Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Option for seeing register value before instruction ran?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
snowflake
How do I cheat?
Reputation: 0

Joined: 04 Aug 2009
Posts: 5

PostPosted: Fri Aug 26, 2016 9:35 am    Post subject: Option for seeing register value before instruction ran? Reply with quote

Hello CEers! Smile
I'm following the tutorial 8 where you have to find chained pointers. I encountered the case
Code:
mov rsi, [rsi]
. I found a 2012 topic about the exact problem (I can't post url's) and I wanted to reply there but the button gets me to CE home.

1. I'd very much like to use the option stated in the tutorial CE codefinder setting with Access Violations. It simplifies things. Nevertheless, I don't want to just complete the tutorials but to learn a bit extra from each one.
That's why I wouldn't be satisfied if I didn't make it through tut 8 in 2-3 ways.

About the mentioned topic I've read it like 20 times, word by word. I've tried both Dark Byte suggestion and Csimbi.

2. Dark Byte way
I struggled to understand what Dark Byte explained but I failed. I even drew schemes.
The way I see it: what `mov rsi, [rsi]` does is it overwrites the source address with the value stored in it (and leaves us with the value). We know that the value is the last address already found in the chain but how to go on from here? We need another address that points to it.
I blindly (w/o understanding) followed Dark Byte and searched for an address that contains the value of rsi. I found one but then I went on with what accesses this address and came up with the same instruction: `mov rsi, [rsi]` same not identical (at the same instruction address - Tutorial + 2D22B). This is the situation:
last successfully found address: 011747F0
What accesses it?...
mov rsi, [rsi] // rsi = 011747F0
Search for addresses containing 011747F0...
01174770
So now 01174770 references 011747F0
What accesses it?...
mov rsi, [rsi] // rsi = 011747F0

TBH, I'd rather not pass the tutorial but understand the mechanisms Smile

3. Csimbi way
Did Break and Trace instructions on the mov rsi, [rsi] and the Tracer window appears and it doesn't do anything. I tried all combinations of check boxes options: all registers stay 0.
Back to top
View user's profile Send private message
h3x1c
Master Cheater
Reputation: 17

Joined: 27 Apr 2013
Posts: 306

PostPosted: Fri Aug 26, 2016 9:45 am    Post subject: Reply with quote

I did a tutorial awhile back on multi-level pointers and used Step 8 specifically. You may find it illuminating:

https://www.youtube.com/watch?v=14yCyf9ibK0&list=PLNffuWEygffbbT9Vz-Y1NXQxv2m6mrmHr&index=13

Where what you said in point 1 is concerned, here's a tutorial I did on coming up with multiple solutions for any given problem, and I used one of the CE tutorial steps as an example. It should help you take away a lot:

https://www.youtube.com/watch?v=m7yaYoc-ils&index=18&list=PLNffuWEygffbbT9Vz-Y1NXQxv2m6mrmHr

_________________
Back to top
View user's profile Send private message Visit poster's website
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Fri Aug 26, 2016 11:39 am    Post subject: Reply with quote

Go to that instruction in the disassembler, set a breakpoint on it, and make it run. RSI will be the address that instruction is reading from. Instruction breakpoints are faults (i.e. state is prior to execution of the instruction) and data breakpoints are traps (i.e. state is after the instruction has been executed).

Alternatively, there should be another instruction that accesses that address which doesn't modify the register it's reading from.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites