nok1a

I guess the actual gold and jewel value that you see on your screen is protected. It's obscuredDouble probably, might have to do with the class: spDB (something you need to check in the dump). --gold --gold value in memory 280: ferY4BQz72aoC0+AZsy5cPFpidyag1HQhc54k9KF80E= 304: QwuQy+5CvDo+m+O+fhMInPFpidyag1HQhc54k9KF80E= 321: RHY/I/aUtAdzHlP5z/m6ofFpidyag1HQhc54k9KF80E= 350: bh2L+iZHoNuqjFb39WQn3PFpidyag1HQhc54k9KF80E= 370: TadrNr5/f7joLSTHHFqR5fFpidyag1HQhc54k9KF80E= 387: ebtGeGn3X/1tzFzWNVChWfFpidyag1HQhc54k9KF80E= 403: cPbwtC2pYkFCORExrx+sDPFpidyag1HQhc54k9KF80E= So i think making a video about how to find the gold value on screen is unnecessary. The values you found using DataController class is way better since those values are static and wont change. And i don't have the dump to try to check the stuff, but it's also not needed since you already managed to hack the gold, and for the jewels you patch the methods with the script of ApexGG. For find the health value of your characters in the "MY CARDS" section, divide the health value by 1.5, then search the result in double (effect is applied to all the instances of the characters): double health = 27; double div = 1.5; int i = health / div; printf("search: %d", i); -- 18 Attack value isn't anything special, you can just search the value directly in double.

for the jewels i think you can just patch one of those jewel methods of the DataController class. Have you already tried?

I usually manually search the fields and classes. There are tutorials on how to do it i guess: While searching for the Gold, i had to make some script to make stuff a bit more easy for me. Not sure if the script will work for you because i only test on LDPlayer x86-64 where stuff might be a bit different then the usual device but maybe it works for you if your running 64bit: gg.clearResults() local range = gg.getRangesList("global-metadata.dat") function resultsList() local count = gg.getResultsCount() local results = gg.getResults(count) gg.clearResults() return results end function ptrToStr(str) gg.searchNumber(str, gg.TYPE_BYTE, nil, nil, range[1].start, range[1]["end"]) local a = gg.getResults(2) local tab = {[1] = a[2]} gg.clearResults() return tab end gg.setRanges(gg.REGION_OTHER) local ptr_datacontroller = ptrToStr("h 00 44 61 74 61 43 6F 6E 74 72 6F 6C 6C 65 72 00") local ptr_jsonnum = ptrToStr("h 00 4A 53 4F 4E 4E 75 6D 62 65 72 00") function srch_obj_datacontroller() gg.setRanges(gg.REGION_C_ALLOC | gg.REGION_ANONYMOUS) gg.loadResults(ptr_jsonnum) gg.searchPointer(0) local a = resultsList() for i, v in ipairs(a) do v.address = v.address - 0x10 end gg.loadResults(a) gg.searchPointer(0) gg.searchPointer(0) local class_start = resultsList() for i, v in ipairs(class_start) do v.address = v.address - 0x78 end class_start = gg.getValues(class_start) local class_name = {} for i, v in ipairs(class_start) do class_name[i] = {address = v.value + 0x10, flags = v.flags} end class_name = gg.getValues(class_name) local class = {} for i, v in ipairs(class_name) do if (class_name[i].value == ptr_datacontroller[1].address) then class[1] = class_start[i] break end end return class end local obj_DataController = srch_obj_datacontroller() local vals = gg.getValues( { {address = obj_DataController[1].address + 0x78, flags = gg.TYPE_QWORD}, {address = obj_DataController[1].address + 0x80, flags = gg.TYPE_QWORD}, {address = obj_DataController[1].address + 0x88, flags = gg.TYPE_QWORD}, {address = obj_DataController[1].address + 0x90, flags = gg.TYPE_QWORD}, {address = obj_DataController[1].address + 0x98, flags = gg.TYPE_QWORD}, {address = obj_DataController[1].address + 0xA0, flags = gg.TYPE_QWORD} } ) gg.addListItems( { {address = vals[1].value + 0x10, flags = gg.TYPE_DOUBLE, name = "Double_StageClearGoldFirst"}, {address = vals[2].value + 0x10, flags = gg.TYPE_DOUBLE, name = "Double_StageClearGoldWeightedValue"}, {address = vals[3].value + 0x10, flags = gg.TYPE_DOUBLE, name = "Double_StageClearGoldWeightedValueForEachStage"}, {address = vals[4].value + 0x10, flags = gg.TYPE_DOUBLE, name = "Double_StageClearGoldWeightedValueForStanddardStage"}, {address = vals[5].value + 0x10, flags = gg.TYPE_DOUBLE, name = "Double_RecallGoldFirst"}, {address = vals[6].value + 0x10, flags = gg.TYPE_DOUBLE, name = "Double_RecallGoldWeightedValue"} } )

The values that you could edit at those fields for increase gold have become pointers that point to the gold, that's maybe why your old method with the script wasn't working? But once you go to the pointer you can find your gold value at + 0x10 from it's address. Your old gold value belongs now to the class JSONNum which has more then 30k instances (didn't check in the dump if it was class, might not be a class)...so it's better to find the gold through the class you shared. Editing on the gold value in region A worked for me, so i assume that the script that ApexGG shared will work as well for patching the methods of that class (if it are the correct methods). But i honestly got no idea if editing methods of this class work as it should since i didn't try modifying those instructions. But i assume it does, give it a try.

For dynamic addresses the base address is a pointer which you obtained through a chain of pointers or an address from a group search or combination of both, which you can use to calculate the distance from base address to address of the gold value. If your not familiar with it you can use scripts from the forum. For games made in Unity, try using field offset finder. On other game engines perhaps try using the chainer script. Maybe this video helps you:

yeah like you won't find it in memory, they somehow making use of the protected metadata header, maybe you can dump older version of the game before they started protecting it ? And then use a script that can search by class name to get the correct offset?

Address is probably a string. Maybe you want to check the string.sub() function ? https://www.lua.org/pil/20.html https://stackoverflow.com/questions/45255696/extracting-the-last-n-characters-of-string-in-lua

Just freeze your game while your doing the search. The script does stuff that you could do by your self. Maybe check this video to better understand what the script does (because i can't install or use GG for a while already) https://emalm.com/?v=LBaYI The video explains the steps i want you to do. You can skip the video to 07:00.

Oke, then do pointer search on the first printable character, then offset -0x10

Oke, search it manually. Enable the OTHER region and search your string: h004163746f7243616d657261436f6e74726f6c6c657200

Did you try running your old script and enabling all memory ranges?

And you sure the game you running is 64 bit? You need to comment each part of the code in which it's doing a search and see where it doesn't show results.

Try perhaps this: function metaDataOffsets() startAddressDat = 0 endAddressDat = 0 local rangesDat = gg.getRangesList("global-metadata.dat") for i, v in ipairs(rangesDat) do if v.state == "O" then startAddressDat = v.start endAddressDat = rangesDat[i]["end"] break end end end metaDataOffsets() function stringNames() Class_ActorCameraController = "h004163746f7243616d657261436f6e74726f6c6c657200" end stringNames() function searchString(className) gg.clearResults() gg.setRanges(gg.REGION_OTHER) gg.searchNumber(className, gg.TYPE_BYTE, nil, nil, startAddressDat, endAddressDat) local t = gg.getResults(gg.getResultsCount()) gg.setRanges(gg.REGION_C_ALLOC) gg.loadResults(t) gg.searchPointer(0) local a = gg.getResults(5) for i, v in ipairs(a) do v.address = v.address - classOffset end gg.loadResults(a) end function isProcess64Bit() local regions = gg.getRangesList() local lastAddress = regions[#regions]["end"] return (lastAddress >> 32) ~= 0 end function validISA() instructionSetArchitecture = 0 if isProcess64Bit() == true then instructionSetArchitecture = 64 else instructionSetArchitecture = 32 end return instructionSetArchitecture end validISA() function instructionsOffset() if instructionSetArchitecture == 32 then hexConvert = 0xFFFFFFFF dataType = 4 classOffset = 0x8 else dataType = 32 classOffset = 0x10 end end instructionsOffset() function offset_actorCameraController() if instructionSetArchitecture == 32 then else offset_Outside = 0x60 end end offset_actorCameraController() function ActorCameraController() gg.clearResults() searchString(Class_ActorCameraController) gg.setRanges(gg.REGION_ANONYMOUS) gg.searchPointer(0) local instances_ActorCameraController = gg.getResults(gg.getResultsCount()) gg.clearResults() local ActorCameraController_Outside = {} for i, v in ipairs(instances_ActorCameraController) do ActorCameraController_Outside[i] = {address = v.address + offset_Outside, flags = gg.TYPE_FLOAT} end gg.loadResults(ActorCameraController_Outside) end

Did you enable the correct memory ranges when performing pointer search ? Enable all of them and run the script. See if it works? If it works, add the memory ranges in your script.

Maybe because the values are in a different memory region. Did you try checking region Other ?

mask search tutorial: Example of the mask search - GameGuardian (#1asz7l9n) https://gameguardian.net/help/help.html#help_mask_search But with "Group Search" in this context do you mean to filter the result list based on multiple masks? You can't filter by multiple masks at once. But you have the option to use wildcards by using the "?" symbol. Then every hex value from 0 to F will be valid in which ever position you placed the symbol.

Welcome, this post counts as a introduction, so welcome again. But it is best to make a new post with the specific question. People in the forum help out wherever is possible

Please if the answer was correct according to your question don't forget to mark the persons answer as the solution. Like that it will be visible for people that this post has been given a solution. Like here for example:

Yes you can. You need to enable developer mode and enable the option to download from unknown sources. Similar like on a normal android phone. But not all apps work on the chromebook. So you might have issues with installing games and virtual spaces. I think you can root the ARC++ or now called ARCVM which makes it possible for android apps to run on your chomebook, see here. People done it. Once you root it, the apps will obtain root access and you won't need a virtual space. So you might want to give it a try. See the tutorial.

If it did not had storage permission then i don't think it would see the folders either. Are you sure you are at the correct path? Try to go to root folder and navigate from there to your SD card. And make a video and post here.

But if you did a nearby search of 500 you should be able to find another group search that is better and more static.

no, maybe check igameguardian forum. or IOS modding forums.