Cheat Engine

LongBeardedLion

So i have this instruction that changes each time i open the game:

JMP myGame.1001238F in address 762634B5. Thats how it is displayed in x32dbg. Precisely:

762634B5 - JMP myGame.1001238F

If i click it twice it displays just this:

jmp 0x1001238F

Since this address 0x1001238F it jumps to changes each time the game starts, but the address where this is instruction is stored is permanent, I would like to know how can i read the instruction in address 762634B5 , so that i can get the address it jumps to, the instruction JMP myGame.XXXXXXXX .

I need the address in XXXXXXX.
All i know in C++ is to read the memory. Meaning the bytes that are stored in an address. I dont know how to read the instruction that contains an address. Any tips here?

I followed it in dump. Nothing there too. How should i proceed?

ParkourPenguin · Posted: Tue Jun 30, 2020 9:21 am Post subject:

If the opcode is E9, the next four bytes are a rel32 displacement from the next instruction. Get the address of the next instruction (i.e. that instruction plus 5 bytes, or the operand plus 4) and add the rel32 displacement to it.
https://www.felixcloutier.com/x86/jmp

LongBeardedLion · Posted: Tue Jun 30, 2020 10:39 am Post subject:

Thank you.

So if i have:

762634B5 | E9 D5EEDA99 | jmp myGame.1001238F

How do i calculate it?

How does the value in dump that is E9 D5EEDA99 turn into 1001238F?

rel32? Something to do with 32 byte value?
I tried finding a relation between this.
Maybe its not that simple?

ParkourPenguin · Posted: Tue Jun 30, 2020 10:52 am Post subject:

The operand of the E9 jmp opcode is a relative 32-bit displacement from the next instruction.

LongBeardedLion · Posted: Tue Jun 30, 2020 12:07 pm Post subject:

Thats awesome. Thank you. Smile