Hello,
I have been search for the past week for a solution to this, but cannot find one. I have the memory address 0012EBFC that constantly has data being written to it 1200+ times per second by over 300 different instructions. Software memory breakpoints basically prevent the application from moving since the address is being written so many times. My goal is to breakpoint the program when 0012EBFC = 0x0000003C, and then at that point find out the instruction that wrote to it.
When I set a conditional Hardware Breakpoint with the condition to pause when 0012EBFC == 3C, it never pauses, even though I know that the address is infact turning to 3C for at least a split second.
I need to figure out what instruction, out of the 300+, writes 3C to this address. 3C corresponds to a specific action in this program. If I can breakpoint the memory right when it turns 3C 00 00 00 or 0x0000003C, then it should show me the last instruction to write to it... but I can't get the hardware to break on it at all.
Even if I do a hardware breakpoint with no conditions on this address, it still never pauses, as if it's not being hit, but I know the address is changing. Is my Ollydbg 2 bugged or am I just doing this wrong?
Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.
To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.
The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.
All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.
Please be patient while the rest of the site is restored.
To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.
The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.
All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.
Conditional Hardware break on memory address not working
-
OpenStrife
- Junior Member
- Posts: 2
- Joined: Mon Mar 18, 2013 2:43 pm
-
OpenStrife
- Junior Member
- Posts: 2
- Joined: Mon Mar 18, 2013 2:43 pm
http://i.imgur.com/VEmRKNQ.png
Here is a picture of how I have it setup. It's random. Sometimes it will work and flash in the bottom bar in yellow saying "xxxx writes per second" or it will not do anything at all. It's very strange.
Here is a picture of how I have it setup. It's random. Sometimes it will work and flash in the bottom bar in yellow saying "xxxx writes per second" or it will not do anything at all. It's very strange.
Hello,
Why don't you try a completely different approach?
Use CHEAT ENGINE 6.2 --- Don't dismiss it because it's a "game" related application.
Go through the tutorials, and learn how to find code that write a particular value, to a particular location (direct, indirect, pointer based, multiple stacked pointer based --- this gem handles everything), which I am sure is what you want. This program is specifically written for HIGH VOLUME memory location and instruction access/writes.
THEN, open that in your disassembler and take it forward?
Have Phun
Why don't you try a completely different approach?
Use CHEAT ENGINE 6.2 --- Don't dismiss it because it's a "game" related application.
Go through the tutorials, and learn how to find code that write a particular value, to a particular location (direct, indirect, pointer based, multiple stacked pointer based --- this gem handles everything), which I am sure is what you want. This program is specifically written for HIGH VOLUME memory location and instruction access/writes.
THEN, open that in your disassembler and take it forward?
Have Phun
Blame Microsoft, get l337 !!