Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Disassemble this memory region

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
Noobrzor
Advanced Cheater
Reputation: 0

Joined: 19 May 2014
Posts: 74
PostPosted: Tue Nov 11, 2014 6:33 am    Post subject: Disassemble this memory region Reply with quote
Greetings

When I click "Browse this memory region" i get full procedures and addresses named like "ProcessName.exe+a1234". So far I've done a little bit of code injection using that.
Today I tried to "Disassemble this memory region". Now I see direct adresses, and apparently more basic opcodes.

My questions are:
1. How do I revert to the previous type of browsing the memory region? I hate to have to restart the Cheat Engine each time during my learning when I use "Disassemble this memory region" and want to see "ProcessName.exe+a1234" again.

2. In the normal mode I see "call procedure". Am I to understand that disassembling does separate it into simple opcodes to allow more precise changes?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 471

Joined: 09 May 2003
Posts: 25818
Location: The netherlands
PostPosted: Tue Nov 11, 2014 6:42 am    Post subject: Reply with quote
1: it's possible the region you're looking at isn't inside a module but generated dynamically
In these cases you'll have to use an array of byte scan to find that code

2: "call" is a cpu instruction. It writes the return address on top of the stack and then changes the execution pointer to the location specified by call.
Once the cpu encounters a "ret" it will jump to the address stored on the top of the stack
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Noobrzor
Advanced Cheater
Reputation: 0

Joined: 19 May 2014
Posts: 74
PostPosted: Tue Nov 11, 2014 7:13 am    Post subject: Reply with quote
Thank you for the response.
Now I'll focus trying to learn to understand the meaning of your words, as I lack proper knowledge.

Best Regards!
Back to top
View user's profile Send private message
omnidouche
How do I cheat?
Reputation: 0

Joined: 30 Oct 2014
Posts: 9
PostPosted: Tue Nov 18, 2014 8:14 am    Post subject: Reply with quote
Correct me if I'm wrong but "browse this memory region" will update the bottom portion of memory viewer while "disassemble this memory region" will update the top half. The bottom is straight bytes to edit while the top will do its best to group the bytes together to form opcodes. If you are in memory viewer and want to get back to "processname.exe+a1234" then just right click on any of the addresses in the top half and click on "Go to address" then type in "processname.exe.+a1234" and if you want to go to an address in the bottom half of memory viewer then right click on any bytes and click on "goto address" and do the same. Or if you want it to be specific you can always just click on the view toolbar in memory viewer and uncheck "show module addresses".
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites