HorridModz

@EnybyHello, I am reporting a behavior that appears to be a bug in gameguardian. It seems that the "Copy as group search", when used with "UTF-8" and "UTF-16", assumes that the values are consecutive, i.e. one byte apart. However, this is not always the case, causing group searches to sometimes fail. This is best illustrated by examples: Let's search the string "abc" in UTF-8 and save the first 3 results, but leave out the second one: gg.clearResults() gg.setRanges(gg.REGION_ANONYMOUS) gg.searchNumber(":abc", gg.TYPE_BYTE) gg.addListItems(gg.getResults(1)) -- first result - "a" gg.addListItems(gg.getResults(1, 2)) --third result - "c" Now, we have two results: 97 byte, representing the character "a", and 99, representing the character "c". These results are a byte apart - so they do not directly form the string "ac" and would not be searchable as ":ac"; rather, they would be searchable by a group search that accounts for the byte in between: 97B;0~~0B;99B::3. However, the Copy as Group Search function, when I select UTF-8, gives ":ac". This is not the right group search and seems to be a bug. In order to show why this is wrong, here is the situation where I discovered the bug. I had a script that writes a string to memory, like this: function Write_String(mystring) --[[ Allocate memory in Anonymous region and write string to allocated memory ]]-- address = gg.allocatePage(gg.PROT_READ | gg.PROT_WRITE, gg.REGION_ANONYMOUS) values = {} for i = 0, #mystring do values[#values + 1] = {address = address + i, value = ":" .. mystring:sub(i, i), flags = gg.TYPE_BYTE} end gg.loadResults(values) -- must load results before we can edit with setvalues gg.setValues(values) end Write_String("Here is my special string!") If I run this script, I get the string written in consecutive byte values. I use Copy as Group Search for UTF-8, and it gives me the correct search: ":Here is my special string!". But now let's revert what we just did by refreshing the game, change the address spacing to every 2 bytes, so the string is no longer consecutive, and copy it as a group search again: function Write_String(mystring) --[[ Allocate memory in Anonymous region and write string to allocated memory ]]-- address = gg.allocatePage(gg.PROT_READ | gg.PROT_WRITE, gg.REGION_ANONYMOUS) values = {} for i = 0, #mystring do values[#values + 1] = {address = address + i*2, value = ":" .. mystring:sub(i, i), flags = gg.TYPE_BYTE} end gg.loadResults(values) -- must load results before we can edit with setvalues gg.setValues(values) end Write_String("Here is my special string!") We copy it as group search again, and get the exact same thing: ":Here is my special string!". However, now that the addresses are 2 bytes apart, this is wrong and will not work. If we try to search it, nothing comes up. So, this is definitely not working right. I'm pretty sure that it's a bug. My suggestion for fixing this would simply be displaying an error message if the addresses were not consecutive, like this: "UTF-8 [or UTF-16] group search only works for consecutive addresses. Please use a different type of group search." If there's any other information anyone would like, feel free to ask.

I'm wondering if there's some way to do it by seeing the highest address in the game. Like if I can somehow find the base address of the game, then I do an address search for base address + 0x1AD27480 (450000000) - equivalent to 450 million, or 450 mb. Then if the search comes up with a result, game process size is at least 450 MB. Could that work?

Sorry, I no longer maintain that script. That sucks, looks like pixel gun 3d is detecting gameguardian. This is device-specific, it seems, and not an issue with my script. So I can't help you - sorry! Perhaps you can ask around and see if anyone else has managed to circumvent this detection.

Okay, that's what I figured. You're right about the block not being continuous; sorry. @CmPprovided actual code which solves that problem by trying to allocate continuously, but I have no idea how often that would work and the tendency of it to fail (I'm unaware of how the kernel decides where to allocate the memory). A solution to that might be to allocate the first block in an obscure region (maybe an unused memory region, like c++ heap, would work? This is a gray area for me, so I wouldn't really know.) where you are sure there's enough consecutive space. If I were you, I would first take CmP's code and play around with it, seeing if you encounter any issues.

Hi, I have a hex patch that must be run when the game's process size is before approximately 450 MB. After this point, the game has gotten to the point in its initialization where the function I am patching has already been called. So, if you patch it when the game's process size is over around 450 MB, it will not work. I'm trying to write a script to do this patch. I want the script to detect if the game's process size is below 450 MB, and if not, tell the user to restart the game. However, I couldn't find anything for this in gg.getTargetInfo() or any other functions. So, I'm stumped on how to do this. I've given up with gameguardian and, as a workaround I'm now just trying to locate some kind of value in memory or function in the game that can give me a hint on the process size or initialization progress. My best guess right now is to see how much the game has loaded by finding the function that reports the % loaded. Is there any way to do this natively in gameguardian? Or is there any easy workaround I can use? Thanks!

I don't believe that's directly possible, but you can allocate as many pages as you need and chain them together. To do this calculate how many pages you need by dividing by 4KB, and in a loop allocate a block and add the return address of the allocated block to a list. You can then combine all of your memory into a table of values by looping over the list and adding the 1000 values (taking the start address and adding 4 each time, 1000 times) to the table for each address. If you don't understand, I can code that for you - it's pretty simple to do. Though I wonder what you're writing to memory that takes so much space? An image or save code, or something?

Do you just mean multiplication? Or do you want to add the value N separate times, with a pause in between? For the latter, you could write a simple script, like this: N = 10 -- how many times add = 100 -- value to add on every time timebetween = 1000 -- how long to wait between times (milliseconds) values = gg.getResults(gg.getResultsCount()) for _ in N do for i in values do values[i].value = values[i].value + add end gg.sleep(timebetween) end

View File UPDATED PG3D 24.3.2+ + ACTUAL 32bit SUPPORT - Pixel Gun 3D ALL UPDATE Custom Lottery Rewards Hack (32bit and 64bit) Contact Me: User123456789#6424 / @horridmodz on discord Ahhh, it's finally here! Over a year and a half after posting the original, and many, many requests, it's back! I promised to get this done today, and here it is, just barely in time. Since it's been so long, I am posting this update as a new thread. I've been meaning to update this for a while; and I'm sorry for such a looong wait. But this should be the last time you have to wait - because, if my crazy WIP All Update Script Generator tool works as well as I hope, this will be made so resilient it's practically unpatchable! So, here we are. The script is the same as last time, but with some minor improvements - and 32bit support! Unfortunately, I couldn't get 32bit custom values to work, but I got the predetermined values working. I was finally able to figure out that the issues I've been having are actually not my fault, but a limitation with the way lua itself handles integers - to get technical, the 32bit edit values exceed lua's integer limit, but the 64bit ones do not. I tried to workaround this, but just couldn't do it. However, a big rework of the script that I have planned, which changes the way editing is done, will fix this problem. I finally updated this script because I have time over spring break. Shoutout to @dizzy252for sending a request to update the script that I coincidentally saw right before spring break started - if it hadn't been for him, I probably wouldn't have had the thought to do this! Alongside this script, I've in the process of developing a revolutionary tool that creates resilient all update scripts; all you have to do is input your offset or hex and it spits out the full script. If you're interested, here's a sneak peak: https://www.youtube.com/watch?v=sVwODQcSy4A Want to update the script yourself? I have created a lotto sets template! Disclaimer: This script is bannable! Getting too much currency within a certain time frame will flag your account as suspicious and you will be banned in the next ban wave. I recommend only getting at most a few thousand gems per day, or your account will have a high risk of being banned. Even if you do play it safe, you can still be banned. By the way, due to a rework of sets by the developers, sets no longer work. Only lottery rewards are modified. Warning: Using the custom value option and setting the reward values to over 45,000 will instantly ban you! This is not an ordinary lottery script. Here's what unique about it: -This script will work on all game updates (the lowest game version tested is 22.4.3, but downgrading is impossible anyway), even future updates -The script supports various values, and lets you enter a custom value (currently custom values do not work for 32bit) if it does not have what you want. Currently, only whole numbers (no decimal values like 1.5) in the range of 0 to 65536 are supported. -This script supports both 32bit and 64bit devices -This script has a small antiban feature that warns you when you try to edit the reward values over 45,000 Enjoy! Submitter HorridModz Submitted 04/02/2024 Category LUA scripts  

I don't understand. What does disposing memory have to do with the memory layout? Also, I have an idea for dynamically finding out the address, though I don't quite know how to do it myself. If you know the field offset, perhaps you could find a method that references the field by using a hex search or offset calculation, then navigate to the instruction that references the field? From that point, I believe that you could extract the offset from the assembly instruction - it would be relative to something, maybe an ldr or an instruction of the like - and then determine the field's address in memory. Just a suggestion; again, I don't have the experience to know if that would work. Have you tried poking around in the dump using dnspy to find anything peculiar, such as an anticheat?

Unrelated, but I'm trying to learn Frida myself. I know you have posted some youtube videos on the subject; is there any description you could give me or tutorial you could link to show me just how you did this? Props!

Lmao, I love the meme! What's the error? Video or description? And of course logcat - but it's even more important that you describe what the error is!

Woah, this is great! I'm impressed by your perseverance - if I found a server sided game, I would instantly quit. People who persist always amaze me! It's good that you found some useful hacks, but unfortunately, many games like this simply aren't very hackable. You can only touch what's client sided, and that's not under your control. Of course keep looking, because the more cheats you have at your disposal, the better. Additionally, my suggestion for how to move forward would be exploring how you can use these hacks to gain a significant advantage. A great example of this is the game Township: The game is mostly server-sided, but there are some hacks the community has discovered that are not. There is a cheat that allows you to change the rewards from and cost of a task, but there is a very low ceiling on how much you can gain at once, or else you will be flagged and auto-banned. To workaround this, I used a gameguardian script and autoclicker to automate the process of editing and completing these tasks. I'm telling you this to show that it is possible to get around restrictions and use what you can hack to achieve lofty goals. So, I would suggest seeing what you can do with the hacks you do have. Perhaps you can create some kind of bot or macro? Since you have cheats that seem to make the game much easier, would this allow you to, say, farm games AFK with a simple autoclicker? Again, some stuff simply cannot be achieved (such as gaining VIP, in your case), but you can sometimes still do big things with what you do have. Another piece of advice I have is to look for low-hanging fruit. If the game is only partially server-sided, this suggests that the developers have deliberately made important things server sided and left more trivial things (such as movement speed) to the client. This means that if you do the opposite of your intuition, and seek relatively harmless hacks, you may have a higher chance of succeeding. See what small, seemingly inconsequential things you can do, because these little hacks can do big things if applied right. Lastly, remember that searching for methods is not the only way to mod. Editing values with gameguardian may seem less effective and more failure-prone, but it is easier. quicker, and much more direct. In the same way, you may want to try searching for these trivial values and inconsequential numbers. For instance, how about editing some value in an event, changing a progress bar, or editing strings to swap an ordinary reward in for a better one. This strategy may not work as well, but in my opinion, it is worth exploring - at least for testing things before diving into dump.cs. I'm excited to see if you figure anything else out. Good luck, and happy hacking!

Have you tried this script? Field Offset Finder - Tools - GameGuardian

Can you please elaborate? Do you not know what whether you are 32bit or 64bit? Do you not know what libil2cpp.so file to use? Do you not know what hex value to edit to? I need more information to be able to help.

View File Pixel Gun 3D Lottery Sets Template Unlike the all updates version, this script does support Armv7 (32bit). Contact Me: User123456789#6424 on discord Disclaimer: This script is bannable! Getting too much currency within a certain time frame will flag your account as suspicous and you will be banned in the next ban wave. I recommend only getting at most 2,000 gems per day, or your account will have a high risk of being banned. Even if you do play it safe, you can still be banned. Warning: Using the custom value option and setting the reward values to over 45,000 will instantly ban you! While my all updates lottery sets script will work for multiple versions, the devs like to patch it manually. So, I decided to make an alternative. This is a template for updating lottery sets yourself! Features: -Supports various values, and lets you enter a custom value if it does not have what you want. Currently, only whole numbers (no decimal values like 1.5) in the range of 0 to 65536 are supported. -Supports devices with both armv7 (32bit) and armv8 (64bit) architectures -This script has a small antiban feature that warns you when you try to edit the reward values over 45,000 Updating: This script will only work for one update, but unlike the all updates version, it's really easy to update the script yourself. Just open up the file in a text editor, and you will be greeted with some data to fill in: The 32bit and 64bit hex values, game version, and your name (optional). The hard work is obtaining these hex values. While it's very easy to do yourself, you will have to be experienced with hex patching in order to update it. Here's my favorite beginner-friendly hex patching tutorial: https://www.youtube.com/watch?v=yAK7rRhmTG4&t=41s&ab_channel=PMTDVA. If you have any questions about how to do this, feel free to contact me on discord! While it is possible to make this template work for all updates, it would require a lot of work. I may eventually make this, but don't count on it. Submitter HorridModz Submitted 01/14/2023 Category LUA scripts  

This isn't pg3d related; it's the architecture. PG3D has no anti-speedhack or anything special. However, you don't have to use the built-in speedhack. You can also use a script, like this one: https://gameguardian.net/forum/files/file/2918-auto-speedhack-finder/