Hey guys, I'm here again!

I'm having a little problem...

I have this assembly on my PE file:
MOV AL, BYTE PTR DS:[EAX]

EAX is a memory address, in other word, the code is trying to read a byte from a address memory.. i need to break when this happen at the address memory of EAX.
Supposed that i know which is the address but i need to break every time that it try to "read" the byte of that address.

Anybody have any suggestion ?
I've tried memory breakpoint but it doesn't worked..

thanks!!

Instead, why don't you put a EXECUTE h/w breakpoint on this very instruction itself?

Then you can examine the contents of the memory address at your leisure, dump it and it's even helping you in case the exec/dll rebases everything everytime.

Have Phun

Because I want to automate this verification, then I need to know WHO is reading that part of memory and if is sequential read, then i can guess the code is doing it to do some CRC checksum.

I've tried to Mem BP, HW Bp and both.... unsuccessful.

I don't know what to do.. BTW here is the code.. http://pastebin.com/x8vbiHLE

you got some problmes problems in the code your you pasted
it crashes tryong trying to read some address

anyway if all you are interested is to know what "eax" is every time that specific line executes and assuming

you are using ollydbg

set a conditional log breakpoint

press shift + f4
in the dialog box that pops up

explanation = "Your String for your Referance like Eax = blah blah"

expression = "EAX" <without quotes>
pause program = "never" (radio button)
lo value of expression = "ALWAYS" (radio button)

optional
you can use log to file in log window

you will get output like this

Log data
Address Message
004010C0 COND: the content of eax on = 0040120A
004010C0 Access violation when reading [00418000]

simple "memory breakpoint" or "memory breakpoint with a condition" too...

http://www.woodmann.com/forum/showthread.php?14926-IDPE-4-0 ("http://www.woodmann.com/forum/showthread.php?14926-IDPE-4-0")