Jump to content

Enyby
 Share

Recommended Posts

Just now, oled said:

So does it means that need to find pointers again after every process restart and their old addresses generally can't help?

Yes, just as I have written in one of the previous messages.

Link to comment
Share on other sites

35 minutes ago, oled said:

May the method (from pointers.pdf) work without restarting?

"Pointer search" feature in GG will find all pointers to the value, if the offset is set to 0, or to the range of values , if the offset is set to a positive integer. There may be no results or too many results. Adjust "offset" parameter accordingly.

Once you have the list of pointers to desired value/structure, according to the document, you need to filter the list "until the number of pointers will not decrease". That's how filtering is done there:

Quote

Restart the game. Click "Filter" and enter the value of Experience - "650".
Click "OK".

Obviously, this won't work for Android. So you need to think of another way to reduce the count of found pointers or simply use all of them to keep the reference to desired value.

Short conclusion (and probably the answer to your initial question): filtering of found pointers on Android can not be done as described in the document, because restarting the process causes all values to relocate.

Edited by CmP
Link to comment
Share on other sites

No need to restart. It works not only with the restart but it is the most effective to filter pointers (that is why it is used in the description). For example in another level the address of some parameter will be changed. So the same as in the method but without restart. What about that?

Link to comment
Share on other sites

  • Administrators

ArtMoney was written for Windows when there was no ASLR. Android was originally created, taking into account the ASLR. Therefore, many methods ArtMoney inapplicable. I think that now, on the latest versions of Windows, they also do not work if ASLR and DEP are enabled. And they are included for all processes, except for exceptions running in compatibility mode.

Plus it's Windows and Linux. They have different concepts of work. Therefore, not everything that works on Windows can be transferred to Linux.

Link to comment
Share on other sites

  • Administrators

Look at this post and the picture to it:

Using Offsets (#5nf243is)

I also advise you to read the whole topic there. Just discussed your question.

scr_1476572000.png.b264b5241edbdd697ef56dc5c0e3838d.png

Usually, the depth of the pointers does not allow to restore the path to the value, especially because offsets are unknown and can be quite large.
This is for the case of restarting.

If the games have allocated a pointer to the stack (a rare case, but possible), then you generally will not have any chance to find something, because the starting address will not be tied to the library memory space.

[added 2 minutes later]

Here is another discussion you should read:

Finding real offsets of IDA (#8cdn5dao)

 

Link to comment
Share on other sites

  • Administrators

It all depends on how it works. How deep is the chain of pointers.
Most often, there is not one level. If you look at the picture, this will be the case with Gold3.
Suppose the World Object has not been moved, and pointerPlayer has remained the same.
But you do not know offset6 and offset7.
Most often you cannot reduce the number of results until the pointers are unchanged. Therefore, you have hundreds of thousands of values and find the right problematic.

How will you search for the desired pointer chain after level overload?

Even if you have 1 level of pointers, this is already a problem.

And this is all seen in the context of static pointers.

If you have a garbage collector, for example, a game in C# (Unity), then all this does not work. Pointers can be moved at any time during garbage collection.
And you cannot know whether it happened or not.

We continue. If arrays with offsets are used somewhere, then pointers can change their offset. So it is make more complicated.

Link to comment
Share on other sites

  • Administrators

From pdf:

Quote

At    first,    search    for    pointer    2    level,    if    not    find,    then    pointer    3    level.
Each    next    level    is    searched    in    10    times    slower    than    previous    level.
If     you     have     1     minute     for     pointer     2     level,     then     time     for     3     level     will     be     10
minutes,    for    4    level    will    be    100    minutes.

Even on PC it is very slow. Even with powerful CPU.

A typical PC processor does not care about power consumption and dissipates 50-100 watts. A typical Android device processor is not able to dissipate even 1 watt for a long time without risking to melt the device or burn the battery.
The fact that the PC is looking for 10 minutes, on Android you will search for hours.
Another problem is the amount of memory.
The amounts of memory for processing are approximately the same, but you will not have free space to process them, since the entire memory has most often been taken by the game. And it also consumes CPU, resources, which are already lacking.
Add here another RISC architecture, where memory access is quite expensive, and caches are not very large and you will get even more slowdown.
When the memory for GG runs out, it has to use a memory card to store data. The speed of which is extremely small.

Summarizing all of the above, I can say that there can be no common and simple tool.
What will be, will be slow, work only in some particular case. And all this will be so complicated that only a few will be able to use it, if anyone can at all.

 

Link to comment
Share on other sites

  • Administrators

You can try to do something in a test form on the scripts.
If you get something worthwhile that can be applied to many games, we can consider the possibility of implementing outside of scripts as an embedded feature.
While this is not, nothing to talk about. Provide a workable concept so that you can talk about something.
So far, everything looks like an unviable idea, which is not worth wasting time.
There are many other tasks that are real and more useful.

Scripts provide you with the ability to store intermediate search data in tables, not limited to one saved list. It may be convenient for your task.

You can write a simple test application with pointers and try to make a script for it. Well, or find a simple game that is guaranteed to fit your criteria. Although it can be difficult.

And then try to write a search for the desired pointer using scripts.

Link to comment
Share on other sites

  • Administrators

Knowledge of offsets alone is often not enough.
Or you should know them all completely, in a chain. And from the address, which is more or less static. For example, from a pointer in .bss or .data.
Most often, you do not have such data.
However, if you have them, you can write a simple enough script to always get the desired value by following the pointers.

The problem is that offsets can change when recompiling, so you have to refine them with each new update of the game libraries.

And the rest, yes, it can be done.

Link to comment
Share on other sites

Can you please help me figure out how to give a negative number for the boathouse in tropic escape like the picture below? 

I’ve tried several different search methods and none of them have worked.  

Also, my floating icon frequently disappears and I have it set to never disappear.  I have enabled all permissions.  

I’m using gg no root through parallel space.  

Thank you! 

78008559-6873-48BD-A159-2790E1DE923F.jpeg

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.