Cheat Engine

Amaz1ng · How do I cheat? Reputation: 0 Joined: 27 Jul 2011 Posts: 8

Hey I figured this would be a good place to ask this question since there's some knowledgeable people here. I'm using olly to debug a program and im reading the instruction :

MOVE EDI, EDI

Olly says EDI = Game.009B8F38

but when I search the Game module for that address, the addresses end at like 00700000. So is there something I'm missing or what?

Slugsnack · Posted: Mon Aug 01, 2011 2:23 am Post subject:

mov edi, edi does nothing. it usually describes the start of code which sets up the stack frame. it is effectively a NOP that is used to fill up that code to be 5 bytes to allow hotpatching

AhMunRa · Posted: Mon Aug 01, 2011 8:27 am Post subject:

I think it's the way Olly disassembles things, I have run into this problem as well using it. What I usually do when I find what I am looking for is I'll copy about 8 bytes prior to and after my instructions. Then you can search for those bytes, likely you won't collide with something outside the code segment you are looking for, this is why I use so many bytes to search for it.

Amaz1ng · How do I cheat? Reputation: 0 Joined: 27 Jul 2011 Posts: 8

Thx. Hey I've been having probs with olly. How do I search for something like Game.001111111 or any address without manually having to scroll to it?

And when you said search for bytes, this is what I did - I clicked follow in dump and copied the 1st 8 bytes and did a binary search of those....nothing came up in my debugger screen.

AhMunRa · Posted: Tue Aug 02, 2011 7:51 am Post subject:

In the code window you have 3 columns