JMI
April 25th, 2001, 13:35
I' running Softice 4.05 on Win98 and am attempting to get the program to break when a specific value is placed at a particular memmory address and only at that time. The value I'm seeking is the expected CRC value of the "unaltered" program. I know what the value is and where it is written into memory, which I believe is part of the stack. I'm trying to find the part of the code that fetches the value because it's encrypted in the file and I'm trying to understand where it's hidden and how its decrypted, even though I could just use what I've found to reverse the CRC check.
The problem is that this particular address is written to by hundreds of procedures, including most system calls. So bpm "address" w results in constant breaking. I've gotten close, but not found it yet. I started with rtfm, but it isn't very clear on how to break when a specific address contains a specific value.
I also tried bpm address==value, but that froze my machine a couple of times. I also tried an "if" statement but am not doing it correctly. Any help would be appreciated.
The problem is that this particular address is written to by hundreds of procedures, including most system calls. So bpm "address" w results in constant breaking. I've gotten close, but not found it yet. I started with rtfm, but it isn't very clear on how to break when a specific address contains a specific value.
I also tried bpm address==value, but that froze my machine a couple of times. I also tried an "if" statement but am not doing it correctly. Any help would be appreciated.