 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Corruptor
Advanced Cheater
![]() Reputation: 3
Joined: 10 Aug 2011
Posts: 80
|
 Posted: Mon Dec 12, 2011 10:00 am Post subject: Interpret value as Big-Endian? |
 |
|
Hi there,
Im currenlty messing around with the good old pokemon yellow game and noticed this problem:
For example, the health of the first pokemon is stored in 2 bytes. In the memory, it looks like this:
hex: 00 42
dec: 66
however, the cheat engine will display it this way:
hex: 42 00 <--- little endian?
dec: 16896
obviously, the health is 66 and not 16896. I used to seperate the values into a lowbyte and a highbyte, but now im facing a 4 byte integer...
So, is there any way to make the cheatengine interpret THOSE values as big-endian?
and sorry 4 my awful english 
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 342
Joined: 09 May 2003
Posts: 20044
Location: The netherlands
|
| Posted: Mon Dec 12, 2011 11:17 am Post subject: |
|
|
Start a new scan and rightclick the variable type
Choose new custom type (auto assembler)
To give CE support for 2 Byte Big Endian put this in:
| Code: |
alloc(TypeName,256)
alloc(ByteSize,4)
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
TypeName:
db '2 Byte Big Endian',0
ByteSize:
dd 2
//The convert routine should hold a routine that converts the data to an integer (in eax)
//function declared as: stdcall int ConvertRoutine(unsigned char *input);
//Note: Keep in mind that this routine can be called by multiple threads at the same time.
ConvertRoutine:
//jmp dllname.functionname
[64-bit]
//or manual:
//parameters: (64-bit)
//rcx=address of input
xor eax,eax
mov ax,[rcx] //eax now contains the bytes 'input' pointed to
xchg ah,al //convert to big endian
ret
[/64-bit]
[32-bit]
//jmp dllname.functionname
//or manual:
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//example:
mov eax,[ebp+8] //place the address that contains the bytes into eax
mov ax,[eax] //place the bytes into eax so it's handled as a normal 4 byte value
and eax,ffff //cleanup
xchg ah,al //convert to big endian
pop ebp
ret 4
[/32-bit]
//The convert back routine should hold a routine that converts the given integer back to a row of bytes (e.g when the user wats to write a new value)
//function declared as: stdcall void ConvertBackRoutine(int i, unsigned char *output);
ConvertBackRoutine:
//jmp dllname.functionname
//or manual:
[64-bit]
//parameters: (64-bit)
//ecx=input
//rdx=address of output
//example:
xchg ch,cl //convert the little endian input into a big endian input
mov [rdx],cx //place the integer the 4 bytes pointed to by rdx
ret
[/64-bit]
[32-bit]
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//[ebp+c]=address of output
//example:
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+c] //load the address into ebx
//convert the value to big endian
xchg ah,al
mov [ebx],ax //write the value into the address
pop ebx
pop eax
pop ebp
ret 8
[/32-bit]
|
To give CE support for 4 Byte big endian put this in:
| Code: |
alloc(TypeName,256)
alloc(ByteSize,4)
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
TypeName:
db '4 Byte Big Endian',0
ByteSize:
dd 4
//The convert routine should hold a routine that converts the data to an integer (in eax)
//function declared as: stdcall int ConvertRoutine(unsigned char *input);
//Note: Keep in mind that this routine can be called by multiple threads at the same time.
ConvertRoutine:
//jmp dllname.functionname
[64-bit]
//or manual:
//parameters: (64-bit)
//rcx=address of input
xor eax,eax
mov eax,[rcx] //eax now contains the bytes 'input' pointed to
bswap eax //convert to big endian
ret
[/64-bit]
[32-bit]
//jmp dllname.functionname
//or manual:
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//example:
mov eax,[ebp+8] //place the address that contains the bytes into eax
mov eax,[eax] //place the bytes into eax so it's handled as a normal 4 byte value
bswap eax
pop ebp
ret 4
[/32-bit]
//The convert back routine should hold a routine that converts the given integer back to a row of bytes (e.g when the user wats to write a new value)
//function declared as: stdcall void ConvertBackRoutine(int i, unsigned char *output);
ConvertBackRoutine:
//jmp dllname.functionname
//or manual:
[64-bit]
//parameters: (64-bit)
//ecx=input
//rdx=address of output
//example:
bswap ecx //convert the little endian input into a big endian input
mov [rdx],ecx //place the integer the 4 bytes pointed to by rdx
ret
[/64-bit]
[32-bit]
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//[ebp+c]=address of output
//example:
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+c] //load the address into ebx
//convert the value to big endian
bswap eax
mov [ebx],eax //write the value into the address
pop ebx
pop eax
pop ebp
ret 8
[/32-bit]
|
Once these are in CE will be able to scan for those and you can add them to your cheat table and edit the values
_________________
Do not ask me about online cheats. I don't know any and wont help finding them. |
|
| Back to top |
|
|
Corruptor
Advanced Cheater
![]() Reputation: 3
Joined: 10 Aug 2011
Posts: 80
|
| Posted: Mon Dec 12, 2011 12:52 pm Post subject: |
|
|
thx, works perfectly, really makes me want to learn assembler
what i still wonder about, is there a way to use that custom type in the Dissect data/structures-tool?
|
|
| Back to top |
|
|
otb
Advanced Cheater
![]() Reputation: 2
Joined: 27 Jan 2015
Posts: 70
|
| Posted: Wed Nov 25, 2015 7:52 pm Post subject: |
|
|
| Dark Byte wrote: | Start a new scan and rightclick the variable type
Choose new custom type (auto assembler)
To give CE support for 2 Byte Big Endian put this in:
To give CE support for 4 Byte big endian put this in:
Once these are in CE will be able to scan for those and you can add them to your cheat table and edit the values |
I found the answer to my question:
When searching for Big Endian types (both 2 and 4 bytes), uncheck the Fast Scan option.
------------------------------------------------------------
I hate to bump this thread, but it applies to the AutoAssembler code posted here and this is the first result in Google for CheatEngine Big Endian so hopefully any answers could save time for someone else searching.
I have added the code to CheatEngine, and values set as Big Endian work fine, the problem I am having is I cannot search for Big Endian values. However, the search will work if I choose to search for ALL types, it will narrow down the list to 5 results: 4 Byte Big Endian, 2 Byte BE, 1 Byte, 2 Byte, 4 Byte (Obviously, 2 and 4 Byte would only work on certain values).
I haven't had a problem with the other custom types I have used (Flash and RPGMaker), but I would guess they're different in that they only really change the value you're searching for via math, not changing byte order.
|
|
| Back to top |
|
|
dharthoorn
Advanced Cheater
 Reputation: 1
Joined: 27 Nov 2008
Posts: 78
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
