ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Fri Nov 24, 2017 11:14 am

All times are UTC




Post new topic  Reply to topic  [ 24 posts ]  Go to page Previous 1 2
Author Message
 Post subject: Re: Offbreak 0.3
PostPosted: Wed Jul 22, 2015 2:25 pm 

Joined: Thu Aug 14, 2014 3:29 am
Posts: 5
It breaks on ntdll.DbgUiRemoteBreakin. When I continue, it go through offbreak_*.dll


Top
   
 Post subject: Re: Offbreak 0.3
PostPosted: Wed Jul 22, 2015 2:40 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 7145
Exactly that's the expected behaviour :)
There you should have an INT3 with RAX pointing to the data read from the file.
The rest is just normal debugging, if you want to return to the program you must first return from offbreak and from the Windows APIs that have been called for reading the data... but you should not care about that because your interest are the operations made on the data read from the file (hardware bp).


Top
   
 Post subject: Re: Offbreak 0.3
PostPosted: Fri Jul 24, 2015 1:25 pm 

Joined: Thu Aug 14, 2014 3:29 am
Posts: 5
thanks, it's really hard to follow assembly. In x64dbg, I cannot put conditional breakpoint.
I want to set IDA as JIT debugger. I don't know how to do for 64 bit.
I know the Aedebug registry entry. However, using idaq64 -I1, does not change entry for x64. It sets for the one under the Wow6432Node.
Do you have any knowledge about it?
Or can you suggest a good x64 debugger?


Top
   
 Post subject: Re: Offbreak 0.3
PostPosted: Fri Jul 24, 2015 4:10 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 7145
You need Administrator privileges to do that operation.

If offbreak still loads the old debugger (may happen), check the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 24 posts ]  Go to page Previous 1 2

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited