Hi

I need to read the contents of registers at various points in a program execution. After RTFM, it appears the easiest way is to set breakpoints. Unfortunately, doing this locks up the machine completely, forcing a re-boot and consequently the loss of all debug information. Yes its a video game I'm working with, but no, I'm not trying crack it, merely trying to alter the gameplay.

Is the another way to display register contents other than setting breakpoints on execution?

Any help would be much appreciated.

Your question is confusing. You can see the contents of registers at any point in the program as long as the program is paused (Ollydbg has control). To do that, yes you can set breakpoints, or you can press F12 to pause execution. I dont see how setting a breakpoint could lock up your machine, can you elaborate on that please?

Sorry I cant provide more help, but I dont really understand what youre trying to accomplish.

Sorry if I'm being confusing.

Ok, I load and run the program, then pause it. But when I click on any lines in the disassembly, the contents of the registers in the right-hand window don't change, ever. I can click away merrily on any line of the disassembly and the register values don't so much as blink. Could it be something needs changed in the 'Options' menu?

Edit: It's mostly the ECX register I'm interested in. I assume it would change at some point in a 3MB plus program.

On the second point, if the game breaks on a really crucial point of the game engine it locks-up the whole machine. This happens if you are using any memory editor, not just Ollydbg. Maybe it's because video games are bypassing large parts of the operating system and talking more or less directly to the hardware (thru DirectX).

Sorry if i seem such a newb but i have to start somewhere.

But when I click on any lines in the disassembly, the contents of the registers in the right-hand window don't change, ever.
Clicking on a line of code doesnt do anything as such. All it's useful for is selecting a line of code to set a breakpoint on, or selecting multiple lines of code to copy to the clipboard, etc. Registers only change when the debugee (the program being debugged) changes them, which usually occurs after each instruction has been executed. To do that you have to step into each instruction.

Sorry if i seem such a newb but i have to start somewhere.
Yes you do have to start somewhere, but start at the beginning. If you dont understand debuggers enough to figure out why the registers arent changing then youve got no chance of modifying a game like you said you wanted to. Sorry, but you've got to do some homework first, there's no way around that. Start with Iczelion's tutorials and go from there...

PS. Im not sure why you're so interested in the ECX register - any register can be used to store data, so you should be equally interested in EAX, EBX, EDX, EBP, ESP, ESI, and EDI as well - the other 32-bit registers.

Thanks for your patience, much appreciated.

To explain, I have a whole bunch of addresses which I know alter stuff in the game. I've garnered these addresses mostly through Brute Force Attack, using a memory editor. Now I'd like to follow them through in a debugger/disassembler.

ECX is of interest at the moment purely because I'm currently looking at a whole series of lines containing things like [ECX + 90], [ECX + 1c], etc, and I'd like to know what the value of ECX is in each case (or at least know the starting value of ECX). I believe that ECX is mostly used as a counter.

I'm trying to learn some assembler, downloading a few tutorials ( including stuff by Iczelion) and am searching for a book on protected mode assembly. But in the meantime will continue poking various values and observing any effects they have on the game.

Thanks once again.

Hi,

if you are interesting in game hacking i suggest to register one of these forums:

http://www.mpcforum.com/ ("http://www.mpcforum.com/")

and

http://www.unknowncheats.com/forum/ ("http://www.unknowncheats.com/forum/")

There are plenty threads how start making hacks, tutorials and tools of trade.

Regards

well if it is a fullscreen app it seems to freeze because the control is not transferred back to ollydbg
(that is olly window is not on top) because of DDSETBLAH
if you use ctrl+alt+del or ctrl+shift +esc and bring taskmgr up and force olly to bring to front you will see that olly has broken on your break point (the display will be very odd but you can single step

but the point of this post is not that many times you can log all the contents of any register you wish without pausing the program
using log break points and use the games break option to minimize it and look at log to know its values (alt+enter),pause game whatever


if you set log break point you can find what function is called when [eax+50] is called

0040145D . FF35 19304000 PUSH DWORD PTR DS:[hWnd]
00401463 . A1 E9304000 MOV EAX,DWORD PTR DS:[lpDD]
00401468 . 50 PUSH EAX
00401469 . 8B00 MOV EAX,DWORD PTR DS:[EAX]
0040146B . FF50 50 CALL DWORD PTR DS:[EAX+50] ; <DDRAW.DDSETCOOPERATIVELEVEL>

How about windowed mode
Most dx games support it...