Cheat Engine

[lmfinley]

Hi, I am fairly new to analysing code with cheat engine. Ive been practicing and I face this problem which im hoping someone can help me with.

1- I locate the value which im interested in - 5000
2- I find the pointer for this address, and note the offset
e.g xxxxxxxx + 000000A1 = 5000
3- I find the pointer for xxxxxxxx, and check what assess this address, yyyyyyy
4- I repeat step 3 for yyyyyyyy, and found zzzzzzzz
5- now with zzzzzzzz, the problem is that I cant seem to find any opcodes that access/write this address.

so thus far, my finding shown me zzzzzzz+c1+b1+a1=5000

so my question here is, since c1 b1 a1 are all constant in their value, and the address zzzzzzzz points to a constant value.

why does the value (5000) here changes if all the pointers are actually constant in value when I press 'hit' to change the value.

how do I find out what is changing the value?

(also, is there a way to determine the value before execution since the value we see in mov is after execution?)

Oh btw, I am not trying to change the value, since I can easily do that by freezing the pointer and changing the value. Im more curious as to why the value is changing if the pointers are constant.

[Cake-san]

When you try to find out what accessed the health address,some instruction will pop up.
One of them might look like this:mov [eax],ecx
That's the instruction that write on the health address.
Backtracing that ecx will either brings you to an address that hold the hit value or the number.

You can determined the value by understanding the register and the instruction itself.

Well the tutorial is quite easy because you can easily backtrace the instruction by browsing the memory view.

[lmfinley]

hi thanks for reply!! yea I just realised the command,
mov eax, ecx
means copying ecx into eax and not the other way round.

so then I realise ive been tracing the wrong path since im finding out what is eax in the 'more information' section.

how do I go about tracing 'ecx' in the example?