[SOLVED] Convert Little Endian to Big Endian in Script

Bloodybone · Dec 27, 2017

In my Script i have this code:

Code:

player1:
cmp [player1cmp],1
jne code
mov [player1cmp],0
push rcx
mov ecx,[player1coinsvalue] // My Value
mov [rbx+rdi+1C],ecx
pop rcx
jmp code

What i want is: I want my value to be a little Endian but it has to be converted into Big Endian because [rbx+rdi+1C] is Big Endian.
I can offcourse just manualy convert my value into Big Endian but i want it to be a little Endian, I already tried bswap ecx but it doesn't work, maybe i'm just doing something wrong... I hope someone can help me out

Acido · Dec 28, 2017

So you're saying the following does not work? cause it should.

mov ecx, DWORD PTR [player1coinsvalue]
bswap ecx
mov DWORD PTR [rbx+rdi+1C],ecx

Bloodybone · Dec 28, 2017

Acido post_id=29086 time=1514419705 user_id=11491 said:

Yes, it doensn't work... If i put any value in [player1coinsvalue] the outcome is 0 but if i don't do the bswap ecx and put a Big Endian value in there it works here is the whole code, maybe it helps:

[ENABLE]
aobscan(coins1,0F B7 74 3B 1C 0F CE C1 FE 10 89)
alloc(newmem,$100,coins1)

label(code)
label(return)
label(player1)
label(player2)
label(player3)
label(player4)
label(player1cmp)
label(player2cmp)
label(player3cmp)
label(player4cmp)
label(player1coinsvalue)
label(player2coinsvalue)
label(player3coinsvalue)
label(player4coinsvalue)
registersymbol(player1cmp)
registersymbol(player2cmp)
registersymbol(player3cmp)
registersymbol(player4cmp)
registersymbol(player1coinsvalue)
registersymbol(player2coinsvalue)
registersymbol(player3coinsvalue)
registersymbol(player4coinsvalue)

newmem:
cmp al,FC
je player1
cmp al,FD
je player2
cmp al,FE
je player3
cmp al,FF
je player4
jmp code

player1:
cmp [player1cmp],1
jne code
mov [player1cmp],0
push rcx
mov ecx,[player1coinsvalue]
mov [rbx+rdi+1C],ecx
pop rcx
jmp code

player2:
cmp [player2cmp],1
jne code
mov [player2cmp],0
push rcx
mov ecx,[player2coinsvalue]
mov [rbx+rdi+1C],ecx
pop rcx
jmp code

player3:
cmp [player3cmp],1
jne code
mov [player3cmp],0
push rcx
mov ecx,[player3coinsvalue]
mov [rbx+rdi+1C],ecx
pop rcx
jmp code

player4:
cmp [player4cmp],1
jne code
mov [player4cmp],0
push rcx
mov ecx,[player4coinsvalue]
mov [rbx+rdi+1C],ecx
pop rcx
jmp code

code:
movzx esi,word ptr [rbx+rdi+1C]
jmp return

player1cmp:
dd 0

player2cmp:
dd 0

player3cmp:
dd 0

player4cmp:
dd 0

player1coinsvalue:
dq 0

player2coinsvalue:
dq 0

player3coinsvalue:
dq 0

player4coinsvalue:
dq 0

coins1:
jmp newmem
return:
registersymbol(coins1)

[DISABLE]

coins1:
db 0F B7 74 3B 1C

unregistersymbol(coins1)
dealloc(newmem)
unregistersymbol(player1cmp)
unregistersymbol(player2cmp)
unregistersymbol(player3cmp)
unregistersymbol(player4cmp)
unregistersymbol(player1coinsvalue)
unregistersymbol(player2coinsvalue)
unregistersymbol(player3coinsvalue)
unregistersymbol(player4coinsvalue)

Acido · Dec 28, 2017

Bloodybone post_id=29088 time=1514420238 user_id=7561 said:

Okay, but the code is correct so if it doesn't work something else is going on. Are you sure the value stored is 4 bytes? i see further down you're only moving 2 bytes into esi before returning to the original code.

If you're just converting a 16bit value you can just do this:
mov cx, WORD PTR [player1coinsvalue]
xchg cl,ch
mov WORD PTR [rbx+rdi+1C],cx

Bloodybone · Dec 28, 2017

Acido post_id=29089 time=1514420705 user_id=11491 said:

Yes at the origianal code it's only moving a 2 byte value after that it is doing a bswap esi and after that sar esi,10

Acido · Dec 28, 2017

Bloodybone post_id=29092 time=1514421246 user_id=7561 said:

Acido post_id=29089 time=1514420705 user_id=11491 said:

Yes at the origianal code it's only moving a 2 byte value after that it is doing a bswap esi and after that sar esi,10

Edited my reply after you responded to it it seems

Try this:

mov cx, WORD PTR [player1coinsvalue]
exchg cl,ch
mov WORD PTR [rbx+rdi+1C],cx

Bloodybone · Dec 28, 2017

Acido post_id=29093 time=1514421436 user_id=11491 said:

Bloodybone post_id=29092 time=1514421246 user_id=7561 said:

Edited my reply after you responded to it it seems

Try this:

mov cx, WORD PTR [player1coinsvalue]
exchg cl,ch
mov WORD PTR [rbx+rdi+1C],cx

Thanks it works, exchg doesn't work but xchg works

Edit: One question why does xchg cl,ch work? It doesn't make any sense to me ...

Acido · Dec 28, 2017

Bloodybone post_id=29094 time=1514421751 user_id=7561 said:

Great, and yeah the extra e was a typo on my part

Well its a 16bit value but you're storing a 32bit value with the bswap i would guess thats why it didn't work.

Bloodybone · Dec 28, 2017

Acido post_id=29095 time=1514421872 user_id=11491 said:

Bloodybone post_id=29094 time=1514421751 user_id=7561 said:

Great, and yeah the extra e was a typo on my part

Oh ok i found out why cl ch i'm dumb lol

Acido · Dec 28, 2017

Bloodybone post_id=29096 time=1514421929 user_id=7561 said:

yeah you're just swapping around the upper/lower part of cx register turning it into big endian.

Bloodybone · Dec 28, 2017

Acido post_id=29097 time=1514422032 user_id=11491 said:

Bloodybone post_id=29096 time=1514421929 user_id=7561 said:

yeah you're just swapping around the upper/lower part of cx register turning it into big endian.

Yeah didn't think of that thanks

FearLess Cheat Engine

Search

Search

[SOLVED] Convert Little Endian to Big Endian in Script

Bloodybone

Novice Cheater

Acido

Noobzor

Bloodybone

Novice Cheater

Acido

Noobzor

Bloodybone

Novice Cheater

Acido

Noobzor

Bloodybone

Novice Cheater

Acido

Noobzor

Bloodybone

Novice Cheater

Acido

Noobzor

Bloodybone

Novice Cheater