Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Reading cetrace file for processing (esp. FPU/XMM registers)

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Merlini
Advanced Cheater
Reputation: 2

Joined: 12 Jun 2016
Posts: 53

PostPosted: Sat Apr 15, 2017 8:30 pm    Post subject: Reading cetrace file for processing (esp. FPU/XMM registers) Reply with quote

Hello DB,

Can I get the FPU and XMM register values from CETRACE files?
The text file version of the cetrace only contains register/instruction,
and I can't seem to decipher the larger binary file format.
I'm assuming the larger version has all the FPU/XMM registers,
and maybe other things like stack.
Ran it through xxd but can't seem to read anything useful.

There is a program that passes some floating values from one FPU to
another xmm to memory etc. endlessly without doing anything for a while.
I've given up manually trying to follow it and am thinking of writing a
trace replayer for cetrace file to automatically track variables through various
registers. Any help on extracting full information from cetrace file would be
much appreciated.

Thank you.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Sun Apr 16, 2017 1:42 am    Post subject: Reply with quote

first a byte of 0 if 32 bit or 1 if 64 bit
followed by the treeview setup (bytecount followed by the string)

then a 4 byte holding the number of entries followed by each entry

each entry exists our of:
instructionlength : dword
instruction: char[instructionlength]
instructionsize: dword
referencedAddress: uint_ptr
context: Context
bytesize: dword
bytes:byte[bytesize] //bytes of the referenced address
stacksize: dword
stack:byte[stacksize]

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping


Last edited by Dark Byte on Sun Apr 16, 2017 12:23 pm; edited 1 time in total
Back to top
View user's profile Send private message MSN Messenger
Merlini
Advanced Cheater
Reputation: 2

Joined: 12 Jun 2016
Posts: 53

PostPosted: Sun Apr 16, 2017 12:14 pm    Post subject: Reply with quote

Ok. I'm starting to see it.

Red: Instruction length
Yellow: instruction size
Orange: Ref. Addr.
Green: Context
etc.

So it appears the information that I want is in the context.
Can you please explain how to decipher the context?

I've looked at frmTracerUnit.pas, but it doesn't seem to actually define what the
_CONTEXT is.

Thank you.



cetrace.png
 Description:
 Filesize:  14.89 KB
 Viewed:  5386 Time(s)

cetrace.png


Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Sun Apr 16, 2017 12:20 pm    Post subject: Reply with quote

context is a windows defined structure. (the windows header files probably have a detailed implementation)

also, check out newkernelhandler.pas where I have also implemented it ( https://github.com/cheat-engine/cheat-engine/blob/master/Cheat%20Engine/NewKernelHandler.pas#L98 )

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Merlini
Advanced Cheater
Reputation: 2

Joined: 12 Jun 2016
Posts: 53

PostPosted: Sun Apr 16, 2017 4:36 pm    Post subject: Reply with quote

I'm looking for a way to convert a floating point number to the
byte sequence that's pushed into FPU stack when fld is called.
(I am unsure but I think the conversion is called extended double or
80bit floating format.)

e.g. 0x3F800000 (1.0 in float) in memory gets loaded into FPU with fld as
00 00 00 00 00 00 00 80 FF 3F 00 00 00 00 00 00.
I guess I'm looking for a way to return that byte sequence with something
like
00 00 00 00 00 00 00 80 FF 3F 00 00 00 00 00 00 = convertToExtendedDouble(0.1)

Thanks!





========== Edit: Since I can't double post yet =========

Dark Byte wrote:
check out newkernelhandler.pas where I have also implemented it ( https://github.com/cheat-engine/cheat-engine/blob/master/Cheat%20Engine/NewKernelHandler.pas#L98 )


Success!

Thank you for your explanations.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites