| View previous topic :: View next topic |
| Author |
Message |
sdecorme
Cheater
![]() Reputation: 0
Joined: 07 Sep 2010
Posts: 33
|
 Posted: Thu Sep 09, 2010 3:19 am Post subject: Finding register value |
 |
|
Hi
On the program I'm tracing , I've call the Enumrate DLL's in CheatEngine.
I've found an interesting function, I jump to this functionand I found this
lea eax,[ecx+20]
Is it possible to get the value of eax and ecx to know the address ?
Another question
In the same way I found a function I jump to it and I want to know where this function is called , is it possible ?
Thanks
|
|
| Back to top |
|
 |
Geri
Moderator
![]() Reputation: 111
Joined: 05 Feb 2010
Posts: 5636
|
| Posted: Thu Sep 09, 2010 4:13 am Post subject: Re: Finding register value |
|
|
| sdecorme wrote: | Hi
On the program I'm tracing , I've call the Enumrate DLL's in CheatEngine.
I've found an interesting function, I jump to this functionand I found this
lea eax,[ecx+20]
Is it possible to get the value of eax and ecx to know the address ?
|
Go to the code in the memory browser, right-click on it and choose "Break and trace instructions". Next time when the code will run, CE will log the values of the registers.
| Quote: | | In the same way I found a function I jump to it and I want to know where this function is called , is it possible ? |
If You know the address which is called, You can search for "call xxxxxxxx". Or if You know how would it look like in hex, You can search for array of bytes.
_________________
|
|
| Back to top |
|
|
justa_dude
Grandmaster Cheater
 Reputation: 23
Joined: 29 Jun 2010
Posts: 891
|
| Posted: Thu Sep 09, 2010 7:46 am Post subject: |
|
|
| It could be called indirectly, i.e. call eax. You can try the code dissection function, or you could set a breakpoint on the first instruction of the function and inspect the return value on the stack.
|
|
| Back to top |
|
|
sdecorme
Cheater
![]() Reputation: 0
Joined: 07 Sep 2010
Posts: 33
|
| Posted: Fri Sep 10, 2010 4:19 am Post subject: |
|
|
| Ok thanks I try it ASAP
|
|
| Back to top |
|
|
Freiza
Grandmaster Cheater
 Reputation: 22
Joined: 28 Jun 2010
Posts: 662
|
| Posted: Tue Sep 21, 2010 2:26 pm Post subject: |
|
|
use registersymbol(variable)
then
mov [variable],eax
now add variable in address list..
it will always show you the value of eax.
|
|
| Back to top |
|
|
Geri
Moderator
![]() Reputation: 111
Joined: 05 Feb 2010
Posts: 5636
|
| Posted: Tue Sep 21, 2010 2:37 pm Post subject: |
|
|
| Freiza wrote: | use registersymbol(variable)
then
mov [variable],eax
now add variable in address list..
it will always show you the value of eax. |
He was thinking about debugging the application. You can see all of the registers' values in the debugger and You don't need to write a script for that. Your idea is good if You want to manipulate or store a register, but He just want to check it out and analyze the code which is another story then using code injection. For example, You can check out the value of eax every time when the code is running. With storing it on an address, You will not be able to track it. Just think about a code where eax is always changing because the code is managing more addresses and it runs a few times per second. Than it is not really useful if You save it as an address. All You will see are rotating numbers. While in the debugger You can manage it properly.
_________________
|
|
| Back to top |
|
|
Freiza
Grandmaster Cheater
Reputation: 22
Joined: 28 Jun 2010
Posts: 662
|
| Posted: Tue Sep 21, 2010 3:28 pm Post subject: |
|
|
Yes i know that.
but this is different way and probably a helpful way.
so i thought it might be helpful to him.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
