Is there a program that can in/decrease a pile of hex numbers?

[CosmoCortney]

Hi,
I've been working with some RAM dumps and need to extract 910 32bit hex values out of it. I have done this before per hand which took some hours. And I don't want to do it a 3rd time when Twilight Princess HD is out . I have noticed that ALL values of the second RAM dump are decreased by 0x00020000. I have asked google but didn't find anything meaningful or just used the wrong words :/
Does anyone of you know such a program?

 

[FAST6191]

Is this addresses decreased by 020000 hex or values decreased by? I imagine you could have some fun with binary grep, however if you combined that columns thing you asked the other month and a spreadsheet and a something like http://min.midco.net/cracker/filecutter.zip (usage is simple enough but http://gbatemp.net/threads/request-...-hex-into-seperate-files.403268/#post-5810672 has some if you wanted it) it should be easy enough.

 

[CosmoCortney]

They are value decrements. (I do already have a tool to in/decrease addresses). Just none for values.
Here you can see views of the RAM dumps separated by a green line:

As you can see, the values on the right are decreased by 0x00020000.
I already have extracted the ones of the left one by hand (cue copy and paste) which took hours. I really don't want to copy them again nor type the substracted values by hand.
So I thought there'd be a tool that can do this job for me. Just outputting the input list where every value is decreased by 0x00020000.
Once Twilight Princess HD is out I'll have to get those values again

 

[FAST6191]

If they are the same offsets (or some calculable difference and same pattern after that) then that should be well within the capability of a spreadsheet. I have done very similar things to fix pointers in the past.

 

[CosmoCortney]

the offset between each value is 0x0C. The offset between the same "object" of the 2 dumps is 0x42BAC.
But I have never used spreadsheet before

 

[FAST6191]

As in completely new to spreadsheets or just for hex/ROM hacking?

https://www.libreoffice.org/ has one that is suitable for task (the calc part being the spreadsheet, though the full office suite is not bad), and at the right price of free. It is also able to be installed via https://ninite.com/ if you want to take out all the fun and games. MS office is also good enough, though I have not tried the newer versions for hex work (previously you had to install the analysis toolpak but I think it comes as standard now).

They are easy enough. They might not work directly in hex, or at least not easily but conversion is usually a matter of using a formula like dec2hex(cellname or value) and hex2dec(cellname or value). https://help.libreoffice.org/Calc/Add-in_Functions,_List_of_Analysis_Functions_Part_One
Couple that with the fill command (video form as it makes more sense than in words in this instance, though text https://help.libreoffice.org/Calc/Fill ).


Personally I would probably set my hex editor to a certain width (in grouping and in line length, in this case I imagine C and 4 bytes), do whatever endianness stuff you need to do to get it in plaintext. Export that, do the maths needed and then remove all new lines, spaces/tabs and such to generate a nice hex string to put back into the file, revert any endianness stuff you did and carry on with life. Crude but quicker than messing around even with something nice and speedy like python.

 

[CosmoCortney]

I'm new to spreadsheet. But common to hex and game hacking for 6 years now.
I do have OpenOffice calc. I use it to make tables (actually being used right now to document all the value). But I don't touch the function textBox because I hadn't had the need to use it until now. (the fastes way to create a table with 15k+ items lol)


Let me have a look at the links..

 

[FAST6191]

openoffice was the predecessor to libreoffice but after Oracle bought Sun (the technical owners) it was forked. Either way for basic stuff like this it should work fine. Also sorry I did not mean new to hacking, just new to using spreadsheets for hacking purposes.

 

[CosmoCortney]

Ok, thanks.
So.. to do basic math with hex numbers, I need to convert them to dec, substract them with 0x00020000 in dec, reconvert them to hex and store them in the next column? (I do understand how to use HEX2DEC, =A1-A2 and basic stuff now. But that's all about it..)
Any hint about the syntax?

 

[FAST6191]

If you put an = sign in there at the start it will try to interpret it as a formula. If not then it will be text or numbers (or something more custom like date if you change the data type).

Syntax is more or less like normal maths rather than computer code, hope you are a fan of parentheses (Klammern?) . You could also do something like =dec2hex(hex2dec(a1)-hex2dec(020000)) and have it all happen in one cell if you wanted.
Oh and if you really wanted you can also name cells (effectively declaring a variable). Such a thing will usually be on the left hand side just along from the formula bar.

 

[CosmoCortney]

I see
But how do I do this consecutive for all cells of a column?
c1 =dec2hex(hex2dec(a1)-hex2dec(020000))
c2 =dec2hex(hex2dec(a2)-hex2dec(020000))

 

[FAST6191]

That is why we have the fill command that the video was covering. Get a couple sorted and use the fill handle to do the rest -- it should auto increment the A1 part. Likewise you don't need to put the C1 in there if that is cell C1 as it already knows it, at very best it will think you are trying to do a true/false test (though that has a slightly different syntax)

 

[CosmoCortney]

It's not working..
It shows me the right result in the formula editor. But not in the table itself. I have marked the values of the columns I want to decrease which has added "H912" to the formula. Is this right?

 

[FAST6191]

Did you click outside the column at some point to try to get out of the formula editor or something? That is usually when I click something by accident, and that would probably be at the end of the list and in the middle of the screen if you are otherwise editing the C column.

 

[CosmoCortney]

I didn't. the formula editor also stays on top when i click somewhere outside of it

 

[CosmoCortney]

I'm trying to write some PPC code that lets the wii doing the job for me. I will let you know if I succeed (you quickly lose the keen view since there're no variable and you have to store your variable somewhere in the RAM and you need to remember the right address)

 

[CosmoCortney]

Wow, it worked on the first try
Didn't expect it to be working so well
this is the code:
9001C008 803E66C0
9001C00C 90000800
lis r8, 0x9001 // where to write increased obj address
ori r8, r8, 0xC008
lwz r10, 0 (r8) // load obj address
lis r11, 0x803E // max obj address
ori r11, r11, 0x9168
cmpw r10, r11 // if obj address is smaller than max obj address - skip the following branch
bgt- 0x20 // else branch
addi r10, r10, 0x0C // increase obj address
stw r10, 0 (r8) // write increased obj address
lwz r9, 0x04 (r8) // load write address
addi r9, r9, 0x04 // increase write address
stw r9, 0x04 (r8) // store increased write address
lwz r11, 0x0 (r10)
stw r11, 0x0 (r9)
b 0x80004428

here you can see the extracted address copied to 0x90000800:

Just need to dump the ram and extract 'em