Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Interpret value as Big-Endian?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Corruptor
Advanced Cheater
Reputation: 3

Joined: 10 Aug 2011
Posts: 82

PostPosted: Mon Dec 12, 2011 10:00 am    Post subject: Interpret value as Big-Endian? Reply with quote

Hi there,
Im currenlty messing around with the good old pokemon yellow game and noticed this problem:
For example, the health of the first pokemon is stored in 2 bytes. In the memory, it looks like this:

hex: 00 42
dec: 66
however, the cheat engine will display it this way:

hex: 42 00 <--- little endian?
dec: 16896

obviously, the health is 66 and not 16896. I used to seperate the values into a lowbyte and a highbyte, but now im facing a 4 byte integer...

So, is there any way to make the cheatengine interpret THOSE values as big-endian?
and sorry 4 my awful english Very Happy
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Mon Dec 12, 2011 11:17 am    Post subject: Reply with quote

Start a new scan and rightclick the variable type
Choose new custom type (auto assembler)

To give CE support for 2 Byte Big Endian put this in:
Code:

alloc(TypeName,256)
alloc(ByteSize,4)
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)

TypeName:
db '2 Byte Big Endian',0

ByteSize:
dd 2

//The convert routine should hold a routine that converts the data to an integer (in eax)
//function declared as: stdcall int ConvertRoutine(unsigned char *input);
//Note: Keep in mind that this routine can be called by multiple threads at the same time.
ConvertRoutine:
//jmp dllname.functionname
[64-bit]
//or manual:
//parameters: (64-bit)
//rcx=address of input
xor eax,eax
mov ax,[rcx] //eax now contains the bytes 'input' pointed to
xchg ah,al //convert to big endian

ret
[/64-bit]

[32-bit]
//jmp dllname.functionname
//or manual:
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//example:
mov eax,[ebp+8] //place the address that contains the bytes into eax
mov ax,[eax] //place the bytes into eax so it's handled as a normal 4 byte value
and eax,ffff //cleanup
xchg ah,al //convert to big endian

pop ebp
ret 4
[/32-bit]

//The convert back routine should hold a routine that converts the given integer back to a row of bytes (e.g when the user wats to write a new value)
//function declared as: stdcall void ConvertBackRoutine(int i, unsigned char *output);
ConvertBackRoutine:
//jmp dllname.functionname
//or manual:
[64-bit]
//parameters: (64-bit)
//ecx=input
//rdx=address of output
//example:
xchg ch,cl //convert the little endian input into a big endian input
mov [rdx],cx //place the integer the 4 bytes pointed to by rdx

ret
[/64-bit]

[32-bit]
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//[ebp+c]=address of output
//example:
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+c] //load the address into ebx

//convert the value to big endian
xchg ah,al

mov [ebx],ax //write the value into the address
pop ebx
pop eax

pop ebp
ret 8
[/32-bit]


To give CE support for 4 Byte big endian put this in:
Code:

alloc(TypeName,256)
alloc(ByteSize,4)
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)

TypeName:
db '4 Byte Big Endian',0

ByteSize:
dd 4

//The convert routine should hold a routine that converts the data to an integer (in eax)
//function declared as: stdcall int ConvertRoutine(unsigned char *input);
//Note: Keep in mind that this routine can be called by multiple threads at the same time.
ConvertRoutine:
//jmp dllname.functionname
[64-bit]
//or manual:
//parameters: (64-bit)
//rcx=address of input
xor eax,eax
mov eax,[rcx] //eax now contains the bytes 'input' pointed to
bswap eax //convert to big endian

ret
[/64-bit]

[32-bit]
//jmp dllname.functionname
//or manual:
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//example:
mov eax,[ebp+8] //place the address that contains the bytes into eax
mov eax,[eax] //place the bytes into eax so it's handled as a normal 4 byte value

bswap eax

pop ebp
ret 4
[/32-bit]

//The convert back routine should hold a routine that converts the given integer back to a row of bytes (e.g when the user wats to write a new value)
//function declared as: stdcall void ConvertBackRoutine(int i, unsigned char *output);
ConvertBackRoutine:
//jmp dllname.functionname
//or manual:
[64-bit]
//parameters: (64-bit)
//ecx=input
//rdx=address of output
//example:
bswap ecx //convert the little endian input into a big endian input
mov [rdx],ecx //place the integer the 4 bytes pointed to by rdx

ret
[/64-bit]

[32-bit]
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//[ebp+c]=address of output
//example:
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+c] //load the address into ebx

//convert the value to big endian
bswap eax

mov [ebx],eax //write the value into the address
pop ebx
pop eax

pop ebp
ret 8
[/32-bit]



Once these are in CE will be able to scan for those and you can add them to your cheat table and edit the values

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Corruptor
Advanced Cheater
Reputation: 3

Joined: 10 Aug 2011
Posts: 82

PostPosted: Mon Dec 12, 2011 12:52 pm    Post subject: Reply with quote

thx, works perfectly, really makes me want to learn assembler Very Happy

what i still wonder about, is there a way to use that custom type in the Dissect data/structures-tool?
Back to top
View user's profile Send private message
otb
Advanced Cheater
Reputation: 2

Joined: 27 Jan 2015
Posts: 70

PostPosted: Wed Nov 25, 2015 7:52 pm    Post subject: Reply with quote

Dark Byte wrote:
Start a new scan and rightclick the variable type
Choose new custom type (auto assembler)

To give CE support for 2 Byte Big Endian put this in:

To give CE support for 4 Byte big endian put this in:


Once these are in CE will be able to scan for those and you can add them to your cheat table and edit the values
I found the answer to my question:
When searching for Big Endian types (both 2 and 4 bytes), uncheck the Fast Scan option.

------------------------------------------------------------

I hate to bump this thread, but it applies to the AutoAssembler code posted here and this is the first result in Google for CheatEngine Big Endian so hopefully any answers could save time for someone else searching.

I have added the code to CheatEngine, and values set as Big Endian work fine, the problem I am having is I cannot search for Big Endian values. However, the search will work if I choose to search for ALL types, it will narrow down the list to 5 results: 4 Byte Big Endian, 2 Byte BE, 1 Byte, 2 Byte, 4 Byte (Obviously, 2 and 4 Byte would only work on certain values).
I haven't had a problem with the other custom types I have used (Flash and RPGMaker), but I would guess they're different in that they only really change the value you're searching for via math, not changing byte order.
Back to top
View user's profile Send private message
dharthoorn
Advanced Cheater
Reputation: 1

Joined: 27 Nov 2008
Posts: 84

PostPosted: Mon Apr 18, 2016 6:48 am    Post subject: Reply with quote

Sorry to necro but I am crying sweet tears of joy right now for the Big Endian support. So lucky to stumble upon this post.

I figured it'd be in the default build already?

Anywhoo, DB can look forward to another €10 donation from me.

EDIT: Pretty please add Big Endian support in Memory viewer also.... Wink

_________________
"If you could reason with religious people there would be no religious people" - House Md. (My Personal Life Coach)
Back to top
View user's profile Send private message
ujimar
How do I cheat?
Reputation: 0

Joined: 17 Mar 2019
Posts: 1

PostPosted: Sun Mar 17, 2019 10:17 am    Post subject: ???????????? Reply with quote

$lua main.lua
lua: main.lua:7: syntax error near ','
Back to top
View user's profile Send private message AIM Address
sage3k
Cheater
Reputation: 0

Joined: 07 Sep 2013
Posts: 38
Location: United States [4-Now]

PostPosted: Fri May 03, 2019 11:37 am    Post subject: Zelda: Windwaker HD cemu Reply with quote

Is there a table for this game?
Back to top
View user's profile Send private message Send e-mail AIM Address MSN Messenger
The1stOne
How do I cheat?
Reputation: 0

Joined: 11 Nov 2017
Posts: 3

PostPosted: Mon Aug 26, 2019 10:50 am    Post subject: Almost, but not quite right... (looks like NUXI-problem?) Reply with quote

I stumbled upon this thread while using Google and thought/hoped it would solve my current problem with a game. But maybe I am missing something?

I would best describe my situation/problem as a value stored as 2 x 2 byte (little endian) paired as a 4 byte (big endian). No idea what to call this, but it looks like a NUXI-problem but with 2 bytes paired.

Real Value (decimal): 1118359
CE Value (4 bytes hex): 10 97 00 11

The real decimal value is built like this (from hex):
10 (hex) = 16 (dec) x 256 (256^1) = 4096
97 (hex) = 151 (dec) x 1 (256^0) = 151
00 (hex) = 0 (dec) x 16 777 216 (256^3) = 0
11 (hex) = 17 (dec) x 65 536 (256^2) = 1 114 112
Sum these up and you get 1 118 359.

In CE I would like my hex-value to show up like this: 00 11 10 97
,which "translates" to the decimal value 1118359.

If I use the type mentioned here (4 Byte Big Endian) the value is (of course): 11 00 97 10

How would I go about doing this (byte swapping 2 byte-pairs), and what is this/such a type called?
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Mon Aug 26, 2019 11:47 am    Post subject: Reply with quote

weird, new to me Smile

Right click the Value Type dropdown and Define new custom type (LUA) and try something like
Code:
--Note: keep the function base name unique.
typename="Reversed BE Dword" --shown as the typename in ce
bytecount=4  --number of bytes of this type
functionbasename="customvaluetype7"

function customvaluetype7_bytestovalue(b1,b2,b3,b4,address)
  -- 10 97 00 11 -> 00 11 10 97
  return byteTableToDword({b3, b4, b1, b2})
end

function customvaluetype7_valuetobytes(i,address)
  local b= dwordToByteTable(i)
  -- 00 11 10 97 -> 10 97 00 11
  return b[3], b[4], b[1], b[2]
end
return typename,bytecount,functionbasename


(the middle two are shown as hex just in case that's not immediately obvious)


now, lua custom types are slow to scan with so if you want to do that you're probably better off using assembly but I'm not sure how you'd write that off the top of my head... you can probably take advantage of bswap for endian swaps but /shrug

_________________
https://github.com/FreeER/ has a few CE related repos
Back to top
View user's profile Send private message
The1stOne
How do I cheat?
Reputation: 0

Joined: 11 Nov 2017
Posts: 3

PostPosted: Mon Aug 26, 2019 1:07 pm    Post subject: Reply with quote

Thank you FreeER!

This is an old game run through an emulator of sorts. Razz
My guess is that the game only uses a maximum of 2 bytes for storing a variable/value, and then it has to add variables together when they "overflow". That would explain why the "overflow" comes in the two bytes directly after?!

I wouldn't even call my skill level in assembler being at beginner, more like n00b. But I think it should be possible to modify the types mentioned/used previously in this thread, but instead of reading the whole four bytes at once (before "swapping") I should read them two by two somehow. I will play around some and see what pops out, but if you (or someone else) want to have a go at it, be my guest.

I get it that this is not a "pure" little/big endian issue, and if someone (mod) wants to move these posts to another thread feel free to do so.

Edit: I think this "type" is called a rotated word/dword? I have found and tried a solution using ROL/ROR, and so far the values seem to be correct.
Back to top
View user's profile Send private message
theboy181
Advanced Cheater
Reputation: 0

Joined: 26 Jan 2018
Posts: 89

PostPosted: Fri Oct 18, 2019 12:24 pm    Post subject: Floats in Big Endian ? Reply with quote

Is there a script available that helps look for floats in BIG ENDIAN formats?

Is there a way to make CE more friendly with BIG ENDIAN in general?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Fri Oct 18, 2019 12:56 pm    Post subject: Reply with quote

for floats:
Code:

alloc(TypeName,256)
alloc(ByteSize,4)
alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
alloc(UsesFloat,1)
 
 
TypeName:
db 'Float Big Endian',0
 
 
ByteSize:
dd 4

UsesFloat:
db 1
 
 
ConvertRoutine:
[64-bit]
xor eax,eax
mov eax,[rcx] //eax now contains the bytes 'input' pointed to
bswap eax //convert to big endian
ret
[/64-bit]

[32-bit]
push ebp
mov ebp,esp
mov eax,[ebp+8] //place the address that contains the bytes into eax
mov eax,[eax] //place the bytes into eax so it's handled as a normal 4 byte value
bswap eax
pop ebp
ret 4
[/32-bit]
 
 
ConvertBackRoutine:
[64-bit]
bswap ecx //convert the little endian input into a big endian input
mov [rdx],ecx //place the integer the 4 bytes pointed to by rdx
ret
[/64-bit]

[32-bit]
push ebp
mov ebp,esp
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+c] //load the address into ebx
bswap eax
 
mov [ebx],eax //write the value into the address
pop ebx
pop eax
pop ebp
ret 8
[/32-bit]


Or add this lua file to the autorun folder of CE:



bigendian.lua
 Description:
Add to your autorun folder for bigendian support

Download
 Filename:  bigendian.lua
 Filesize:  4.9 KB
 Downloaded:  2549 Time(s)


_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites