Odd Request!! Read About Odd Value Types, BUT PLEASE HELP.

Anything Cheat Engine related, bugs, suggestions, helping others, etc..
Post Reply
HackerX
Noobzor
Noobzor
Posts: 9
Joined: Thu Mar 07, 2019 9:32 pm
Reputation: 0

Odd Request!! Read About Odd Value Types, BUT PLEASE HELP.

Post by HackerX »

Just wondering if it iS possible to do this. I read about it awhile back on DB'S CE.ORG I think. THIS IS ONLY FOR GAME SEARCH EXPERIMENTS,
BUT PLEASE SHOW ME IF IT IS POSSIBLE. (These are all max values for each type)
You know that If you search for 1 bytes and you view it in hex you get the display results 1=FF,
2 bytes 2=FF FF, 4 bytes 4=FF FF FF FF. So what about 3 bytes and displayed as 3=FF FF FF OR 5 bytes 5=FF FF FF FF FF etc.
Can someone make 2 scripts 3 and 5 bytes and take a pic of it and circle what was modded and what was added so I can try it myself with other
integer types? :)

Eric
Hall of Famer
Hall of Famer
Posts: 174
Joined: Thu Mar 02, 2017 11:01 pm
Reputation: 90

Re: Odd Request!! Read About Odd Value Types, BUT PLEASE HELP.

Post by Eric »

Here is a 3 byte type

Code: Select all

alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
alloc(TypeName,256)
alloc(ByteSize,4)
alloc(UsesFloat,1)
alloc(CallMethod,1)
alloc(PREFEREDALIGNMENT,1)

TypeName:
db '3 Byte value',0

ByteSize:
dd 3

UsesFloat:
db 0 //Change to 1 if this custom type should be treated as a float

CallMethod:
db 1 //Remove or change to 0 for legacy call mechanism

PREFEREDALIGNMENT:
db 1

//The convert routine should hold a routine that converts the data to an integer (in eax)
//function declared as: cdecl int ConvertRoutine(unsigned char *input, PTR_UINT address);
//Note: Keep in mind that this routine can be called by multiple threads at the same time.
ConvertRoutine:
//jmp dllname.functionname
[64-bit]
//or manual:
//parameters: (64-bit)
//rcx=address of input
//rdx=address
xor eax,eax
mov al,[rcx+2]
shl eax,#16
mov ax,[rcx]
//and rax,ffffff

ret
[/64-bit]

[32-bit]
//jmp dllname.functionname
//or manual:
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=address of input
//[ebp+c]=address
//example:
push ecx
mov ecx,[ebp+8]
mov al,[ecx+2]
shl eax,#16
mov ax,[ecx]

pop ebp
ret
[/32-bit]

//The convert back routine should hold a routine that converts the given integer back to a row of bytes (e.g when the user wats to write a new value)
//function declared as: cdecl void ConvertBackRoutine(int i, PTR_UINT address, unsigned char *output);
ConvertBackRoutine:
//jmp dllname.functionname
//or manual:
[64-bit]
//parameters: (64-bit)
//ecx=input
//rdx=address
//r8=address of output
//example:
mov [r8],cx

shr ecx,#16
mov [r8+2],cl

ret
[/64-bit]

[32-bit]
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//[ebp+c]=address
//[ebp+10]=address of output
//example:
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
and eax,ffffff

mov ebx,[ebp+10] //load the output address into ebx
mov [ebx],cx
shr ecx,#16
mov [ebx+2],cl
pop ebx
pop eax

pop ebp
ret
[/32-bit]

as for 5 byte type you will have to do that different as 5 byte can't be encoded using an integer, so you have to use an approximation
e.g 1 or 0 depending on your wish

HackerX
Noobzor
Noobzor
Posts: 9
Joined: Thu Mar 07, 2019 9:32 pm
Reputation: 0

Re: Odd Request!! Read About Odd Value Types, BUT PLEASE HELP.

Post by HackerX »

Eric wrote:
Mon Mar 11, 2019 1:04 pm
Here is a 3 byte type

Code: Select all

alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
alloc(TypeName,256)
alloc(ByteSize,4)
alloc(UsesFloat,1)
alloc(CallMethod,1)
alloc(PREFEREDALIGNMENT,1)

TypeName:
db '3 Byte value',0

ByteSize:
dd 3

UsesFloat:
db 0 //Change to 1 if this custom type should be treated as a float

CallMethod:
db 1 //Remove or change to 0 for legacy call mechanism

PREFEREDALIGNMENT:
db 1

//The convert routine should hold a routine that converts the data to an integer (in eax)
//function declared as: cdecl int ConvertRoutine(unsigned char *input, PTR_UINT address);
//Note: Keep in mind that this routine can be called by multiple threads at the same time.
ConvertRoutine:
//jmp dllname.functionname
[64-bit]
//or manual:
//parameters: (64-bit)
//rcx=address of input
//rdx=address
xor eax,eax
mov al,[rcx+2]
shl eax,#16
mov ax,[rcx]
//and rax,ffffff

ret
[/64-bit]

[32-bit]
//jmp dllname.functionname
//or manual:
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=address of input
//[ebp+c]=address
//example:
push ecx
mov ecx,[ebp+8]
mov al,[ecx+2]
shl eax,#16
mov ax,[ecx]

pop ebp
ret
[/32-bit]

//The convert back routine should hold a routine that converts the given integer back to a row of bytes (e.g when the user wats to write a new value)
//function declared as: cdecl void ConvertBackRoutine(int i, PTR_UINT address, unsigned char *output);
ConvertBackRoutine:
//jmp dllname.functionname
//or manual:
[64-bit]
//parameters: (64-bit)
//ecx=input
//rdx=address
//r8=address of output
//example:
mov [r8],cx

shr ecx,#16
mov [r8+2],cl

ret
[/64-bit]

[32-bit]
//parameters: (32-bit)
push ebp
mov ebp,esp
//[ebp+8]=input
//[ebp+c]=address
//[ebp+10]=address of output
//example:
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
and eax,ffffff

mov ebx,[ebp+10] //load the output address into ebx
mov [ebx],cx
shr ecx,#16
mov [ebx+2],cl
pop ebx
pop eax

pop ebp
ret
[/32-bit]

as for 5 byte type you will have to do that different as 5 byte can't be encoded using an integer, so you have to use an approximation
e.g 1 or 0 depending on your wish
Thanks Eric that's great. can you do a 5 bytes, I want to see what it looks like because I don't know what you mean using an approximation.
I will start testing things once you show me about an approximation. Am I right to guess a 6 byte wouldn't use an approximation but 7 bytes would?
I am trying to learn from this.
5 thumbs up. :D

Eric
Hall of Famer
Hall of Famer
Posts: 174
Joined: Thu Mar 02, 2017 11:01 pm
Reputation: 90

Re: Odd Request!! Read About Odd Value Types, BUT PLEASE HELP.

Post by Eric »

custom types only return values from 0 to 4294967295

5 bytes can go to 1099511627775
so when the value is 1099511627775 you'll have to come up with a different way to show it
e.g every value divided by 256 (shifted by 1 byte)

Anyhow, showing values exactly like that is not worth it anyhow, as those are not 'human readable values'(HRV) (values below 100000 and floating points without exponent notations) and programmers do tend to use HRV's
And if it's using encryption then the bytesize can be quite high, but the final value once decrypted will still be a HRV.
Thinking in 3 byte , 5 byte, 7 byte types is not going to get you anywhere, you need to figure out what the values mean first

HackerX
Noobzor
Noobzor
Posts: 9
Joined: Thu Mar 07, 2019 9:32 pm
Reputation: 0

Re: Odd Request!! Read About Odd Value Types, BUT PLEASE HELP.

Post by HackerX »

Eric wrote:
Tue Mar 12, 2019 3:51 pm
custom types only return values from 0 to 4294967295

5 bytes can go to 1099511627775
so when the value is 1099511627775 you'll have to come up with a different way to show it
e.g every value divided by 256 (shifted by 1 byte)

Anyhow, showing values exactly like that is not worth it anyhow, as those are not 'human readable values'(HRV) (values below 100000 and floating points without exponent notations) and programmers do tend to use HRV's
And if it's using encryption then the bytesize can be quite high, but the final value once decrypted will still be a HRV.
Thinking in 3 byte , 5 byte, 7 byte types is not going to get you anywhere, you need to figure out what the values mean first
Thanks Eric for info. I found this script and I think this is a complex script (Not Normal). Are there many games that use what I think is a complex
script/value type as this?, and are there other scripts like this out there that you know of? What kind of game would you use this script for?
encrypted float (xor with address)

alloc(ConvertRoutine,1024)
alloc(ConvertBackRoutine,1024)
alloc(TypeName,256)
alloc(ByteSize,4)
alloc(UsesFloat,1)
alloc(UsesRealAddress,1)

TypeName:
db 'encrypted float (xor with address)',0

ByteSize:
dd 4

UsesFloat:
db 1

UsesRealAddress:
db 1

ConvertRoutine:
[64-bit]
// eax = output (store result in EAX)
//[rcx] = address of input
//[rcx+ByteSize] = "realAddress" (the value is the real address from the game)
mov eax,[rcx] // get value
xor eax,[rcx+4] // xor with "realAddress"
ret
[/64-bit]

[32-bit]
// eax = output (store result in EAX)
//[ebp+8] = address of input
//[[ebp+8]+ByteSize] = "realAddress" (the value is the real address from the game)
push ebp
mov ebp,esp
push ebx

mov ebx,[ebp+8] // get addres
mov eax,[ebx] // get origbytes
xor eax,[ebx+4] // xor with "realAddress"

pop ebx
pop ebp
ret 4
[/32-bit]




ConvertBackRoutine:
[64-bit]
//ecx = input (value you want to write)
//rdx = address of output
//r8 = "realAddress"
xor ecx,r8 // xor rcx,r8
mov [rdx],ecx
ret
[/64-bit]

[32-bit]
//[ebp+8] = input (value you want to write)
//[ebp+c] = address of output
//[ebp+10] = "realAddress"
push ebp
mov ebp,esp
push eax
push ebx
mov eax,[ebp+8] //load the value into eax
mov ebx,[ebp+c] //load the address into ebx

xor eax,[ebp+10] //xor with "realAddress"

mov [ebx],eax //write the value into the address
pop ebx
pop eax

pop ebp
ret 8
[/32-bit]
THANKS :D

HackerX
Noobzor
Noobzor
Posts: 9
Joined: Thu Mar 07, 2019 9:32 pm
Reputation: 0

Re: Odd Request!! Read About Odd Value Types, BUT PLEASE HELP.

Post by HackerX »

IF ANYONE HAS A SCRIPT/VALUE TYPE THAT'S NOT IN CE LIKE THE encrypted float (xor with address) , THEN PLEASE POST IT HERE.
I play allot of different games so I'm sure I will come across a game I could use them on.
I already have Big-Endian 2/4 Bytes because I use the Wii emulator.
I will leave this thread for that.

THANKS

Post Reply

Who is online

Users browsing this forum: No registered users