-
Posts
547 -
Joined
-
Last visited
-
Days Won
19
Content Type
Profiles
Forums
Downloads
Gallery
Everything posted by MC874
-
Hi @APEXggV2. If the coordinate is constant, the above solution will work. In Minecraft, player coordinate will stay in place except if the player switch into a server, realm, or dimension. If the coordinate address keep changing, then just modify the code above: function find_address() gg.searchNumber("233;5;100::9", gg.TYPE_DWORD) gg.refineNumber('233', gg.TYPE_DWORD) result = gg.getResults() gg.editAll('45000', gg.TYPE_DWORD) gg.clearResults() gg.searchNumber("1667;2;5731::9", gg.TYPE_DWORD) gg.refineNumber('1667', gg.TYPE_DWORD) results = gg.getResults() gg.editAll('2000', gg.TYPE_DWORD) gg.clearResults() return result, results end result, results = find_address() while(true) if gg.getValues({{address=result[1].address, flags=result[1].flags}}).value == '233' then result, results = find_address() gg.sleep(5000) --in milisecond (5 second) end
-
Hi @ninjavour If you're trying to update modded games, you can't expect your mods to carried over to newer version. Modded games only work for that apk only and that version only, when you update modded games, the apk will simply replaced with a new version that DOES NOT have mods. --- If you are okay with that, try to update your game from third-party website like: APKCombo
-
Hi @moh4mmed, as I said earlier: That's why you need to use RVA because it's constant. Just grab the library base address and add RVA to it (Base address + RVA) --- You're trying to hook a method, also it is void types. You can change the "int32" as desired, but you need to find some instruction based on parameter it's located. For example, if "int32" is the first parameter, you need to find register R1 and change it to your value. For example: MOV R0, R1 -> MOV R0, #1 --- So yeah, editing void method is kind of hard. You need to understand assembly first.
-
Hi @moh4mmed, RVA is Relative Virtual Address, it takes the offset from the beginning of a file / the start of lib address that exist on memory. Meanwhile VA (Virtual Address) is the method address while you're dumping the game. VA should not be used, you need to use only RVA. It seems the RVA & VA is the same. It should be different. Try redumping.
-
Hi @DoDevil, It is not 'unreadable', it's a normal function name. Decompiler tends to rename 'unknown' function from what that function corresponds to and probably most of the function name is obsecured when the library is being compiled.
-
Hi @kai_nevan, I'm LDPlayer5 user. Game Guardian works perfectly on my end. Is your Game Guardian crashing a lot? Or is there something else that happened? Atleast attach some screenshot here.
-
Hi @Exit-, you need to read on how to use adb: How to install ADB on Windows
-
Hi @BloodMoonScript, the only solution I can think of is to try the game first on: VPhoneGaGa -> then Install Magisk (Yes, VPhoneGaGa support Magisk) -> then use Magisk module. If it's working, I would say just with stick VPhoneGaGa.
- 7 replies
-
- hide root
- hide environment
-
(and 1 more)
Tagged with:
-
Hi @DimoNULL, you need to get the libil2cpp.so address first, then do calculate offset by simply adding the RVA address of the function. Here's what it looks like using the script: so = gg.getRangesList('libanogs.so')[1].start gg.alert(tostring(so + "0x129fc4")) -- "0x129fc4" is your function address -- The function will be located at libil2cpp.so + function address.
-
Hi @harpov, you're trying to pass a string as parameter. It is kind of difficult in Game Guardian, since it can only replace existing memory. String is handled as pointer, when function asking for string types, it is asking the pointer of the string not the string itself. It is because string can consist more than one character, which there will be several hex/bytes representing each character. You might want to read this: ARM Patching I've seen that you're only trying to make it return null. First, you need to check wether the function is void or returning something. If you're intending to disable the function just do: BX LR 1E FF 2F E1 If it's void, disabling the function can crash the game. Alternatively you can pass one character to the parameter. You can try to convert character to hex: UTF8 to Hex. For example, character 'a' is '0x61' in hex. So you can do something like this: MOV R1, 0x61 61 10 A0 E3 Note that you need to adjust the 'R1' or the register according to the parameter. First parameter is usually passed into R1 register, but since it is a string, you might looking for LDR/LDRB instruction inside the function and change it with the instruction above.
-
Hi @kashM, go to appropiate section of the forum, for example: HELP Section. Then simply click on "Ask a question" button:
-
Yeah, I forgot. It's just printing the address of metadata and libil2cpp.so. Just use Zygisk instead for easy use.
-
Hi @missmcp, that's weird. If GGIL2CPP works, then it can find it, otherwise it's not. For me it is working:
-
Hi @Kest, Metadata doesnt matter. It uses Zygisk to dump from runtime. It is working thanks. dump.cs
-
Hi @Kest, try to use: Zygisk-Il2CppDumper, it's Magisk module: zygisk-il2cppdumper.zip
-
Hi @kotako, might tag admin as well @Collen- @NoFear.
-
Serving my warmth welcome @kashM, glad you're joining us.
-
Hi @Saaammii, the game has some kind of protection. Please read this comment: AntiCheat
-
Hi @eliottalderson, it is depends on how the game/app implements emulator detection. Some through java classes and some through compiled library. My approach is to use: frida for java classes and do reverse engineering using: IDA Pro or Ghidra for compiled library. So for LIAPP use frida instead. Yes. Developers can name the 'emulator detection' whatever they want, also the approach can be different. So different app, different approach, unless they are under the same system with the same version (ex: tersafe/anog, liapp, etc) You're in the right category, don't worry. Welp, I've seen some videos that it is possible to disable LIAPP from being launched through smali. However, decompiling the APK requires you to disable the APK Signature first for most game/app which is a different kind of story. You're on the right track, keep tracing the game and you're a reverse engineer!
-
Importing mod menu to a newer version of the apk
MC874 replied to serdarag's topic in Non-GameGuardian
Hi @serdarag, it is certainly possible to update mod menu values to newer version but not in a way that you moved the mod menu to new version. So, you can run the modded apk first -> activate mod menu cheats -> dumps the game library -> find differences between dumped library and the original library -> mark the differences -> reverse the library and find the address that's already marked -> reverse the new version library and find the same location, you can judge it by code structure, pointer or etc -> then you can create your own Game Guardian script.- 1 reply
-
- Forward Assault
- Mod Menu
-
(and 1 more)
Tagged with:
-
Hi @Collen, asking for permission to attach this apk to the thread.
-
Hi @missmcp, you can use: GGIL2CPP to find metadata registration offset. require("Il2cppApi") Il2cpp() gg.alert(tostring(Il2cpp))
-
Hi @FlashNUT, Pardon me, you need to put the APK inside your Windows (not inside your android storage). Save this command as a .bat file and game guardian apk in the same location as your adb.exe. cd/d "%~dp0" adb.exe install gameguardian.apk
-
Hi @FlashNUT, you need to indicate where you save the Game Guardian apk, for example: adb install --bypass-low-target-sdk-block /storage/emulated/0/Download/gameguardian.apk Also, you need to place your apk inside your phone, not in Windows.