Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


How to find where a function was called from (assembly)?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
toffler
Cheater
Reputation: 0

Joined: 27 Sep 2012
Posts: 38

PostPosted: Tue May 30, 2017 7:13 am    Post subject: How to find where a function was called from (assembly)? Reply with quote

I can see the beginning of a function, it starts from
Code:
push ebp
I can't figure out where it ends so I could breakpoint ret and see where it was called from. At the push, does ebp contain the address where to return from the call or a pointer to it? Is there a way to breakpoint the code at push ebp and figure out the return address thru register values?

Thank you!
Back to top
View user's profile Send private message
STN
I post too much
Reputation: 42

Joined: 09 Nov 2005
Posts: 2672

PostPosted: Tue May 30, 2017 10:35 am    Post subject: Reply with quote

Quote:
At the push, does ebp contain the address where to return from the call or a pointer to it?


NO

You can look in call stack(stacktrace), stack for any return address. You can also use x64dbg/olly find references function to see where the function is being called from (if it's not a dynamic call like call [eax+blah] etc.)

_________________
Cheat Requests/Tables- Fearless Cheat Engine
https://fearlessrevolution.com
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Tue May 30, 2017 1:03 pm    Post subject: Reply with quote

Another tool you could get is IDA to disassemble the target. It's references feature is very helpful and it will also determine the end of the function with ease as long as the file is not obfuscated or tampered with in a way to deter disassemblers etc.
_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
Schnitzelmaker
Advanced Cheater
Reputation: 6

Joined: 27 Jan 2012
Posts: 64

PostPosted: Thu Jun 01, 2017 6:50 am    Post subject: Reply with quote

You can try to run in the Memory Viewer -> View -> Referenced functions.

Not working on calls like "call [eax+0c]".
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites