Leaderboard

Well, i search the weaponSound class manually. Then i search the desired gun. The i pointer search the start address of the field address of that gun and see if there is a pointer that is always pointing to that gun or some weapon of it. Then i check which class that value that is pointing to the start of that field address of that gun belongs to. In this case it belongs to claas weaponManager. Then when you find the class struct there will be a address having the value which point to the metadata. In this case its named weaponManager. But if your search weaponManager you get to much results so you copy some extra bytes to refine the results amount.

This value doesnt work?: h 57 65 61 70 6F 6E 4D 61 6E 61 67 65 72 00 E4 B8 9E E4 B8 94 E4 B8 89 E4 Found it by pointer searching the first field offsets address.

It doesn't matter if its obfuscated or not. The objective would be to find a pointer that always point to your desired weapon. Here is a video example (you want to disable the sound, i recorded sound by accident). Where it shows it always finds your gun. Without needing to do everything all over again. Regardless of leaving a match. So can you kind of picture how you would have to script it? Manually the value is not efficient ti use for edit, but when you script it, it is better then the other option of pointer searching again and again because you actually don't need to search anything.

Did you check the class: WeaponManager ?

Scripting this should be doable. The only issue usually is refining till you get only one result. There are two methods you could try. One is copying the data of that specific gun and allocating that data at a read and write page with your own modified values and then setting the pointer that point to the start of your gun class equal to the start of the gun class which you have allocated. Its not a guarantee it works but it could prevent you from having to search the value all over again. But it could as well be that your game is crashing. See here for an example. Eitherway you need to script it. Second method you can take from nok1a's script. We use the start of a char in the metadata.dat and pointer search it till the region Anonymous and set or required parameters. Then you also need to find a value that indicates when the match is finished or not. I need to do that as well for the game Tower of Fantasy. I believe the class your editing has a field as weapon ID's. Each weapon should be different. You can filter based on that. So that eventually all that would be left is the desired value that you would like to modify. Actually i don't even think you need to refine to one result. Its possible that all the results you got was for different weapon ID's Nice cheat btw.

Is this for a script your making? Is the value static during the match? It's not the issue though.

Update?

@HorridModz Provides a Nice detailed explanation. Hex patching is rather easy as it's only a form of data that simply overwrited / added, the important thing is: to understand the assembly itself. Probably I'll provide a little more coverage about the topic. [ Usage ] - Replacement: You can only replace hex at fixed length. The hex length is depends on Data types that you're dealing with, it could be a Set / Subset Instruction. In general it can take 2-4 bytes, make sure to read the instruction as a string not in hex form. More simple coverage on the next section. - Addition: This used when doing references such as memory allocation. To manually add a custom instruction; you need to write it in empty/unread memory region (the indication is: it's filled with 00) and then reference the game function to your allocated memory. It's the general idea, you shouldn't be worry about it; most tools already provide this feature. Why no substraction? You can't remove a function even after proper patching and 'disabling' any reference to that function, directly or memorily. It leads to data corrupt/crashing; so it's uncommon. You can use this to cut fake data (such as malware app that filled with 00 to make a large size) because "they" only add additional hex at the end. There's more reason to this. [ Data Types ] - Function/Instructional data takes 4 length; mov r0, r0 #00 00 A0 E1 bx lr #1E FF 2F E1 - Inner Function/Subset Instruction takes 2-4 length. It's called as thumb and can be found on 32-bit architecture. mov r0, r0 #00 46 bx lr #70 47 [ Patching ] - Lazy Patch: You can 'remove' instruction without removal, simply fills with 00. This off course wouldn't work if the app have high security but the benefit is: You don't need to understand Assembly. - Proper Patch: You can just memorize this common patch and applies it anywhere; it's simple and not a time consuming. Well, for more instruction patches; you need to learn assembly. Learn returning values and Jump instruction (BL/JMP) patches would mostly help. [Patch 1] Instruction: mov r0, r0 Arm Encoded: 00 00 A0 E1 Thumb Encoded: 00 46 [Patch 2]: Usually a boolean/takes value Instruction: mov r0, #0 Arm Encoded: 00 00 A0 E3 Thumb Encoded: 4F F0 00 00 [End Patch]: Indicate closing, put after patches Instruction: bx lr Arm Encoded: 1E FF 2F E1 Thumb Encoded: 70 47 [ Misc ] - 00 is equal to 1 Hex - Hex can present in 00 or 0x00 - Thumb can be found on 32-Bit Architecture (x86, Armeabi / Armv7 / Arm32 ) - Thumb can also takes 4 length; the same length as Arm encoded - To differentiate Thumb and Arm encoding; 1) Copy the instruction hex, 2) Compare hex and instruction, including after and before offset

Hack Dungeon Maker for Devil stone , Point , Rebirt level , Dark lord Level 1.new game go to trial mode 1 ~ myth difficulity, because u need trial cards or continue game with trial card event - continues battle until u get trial card event. day 1 i have 810 pt 2. select trial card,like the red one in the center 3. now you have value for search like 400;100;200 in my case 4. open game guardian and use group search 5.then you get result 400 100 and 200 ,next refine value for example 400 in my case 6.now edit 400 to value you like, example i change to 130.000.000 7.back to game and select 400 pt card name is "supression" in my case (because iam edit this value before) 8.Go to battle ,now in day 3 i have 780xxxxx value (more battle more PT u get) result -get lvl up for rebirt and got 5k ~ 9k red stone for abyss shop -get dark lord lvl up to 15 open all skill *require have awakening this cheat dungeon maker working version 1.7.6 ~ 1.8.2 hope you understand and sorry for my bad english pw:dont forget send love if u like this