News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

How to read and restore registers and flags of another program at runtime?

Started by kesmezar, January 02, 2021, 03:51:03 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

kesmezar

January 02, 2021, 03:51:03 AM Last Edit: February 05, 2021, 06:57:28 PM by kesmezar
Hi,  I'm reading values ​​with ollydbg. What I want to learn is to read and write them in my own program.

hutch--

#1
January 02, 2021, 04:42:45 PM
I am not sure what you are after but reading and writing CPU registers is technically trivial.

mov reg, reg
mov reg, mem
mov mem, reg
note - mov mem, mem will fail, the cpu does not have an instruction for it.

kesmezar

#2
January 02, 2021, 08:40:36 PM Last Edit: February 05, 2021, 07:00:51 PM by kesmezar
@hutch-- thanks for the info.

kesmezar

#3
January 04, 2021, 08:01:37 PM Last Edit: February 05, 2021, 06:58:14 PM by kesmezar
When you change the address, a very different result is read.
I wonder if I'm making a mistake in the type definitions?

TouEnMasm

#4
January 04, 2021, 09:21:13 PM
as a sample who can help you see http://luce.yves.pagesperso-orange.fr/fpu_au_pas_a_pas.html
It is very usefull with the FPU but  he can also work with others registers.
The dowload is in the bottom of the page.
Fa is a musical note to play with CL

jj2007

#5
January 04, 2021, 09:26:14 PM
So what is WriteProcessMemory supposed to do?

kesmezar

#6
January 04, 2021, 09:58:16 PM
@TouEnMasm Thank you very much, I'm reviewing.

@jj2007 "WriteProcessMemory" only served to maintain a stable loop in the offset part.I realized that it would not be possible to write this way with the information given by @hutch--. Also, I'm researching your use of "DumpRegs" on this topic at " http://masm32.com/board/index.php?topic=5354.0 "


An example that I found while researching and was not fully working. Maybe someone needs this.
https://web.archive.org/web/20160314134907/http://kipirvine.com/asm/examples/Test_WriteStackFrame.asm

hutch--

#7
January 04, 2021, 11:01:12 PM
Sounds like you are making a games patch or something similar, just be careful not to post anything that is illegal as it gets us into trouble and we would have to remove it.

kesmezar

#8
January 04, 2021, 11:08:13 PM Last Edit: February 05, 2021, 06:55:09 PM by kesmezar
It is definitely not a game or an illegal issue.
The first non-working sample I found was of course taken from such places. But I am aware of the forum rules, I am too old for the game.
As an administrator, you are free to do whatever is necessary.

hutch--

#9
January 05, 2021, 02:35:20 AM
No problems, just make sure you don't get us into trouble.

jj2007

#10
January 05, 2021, 03:07:07 AM
Quote from: kesmezar on January 04, 2021, 09:58:16 PMI'm researching your use of "DumpRegs" on this topic at " http://masm32.com/board/index.php?topic=5354.0 "

Avoid the Irvine stuff. There are better examples for deb use in Dynamic arrays and Debugging inside a WM_PAINT handler.

kesmezar

#11
January 06, 2021, 02:45:52 AM Last Edit: February 05, 2021, 07:01:36 PM by kesmezar
@jj2007 thank you.

"Avoid the Irvine stuff." I would like to know the reason for your saying.?

jj2007

#12
January 06, 2021, 03:48:43 AM
Quote from: kesmezar on January 06, 2021, 02:45:52 AM
@jj2007 thank you. "Avoid the Irvine stuff." I would like to know the reason for your saying.

- does not conform with the Windows ABI
- used only by a few(?) universities for beginners courses
- not freely available(?)

The examples we see from time to time here in the forum are, well, strange. But nobody stops you from using his stuff. There is even a dedicated sub-forum. Enjoy :thumbsup:
Print
Go Up Pages1
User actions