Reading Register Values @ code execution

**silent-kill** · 12-13-2006, 07:53 AM

does anyone knows any API or process where in you can read register values on code execution

a code:

Code:

100CBC27 |. 8902      MOV DWORD PTR DS:[EDX],EAX    <<<< i want to read EAX value at this exact moment of code execution 
100CBC29 |. 7F 03     JG SHORT HTLaunch.100CBC2E
100CBC2B |. 8322 00    AND DWORD PTR DS:[EDX],0
100CBC2E |> E8 CDFFFFFF  CALL HTLaunch.100CBC00
100CBC33 |. 8B0D 30A19B10 MOV ECX,DWORD PTR DS:[109BA130]
100CBC39 |. 50       PUSH EAX			  
100CBC3A |. FF32      PUSH DWORD PTR DS:[EDX]
100CBC3C |. E8 0405FDFF  CALL HTLaunch.1009C145

what i want to achieve is like create an "imaginary breakpoint" @ 100CBC27 ,so when the program reach this code i would
want then to read the value of EAX...

sort of like monitoring EAX @ 100CBC27..

can i achieve this with ReadProcessMemory() without injecting my codes(opcodes) to the program..?. or do i need to create a code cave?

**silent-kill** · 12-18-2006, 08:35 AM

paita wa mai ni reply...

anyway na solve na nako.. akong probs karon is copying a pointer's content to another pointer...

ex:

Code:

101131B6  8B4424 10    MOV EAX,DWORD PTR SS:[ESP+10] <<< ESP+10 holds the content i want to read...

so akong gi buhat.. akong gi

MOV [staticpointer],ESP
then ako gi read ang value sa [staticpointer+10] ... para ma kuha ang content.. akong prob is... along the way... i clear man diay niya ang
content sa [ESP+10] so dili ko maka kuha sa iyang sulod.. kai either ang program hinay kaau mo read etc...

akong gusto karon ako copyahon ang content mismo sa [ESP+10] instead of pointing to its pointer...

onsa mai command ana?.. sa ASM?..

**silent-kill** · 01-27-2007, 09:00 PM

mora wa mai naka mao ani.

if anyone was wondering, ngano nangutana ko.. tungod kai ako ta i defeat ang DMA(dynamic memory allocation) i was making a bot for an online game thats all

hehee.

anyway na solve nanako ang probs thx for viewing nalang...
i used the ff. process/ techniques kong kinsa to interested...
- code injection
- static pointers
- offsets..

**godCode** · 01-28-2007, 10:05 AM

kuyawa na gud nimo bay... l33t hax0rz na diay ka... hehehehehe

**INFRACTION** · 01-28-2007, 12:23 PM

wow grabeha ka low level ... proness kaau ni dah... asm

**silent-kill** · 02-04-2007, 12:06 AM

lingaw lingaw raniako bai bago rapud ko ani.. mao nangutana ko ninyo... kapoy kaau sigi dula nga di matog. oi hahaa. XD

**mclaine** · 07-06-2010, 09:22 PM

Godbless people

Thread: Reading Register Values @ code execution

Thread Tools

Search Thread