0

I found in OllyDBG breakpoint with address 0026D320

My breakpoint

I want to read EAX-register in my C++ code, when the program executed in this address, but my address in code is always wrong, even when the breakpoint is working in OllyDBG

DWORD address = 0x0026D320; // Here is my address/ It's always wrong!

DebugActiveProcess(pid); // PID of target process

CONTEXT ctx = {0};
ctx.ContextFlags = CONTEXT_DEBUG_REGISTERS | CONTEXT_INTEGER;
ctx.Dr0 = address;
ctx.Dr7 = 0x00000001;
SetThreadContext(hThread, &ctx); // hThread with enough permissions

DEBUG_EVENT dbgEvent;
while (true)
{
    if (WaitForDebugEvent(&dbgEvent, INFINITE) == 0)
        break;

    if (dbgEvent.dwDebugEventCode == EXCEPTION_DEBUG_EVENT &&
        dbgEvent.u.Exception.ExceptionRecord.ExceptionCode == EXCEPTION_SINGLE_STEP)
    {
        //next If-operator always false
        if (dbgEvent.u.Exception.ExceptionRecord.ExceptionAddress == (LPVOID)address)
        {
            GetThreadContext(hThread, &ctx);
            DWORD eax = ctx.Eax; // eax get
        }
    }

    ContinueDebugEvent(dbgEvent.dwProcessId, dbgEvent.dwThreadId, DBG_CONTINUE);
}

How can I read EAX-register in my code on this breakpoint from OllyDBG?

alexbayker
  • 882
  • 9
  • 19
  • Does this answer your question? [how can i read value from register using C++](https://stackoverflow.com/questions/19895038/how-can-i-read-value-from-register-using-c) – Renat Oct 16 '22 at 11:34
  • I know, how can I read EAX-register, i don’t know how can I EAX-register with address of my breakpoint from OllyDBG. – alexbayker Oct 16 '22 at 11:42
  • 1
    Then it's not clear what's the question. Because address of code is not constant, it'll be different for each instance of process, due to ASLR https://en.wikipedia.org/wiki/Address_space_layout_randomization#Microsoft_Windows – Renat Oct 16 '22 at 11:49
  • Okay, how can I get address of my breakpoint dinamically, in code? – alexbayker Oct 16 '22 at 11:54
  • Why would you need an address then? You may add a breakpoint programmatically without knowing address. Check https://stackoverflow.com/questions/15986482/how-to-set-breakpoints-programmatically-in-visual-c – Renat Oct 16 '22 at 11:57
  • Ok, my question is “How can I import my breakpoint from OllyDBG to my C++ code?” – alexbayker Oct 16 '22 at 12:01

0 Answers0