Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


How to find when a register change?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
user202729
Newbie cheater
Reputation: 0

Joined: 05 Nov 2016
Posts: 13

PostPosted: Sun Nov 06, 2016 1:40 am    Post subject: How to find when a register change? Reply with quote

I am disassembling / back-tracing a program using Cheat Engine. I get to a point where, the code is shared, and I set a breakpoint when EBX == 0x00008226. Now I want to find where is EBX set to be 0x00008226. Memory scan for 00008226 (hex) fail. The code lies below a JMP command so I can't scroll up and find.

Is it possible to set a "register breakpoint" that break when EBX is set to 0x00008226? Or is there any other way?
Back to top
View user's profile Send private message
ulysse31
Master Cheater
Reputation: 2

Joined: 19 Mar 2015
Posts: 324
Location: Paris

PostPosted: Sun Nov 06, 2016 4:15 am    Post subject: Reply with quote

No, there is no such thing as register breakpoint.
When you say the code is shared you mean several threads are accessing this code ?
So your problem is that you only care about the function call within which EBX == 0x00008226 and you cannot backtrace it because there are many other garbage call with different ebx values, right ?

But then, why don't you just backtrace to the latest instruction that changed ebx, set a conditionnal breakpoint on this instruction to break only when it puts EBX to your value of interest and proceed step by step like that ?
You can try to win time by checking the return call address and the value of the pushed argument of your function when EBX has 0x00008226 value.
Back to top
View user's profile Send private message
M-Z
Advanced Cheater
Reputation: 1

Joined: 08 Nov 2014
Posts: 77
Location: Poland

PostPosted: Sun Nov 06, 2016 4:25 am    Post subject: Reply with quote

Use CTRL+J (Dissect code) to find possible jump locations. Stacktrace to find what function is calling this one.
Back to top
View user's profile Send private message Send e-mail
user202729
Newbie cheater
Reputation: 0

Joined: 05 Nov 2016
Posts: 13

PostPosted: Sun Nov 06, 2016 6:18 am    Post subject: Reply with quote

Yes, there are a lot of call to this line of code that EBX ~= 0x00008226. I can't back-trace (scroll up) because it lies right below a JMP command like this:
Code:

... (A)
JMP ....
...
push EBX
call ...

So of course the code (A) is unrelated.

No, I can't stack-trace / look for return point. Shift+F8 return to normal execution. (So it is in top level)

I'm not sure if it is used by multiple threads (did not sure what "shared code" means), but I'm sure that there are many calls to that code without EBX==0x00008226. And, you need to interact with the software to run the part I need.

I will learn code dissection.
Back to top
View user's profile Send private message
user202729
Newbie cheater
Reputation: 0

Joined: 05 Nov 2016
Posts: 13

PostPosted: Wed Nov 23, 2016 12:39 am    Post subject: Reply with quote

OK I knew how to use code dissection, but then how to return to normal view? I know a tricky way, is to code-dissect a large file and press [Stop] half way.
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 152

Joined: 06 Jul 2014
Posts: 4706

PostPosted: Wed Nov 23, 2016 8:15 am    Post subject: Reply with quote

Execute this Lua code:
Code:
getDissectCode().clear()

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites