Hex Editing with UE Explorer

[anUser]

I'm familiar with programming concepts, but this hex editing stuff is new to me and it's getting harder than I expected. I've seen somewhere in this forum a table of equivalencies for hex values, like 04 being return, etc, and I get that, and I also get that there are 'elements' (don't know what's the proper name) like variables, references to objects, etc, that may take several bytes, and that there are sometimes different hex values for the same thing, and vice versa.

 

I also see that position plays a major role here, but I have no idea how to read it or understand it. How does it correlate the hex offset, or however it's called, that you see on 'view buffer' with the adresses shown in 'view tokens'? In this view tokens screen, is that number in parentesis meant to be some indicator of some kind? ... and more important, how can you correlate the offset you get when you do view buffer on a specific function, to the position in the whole upk once in the hex editor? I'm aware my terminology is not quite proper, and I feel my grammar is even worse, hope you get what I mean 'though.

 

I'd really appreciate any piece of help or advice. I couldn't find much info about this and what few information I've found hasn't been very helpful so far. I've checked the web from the guy that made the UE Explorer but there's not much there, and some I feel I lack the basics to understand it.

 

 

ps: I don't mind heavy readings, if there's such a comprehensive manual the more information the better

 

[johnnylump]

I'll try to answer as best I can. I'd suggest you start small with hex editing, like finding a single value or sign in the game you want to change, and then testing it ingame. There's lots of modding you can do by starting with that. Stepping up to full rescripting adds a lot of challenge.

 

The main thing I do when I want to find something in hex is find a unique string of hex in UE's "view buffer" function. For example, the first six bytecodes at the beginning of a function are very likely unique within the upk. So you can do a "count" on those six bytes, and if it occurs only once in the file, you can go there and be at the start of the function.

 

* How does it correlate the hex offset, or however it's called, that you see on 'view buffer' with the adresses shown in 'view tokens'?

 

They usually don't. Here's why: references to certain variables, function calls, and other things increase the "virtual size" of the script beyond its actual hex code. Check out the "rewriting scripts" post on this forum.

 

The "view tokens" is what you want when you are assigning destinations for 06 and 07 jumps and updating the virtual size of the function (you have to have this exactly right; if you add or remove variables, this will change, and if you don't correct it in the function header, the game will crash).

 

The numbers in parens in view tokens are where you want a jump to point to. The virtual size is the endofscript call +1 (in base 16).

 

Clear as mud, right? If this doesn't help, perhaps you might lay out what exactly you want to do.

[anUser]

It's still pretty unclear, but I appreciate it.

 

Of course I'm just trying to swap an integer value, I don't dare even thinking of anything more complex, at least not yet. 'll try to break it down and see if I can get to understand some of it.

 

1 - position within the whole upk:

I'll check how headers are defined, but in theory there should be something if not the whole header that forms a unique hex string, so I will know where the function starts. I'm assuming the rest of the function comes next and all consecutively in one piece (I mean I guess the function won't be broken down in scattered pieces, right? If my guess are right this one should be easy.

 

2 - virtual size:

No idea what it means. Does it have to do with the difference in size from what's actually written and the size in memory of whatever values they represent? Do I have to mind it if just changing a single byte for another value of the same type? (Like changing an integer for another one, or a logical operator for anonther, etc)

 

3 - order of elements within the function

Let's say I've located this function where's that pretty integer I wanna change. Am I to expect everyting in the same order both in hex and in undreal script? My guess is not, but then, how can I locate a single element there?

 

4 - position and jumps and gotos

I put it all together cause it seems somehow related to me, if it's not please tell me. I know old scripting goto command, and it seems to me the game internally replaces whatever control structure there is, like if else etc, into 'jumps', which point to certain position in... in what? In the upk, in memory, in the function?

 

 

That seems the most pressing and puzzling to me. Any tip or clue is welcome.

Thanks

[johnnylump]

If you're just trying to swap an integer value then you really don't need to worry about ANY of this -- this is only stuff that matters in rescripting. All you need to do is find where the value is in the hex.

 

In Buffer mode, UExplorer will show you where lines of code begin if you mouse over the first byte of that line.

 

Integer values are typically denoted by a "2c" or "24" followed by the hex of the number. If it's a zero or a one, sometimes that will be denoted by a single byte, 25 or 26, which makes your job a lot harder if you are trying to change that to something higher, and you'll actually have to start some basic rescripting.

 

Let's say I wanted to make ethereals escorted by regular mutons, instead of muton elites. The function that controls that is XComStrategyGame.upk, class XGStrategyAI, function GetSupportingAlien.

 

I happen to know that ethereals are alien #12, and mutons are alien #7, and muton elites are alien #11. You see case 12, return 11 in the code. Do View Buffer (not table), and you'll see the hex for the function.

 

I mouse around until I see the code I'm looking for: 0a 83 00 24 0c 04 24 0b

0a 83 00 is CASE

24 0c is 12

04 is return

24 0b is 11

 

I want to change the 24 0b to 24 07.

 

So I go to Notepad++, hex mode for the upk, and I search for 0a 83 00 24 0c 04 24 0b. I do a count, it returns "1 tokens are found" which means this string exists in exactly one place in the upk, so I'm sure this is what I'm looking for. If it returns multple tokens, then I add bytes from the buffer to the front or back of the search string until I get a unique string.

 

Then I do a search and replace

Search for

0a 83 00 24 0c 04 24 0b

Replace with

0a 83 00 24 0c 04 24 07

 

It should say it did one replace. You want to use the whole search string, of course. Alternately, you could go to the code you found and manually type in 07. Save, look at the function again in UExplorer to make sure it's right, then try to load it into the game to test.

Edited March 8, 2013 by johnnylump

[anUser]

Hmmm... I knew all this, what I don't get is how you knew THAT code would output THAT hex string? I know single-elements equivalents, but how can I tell the exact order in which they will appear? It's like knowing the words but completely ignoring the syntax. I'm guessing that statements come all along, like in this example of yours and when editing class abilities, 04 return 2c integer xx a number here 06 ... but when it's in a complex condition with objects calling methods, I loose track.

 

Is there some way I can get a rough idea where the byte is or could be?

 

Edit: the code I wanted to change is this, from the storms topic. It got screwed when copying.

ult.ShowUFOsOnMission == 0 && kUFO.m_kObjective.GetType() == 5 || kUFO.m_kObjective.GetType() == 6

 

I wanted to change the 6 for a 5 to only hide terror ships by default. I've got some idea for rewritting the condition that culd fit the space, but now I just want to change this number. So, even if I track it in the view buffer... will at least all the surrounding bytes be the same both in the view buffer and in the hex editor?

Edited March 8, 2013 by anUser

[johnnylump]

Experience and mousing around in buffer mode. I don't think there's a precise method of locating a byte.

[anUser]

So when facing a code that you don't know how it will look like, because it's full of variables and methods which hex representation you ignore beforehand, ... what would you suggest? Should I try to figure out what is what and locate the byte by logic? Also, must I expect jumps to change the order and maybe find that a condition at the begining of the function is written by the end of the hex, or is there some correlation?

 

I'm sorry I'm starting to loose my nerves with this, I'm good at logic, but I'm terrible at chaos, and that's what it looks like :) time for a coffe and a break

[anUser]

Ok I've managed to change what I wanted. It's an extract from a post by brillian johnnylump :P

Only entry I've found is in XComStrategyGame.upk, class XGGeoscape, function int DetectUFO(). Interesting, I see Overseer defined there or UFOs that completed a mission.
function int DetectUFO(XGShip_UFO kUFO)
{
...
// End:0x10f
if(class'XGTacticalGameCore'.default.ShowUFOsOnMission == 0 && kUFO.m_kObjective.GetType() == 5 || kUFO.m_kObjective.GetType() == 6)
{
return -1;
}
...
}enum EAlienObjective
5 = eObjective_Abduct
6 = eObjective_Terrorize

This can be tweaked to show only abductions for an example. Or just terror missions.

Locating the function inside the upk was easy, it's header forming a unique hex string, but finding the byte in the view buffer screen was much of a blind guessing than a proper search. I looked for the first 05 byte preceeded by 2C or 24, and I changed it and it worked, but it could perfectly be wrong and I wouldn't be surprised. Honestly I still feel there must be a much more proper way to approach this, get a rough sketch of how the function will look like in hex, and then counting the bytes each element takes, so you can know with almost scientific exactitude the position of certain element.

By the way, the change I made makes that setting ShowUFOsOnMission to 0 only hides terror mission, not abductions. I just got to replace:
1B 81 10 00 00 00 00 00 00 16 38 3A 24 05 16 18

for
1B 81 10 00 00 00 00 00 00 16 38 3A 24 06 16 18

 

I've checked and it's a unique hex string, XComStrategyGame.upk.

Once I learn a bit more I'm planning on making the terror ufos show on map only if panic is low in that country, I think it'd be a good way to skip those terror mission on late game when, and if, everything is under control. But as said, right now it seems such a titanic task if the procedure is mere trial and error.