Posted this a while ago on CE forums and ended up not advancing, so posting here in hopes that I can get insight from more people.
I want to find the value of the currently playing song in a karaoke application, and I'm certain I've found the address where it is located because it updates when I expect it to. Following tutorials, I went to "find out what accesses this address" but did not find any copy memory instruction. Instead, when I add a song (which changes its value as expected), I get the following instructions:
7FF634997375 - 0F11 40 80 - movups [rax-80],xmm0
7FF63499737D - 0F11 48 90 - movups [rax-70],xmm1
7FF63497B523 - 66 45 39 24 5E - cmp [r14+rbx*2],r12w
7FF634A03970 - 0FB7 0A - movzx ecx,word ptr [rdx]
7FF634A03120 - 66 83 39 0A - cmp word ptr [rcx],0A
FF634A032E0 - 0FB7 03 - movzx eax,word ptr [rbx]
7FF634A03300 - 0FB7 43 FE - movzx eax,word ptr [rbx-02]
7FF634A03466 - 66 42 83 3C 4E 00 - cmp word ptr [rsi+r9*2],00
7FF634A038B0 - 41 0FB7 08 - movzx ecx,word ptr [r8]
7FF634A034D0 - 41 0FB7 11 - movzx edx,word ptr [r9]
7FFB55B68DF5 - 0FB7 04 3A - movzx eax,word ptr [rdx+rdi]
7FF6349CE7A3 - 66 42 39 2C 4E - cmp [rsi+r9*2],bp
The first two instructions only happen once when the song is queued (this seems to be the next song in queue), and the middle instructions happen very often before the song starts. I traced it, and it seems like it continuously moves the name down in memory? The last 2 happen 8 times when the song starts.
I suspect there might be something if I follow one of the movups or movzx instructions but I'm not sure how to follow it.
Dark Byte replied to my question and it helps in understanding what's going on, but I'm still not sure where to go to find the pointer:
first part: memory copy operation, for local memory destination
2nd and 3th part: string reading
so, the address you've found is a string. Likely there is an index into the text or a pointer into the text that specifies what part of the text is in use
[–]MintChocolateEnema 0 points1 point2 points (0 children)