Leaderboard

Topic for known problem and how it resolve. 1. If you use Tencent Superuser and GG doesn't get root - change this root manager to another. For example: SuperSU.

My Purpose : Dumping the game to get the dump.cs, which including all class name, field, methods and the most important "offset" etc. So certain memory hack can be made (or script). My Question: When a game using hot-update, e.g. via HybridCLR , so normal-dump-method when we use the Il2CppDumper ( neither based on andriod or Windows, or using Zygisk etc) can not dump the FULL file out. Here normal-dump-method means below three methods: 1、extract game apk file and get " global-metadata.dat file" and "IL2cpp.so file", then dump. 2、Using GG in game memory to directly export the "global-metadata.dat memory" to ***** .bin file(then rename to global-metadata.dat) and "IL2cpp.so memory" to ***** . bin file, then dump. 3、Using GG in game memory via magic letter (464C457Fh - il2cpp / FAB11BAFh - metadata) to export the " global-metadata.dat file" and "IL2cpp.so file", then dump. We can not dump full, Because when game using hot-update, normally the "hotfix.dll" (e.g.) injected is separate from the original files, and new information which contained in the "hotfix.dll" is not in the original il2cpp.so file. It leads the result we can not get any useful info when we using normal-dump-method. One solution: Using GG in game memory via puting the DOS-PE header Letter " MZ "(magic head in decimal : 9460301 ) , and export all the C# DLL file to *****.bin file. Then using "get_dll_from_dumped_bin.exe" tool to convert all the *****.bin file you exported from the running game to *****.bin file. We can find the "hotfix.bin" (maybe different name) file. You can use Dnspy or other similar tool to check. All information we need is inside. MY FINALL QUESTION: After we get the "hotfix.bin" file, how can we dump it to get the dump.cs ? I mean how can we get the ingame memory class, filed, method and the most important offset ?

It finds all pointers pointing to your address. To use it you need to load the address(es) you want to perform the pointer search on in the result list. gg.loadResults({{address = grp[1].address + 0x4, flags = gg.TYPE_DWORD}}) Adds 4 bytes to the address, 0x9865E5B0 + 0x4 = 0x9865E5B4 and then loads it in the result list in data type dword. gg.searchPointer(0) Does the pointer search in the given ranges. Basically it's like doing: gg.searchNumber(9865E5B4h, gg.TYPE_DWORD) You get a few results. I dunno how gameguardian does it behind the hood but now i use gg.searchPointer(0) again because i want to perform pointer search on each of those addresses...that's why a second time. I have now more results because there are a lot of pointers pointing to those few addresses from previous screenshot. Now i need to filter them out because the health value was one more pointer search away, and the address to pointer search is in this result list. One of those addresses had 4 bytes above it a value 1.0F. That's the same value i asked you to search using 256F;1.0F::16. Sadly it returned no results for you. But the 1.0F value is located 4 bytes above one of those addresses in the result list. So i used that for filter out all these values and to get only 1 address left. local t = gg.getResults(gg.getResultsCount()) local sensitivity = {} for i, v in ipairs(t) do sensitivity[i] = {address = v.address - 0x4, flags = gg.TYPE_FLOAT} end sensitivity = gg.getValues(sensitivity) subtracted 0x4 from all the addresses in the result list and stored it in a new table(sensitivity) with data type float. local healthPointer = {} for i = 1, #sensitivity do if sensitivity[i].value == 1.0 then healthPointer[i] = {address = t[i].address, flags = gg.TYPE_DWORD} end end Checked which address of the table sensitivity contained the value 1.0F using iteration and if it found it should store the address that is 4 bytes under it in the table healthPointer and then load it in the result list using: gg.loadResults(healthPointer) It found a match and loaded the address in result list: Script performs pointer search again. local res = gg.getResults(1) local health = {[1] = {address = res[1].address + 0x4, flags = gg.TYPE_FLOAT, name = "Health"}} Will get 1 result, the health value is 4 bytes under that address...so i add 4 bytes to the address and store in the table health and gave it a name. gg.addListItems(health) gg.loadResults(health) Add the table health in the saved list. And loads it as well in the result list. Adviced to check out the Lua scripting documentation.

[ @EnMan ] --- Values are passed to registers, you can see-it using: RegView. Do note that this tool is only for Armeabi-v7a architecture, which is Arm 32-bit and can't be any others. You can either check your game libs on "/data/data/your_app_name/lib" folder. You can also use debugger: Frida or GDB and set some breakpoint to see current register value. --- If you know the previous value, why don't just find the address that causing the value to change? (You can find it using Pointer search) ---

meh Very Kewl Hax, Not a ClickBait

for anyone in need JWTG_ID.txt

Hey everyone, I've been experimenting with different formations in FIFA Mobile, and I'm curious to know your thoughts on the best one. I've tried a few, but I'm looking for insights from the community. What formation has worked well for you? Any particular strategies or player positions that you find effective? Share your experiences and recommendations. I'm aiming to optimize my gameplay, and your input would be invaluable. Looking forward to hearing your thoughts on what you consider the best formation in FIFA Mobile! Thanks in advance.