|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
the7shfun Newbie cheater Reputation: 0
Joined: 30 Apr 2017 Posts: 19 Location: china
|
Posted: Thu Jan 04, 2018 8:37 pm Post subject: What that mean about sub esp,C0 ? |
|
|
When i trying to backtrace a pointer.
Evertime i saw this , I dont know how to contiune trace.
Where the value come?
I just keep tracing where the value being mov of push.
And i still cant tracedown one static value , Is my way is wrong?
Here is my note:
Code: |
hyxd.exe+515DB9 - 0F11 41 20 - movups [ecx+20],xmm0
hyxd.exe+515DA1 - 8D 4E 78 - lea ecx,[esi+78]
hyxd.exe+515D9F - 8B F1 - mov esi,ecx
hyxd.exe+5174E2 - 8B 48 0C - mov ecx,[eax+0C] ecx清零
hyxd.exe+5174E5 - 03 48 04 - add ecx,[eax+04]
hyxd.exe+5174E0 - 8B C1 - mov eax,ecx
hyxd.exe+392C33 - 8B 09 - mov ecx,[ecx]
hyxd.exe+392C2A - 8B 4D E8 - mov ecx,[ebp-18]
hyxd.exe+392C18 - 89 45 E8 - mov [ebp-18],eax
hyxd.exe+392C15 - 8D 04 B8 - lea eax,[eax+edi*4]
eax:
hyxd.exe+392C10 - 8B 06 - mov eax,[esi]
hyxd.exe+392B81 - 8B B0 54010000 - mov esi,[eax+00000154]
hyxd.exe+392B7B - 8B C1 - mov eax,ecx
edi:
hyxd.exe+392C03 - 33 FF - xor edi,edi
hyxd.exe+392BA2 - 8B F8 - mov edi,eax
hyxd.exe+392B8F - 8B 06 - mov eax,[esi]
hyxd.exe+392B81 - 8B B0 54010000 - mov esi,[eax+00000154]
hyxd.exe+392B7B - 8B C1 - mov eax,ecx
hyxd.exe+392D10 - 8B 4C 24 04 - mov ecx,[esp+04]
hyxd.exe+1A4DCA - FF 77 30 - push [edi+30]
hyxd.exe+1A4D91 - 03 7C 24 10 - add edi,[esp+10]
edi:
hyxd.exe+1A4D89 - 8B 79 20 - mov edi,[ecx+20]
hyxd.exe+F6CF0 - 8B 75 E8 - mov esi,[ebp-18]
esp+10:
hyxd.exe+F6F78 - 56 - push esi
|
If i keep tracing , The ebp-18 will gone.
And i dont know how to contiune.
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1586
|
Posted: Thu Jan 04, 2018 8:45 pm Post subject: |
|
|
allocating memory for arguments, there is no reason to you to stop tracing if you dont need the value of ebp-18
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
the7shfun Newbie cheater Reputation: 0
Joined: 30 Apr 2017 Posts: 19 Location: china
|
Posted: Thu Jan 04, 2018 9:09 pm Post subject: |
|
|
OldCheatEngineUser wrote: | allocating memory for arguments, there is no reason to you to stop tracing if you dont need the value of ebp-18 |
I need to know where there value come. If i move up step the value will gone.
And i have no idea where to find it .
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1586
|
Posted: Thu Jan 04, 2018 9:44 pm Post subject: |
|
|
the7shfun wrote: | I need to know where there value come. If i move up step the value will gone. |
if you want to reach that point where it get pushed on the stack, then you have to trace backward not forward.
and the value does not seem to be replaced, just search at the very bottom of stack pointer.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
the7shfun Newbie cheater Reputation: 0
Joined: 30 Apr 2017 Posts: 19 Location: china
|
Posted: Thu Jan 04, 2018 10:07 pm Post subject: |
|
|
OldCheatEngineUser wrote: | the7shfun wrote: | I need to know where there value come. If i move up step the value will gone. |
if you want to reach that point where it get pushed on the stack, then you have to trace backward not forward.
and the value does not seem to be replaced, just search at the very bottom of stack pointer. |
That's exactly what i doing.But the problem is when the "sub esp,C0".
The stack offset will sub C0, that is a big value. Then i dont know where to trace that value been push.Cause that's way to far.
I should go to more and more and more backward to find?
But eventually am i doing right?My goal is find a entity list about the coordinate . So if i wrong. I dont need to keep doing this.
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|