Cheat Engine

Gi@nnis

I was wandering if it's possible to monitor the top of the stack. An easy why, not writing an injection code (I know how to do that).

I'm looking for something like "Find out what address this instruction accesses", but for the stack (the top of the stack).

I want to trace back where this function gets called from.

I currently use "Break and trace instructions" with maximum count 1 and save stack snapshots.

The problem with this method is that it only records the first call, and it's a bit more complicated that just right click.

If there is an other way to trace back the caller please lets me know.

Thanks in advance.

eax.qbyte · Posted: Sun May 04, 2014 5:32 am Post subject:

Not always but generally(always when tracing through windows APIs) this method should work.
Pay attention to 'Memory-viewer->Stack sub-window' If you choose stack-trace from right-click menu it changes to the mode that shows return addresses and parameters from the calls above. Double click on one of return addresses shown in that sub-window to view it in dis-assembly sub-window.

justa_dude · Posted: Sun May 04, 2014 8:44 am Post subject:

I've never seen professional code that doesn't use standard stack frames. You should be able to completely unwind the stack at any point by looking at the frame pointer/ebp and working backwards through return addresses.

Gi@nnis · Posted: Mon May 05, 2014 1:50 am Post subject: Thank

Thanks, I didn't even know that even existed.