Search the Community

How do i extend it so that i can give you an example script? By the time i done that i probably get a ban. You have a group search i can try? If you share how to extend ban i can make script and provide no recoil as example. It may work.

for obtaining unobtainable items, i suggest not, cuz its basically red flag for devs. tho you can do the item swap on obtainable items. and also you should try to modify an output of crafting, for resources, some is on crafting table while some is on disassemble tab, both can be modified, dont think its dangerous to be modify. let's use an example for hard to get resources. Steel you can craft steel on crafting menu/table, the recipe will be 5 Iron 1 Aluminum 20 Lead 5 coal and output 1 steel you can search this 5;1;20;5:200 the 200 is group size, it might differs from each devices, but it seems it's works on most ppl. Search type will be Double you might found only 4 address, but for sake of example, i'll use what i find i got 100+, so now filter it by the biggest number from the search group, which is 20 (20 coal) and editAll with increment of 1 (when you open Edit all, there's a button called More or whatever in your language, open it and there's a new prompt with increment, put 1 on it) now refresh the recipe tab, reopen it. now you should see coal requirement changed. find the address and save it, after you save it, revert all and delete (so game doesnt crash) now you open the saved address tab (in gg), open the address and then click goto now in these tab(memory tab) you'll see bunch of address, ignore it for now, and focus to top left corner of GG you'll find a pause button and a word (No Filter or something in your language), click the no filter, in it put .0$ after that the memory tab will updated, now go back to saved list and click the address again, then click goto. now we back to memory tab that filter any address that ends with 0, if you done correctly the highlighted address will have value of 20 in double (if you have double in your memory view setting, top right click the letter thingy beside refresh button, it'll open a tab of which value will be shown, enable Double or E+. [my setting will be, h,S,D,F,E]) select the highlighted address, then difference up/down about 3-5 address till you find other value for other requirement. in my case it'll be 5.0E; <== This will be the Iron (up by 4 address from aluminum) random (ignore) random (ignore) random (ignore) 0.0E; (ignore) 1.0E; <== This will be the Aluminum (up by 3 address from Lead) random (ignore) random (ignore) 0.0E; (ignore) 20.0E; <== This will be the Lead (HIGHLIGHTED ADDRESS) random (ignore) random (ignore) 0.0E; (ignore) 5.0E; <== This will be the Coal (down by 3 address from Lead) random (ignore) random (ignore) 0.0E; (ignore) 1.0E; <== This will be the Steel Output (down by 3 address from Coal) select all of these address that we need (you'll get 5 address), and then you can change the requirement to be 1 (minimum is 1, if negative or 0 it doesnt craft) and you can change the output to like 20k or something. Note: the more the crafting recipe needs, the more addresses you needs, for example, a car with 10 crafting resources needed, you'll find 10 requirement and 1 output, resulting 11. lmk if you had more question

It's for readability. In the game first offset contains no data(strings), i refer by it as sequence 0. Offset is 0 and size is 0 as well. Data only starts at the second offset. Which is actually sequence 1. From there at index 0 i want the sequence 0 which contains no data, then at index 1 i want sequence 1 which contains data. As you can see here, the empty string i not want at index 1. When at index 0 it will be more suitable for me when working with the game data. But i don't try to make it a habit. It's just this type of cases.

I could not find a way to do group search, i also would have difficulty explaining how to find it manually. So i had to make a script for it :/, would not have done if i easily could access the values. Then would have explained. Script will load the values. But the script is open source but i do advice to see some other scripts on the forum to learn from it so that you can write your own script. How to use: com.zynga.FarmVille2CountryEscape.lua

I don't think scripting by group search is gone work. All values nearby are dependable on whats in your inventory. Problem also is that more pointers can be added depending on what you have unlocked.

ok so the keys and coins remain after restarting the game and I did buy something off camera that was more but it cant go below zero in the video I think I edited the wrong keys usually when I do it and it works them there is only 3 values not like 6 so I am only to try with a group search like i do quite a bit, I cant upload a video tho as I have reached my vimeo limit I don't know if this matters but the game can be played completely offline Edit: I am fresh installed farmville and trying a search with the keys and coins

Thanks and as requested here is the video (I set the keys too high so after I stopped the video they disappeared but normally they will stay) I will also sometimes use ; and put in the coins to speed it up (I think thats a group search) Video was too big so here is the link to the Vimeo: https://vimeo.com/812838033 I also just tried to do a pointer search with a offset of 0 couldn’t find anything but I might be doing that wrong

that sounds like it might work but when I search and change values I have to change 3 values to get keys can that still work? Also how could a group search help? The game doesn’t have much security if that matters

The pointers i refer to are pointers that point to some block of data. If the keys you have are in Ca/A in lots of cases that block of data gets referenced by a executable through pointers. By following the pointers you can make a script with offsets and pointer searches. But you can also make a group search. Group searches are more reliable then saving addresses. But pointers i find more reliable then group searches. Because pointer must point to that block of data regardless if the values in that block of data got changed by developers.

Oke, based on your information you know how to find damage hack but it only stays on one character? I guess the first enemy at the right? We can try to prevent from the two other enemy characters to appear. The game spawns character based on their indexes. Mapped down the pointer structure for how or enemies spawn. Then finding pointers that were in the same chunk following that same structure. I will put down also how i found the damage hack which will work for you as well. It turned out that the character jumped to lv70 after clearing the first chapter. At that time stats changed totally for that your group search not work. Please keep note. That when you use damage hack to a enemy that has counter buffs against it you will feel those effects of the counter buffs, regardless what those buffs are. But should be easier to deal with if you only have one enemy per wave. Step 1: Damage/Health hack: HP, INT BRV, INT ATK, ATK Regions: Nox emulator 6.1.1 = Region Cb: C++ .bss Bluestack emulator = Region A: Anonymous Other devices = Region A: Anonymous Open profile of desired character: As in the screenshot, Lv;Blue thing;CS(does not matter what value is there, just put 40)::45 and press orderd. Refine your lv value Make sure all values are selected, Press edit button and then Increment by 1 Switch to a different character and then go back to previous one so that your level is updated. Then input your new level in the GG searchbar and press refine. You should only have one result left, that's your characters level. Long press it, Offset calculator. And put 1C, make sure Hex is enabled. Then goto. Select the 4 addresses. And edit them how you like, don't forget to freeze them and use data type DWORD. First address = HP Second address = INT BRV Third address = MAX BRV, Fourth address = ATK Your stats should be updated after switching back and forward from character. This is a bit of alternative method to your damage hack but i guess both are aright to use. Step 2: Only get one enemy per wave It's quite some steps to do manual so i just made a script for it. com.square_enix.android_googleplay.DFFOperaOmnian.lua Activate the first time when your in a match. When activated go to the saved list, it should look like this: On how to use it is quite simple. When you only want one enemy in a wave you freeze all the values to zero except for the once with the name "First enemy" If you want to have two enemies in a wave you only freeze the one with the name "Third enemy" to zero. All the rest you unfreeze. If you want all your enemies just unfreeze every value and wait till the new wave appears.

View File Magic Tiles 3 Package: Playstore https://play.google.com/store/apps/details?id=com.youmusic.magictiles Armv8a / 64 bit only Features; 1. Premium Subscribe 2. High Score 3. Shield 65000 My telegram: @kabuthitm Group telegram: t.me/+wYuS_O-YxI41ODVl My facebook: Kabut Hitamm Submitter KabutHitam Submitted 03/07/2023 Category LUA scripts  

View File Tiles Hop: EDM Rush! Package: Playstore https://play.google.com/store/apps/details?id=com.amanotes.beathopper Arm v8 / 64 bit only Features; 1. Premium Subscribe 2. High Score & Stars 3. Free Buy Songs 4. Free Revive My telegram: @kabuthitm Group telegram: t.me/+wYuS_O-YxI41ODVl My facebook: Kabut Hitamm Submitter KabutHitam Submitted 03/07/2023 Category LUA scripts  

Your terminology is correct, just use what you think is good or just try it. - In general this shouldn't be a problem. Usually the game just doing a simple check by comparing current_HP with max_Health or some values limitation that will cause crash, restarting match or bans. Overwriting 1 Instruction with multiple is allowed but this could lead into a problem if your game also check for Function Sizes or Memory Pages. - Now, you can also allocate Memory for your modified function and make the game access that. This gives you more advantage to revert the values to original or to avoid #1 detection. This also comes with some caveat: the game can also detect this if the accessed codes not in the same Memory Range the games allocated. - If you're planning to overwrite the Instruction directly on the Lib Files, then it would surely make the game crash since the hash size doesn't match. Nowadays, games uses MD5 hashing to prevent this. To be honest, it doesn't really matter. If the game has some kind of protection, then we should just 'Disable' it instead of tirelessly hiding cheats. I assume you're only want Increased Health and not Godmode?

Hi, (having account auth sign-in problems, so messaging for now through other account, the administrator have been informed. Not sure how the issue will be fixed) Can't help you with explaining about how encryption works but dumped the game for 64 bit, so the method i explain is for 64 bit. Have no idea if this works on other games. The actual metadata was located in other memory region then where the metadata path name was shown. Don't let it mislead you. Did like the following. Search metadata.dat magic bytes. Forgot how to accurately look for the correct metadata.dat size, so i did pointer search on the first(start) address, the offset +0x08 in data type Dword. One of the values is the metadata offset you can use for dump with GG. Don't use the values that are shown negative because metadata doesn't get that large(or have not seen yet) So the two that make most sense for try are the postivevalues with offset 0x0091C000 and 0x00A00000 Use offset calculation on start address and save the address you jump to. If you go a few address up, you can see already the end of the metadata.dat. So your offset 0x0091C000 was correct. copy start address and address you jumped to, then dump it. Also dump the libil2cpp.so file. Then use Il2CppDumperGUI.1.8.0 to get dump.cs. For input dump address you use start of libil2cpp.so address.

Very well so far everything is working, but since I am not good at writing scripts, I would also like to know if it is possible when running the hack to change the value found to 0 from the saved list, then apply the code I attached, edit the float to 1000, and then delete only the dword? If it is possible, I would like the hack button to change the float to 0, then execute the attached code, then need to edit the float to 1000 and then need to delete all dword values after that. Float does not need to be frozen. If this isn't possible I want to implement it another way, I need to keep the float because I'm looking for it with a long group search, but when it is found once at the beginning of the script I can copy its address to game guardian memory and search instantly by changing the memory range to the one I copied. And I also want to have 3 identical hack buttons. local function setAddr(addr, flags, value, freeze) local t = {} t[1] = {} t[1].address = addr t[1].flags = flags t[1].value = value t[1].freeze = freeze gg.addListItems(t) end gg.searchNumber("1111111111", gg.TYPE_DWORD, false, gg.SIGN_EQUAL, 0, -1, 0) local r = gg.getResults(3) if #r == 0 then gg.alert("No results found") return end for _, v in ipairs(r) do local addr = v.address - 100 setAddr(addr, 4, "2499", true) end for _, v in ipairs(r) do local addr = v.address - 104 setAddr(addr, 4, "0", true) end Any answer will do.

I need a script that, when started, will find 3 Help me make a template for the script. I need a script that, when started, will find 3 float values by group search, then save the very first one and clear the search, then open a menu with hack functions. The menu should close when you click on an empty space or button, but open when you click on the GG icon without stopping (without restarting) the script.

View File Westland Survival RPG Westland Survival RPG [ Risk To Ban, Don't Too Much Use Script ] Package: Playstore 64 bit only / Armv8a Game Version: 4.6.1 Feature; 1. God Mode ( New Methods ) 2. High Damage 3. Magic Stacks 20 4. Automatic Tasker Complete 5. Max Durability 6. Free Instant Craft / Building 7. Free Upgrade 8. Finalize no parts 9. Free Energy & Ride Travel 10. Can Take Daily Rewards *Not All can complete with automatic tasker *be careful to use this script, you can got ban my telegram: @kabuthitm group telegram: https://t.me/+wYuS_O-YxI41ODVl my facebook: Kabut Hitamm Submitter KabutHitam Submitted 02/07/2023 Category LUA scripts  

Should you search for gold in a group search? I tried searching specifically for JackPot, but it gives me too many values.

Quick Notes: Low Registers (R0 to R7): Accessible by all instructions using general-purpose registers. High Registers (R8 to R12): Accessible by 32-bit instructions specifying a general-purpose register, not all 16-bit instructions. Stack Pointer (R13): Used as the Stack Pointer (SP). Autoaligned to a word, four-byte boundary, ignoring writes to bits [1:0]. Link Register (R14): Subroutine Link Register (LR). Receives return address from PC during Branch and Link (BL) or Branch and Link with Exchange (BLX). Also used for exception return. Treat as a general-purpose register. Program Counter (R15): PC. FPU (Floating Point Unit): Supports single-precision operations - add, subtract, multiply, divide, multiply and accumulate, and square root. Also handles conversions between fixed-point and floating-point formats, and floating-point constant instructions. FPU Registers: Sixteen 64-bit doubleword registers: D0-D15. Thirty-two 32-bit single-word registers: S0-S31. ->Source <- --------------------------------------------------------------------------------------------------------------------------------- In Arm Patching we are using only Low Registers and the FPU. True and false Editing. ~A MOV R0, #1 MOV means Move , by this instruction we are telling the proccessor to move the value 1 to register R0 similar when you assign a variable name : R0 = 1 in most programing languages the true statment always = 1 and the false statment = 0 so #1 = true and #0 = false ~A BX LR BX Means branch exit LR or in another way return the value we stored to the caller. Int Editing : we can use MOV R0, # aswell for the int value but you need to know the integral data types. • byte : Signed: From −128 to 127 ­ ­ ­ ­ ­ ­ ­ ­ ­: Unsigned: From 0 to 255 we can use MOV here if the int value we want is between -128 and 255 so the instruction will be : ~A MOV R0, #-128 or #255 at max • short : Signed: From −32,768 to 32,767 : Unsigned: From 0 to 65,535 in this case we use MOVW the W stands for Word so same as above the instruction will be : ~A MOVW R0, #−32,768 or #65,535 at max NOTE : • Don't forget to return (~A BX LR) • We can Use MVN which mean Move Negative so the Max Negative Value will be #255 for Byte and MVNW for Short #65,535 (Don't add "-" since we already telling the proccessor we are dealing with negative number) • #value will be converted automatically to hex value in the Register means #8 will be 0x00000008 and so on • Int 32 : Signed: From −2,147,483,648 to 2,147,483,647 : Unsigned: From 0 to 4,294,967,295 the typical DWORD in GG : here we move to the advanced Part of this guide: as I said in the Note above the values are converted in the register automatically to hex so the max value in short in hex will be 0x0000FFFF so we have 4 zero's we can't change in the int 32, in this case we use one more instructon MOVT T stands for Top example : MOVW R0, #22136 -> R0 will be : 0X00005678 MOVT R0 , #4660 -> R0 will be : 0x12345678 So in case of INT32 we need 2 things • Convert the value we want to change to hex value • 3 instruction in total the Same concept here work for QWORD aswell (64 bit) 0x0000000000000001 Note : MVN R0, #2 will change to 0xFFFFFFF2 in hex MOV R0, #2 or MOV R0, #0x2 are the same Float and Double: • Float and Double are IEEE 754 Floating-Point: We need the FPU here and things will get a little bit complicated, • we need 2 or 3 registers in this case R0 , R1 and S0(for float) or D0(for double) Suppose the hex value of this float 12.6 is : 0x4149999A same as the int 32 : ~A MOVW R0, #0x999A (R0 = 0x0000999A) ~A MOVT R0, #0x4149 (R0 now = 0x4149999A) now R0 is set but if we return the value (~A BX LR) the result will be : 1095342490 and we don't want that value we want 12.6 as float (This Doesn't Work Because we didn't tell the proccessor that is a float number) the right way is to use FPU VMOV S15, R0 ( VMOV is the instruction MOV in the FPU : by that instruction we mean move the register value of R0 to the FPU register R15 ) VMOV.F32 S0, S15 (here we are telling the FPU we are dealing with Float number (F32) and move the value from S15 to S0 ) for double we use the same concept except we use F64 instead and register D16 and D0 Float : so the final code will be : ~A MOVW R0, #0x999A (R0 = 0x0000999A) ~A MOVT R0, #0x4149 (R0 = 0x4149999A) ~A VMOV S15, R0 ~A VMOV.F32 S0, S15 ~A BX LR ----------------- Double : For double the hex value of 12.6 is : 0x4029333333333333 (Same Concept for Big Float Number) • Here we use R0, R1 , D0 and D16 • divide the hex value 0x4029333333333333 into 2 part 0x40293333 and 0x33333333 one goes for R0 and the other one goes for R1 Be carful of the placement of the hex value we start from the last 4 to the 1st 4 means we start with 0x3333 -> 0x4029 Use same concept of MOVW and MOVT to get the result. Result: ~A MOVW R0, #0x3333 (R0 = 0x00003333) ~A MOVT R0, #0x3333 (R0 = 0x33333333) ~A MOVW R1, # 0x3333 (R1 = 0x00003333) ~A MOVT R1, #0x4029 (R1 = 0x40293333) ~A VMOV D16, R0, R1 (Move value Of R0 and R1 to register D16 Be Careful here R0 last 8 hex 1st then R1 the top 8 hex) ~A VMOV.F64 D0, D16 (here we use F64 and D0 , and D16 instead of F32 , S0 and S15 because the hex value is 64 bit) ~A BX LR ------ This is How you arm patch bool / int / float / double NOTE : When it comes to function args and returns the only register that give return or args are R0,R1,R2,R3 (and SP) this is why we use R0 and VMOV S15/D16 to S0/D0 ARMv8 : In ARMv8, LSL stands for "Logical Shift Left". It is an instruction used to shift the bits in a register to the left by a specified number of bits, and the bits that are shifted off the left-hand end are discarded. LSL can be used with immediate values or with a register value. The immediate value specifies the number of bits to shift, which can be between 0 and 63. When using a register value, the bottom byte of the register specifies the number of bits to shift Example : Level 1 ) LSL X1, X2, #3 --> Shift the contents of X2 left by 3 bits and store the result in X1 -> In this example, X2 is being multiplied by 8 (since 8 is 2 to the power of 3), and the result is stored in X1. Level 2) MOV and LSL example: MOV X1, #0x10 -->Move the value 0x10 into register X1 LSL X1, X1, #3 --> Shift the contents of X1 left by 3 bits (multiply by 8 ) Level 3) Float Value : 3.14159 / Hex : 0x40490FD0 --Load the value 0x0FD00000 into bits 16-31 of W0 • MOVK W0, #0x0FD0, LSL #16 --> W0 = 0x00000FD0 -- Load the value 0x40490000 into bits 32-47 of W0 • MOVK W0, #0x4049, LSL #32 -> W0 = 0x40490FD0 -- Move the value of W0 into single-precision floating-point register S0 • FMOV S0, W0 --> S0 = 0x40490FD0 (interpreted as a floating-point value) Note : 4 bytes hex (32) value we use register W and for float we use S Level 4 ) Double value : 3.14159 / Hex : 0x400921F9F01B866E MOVK X0, #0xF01B866E, LSL #16 -->X0 = 0x00000000F01B866E MOVK X0, #0x400921F9, LSL #48 -->X0 = 0x400921F9F01B866E FMOV D0, X0 Note: 8 bytes hex (64) value we use register X and for Double we use D NOTE: SAME CONCEPT IN AARCH32 WITH (INT, BOOL, FLOAT, AND DOUBLE) LSL and MOV(Z/K) is the diffrences. PART II (LDR / STR): [STRING] ( NON UNITY GAMES ) Little-endian / Big-endians : LDR and STR are instructions used in ARMv7 and ARMv8 architectures to load and store data from memory. LDR stands for "Load Register" and is used to load a value from memory into a register. The syntax for LDR in ARMv7 and ARMv8 is LDR <Register>, [<Address>] STR stands for "Store Register" and is used to store a value from a register into memory. The syntax for STR in ARMv7 and ARMv8 is STR <Register>, [<Address>] where <Register> is the name of the register to load the value into, and <Address> is the memory address from which to load the value. In both cases, the square brackets around <Address> indicate that the value inside the brackets is a memory address, rather than a register. To load the string 'GG TESTING' into a register, you can use the LDR instruction. Assume the pointer to 'G' is 0x00000004 we can use this address as the base address for the LDR instruction. The instruction for loading the first four characters of the string into a 32-bit register (e.g., R1/X1) would be: • LDR R1/X1, [0x00000004] -- R1/X1 = 'GG T' This instruction loads the 32-bit value at memory address 0x00000004 into R1/X1. Note: Use the Move instructions above (PART I) to assign the value (address) to a register BEFOR USING LDR --> LDR R1/X1, [R0] -- R0 = 0x123456789 ( use MOV to assign the correct address to R0 or X0) To load the entire string into a register, you can use the LDR instruction with a register offset. Assuming the string is stored in consecutive memory locations, we can use the following instruction to load the entire string into a register (e.g., R1/X1) LDR R1/X1, [0x00000004], #10 This instruction loads the 32-bit value at memory address 0x00000004 into R1 and increments the base address by 10 (the length of the string). As a result, the entire string 'GG TESTING' will be loaded into R1. ADVANCED : If 'GG TESTING' is a half-word (i.e., each character is 2 bytes or 16 bits) and the pointer to 'G' is located at memory address 0x0000004 + 0x8, then the instructions for loading the string into a register would be different Dummy memory: 0x0000004 (<-- pointer )= 123 0x0000008 = 21 0x000000C = 9999999 0x0000010 = 'GG' 0x0000014 = ' T' -- with space at the start. 0x0000018 = 'ES' etc.. --> between every byte value ( character ) there is 0 [ example in memory 0x00000010 = 71 (G) <-- byte 0x00000011 = 0 <-- byte 0x00000012 = 71 (G) <-- byte 0x00000013 = 0 <-- byte 0x00000014 = 32 (space) <- byte ] To load the half-word 'GG' into a 32-bit register (e.g., R0/X0), we can use the LDRH instruction as follows: LDRH R0, [0x00000004, 0x8] This instruction loads the 16-bit value at memory address 0x00000010 into the lower 16 bits of R0/X0. Since we want to load the first two characters of the string, we add an offset of 0x8 to the base address. Read more about LDR To load the entire string into a register, we can use the LDRH instruction with a register offset as follows: LDRH R0, [0x00000004, 0x8], #0xC This instruction loads the 16-bit value at memory address 0x00000010 into the lower 16 bits of R1, and increments the base address by 0xC (or 12 bytes) to load the remaining characters of the string. The 'GG TESTING' string has a length of 10 characters, which corresponds to 20 bytes (11 characters x 2 bytes per character), so we need to load 12 bytes in addition to the first 2 bytes to load the entire string. AARCH64 : LDRH --> LDURH (Load Unsigned Halfword with a 64-bit offset) or LDSRH (signed) LDURH W0, [X1, #16] ; Load a halfword from the memory address X1 + 16 into W0 This loads a 16-bit unsigned halfword from the memory address X1 + 16 into the 32-bit register W0. Note that the offset value is added to the base register X1 to form the memory address. Also, because LDURH is an unsigned load instruction, the loaded halfword is zero-extended to 32 bits. NOTE: the LDURH instruction is specific to AArch64 architecture and is not available in AArch32 architecture. STR: STR is used to store the contents of a register into a memory location that is addressed using a base register and an optional offset. The contents of the register are written to the memory location, overwriting any previous data that was stored at that location. -->STR Rd, [Rn {, #offset}] where Rd is the source register whose contents will be stored in memory, Rn is the base register that points to the memory location where the data will be stored, and offset is an optional 32-bit offset that is added to the base register to form the memory address. Example of using the STR instruction to store the contents of R0 register into a memory location: --> STR R0/X0, [R1/X1, #4] ; Store the contents of R0/X1 into the memory location R1/X1 + 4. NOTE : STR Wd, [Xn, #offset], imm | the STR instruction with the imm option is only available in AArch64. |--> Wd/Xd, [Xn, #offset] The imm option allows you to add an immediate value to the offset to form the memory address. The immediate value is sign-extended to 64 bits, shifted left by the scale factor (which is determined by the size of the data being transferred), and then added to the offset. -> STR W0, [X1, #0x100], #0x20 -- This stores the contents of register W0 into the memory location pointed to by register X1 plus 0x100 plus 0x20, overwriting any previous data stored at that location. In AArch32, there is no imm option for the STR instruction. However, you can achieve a similar effect by adding the immediate value to the offset before using it in the instruction. Here's an example: ADD R2, R1, #0x120 --> R2 = R1 + 0x120 STR R0, [R2] --> Store R0 at address R2 Here, the ADD instruction adds the immediate value 0x20 to the base register R1, storing the result in R2. The STR instruction then stores the contents of register R0 into the memory location pointed to by register R2. Note: that the immediate value is added to the offset before using it in the instruction, rather than being added as a separate operand like the imm option in AArch64. --->FOR Using LDR / STR on values just LDR/STR R0/X0, [DESTINATION ADDRESS] Note : Unity games use pointers for the string ----------------------------------------------> Converting Float and Double to Hex <--------------------------------- This is mainly IEEE Standard for Floating-Point Arithmetic. (you can skip this part by using online converter) > You need : • Advanced Lua scripting Knowladge. • Math Knowladge. • Binary 32 and 64 Knowladge. --------------Please read--------------

I edited one by one and nothing changed. Increment just did this (1st pic) and group search this (2nd pic)