Jump to content
Tuts 4 You

How To Retrieve Value In Registers ?


Recommended Posts

push function pushes a register or registers value and keeps track of it for later use.

Example1: Single register push

mov eax,01h ; Original Value of eax register

mov ebx,02h ; Original Value of ebx register

push eax ; push eax register

push ebx ; push ebx register

xor eax,eax ; any function

xor ebx,ebx ; any function

pop ebx ; pop and retrieve ebx register

pop eax ; pop and retrieve eax register

Example2: All register push

mov eax,01h

mov ecx,01h

mov ebx,01h

pushad ; push all registers

xor eax,eax

xor ebx,ebx

xor ecx,ecx

popad ; retrieve all registers

Hope it helps


Edited by starzboy
Link to comment
If you are looking for getting register values from another process then you can use GetThreadContext api.

Hi yamraaj

May You Give Me An Example That Used This API ? (VB or MASM) :wub:

Tnx Dear

Sorry For My Bad English :wub:

Link to comment
  • 2 months later...

pls Guys is there any examlpe in vb6 ..like put hardwere break piont HW-bp on that value and dump it ...and receive it in hex value and dump it

many thanks

Link to comment

you cant set hw bp on value, only on execute addres,read or write. rest you need to do own checks. slowing process down like hell.

setting bp is easy just getthreadcontext update dr0 with address and dr7 with options like execute,read,write,size and drx used then setthreadcontext.

btw all this you can find on msdn or google.

just look for it.

and you dont recive it in hex only binary, computer works in binary mode. how later you show value hex or decimal or octal or ascii its up to you.

Link to comment
  • 3 years later...

Just read the tut by Markus. It's good enough.



Lemme know if you get any trouble.

Hi there .... this tut is useless with out "standardfunctions.asm" ( the brains behind it all is in the API's in that!!!)

that is not a standerd thing included with MASM

I scoured the web but I can not find it .....

I have a few serial sniffers asm's and I tried to make up my own ....did not work....

Does any body have "standardfunctions.asm"?

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...