With Cheat Engine it is possible to watch a particular address and keep track of what has accessed a particular memory address. I was wondering if this can be done too with OllyDbg or IDA. I could not find anything that would do that.
You can use hardware log breakpoint for that purpose.
Go to the address you want to monitor in the dump window (e.g here, I want to monitor 0xCB7008):
Press CTRL+F5 on the chosen address in the dump window (or right click and `breakpoint > hardware log):
Set Break on to Access R/W
In Expressions enter once again the address in square brackets
Set Pause Program to never if you don't want to stop on each access.
Set Log values of expressions to Always
Note that the data size if not really important (1 byte will break for 2 or 4 bytes access).
Go to the log window (ALT+L), press CTRL+X to clear it, and run your program (F9).
In the log window: you should see all accesses to the memory (the leftmost column indicates the code address where the read/write happens):
Related
In source code must be some function or variable for that, but I can't find it and I don't know how to even google it
Changing the speed of a keypress is handled at the level of the Xorg server. The xset command is what you are looking for.
The r option controls the autorepeat. Invoking with -r, or r off, will disable autorepeat, whereas r, or r on will enable autorepeat. If the server supports the XFree86-Misc extension, or the XKB extension (which it does), then a parameter of rate is accepted and should be followed by zero, one or two numeric values. The first specifies the delay before autorepeat starts and the second specifies the repeat rate.
For example, I have this command run every time I login (in .xinitrc):
xset r rate 300 50
This increases the autorepeat on holding all keys.
I'm currently learning the workings of an operating system and would like to verify if my knowledge is correct on the steps taken during an interrupt. Trying to relate to something very familiar, here's what I think would happen when I press Alt+Tab to switch programs:
An interrupt is generated by the hardware (keyboard): intr flag of the CPU is set via system bus from keyboard controller
CPU saves the current process state to the PCB to pass control to the interrupt (is kernel mode entered here?)
CPU reads interrupt to index the interrupt service routine via the interrupt vector stored in memory
The interrupt service routine (along with the interrupt details such as which keys got pressed) is processed (at which point I assume user sees the program being switched)
The interrupt is complete (mode bit set back to 1 indicating user mode now?), PCB of the interrupted process gets restored and resumes running.
Are there steps that I'm missing or did not describe correctly?
There are many many factors here that you need to take in to consideration. For example:
- Is the keyboard on the ISA bus and is of an PC/AT style keyboard?
- If so, is the PIC (programmable Interrupt Controller) involved?
- Is the keyboard a USB keyboard device?
- Is the interrupt an older style PIC, newer style APIC, or a latest style MSI interrupt?
There are many things to consider. However, to try to explain what probably happens, I will assume you have an AT style keyboard attached to the keyboard controller port (PS2 style maybe), you have an older style PIC, and a simplified single- or multi-tasking system.
What could happen when the user presses the Alt key and then the Tab key:
- The CPU is interrupted (hence the name) by the PIC
- The CPU "jumps" to the interrupt request routine (IVT, exception, whatever)
- The routine reads from the keyboard. A single byte is read which happens
to be (part of) the make code for the alt key.
- the routine then places this make code in some sort of input buffer the
operating system has set up for it, whether it be part of the OS or part
of the keyboard driver.
- the interrupt is acknowledged via the PIC (this step can and usually is
before the previous step)
- the routine gives up the CPU (iret instruction)
The process is repeated three more times (assuming a make code and a break code are single byte codes. They can be multiple-byte codes). An interrupt is created on a make and a break key. A make key is when a key is pressed. A break key is when a key is released. i.e:
- make (Alt Down)
- make (Tab Down)
- break (Tab Up)
- break (Alt Up)
You see, there are four interrupts that take place (again assuming single-byte codes), four times the interrupt routine is called, and four times the CPU is interrupted to handle the key press(es) and release(es).
As for the task switching, via an ALT-TAB key combination, this is usually not done within the interrupt handler. The OS will see the Make (or Break) key of the Tab, it will check the status of the shift state (which should include the Alt key) and go from there.
It the keyboard is a USB style keyboard, then you have a totally different process of events. The USB keyboard does not interrupt the CPU as shown above. The keyboard has an Interrupt Pipe that periodically checks to see if there is a key make or break sequence. The OS will give up a time slice to the USB driver, just enough time to check this Interrupt Pipe. However, please note that an Interrupt (PIC, MSI, or other) is not triggered for USB keyboards, unless the USB driver specifies an interrupt should happen at end of frame. Note though that this interrupt is not fired because of the key press (or release), it is triggered because of the end of frame of the USB has taken place.
There is a lot that takes place because of a simple key press and release. I would study on what style of keyboard you wish to program for, what style of interrupt controller, CPU, etc., and go from there.
If you wish, I wrote a series of books on this subject where I explain what happens for both an ISA style keyboard and a USB style keyboard. It has been a very enjoyable hobby and I hope you find the same joy in yours.
In Matlab I can start external .exe files that sometime have a pop up that requires an enter key pressed. For example:
system('C:\Program Files (x86)\WinZip\WINZIP32.EXE')
will start Winzip, and then in order to use it you need to pass the "buy now" pop up window by pressing enter.
Now my problem is not with winzip, I only gave it as an example (i use winrar anyway :).
How can I programmatically press an enter key in Matlab in such cases ? (I use win 7)
Can an event listener be used to solve that?
EDIT: The java.awt.Robot class indeed works on explorer, but not on any software that has a pop up window with an OK button that needs to be pressed. I don't know why it doesn't work for that. I gave the winzip example because I assume everybody has winzip/winrar installed in their machine. The actual software I have is different and irrelevant for the question.
There is a way using Java from Matlab, specifically the java.awt.Robot class. See here.
Apparently there are two types of programs, regarding the way they work when called from Matlab with system('...'):
For some programs, Matlab waits until the program has finished before running the next statement. This happens for example with WinRAR (at least in my Windows 7 machine).
For other programs this doesn't happen, and Matlab proceeds with the next statement right after the external program has been started. An example of this type is explorer (the standard Windows file explorer).
Now, it is possible to return execution to Matlab immediately even for type 1 programs: just add & at the end of the string passed to system. This is standard in Linux Bash shell, and it also works in Windows, as discussed here.
So, you would proceed as follows:
robot = java.awt.Robot;
command = '"C:\Program Files (x86)\WinRAR\WinRAR"'; %// external program; full path
system([command ' &']); %// note: ' &' at the end
pause(5) %// allow some time for the external program to start
robot.keyPress (java.awt.event.KeyEvent.VK_ENTER); %// press "enter" key
robot.keyRelease (java.awt.event.KeyEvent.VK_ENTER); %// release "enter" key
If your applications are only on Windows platform, you can try using .net objects.
The SendWait method of the SendKeys objects allows to send virtually any key, or key combination, to the application which has the focus, including the "modifier" keys like Alt, Shift, Ctrl etc ...
The first thing to do is to import the .net library, then the full syntax to send the ENTER key would be:
NET.addAssembly('System.Windows.Forms');
System.Windows.Forms.SendKeys.SendWait('{ENTER}'); %// send the key "ENTER"
If you only do it once the full syntax is OK. If you plan to make extensive use of the command, you can help yourself with an anonymous helper function.
A little example with notepad
%% // import the .NET assembly and define helper function
NET.addAssembly('System.Windows.Forms');
sendkey = #(strkey) System.Windows.Forms.SendKeys.SendWait(strkey) ;
%% // prepare a few things to send to the notepad
str1 = 'Hello World' ;
str2 = 'OMG ... my notepad is alive' ;
file2save = [pwd '\SelfSaveTest.txt'] ;
if exist(file2save,'file')==2 ; delete(file2save) ; end %// this is just in case you run the test multiple times.
%% // go for it
%// write a few things, save the file then close it.
system('notepad &') ; %// Start notepad, without matlab waiting for the return value
sendkey(str1) %// send a full string to the notepad
sendkey('{ENTER}'); %// send the {ENTER} key
sendkey(str2) %// send another full string to the notepad
sendkey('{! 3}'); %// note how you can REPEAT a key send instruction
sendkey('%(FA)'); %// Send key combination to open the "save as..." dialog
pause(1) %// little pause to make sure your hard drive is ready before continuing
sendkey(file2save); %// Send the name (full path) of the file to save to the dialog
sendkey('{ENTER}'); %// validate
pause(3) %// just wait a bit so you can see you file is now saved (check the titlebar of the notepad)
sendkey('%(FX)'); %// Bye bye ... close the Notepad
As explained in the Microsoft documentation the SendKeys class may have some timing issues sometimes so if you want to do complex manipulations (like Tab multiple times to change the button you actually want to press), you may have to introduce a pause in your Matlab calls to SendKeys.
Try without first, but don't forget you are managing a process from another without any synchronization between them, so timing all that can require a bit of trial and error before you get it right, at least for complex sequences (simple one should be straightforward).
In my case above for example I am running all my data from an external hard drive with an ECO function which puts it into standby, so when I called the "save as..." dialog, it takes time for it to display because the HDD has to wake up. If I didn't introduce the pause(1), sometimes the file path would be imcomplete (the first part of the path was send before the dialog had the focus).
Also, do not forget the & character when you execute the external program. All credit to Luis Mendo for highlighting it. (I tend to forget how important it is because I use it by default. I only omit it if I have to specifically wait for a return value from the program, otherwise I let it run on its own)
The special characters have a special code. Here are a few:
Shift +
Control (Ctrl) ^
Alt %
Tab {TAB}
Backspace {BACKSPACE}, {BS}, or {BKSP}
Validation {ENTER} or ~ (a tilde)
Ins Or Insert {INSERT} or {INS}
Delete {DELETE} or {DEL}
Text Navigation {HOME} {END} {PGDN} {PGUP}
Arrow Keys {UP} {RIGHT} {DOWN} {LEFT}
Escape {ESC}
Function Keys {F1} ... {F16}
Print Screen {PRTSC}
Break {BREAK}
The full list from Microsoft can be found here
There is a small javascript utility that simulates keystrokes like this on the Windows javascript interpreter.
Just create a js file with following code:
var WshShell = WScript.CreateObject("WScript.Shell");
WshShell.SendKeys(WScript.Arguments(0));
then call it from Matlab after the necessary timeout like this:
system('c:\my\js\file\script.js {Enter}');
Can't test here now, but I think this should work...
If you need to run a console-only program in a context that permits full DOS redirection, you can create a file called, say, CR.txt containing a carriage return and use the '<' notation to pipe the value into the program.
This only works if you can provide all the keyboard input can be recorded in the file. It fails dismally if the input has to vary based on responses.
An alternative is to duplicate the input (and possibly output) stream(s) for the program and then pipe data into and out of the program. This is more robust and can permit dynamic responses to the data, but will also likely require substantial effort to implement a robot user to the application.
Rog-O-Matic is an example of a large application completely controlled by a program that monitors screen output and simulates keyboard input to play an early (1980s) ASCII graphic adventure game.
The other responses will be required for GUI-based applications.
Python package pywinauto can wait any dialog and click buttons automatically. But it's capable for native and some .NET applications only. You may have problems with pressing WPF button (maybe QT button is clickable - not checked), but in such case code like app.DialogTitle.wait('ready').set_focus(); app.DialogTitle.type_keys('{ENTER}') may help. Your case is quite simple and probably some tricks with pywinauto are enough. Is your "app with popup" 64-bit or 32-bit?
wait and wait_not functions have timeout parameter. But if you need precisely listener with potentially infinite loop awaiting popups, good direction is global Windows hooks (pyHook can listen mouse and keybd events, but cannot listen dialog opening). I'll try to find my prototype that can detect new windows. It uses UI Automation API event handlers... and... ops... it requires IronPython. I still don't know how to set UI Automation handler with COM interface from standard CPython.
EDIT (2019, January): new module win32hooks was implemented in pywinauto a while ago. Example of usage is here: examples/hook_and_listen.py.
I need to know how to keep a window open so I can see the output of the screen when I run the program. It flashes before I can see the program's output. Thanks.
program-id. Experiment as "Experiment".
environment division.
configuration section.
Source-Computer. IBM-PC.
Object-Computer. IBM-PC.
special-names.
console is crt.
data division.
working-storage section.
procedure division.
Experiment-Start.
Display "Hello World".
end program Experiment.
I think you are describing normal behaviour.
If the Operating System has to open a window to run a program, then the Operating System will close that window when the program ends.
If you open the window, to get a DOS-prompt, and run the program, you will get different behaviour.
A little trick for testing is to put DISPLAY/ACCEPT statement immediate before the program ends:
In the WORKING-STORAGE SECTION
01 some-rubbish PIC X.
In the PROCEDURE DIVISION.
DISLAY "The Program is ending. Press Enter to allow it to finish."
ACCEPT some-rubbish FROM CONSOLE
There may well be something available in Eclipse, as it is a common development requirement, but until you find that, this should get you going.
I use the installation components screen, and I have selected the option for insufficient disk space warning. This works - I get a warning when there's not enough disk space, and the user is presented with a prompt along the lines of continue y/n...
The thing I can't figure out is how to exit the installer when they select n. As it stands, when there's not enough disk space, and the user selects n (to "not continue"), the installer loops back to the installation components selection again, and cycles through the warning again - basically an endless cycle.
There's no "quit on failure" option for the screen, so how do I cancel the install when the user elects to not continue since there's not enough disk space?
Thanks....
There is no way to insert code there, the loop goes back so you can select another installation directory with more space. I have created an issue so that canceling will be added as an option in console mode.
To check this condition beforehand, compare
SystemInfo.getFreeDiskSpace(context.getInstallationDirectory())
with
com.install4j.runtime.installer.helper.content.ContentInstaller.
getInstance().getMinSize() * 1.1
(the above is not in the public API)
You can do that in a run script action that is guarded with Util.isConsole(). Returing false and setting the failure strategy property of the action to "Quit on failure" will exit the installer.