Cheat Engine

[quang.billy.79]

Ok my case is quite simple but it gives me quite of headache
"Current Date" value is at [rax+000311F0]. I assume that there is a "Next Date" value that writes to "Current Date" address (the previous game has this mechanic). So I chose "find out what writes to this address" and found

mov rcx, r8
mov [rax+000311F0],ecx

So now I need to find the address of ecx pointer. Which I think is the "Next Date" value.

At first, I tried to scroll up to find something like "mov ecx, [abcxyz]" or something like that to see what write to ecx, but no luck.

Then after googling, I found the set breakpoint method (f5). So I tried to create a breakpoint at the Instruction
mov [rax+000311F0],ecx
. I don't know I should place breakpoint at the Memory Address of the Current Date itself or the Instruction that writes to it, but the game pauses when shifting day as intended, but still can't find the ecx pointer. The Registers on the right or More information don't show anything about ecx.
It's something like
RAX ....base address of Current Date
RBX ....actual value that I look for (I think but not sure) (next date in decimal) but not the address
RCX ....actual value that I look for (I think but not sure) (next date in decimal) but not the address

So now maybe I need to find the pointer of RBX, RCX or what?

I tried to Step in/out/over,... but I don't know what should I look at. Below is when I tried Step out (Step in or Step over do nothing). But I can only find some Constant values that write to ecx. But I don't think that's what I look for
METAPHOR.exe+71DED2 - 40 84 ED - test bpl,bpl
METAPHOR.exe+71DED5 - 74 07 - je METAPHOR.exe+71DEDE
METAPHOR.exe+71DED7 - 8B CE - mov ecx,esi
METAPHOR.exe+71DED9 - E8 62BAEBFF - call METAPHOR.exe+5D9940
METAPHOR.exe+71DEDE - 83 FB 04 - cmp ebx,04 { 4 }
METAPHOR.exe+71DEE1 - 7D 1F - jnl METAPHOR.exe+71DF02
METAPHOR.exe+71DEE3 - B2 01 - mov dl,01 { 1 }
METAPHOR.exe+71DEE5 - B9 273A0000 - mov ecx,00003A27 { 14887 }
METAPHOR.exe+71DEEA - E8 F1DCC8FF - call METAPHOR.exe+3ABBE0
METAPHOR.exe+71DEEF - 33 D2 - xor edx,edx
METAPHOR.exe+71DEF1 - B9 283A0000 - mov ecx,00003A28 { 14888 }
METAPHOR.exe+71DEF6 - E8 E5DCC8FF - call METAPHOR.exe+3ABBE0
METAPHOR.exe+71DEFB - B9 293A0000 - mov ecx,00003A29 { 14889 }
METAPHOR.exe+71DF00 - EB 1F - jmp METAPHOR.exe+71DF21
METAPHOR.exe+71DF02 - 7E 24 - jle METAPHOR.exe+71DF28
METAPHOR.exe+71DF04 - B2 01 - mov dl,01 { 1 }
METAPHOR.exe+71DF06 - B9 293A0000 - mov ecx,00003A29 { 14889 }
METAPHOR.exe+71DF0B - E8 D0DCC8FF - call METAPHOR.exe+3ABBE0
METAPHOR.exe+71DF10 - 33 D2 - xor edx,edx
METAPHOR.exe+71DF12 - B9 273A0000 - mov ecx,00003A27 { 14887 }
METAPHOR.exe+71DF17 - E8 C4DCC8FF - call METAPHOR.exe+3ABBE0
METAPHOR.exe+71DF1C - B9 283A0000 - mov ecx,00003A28 { 14888 }
METAPHOR.exe+71DF21 - 33 D2 - xor edx,edx
METAPHOR.exe+71DF23 - E8 B8DCC8FF - call METAPHOR.exe+3ABBE0
METAPHOR.exe+71DF28 - 48 8B 5C 24 40 - mov rbx,[rsp+40]
METAPHOR.exe+71DF2D - 48 83 C4 20 - add rsp,20 { 32 }

I tried to use Break and Trace Instruction, but it just spawns thousand of instructions that I don't know where to look at

I spent a day and I am very frustrated right now. Sorry I still can't post image here.

[Csimbi]

ECX is a register and not a memory location.
It's value is being written to rax+000311F0.

[quang.billy.79]

[Csimbi]

ecx contains the value