Cheat Engine

user202729 · Newbie cheater Reputation: 0 Joined: 05 Nov 2016 Posts: 13

I am disassembling / back-tracing a program using Cheat Engine. I get to a point where, the code is shared, and I set a breakpoint when EBX == 0x00008226. Now I want to find where is EBX set to be 0x00008226. Memory scan for 00008226 (hex) fail. The code lies below a JMP command so I can't scroll up and find.

Is it possible to set a "register breakpoint" that break when EBX is set to 0x00008226? Or is there any other way?

ulysse31 · Posted: Sun Nov 06, 2016 4:15 am Post subject:

No, there is no such thing as register breakpoint.
When you say the code is shared you mean several threads are accessing this code ?
So your problem is that you only care about the function call within which EBX == 0x00008226 and you cannot backtrace it because there are many other garbage call with different ebx values, right ?

But then, why don't you just backtrace to the latest instruction that changed ebx, set a conditionnal breakpoint on this instruction to break only when it puts EBX to your value of interest and proceed step by step like that ?
You can try to win time by checking the return call address and the value of the pushed argument of your function when EBX has 0x00008226 value.

M-Z · Posted: Sun Nov 06, 2016 4:25 am Post subject:

Use CTRL+J (Dissect code) to find possible jump locations. Stacktrace to find what function is calling this one.

user202729 · Newbie cheater Reputation: 0 Joined: 05 Nov 2016 Posts: 13

Yes, there are a lot of call to this line of code that EBX ~= 0x00008226. I can't back-trace (scroll up) because it lies right below a JMP command like this:

user202729 · Newbie cheater Reputation: 0 Joined: 05 Nov 2016 Posts: 13

OK I knew how to use code dissection, but then how to return to normal view? I know a tricky way, is to code-dissect a large file and press [Stop] half way.

ParkourPenguin · Posted: Wed Nov 23, 2016 8:15 am Post subject:

Execute this Lua code: