(Previous Thread - https://demonforums.net/Thread-Reverse-E...-Chapter-1)
Scanning:
Scanning is an extremely useful method for finding data within a program. Instead of having to repeatedly and slowly step through the code, scanning is used for finding specific pieces and values of the code. If you know something about how data or code will behave, you can scan an open process for that behavior.
Finding specific value that changes - I personally think that this is the most simple scan you can do because you know the precise value you are looking for. To perform this scan, all you have to do is put in the value and data type and scan the process for that value. Since an open process has a lot of data, it is more than likely that this value is found several times or more than once. Just trigger a change of this value and scan for the new value within the results. Just repeat that process until the value is found.
Other types of value scans - If you don't happen to actually know the value, you're gonna have to use other kinds of scans. For this event, you scan for an unknown initial value, which you then filter with a lot of ”value changed”, ”value increased”, ”value decreased” and ”value unchanged” scans after each other. You can now move forward can move forward, search for an increase, move backwards and search for a decrease, and so on. It's a very time consuming process and often harder, but with some patience it can yield some pretty spicy results.
Code scans - Sometimes you might want to be more intrigued with a piece of code instead of a stored value. In Cheat Engine, you can search for this too. Two scans perfect for this are ”find what accesses this address” and ”find what writes to this address”. Their functionality is pretty much what it sounds like. It locks onto a memory location and finds pieces of code which accesses or writes to this address.
Scanning:
Scanning is an extremely useful method for finding data within a program. Instead of having to repeatedly and slowly step through the code, scanning is used for finding specific pieces and values of the code. If you know something about how data or code will behave, you can scan an open process for that behavior.
Finding specific value that changes - I personally think that this is the most simple scan you can do because you know the precise value you are looking for. To perform this scan, all you have to do is put in the value and data type and scan the process for that value. Since an open process has a lot of data, it is more than likely that this value is found several times or more than once. Just trigger a change of this value and scan for the new value within the results. Just repeat that process until the value is found.
Other types of value scans - If you don't happen to actually know the value, you're gonna have to use other kinds of scans. For this event, you scan for an unknown initial value, which you then filter with a lot of ”value changed”, ”value increased”, ”value decreased” and ”value unchanged” scans after each other. You can now move forward can move forward, search for an increase, move backwards and search for a decrease, and so on. It's a very time consuming process and often harder, but with some patience it can yield some pretty spicy results.
Code scans - Sometimes you might want to be more intrigued with a piece of code instead of a stored value. In Cheat Engine, you can search for this too. Two scans perfect for this are ”find what accesses this address” and ”find what writes to this address”. Their functionality is pretty much what it sounds like. It locks onto a memory location and finds pieces of code which accesses or writes to this address.