
|
 Posted: Sun Aug 14, 2011 10:04 pm Post subject: how to check if a register points to an address/is a pointer |
 |
|
| hi, is there any way where you can check if a register contains a value that points to another address or not? because for the auto assembly, i tried to verify if a value is the correct value that i need, but whenever i do an opcode, for example, cmp [eax],7FFFFFFF, it crashes straight.. i think it's because eax contains a value that is not a pointer...
|
|
| Back to top |
|
 |
Corruptor
Advanced Cheater
![]() Reputation: 3
Joined: 10 Aug 2011
Posts: 82
|
| Posted: Mon Aug 15, 2011 12:47 pm Post subject: |
|
|
afaik, there is no way. Writing [eax] would simply force him to interpret eax as a pointer.
I think he would simply try to read 4 Bytes from the address eax though, and that should be no reason to crash. Well, simple general questions:
Do other code injections work? (the ce-equivalent to "update your video card driver  ) (well, just skip it  )
Did you try to use push/popfd/ad? like
| Code: | pushad
pushfd
//do some stuff
popfd
popad |
Maybe your the cmp-instruction messes around with the flags.
Did you try to use the debugger? Use a breakpoint and the step over the code. Maybe it crashes somewhere else.
|
|
| Back to top |
|
|
low_density
Expert Cheater
![]() Reputation: 1
Joined: 08 Aug 2009
Posts: 156
|
| Posted: Mon Aug 15, 2011 9:24 pm Post subject: |
|
|
| i didn't try to use pushfd/ad or popfd/ad, when i try to compare [eax], where eax is not a pointer, it crashes straight. my guess is that in the dissect data/structure scanner, when a value is not a pointer, it will show ????????. is the crash due to the ???????? ?
|
|
| Back to top |
|
|
Geri
Moderator
![]() Reputation: 112
Joined: 05 Feb 2010
Posts: 5627
|
| Posted: Tue Aug 16, 2011 1:03 am Post subject: |
|
|
Here is something that you can try.
1. Activate your script.
2. Find out what is accessed by your CMP code.
3. When the game crashed, right-click on the last value that was accessed by the code (even if it is just ????????) and check the registers. That will show you what was EAX last time before the game has crashed.
_________________
|
|
| Back to top |
|
|
low_density
Expert Cheater
![]() Reputation: 1
Joined: 08 Aug 2009
Posts: 156
|
| Posted: Tue Aug 16, 2011 5:49 am Post subject: |
|
|
| hmm ok i will take that in mind. but geri, can you tell me, is there any way to toggle breakpoint for fullscreen games? i mean there are some games that is impossible to make it run in window mode, but the toggle breakpoint option crashes fullscreen games...
|
|
| Back to top |
|
|
Corruptor
Advanced Cheater
![]() Reputation: 3
Joined: 10 Aug 2011
Posts: 82
|
| Posted: Tue Aug 16, 2011 7:51 am Post subject: |
|
|
U may try a programm called "dxwnd" (just google it). It can force most of the direct-x using programs into windowed mode. If you are using, for example tex mod, u may take a look at it. Im what you might call a "scaredy cat", dxwnd injects code into the target process and is thus detected by antivir etc. and this unpreventable "virus found"-noise always scares the shit out of me... anyways, im digressing... 
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
