Cheat Engine

tquery · How do I cheat? Reputation: 0 Joined: 22 Jan 2013 Posts: 4

I have an instruction
move [eax+8], edx

EAX = 2BE365E0 (it is the value)

I need to know, which instruction wrote this value to the EAX (from which registers/offsets etc...)

How to monitor EAX?

Thanks!

Fresco · Posted: Sat Jan 26, 2013 7:25 am Post subject:

go in the diassembler at the "move [eax+8], edx" instruction, (it's mov btw)
scroll up the code and find something that writes to it
like:
mov eax,whatever
or
inc eax
dec eax
...

desertricker · Posted: Wed Feb 13, 2013 9:45 am Post subject:

daspamer · Posted: Wed Feb 13, 2013 9:57 am Post subject:

What Frensco said is right and it works..
Search for something like
mov edx, something
add edx, something
sub edx, something
dec edx
inc edx

Then you can use auto assembler to set your own value to EDX.
Or you can do right click on that opcode > Find out what addesses this instruction accesses > do something that that will change edx (buy sell kill idk..) and then you will see the address and you will be able to change it..

Fresco · Posted: Sun Feb 17, 2013 11:40 am Post subject:

@azginporsuk
break and trace won't tell you what wrote to eax Wink

break and trace will only show you the values in stack, registers, etc...
what you could do is scroll up a few lines of code and then break and trace with stop condition at eip == (address of "move [eax+8], edx" instruction)
then in the tracer you would go at eip == (address of "move [eax+8], edx" instruction) and then scroll up line by line till you see eax register in red, which means something wrote to it.
and yes, only these kinda instruction change edx, as for eax, just chage edx with eax