Jump to content


  • Content Count

  • Donations

  • Joined

  • Last visited

  • Days Won


Posts posted by Enyby

  1. Knowledge of offsets alone is often not enough.
    Or you should know them all completely, in a chain. And from the address, which is more or less static. For example, from a pointer in .bss or .data.
    Most often, you do not have such data.
    However, if you have them, you can write a simple enough script to always get the desired value by following the pointers.

    The problem is that offsets can change when recompiling, so you have to refine them with each new update of the game libraries.

    And the rest, yes, it can be done.

  2. You can try to do something in a test form on the scripts.
    If you get something worthwhile that can be applied to many games, we can consider the possibility of implementing outside of scripts as an embedded feature.
    While this is not, nothing to talk about. Provide a workable concept so that you can talk about something.
    So far, everything looks like an unviable idea, which is not worth wasting time.
    There are many other tasks that are real and more useful.

    Scripts provide you with the ability to store intermediate search data in tables, not limited to one saved list. It may be convenient for your task.

    You can write a simple test application with pointers and try to make a script for it. Well, or find a simple game that is guaranteed to fit your criteria. Although it can be difficult.

    And then try to write a search for the desired pointer using scripts.

  3. From pdf:


    At    first,    search    for    pointer    2    level,    if    not    find,    then    pointer    3    level.
    Each    next    level    is    searched    in    10    times    slower    than    previous    level.
    If     you     have     1     minute     for     pointer     2     level,     then     time     for     3     level     will     be     10
    minutes,    for    4    level    will    be    100    minutes.

    Even on PC it is very slow. Even with powerful CPU.

    A typical PC processor does not care about power consumption and dissipates 50-100 watts. A typical Android device processor is not able to dissipate even 1 watt for a long time without risking to melt the device or burn the battery.
    The fact that the PC is looking for 10 minutes, on Android you will search for hours.
    Another problem is the amount of memory.
    The amounts of memory for processing are approximately the same, but you will not have free space to process them, since the entire memory has most often been taken by the game. And it also consumes CPU, resources, which are already lacking.
    Add here another RISC architecture, where memory access is quite expensive, and caches are not very large and you will get even more slowdown.
    When the memory for GG runs out, it has to use a memory card to store data. The speed of which is extremely small.

    Summarizing all of the above, I can say that there can be no common and simple tool.
    What will be, will be slow, work only in some particular case. And all this will be so complicated that only a few will be able to use it, if anyone can at all.


  4. It all depends on how it works. How deep is the chain of pointers.
    Most often, there is not one level. If you look at the picture, this will be the case with Gold3.
    Suppose the World Object has not been moved, and pointerPlayer has remained the same.
    But you do not know offset6 and offset7.
    Most often you cannot reduce the number of results until the pointers are unchanged. Therefore, you have hundreds of thousands of values and find the right problematic.

    How will you search for the desired pointer chain after level overload?

    Even if you have 1 level of pointers, this is already a problem.

    And this is all seen in the context of static pointers.

    If you have a garbage collector, for example, a game in C# (Unity), then all this does not work. Pointers can be moved at any time during garbage collection.
    And you cannot know whether it happened or not.

    We continue. If arrays with offsets are used somewhere, then pointers can change their offset. So it is make more complicated.

  5. Look at this post and the picture to it:

    Using Offsets (#5nf243is)

    I also advise you to read the whole topic there. Just discussed your question.


    Usually, the depth of the pointers does not allow to restore the path to the value, especially because offsets are unknown and can be quite large.
    This is for the case of restarting.

    If the games have allocated a pointer to the stack (a rare case, but possible), then you generally will not have any chance to find something, because the starting address will not be tied to the library memory space.

    [added 2 minutes later]

    Here is another discussion you should read:

    Finding real offsets of IDA (#8cdn5dao)


  6. ArtMoney was written for Windows when there was no ASLR. Android was originally created, taking into account the ASLR. Therefore, many methods ArtMoney inapplicable. I think that now, on the latest versions of Windows, they also do not work if ASLR and DEP are enabled. And they are included for all processes, except for exceptions running in compatibility mode.

    Plus it's Windows and Linux. They have different concepts of work. Therefore, not everything that works on Windows can be transferred to Linux.

  7. If you all know and understand so - describe in detail and step by step what should be the algorithm for finding pointers with an indefinite offset.  And what is the refine algorithm, after that.  At least to the depth of one pointer.

     Even for a very good and convenient number, you will have at least 1000 results in the first search.  For uncomfortable and small numbers you will have hundreds of thousands of results.

     You offer to spend hundreds of thousands of searches, for the reverse of the pointer?

     And do not forget that the search is not instant.  If you are looking for something for a long time, the pointers may already change.  Even if the process can be paused, there are time limits after which the network connections are closed, the system will detect that the application is not responding and can close it without asking.

  8. You do not feel the difference between embedded devices and a PC. Between their capacities and capabilities. What is possible on a PC is not always possible on embedded devices.

  9. Manually it open each pointer context menu - go to pointer - watch value in memory editor - remember it.

    Repeat 65 times.


    You can not do this in simple way without script.

    [added 1 minute later]

    Scripts are not just automation of actions through the interface. On the basis of scripts, you can do something that can not be done through the interface. And your task, just from such.

  10. Your root is not work. Daemon not started from root. Return nothing. "exec id" passed to root shell return nothing.

    look like you not have root, but have all stuff for it, except really root. Or this stuff not work as must.

    In any case you must solve all problem with root, before start try use GG with it.

    For example root checker must pass root check. In terminal you can print

    ls /data/data

    And get more then nothing.

    [added 1 minute later]

    Maybe it is help - you get odd messages:

    05-23 05:14:12.201 11605 11605 E propClient: PropClient failed to load

    if you try start any process from root.

  • Create New...