Valhalla Legends Forums Archive | General Discussion | An automatic live debugger?

AuthorMessageTime
Myndfyr
OK... so here's my quandary.

I've gotten pretty far in disassembling the WoW authentication server connection, but I'm still going wrong in calculating S.  In order for me to know where I'm going wrong, though, I need to know how to calculate a, or at least where WoW does it (WoW uses SRP-6). 

Is there such a debugger that I can attach to the process, have it auto-break on each instruction, look at the instruction just about to be processed, and then have it record the values modified before-and-after?  So if an instruction was mov ecx, eax, then the debugger would say "at instruction .text:xxxxxxxx, ecx changed from xxx to yyy".

Does something like this even exist?  Or are there alternative strategies to coming up with it?
December 7, 2005, 1:10 AM
Arta
Any debugger should give you that kind of information, although, perhaps not in that form. Nonetheless, you should certainly be able to step through code and see the registers and memory that each instruction reads and alters.
December 7, 2005, 5:09 AM
Myndfyr
Of course.  I'm looking for somethinig that will do this automatically (hence the "automatic" word in the title ;)) given a specified function or set of functions.
December 7, 2005, 6:32 AM
kamakazie
OllyDbg has tracing capabilities.
December 7, 2005, 7:59 AM
Arta
[quote author=MyndFyre link=topic=13442.msg136680#msg136680 date=1133937123]
I'm looking for somethinig that will do this automatically
[/quote]

Why?
December 7, 2005, 3:25 PM
Myndfyr
[quote author=Arta[vL] link=topic=13442.msg136704#msg136704 date=1133969116]
[quote author=MyndFyre link=topic=13442.msg136680#msg136680 date=1133937123]
I'm looking for somethinig that will do this automatically
[/quote]

Why?
[/quote]
Because I'm lazy. :P
December 7, 2005, 4:02 PM
Kp
It might be more efficient to drop a write-access breakpoint on where the data appears and backtrack from there.  It'll take a few iterations (once per time the value is copied), but it's probably less output than what you're proposing.
December 7, 2005, 11:36 PM

Search