Cheat Engine

[Nicholas Cage]

cmp ebx,00010000
like
how would I find the opcode to cmp ebx,00010000?
i'm new to cheat engine.

[++METHOS]

In memory viewer, select 'search' from drop-down menu, then click on 'find assembly code'. Alternatively, you can do an array of bytes scan for the hex equivalent.

[daspamer]

or aobscan this

[Rissorr]

I have a question:

How does the program "calculate" the bytes of the intruction?

for example: 8B 4C 24 0C - mov ecx,[esp+0C]

(also i noticed that most of the MOV instructions start with 8B)

so why it 8B? also why the INT 3 = CC? actually: HOW IT CALCULATED?

[Geri]

[cashd]

i can give you more resource to read how mov and other instructions opcodes determined

http://www.codeproject.com/Articles/662301/x-Instruction-Encoding-Revealed-Bit-Twiddling-fo

[my mate wrote it]

[Rissorr]

Thanks guys :D

[atom0s]

Cheat Engine has its own disassembler engine in it that Dark Byte wrote.
You can find all the source for Cheat Engine here:
https://code.google.com/p/cheat-engine/

The code specific to the disassembler can be found here:
https://code.google.com/p/cheat-engine/source/browse/trunk/Cheat%20Engine/Assemblerunit.pas
https://code.google.com/p/cheat-engine/source/browse/trunk/Cheat%20Engine/disassembler.pas

[STN]

A simple answer is because that is how the intel architecture is, they decided what mnemonic to use for what op code.

While the information given in the threads linked is very informative indeed, all that accomplishes is make you scratch your head (look at the last post in that thread) and think the guy who posted it is some genius who magically knows this shit. Not the case, You can find all this in the Intel Software Developer's manual where each instruction set and its mnemonic/byte code is explained. It also describes the architecture in great detail. I suggest you give it a read if you really want the answer to your curiosity because nobody here can explain in a post what is the job of a book and they are going to reference what is there already so why not go to the source.
Link to manual
http://www.intel.com/content/www/us/en/processors/architectures-software-developer-manuals.html?iid=tech_vt_tech+64-32_manuals

It will also serve as a reference because you can't remember this shit obviously. There are even online resources that makes it easier for you to quickly search what opcode stands for what mnemonic instead of searching in the manual. Here you go

http://ref.x86asm.net/coder32.html

This question was asked on stackoverflow and some very useful resources mentioned there so give that a read too (you can quickly find all the resource i linked to from there as well)
http://stackoverflow.com/questions/6401586/intel-x86-opcode-reference

Finally, if you want to quickly find out the op code for an instruction just assemble it anywhere in CE (jumps are relative so be careful when doing long jumps, you can calculate jmps too easily but i digress as this is not the topic for that) and notice the opcodes. Or use ollydebug. If you want to do the reverse (find out what op codes stands for what instruction) you can use CE hex viewer windows or ollydbg edit bytes option.

Hope this helps.

PS: Here's a tip that helped me when i had to learn this for university, use Google ( ) because you can find various articles on it that different tech university have on assembly (stay away from wikipedia: worst place for this) and other similar people as you asking the same question/needing help/writing their own article in their easy to understand noobish way and google brings that stuff up neatly. Pretty obvious but still not many do it when they should.