- 取得連結
- X
- 以電子郵件傳送
- 其他應用程式
軟體:Cheat Engine
官網
功能:修改遊戲
2 Byte Big Endian
Interpret value as Big-Endian?
Big Endian Float / Double
Problem with using Cheat Engine with Dolphin
官網
功能:修改遊戲
用盡任何辦法都找不到值的解法,例:dolphin emulator
Edit -> Settings -> Scan Settings -> 勾選 MEM_MAPPED
值在 memory 中為 Big-Endian 表示
例:dolphin emulator 的值 256 在 memory 中表示為 01 00,但對於 CE 2Bytes 卻是 1 的值
例:dolphin emulator 的值 256 在 memory 中表示為 01 00,但對於 CE 2Bytes 卻是 1 的值
第一種解法
可將 Value Type 改為 AOB(Array of byte) 解決,將會依 memory 順序尋找
第二種解法
新增 custom type右鍵點選 Value Type 的下拉式選單 -> Define new custom type (Auto Assembler) -> 將下面的程式碼依需求貼入視窗內 -> 按 OK -> Value Type 下拉式選單可看到新增的 type (選擇後,可對此按右鍵進行編輯或刪除的動作)
alloc(TypeName,256) alloc(ByteSize,4) alloc(ConvertRoutine,1024) alloc(ConvertBackRoutine,1024) TypeName: db '2 Byte Big Endian',0 ByteSize: dd 2 //The convert routine should hold a routine that converts the data to an integer (in eax) //function declared as: stdcall int ConvertRoutine(unsigned char *input); //Note: Keep in mind that this routine can be called by multiple threads at the same time. ConvertRoutine: //jmp dllname.functionname [64-bit] //or manual: //parameters: (64-bit) //rcx=address of input xor eax,eax mov ax,[rcx] //eax now contains the bytes 'input' pointed to xchg ah,al //convert to big endian ret [/64-bit] [32-bit] //jmp dllname.functionname //or manual: //parameters: (32-bit) push ebp mov ebp,esp //[ebp+8]=input //example: mov eax,[ebp+8] //place the address that contains the bytes into eax mov ax,[eax] //place the bytes into eax so it's handled as a normal 4 byte value and eax,ffff //cleanup xchg ah,al //convert to big endian pop ebp ret 4 [/32-bit] //The convert back routine should hold a routine that converts the given integer back to a row of bytes (e.g when the user wats to write a new value) //function declared as: stdcall void ConvertBackRoutine(int i, unsigned char *output); ConvertBackRoutine: //jmp dllname.functionname //or manual: [64-bit] //parameters: (64-bit) //ecx=input //rdx=address of output //example: xchg ch,cl //convert the little endian input into a big endian input mov [rdx],cx //place the integer the 4 bytes pointed to by rdx ret [/64-bit] [32-bit] //parameters: (32-bit) push ebp mov ebp,esp //[ebp+8]=input //[ebp+c]=address of output //example: push eax push ebx mov eax,[ebp+8] //load the value into eax mov ebx,[ebp+c] //load the address into ebx //convert the value to big endian xchg ah,al mov [ebx],ax //write the value into the address pop ebx pop eax pop ebp ret 8 [/32-bit]4 Byte Big Endian
alloc(TypeName,256) alloc(ByteSize,4) alloc(ConvertRoutine,1024) alloc(ConvertBackRoutine,1024) TypeName: db '4 Byte Big Endian',0 ByteSize: dd 4 //The convert routine should hold a routine that converts the data to an integer (in eax) //function declared as: stdcall int ConvertRoutine(unsigned char *input); //Note: Keep in mind that this routine can be called by multiple threads at the same time. ConvertRoutine: //jmp dllname.functionname [64-bit] //or manual: //parameters: (64-bit) //rcx=address of input xor eax,eax mov eax,[rcx] //eax now contains the bytes 'input' pointed to bswap eax //convert to big endian ret [/64-bit] [32-bit] //jmp dllname.functionname //or manual: //parameters: (32-bit) push ebp mov ebp,esp //[ebp+8]=input //example: mov eax,[ebp+8] //place the address that contains the bytes into eax mov eax,[eax] //place the bytes into eax so it's handled as a normal 4 byte value bswap eax pop ebp ret 4 [/32-bit] //The convert back routine should hold a routine that converts the given integer back to a row of bytes (e.g when the user wats to write a new value) //function declared as: stdcall void ConvertBackRoutine(int i, unsigned char *output); ConvertBackRoutine: //jmp dllname.functionname //or manual: [64-bit] //parameters: (64-bit) //ecx=input //rdx=address of output //example: bswap ecx //convert the little endian input into a big endian input mov [rdx],ecx //place the integer the 4 bytes pointed to by rdx ret [/64-bit] [32-bit] //parameters: (32-bit) push ebp mov ebp,esp //[ebp+8]=input //[ebp+c]=address of output //example: push eax push ebx mov eax,[ebp+8] //load the value into eax mov ebx,[ebp+c] //load the address into ebx //convert the value to big endian bswap eax mov [ebx],eax //write the value into the address pop ebx pop eax pop ebp ret 8 [/32-bit]Float Big Endian
alloc(TypeName,256) alloc(ByteSize,4) alloc(ConvertRoutine,1024) alloc(ConvertBackRoutine,1024) alloc(UsesFloat,4) TypeName: db 'Float Big Endian',0 ByteSize: dd 4 UsesFloat: db 01 ConvertRoutine: [32-bit] push ebp mov ebp,esp mov eax,[ebp+8] //place the address that contains the bytes into eax mov eax,[eax] //place the bytes into eax bswap eax pop ebp ret 4 [/32-bit] [64-bit] //rcx=address of input mov eax,[rcx] //eax now contains the bytes 'input' pointed to bswap eax ret [/64-bit] ConvertBackRoutine: [32-bit] push ebp mov ebp,esp //[ebp+8]=input //[ebp+c]=address of output push eax push ebx mov eax,[ebp+8] //load the value into eax mov ebx,[ebp+c] //load the address into ebx bswap eax mov [ebx],eax //write the value into the address pop ebx pop eax pop ebp ret 8 [/32-bit] [64-bit] //ecx=input //rdx=address of output bswap ecx mov [rdx],ecx //place the integer the 4 bytes pointed to by rdx ret [/64-bit]
明明找到值,卻無法 freeze ,只要 freeze 立馬變問號的解法,例:dolphin emulator
但會影響部分遊戲的 AOB,需謹慎使用
但會影響部分遊戲的 AOB,需謹慎使用
Edit -> Settings -> Extra -> 勾選 Query memory region routines 和 Read/Write Process Memory
參考
Using Cheat Engine with DolphinInterpret value as Big-Endian?
Big Endian Float / Double
Problem with using Cheat Engine with Dolphin
留言
張貼留言