Reverse Engineering Asked by Anton Knyazyev on June 6, 2021
I’m trying to set hardware breakpoints from code by using Get/SetThreadContext and modifying DR0..3, DR7, but it only works if I do it repeatedly. Most of the time when I use Get after having used Set before, I see the values completely trampled (sometimes to 0s, sometimes to bogus numbers which are clearly not even addresses). Get’s return value is always 1. Sometimes it sticks for a while and the breakpoint hits. What could cause is and is there a way to track it? I tried setting a code breakpoint in SetThreadContext in ntdll, but it’s only being called from my code. It happens with and without VS attached. I must add it’s a game engine project, so it might be that some 3rd party lib does that.
The config is Ryzen 3900, Windows 10 20H2, Windows SDK 10.0.14393, VS 2017
This sounds like some anti-debugging measure and is probably done by a kernel driver so you won't catch it with user-mode breakpoints. Check the driver list before and after installing the game, that should show the culprit.
Answered by Igor Skochinsky on June 6, 2021
ok turns out it was a rookie mistake - i didn't set ContextFlags to CONTEXT_DEBUG_REGISTERS before calling GetThreadContext
Answered by Anton Knyazyev on June 6, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP