#1
|
||||
|
||||
When Hardware BP fail's ?
Hi guys :
through my work in dll injection I found something strange . when I use Hardware-BP on my PC on my ( all OS from xp till win8.1) it work fine without any problem . when I send this file to another PC's ( friend PC from other Country ) . maybe this PC's have different in : - OS lang (non English or multi lan OS ( Arabic + Englsih ). - Hardware : CPU is different ( AMD maybe ) or intel with different speed or core- or less memory . the Hardware BP could not reach ( or not happen ) . so any one have any IDea's what could be happen here ? Thanks
__________________
Ur Best Friend Ahmadmansoor Always My Best Friend: Aaron & JMI & ZeNiX |
#2
|
||||
|
||||
im dont know if it helps but as i find out not all processor have support to hardware breakpoints(according to ollydbg manual)
|
#3
|
||||
|
||||
yes .. yes I note this .
so what could be the alternative for HW-BP on this processor except "CC"
__________________
Ur Best Friend Ahmadmansoor Always My Best Friend: Aaron & JMI & ZeNiX |
#4
|
||||
|
||||
you can try memory-breakpoint or debugger breakpoint maybe there more but better listen someone who more know in this topic
|
The Following User Gave Reputation+1 to DMichael For This Useful Post: | ||
ahmadmansoor (07-06-2014) |
#5
|
||||
|
||||
ahmadmansoor,
I doubt that understand your mean , but when I have a strong target that detect any type of break points like software, hardware, memory etc, I use “EB FE” trick. maybe, you can use “EB FE” in your target. |
The Following User Gave Reputation+1 to Mahmoudnia For This Useful Post: | ||
ahmadmansoor (07-06-2014) |
#6
|
|||
|
|||
My guess would be you've disabled UAC or are logged in as admin, while your friend is using a normal user account to run your software. The debug privilege is by default only enabled for the admin user group.
The next possibility would be that one of you is running the software inside a virtual machine and the software takes a different execution path depending on the environment either for compatibility or protection reasons. It also could be that some IPS is running on your friend's system blocking this kind of action. Or it's some poorly configured anti-virus solution. If it really is the former, he shouldn't be running some software from some friend anyways. |
The Following User Gave Reputation+1 to Kerlingen For This Useful Post: | ||
ahmadmansoor (07-06-2014) |
#7
|
|||||
|
|||||
@Mahmoudnia : yes I know this trick EB FE loop but it is not as professional work ,and in another hande for hook a lot of places this is not effective and will slow programs (which is already heavy in loaded -like graphic prog- ).
@Kerlingen : Quote:
Quote:
Quote:
Quote:
Quote:
__________________
Ur Best Friend Ahmadmansoor Always My Best Friend: Aaron & JMI & ZeNiX |
#8
|
||||
|
||||
It depends on what type/method of dll injection you use.
|
The Following User Gave Reputation+1 to ZeNiX For This Useful Post: | ||
ahmadmansoor (07-11-2014) |
#9
|
|||
|
|||
I agree with Kerlingen's suggestion that a different code path is taken. In that case, it's not that the hardware breakpoints are not working, but that the addresses are never reached. You can test this by breaking at OEP+next instead, you will probably find that it works on both machines. If so, then it confirms that the environment is different between the two machines. It might be the presence or absence of other software, for example missing DLLs or similar.
So, try the OEP break and tell us what happens. |
|
|