ok, eax is holding the value 865A3C4
So I did a search of memory for 865A3C4 (dont know if this is how I find where eax comes from or not)

And I got 1 result at location 866E6F0

So... if im understanding this correctly, the value in 866E6F0 should be a pointer to the data i seek in memory? where does the +11 from "mov al,[eax+0x11]
" come in?

Quote:Original post by SelethD
ok, eax is holding the value 865A3C4
So I did a search of memory for 865A3C4 (dont know if this is how I find where eax comes from or not)

And I got 1 result at location 866E6F0

So... if im understanding this correctly, the value in 866E6F0 should be a pointer to the data i seek in memory?

Yes. The pointer is at address 0x0866E6F0, and the pointer's value (the address pointed at) is 0x0865A3C4.

Quote:Original post by SelethD
where does the +11 from "mov al,[eax+0x11]" come in?

As Antheus said, eax probably points to a class or struct, and the +0x11 is to access the variable 0x11 (17) bytes from the start of that struct or class. If eax = 0x0865A3C4 before the mov statement, then that's probably the address of the struct/class, so the member variable is at 0x0865A3C4+0x11 = 0x0865A3D5.