Leaderboard

View File Chainer Script to search for chains of pointers. Beta version. The script searches for pointer chains with a given depth and maximum offset to the .data or .bss regions. For found chains, you can generate a script that will restore the search results for these chains. Video: Chainer: search and restore pointers chains - GameGuardian (#8cfynel1) https://gameguardian.net/forum/search/?q=chainer&type=gallery_image&nodes=2 Submitter Enyby Submitted 06/17/2019 Category Tools  

try searching for ACT(anti cheat toolkit) or Code Stage (code stage anti cheat) it's almost standard for games that use il2cpp, but it may vary from game to game

Try get_hack get_ishack or something like that

Maybe things like On Cheat Detected or Cheat Started. I looked at that game and I think things are just visual. You can search for VIP and although it looks like its worked nothing was actually working.

get_ get_coins get_diamond get_money get_damage get_health get_hp get_attack_target get_attack get_target

I do not know if this is the same code, or you have already changed something. If you change something in the code, then you need to post it again. Because what was previously irrelevant.

Idk. Write code so that that variable cannot be nil when executed here. Without seeing all the code, nothing specifically can be said.

Again, just read message: _address is nil. But must be long (number).

Yep. Consult with API help if you not sure how write something.

gg.Type_DWORD case is matter. All constant must be totally in upper case.

Use dot, not comma.

_result[1],address is nil.

This is how the ARM architecture works. Most addresses are not absolute, but relative, relative to the PC. This is done to save space in instructions. The instruction size is 4 bytes. The size of the 32-bit pointer is also 4 bytes. An absolute address almost always requires 4 bytes, since the code can be located in different places. A relative address can be encoded with 2 or 3 bytes. This will give the opportunity to refer to the memory near the code, where this code would not be located. And since .bss is not far from .code (.text), this is enough.

Offset from PC in LDR location. Useless in any other place.

What? http://www.catb.org/~esr/faqs/smart-questions.html

What error? [added 0 minutes later] local copy = false local t = gg.getListItems() if not copy then gg.removeListItems(t) end for i, v in ipairs(t) do v.address = v.address + 0xe40 if copy then v.name = v.name..' #2' end end gg.addListItems(t) gg.setValues() gg.setValues() require parameter.

Will be fixed in next GG release.

Executable bit not set: 04000000-04005000 r--p 00000000 08:11 131304 /data/app/com.makingfun.mageandminions-1/lib/arm/libs3eMATSDK.so 04005000-04006000 r--p 00004000 08:11 131304 /data/app/com.makingfun.mageandminions-1/lib/arm/libs3eMATSDK.so 04006000-04007000 rw-p 00005000 08:11 131304 /data/app/com.makingfun.mageandminions-1/lib/arm/libs3eMATSDK.so 04305000-05000000 ---p 00000000 00:00 0 05000000-059f7000 r--p 00000000 08:11 131305 /data/app/com.makingfun.mageandminions-1/lib/arm/libAPPmageandminions.so 059f7000-05a00000 r--p 00000000 00:00 0 05a00000-05a22000 r--p 00a00000 08:11 131305 /data/app/com.makingfun.mageandminions-1/lib/arm/libAPPmageandminions.so 05a22000-05a2e000 rw-p 00a22000 08:11 131305 /data/app/com.makingfun.mageandminions-1/lib/arm/libAPPmageandminions.so So it is not gg.REGION_CODE_APP

Added.

It can load x86 lib. Even if it load arm lib, device is x86 and use binary arm translation.

I think it is easier to do it with LP methods, if it allowed to make custom patches for this.

All of that is hard task and need a lot of work for each game. LP work on general basis with many games.

The reverse is also true. Purchases within applications are not things that can be done through a memory editor. There a request is sent to the market, in one part of the code, and the other part of the code receives the response from the market. These are not things that can be easily changed through the memory editor. In any case, if we are talking about a fake request, and not its modification.

Memory page is 4096 bytes. or 1000 in hex. In general, you do not need to understand what and why. Enough to round up. I do not have time for long and extensive explanations.

No. Round up mean round UP. Round down mean round DOWN. And round mean round by math rules. In this case round always UP. .bss section must follow .data section. No gap allowed between its. So .bss, if not start at new page, started at end .data segment. So in game memory it look like round up.

Round up to full page: 003D5000. 003D5000 + 5170 = 003DA170 Goto (key G): We here: We can press X and go on.

0x5180 in .bss section.

Look like bad firmware. If you work without root - get root and try again.

Understand nothing. Try explain more clearly.

By the way, in addition to the previous one, I would like to indicate one thing. I owe you nothing. Just as you owe me nothing. I do not have to implement something in GG, nor should I not implement something. Don't you like something? Do not use GG. I do not force you to use it. I do not force you to write scripts for GG. This is your choice. On the contrary, you should be grateful that you use my work for free. Believe me, this is quite a difficult job. If you are not satisfied with something, create your own hacking tool and do what you want there.

It is not simple. Not easy at all. To do this, you have to do too much. I don't have time for this at the moment. However, one day, I will post here such a script.

I'm afraid some scripts, in binary form, do not lend themselves to normal decryption. So the fact that you save them will not give you anything. Naturally, this is not easy to do.

Look like you use "hide from game" 4. If yes - disable it and try again. If no, then on your firmware video memory not readable for any other process.

Show screenshot of region list with visible video range, like this: and show screenshot of search stat after search like in your video.

I have not seen anything yet so that this indicates an error. I have a suspicion that the case is in your cryptographer, which was based on an error that has been fixed.

Provide minimal Lua code that does not work.

Need region log.

Undocumented api can disappear in one good day. You lucky. Currently I decide keep it, but I do not have need on it anymore. If it interfere with smth it will be killed and all your scripts stop work.

First attempt. Lua script on GG 82.0. 35 seconds for 595 searches. Not usable for production. It can be search too long time and too many times. Second attempt. Lua script with backing new features for not released GG. 0.5 seconds for build chains of pointers with depth 3. Good result. New GG version and awesome script will be released soon.

This is a basic idea. It can be developed further. But the main point is this. And logging cannot help bypass such protection. It is fundamentally impossible. Even in the simplest version, such protection is enough to stop most fans to copy pieces of code from the logs.

You can download a couple of pages of memory and find what you need on lua. There will be nothing in the logs. Approximately find what you need, and then filter the rest on lua.

Search in a complicated way, not a simple one. Since the code can be hidden and it is much more difficult to get to it - look for several things, read offsets from them, and then edit through setValues. Also use getValues. This will not allow tracking logic to repeat it. For example, I do three searches, then from one of the results I take an offset of 100, read the value from it, and so on. In the log it will be a jumble.

You can say thank you to ssu (DoS site), TisNquyen (malicious scripts) and others, whose actions led to the addition of powerful logging. But, as I have written repeatedly, you can write scripts so that logging does not help steal the scripts. This is just a matter of desire and qualification.

It is very easy. Go to app settings page for gg. Press button uninstall. Press ok. Wait until gg deinstalled. Done.