Cheat Engine

MyTee · How do I cheat? Reputation: 0 Joined: 17 Jul 2013 Posts: 4

I've found the code that accesses a certain variable, and that code is reached by a jump from an unknown location. When looking at the stack trace, the first return address is for a dynamic call (call eax).

What I want to do is find the value of eax in the dynamic call that eventually leads to my breakpoint in the code that accesses the variable. The dynamic call is used hundreds of times between the one call that leads to the relevant code section. I've tried Dissect Code to find the jump origin with no success.

Is there a way to store the value of eax each time that call is taken so I know the most recent call target when my breakpoint gets hit? (I have no idea how much code is between the dynamic call and my breakpoint)

Is there another way of finding what function is being called dynamically to reach the code that accesses the variable?

Zanzer · Posted: Fri Dec 18, 2015 9:58 pm Post subject:

Well, you know the general value of EAX from where the instruction you found is located.
You could inject at the CALL statement to find all occurrences of EAX between that address and minus X.

Or execute the following Lua and set a breakpoint on the CALL statement.

akumakuja28 · Posted: Wed Dec 23, 2015 3:58 pm Post subject:

Super easy.

Memory Viewer>Tools>Dissect Code.

Let it run and it will tell you the address thats jumps/calls to GIVEN code. Very Informative.

But if you know its a "call" just Find the "ret" at the bottom of the code and toggle breakpoint on the "ret" then use...

Memory Viewer>Debug>Step to return after the call.

Both ways have their ups and downs. But you really should always run a dissect code if your hacking a game. Just makes everything smoother and allows you better place injections. Especially when you need to use registers to add custom code.