Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
W
W
wlastas2022-03-27 14:45:09
C++ / C#
wlastas, 2022-03-27 14:45:09

How to read the value of the desired CPU register?

Good day.
there is a C# application that reads the memory of a third-party process.
Using the mask (F3 0F 11 8F 88 00 00 00), we find the address of the instruction that reads the desired value.
In the application, it is equal to 7FF7548006C5, just like in the picture.
624046a947683697693395.png
The final value that needs to be read is located at the address in the rdi register +0x88, that is, in my case, I need to get 0x204E31A5BB8 in order to read float from it

. As I understand it, you can only read the register value using C ++.
I would only be glad if this is not the case and it can be read directly from C # - then tell me how.
I suspect that you need to read this value in the "context of the application under study" - I have no idea how to do this from C ++, but at this stage it does not matter.
I'm trying to compile a C++ Dll which I'll be pulling from C# with the code I found here: https://stackoverflow.com/questions/2114163/readin... 

#include <stdio.h>
long Get_rdi() {
    register long x asm("rdi");
    long y = *(&x);
    return y;
}

62404beede8fc789005935.png
62404c4d760b9344280456.png
The problem is that the function doesn't compile.
Perhaps something is wrong with the project / VS settings or some header is missing?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
ValdikSS, 2022-03-27
@ValdikSS

You need to debug this process. Just like that, statically, without changing the process code (to insert a software breakpoint/infinite loop) and debugging it (to use a hardware breakpoint), you won't be able to get the value of rdi.
About 15 years ago, I was writing keygens, and when it was inappropriate, boring or long, I made code sniffers.
The process of creating a sniffer is detailed in ARTeam Ezine #2: https://www.exploit-db.com/ezines/kr5hou2zh4qtebqk...

Before the actual coding part, let's think for a minute what we need to do:
• start the program in suspended mode
• read the original bytes we are going to patch at the magic address
• write some bytes at the magic address, to make program enter an infinite-loop
• let the program run
• monitor if the program arrived at the infinite-loop (at magic address)
• if previous step is done, suspend the program and sniff the serial from EAX
• restore the original bytes (clear the infinite-loop) and resume the program

Similar questions
@
@YAnri2018-11-13 22:03:10
Why b = 10 and not 11? 4Reply
P
Pavel2016-06-25 16:09:44
How to make a button for loading images in the additional field DLE when you click the review? 3Reply
S
sabn1k2016-02-29 17:52:45
What to read next? 2Reply
S
sashka_amelin322020-07-11 12:44:18
How to make an actual path to a document in C#? 2Reply
N
nakem2021-10-12 00:40:27
When is the use of Cgo justified? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question