nok1a

Which value?

oke so it doesn't really matter i guess, no need for group search, just search -65,536 in Cb when your health is completely full. and freeze it. It will work in multiplayer as well. But do the search for every match. Because sometimes the value changes address. Maybe you can patch the function that does the health so that the value doesn't need to be searched every time in Cb? It's not a Unity/UE engine game btw. But most values we see on screen points to strings names we can follow with pointers. No idea where the functions are. But maybe interesting to look for.

might be possible then in the multiplayer you have to search the same value, since it might be at a different memory address but can't guarantee that it works.

Dunno about the multiplayer, but in the mission search: -65,536D;184,614,911D::5 in region Cb. And then freeze the value -65,536 and your health should stay full. Search it when you just spawned and have full health.

I guess the actual gold and jewel value that you see on your screen is protected. It's obscuredDouble probably, might have to do with the class: spDB (something you need to check in the dump). --gold --gold value in memory 280: ferY4BQz72aoC0+AZsy5cPFpidyag1HQhc54k9KF80E= 304: QwuQy+5CvDo+m+O+fhMInPFpidyag1HQhc54k9KF80E= 321: RHY/I/aUtAdzHlP5z/m6ofFpidyag1HQhc54k9KF80E= 350: bh2L+iZHoNuqjFb39WQn3PFpidyag1HQhc54k9KF80E= 370: TadrNr5/f7joLSTHHFqR5fFpidyag1HQhc54k9KF80E= 387: ebtGeGn3X/1tzFzWNVChWfFpidyag1HQhc54k9KF80E= 403: cPbwtC2pYkFCORExrx+sDPFpidyag1HQhc54k9KF80E= So i think making a video about how to find the gold value on screen is unnecessary. The values you found using DataController class is way better since those values are static and wont change. And i don't have the dump to try to check the stuff, but it's also not needed since you already managed to hack the gold, and for the jewels you patch the methods with the script of ApexGG. For find the health value of your characters in the "MY CARDS" section, divide the health value by 1.5, then search the result in double (effect is applied to all the instances of the characters): double health = 27; double div = 1.5; int i = health / div; printf("search: %d", i); -- 18 Attack value isn't anything special, you can just search the value directly in double.

for the jewels i think you can just patch one of those jewel methods of the DataController class. Have you already tried?

I usually manually search the fields and classes. There are tutorials on how to do it i guess: While searching for the Gold, i had to make some script to make stuff a bit more easy for me. Not sure if the script will work for you because i only test on LDPlayer x86-64 where stuff might be a bit different then the usual device but maybe it works for you if your running 64bit: gg.clearResults() local range = gg.getRangesList("global-metadata.dat") function resultsList() local count = gg.getResultsCount() local results = gg.getResults(count) gg.clearResults() return results end function ptrToStr(str) gg.searchNumber(str, gg.TYPE_BYTE, nil, nil, range[1].start, range[1]["end"]) local a = gg.getResults(2) local tab = {[1] = a[2]} gg.clearResults() return tab end gg.setRanges(gg.REGION_OTHER) local ptr_datacontroller = ptrToStr("h 00 44 61 74 61 43 6F 6E 74 72 6F 6C 6C 65 72 00") local ptr_jsonnum = ptrToStr("h 00 4A 53 4F 4E 4E 75 6D 62 65 72 00") function srch_obj_datacontroller() gg.setRanges(gg.REGION_C_ALLOC | gg.REGION_ANONYMOUS) gg.loadResults(ptr_jsonnum) gg.searchPointer(0) local a = resultsList() for i, v in ipairs(a) do v.address = v.address - 0x10 end gg.loadResults(a) gg.searchPointer(0) gg.searchPointer(0) local class_start = resultsList() for i, v in ipairs(class_start) do v.address = v.address - 0x78 end class_start = gg.getValues(class_start) local class_name = {} for i, v in ipairs(class_start) do class_name[i] = {address = v.value + 0x10, flags = v.flags} end class_name = gg.getValues(class_name) local class = {} for i, v in ipairs(class_name) do if (class_name[i].value == ptr_datacontroller[1].address) then class[1] = class_start[i] break end end return class end local obj_DataController = srch_obj_datacontroller() local vals = gg.getValues( { {address = obj_DataController[1].address + 0x78, flags = gg.TYPE_QWORD}, {address = obj_DataController[1].address + 0x80, flags = gg.TYPE_QWORD}, {address = obj_DataController[1].address + 0x88, flags = gg.TYPE_QWORD}, {address = obj_DataController[1].address + 0x90, flags = gg.TYPE_QWORD}, {address = obj_DataController[1].address + 0x98, flags = gg.TYPE_QWORD}, {address = obj_DataController[1].address + 0xA0, flags = gg.TYPE_QWORD} } ) gg.addListItems( { {address = vals[1].value + 0x10, flags = gg.TYPE_DOUBLE, name = "Double_StageClearGoldFirst"}, {address = vals[2].value + 0x10, flags = gg.TYPE_DOUBLE, name = "Double_StageClearGoldWeightedValue"}, {address = vals[3].value + 0x10, flags = gg.TYPE_DOUBLE, name = "Double_StageClearGoldWeightedValueForEachStage"}, {address = vals[4].value + 0x10, flags = gg.TYPE_DOUBLE, name = "Double_StageClearGoldWeightedValueForStanddardStage"}, {address = vals[5].value + 0x10, flags = gg.TYPE_DOUBLE, name = "Double_RecallGoldFirst"}, {address = vals[6].value + 0x10, flags = gg.TYPE_DOUBLE, name = "Double_RecallGoldWeightedValue"} } )

The values that you could edit at those fields for increase gold have become pointers that point to the gold, that's maybe why your old method with the script wasn't working? But once you go to the pointer you can find your gold value at + 0x10 from it's address. Your old gold value belongs now to the class JSONNum which has more then 30k instances (didn't check in the dump if it was class, might not be a class)...so it's better to find the gold through the class you shared. Editing on the gold value in region A worked for me, so i assume that the script that ApexGG shared will work as well for patching the methods of that class (if it are the correct methods). But i honestly got no idea if editing methods of this class work as it should since i didn't try modifying those instructions. But i assume it does, give it a try.

For dynamic addresses the base address is a pointer which you obtained through a chain of pointers or an address from a group search or combination of both, which you can use to calculate the distance from base address to address of the gold value. If your not familiar with it you can use scripts from the forum. For games made in Unity, try using field offset finder. On other game engines perhaps try using the chainer script. Maybe this video helps you:

yeah like you won't find it in memory, they somehow making use of the protected metadata header, maybe you can dump older version of the game before they started protecting it ? And then use a script that can search by class name to get the correct offset?

Address is probably a string. Maybe you want to check the string.sub() function ? https://www.lua.org/pil/20.html https://stackoverflow.com/questions/45255696/extracting-the-last-n-characters-of-string-in-lua

Just freeze your game while your doing the search. The script does stuff that you could do by your self. Maybe check this video to better understand what the script does (because i can't install or use GG for a while already) https://emalm.com/?v=LBaYI The video explains the steps i want you to do. You can skip the video to 07:00.