Cheat Engine

Menoetius · Cheater Reputation: 0 Joined: 01 Jul 2018 Posts: 29

I'm a bit confused about why some mov commands work and others do not with an initialized space in memory. I'm attempting to mov a value from the esp-stack into a space in memory and I dont know if that's the wrong thing to attempt.

TheyCallMeTim13 · Posted: Sat Aug 11, 2018 5:52 pm Post subject: Re: Mov

ParkourPenguin · Posted: Sat Aug 11, 2018 5:54 pm Post subject:

"mov" instructions move some source value into a destination. The source value can be stored in an address, in a register, or as an immediate, while the destination can only be an address or a register:

Menoetius · Cheater Reputation: 0 Joined: 01 Jul 2018 Posts: 29

The way I'm discerning values is by viewing a certain offset in the stack. If I use something like "pop eax" will that load it into the esp stack, and shift all values down by 4, requiring me to change the offset by 4 upon loading it into the value from the esp-stack?

TheyCallMeTim13 · Posted: Sun Aug 12, 2018 7:14 am Post subject:

Yes, the PUSH, pushes the value on the stack so you would need to adjust the offset for ESP, sorry didn't think about that. But you seem to have it figured out. You can also set a breakpoint and follow it and see exactly how this affects the stack, but you seem to already understand.

ParkourPenguin · Posted: Sun Aug 12, 2018 8:13 am Post subject:

ESP will decrease by 4 in x86 (8 in x64) for every value pushed onto it. Adjust addresses accordingly.

The thread stack doesn't work like the FPU stack. The thread stack is stored in memory and will always "grow" downward. If there's an overflow, Windows will generate an exception.