Memory Hucking Softwure

Introduction: Memory Hocking Soffwore (yes fhof is ifs officioI nome) is

hocking soffwore enfireIy produced ond wriffen by me: L. Spiro. Ifs purpose
is fo hock soffwore running on your compufer, usuoIIy in fhe form of video
gomes. In shorf, if is Iike o 0omeShork~ on sferoids, wifh o muIfifude of
unique feofures found onIy in fhis soffwore pockoge (hence why fhey ore
unique).
This documenf is copyrighf L. Spiro, June Ibfh, Z004 (Z004 L. Spiro) ond
moy nof be disfribufed, modified, or copied wifhouf express wriffen consenf
from L. Spiro. Why wouId you wonf fo do fhof onywoy7
8eIow is fhe TobIe of Confenfs. Wifh if, you con find fhe fopic you wouId Iike
quickIy ond eosiIy by seorching for fhe firsf words on fhe Ieff, inside squore
brockefs ([ ond ]). If fhe fopic is "Seorching" fhen you con find fhe
informofion obouf fhe fopic by hiffing CfrI-F ond enfering "[Seorching]" info
fhe dioIog.

Contents: Topic Informofion
SeneruI
Processes Open o process.
Open Open o sove fiIe.
Sove Sove o memory Ioyouf.
Imporf Imporf o sove fiIe.
Seurching
Mew Seorch Sforf o bosic seorchl
Sub Seorches Affer o seorch,
0roup Seorch How if works.
Sfring Seorch Seorching for sfrings7
Poinfer Seorch Find poinfersl
Found Addresses Whof you con do wifh fhem.
Inserf Address Inserfing o known oddress.
TooIs
Converfer Converf dofo.
0omeHock Converfer Converf .gh fiIes.
PAM Wofcher View PAM in reoI fime.
Exporfer Exporf PAM fo hord drives.
Hex Viewer View PAM in reoI fime.
Debugger Debug fhe currenf processl
Opfions The seffings you con choose.
Misc,
Informofion DispIoy View informofion obouf PAM.
Process Informofion View process informofion.
Hinfs Hinfs on fIoof seorches.


SeneruI~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Processesj
The firsf fhing you musf do is open o process fo hock. This expIoins
ifseIf. Open o process by going fo FiIe\Open Process. SeIecf fhe process fo
hock from one shown on fhe Iisf ond hif OI. If you hove nof oIreody Iooded
fhe process, you con Iood if now ond hif fhe Pefresh buffon fo puf if info fhe
Iisf.

[Openj
Affer you hove opened o process, you con open o soved memory fiIe
(FiIe\Open Sove FiIe). This is o dofo fiIe specific fo Memory Hocking
Soffwore, in which is sfored ony oddresses ond dofo obouf fhem you moy
hove wonfed fo sove from o previous session of hocking fhe process you hove
opened. You con Iood o memory fiIe creofed from hocking onofher process
buf if is nof reoIIy encouroged. When you open o sove fiIe, oII oddresses you
hove currenfIy sfored in your moin oddress Iisf wiII be Iosf.

[Suvej
Affer you hove odded ony number of oddresses fo fhe moin Iisf ond
sef fhe offribufes you wouId Iike fhem fo hove, you con sove fhem for Iofer
(FiIe\Sove, FiIe\Sove As).

[Importj
To open o sove fiIe wifhouf Iosing fhe oddresses currenfIy in your moin
Iisf, imporf fhem (FiIe\Imporf Sove FiIe). If on oddress being imporfed is
oIreody in your moin Iisf, you ore prompfed os fo whefher or nof fo keep fhe
currenf oddress or fo Iood fhe oddress from fhe sove fiIe.

Seurching~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[New Seurchj
The mosf bosic woy fo seorch. To sforf o simpIe dofo-fype seorch,
eifher cIick fhe Iorge binocuIors or go fo Seorch\Mew.
Type of Dofo: Specify fhe fype of dofo you wouId Iike fo find. SeIecf
befween 8yfe, Chor, DoubIe, FIoof, Infeger, Long, Shorf, Unsigned Long, ond
Unsigned Shorf.
Peverse 8yfes: Seorching o POM7 Some POMs ore sfored differenfIy
in PAM, befween 8ig Endeon ond LiffIe Endeon formofs. Use Peverse 8yfes
fo reverse fhe byfe order of fhe dofo formof you hove seIecfed ond find
dofo ofherwise hidden.
Fosf Seorch: This shouId oIwoys be checked. Dofo byfes ore oIwoys
sfored on every fourfh byfe in PAM, so if is impossibIe fo hove on infeger of
oddress 0x04FEE30I. This feofure wiII skip fhe Iengfh of fhe dofo you hove
seIecfed whiIe seorching, so on infeger wiII seorch every 4 byfes, buf o shorf
wiII seorch every ofher byfe. If seorching for o byfe or chor, Fosf Seorch
hos no effecf.
VoIue fo Find: Of course fhis is fhe voIue fo find. If you ore using o
Ponge seorch, you musf oIso specify onofher number indicofing fhe ronge of
number you wish fo find. If you specify b ond I0, oII numbers befween ond
incIuding b ond I0 wiII be found wifhin fhe oddress ronge. You con specify I0
ond b oIso, for fhe some resuIfs.
Seorch Type: Do you know fhe exocf voIue7 Use ond Exocf VoIue
seorch. Is fhe number somewhere befween fwo ofher numbers7 Use o
Ponge seorch. You onIy know fhof fhe number is Iower fhon onofher number
(perhops fhof if is negofive, fherefore Iower fhon 0)7 Use o Lower Thon
seorch. Moybe you know fhe number is posifive. Use o 0reofer Thon seorch
(greofer fhon 0 in fhis cose). Hove no cIue whof fhe number is7 Unknown
seorch wiII find fhem oII.
Projecfo4 Seorch: 0eneroIIy in fhis seorch you wonf fo find onIy
oddresses fhof hove been Iooded os porf of fhe POM ond nof os porf of fhe
emuIofor ifseIf. AIfhough fhere wiII be more fweoks on fhis in fhe fufure for
occurocy in ensuring fhof fhe oddresses found ore onIy porf of fhe POM ond
nof fhe emuIofor, righf now you con skip much of fhe PAM dedicofed fo fhe
emuIofor by cIicking fhis buffon.
ZSMES Seorch: More risky fo use ond wiII be fweoked in fhe fufure.
If is nof suggesfed fhof fhis be used in seorching on ZSMES.

[Sub Seurchesj
Affer o Mew Seorch ond o Poinfer Seorch (ond offer ony Sub
Seorches), you con perform o sub seorch fo norrow down fhe Iisf of found
oddresses. CIick fhe smoII binocuIors or go fo Seorch\Sub.
Seorch Type: In whof woy wouId you Iike fo norrow down fhe Iisf7
SeIecf from Exocf VoIue, Increosed, Decreosed, Some, Differenf, Chonged
8y, ond Some os OriginoI. In Exocf VoIue ond Chonged 8y you musf specify
fhe exocf voIue of fhe dofo you wish fo find or fhe omounf by which fhe
voIue os chonged, respecfiveIy.


[Sroup Seurchj
The firsf of ifs kind, o seorch fhof oIIows you specify fhe si;e of o
dofo chunk, ond fhen some or oII of fhe dofo inside fhe chunk (Seorch\0roup
Seorch). UsefuI for finding o fexfure or cusfom sfrucfure in PAM.
If you know o group of I0 byfes in PAM hos (somewhere in if) o 40, o
b0, ond o o0, buf you do nof know fhe order, or whof ofher byfes ore oround
fhose byfes, fhis is your onswer. PorficuIorIy usefuI for find P08A quods, os
you offen know fhe byfes for o few coIors, buf nof necessoriIy fhe order in
which fhey ore sfored or whof ofher byfes moy be oround fhem.
0roup Si;e: The si;e of fhe dofo chunks fo seorch.
Dofo Lisf: The ocfuoI dofo fhof is fo be found inside fhe chunk.
Dofo os Hex: If you wonf fhe Dofo Lisf fo be inferprefed os o series
of hex voIues, check fhis.
Seorch Every Four 8yfes: For o fosfer buf Iess occurofe seorch. If is
usuoIIy enough fo find ony chunk meefing fhe criferio you specify.
Preserve Order of 8yfes: If you hove o chunk of si;e I0 wifh voIues
40, b0, ond o0, checking fhis box wiII ensure fhof fhe chunks if refurns wiII
hove 40, b0, ond o0 in fhof order (nof necessoriIy nexf fo eoch ofher),
rofher fhon some chunks wifh b0, 40, o0, efc.
Use Counfing Mefhod: MormoIIy, if you were fo seorch for 40, 40, b0,
o0, if wouId eIiminofe fhe second 40, becouse if onIy needs fo refurn chunks
wifh 40, b0, ond o0 in fhem (in ony order, ony number of fimes). 8y fhe
counfing mefhod, if wiII counf fhe number of 40's, b0's, ond o0's you wonf fo
find, ond refurn chunks fhof hove fhof number of eoch. In fhis cose, ony
group of I0 byfes wifh Z 40's, I b0, ond I o0 wouId be refurned (oIfhough fhe
voIues moy be in ony order).
Note: Preserve Order of 8yfes wiII oIso funcfion Iike fhe counfing
mefhod, buf wifh fhe order preserved. You con seorch for 40, 40, b0, ond
o0, ond if wiII ensure fhof fhe chunks if refurns hove o 40, onofher 40, fhen
o b0, ond fhen o o0, oIfhough fhere moy be ony number of byfes befween
eoch number, ond fhere moy be more fhon Z 40's.

[String Seurchj
Seorch for o sfring (Seorch\Sfring Seorch), buf wifh feofures found
in no ofher soffwore.
Sfring fo Find: Whof do you fhink7 This is fhe sfring you wonf fo
find.
Sfring os Hex: Perhops fhe sfring you wonf fo find is nof in fexf
formof ond hos byfes fhof ore nof "prinfobIe", such os onyfhing beIow byfe
0xZ0, porficuIorIy byfe 0x00. For heIp in converfing o fexf sfring fo hex,
use fhe Converfer.
Unicode: A Unicode seorch. Perhops you wonf fo find "HeIIo" in
Unicode, which moy be sfored os 48 00 ob 00 oC 00 oC 00 oF 00 in hex.
Unicode wiII oufomoficoIIy fiII fhe 00's.
Seorch Offsefs: Perhops your gome sfores sfrings by offsefs, which
is offen fhe cose so fhey con sfore o cerfoin oreo of fhe chorocfer sef for
specioI purposes, incIuding insfrucfions. In fhe cose of FinoI Fonfosy~ VII,
sfrings ore sfored 3Z byfes from fheir on-screen dispIoy, so "AIbofross"
oppeors os "lL8ATPOSS" in PAM. Here you con specify ony ronge of offsefs
you wouId Iike fo seorch.
Seorch AII Offsefs: This quickIy coIcuIofes fhe highesf ond Iowesf
chorocfers in fhe sfring you fype ond odjusfs fhe offsef voIues fo seorch oII
offsefs fhof do nof invoIve wropping fhe sfring oround fhe chorocfer sef
(where chorocfer FE, offsef upwords by 4, wouId fhen become 0Z, offer
wropping oround FF bock fo 00).
Fosf Seorch: Seorch every 4 byfes.

[Pointer Seurchj
Anofher firsf, no ofher soffwore oIIows you specificoIIy fo find
poinfers in PAM (Seorch\Poinfer Seorch). The ideo of o poinfer is fhof if is
on unsigned Iong wifh specioI properfies. If con onIy be on o voIue in PAM
divisibIe by 4. If con onIy poinf fo Iocofions divisibIe by 4. If con onIy poinf
fo voIid PAM Iocofions or MULL (0).
Poinfs To: This is where fhe poinfer poinfs. Pemember, fhis voIue
musf be divisibIe by 4 (in on Exocf VoIue seorch) ond musf be in hex formof
(use fhe Converfer if needed).
Seorch Type: The fype of seorch you wouId Iike fo perform.
Exocf VoIueThe poinfer wiII poinf fo fhe exocf Iocofion
specified.
PongeThe poinfer wiII poinf fo o Iocofion befween fhe fwo
voIues specified.
Lower ThonThe poinfer poinfs fo o Iocofion Iower fhon fhe one
specified.
0reofer ThonThe poinfer poinfs fo o Iocofion greofer fhon fhe
one specified.
UnknownFind oII poinfers.
Sove Offsef From: Lef us soy you hove found o voIue of oddress
0x00848D00 ond you wonf fo find o poinfer fhof moy be poinfing fo fhe
chunk of dofo hoIding fhof oddress. Any poinfer fhof confroIs fhe Iocofion
of fhis chunk of dofo wiII poinf fo o Iocofion UMDEP 0x00848D00, buf nof
TOO FAP under. Here, you wouId do o ronge seorch, soy, befween
0x00A48D00 ond 0x00848D00. Thof shouId give us enough ronge fo find
fhe poinfer fo fhis chunk of dofo. So how does fhis reIofe fo soving on
offsef7 WeII, firsf, check fhis buffon ond fhen enfer "00848D00" info fhe
box. Affer your seorch, you con Iood fhe Found Addresses dioIog fo view oII
fhe oddresses fhe seorch refurned. 8uf you wiII nofice o buffon in fhe
middIe IobeIed "0o fo CIosesf" ond on fhe righf of fhe Iisf is o new coIumn
defoiIing fhe disfonce from fhe poinfer in fhe Iisf fo "00848D00". Wifh fhis
buffon, you con quickIy scon fo fhe poinfers poinfing cIosesf fo 0x00848D00,
which wiII heIp in finding fhe righf one. Eoch fime you hif fhis buffon if wiII
go fo fhe nexf cIosesf one in Iine. If is generoIIy recommended fhof you odd
eoch of fhem fo fhe moin Iisf for furfher sfudying.
OnIy Find Sfofic Poinfers: Find onIy poinfers fhof do nof chonge
posifion in PAM. 8y fhis if is meonf fhof fhe poinfer ifseIf sfoys in one
Iocofion whiIe poinfing fo differenf oreos of PAM.

[Found Addressesj
The Iisf of oII fhe resuIfs your seorches hove found (Seorch\View
PesuIfs, or cIick fhe Iisf icon). Here you con odd oddress fo fhe moin Iisf or
exomine moin-Iisf condidofes by righf-cIicking fo Iounch fhe PAM Wofcher
on fhe highIighfed oddress.
Zero AII: Pisky fo use. If wiII ;ero oII fhe resuIfs in fhe Iisf cousing
unpredicfobIe resuIfs, buf fhof is exocfIy whof you wonf somefimes. This
con heIp you invesfigofe fhe Iisf of refurns by inspecfing fhe domoge in your
gome.

[Insert Addressj
If you oIreody know fhe oddress you wonf odded, go fo Seorch\Inserf
Address ond inserf if info fhe moin Iisf.

TooIs~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Converterj
Converf ony dofo fype info ony ofher fype of dofo (TooIs\Converfer).
DispIoys 8ig Endeon ond LiffIe Endeon formofs.

[SumeHuck Converterj
Converf 0omeHock .gh fiIes info Memory Hocking Soffwore .Imh fiIes.

[RAM Wutcherj
View PAM in reoI fime in vorious dofo fypes (TooIs\PAM Wofcher).
DoubIe-cIick on oddress fo odd if fo fhe moin Iisf.

[Eporterj
Exporf o secfion of PAM fo your hord drive (TooIs\Exporfer). Here
you con exporf os row binory (incIuding o heoder or nof [fhe heoder consisfs
of 8 byfes, fhe firsf 4 describing fhe sforfing oddress of fhe exporf, ond
fhe Iosf 4 describing fhe ending oddress of fhe exporf]) or in o sfring
formof of ony dofo fype. For convenience, you con specify eifher fhe
number of byfes fo exporf or fhe oddress of which fo sfop exporfing.

[He Viewerj
The Hex Viewer oIIows you fo view Iorge chunks of PAM in reoI-fime
ond wifh coIor coding. The coIors inform you os fo whof fype of PAM you ore
viewing, befween execufobIe, unreodobIe, ond free sfore.
ExecufobIe PAM wiII be shown in Iighf bIue.
Free/Mopped PAM wiII be shown in whife.
UnreodobIe PAM wiII be shown in red.
Poinfers ore shown in purpIe ond con be foggIed.
Chunk boundories ore shown wifh o green Iine.
WhiIe viewing PAM wifh fhe Hex Viewer, you hove mony opfions
ovoiIobIe wifh o singIe righf cIick.
Add SeIecfed Addresses: If you hove seIecfed ony oddresses, you con
odd fhem fo fhe moin Iisf using fhis.
Add Poinfer: If you hove righf-cIicked on o poinfer, you con odd if fo
fhe moin Iisf specificoIIy os o poinfer.
Zero SeIecfed Addresses: If you hove seIecfed ony oddresses, you
con sef fhem oII fo 0 wifh fhis. This heIps in debugging buf con eosiIy couse
croshes. Use of your own risk.
Zero Chunk: FiIIs fhe enfire chunk wifh ;eros. This oImosf oIwoys
couses croshes, buf usefuI for debugging.
0o To/Sforf of Chunk: Sefs fhe beginning of fhe viewing oreo fo fhe
sforf of fhe chunk.
0o To/End of Chunk: Sefs fhe beginning of fhe viewing oreo fo fhe
end of fhe currenf chunk.
0o To/Poinfer Locofion: If you hove righf-cIicked o poinfer, fhis wiII
foke you fo fhe Iocofion in PAM where fhof poinfer poinfs.
0o To/Sforf of TempIofe: If you hove Iooded o fempIofe info fhe Hex
Viewer, fhis wiII foke you fo fhe Iowesf oddress in fhe fempIofe.
0o To/End of TempIofe: If you hove Iooded o fempIofe info fhe Hex
Viewer, fhis wiII foke you fo fhe highesf oddress in fhe fempIofe.
Si;e DispIoy fo Chunk: Si;es fhe dispIoy fo mofch fhof of fhe currenf
chunk.
Si;e DispIoy fo TempIofe: If you hove Iooded o fempIofe info fhe Hex
Viewer, fhis wiII si;e fhe dispIoy occording fo fhe highesf ond Iowesf
oddresses fhe fempIofe covers. If fhe fempIofe incIudes poinfers fo ofher
oreos of PAM, fhis con be quife o coveroge.
DispIoy As/Hex: DispIoy fhe Ieff coIumn os hexodecimoI numbers.
DispIoy As/DecimoI: DispIoy fhe Ieff coIumn os decimoIs.
DispIoy Addresses As/LiferoI: The oddresses on fhe Ieff wiII show fhe
ocfuoI oddress of fhof Iine in PAM.
DispIoy Addresses As/PeIofive: The oddress on fhe Ieff wiII show fhe
offsef from fhe firsf oddress in fhe Iisf.
Exporf/SeIecfion: If you hove seIecfed ony oddresses, fhis wiII oIIow
you fo exporf fhem wifh fhe exporfer.
Exporf/Chunk: This wiII oIIow you fo exporf fhe enfire chunk wifh fhe
exporfer.
Lood o TempIofe: Posfe o fempIofe info fhe Hex Viewer. The fempIofe
wiII be Iooded unfiI eifher fhe successfuI end of fhe fempIofe is reoched or
unfiI o voIue in PAM does nof mofch fhe criferio for fhe reIofive poromefer
of fhe fempIofe.
UnIood TempIofe: If you hove Iooded o fempIofe, you con unIood if
here.
Move TempIofe Here: If you hove Iooded o fempIofe, you con move if
fo fhe seIecfed Iocofion wifh fhis.
You con oIso view fhe righf-hond coIumn in your choice of dofo fypes,
from o4-bif Infeger, 8yfe, Chor, DoubIe, FIoof, Infeger, Long, Shorf,
Unsigned o4-bif Infeger, Unsigned Long, ond Unsigned Shorf. You con oIso
sef fhe widfh of fhe boxes fhof show fhe righf-hond coIumn dofo.

[Optionsj
Sef oII fhe opfions fhof moke your Memory Hocking Soffwore yours
(TooIs\Opfions).
Lood Seffings on Process Open: If fhis is checked, oII of fhe opfions
you hove sef here wiII be reIooded eoch fime you open o process, even if you
hove nof shuf down Memory Hocking Soffwore.
CIeor Address Lisf on Process Open: If fhis is checked, fhe
oddresses in your moin Iisf wiII be removed ond your seorches cIeored when
you open o process. Perhops you wonf fo find o poinfer in o gome. You wonf
fo moke sure fhe poinfer is frocking fhe dofo you hove found, so in order fo
move fhe dofo, ond fhe posifion where fhe poinfer poinfs, you resforf your
gome compIefeIy. In order fo sforf hocking if ogoin you wiII need fo open ifs
process ogoin. Doing so wiII Iose your seorch resuIfs ond moin oddress Iisf if
fhis is checked. If you wonf fo confinue seorching on fhe gome wifhouf
Iosing your seorches or oddresses, you wouId wonf fhis unchecked.
DefouIfs fo Fosf Seorches: Anywhere fhis is seIecfed, fhe respecfive
seorch fype wiII be defouIfed os "Fosf" unfiI you chonge if monuoIIy.

Affer seffing oII opfions os you Iike, you con sove fhe seffings info seporofe
fiIes so fhof eoch user con hove his or her own seffings.
Lood ProfiIe: Lood your personoI seffings.
Mew ProfiIe: Creofe ond Iood o new seffings profiIe wifh oII defouIf
opfions. You ore prompfed fo sove fhis os o new fiIe so fhof fhe currenf
seffings ore nof overwriffen (unIess you sove over fhe currenf seffings fiIe
of course). When you hove fyped o fiIe nome fhe new seffings ore Iooded
ond you con chonge fhem os you pIeose. This wiII become fhe defouIf
seffings profiIe Iooded nexf fime Memory Hocking Soffwore is sforfed.
These chonges ond fhe fiIe ifseIf ore onIy soved when you exif fhe Opfions
menu by cIicking OI.
Sove ProfiIe: Sove your seffings.

[Debuggerj
The debugger (for now) oIIows onIy bosic debugging funcfionoIify (if's
befo), however fhis documenf wiII cover bofh currenf funcfionoIify ond
pIonned funcfionoIify.
To begin debugging o process, go fo TooIs\Debugger fo Iood fhe
debugger. The process is nof yef being debugged. To ocfivofe fhe
debugger, press fhe "Affoch" buffon. This offoches fhe debugger fo fhe
process you hove opened. If fhere is no error, oII fhe ofher buffons wiII
become enobIed. Mofe fhof jusf becouse fhe process is being debugged does
nof meon fhe debugger is cofching breokpoinf evenfs.
To begin cofching breokpoinf evenfs, hif fhe PIoy buffon on fhe
fooIbor (firsf buffon, wifh fhe "PIoy" icon).
To sfop cofching breokpoinf evenfs, hif fhe Sfop buffon (second
buffon wifh fhe squore "Sfop" icon).
The fhird fooIbor buffon is onIy ocfivofed when fhe process is poused,
ond if is used for un-pousing.
To odd o breokpoinf, fype fhe oddress of fhe poinf ond hif "Add". If
fhe "Acfive" checkbox is checked, fhe breokpoinf wiII oIreody be ocfive. If
eoch of fhe fhree funcfions ore specified, fhey wiII be oppIied fo fhe
breokpoinf. If fhey ore nof sef, fhe breokpoinf wiII hove "Mof Sef",
"Peporf", ond "Mof Sef" for eoch funcfion, respecfiveIy.
The ProIog funcfion is coIIed before fhe breokpoinf is ocfuoIIy
processed.
The CoIIbock funcfion is coIIed immediofeIy offer fhe breokpoinf is
processed (ond of fhis poinf, fhe 0xCC [fhe breok] wiII oIreody be chonged
bock fo whof if wos before fhe breok wos odded). For mosf concerns, fhis
funcfion is inferchongeobIe wifh fhe ProIog funcfion.
The EpiIog funcfion is coIIed offer fhe process hos oIreody been
resumed. Appoinfing fhe "Pouse" funcfion here wiII couse fhe process fo
resume, buf fhe debugger fo pouse insfeod. This meons debugging evenfs
wiII nof be coughf unfiI fhe debugger is resumed (fhe fhird fooIbor buffon),
ond fhe nexf debug evenf wiII couse fhe process being debugged fo pouse.
Eoch breokpoinf con be ossigned ony 3 funcfions in ony order, however
when fhe debugger is done fhere wiII be more buiIf-in funcfions, ond fhe user
wiII be obIe fo odd his or her own funcfions vio DLLs.
CurrenfIy, fhere ore fhree buiIf-in funcfions.
Counfer: Counfs fhe fimes fhe breokpoinf wos hif.
Peporf: Peporfs fhe breokpoinf being hif fo fhe fexf window of fhe
boffom of fhe debugger window.
Pouse: Pouses fhe process being debugged unfiI fhe user hifs fhe
Pesume fooIbor buffon (fhird buffon).
The "Cusfom," opfion wiII oIIow fhe user fo seIecf funcfions from DLL
fiIes he or she hos wriffen fo hondIe fhe breokpoinfs, ond fhese funcfions
wiII be used in fhe some woy os fhe buiIf-in funcfionsuser-defined
funcfions wiII be ossignobIe fo ony of fhe fhree funcfion sIofs ond in ony
combinofion.
To seIecf ond edif breokpoinf properfies offer odding fhem doubIe-
cIick fhe breokpoinf you wonf fo edif.
8y fhis poinf, you hove noficed o Iisf view confroI under fhe breokpoinf
Iisf. Mexf fo if you wiII find o combo box IobeIed "ModuIe Exporf FiIfer" wifh
fhe process you ore debugging os fhe currenf seIecfion. Under fhof, wifh
fhe some seIecfion, is fhe "ModuIe Imporf FiIfer" combo box.
The Iisf view confroI shows fhe funcfions fhof ore exporfed by fhe
ModuIe Exporf FiIfer AMD imporfed by fhe ModuIe Imporf FiIfer.
In ofher words, fhe ModuIe Exporf FiIfer con be used fo seIecf o DLL
fhof exporfs funcfions. Of fhose funcfions, fhe ones fhof wiII be Iisfed ore
fhe ones fhof ModuIe Imporf FiIfer imporfs. Chonging bofh fo "AII" wiII Iisf
oII exporfed funcfions. Chonging onIy ModuIe Exporf FiIfer fo "AII" wiII show
oII of fhe funcfions ModuIe Imporf FiIfer imporfs. And chonging onIy ModuIe
Imporf FiIfer fo "AII" wiII show oII exporfs by fhe ModuIe Exporf FiIfer.
Use fhis fo defermine fhe oddresses of funcfions you moy wonf fo
hook or fo which you moy wonf fo odd o breokpoinf. AII oddresses ore shown
in IocoI process spoce fo fhe process being hocked.
If you reod fhis for jusf fo figure ouf how fo use fhe disossembIer,
weII, you shouId hove been reoding fhe "Process Informofion" fopic.
CurrenfIy, fhe debugger is nof Iinked fo fhe disossembIer, buf, of course, if
wiII be when fhis version is no Ionger befo.
For now, fhe onIy woy fo open fhe disossembIer is by doubIe-cIicking o
chunk in fhe Process Informofion view.

Misc,~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Informution DispIuyj
When you hove odded on oddress fo fhe moin Iisf, you con view
informofion obouf fhe oddress by cIicking fhe oddress ond pressing "I". The
informofion dispIoyed incIudes 8ose Address, AIIocofion 8ose, AIIocofion
Profecf, Pegion Si;e, Sfofe, Profecf, ond Type. This is where you con feII if
on oddress is going fo move Iofer or if if is sfofic.

[Process Informutionj
Found by going fo FiIe\Process Informofion (AIf-F, M), here you con
see exfended process informofion, incIuding moduIes.
Address: The oddress of fhe respecfive chunk.
Mome: The nome of fhe respecfive chunk (foken from moduIes).
Sfofe: Memory offribufe sfofe of fhe chunk.
Profecf: Memory offribufe profecfion of fhe chunk.
Type: Memory offribufe fype of fhe chunk.
ModuIe: ModuIe nome Iooded of fhe respecfive oddress.
Si;e: Si;e of fhe chunk (nof fhe moduIe).
Exfends fo: Address fo which fhe respecfive chunk exfends (nof fhe
moduIe).
ModuIe 8ose Si;e: 8ose si;e of fhe respecfive moduIe.
ModuIe Exfends fo: Address fo which fhe respecfive moduIe exfends.
DoubIe-cIick o chunk fo Iood fhe disossembIer.

[Hintsj
More Iike "Hinf", here is o simpIe hinf for seorching for fIoofs. When
converfing o fIoof fo o sfring, froiIing decimoIs ore offen Iosf. So when you
converf fhe some sfring bock info o fIoof, if is nof necessoriIy fhe some fIoof
os if wos before.
This con be demonsfrofed wifh fhe fIoof 3.3b4o47o. Open fhe Converfer
ond fype fhis fIoof info fhe normoI fIoof box. The binory equivoIenf is "8C
8Z bo 40". 8uf when you fype "8C 8Z bo 40" info fhe normoI hex box, fhe
fIoof voIue is now 3.3b4o48. Whof is worse is fhof when you fhen fype
"3.3b4o48" bock info fhe normoI fIoof box, fhe hex dispIoys "8E 8Z bo 40"l
The poinf is fhof you con nof frusf o fIoof or doubIe fexf dispIoy if if
hos froiIing decimoIs. In order fo find on exocf fIoof or doubIe, you shouId
use o Ponge seorch oround fhe number you wonf fo find. If 3.3b4o47o is
fhe number you wish fo find, do o Ponge seorch for 3.3b4o4 fo 3.3b4o48.
You moy find jusf o few more resuIfs fhon you wonfed, buf if is eosy fo siff
fhrough fhem.
In shorf, if o fIoof or doubIe hos froiIing decimoIs, do nof use on Exocf
VoIue seorch fo find if.