Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Cheat Engine Forum Index
PostGo back to topic
Pingo
Grandmaster Cheater
Reputation: 8
Joined: 12 Jul 2007
Posts: 571
PostPosted: Sat Feb 28, 2015 9:08 pm    Post subject:
Look at the memory viewer.
Code:
096BF274 - 89 58 4C              - mov [rax+4C],ebx
096BF277 - 8D 89 80200000        - lea ecx,[rcx+00002080]


Code:
096BF274 - 89 58 4C              - mov [rax+4C],ebx

This is only 3 bytes long. To jump to a codecave, you need 5 byte.
That means the first 2 bytes of the next instruction will be overwritten.
Code:
096BF277 - -->8D 89<-- 80200000        - lea ecx,[rcx+00002080]

The remaining bytes are nopped (80 20 00 00)


DB beat me to it..
What he said. I typed it out so maybe you can visualise it.
_________________
Back to top
View user's profile Send private message
Post reviews:   Approve 1
Author Review
Rissorr
Review: Approve
Post reference:
ReviewPosted: Wed Mar 11, 2015 1:50 pm
Great Answer!
Back to top
View user's profile Send private message
Display:  
Cheat Engine Forum Index


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites