Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


What that mean about sub esp,C0 ?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
the7shfun
Newbie cheater
Reputation: 0

Joined: 30 Apr 2017
Posts: 19
Location: china

PostPosted: Thu Jan 04, 2018 8:37 pm    Post subject: What that mean about sub esp,C0 ? Reply with quote

When i trying to backtrace a pointer.
Evertime i saw this , I dont know how to contiune trace.
Where the value come?

I just keep tracing where the value being mov of push.
And i still cant tracedown one static value , Is my way is wrong? Crying or Very sad




Here is my note:
Code:

hyxd.exe+515DB9 - 0F11 41 20            - movups [ecx+20],xmm0
 
hyxd.exe+515DA1 - 8D 4E 78              - lea ecx,[esi+78]
 
hyxd.exe+515D9F - 8B F1                 - mov esi,ecx
 
hyxd.exe+5174E2 - 8B 48 0C              - mov ecx,[eax+0C] ecx清零
hyxd.exe+5174E5 - 03 48 04              - add ecx,[eax+04]
 
hyxd.exe+5174E0 - 8B C1                 - mov eax,ecx
 
hyxd.exe+392C33 - 8B 09                 - mov ecx,[ecx]
 
hyxd.exe+392C2A - 8B 4D E8              - mov ecx,[ebp-18]
 
hyxd.exe+392C18 - 89 45 E8              - mov [ebp-18],eax
 
hyxd.exe+392C15 - 8D 04 B8              - lea eax,[eax+edi*4]
 
eax:
   hyxd.exe+392C10 - 8B 06                 - mov eax,[esi]
 
   hyxd.exe+392B81 - 8B B0 54010000        - mov esi,[eax+00000154]
 
   hyxd.exe+392B7B - 8B C1                 - mov eax,ecx
 
edi:
   hyxd.exe+392C03 - 33 FF                 - xor edi,edi
 
   hyxd.exe+392BA2 - 8B F8                 - mov edi,eax
 
   hyxd.exe+392B8F - 8B 06                 - mov eax,[esi]
 
   hyxd.exe+392B81 - 8B B0 54010000        - mov esi,[eax+00000154]
   
   hyxd.exe+392B7B - 8B C1                 - mov eax,ecx
 
   
hyxd.exe+392D10 - 8B 4C 24 04           - mov ecx,[esp+04]
 
hyxd.exe+1A4DCA - FF 77 30              - push [edi+30]
 
hyxd.exe+1A4D91 - 03 7C 24 10           - add edi,[esp+10]
 
edi:
   hyxd.exe+1A4D89 - 8B 79 20              - mov edi,[ecx+20]
   
   hyxd.exe+F6CF0 - 8B 75 E8              - mov esi,[ebp-18]
 
 
esp+10:
   hyxd.exe+F6F78 - 56                    - push esi


If i keep tracing , The ebp-18 will gone.
And i dont know how to contiune.


Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Thu Jan 04, 2018 8:45 pm    Post subject: Reply with quote

allocating memory for arguments, there is no reason to you to stop tracing if you dont need the value of ebp-18
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
the7shfun
Newbie cheater
Reputation: 0

Joined: 30 Apr 2017
Posts: 19
Location: china

PostPosted: Thu Jan 04, 2018 9:09 pm    Post subject: Reply with quote

OldCheatEngineUser wrote:
allocating memory for arguments, there is no reason to you to stop tracing if you dont need the value of ebp-18



I need to know where there value come. If i move up step the value will gone.
And i have no idea where to find it . Crying or Very sad
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Thu Jan 04, 2018 9:44 pm    Post subject: Reply with quote

the7shfun wrote:
I need to know where there value come. If i move up step the value will gone.

if you want to reach that point where it get pushed on the stack, then you have to trace backward not forward.
and the value does not seem to be replaced, just search at the very bottom of stack pointer.

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
the7shfun
Newbie cheater
Reputation: 0

Joined: 30 Apr 2017
Posts: 19
Location: china

PostPosted: Thu Jan 04, 2018 10:07 pm    Post subject: Reply with quote

OldCheatEngineUser wrote:
the7shfun wrote:
I need to know where there value come. If i move up step the value will gone.

if you want to reach that point where it get pushed on the stack, then you have to trace backward not forward.
and the value does not seem to be replaced, just search at the very bottom of stack pointer.


That's exactly what i doing.But the problem is when the "sub esp,C0".
The stack offset will sub C0, that is a big value. Then i dont know where to trace that value been push.Cause that's way to far.

I should go to more and more and more backward to find?

But eventually am i doing right?My goal is find a entity list about the coordinate . So if i wrong. I dont need to keep doing this.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites