Cheat Engine

Pirulito · Newbie cheater Reputation: 0 Joined: 13 May 2017 Posts: 13

Is there an easy way to find the start of an opcode?

For instance, assume I want to add a breakpoint (BP) at around byte offset 1000 from the start of the process. This 1000th byte may not be the byte that starts the opcode at such location and so I guess that (I have not tested) placing a BP at such address would not work (or would it work?). So what I want to know is if there is an easy way to find if the 1000th byte is the start of an opcode and, if it is not, where does the opcode that contains the 1000th byte really starts?

Thank you.

Dark Byte · Posted: Thu May 24, 2018 5:37 am Post subject:

dusassemble from different positions before it and continue disassembling until you're at or beyond the instruction you're interested in

Pirulito · Newbie cheater Reputation: 0 Joined: 13 May 2017 Posts: 13

I tried the disassembling instruction but if I use it at an address that is not the start of an opcode, disassembling will return a wrong opcode (that starts at the address I passed as parameter anyway). Since I do not know what the opcode is, I cannot tell, by going backwards or afterwards, with certainty, where the real opcode starts.

My only idea is to reconstruct the entire application from its very beginning and get to the next opcode, get is size, then next opcode, then its size, etc. and still I am not sure it will work since the application if full of "gaps" (bytes with '00' in between the procedures).

Dark Byte · Posted: Thu May 24, 2018 6:21 am Post subject:

you'll find that instructions will normalize/snap into place after disassembling 10 or so subsequent instructions (it's what ce's disassembler does when you scroll up)