[Valkyrr]

Ok, first I want to say thanks to everyone for the very educational posts in here. DABhand et. al.

Tools:
Cheat Engine (x.x version - can't remember)
TMK

Now, the question i have is this.

I have a game that uses DMA.

I found the memory address that writes the code I want to change and its something like this (I'm doing this from memory as I don't have my notes with me):

00c22848 - xx xx xx mov [esi+054h], eax (again I think this is similar to the actual code but not exact)

EAX in this case is 00000000. But I want it to be 00000001.

So I create a code cave (using Cheat Engine) and create:

00491919 - mov [esi+054h],00000001
xxxxxxxx - nop
xxxxxxxx - ret
xxxxxxxx - nop

However, when I go back to 00c22848 and change the mov stmt to:

00c22848 - call 00491919

I get the following msg in Cheat Engine:
(Paraphrasing here):

The NEW code is 5 bytes long, but the REPLACED code is only 3 bytes long. Do you want to replace the unused bytes with NOP. (Again, paraphrased)

Obviously I can't do the replacement because it will overwrite the code that exists in the 4th and subsequent bytes right? I think there's a jmp that comes right after the commands at 00c22848 that gets overwritten.

How can I get to my code cave and back?? Is this an advanced subject or am I missing something?

A lil help?