Searching an offset

[AKidWithMidgetFriend]

Hello fellow forum members, I had learned about apk modification from platinmod's and I have successfully dumped and inspected my game I have found an offset I want to search in gg but I'm kind of blanking out on how to search an offset in GameGuardian:'(

[NoFear]

Memory browser.

Goto address.

Xa range, select the lib you will be editing.

Goto it's start address. Long press address. Offset calculator. Enter your offset (hex). Click goto

[AKidWithMidgetFriend]

18 hours ago, NoFear said:

Memory browser.

Goto address.

Xa range, select the lib you will be editing.

Goto it's start address. Long press address. Offset calculator. Enter your offset (hex). Click goto

Hello, thank you this worked perfectly, but now I've found another line of code I was curious about and my specific question I cannot find an answer to with some searches because alot of different topics use the word offset

I found a public bool for god_mode in the dump.cs and it looks something like this 

public bool god_mode // 0xD0

My question is 0xD0 an offset, the code doesn't explicitly state that it is and it is rather short compared to the offsets I've seen and used so far so it's a little questionable for an inexperienced person such as myself.

Sorry for not being to the point as I know your time, and whoever else looks into this thread is very important, but thank you for your time and help!

[NoFear]

6 minutes ago, AKidWithMidgetFriend said:

Hello, thank you this worked perfectly, but now I've found another line of code I was curious about and my specific question I cannot find an answer to with some searches because alot of different topics use the word offset

I found a public bool for god_mode in the dump.cs and it looks something like this 

public bool god_mode // 0xD0

My question is 0xD0 an offset, the code doesn't explicitly state that it is and it is rather short compared to the offsets I've seen and used so far so it's a little questionable for an inexperienced person such as myself.

Sorry for not being to the point as I know your time, and whoever else looks into this thread is very important, but thank you for your time and help!

0xD0

You look for something like

Ldr W8, [x25, 0xD0]

Where W8 and X25 are just random for this example.

You'll have to find offset. In dump still. 

[AKidWithMidgetFriend]

On 2/22/2021 at 6:57 PM, NoFear said:

0xD0

You look for something like

Ldr W8, [x25, 0xD0]

Where W8 and X25 are just random for this example.

You'll have to find offset. In dump still. 

Hello NoFear!

Thank you for your help understanding that bit about field offsets 

But another question arose while observing a dump dll and given that you are so familiar with offsets you'd seem like the perfect person to help

So I noticed that these classes have assigned Tokens... These tokens are structured very similarly to offsets.

My questions being;

Are tokens and offsets directly related or are they both just reference constructors to allocate data?

Can a token be searched in the libil2cpp with HxD the same way you'd search an offset?

I'm sorry if I am wasting your time by inquiring I try not to make a habit of asking others opposed to plugging my questions into a search engine  but I couldn't find the proper keywords to filter out irrelevant information

[nio04]

On 2/22/2021 at 10:55 AM, NoFear said:

Memory browser.

Goto address.

Xa range, select the lib you will be editing.

Goto it's start address. Long press address. Offset calculator. Enter your offset (hex). Click goto

i see 3 libil2cpp files... so check 1 by 1?

 

the offset (hex) we will paste, that was from dump file?

[AKidWithMidgetFriend]

1 hour ago, nio04 said:

i see 3 libil2cpp files... so check 1 by 1?

 

the offset (hex) we will paste, that was from dump file?

Are they all libil2cpp or are they just .so files because then youd go with the one that says libil2cpp.so or if there is not libil2cpp in the .so list then you want to go with the one with the largest byte size

If the largest il2cpp binary file isn't libil2cpp then you're going to need ida pro

But if it is libil2cpp then dump it with the metadata

The dump cs and dummy dll should contain just about the same information and these are both to find offsets associated with certain game functions or methods

You drop the libil2cpp.so that you used to do the dump and you put it into HxD which will allow you to search these offsets with ctrl+g. 

 

[nio04]

11 minutes ago, AKidWithMidgetFriend said:

Are they all libil2cpp or are they just .so files because then youd go with the one that says libil2cpp.so or if there is not libil2cpp in the .so list then you want to go with the one with the largest byte size

If the largest il2cpp binary file isn't libil2cpp then you're going to need ida pro

But if it is libil2cpp then dump it with the metadata

The dump cs and dummy dll should contain just about the same information and these are both to find offsets associated with certain game functions or methods

You drop the libil2cpp.so that you used to do the dump and you put it into HxD which will allow you to search these offsets with ctrl+g. 

 

understood! thanks for the information

 

u saw any lib script?

[AKidWithMidgetFriend]

36 minutes ago, nio04 said:

understood! thanks for the information

 

u saw any lib script?

I don't really know about lib scripts but I do know how to return a libil2cpp file in a gg memory page or how to use offsets found in lib files in a gg script

As for the accessing in GG then go to the hamburger menu which is the three lines with bullet points next to them 

The hamburger menu will bring you to memory pages here you should tap the bold rightward pointing arrow(not the small one but the one without a leftward pointing counterpart)  this will allow you to select a memory range to go to

Select Xa code app range and you should be able to see which file is for which option at the end of the choice. 

Here are some pictures to go along with this

[NoFear]

7 hours ago, AKidWithMidgetFriend said:

Hello NoFear!

Thank you for your help understanding that bit about field offsets 

But another question arose while observing a dump dll and given that you are so familiar with offsets you'd seem like the perfect person to help

So I noticed that these classes have assigned Tokens... These tokens are structured very similarly to offsets.

My questions being;

Are tokens and offsets directly related or are they both just reference constructors to allocate data?

Can a token be searched in the libil2cpp with HxD the same way you'd search an offset?

I'm sorry if I am wasting your time by inquiring I try not to make a habit of asking others opposed to plugging my questions into a search engine  but I couldn't find the proper keywords to filter out irrelevant information

You would use a disassembler... IDA for example. Then could search strings for the "0xD0".  Granted, will be insane number of results. Because the 0xD0 I believe could be used for something else on another function. 

I'm still relatively new with lib editing.... I know enough to be dangerous

[added 0 minutes later]

2 hours ago, nio04 said:

understood! thanks for the information

 

u saw any lib script?

Scripts for lib editing. Do exist.

[Impulse21]

 

On 2/22/2021 at 5:55 AM, NoFear said:

Memory browser.

Goto address.

Xa range, select the lib you will be editing.

Goto it's start address. Long press address. Offset calculator. Enter your offset (hex). Click goto

This was extremely helpful, cause now i can edit offsets ingame instead of having to mod with hex editor and sign etc every time on pc. 

But one question though, if the offset i'm searching is from a void method and i just want to enable it how would you do that? I followed this, got to where i wanted, but have no idea what datatype i should change to just "activate" the void method.

[Sohaiekw]

the 0xD0 offset is a field, check the class name lil bro