Quick noobish question, but say you wanted to simply return to the address from whence you came, i.e. no conditional jump back, would that ret command take care of that? Essentially trying to work out if it's possible to expand one instruction out in the code cave and have the execution continue on from where you started. e.g. say you originally had something that added 1 to the eax, but you wanted to do that and also sub something from it and multiply it by something, could you replace the original add with a jump to the code cave where you then run the original add, together with the new sub and the mul, then have it return to the original next instruction? specifically interested to know if you can have it return without knowing the address it is returning to.
![Advanced Cheat Engine Tutorial: Backtracing Shared Instructions from Visual Addresses! [Eldritch]](http://i.ytimg.com/vi/06t_hoWGa5c/mqdefault.jpg)
![Advanced Cheat Engine Tutorial: Backtracing Shared Instructions from Visual Addresses! [Eldritch]](/img/tr.png)
![Function hooking, detours, inline asm & code caves [Game Hacking 101]](/img/n.gif)
Quick noobish question, but say you wanted to simply return to the address from whence you came, i.e. no conditional jump back, would that ret command take care of that?
Essentially trying to work out if it's possible to expand one instruction out in the code cave and have the execution continue on from where you started. e.g. say you originally had something that added 1 to the eax, but you wanted to do that and also sub something from it and multiply it by something, could you replace the original add with a jump to the code cave where you then run the original add, together with the new sub and the mul, then have it return to the original next instruction? specifically interested to know if you can have it return without knowing the address it is returning to.
Perfect video
what if ur ammo value or currency shows like "esi[+00000123],edi" ? great vid btw mate
There is no instruction like that u mean mov esi,[edi+00000123] in this case u still can compare using data structure or the method in this video 😁