Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


short to byte/hex in as3?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
LtO
Advanced Cheater
Reputation: 0

Joined: 09 Mar 2015
Posts: 71

PostPosted: Fri Mar 02, 2018 2:02 pm    Post subject: short to byte/hex in as3? Reply with quote

I would like to change a value in a game, it's in the code as pushshort 10000 (which represents 10 seconds), with bytecode 25 90 4e. I'd like to change it to a much higher value (and if it does fit the same space in memory or I guess it would crash my game)... How do I convert another short number to hex here?
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Fri Mar 02, 2018 2:33 pm    Post subject: Reply with quote

Quote:
SWF 9 and later supports the use of integers encoded with a variable number of bytes. One type of encoded integer is supported.

EncodedU32 - Variable length encoded 32-bit unsigned integer

This is a 32-bit unsigned integer value encoded with a variable number of bytes to save space. All EncodedU32's are encoded as 1-5 bytes depending on the value (larger values need more space). The encoding method is if the hi bit in the current byte is set, then the next byte is also part of the value. Each bit in a byte contributes 7 bits to the value, with the hi bit telling us whether to use the next byte, or if this is the last byte for the value.
Adobe SWF File Format Specification version 19 chapter 1 section "Encoded integers"
Edit: the operand of the pushshort instruction only uses 30 significant bits, not 32. It's still encoded the same way.

25 is the opcode for pushshort. The next byte, 90, is 10010000 in binary. The highest bit is set, so the next byte also contributes to the value. The next byte, 4e (01001110 in binary), does not have its highest bit set, so it's the last byte that contributes to the value.

Take the remaining 7 bits from the operand bytes in little endian order, and that's the value.
Code:
          hex: 90 4e              // given
       binary: 10010000 01001110  // hex -> bin
little endian: 0010000 1001110    // remove highest bit
 binary value: 1001110 0010000    // reverse byte order (most significant on left)
decimal value: 10,000             // bin -> dec

_________________
I don't know where I'm going, but I'll figure it out when I get there.


Last edited by ParkourPenguin on Fri Mar 02, 2018 5:12 pm; edited 1 time in total
Back to top
View user's profile Send private message
LtO
Advanced Cheater
Reputation: 0

Joined: 09 Mar 2015
Posts: 71

PostPosted: Fri Mar 02, 2018 3:32 pm    Post subject: Reply with quote

ParkourPenguin wrote:
Quote:
SWF 9 and later supports the use of integers encoded with a variable number of bytes. One type of encoded integer is supported.

EncodedU32 - Variable length encoded 32-bit unsigned integer

This is a 32-bit unsigned integer value encoded with a variable number of bytes to save space. All EncodedU32's are encoded as 1-5 bytes depending on the value (larger values need more space). The encoding method is if the hi bit in the current byte is set, then the next byte is also part of the value. Each bit in a byte contributes 7 bits to the value, with the hi bit telling us whether to use the next byte, or if this is the last byte for the value.
Adobe SWF File Format Specification version 19 chapter 1 section "Encoded integers"

25 is the opcode for pushshort. The next byte, 90, is 10010000 in binary. The highest bit is set, so the next byte also contributes to the value. The next byte, 4e (01001110 in binary), does not have its highest bit set, so it's the last byte that contributes to the value.

Take the remaining 7 bits from the operand bytes in little endian order, and that's the value.
Code:
          hex: 90 4e              // given
       binary: 10010000 01001110  // hex -> bin
little endian: 0010000 1001110    // remove highest bit
 binary value: 1001110 0010000    // reverse byte order (most significant on left)
decimal value: 10,000             // bin -> dec


Ok, so to what value could I set that maximal? x10 would already be nice but maybe that's not possible...
And I assume I could also make not a short but another kind of value of it?
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Fri Mar 02, 2018 3:59 pm    Post subject: Reply with quote

LtO wrote:
Ok, so to what value could I set that maximal?

Using only 2 bytes for the operand, it would be 2^14-1, or 16,383.
LtO wrote:
And I assume I could also make not a short but another kind of value of it?

You'd need to use a different instruction. Search for "AVM2 instructions" to find a list.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
LtO
Advanced Cheater
Reputation: 0

Joined: 09 Mar 2015
Posts: 71

PostPosted: Fri Mar 02, 2018 4:14 pm    Post subject: Reply with quote

ParkourPenguin wrote:
LtO wrote:
Ok, so to what value could I set that maximal?

Using only 2 bytes for the operand, it would be 2^14-1, or 16,383.
LtO wrote:
And I assume I could also make not a short but another kind of value of it?

You'd need to use a different instruction. Search for "AVM2 instructions" to find a list.


Ah ye, that's why it crashed probably, but I read a short can take at least up to 65000... But I guess the 2 characters limit it.
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Fri Mar 02, 2018 4:30 pm    Post subject: Reply with quote

A short in the context of many languages (Java, C#, VB, many C/C++ implementations, et al.) is a 2 byte integer. An unsigned short can take on any value between 0 and 65535.

The pushshort instruction (contradictory to its name) does not push a 2 byte integer onto the stack: it pushes an EncodedU32 value. If you want to know what that value type is or how it works, read my first post.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
LtO
Advanced Cheater
Reputation: 0

Joined: 09 Mar 2015
Posts: 71

PostPosted: Fri Mar 02, 2018 4:54 pm    Post subject: Reply with quote

Thanks, why is this so complicated Sad I tried now with an int 2d ff ff but that crashed my game too :/ shouldn't be a problem tho to just raise that time period...
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Fri Mar 02, 2018 5:10 pm    Post subject: This post has 1 review(s) Reply with quote

It's complicated because designing an instruction set that's portable, fast, and small is difficult.

The pushint instruction takes an index into the int constant pool (same for pushdouble). You can't push a literal the same way as you can with pushshort.

Read Adobe's AVM2 Overview for more information.

Also, a minor correction on my part: the pushshort instruction can only use 30 significant bits, not 32. It's still encoded the same way.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
LtO
Advanced Cheater
Reputation: 0

Joined: 09 Mar 2015
Posts: 71

PostPosted: Mon Mar 05, 2018 4:52 am    Post subject: Reply with quote

Thanks, I wonder if this is even possible (and within the same bytespace). I solved it now in another way, I realized there must be more ways to do this, with changing some true/false commands.I didn't even see the command to push long in that avm2. I'd have to change more code if I wasn't able to spawn that item cuz I logon with a webdebugger Smile and just have to change the time it is running then, tho u have to watch out not to change other important values...
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites