Jump to content
  • 0

How to find exact value to search if I have dump.cs file


endcell

Question

I tried to mod il2cpp.so, I can't get the Assembly-Cshap.dll because global-metadata.dat was obfuscated but I can get the dump.cs file using riru, that make me have all Address (RVA, VA, offset...).

For these address, I know how to convert hex <-> dword  <-> float  <-> ARM and can find exact the address on Xa memory, but there not good at all.

My question is, how to find exact value to find in another memory regions (like .bbs, anonymous...), where the value come from?. I need to dump memory? Find pointer?...

I see many people using exact value (Dword/Float) to search and using offset, but I don't know how I can find them.

Please help me, any guides?

Thanks.

Link to comment
Share on other sites

2 answers to this question

Recommended Posts

First, you need to dump the lib to get the offset.

When you have offset, you can direct find by hex/reserves hex or convert to Decimal/float using online hex tools in Xa region (code app).

For another memory, you need to understand what region stand for, and depend on the games, take a look around, play a bit, search for values to find the address, then take a look around this address, find the formula, create a group search, refine the value , edit all and you're done.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.