Jump to content
AKidWithMidgetFriend

Searching an offset

Recommended Posts

Hello fellow forum members, I had learned about apk modification from platinmod's and I have successfully dumped and inspected my game I have found an offset I want to search in gg but I'm kind of blanking out on how to search an offset in GameGuardian:'(

Share this post


Link to post
Share on other sites

Memory browser.

Goto address.

Xa range, select the lib you will be editing.

Goto it's start address. Long press address. Offset calculator. Enter your offset (hex). Click goto

Share this post


Link to post
Share on other sites
18 hours ago, NoFear said:

Memory browser.

Goto address.

Xa range, select the lib you will be editing.

Goto it's start address. Long press address. Offset calculator. Enter your offset (hex). Click goto

Hello, thank you this worked perfectly, but now I've found another line of code I was curious about and my specific question I cannot find an answer to with some searches because alot of different topics use the word offset

I found a public bool for god_mode in the dump.cs and it looks something like this 

public bool god_mode // 0xD0

My question is 0xD0 an offset, the code doesn't explicitly state that it is and it is rather short compared to the offsets I've seen and used so far so it's a little questionable for an inexperienced person such as myself.

Sorry for not being to the point as I know your time, and whoever else looks into this thread is very important, but thank you for your time and help!

Share this post


Link to post
Share on other sites
6 minutes ago, AKidWithMidgetFriend said:

Hello, thank you this worked perfectly, but now I've found another line of code I was curious about and my specific question I cannot find an answer to with some searches because alot of different topics use the word offset

I found a public bool for god_mode in the dump.cs and it looks something like this 

public bool god_mode // 0xD0

My question is 0xD0 an offset, the code doesn't explicitly state that it is and it is rather short compared to the offsets I've seen and used so far so it's a little questionable for an inexperienced person such as myself.

Sorry for not being to the point as I know your time, and whoever else looks into this thread is very important, but thank you for your time and help!

0xD0

You look for something like

Ldr W8, [x25, 0xD0]

Where W8 and X25 are just random for this example.

You'll have to find offset. In dump still. 

Share this post


Link to post
Share on other sites
On 2/22/2021 at 6:57 PM, NoFear said:

0xD0

You look for something like

Ldr W8, [x25, 0xD0]

Where W8 and X25 are just random for this example.

You'll have to find offset. In dump still. 

Hello NoFear!

Thank you for your help understanding that bit about field offsets 

But another question arose while observing a dump dll and given that you are so familiar with offsets you'd seem like the perfect person to help

So I noticed that these classes have assigned Tokens... These tokens are structured very similarly to offsets.

My questions being;

Are tokens and offsets directly related or are they both just reference constructors to allocate data?

Can a token be searched in the libil2cpp with HxD the same way you'd search an offset?

I'm sorry if I am wasting your time by inquiring I try not to make a habit of asking others opposed to plugging my questions into a search engine  but I couldn't find the proper keywords to filter out irrelevant information

Share this post


Link to post
Share on other sites
On 2/22/2021 at 10:55 AM, NoFear said:

Memory browser.

Goto address.

Xa range, select the lib you will be editing.

Goto it's start address. Long press address. Offset calculator. Enter your offset (hex). Click goto

i see 3 libil2cpp files... so check 1 by 1?

 

the offset (hex) we will paste, that was from dump file?

Share this post


Link to post
Share on other sites
1 hour ago, nio04 said:

i see 3 libil2cpp files... so check 1 by 1?

 

the offset (hex) we will paste, that was from dump file?

Are they all libil2cpp or are they just .so files because then youd go with the one that says libil2cpp.so or if there is not libil2cpp in the .so list then you want to go with the one with the largest byte size

If the largest il2cpp binary file isn't libil2cpp then you're going to need ida pro

But if it is libil2cpp then dump it with the metadata

The dump cs and dummy dll should contain just about the same information and these are both to find offsets associated with certain game functions or methods

You drop the libil2cpp.so that you used to do the dump and you put it into HxD which will allow you to search these offsets with ctrl+g. 

 

Share this post


Link to post
Share on other sites
11 minutes ago, AKidWithMidgetFriend said:

Are they all libil2cpp or are they just .so files because then youd go with the one that says libil2cpp.so or if there is not libil2cpp in the .so list then you want to go with the one with the largest byte size

If the largest il2cpp binary file isn't libil2cpp then you're going to need ida pro

But if it is libil2cpp then dump it with the metadata

The dump cs and dummy dll should contain just about the same information and these are both to find offsets associated with certain game functions or methods

You drop the libil2cpp.so that you used to do the dump and you put it into HxD which will allow you to search these offsets with ctrl+g. 

 

understood! thanks for the information

 

u saw any lib script?

Share this post


Link to post
Share on other sites
36 minutes ago, nio04 said:

understood! thanks for the information

 

u saw any lib script?

I don't really know about lib scripts but I do know how to return a libil2cpp file in a gg memory page or how to use offsets found in lib files in a gg script

As for the accessing in GG then go to the hamburger menu which is the three lines with bullet points next to them 

The hamburger menu will bring you to memory pages here you should tap the bold rightward pointing arrow(not the small one but the one without a leftward pointing counterpart)  this will allow you to select a memory range to go to

Select Xa code app range and you should be able to see which file is for which option at the end of the choice. 

Here are some pictures to go along with this

Untitled26_20210224150728.png

Untitled27_20210224150808.png

Untitled28_20210224150843.png

Share this post


Link to post
Share on other sites
7 hours ago, AKidWithMidgetFriend said:

Hello NoFear!

Thank you for your help understanding that bit about field offsets 

But another question arose while observing a dump dll and given that you are so familiar with offsets you'd seem like the perfect person to help

So I noticed that these classes have assigned Tokens... These tokens are structured very similarly to offsets.

My questions being;

Are tokens and offsets directly related or are they both just reference constructors to allocate data?

Can a token be searched in the libil2cpp with HxD the same way you'd search an offset?

I'm sorry if I am wasting your time by inquiring I try not to make a habit of asking others opposed to plugging my questions into a search engine  but I couldn't find the proper keywords to filter out irrelevant information

You would use a disassembler... IDA for example. Then could search strings for the "0xD0".  Granted, will be insane number of results. Because the 0xD0 I believe could be used for something else on another function. 

I'm still relatively new with lib editing.... I know enough to be dangerous 😛

[added 0 minutes later]
2 hours ago, nio04 said:

understood! thanks for the information

 

u saw any lib script?

Scripts for lib editing. Do exist.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...