Chainer 0.2

So we just need to find what pointing to our value, by scanning upper address. Then calculate the offset, repeat the process until it leads to static location such .bss ?

Am i right ?

If you are about how to use a script, then you need to find the value in any way before the pointers change, and then call the script.

If you're talking about how it works inside, then yes, something like this.

Unfortunately, this works with only few games. If the game uses automatic memory management (Java or C#), then there will be no normal pointer to a static location.
Or it will be very deep. Or there will be huge offsets.

In theory, this should work with games that use their own C engines.

The search itself is very resource-intensive and the deeper, the more calculations.
The difficulty grows exponentially.

For example, at the first level, for 3 values there may be 10 pointers, at the second 100, at the third 1000, at the fourth 10000.
In order to calculate the chain one has to make about 10,000 * 1000 comparisons for level 4. This is a lot.
So deeper than 4-5 levels, most often, it will not work out.

Maximum offset also affects the number of results. The bigger it is, the more results and more calculations.

In fact, the script is looking for every level of everything that can pointed at the data of this level.
The result is something like a tree or a pyramid.
After possible pointers have been found, at this level, it is checked whether there are any static regions among them.
If there are any, then the restoration of the chain for these pointers begins. calculation offsets and saving chain.
This allows you to speed up the search without building a chain where it is unnecessary.
It also uses reuse of calculations and so on.
Static results are excluded from the calculation and the transition to the next level takes place.

And so, until they reach the limit of levels, or until they run out of data for the search.

Any update about script waiting for more impoved version.

Doing good work @Enyby

On the limitation on pointer level of the Chainer script, I recently (re)discovered a method for faster pointer scanning here by Guided Hacking using Cheat Engine coupled with the Cheat Engine server to scan over network (installation here) I managed perform a 6-level scan pointer on a potato laptop with Nox (yes, Nox, the emulator) as a target (set up Network Bride first). It's a bit buggy on the Cheat Engine side and slow but it does the job. I'd recommend this approach as a final resort but hey, if it works it works.

This cannot work, if only because the pointer is just the memory address in the address space of the emulator. And from the outside, it is not visible.
So even if at least 100 levels of scanning, it does not help anything.

I'm fairly new to the game hacking scene so I'm maybe wrong and getting the terminology wrong, but CEserver allows Cheat Engine to perform scan, memory disassble and pointer scan inside the Android memory space of the Android VM Nox runs. If you need proof I can send you the Cheat Engine table and the game for you to hook up and test because I'm still struggling to write a GameGuardian-compatible LUA script of the CE table mentioned above.

Anteaters eat ants. For them, this is "food". Will it be a “food” for the human?

For some things, context is important. If I say that the value has increased by 20, is it a lot or a little? This question can not be answered. I do not know the point of reference and the scale of changes.

Similarly with pointers. From the outside, the address space of the processes in the emulator is not visible, so it will not work. It will not work at all.

There is such a thing as a cargo cult. They, too, are thoughtlessly copying the form, not understanding the content.

[added 1 minute later]

You can try on the test application and see for yourself.

GameGuardian (#8fxj06fj)

 

@Enyby

In the chainer.lua script there is a line with:

Quote

gg.internal3(maxOffset)

What does this function actually do?

And from what I know, not only internal3, there are also functions called internal1, internal9.

I don't know for sure, maybe there are other internal n functions.

 

And the worst thing is i can't find an explanation, even at Help there is no description about it.

 

On 2/4/2021 at 12:27 PM, nmsushi said:

 

@Enyby

In the chainer.lua script there is a line with:

gg.internal3(maxOffset)

What does this function actually do?

And from what I know, not only internal3, there are also functions called internal1, internal9.

I don't know for sure, maybe there are other internal n functions.

And the worst thing is i can't find an explanation, even at Help there is no description about it.

 

@Enyby I want to know what this function (                       gg.internal3(maxOffset)                 )does. The important thing is that this function has no trace in the help document, but I need to modify the Lua file

Edited June 7, 2021 by cox_xz