Jump to content

Looking for any to teach me how to find a specific pointer using classname

xhenor

By xhenor
in Requests

Recommended Posts

xhenor Newbie

xhenor

Posted
Posted

ive already dumped a il2cpp file and know how to use gg but a problem has been buggering me it seems that u need to find a specific pointer to edit the value or know the value of an offset can anyone teach me how to find a pointer using a class name 

Platonic Mentor

Platonic

Posted
Posted
On 3/12/2022 at 1:58 PM, xhenor said:

ive already dumped a il2cpp file and know how to use gg but a problem has been buggering me it seems that u need to find a specific pointer to edit the value or know the value of an offset can anyone teach me how to find a pointer using a class name 

you search the class name with GG in the region of which the metadata is located. pointer search the address that holds the first char of the string in region Ca or A. Then do offset calculation. Go to the address of the value. You could get more then one result. two or three but you can quickly review each of them. The pointer you need is always few addresses below current address. can't give you an accurate offset because it could differ depending which structure is used. but commonly it looks like this:

Platonic Mentor

Platonic

Posted
Posted

You search for example this class name

Screenshot_2022-03-14-14-30-45-767_com.bandainamcoent.dblegends_ww.thumb.jpg.d3b33f42136720bc3d44c9c6b9da5b99.jpg

The first char capital "C" or "67" pointer search its address in the corresponding region, could be A or Ca even other. Depends on the instruction set your device supports.

Screenshot_2022-03-14-14-31-05-054_com.bandainamcoent.dblegends_ww.thumb.jpg.779bc5339f524c6fdd8b505f75290d5f.jpg

Screenshot_2022-03-14-14-31-35-443_com.bandainamcoent.dblegends_ww.thumb.jpg.25dd3b9a3a982438327cc9f2d4eb1112.jpg

You could get more then one result. Check each one manually by going to the address of it.

Screenshot_2022-03-14-14-31-57-764_com.bandainamcoent.dblegends_ww.thumb.jpg.3a9781bfdaff0bed759d2daa6495ea97.jpg

In this case i checked the first result.

Screenshot_2022-03-14-14-32-16-099_com.bandainamcoent.dblegends_ww.thumb.jpg.2f161eb3cd2b12cefdc52f0ed4d68fd2.jpg

And we are back at the same screenshot as the first post. But this is just one structure. There are many different structures. But now that purple pointer you can use for find fields of that class. Select it and do pointer search in Region A. Best is to do it when your in lobby or in a match.

Screenshot_2022-03-14-14-44-54-453_com.google.android.documentsui.thumb.jpg.9513bca6d7d1da9d0aff3006f9d0be50.jpg

Screenshot_2022-03-14-14-44-04-716_com.bandainamcoent.dblegends_ww.thumb.jpg.3f78e1cfb6b438a733c1ed9ad97bc2ca.jpg

From there on out you can save the results and do the same field offset calculations as you have in your class shown in the dump.cs

 

Platonic Mentor

Platonic

Posted
Posted

But the logic is the same. Pointer of class is always below class name. Not sure if i should say below or above. based on how instructions are fetched and decoded this kind of is confusing for have right term. I think in this case "above" is correct.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.