Jump to content

Trying to make a hitbox script, could use some help


 Share

Recommended Posts

  • 8 months later...

To be frank, on a emulator it would take a long time because Ca contains no data (at least on mine) so the desired value is in Anonymous which would mean that you need to like research each result individually and its structure. But when you dump the lib you can see that the value type are mostly double.
The actual process is finding the class name and from there on out work your self up till you obtain the method values. The following instructions is for anyone that would like to test it out in gob, also this approach could work on other shooter games 🙂

In guns of boom in particular it work like the following, for the tutorial i will use 64bit example, (also considering you dumped the game and have a proper structure layed out for you. You don't "need" to dump the metadata)

  1. 00:05 Set memory range on "Other" and search for "headHitBoxScale" (Qword).
  2. 00:32 Refine the results to value 104 (Byte) and add them to the saved list
    - we will use pointers to find the class name.
    - class name can then be used as a direct reference to find the values.
  3. 00:50 Set memory range to "Ca" (if Ca = 0 MB change it to Anonymous) but that will be a lot of work - personal opinion.
  4. 00:55 Go to the address of the first saved address in the save list.
  5. 01:00 Copy one address above and below in a offset of 24 to 32 decimal of the main address.
  6. 01:27 Past them in the search bar, and search them as a hex value, if you don't get any results. No problem try the other address that you saved in the saved list since all you need is a result. A address is 8 bytes long on 64bit apk's so past the right amount of bytes in the search bar.
    - note 64bit = so a pointer needs 8 bytes = (Qword) to store an address which point to a location in "virtual" memory, make sure to not miss any bytes.
    - note 32bit = so a pointer needs 4 bytes = (Dword) to store an address which point to a location in "virtual" memory.
  7. 02:20 You should have one, max two results add it to the saved list, if you have more, don't worry you can use any value shown in the search results.
  8. 02:30 Go to the address of the value shown in the search result/saved list.
  9. 02:40 8 bytes below the address you went to you can see that that specific address holds an other pointer. Long press and go to the pointer.
  10. 02:46 You will need the current address soon but note that you found the class name as well. The address 16 bytes below the current address is a pointer which will point to the class name.
  11. 03:00 You can use the class name as direct reference next time, instead of searching "headHitBoxScale" you can search for "ControllerSettings", quite the shortcut.
  12. 03:34 Let's continue where we left of, Copy the address that holds the purple value (the current address that was shown in step 10)
  13. 03:42 Set memory range to "Anonymous", past the address in the search bar and search it as a hex value. You should have two results.
  14. 04:05 Go to the address of the first address shown in the search result.
  15. 04:10 Congrats - values of the variables are found. - headHitbox the structure can be seen in the following images. Image 1 is the dump and image two is the values we just found.

video for reference:

 

Edited by XxhentaixX
Link to comment
Share on other sites

  • 4 weeks later...
On 11/26/2021 at 7:19 AM, XxhentaixX said:

To be frank, on a emulator it would take a long time because Ca contains no data (at least on mine) so the desired value is in Anonymous which would mean that you need to like research each result individually and its structure. But when you dump the lib you can see that the value type are mostly double.
The actual process is finding the class name and from there on out work your self up till you obtain the method values. The following instructions is for anyone that would like to test it out in gob, also this approach could work on other shooter games 🙂

In guns of boom in particular it work like the following, for the tutorial i will use 64bit example, (also considering you dumped the game and have a proper structure layed out for you. You don't "need" to dump the metadata)

  1. 00:05 Set memory range on "Other" and search for "headHitBoxScale" (Qword).
  2. 00:32 Refine the results to value 104 (Byte) and add them to the saved list
    - we will use pointers to find the class name.
    - class name can then be used as a direct reference to find the values.
  3. 00:50 Set memory range to "Ca" (if Ca = 0 MB change it to Anonymous) but that will be a lot of work - personal opinion.
  4. 00:55 Go to the address of the first saved address in the save list.
  5. 01:00 Copy one address above and below in a offset of 24 to 32 decimal of the main address.
  6. 01:27 Past them in the search bar, and search them as a hex value, if you don't get any results. No problem try the other address that you saved in the saved list since all you need is a result. A address is 8 bytes long on 64bit apk's so past the right amount of bytes in the search bar.
    - note 64bit = so a pointer needs 8 bytes = (Qword) to store an address which point to a location in "virtual" memory, make sure to not miss any bytes.
    - note 32bit = so a pointer needs 4 bytes = (Dword) to store an address which point to a location in "virtual" memory.
  7. 02:20 You should have one, max two results add it to the saved list, if you have more, don't worry you can use any value shown in the search results.
  8. 02:30 Go to the address of the value shown in the search result/saved list.
  9. 02:40 8 bytes below the address you went to you can see that that specific address holds an other pointer. Long press and go to the pointer.
  10. 02:46 You will need the current address soon but note that you found the class name as well. The address 16 bytes below the current address is a pointer which will point to the class name.
  11. 03:00 You can use the class name as direct reference next time, instead of searching "headHitBoxScale" you can search for "ControllerSettings", quite the shortcut.
  12. 03:34 Let's continue where we left of, Copy the address that holds the purple value (the current address that was shown in step 10)
  13. 03:42 Set memory range to "Anonymous", past the address in the search bar and search it as a hex value. You should have two results.
  14. 04:05 Go to the address of the first address shown in the search result.
  15. 04:10 Congrats - values of the variables are found. - headHitbox the structure can be seen in the following images. Image 1 is the dump and image two is the values we just found.

video for reference:

 

I try use it in game frag pro shooter but i got confuse value, in range A i see the value always same if go to address and when i see type double value. when i change it so it will giving crash, so this method only game can dump? (Finding HitBoxScale) can you show other method to get this feature in other game? Like sausage or shell fire game, this game hard to dump when i try it

Edited by Tonikun
Link to comment
Share on other sites

2 hours ago, Tonikun said:

I try use it in game frag pro shooter but i got confuse value, in range A i see the value always same if go to address and when i see type double value. when i change it so it will giving crash, so this method only game can dump? (Finding HitBoxScale) can you show other method to get this feature in other game? Like sausage or shell fire game, this game hard to dump when i try it

The approach it self can be applied on Unity games. The name of the function you would need to find out for your self. You can't really now what function does what beside guessing based on what the developers called it. It just happened to be so obvious in this game that they call it "headHitboxScale". Could not be more obvious then that. You first search the first character of the string. Then copy the address and search it in Ca, unless Ca is almost does not hold any data you will need to search it in A. Then follow the pointer structure as shown in this video and copy the right address and search it in A aswell (the final address you copied will be in A. You should then do offset calculation as shown in the dump.cs. Offset is based from pointer(class name or folder name) to the function in that folder. But dump.cs will show you that. If you crashed it either means you changed a wrong value or the game simply can't run if value is changed. Watch the full video perhaps. It is on 32bit. I believe everything is more explained. Follow the pointer structure and modify which correspond to its data type.

 

10 hours ago, HOSTLINGBR said:
On 11/26/2021 at 1:19 AM, XxhentaixX said:
  1. does it work in online games?

Works what in online games? The pointer structure is general. If the value you modified will work just depends on the game security. This example is a online game.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.