heya all,
i won't refer this question to any software, this question should be as generic as possible.
well what i wanna do is basically this,
you have a block of code,i wanna read a register's value after this asm line has been executed and move to memory addr (pointed by the register) and dump this data to file,copy..whatever.
i.e:
...
xxxx xxxxxxx
xxxx xxxxxxx
xxxx xxxxxxx <- here we need to get the register's value
xxxx xxxxxxx
...
this block of code is reside in a dll which is loaded and called dynamicly by the exe.
e.g: CALL NEAR DWORD PTR DS:[9F4A78] ; inside dll

i am searching for the best ways to write a simple loader which will break, retrive,dump the data pointed by the register.

there are a few suggestions,
1. scanning memory for magic opcodes which will leads us to that line, usually this is either slow, or a not very good option !

2. threwing int 3 at dll at the offset of that line and try break in it, that wouldn't be much of a good idea since you can catch int 3 in other places whitin the dll's space.

i never tried breaking at dll called by parent caller , what would be the best way for breaking & searching ?

note: surely i will need to write a simple dbg or mem-scanner
or mabye some few other tricks.
cya Ben

Small debugger and int 3 the dll. In the debugger if the exception was not at the addresses where you placed the int 3, then just pass it straight through to the program.

simple pimple loader idea #1:

find the loadlibrary call,

start the process suspended, patch the line after the loadlibrary
call with EB FE, resume the process then use getthreadcontext
and keep checking eip(+B8) until ur at the eb fe, then read eax
from the context, and set another EB FE on the line you need the
reg using the dll base from eax as ur base, restore current bytes and wait until u reach the second eb fe then read the reg you need,

context reference here, http://www.yates2k.net/except.txt

regards,
yates.