How to find exact value to search if I have dump.cs file

[endcell]

I tried to mod il2cpp.so, I can't get the Assembly-Cshap.dll because global-metadata.dat was obfuscated but I can get the dump.cs file using riru, that make me have all Address (RVA, VA, offset...).

For these address, I know how to convert hex <-> dword  <-> float  <-> ARM and can find exact the address on Xa memory, but there not good at all.

My question is, how to find exact value to find in another memory regions (like .bbs, anonymous...), where the value come from?. I need to dump memory? Find pointer?...

I see many people using exact value (Dword/Float) to search and using offset, but I don't know how I can find them.

Please help me, any guides?

Thanks.

[RizPrasety]

There is many script here that use offsets (maybe) but I just know this and it was made by @Kruvcraft

[TekMonts]

First, you need to dump the lib to get the offset.

When you have offset, you can direct find by hex/reserves hex or convert to Decimal/float using online hex tools in Xa region (code app).

For another memory, you need to understand what region stand for, and depend on the games, take a look around, play a bit, search for values to find the address, then take a look around this address, find the formula, create a group search, refine the value , edit all and you're done.