[Can a group search be done for encrypted value or any other way to speed up the process?]

7 minutes ago, nok1a said:

It wasn't in the script because i was already at the right address to perform the pointer search on to get to health value. Your at a different pointer then mine using your group search.

The table t contains those 4 results you had from performing a pointer search on that one address you had from your group search. You already addedan offset of 0x8 to all those addresses to get to the address that is supposed to hold the value 256 and you stored the new addresses in the table (sensitivity). use print(sensitivity) for see what's in the table.

Only problem is that your doing it for all the 4 addresses in the result list while you only have to do it for the one address in region Anonymous. That's why specify the regions as accurate as possible in which you want find the pointers in in or it will already bring issues.

The way you added 0x8 to do the addresses you now do the same for the table t in a loop.

healthPointer[i] = {address = t[i].address, flags = gg.TYPE_DWORD}

add the offset from your start address to the address on which you want to perform the pointer search on to get the health value.

 

 

 

Sorry man I am still confused lol.  I already have this line:

healthPointer[i] = {address = t[i].address, flags = gg.TYPE_DWORD}

and I don't understand how to write this out:

                         add the offset from your start address to the address on                          which you want to perform the  pointer search on to get the                          health value.

 

Sorry if I am asking for a little hand-holding because it's something new and a bit advanced for me

[Can a group search be done for encrypted value or any other way to speed up the process?]

4 minutes ago, nok1a said:

You as well need to add the offset from your start address to the address that you want to perform apointer search on, the one below the 1.0 float value.

I don't understand this part.....where does this show in your script?

 

Also btw, I just realized even your script sometimes randomly fails...it gives me the incorrect address. Is this normal?

[Can a group search be done for encrypted value or any other way to speed up the process?]

8 minutes ago, nok1a said:

Yeah when using searchPointer() you have to specify the regions before you load the results in the result list. The regions at the first line should be the region where you try finding your group search, but i am not sure if your group search is always in the same region. Then when pointer searching you have to only specify the region where the pointer is which i think was region Ca or A.

I am really going blind here Lol. Please please help me fix my script and this will be the last thing I ask you for. Honest to God man.

d. 

 

8 minutes ago, nok1a said:

Yeah when using searchPointer() you have to specify the regions before you load the results in the result list. The regions at the first line should be the region where you try finding your group search, but i am not sure if your group search is always in the same region. Then when pointer searching you have to only specify the region where the pointer is which i think was region Ca or A.

I noticed in your script you only specified regions in the first line.  

So could you tell me what I need to add and where to add it to make my script do what your script does?

[Can a group search be done for encrypted value or any other way to speed up the process?]

17 minutes ago, nok1a said:

Your offset is + 0x8 of the pointer, not - 0x8.

Also i not know if you saw but the memory region in which your value 256 was located was in region anonymous. So make your pointer searching more accurate by specifying the correct regions when needed...if you where sharing the scripts with multiple people i can understand you use multiple regions. But in this case it's for personal use i guess? See here the regions you can use.

When comparing two values they must be of same type as mentioned. You comparing a number type and a string type here.

 

If all the values are in dword no need to use "A" in front of each number. It slowers the search. It's better use the correct data type for each value or just remove the data type of each value and give them all same data type using gg.TYPE_DWORD. You will prevent issues by doing so. As mentioned here. The choice is up to you.

I also removed the quotes around 256 

so now it's like this:

if sensitivity[i].value == 256 then

but I still just get the same 3 results as show in the video. 

[Can a group search be done for encrypted value or any other way to speed up the process?]

8 minutes ago, nok1a said:

Your offset is + 0x8 of the pointer, not - 0x8.

Also i not know if you saw but the memory region in which your value 256 was located was in region anonymous. So make your pointer searching more accurate by specifying the correct regions when needed...if you where sharing the scripts with multiple people i can understand you use multiple regions. But in this case it's for personal use i guess? See here the regions you can use.

When comparing two values they must be of same type as mentioned. You comparing a number type and a string type here.

 

If all the values are in dword no need to use "A" in front of each number. It slowers the search. It's better use the correct data type for each value or just remove the data type of each value and give them all same data type using gg.TYPE_DWORD. You will prevent issues by doing so. As mentioned here. The choice is up to you.

Yes it's for personal use. I have specified 3 regions:

gg.REGION_ANONYMOUS | gg.REGION_C_BSS | gg.REGION_C_ALLOC)

 

Yes the value "256" is in REGION_ANONYMOUS. Isn't this okay?

12 minutes ago, nok1a said:

Your offset is + 0x8 of the pointer, not - 0x8.

Also i not know if you saw but the memory region in which your value 256 was located was in region anonymous. So make your pointer searching more accurate by specifying the correct regions when needed...if you where sharing the scripts with multiple people i can understand you use multiple regions. But in this case it's for personal use i guess? See here the regions you can use.

When comparing two values they must be of same type as mentioned. You comparing a number type and a string type here.

 

If all the values are in dword no need to use "A" in front of each number. It slowers the search. It's better use the correct data type for each value or just remove the data type of each value and give them all same data type using gg.TYPE_DWORD. You will prevent issues by doing so. As mentioned here. The choice is up to you.

Okay even when I fixed it to + 0x8 I still got the same exact thing as in the video.

[Can a group search be done for encrypted value or any other way to speed up the process?]

6 hours ago, nok1a said:

That's right. I also didn't knew about pointers first. Actually this whole GG pointer thing didn't make sense because i didn't knew what where hex, bytes and bits...should have stayed in school longer to get some basics...So i totally get you...it's a pain to come in without knowledge about all this...Was watching some YT tutorials about how or what are bits and bytes and it helped me. Then after some time i understand addresses in memory a little and then pointer concept from a GG point of view made more sense. But also importantly the members in this forum contribute to making it more easy for people like us to understand something which is most likely alien language for us. There is lot's of things to learn i guess. We can use GG and the forum and other sources to learn more.

This should absolutely be the last time I bother you LOL.  I got my own nice accurate group search now. And I almost have it down perfectly but I am stuck on the part where I can filter out the remaining addresses to only have 1 address left. I saw a "256D" value 8 bytes down from the pointer.  So I tried to do what you did with that "1.0F" value to filter them out but it's not working. I've been racking my brain until I got a headache LOL.  In this video the script gets me halfway through to the health value, and the remaining part I did manually. Could you help me bridge the gap in the script to get to the health value?  Here is the script I am using:

gg.setRanges(gg.REGION_ANONYMOUS | gg.REGION_C_BSS | gg.REGION_C_ALLOC)
gg.searchNumber("-1,049,624,576A;1,092,616,192A;1,082,130,432A;1,056,964,608A;1,062,333,317A::73", gg.TYPE_DWORD)
gg.refineNumber("-1,049,624,576A", gg.TYPE_DWORD)
print("Group search: ", gg.getResultsCount())
local grp = gg.getResults(1)
gg.loadResults({{address = grp[1].address - 0x88, flags = gg.TYPE_DWORD}})
gg.searchPointer(0)
local t = gg.getResults(gg.getResultsCount())
print("First Pointer search: ", gg.getResultsCount())
local t = gg.getResults(gg.getResultsCount())
local sensitivity = {}
for i, v in ipairs(t) do
  sensitivity[i] = {address = v.address - 0x8, flags = gg.TYPE_FLOAT}
end
sensitivity = gg.getValues(sensitivity)
local healthPointer = {}
for i = 1, #sensitivity do
  if sensitivity[i].value == "256" then
    healthPointer[i] = {address = t[i].address, flags = gg.TYPE_DWORD}
  end
end

 

You are almost finished with me I PROMISE 

[Can a group search be done for encrypted value or any other way to speed up the process?]

5 minutes ago, nok1a said:

That's right. I also didn't knew about pointers first. Actually this whole GG pointer thing didn't make sense because i didn't knew what where hex, bytes and bits...should have stayed in school longer to get some basics...So i totally get you...it's a pain to come in without knowledge about all this...Was watching some YT tutorials about how or what are bits and bytes and it helped me. Then after some time i understand addresses in memory a little and then pointer concept from a GG point of view made more sense. But also importantly the members in this forum contribute to making it more easy for people like us to understand something which is most likely alien language for us. There is lot's of things to learn i guess. We can use GG and the forum and other sources to learn more.

You nailed it right on the head. My feeling exactly. This forum is so rich and if we just use youtube and google, we feel a scarcity in information and knowledge 

[Can a group search be done for encrypted value or any other way to speed up the process?]

2 hours ago, nok1a said:

Yeah you should. Are you sure you did it correctelly though. I performed pointer search more then once...so you have to use go to the pointer more then onces as well in order to get to the groups search.

Okay okay I finally got it!  You dug into deeper pointer "layers" in order to fine tune your group search and make it more accurate, which in turn resulted in needing that third "extra" pointer search while backtracking to find the health value.  Makes perfect sense!  LOL  

OMG bro you are amazing! You've literally taught me from scratch a skill I never had.  I will be forever in your debt man!

[Can a group search be done for encrypted value or any other way to speed up the process?]

1 hour ago, nok1a said:

Yeah you should. Are you sure you did it correctelly though. I performed pointer search more then once...so you have to use go to the pointer more then onces as well in order to get to the groups search.

Okay let's see if I can figure out where I am going wrong.  I ran your script and got your health value. Then I also ran your group search. Here is your group search results. All addresses start with "B431FBxx" 

 

 

Next, I press on your health value from the saved area, and I press GOTO

 

Then I press on the address which is 4 bytes above it "AC0912E8" and I chose "Goto pointer"

 

I arrive at this list and I scoured the entire list (up and down) and I can't find your block of your group search whose addresses should start with "B431FBxx"    What am I doing wrong? 

 

[Can a group search be done for encrypted value or any other way to speed up the process?]

10 hours ago, nok1a said:

Your script can not be same because your using different group search, and where you found your group search the structure is different. You only have to do one time a pointer search and your not using any values to filter out irrelevant results. You can remove most of the lines from it, here some example based on your group search and pointer you when't to.

gg.setRanges(gg.REGION_ANONYMOUS | gg.REGION_C_BSS | gg.REGION_C_ALLOC)
gg.searchNumber("17D;1,075,642,368D;1,900,544D;1,310,728D;589,828D;1,703,957D;1,703,969D;1,376,289D;1,920D;469,762,048D::185", gg.TYPE_DWORD)
gg.refineNumber("1,900,544", gg.TYPE_DWORD)
print("Group search: ", gg.getResultsCount())
local grp = gg.getResults(gg.getResultsCount())
for i, v in ipairs(grp) do
  v.address = v.address - 0x4
  v.flags = gg.TYPE_DWORD
  end
gg.loadResults(grp)
gg.searchPointer(0)
local t = gg.getResults(gg.getResultsCount())
for i, v in ipairs(t) do
  v.address = v.address - 0xC
  v.flags = gg.TYPE_FLOAT
 end
gg.loadResults(t)

 

By the way you didn't answer me on this question from the previous page:

When I run your script and get the health value, shouldn't I theoretically be able to go to the nearest pointer, which is 4 bytes above your health value and click "go to pointer" and find that block that you used for your group search? I mean since they are static they should appear on my device too just like they did on your 2 devices, right? Well I went up and down the list and I didn't find that block of numbers.   

[Can a group search be done for encrypted value or any other way to speed up the process?]

9 hours ago, nok1a said:

Your script can not be same because your using different group search, and where you found your group search the structure is different. You only have to do one time a pointer search and your not using any values to filter out irrelevant results. You can remove most of the lines from it, here some example based on your group search and pointer you when't to.

gg.setRanges(gg.REGION_ANONYMOUS | gg.REGION_C_BSS | gg.REGION_C_ALLOC)
gg.searchNumber("17D;1,075,642,368D;1,900,544D;1,310,728D;589,828D;1,703,957D;1,703,969D;1,376,289D;1,920D;469,762,048D::185", gg.TYPE_DWORD)
gg.refineNumber("1,900,544", gg.TYPE_DWORD)
print("Group search: ", gg.getResultsCount())
local grp = gg.getResults(gg.getResultsCount())
for i, v in ipairs(grp) do
  v.address = v.address - 0x4
  v.flags = gg.TYPE_DWORD
  end
gg.loadResults(grp)
gg.searchPointer(0)
local t = gg.getResults(gg.getResultsCount())
for i, v in ipairs(t) do
  v.address = v.address - 0xC
  v.flags = gg.TYPE_FLOAT
 end
gg.loadResults(t)

 

Okay, I am starting to get it lol.  Let me squeeze my brain again today and see what I come up with. I really appreciate al your help my friend. 

[Can a group search be done for encrypted value or any other way to speed up the process?]

gg.setRanges(gg.REGION_ANONYMOUS | gg.REGION_C_BSS | gg.REGION_C_ALLOC)
gg.searchNumber("17A;1,075,642,368A;1,900,544A;1,310,728A;589,828A;1,703,957A;1,703,969A;1,376,289A;1,920A;469,762,048A::185", gg.TYPE_DWORD)
gg.refineNumber("1,900,544", gg.TYPE_DWORD)
print("Group search: ", gg.getResultsCount())
local grp = gg.getResults(gg.getResultsCount())
for i, v in ipairs(grp) do
  v.address = v.address - 0x4
  v.flags = gg.TYPE_DWORD
  end
gg.loadResults(grp)
gg.searchPointer(0)
print("First Pointer search: ", gg.getResultsCount())
gg.searchPointer(0)
print("Second Pointer search: ", gg.getResultsCount())
local t = gg.getResults(gg.getResultsCount())
local sensitivity = {}
for i, v in ipairs(t) do
  sensitivity[i] = {address = v.address + 0x4, flags = gg.TYPE_FLOAT}
end
sensitivity = gg.getValues(sensitivity)
local healthPointer = {}
for i = 1, #sensitivity do
  if sensitivity[i].value == 1.0 then
    healthPointer[i] = {address = t[i].address, flags = gg.TYPE_DWORD}
  end
end
gg.loadResults(healthPointer)
print("Results healthPointer: ", gg.getResultsCount())
gg.searchPointer(0)
print("Third Pointer search: ", gg.getResultsCount())
local t = gg.getResults(gg.getResultsCount())
local health = {[1] = {address = res[1].address - 0xc, flags = gg.TYPE_FLOAT, name = "Health"}}
gg.addListItems(health)
gg.loadResults(health)

25 minutes ago, Sami1982 said:

Wait maybe I misunderstood about the pointer.....when I click on the health value and click GOTO, this is the line that I long pressed on and clicked GOTO pointer.  So from 5C to 68 is 12 bytes right?

Okay when I changed all the 0xC to 0X4 the first and second pointer searches are successful but i get 0 results for the third pointer search.

 

[Can a group search be done for encrypted value or any other way to speed up the process?]

30 minutes ago, nok1a said:

Why are you doing 0x0C  ? Your value 1,900,544 is not 12 bytes away from the pointer you just whent to, it's 4 bytes away.

If you enable byte view in the memory viewer you can see the actual distance between the addresses:

Or you can select both addresses and use the offset calculation to see distance from start address to destination address.

Wait maybe I misunderstood about the pointer.....when I click on the health value and click GOTO, this is the line that I long pressed on and clicked GOTO pointer.  So from 5C to 68 is 12 bytes right?

24 minutes ago, Sami1982 said:

Wait maybe I misunderstood about the pointer.....when I click on the health value and click GOTO, this is the line that I long pressed on and clicked GOTO pointer.  So from 5C to 68 is 12 bytes right?

Okay when I changed all the 0xC to 0X4 the first and second pointer searches are successful but i get 0 results for the third pointer search

gg.setRanges(gg.REGION_ANONYMOUS | gg.REGION_C_BSS | gg.REGION_C_ALLOC)
gg.searchNumber("17A;1,075,642,368A;1,900,544A;1,310,728A;589,828A;1,703,957A;1,703,969A;1,376,289A;1,920A;469,762,048A::185", gg.TYPE_DWORD)
gg.refineNumber("1,900,544", gg.TYPE_DWORD)
print("Group search: ", gg.getResultsCount())
local grp = gg.getResults(gg.getResultsCount())
for i, v in ipairs(grp) do
  v.address = v.address - 0x4
  v.flags = gg.TYPE_DWORD
  end
gg.loadResults(grp)
gg.searchPointer(0)
print("First Pointer search: ", gg.getResultsCount())
gg.searchPointer(0)
print("Second Pointer search: ", gg.getResultsCount())
local t = gg.getResults(gg.getResultsCount())
local sensitivity = {}
for i, v in ipairs(t) do
  sensitivity[i] = {address = v.address + 0x4, flags = gg.TYPE_FLOAT}
end
sensitivity = gg.getValues(sensitivity)
local healthPointer = {}
for i = 1, #sensitivity do
  if sensitivity[i].value == 1.0 then
    healthPointer[i] = {address = t[i].address, flags = gg.TYPE_DWORD}
  end
end
gg.loadResults(healthPointer)
print("Results healthPointer: ", gg.getResultsCount())
gg.searchPointer(0)
print("Third Pointer search: ", gg.getResultsCount())
local t = gg.getResults(gg.getResultsCount())
local health = {[1] = {address = res[1].address - 0xc, flags = gg.TYPE_FLOAT, name = "Health"}}
gg.addListItems(health)
gg.loadResults(health)

 

[Can a group search be done for encrypted value or any other way to speed up the process?]

13 minutes ago, nok1a said:

Make sure that when you do a group search you specify it's data type. When you put Auto in front of it GG will look for all possible data types for that specific value and then needs to match it also with the other values to see if the group search can be found.

You could have results you don't need.

For example do this:

gg.searchNumber("17D;1,075,642,368D;1,900,544D;1,310,728D;589,828D;1,703,957D;1,703,969D;1,376,289D;1,920D;469,762,048D::185", gg.TYPE_DWORD)

 Or you can ignore the data types next to the value and only use

gg.TYPE_DWORD

For refine you don't need to put a data type anymore aside from adding the gg.TYPE_DWORD

 

Thank you so much for all the info and instructions. You're too generous as always

Okay, I tried to break up the script to go only as far as the first pointer search (to not overwhelm myself) but I am still getting no results and I don't know what I'm doing wrong:

gg.setRanges(gg.REGION_ANONYMOUS | gg.REGION_C_BSS | gg.REGION_C_ALLOC)
gg.searchNumber("17A;1,075,642,368A;1,900,544A;1,310,728A;589,828A;1,703,957A;1,703,969A;1,376,289A;1,920A;469,762,048A::185", gg.TYPE_DWORD)
gg.refineNumber("1,900,544", gg.TYPE_DWORD)
print("Group search: ", gg.getResultsCount())
local grp = gg.getResults(gg.getResultsCount())
for i, v in ipairs(grp) do
  v.address = v.address - 0xC
  v.flags = gg.TYPE_DWORD
  end
gg.loadResults(grp)
gg.searchPointer(0)
print("First Pointer search: ", gg.getResultsCount())

 

[Can a group search be done for encrypted value or any other way to speed up the process?]

53 minutes ago, nok1a said:

Indeed, just make sure that your using hex and not decimal. 12 bytes = 0xC

Okay. I apologize if I am being a pain but I'm still trying to grasp this thing and pull all the pieces together to make sense of it. Now when I run your script and get the health value, shouldn't I theoretically be able to go to the nearest pointer, which is 4 bytes above your health value and click "go to pointer" and find that block that you used for your group search? I mean since they are static they should appear on my device too just like they did on your 2 devices, right? Well I went up and down the list and I didn't find that block of numbers.   

But regardless, going off of your health value, I found the same distance pointer (nearest one that has the same static block of numbers on 2 devices) and I got the group search and it works fine, then I refine this number: 1,900,544 and get 55 results. This is all fine. But when I run the script (used yours as a template for my values) I find no pointers.

If you're curious why I am refining to this number (1,900,544) please check the attached video

 

Here's he script (based it on yours but with my numbers):

gg.setRanges(gg.REGION_ANONYMOUS | gg.REGION_C_BSS | gg.REGION_C_ALLOC)
gg.searchNumber("17A;1,075,642,368A;1,900,544A;1,310,728A;589,828A;1,703,957A;1,703,969A;1,376,289A;1,920A;469,762,048A::185", gg.TYPE_DWORD)
gg.refineNumber("1,900,544", gg.TYPE_DWORD)
print("Group search: ", gg.getResultsCount())
local grp = gg.getResults(1)
gg.loadResults({{address = grp[1].address - 0xc, flags = gg.TYPE_DWORD}})
gg.searchPointer(0)
print("First Pointer search: ", gg.getResultsCount())
gg.searchPointer(0)
print("Second Pointer search: ", gg.getResultsCount())
local t = gg.getResults(gg.getResultsCount())
local sensitivity = {}
for i, v in ipairs(t) do
  sensitivity[i] = {address = v.address + 0xc, flags = gg.TYPE_FLOAT}
end
sensitivity = gg.getValues(sensitivity)
local healthPointer = {}
for i = 1, #sensitivity do
  if sensitivity[i].value == "1.0" then
    healthPointer[i] = {address = t[i].address, flags = gg.TYPE_DWORD}
  end
end
gg.loadResults(healthPointer)
print("Results healthPointer: ", gg.getResultsCount())
gg.searchPointer(0)
print("Third Pointer search: ", gg.getResultsCount())
local res = gg.getResults(1)
local health = {[1] = {address = res[1].address - 0xc, flags = gg.TYPE_FLOAT, name = "Health"}}
gg.addListItems(health)
gg.loadResults(health)
 

 

Any ideas?

 

EDIT:

I first accidentally pasted the script with 0x12 for the 12 bytes, but I definitely tried it with 0xc (hex) and it still gave me no pointers

[Can a group search be done for encrypted value or any other way to speed up the process?]

9 hours ago, nok1a said:

Thanks for the vote but that's more about status. Account status not that relevant but perhaps it can work as a backbone regarding the reliability of the information provided and as well the individual his contribution in the forum. Positive votes always better then negative ones to.

Aside from that most important to me is that the information shared is done good enough in a way that the person communicating to understands it. And of course to use the knowledge obtained for himself and improve so the person becomes a even better person.

Sorry I have another question.  When you added 4 bytes, then subtracted 4 bytes then added 4 bytes again, is all of this because the health value was 4 bytes below the closest/final pointer?  So if my health value is 12 bytes above the closest/final pointer then essentially I should reverse what you did? So in other words I should subtract 12 bytes then add 12 bytes then subtract 12 bytes?  When I did this it didn't work.

[Can a group search be done for encrypted value or any other way to speed up the process?]

2 minutes ago, nok1a said:

LDPlayer

Make sure you deleted any installed dead trigger 2 versions from the emulator using the uninstall option in the play store.

Sign in to the play store with your google account. Then create new folder in 0/android/obb/

name folder: com.madfingergames.deadtrigger2 and then store the .obb file (main.15020074.com.madfingergames.deadtrigger2.obb) from the modded apk in it.

Should resolve the issue.

I'll do that. Much obliged 

[Can a group search be done for encrypted value or any other way to speed up the process?]

4 minutes ago, nok1a said:

But i also think that regarding voting it's more efficient to use it as accordingly as possible. Like for example i don't think you have to upvote every comment because you received a solution or want to show gratitude (of course it's appreciated), personally i believe only the solution should be upvoted or liked or answers that answer questions. Multiple answers can answer multiple questions so each of it should receive a vote if all those answers are well detailed enough in a way that the other person understands. (personal opinion)

Yeah that makes sense

[Can a group search be done for encrypted value or any other way to speed up the process?]

2 minutes ago, nok1a said:

Thanks for the vote but that's more about status. Account status not that relevant but perhaps it can work as a backbone regarding the reliability of the information provided and as well the individual his contribution in the forum. Positive votes always better then negative ones to.

Aside from that most important to me is that the information shared is done good enough in a way that the person communicating to understands it. And of course to use the knowledge obtained for himself and improve so the person becomes a even better person.

Understood my friend.  One question regarding the emulator, what emulator are you using?  Is i Bluestacks? I am using 2 phones but I'd like to try an android emulator on PC. When I installed the modded apk using Bluestacks and tried to launch it, i got a message saying "Download failed because the user is not signed in".  I figured maybe Bluestacks doesn't support modded apks? How did you get it installed on the emulator?

[Can a group search be done for encrypted value or any other way to speed up the process?]

10 hours ago, nok1a said:

It finds all pointers pointing to your address. To use it you need to load the address(es) you want to perform the pointer search on in the result list.

gg.loadResults({{address = grp[1].address + 0x4, flags = gg.TYPE_DWORD}})

Adds 4 bytes to the address, 0x9865E5B0 + 0x4 = 0x9865E5B4 and then loads it in the result list in data type dword.

gg.searchPointer(0)

Does the pointer search in the given ranges. Basically it's like doing: gg.searchNumber(9865E5B4h, gg.TYPE_DWORD)

You get a few results.

I dunno how gameguardian does it behind the hood but now i use gg.searchPointer(0) again because i want to perform pointer search on each of those addresses...that's why a second time.

I have now more results because there are a lot of pointers pointing to those few addresses from previous screenshot. Now i need to filter them out because the health value was one more pointer search away, and the address to pointer search is in this result list. One of those addresses had 4 bytes above it a value 1.0F. That's the same value i asked you to search using 256F;1.0F::16. Sadly it returned no results for you. But the 1.0F value is located 4 bytes above one of those addresses in the result list. So i used that for filter out all these values and to get only 1 address left.

local t = gg.getResults(gg.getResultsCount())
local sensitivity = {}
for i, v in ipairs(t) do
  sensitivity[i] = {address = v.address - 0x4, flags = gg.TYPE_FLOAT}
end
sensitivity = gg.getValues(sensitivity)

subtracted 0x4 from all the addresses in the result list and stored it in a new table(sensitivity) with data type float.

local healthPointer = {}
for i = 1, #sensitivity do
  if sensitivity[i].value == 1.0 then
    healthPointer[i] = {address = t[i].address, flags = gg.TYPE_DWORD}
  end
end

Checked which address of the table sensitivity contained the value 1.0F using iteration and if it found it should store the address that is 4 bytes under it in the table healthPointer and then load it in the result list using:

gg.loadResults(healthPointer)

It found a match and loaded the address in result list:

Script performs pointer search again.

local res = gg.getResults(1)
local health = {[1] = {address = res[1].address + 0x4, flags = gg.TYPE_FLOAT, name = "Health"}}

Will get 1 result, the health value is 4 bytes under that address...so i add 4 bytes to the address and store in the table health and gave it a name.

gg.addListItems(health)
gg.loadResults(health)

Add the table health in the saved list.

And loads it as well in the result list.

Adviced to check out the Lua scripting documentation.

Aside from upvoting and hearting your answers and marking the answer containing the script as "best answer", is there anything else I can do to express my sincere gratitude?

[Can a group search be done for encrypted value or any other way to speed up the process?]

7 minutes ago, nok1a said:

It finds all pointers pointing to your address. To use it you need to load the address(es) you want to perform the pointer search on in the result list.

gg.loadResults({{address = grp[1].address + 0x4, flags = gg.TYPE_DWORD}})

Adds 4 bytes to the address, 0x9865E5B0 + 0x4 = 0x9865E5B4 and then loads it in the result list in data type dword.

gg.searchPointer(0)

Does the pointer search in the given ranges. Basically it's like doing: gg.searchNumber(9865E5B4h, gg.TYPE_DWORD)

You get a few results.

I dunno how gameguardian does it behind the hood but now i use gg.searchPointer(0) again because i want to perform pointer search on each of those addresses...that's why a second time.

I have now more results because there are a lot of pointers pointing to those few addresses from previous screenshot. Now i need to filter them out because the health value was one more pointer search away, and the address to pointer search is in this result list. One of those addresses had 4 bytes above it a value 1.0F. That's the same value i asked you to search using 256F;1.0F::16. Sadly it returned no results for you. But the 1.0F value is located 4 bytes under one of those addresses in the result list. So i used that for filter out all these values and to get only 1 address left.

local t = gg.getResults(gg.getResultsCount())
local sensitivity = {}
for i, v in ipairs(t) do
  sensitivity[i] = {address = v.address - 0x4, flags = gg.TYPE_FLOAT}
end
sensitivity = gg.getValues(sensitivity)

subtracted 0x4 from all the addresses in the result list and stored it in a new table(sensitivity) with data type float.

local healthPointer = {}
for i = 1, #sensitivity do
  if sensitivity[i].value == "1.0" then
    healthPointer[i] = {address = t[i].address, flags = gg.TYPE_DWORD}
  end
end

Checked which address of the table sensitivity contained the value 1.0F using iteration and if it found it should store the address that is 4 bytes under it in the table healthPointer and then load it in the result list using:

gg.loadResults(healthPointer)

It found a match and loaded the address in result list:

Script performs pointer search again.

local res = gg.getResults(1)
local health = {[1] = {address = res[1].address + 0x4, flags = gg.TYPE_FLOAT, name = "Health"}}

Will get 1 result, the health value is 4 bytes under that address...so i add 4 bytes to the address and store in the table health and gave it a name.

gg.addListItems(health)
gg.loadResults(health)

Add the table health in the saved list.

And loads it as well in the result list.

Adviced to check out the Lua scripting documentation.

Wow that's incredible. It's sure going to take a lot of time for me to digest all of this lol.  Thanks again for all the explanations and screenshots. I truly appreciate your time.

[Can a group search be done for encrypted value or any other way to speed up the process?]

1 hour ago, Sami1982 said:

I got it first try!  Got a group search that gives me 5 pointer results every time and one of them always works.  But I'm a bit hazy on the "gg.searchPointer(0)" part.  What exactly do I need to do? I am looking at your script and you executed 3 pointer searches. But where does the script show what it's doing to grab that single health value?  Like what is the syntax or command that is performing this function? Is it this?

address = v.address - 0x4, flags = gg.TYPE_FLOAT

 

 

Got excited too soon Lol.  I did it wrong.  Still trying to get the hang of it. By the way, why did you refine "0" in your group search?  If it had any value or purpose shouldn't I be able to "go to pointer" or "pointer search" it? I get nowhere with it.

[Can a group search be done for encrypted value or any other way to speed up the process?]

2 hours ago, nok1a said:

Got it.

Glad to hear. Thank you to for continuing with it instead of dropping out halfway. Finding group searches for other members through communication of a forum takes time. Requires a bit of Forward and Back communication. People can get demotivated. You pulled through.

Group search was possible to find using my emulator and phone. When searching group search for other person or for your self you need to at least have the game on 2 different devices or virtuals to have some confirmation that your group search is possibly a static one.

As far i know in gameguardian a pointer is a value that points to an address in the virtual memory of the process. I don't want to tell you wrong info so i keep it with this link: https://en.wikipedia.org/wiki/Pointer_(computer_programming)#:~:text=Pointers are used to store,which objects are dynamically allocated.

GameGuardian highlights possible pointers with a colour: https://gameguardian.net/help/help.html#help_hex_colors

Pointers are more clear in 64bit games. On 32bit games to many values are highlighted but they aren't all pointers...after some practise you can quickly filter out the none pointers from actual pointers.

The pointer represents some object. 

If you can't find a group search around the value of interest you can follow the pointers which usually will lead to some static values. In lot's of cases the game needs to uses pointer references from an object in order to update for example your health value when you take damage.

In GG i used the nearest pointer that had the same distance from the health value on both devices. And kept using "go to pointer" till i saw a block of values that is the same on both devices so i could use it to make a group search. Then what you have to do in the script is use "gg.searchPointer(0)" and this will do the opposite. Instead of going to pointer you will be get all addresses that have a pointer that points to your address.

I advice you to check some scripts that uses pointer search and combine it with your manual knowledge on how to use the GG pointer feature.

Use the print() feature in the script to slowly debug the script. And use --[[ ]] to ignore code so that you can see line by line what happens.

I got it first try!  Got a group search that gives me 5 pointer results every time and one of them always works.  But I'm a bit hazy on the "gg.searchPointer(0)" part.  What exactly do I need to do? I am looking at your script and you executed 3 pointer searches. But where does the script show what it's doing to grab that single health value?  Like what is the syntax or command that is performing this function? Is it this?

address = v.address - 0x4, flags = gg.TYPE_FLOAT

 

 

[Can a group search be done for encrypted value or any other way to speed up the process?]

1 hour ago, nok1a said:

Got it.

Glad to hear. Thank you to for continuing with it instead of dropping out halfway. Finding group searches for other members through communication of a forum takes time. Requires a bit of Forward and Back communication. People can get demotivated. You pulled through.

Group search was possible to find using my emulator and phone. When searching group search for other person or for your self you need to at least have the game on 2 different devices or virtuals to have some confirmation that your group search is possibly a static one.

As far i know in gameguardian a pointer is a value that points to an address in the virtual memory of the process. I don't want to tell you wrong info so i keep it with this link: https://en.wikipedia.org/wiki/Pointer_(computer_programming)#:~:text=Pointers are used to store,which objects are dynamically allocated.

GameGuardian highlights possible pointers with a colour: https://gameguardian.net/help/help.html#help_hex_colors

Pointers are more clear in 64bit games. On 32bit games to many values are highlighted but they aren't all pointers...after some practise you can quickly filter out the none pointers from actual pointers.

The pointer represents some object. 

If you can't find a group search around the value of interest you can follow the pointers which usually will lead to some static values. In lot's of cases the game needs to uses pointer references from an object in order to update for example your health value when you take damage.

In GG i used the nearest pointer that had the same distance from the health value on both devices. And kept using "go to pointer" till i saw a block of values that is the same on both devices so i could use it to make a group search. Then what you have to do in the script is use "gg.searchPointer(0)" and this will do the opposite. Instead of going to pointer you will be get all addresses that have a pointer that points to your address.

I advice you to check some scripts that uses pointer search and combine it with your manual knowledge on how to use the GG pointer feature.

Use the print() feature in the script to slowly debug the script. And use --[[ ]] to ignore code so that you can see line by line what happens.

Thanks again for all your help and precious efforts. This information is extremely valuable. I will try my best to apply this knowledge.  You are awesome dude

[Can a group search be done for encrypted value or any other way to speed up the process?]

58 minutes ago, nok1a said:

Could be wrong but it says that there is a character that isn't supposed to be there at line 1. I think you pasted the code in a file and typed some character in it by accident which then caused the error. Please recheck the script. Delete all and past again. If still same error it's odd. Should not be scripts mistake. Perhaps a character got added while copy pasting it. Upload script here if still not work.

You can download this one, it's the same script.

pointerTest.lua 1.2 kB · 0 downloads

You are a genius man. It worked!  But the sad part is that I have no idea how you did it and I would've loved to be able to learn how to do it myself. Looking at your script nothing makes sense to me as to how you came up with that group search or even how the pointer search is working

 

FYI I've reached my maximum posts for today. So if you reply to me and I can't reply until tomorrow you know why lol