Cheat Engine

[skynet888]

Why doesn't it show the previous assembly instruction? As the picture below shows: if [break and trace] support displaying the previous instruction before 1902760, we can quickly and easily know who called 1902760 when EDX==0x100BD6.But currently it only displays instructions after 1902760.
You will probably suggest to me: "You can trace it until the function returns and you will know who called 1902760". But you are wrong, the function returns to 1467367, but if you set the conditional breakpoint "EDX==0x100BD6" at 1467364, you will not get any result. Why? Because 1467364 may first call address A, address A modified EDX to 0x100BD6, and then jmp to 1902760. So the method of tracking to the function return is not reliable. The fastest and most reliable way is to let CE itself show who called 1902760 when EDX==0x100BD6

PS:Please look at the picture in numerical order: first look at 111111.png then look at 2222222.png, and finally look at 3333333.png

[TsTg]

in picture 1 i see edx is getting overwritten from [eax+2C8], then pushed to the stack, then followed by the call to [eax+2BC], you can put a breakpoint there at 1902785 (DONT enter to the call), but setting the condition [esp] == 0x100BD6 instead, however i dont really recommend doing that since this is a dynamic code and [eax+2BC] could lead to some other function.

you can run and stop at 2040330, put a breakpoint with the condition [ESP+4] == 0x100BD6 right there too.

[skynet888]

[TsTg]

then and from picture 3, you can see EDX is being edited at the start there (at146732D) , if not, it could be assigned after the call to [ebx+230] (at 146734C), take a look at the very top code, or the start of the function itself, perhaps the actual target value you need to look for is not 0x100BD6.
is this a Unreal Engine or a Unity game by any chance ?, this kind of dynamic code is used alot by those engines.