Results 1 to 4 of 4

Thread: Conditional Hardware break on memory address not working

  1. #1

    Conditional Hardware break on memory address not working

    Hello,

    I have been search for the past week for a solution to this, but cannot find one. I have the memory address 0012EBFC that constantly has data being written to it 1200+ times per second by over 300 different instructions. Software memory breakpoints basically prevent the application from moving since the address is being written so many times. My goal is to breakpoint the program when 0012EBFC = 0x0000003C, and then at that point find out the instruction that wrote to it.

    When I set a conditional Hardware Breakpoint with the condition to pause when 0012EBFC == 3C, it never pauses, even though I know that the address is infact turning to 3C for at least a split second.

    I need to figure out what instruction, out of the 300+, writes 3C to this address. 3C corresponds to a specific action in this program. If I can breakpoint the memory right when it turns 3C 00 00 00 or 0x0000003C, then it should show me the last instruction to write to it... but I can't get the hardware to break on it at all.

    Even if I do a hardware breakpoint with no conditions on this address, it still never pauses, as if it's not being hit, but I know the address is changing. Is my Ollydbg 2 bugged or am I just doing this wrong?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    The problem might be that you are referring to a 4 byte address but trying to monitor a single byte. Are you sure that the "flag" is 4 byte long? FFFFFF3C != 3454323C != 0000003C. . .
    If the key is only in the less significant byte, you need to reconsider your break point strategy.

  3. #3
    http://i.imgur.com/VEmRKNQ.png

    Here is a picture of how I have it setup. It's random. Sometimes it will work and flash in the bottom bar in yellow saying "xxxx writes per second" or it will not do anything at all. It's very strange.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Hello,

    Why don't you try a completely different approach?

    Use CHEAT ENGINE 6.2 --- Don't dismiss it because it's a "game" related application.

    Go through the tutorials, and learn how to find code that write a particular value, to a particular location (direct, indirect, pointer based, multiple stacked pointer based --- this gem handles everything), which I am sure is what you want. This program is specifically written for HIGH VOLUME memory location and instruction access/writes.

    THEN, open that in your disassembler and take it forward?

    Have Phun
    Blame Microsoft, get l337 !!

Similar Threads

  1. Hardware memory breakpoints
    By remdynamic in forum OllyDbg Support Forums
    Replies: 1
    Last Post: July 14th, 2013, 14:36
  2. how to break when a memory address is accessed?
    By mcnorth in forum OllyDbg Support Forums
    Replies: 3
    Last Post: September 13th, 2005, 19:27
  3. Can't set a working Hardware breakpoint
    By Neitsa in forum Advanced Reversing and Programming
    Replies: 10
    Last Post: September 23rd, 2004, 11:55
  4. Hardware-based read-only memory
    By disavowed in forum Advanced Reversing and Programming
    Replies: 6
    Last Post: January 12th, 2004, 21:57
  5. Conditional breakpoint on memory read access*
    By ollynewby in forum OllyDbg Support Forums
    Replies: 2
    Last Post: March 25th, 2003, 06:12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •