F4SE Native Functions

[tome326]

So, a small amount of context. I've just started learning how to make F4SE plugins and I've actually had a lot of luck with it so far, once I got my mind around how to set it up and query everything. I've got functions that will run in papyrus and figured out how to serialize data between saves, but now I've got a small problem. In order to make this plugin work the best it can, I need to be able to use 4 native functions, AddItem, RemoveItem, GetItemCount, and ShowBarterMenu. Alright, I guess technically I don't need show barter menu but it would be really helpful. The other 3, I need though. Now, I've looked all over the internet on how to find and use them them. I have a basic idea of how hooking into these functions works, but for the life of me I can't find the addresses for them. I have no idea how to even start looking, and I can't find any good information on it online. And even if I did find them, I don't know what parameters it would need. Most of them I can find in the F4SE code seems to just be the normal papyrus parameters with the addition of whatever the function is run on, but then sometimes it seems that the native function runs latently, and I have no idea how to tell them apart. And then it seems that for seemingly no reason, some of these have what I assume are return types that in papyrus don't actually return anything???(referring to the native disable and enable functions used in the clipboard mod that for some reason return a UInt32?) At least, that's what I've assumed the first part of the typedef is.

 

I've got the steamless exe file disassembled in Ghidra(can't afford to pay for IDA and I've heard people say the free version doesn't work very well) and even came close to what I thought would be the address but that turned out to be a dud. All this mostly comes down to the fact that I have no idea how to reverse engineer a large exe file and can't find any good information on how to. Any help or links on how to figure this out would be much appreciated. I would really like to learn how to find these addresses myself, but every time I try doing it myself I end up wasting hours with making no headway at all. Then I start googling how to do it, but I don't find anything that helps me, which takes up even more of my time. At this point trying to figure this out makes my head hurt to the point that if someone is kind enough to help me with the legwork I'd really appreciate it.

 

As I said, I'd like to get the resources to learn this skill myself, but I'll take all the help I can get.

 

For anyone that read this large block of text, thanks for reading. I hope one of you can help me, but more so I hope that this made sense, as writing actual sentences has never been my string suit. :smile:

[YouDoNotKnowMyName]

 

I've got the steamless exe file ...

What?

Where and how did you get that?

I thought the only way to get FO4 was through steam?

 

Also, I am in the same position as you, trying to figure out all of this F4SE plugin stuff ...

 

It would be great if there was some sort of documentation on what people have already figured out about the EXE instead of everybody having to start "from scratch", right?

[tome326]

 

 

I've got the steamless exe file ...

What?

Where and how did you get that?

I thought the only way to get FO4 was through steam?

 

"Steamless" is a program that you need to run the .exe through in order to find the addresses accurately. From what I understand, it removes all the steam API and steam DRM stuff stuff from the file. Otherwise the addresses aren't in the correct spots. If I can find the link again, I'll post it here for you. It makes a copy of the file and does its stuff on that one, so you don't need to worry about any lasting effects on your actual file.

[YouDoNotKnowMyName]

 

 

 

I've got the steamless exe file ...

What?

Where and how did you get that?

I thought the only way to get FO4 was through steam?

 

"Steamless" is a program that you need to run the .exe through in order to find the addresses accurately. From what I understand, it removes all the steam API and steam DRM stuff stuff from the file. Otherwise the addresses aren't in the correct spots. If I can find the link again, I'll post it here for you. It makes a copy of the file and does its stuff on that one, so you don't need to worry about any lasting effects on your actual file.

 

Ok, weird stuff ....

 

Exactly this kind of stuff needs to be documented / written down somewhere where other people who are interested in making F4SE plugins can find it!

That's I guess why so little people do this stuff, because there is almost NO documentation.

[tome326]

Agreed. 100% agreed. That's the reason that I took so long to start it at all. The only reason I did finally start to make mine was I finally found the one guided setup by Wolfmark(I think that was his name?) And that doesn't really get into it other then the actual setup itself. It's a great starting resource, but after you get it started it doesn't go to much more in depth. But doing that doesn't show you how to do the lower level, address type things like finding some functions or variables. And, that's a shame. How many people don't start on plugins because they can't figure out where to start. With any level of programming knowledge, how many people didn't start because when they asked for help the answer was more often then not figure it out yourself.

 

BTW, here's the link to the program. It's simple enough to use.

And here's the guided setup by Wolfmark, in case you don't what I'm talking about. I tend to get ahead of myself :sweat:

[tome326]

Aha! I made a small breakthrough finally! I found a fairly good way to find certain native functions! I'm not sure if this process will work on many more, but here's the process I went though to find AddItem and RemoveItem. Tested and they both work!

 

Firstly, I'd guess that this way can only be used to find functions with a value tied to them. IE, finding the function to modify an AV, get a character's location or, in my case, adjust the count of certain items. You're also going to need Cheat Engine, or another program that can look through and edit the values in memory.

 

First, you find a concrete value you know and can change for yourself. For me, that was the amount of tin cans I had, as those can be easily manipulated.

 

Second, Search for that value in cheat engine. I had 3 when I started, so I searched memory for the value 3. I got, like, 90,000 hits though, so I had to narrow it down.

 

Next, modify the value you are looking at, without bringing it down to 0. When I did that, I had to start over. I would add or remove the item in the console.

 

Then, search for the new value. I added 10 cans to my inventory, so I searched for 13. This narrowed it down to one hit.

 

In order to test that the value you have left is the one that you want, edit that value in memory then check it in game. What this meant for me was simply changing the value to something like 100 and getting the value with the console in game to see if they matched. They did! :laugh: This means that value in memory is the actual count of the item, and not something like what the pipboy would display.

 

Then, setup a script in the CK that will mod this value when you tell it to. I did this as when I used the console, it was giving me false positives for some reason. Another reason I used tin cans for this is I didn't need to actually make anything for this process. I just used the traps that are everywhere. Otherwise, you just make a simple script that modifies the value and attach it to an activator or something.

 

Setup a write breakpoint on the value you found in CheatEngine (right click and click on 'Find out what writes to this address') to find out where in memory wrote to that space. That is one level of the function that you are looking at. IF there's more than one, I just picked the first one in the list.

 

Now I would view this in the disassembler, go to the top of the function and write down the address. Then, I'd setup a breakpoint there and delete the old one. You don't need it anymore. Then, I'd use whatever it is that modified the value in the first place and have it break.

 

I'd go to the return address and repeat the process until the breakpoint I set was being triggered every frame. Then, I had a list of addresses that I could test. I found that it was actually the 2nd to last one I wrote down in both instances, but I don't know if this is normal.

 

I don't know if writing down the addresses I found was entirely necessary, but I didn't want to risk losing the old ones. Also, I don't know if this is just my computer I'm using but I couldn't use a software breakpoint, or my game would crash. I had to setup a hardware breakpoint.

 

Now, I'm not great at writing instructions or tutorials, so I understand if any of this is confusing. If it is, well... Not much I can do about that! I guess you can reply to this post and I might get back to you but I might not. My main reason for writing this at all was the relative lack of information regarding how to do this at all, so I guess this is better than what I was finding in the first place!

 

Anyways, good luck with whatever you choose to do, or not do, with this information!

[NoCashNoExp]

I am going to give you a bit of advice. You're going down a rabbit hole that has no end without an understanding of deeper computer science subjects such as assembly, how programs are executed/loaded into memory, stack/heap memory, hexadecimal and binary numbering systems and many many more. Trust me on this one you'll get nowhere useful. These addresses that you're writing down probably change each time you restart the game because of ASLR.

 

What you're doing right now is called reverse engineering, if you truly what to learn that you will need dedicate time and research what topics are needed before you can even begin because there's a lot but if you're doing all of this to code a small or even a big mod for a game it's not the worth the time in my humble opinion.

Edited February 17, 2021 by NoCashNoExp

[tome326]

I have a basic understanding of these concepts, no where near the level that I would need to really dive deep into reverse engineering, but hey I have to start somewhere. I know what reverse engineering is, and I know it's a big topic. I was never expecting anyone to just post a lengthy tutorial or go out of there way to help me. Also, when I said address, I was referring to the offset in memory (that was my mistake). Native code is loaded into the same offset every time you launch the game, that's how native functions are used in F4SE to begin with, they refer to the offset. And believe me, I've tested these offsets that I found multiple times and they do work no matter how many times I relaunch the game or what computer I launch it on. They are hardcoded at those places and you can confirm this in a disassembler. I'm not trying to remake everything or find all the answers, I'm just trying to find the answers I need and if the process I went through to find them helps someone else who is stuck on the same topic without having to get a Masters of Computer Science, then even better. And as far as it not being worth the time, I understand that mindset, I do. And I can agree with it to a certain extent. But I started down this path because I wanted to learn something. Yes I am doing this to make a mod, that's the whole end goal. But I find this stuff really fascinating. This is fun for me, and I know that I'm not the only one. If I would have given up the first time someone said to, then I would have never gotten the result I'm looking for.

 

And in the end I did get somewhere useful. In my humble opinion, it's mindsets like this that cause people to not take on the task of making these plugins to begin with. When someone asks for help, or just to be pointed in the right direction, they are so often met with the answer "it's not worth the effort or the time".

 

I know there is more that I need to learn, but I have to teach it to myself. I know the basics of ASM, I have a pretty good idea of how programs are loaded and executed, I have a less good idea of stack/heap memory, and I know how hex and bin systems work. I know you're trying to be helpful saying how much extra work this is, but I knew how large this rabbit hole was before I went down it, and I've had fun learning s#*! the whole way down. :happy:

 

Oh, and I want to reiterate, I already found the answers I'm looking for. This is just the process that I used to find them. And it worked, in case that wasn't clear enough at the beginning of my last post where I said I found the addresses I was looking for and they worked.

[NoCashNoExp]

My intention wasn't to discourage you but instead to save your time. It's not my place to say what you should do and what you shouldn't. If you're enjoying this and you have time to spend then by all means. Good luck on your mod.

Edited February 17, 2021 by NoCashNoExp

[YouDoNotKnowMyName]

But what other choise do we have if we want to create custom F4SE plugins?

We need to reverse the whole fo4.exe to know what is going on so we can modify it to work the way we want, right?

(To know the adresses of the "relevant" stuff that a created plugin dll will "hook into", right?)