Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Interpret value as Big-Endian?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Corruptor
Advanced Cheater
Reputation: 3

Joined: 10 Aug 2011
Posts: 82

PostPosted: Mon Dec 12, 2011 10:00 am    Post subject: Interpret value as Big-Endian? Reply with quote

Hi there,
Im currenlty messing around with the good old pokemon yellow game and noticed this problem:
For example, the health of the first pokemon is stored in 2 bytes. In the memory, it looks like this:

hex: 00 42
dec: 66
however, the cheat engine will display it this way:

hex: 42 00 <--- little endian?
dec: 16896

obviously, the health is 66 and not 16896. I used to seperate the values into a lowbyte and a highbyte, but now im facing a 4 byte integer...

So, is there any way to make the cheatengine interpret THOSE values as big-endian?
and sorry 4 my awful english Very Happy
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 360

Joined: 09 May 2003
Posts: 21158
Location: The netherlands

PostPosted: Mon Dec 12, 2011 11:17 am    Post subject: Reply with quote

Start a new scan and rightclick the variable type
Choose new custom type (auto assembler)

To give CE support for 2 Byte Big Endian put this in:
Code:

alloc(TypeName,256)
alloc(ByteSize,4)
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)

TypeName:
db '2 Byte Big Endian',0

ByteSize:
dd 2

//The convert routine should hold a routine that converts the data to an integer (in eax)
//function declared as: stdcall int ConvertRoutine(unsigned char *input);
//Note: Keep in mind that this routine can be called by multiple threads at the same time.
ConvertRoutine:
//jmp dllname.functionname
[64-bit]
//or manual:
//parameters: (64-bit)
//rcx=address of input
xor eax,eax
mov ax,[rcx] //eax now contains the bytes 'input' pointed to
xchg ah,al //convert to big endian

ret
[/64-bit]

[32-bit]
//jmp dllname.functionname
//or manual:
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//example:
mov eax,[ebp+8] //place the address that contains the bytes into eax
mov ax,[eax] //place the bytes into eax so it's handled as a normal 4 byte value
and eax,ffff //cleanup
xchg ah,al //convert to big endian

pop ebp
ret 4
[/32-bit]

//The convert back routine should hold a routine that converts the given integer back to a row of bytes (e.g when the user wats to write a new value)
//function declared as: stdcall void ConvertBackRoutine(int i, unsigned char *output);
ConvertBackRoutine:
//jmp dllname.functionname
//or manual:
[64-bit]
//parameters: (64-bit)
//ecx=input
//rdx=address of output
//example:
xchg ch,cl //convert the little endian input into a big endian input
mov [rdx],cx //place the integer the 4 bytes pointed to by rdx

ret
[/64-bit]

[32-bit]
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//[ebp+c]=address of output
//example:
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+c] //load the address into ebx

//convert the value to big endian
xchg ah,al

mov [ebx],ax //write the value into the address
pop ebx
pop eax

pop ebp
ret 8
[/32-bit]


To give CE support for 4 Byte big endian put this in:
Code:

alloc(TypeName,256)
alloc(ByteSize,4)
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)

TypeName:
db '4 Byte Big Endian',0

ByteSize:
dd 4

//The convert routine should hold a routine that converts the data to an integer (in eax)
//function declared as: stdcall int ConvertRoutine(unsigned char *input);
//Note: Keep in mind that this routine can be called by multiple threads at the same time.
ConvertRoutine:
//jmp dllname.functionname
[64-bit]
//or manual:
//parameters: (64-bit)
//rcx=address of input
xor eax,eax
mov eax,[rcx] //eax now contains the bytes 'input' pointed to
bswap eax //convert to big endian

ret
[/64-bit]

[32-bit]
//jmp dllname.functionname
//or manual:
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//example:
mov eax,[ebp+8] //place the address that contains the bytes into eax
mov eax,[eax] //place the bytes into eax so it's handled as a normal 4 byte value

bswap eax

pop ebp
ret 4
[/32-bit]

//The convert back routine should hold a routine that converts the given integer back to a row of bytes (e.g when the user wats to write a new value)
//function declared as: stdcall void ConvertBackRoutine(int i, unsigned char *output);
ConvertBackRoutine:
//jmp dllname.functionname
//or manual:
[64-bit]
//parameters: (64-bit)
//ecx=input
//rdx=address of output
//example:
bswap ecx //convert the little endian input into a big endian input
mov [rdx],ecx //place the integer the 4 bytes pointed to by rdx

ret
[/64-bit]

[32-bit]
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//[ebp+c]=address of output
//example:
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+c] //load the address into ebx

//convert the value to big endian
bswap eax

mov [ebx],eax //write the value into the address
pop ebx
pop eax

pop ebp
ret 8
[/32-bit]



Once these are in CE will be able to scan for those and you can add them to your cheat table and edit the values

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Back to top
View user's profile Send private message MSN Messenger
Corruptor
Advanced Cheater
Reputation: 3

Joined: 10 Aug 2011
Posts: 82

PostPosted: Mon Dec 12, 2011 12:52 pm    Post subject: Reply with quote

thx, works perfectly, really makes me want to learn assembler Very Happy

what i still wonder about, is there a way to use that custom type in the Dissect data/structures-tool?
Back to top
View user's profile Send private message
otb
Advanced Cheater
Reputation: 2

Joined: 27 Jan 2015
Posts: 70

PostPosted: Wed Nov 25, 2015 7:52 pm    Post subject: Reply with quote

Dark Byte wrote:
Start a new scan and rightclick the variable type
Choose new custom type (auto assembler)

To give CE support for 2 Byte Big Endian put this in:

To give CE support for 4 Byte big endian put this in:


Once these are in CE will be able to scan for those and you can add them to your cheat table and edit the values
I found the answer to my question:
When searching for Big Endian types (both 2 and 4 bytes), uncheck the Fast Scan option.

------------------------------------------------------------

I hate to bump this thread, but it applies to the AutoAssembler code posted here and this is the first result in Google for CheatEngine Big Endian so hopefully any answers could save time for someone else searching.

I have added the code to CheatEngine, and values set as Big Endian work fine, the problem I am having is I cannot search for Big Endian values. However, the search will work if I choose to search for ALL types, it will narrow down the list to 5 results: 4 Byte Big Endian, 2 Byte BE, 1 Byte, 2 Byte, 4 Byte (Obviously, 2 and 4 Byte would only work on certain values).
I haven't had a problem with the other custom types I have used (Flash and RPGMaker), but I would guess they're different in that they only really change the value you're searching for via math, not changing byte order.
Back to top
View user's profile Send private message
dharthoorn
Advanced Cheater
Reputation: 1

Joined: 27 Nov 2008
Posts: 83

PostPosted: Mon Apr 18, 2016 6:48 am    Post subject: Reply with quote

Sorry to necro but I am crying sweet tears of joy right now for the Big Endian support. So lucky to stumble upon this post.

I figured it'd be in the default build already?

Anywhoo, DB can look forward to another 10 donation from me.

EDIT: Pretty please add Big Endian support in Memory viewer also.... Wink

_________________
"If you could reason with religious people there would be no religious people" - House Md. (My Personal Life Coach)
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites