Can only explain you how i do it personally, but perhaps someone can explain another way. I also don´t know how familiar you are with Lua. But you said you are new so i will assume that you don´t know Lua. Also since you been doing everything from scratch without code to help you, so i will provide you helper examples.
I will provide you more or less a building structure which is familiar to me and which you can modify how you want.
First you need to search the class name in the global-metadata.dat. For do that you need the start and end address of where your global-metadata.dat is located within the memory of your process.
You can make a function similar like the one below that first locates the global-metadata.dat in memory (assuming it is not hidden) and takes the start and end address of that lib (see more info about the gg.getRangesList: https://gameguardian.net/help/classgg.html#a8bb9745b0b7ae43f8a228a373031b1ed
function metaDataOffsets() -- Will give you start and end range of the global-metadata lib which resides in region Other.
startAddressDat = 0
endAddressDat = 0
local rangesDat = gg.getRangesList("global-metadata.dat")
for i, v in ipairs(rangesDat) do
if v.state == "O" then
startAddressDat = v.start -- start
endAddressDat = rangesDat[i]["end"] -- end
break
end
end
end
Then you make a function that searches for your class name in which to which the field belongs, but as well the AssemblyCSharp string, you will need that one in order to filter out unwanted pointers.
You search those strings in the address range of the global-metadata.dat, you just fetched it's the start and end addresses from your previous function metaDataOffsets()
For readability purposes and clarity we make a function where you initialize your string names (class names) and give them meaningful variable names which we can then later search with GG.
Note that you must search the class name as a string of bytes and append 00 to the front and end of the bytes which indicate the start and end of the string of bytes. You can use this website to convert ascii characters to their representing byte and as that create your string of bytes.
We put the "h" at the beginning of the string so we can let GG know that we are searching in Hex. See a example function that initialize the strings to their variables, so that we then can use in a later stage as a GG search:
-- string names
function stringNames()
Class_AssemblyCSharp = "h00417373656d626c792d4353686172702e646c6c00"
Class_Weapons = "h00576561706f6e7300"
end
stringNames()
We must perform pointer search on the second character of the string.
We can make a function that receives the string as a argument and will saves the address of where the second character is stored in memory. This function is useful if you want to access many classes, less repetitive code:
function searchString(className) -- takes in name of desired class, searches in the range of the global-metadata.dat
gg.clearResults()
gg.searchNumber(className, gg.TYPE_BYTE, nil, nil, startAddressDat, endAddressDat) -- start and end range
local t = gg.getResults(2)
tableMetadataOffsets = t[2].address -- stores address at variable tableMetadataOffset
gg.clearResults()
return tableMetadataOffsets -- returns that address to the calling function which will be used to perform pointer search.
end
Since i don´t know if your running the game on 32 bit or 64 bit we should include a function that checks if your running game on 32 bit or 64 bit. This is also helpful in case someone sees this post and want to do same as your doing. So it's a general solution. See example function(s):
function isProcess64Bit() -- we only call this function once. It will check if the final address that gg.getRangesList is more then 32 bits. If so your game is running on 64 bit. Else it´s 32.
local regions = gg.getRangesList()
local lastAddress = regions[#regions]["end"]
return (lastAddress >> 32) ~= 0
end
In my case i only want to call isProcess64Bit once. So i store the result in a separate function, but this is up to creator choice. This function is from my old script and should be updates as there is better ways to write this function, but for example purposes it will be ok:
function validISA() -- we store result in the variable "instructionSetArchitecture" (Maybe given it a shorter name does not hurt, lol)
instructionSetArchitecture = 0
if isProcess64Bit() == true then -- calling isProcess64Bit()
instructionSetArchitecture = 64
else
instructionSetArchitecture = 32
end
return instructionSetArchitecture
end
Now we can make a function where we initialize or variables with the values which are only dependable on the instruction set of the game. Separate the offsets in separate functions to not get to confused. For example a function that has the offsets relevant to the class and it's fields. And the a function that has offsets that you have to use in almost every function. For example:
function instructionsOffset()
if instructionSetArchitecture == 32 then -- if true then 32 bit else 64 bit
hexConvert = 0xFFFFFFFF -- You need this for safely perform pointer searches on 32 bit.
dataType = 4 -- on 32 bit when performing pointer search you do it using gg.TYPE_DWORD (4).
classOffset = 0x8 -- when performing pointer search on second character of string you must do a -0x8 to reach class pointer.
else
dataType = 32 -- on 62 bit when performing pointer search you do it using gg.TYPE_QWORD (32).
classOffset = 0x10 -- when performing pointer search on second character of string you must do a -0x10 to reach class pointer.
end
end
instructionsOffset()
Then a function where we put offsets only relevant to the class that we try to change it's fields of:
function weaponSettingsOffsets()
if instructionSetArchitecture == 32 then
weaponPointerToIdOffset = 0x8
weaponPointerToAmmoOffset = 0x48
weaponPointerToRecoilOffset = 0x78
else
weaponPointerToIdOffset = 0x10
weaponPointerToAmmoOffset = 0x60
weaponPointerToRecoilOffset = 0x90
end
end
weaponSettingsOffsets()
Now we must make function that takes the second character of the AssemblyCSharp string and then use the address of the pointer pointing to that chracter it's address. We use it in future use cases for checking purposes of other class pointers. As i mentioned before:
function assemblyAddressCheck()
gg.setRanges(gg.REGION_ANONYMOUS | gg.REGION_C_ALLOC | gg.REGION_OTHER) -- we enable the regions in which we allow GG to search
searchString(Class_AssemblyCSharp) -- we call the function searchString and parse the string that we made at function stringNames(), it will return the second character of the string under the name tableMetadataOffsets.
gg.searchNumber(tableMetadataOffsets, dataType) -- We perfoming pointer search on the second character. dataType: 32bit = 4(dword) | 64bit = 32(qword)
assembly = gg.getResults(1) -- we now have the pointer which we use to check if the class pointer you have is valid once or not.
gg.clearResults()
return assembly -- we can now use this variable every time for checking.
end
assemblyAddressCheck()
Now we can work on finding your field value as we setted up the main structure.
Make a function with the name of your class which will first call searchString in order to get the second character of the string, then perform pointer search on that second character. Then do offset - 0x8 or-0x10 depending on your instruction set architecture. Then check if the value at those addresses is equal to the value of assembly which you received from the function assemblyAddressCheck()
Then once that check is complete you can start working with the pointer that is equal to assembly. Perform a pointer search on that pointer. That will give you all the instances that point to your class pointer.
see an example:
function weaponsSettings()
gg.clearResults()
gg.setRanges(gg.REGION_ANONYMOUS | gg.REGION_C_ALLOC | gg.REGION_OTHER)
searchString(Class_Weapons)
gg.searchNumber(tableMetadataOffsets, dataType)
a = gg.getResults(5)
for i, v in ipairs(a) do
v.address = v.address - classOffset -- classOffset: 32bit = 0x8 | 64bit = 0x10
end
a = gg.getValues(a)
gg.clearResults()
compareWeaponsToAssembly = {}
for i,v in ipairs(a) do
if instructionSetArchitecture == 32 then
v.value = v.value & hexConvert -- hexConvert: 32bit = 0xFFFFFFFF
end
if v.value == assembly[1].address then -- if matches with assembly then store class pointer in compareWeaponsToAssembly (should ony be 1)
compareWeaponsToAssembly[#compareWeaponsToAssembly + 1] = v
end
end
gg.searchNumber(compareWeaponsToAssembly[1].address, dataType) -- perform pointer search on class pointer to get it's instances.
weaponPointers = gg.getResults(1141) -- maybe you get to many instances and will need to do extra checks to get the correct instances.
gg.clearResults()
weaponId = {}
for i, v in ipairs(weaponPointers) do --find your field by adding your field offset. It will do instance base address + field. Also add the desired data type of that field using the flags.
weaponId[i] = {address = v.address - weaponPointerToIdOffset, flags = dataType}
recoilTableOn[i] = {address = v.address + weaponPointerToRecoilOffset, flags = gg.TYPE_DOUBLE}
maxAmmoCapacityTableOn[i] = {address = v.address + weaponPointerToAmmoOffset, flags = gg.TYPE_DWORD}
end
gg.toast('recoil, reload, max ammo, accumulation ready')
end
weaponsSettings()
I hope this more or less explains it. sadly i don't have a simple script but i can provide you some, you take your time to understand they might make sense. All my scripts are written in similar way.
games.burny.playdoku.block.puzzle.lua com.gameinsight.gobandroid (1).lua
Also have a look at this video:
Can you explain step by step how i need to use the script, i don't know all this assembly editing. And i want to test it out. Editing this is not enough for it to work: It's not even the assembly editing that is the problem. First i want to make sure the script finds the right method. Btw i am sure it took quite some work to make the script but i don't get the purpose. It's supposed to modify methods no ?
