Jump to content
  • 0

Dump Memory Guidance


HorridModz
 Share

Question

Hello guys,

I was trying to find an ammo hack in a game. The ammo value is encrypted, so my idea was to find an offset or group search that is static so I can write a script to hack ammo. The ammo values is encrypted, but I have a (long and inefficient) way to get the ammo value.

All I need to do is get the address of the ammo value. This is why I am trying to use an offset or group search.

I was struggling to find static values, so I thought of posting two different dumps of the memory near the ammo value, and asking if anyone else could find any static values by comparing the two dumps.

My problem is that when I used the dump memory button and put in two addresses each about 300 or so values in either direction of the ammo address, gameguardian said around 300,000 results were found and generated a massive file.

I believe I used the dump memory feature incorrectly. My goal is to send a few hundred of the nearby values from the ammo address on either side so other people can analyze these values and maybe suggest possible group searches of offsets.

Can someone please tell me how to achieve this? Maybe dump memory is the wrong feature for this?

Thanks for reading!

Edit: Here is a picture of what I am talking about sending other people.

Screenshot_20220623-123921.thumb.png.e4ddb1a6cf1c9c782cefcbbb97e6c0aa.png

Edited by HorridModz
Added picture
Link to comment
Share on other sites

14 answers to this question

Recommended Posts

  • 1

These days i only use metadata offsets, getting tired of group searches...only if really needed...for some specific things which arent from metadata..but your trying to cheat ammo. You have multiple guns during match...unless you have one group search that give ammo for all guns it wouldn't be really efficient to do a group search for each gun, This is your ammo class. "丟七不丗上丑丅丆丞"

So search that class. It will display all ammo settings for each gun according the right offsets. But you would need to optimize the script so that it works properly for those on emulators or that only have data in region Other...all those special cases.

Link to comment
Share on other sites

  • 1

I mean. You have a class named "丟七不丗上丑丅丆丞". You search that name in the metadata.dat with GG, If you get the names multiply times in the result list you have to copy a bit more bytes, So you only get the name one time in the result list. Then pointer search the first byte of that string, "丟". Its same thing as with offsets but slower. You still have to do pointer search after, but you wont need to update offsets each time. This is only if your values are in one of those green regions. But a similair way can be used for values in Xa...at least if it are functions your trying to modify or some thing like that.

Edited by Platonic
Link to comment
Share on other sites

  • 0
11 hours ago, Platonic said:

These days i only use metadata offsets, getting tired of group searches...only if really needed...for some specific things which arent from metadata..but your trying to cheat ammo. You have multiple guns during match...unless you have one group search that give ammo for all guns it wouldn't be really efficient to do a group search for each gun, This is your ammo class. "丟七不丗上丑丅丆丞"

So search that class. It will display all ammo settings for each gun according the right offsets. But you would need to optimize the script so that it works properly for those on emulators or that only have data in region Other...all those special cases.

Yes, I am aware I can just use the dump.cs. In fact, I already have made infinite ammo scripts for this game multiple times before. But the problem is, these scripts only work for one game update. I am trying to make something permanent.

In addition, my main goal is to improve my skills with finding and using group searches and offsets - and I would also love to learn how to use the dump memory function correctly since I feel dumb! 😛

Link to comment
Share on other sites

  • 0
11 minutes ago, HorridModz said:

But the problem is, these scripts only work for one game update. I am trying to make something permanent.

Code to autoupdate the function. Like ByNameModding.

Link to comment
Share on other sites

  • 0
13 minutes ago, Lover1500 said:

Code to autoupdate the function. Like ByNameModding.

Yes, maybe, but this is not my point. Read the second paragraph.

Link to comment
Share on other sites

  • 0
16 minutes ago, HorridModz said:

Yes, I am aware I can just use the dump.cs. In fact, I already have made infinite ammo scripts for this game multiple times before. But the problem is, these scripts only work for one game update. I am trying to make something permanent.

In addition, my main goal is to improve my skills with finding and using group searches and offsets - and I would also love to learn how to use the dump memory function correctly since I feel dumb! 😛

But then why do a group search for individual guns? Your screenshot is for a individual gun instead of all guns.

Regarding permanent and group searches. Can't you search the string at that offset. I copy a sercent amount of bytes so that at each update i find the right offsets. If you dont want to use offsets and don't mind group searchers and time delays then use the string names for search. Then the chance that you would need to do some changes depending on the game is very low. But probably if you do some deep metadata analysis there is a other way which doesnt require group search. 

Link to comment
Share on other sites

  • 0

Making group searches is most of time just trying. But to confirm the values are swuitable for group search you could do a few tests. And since you mostly publicise scripts values on your device could be different then the values on someone else devices although doing it the same thing. With ammo probably not. But it happens. You don't really need to compare dumps from your own device. Compare two dumps from two different devices, me i usually compare emulators(32 or 64) and a mobile(32 or 64) if in all the same then you should be good for copy and make the group search. Its more accurate...if your doing dump comparison for find group searches i mean. Make sure you restarted the game several times to confirm the group search. Make sure you understand the behaviour of the values your trying to make a group search with.

Link to comment
Share on other sites

  • 0
26 minutes ago, Platonic said:

But then why do a group search for individual guns? Your screenshot is for a individual gun instead of all guns.

Regarding permanent and group searches. Can't you search the string at that offset. I copy a sercent amount of bytes so that at each update i find the right offsets. If you dont want to use offsets and don't mind group searchers and time delays then use the string names for search. Then the chance that you would need to do some changes depending on the game is very low. But probably if you do some deep metadata analysis there is a other way which doesnt require group search. 

What do you mean by search the string at that offset? What is a string at an offset? Do you mean to search for the hex bytes like hex patching and save the string at the first byte? I have never heard of a method like that. I don't really know what you are talking about when it comes to strings.

Anyway, my main goal is not to make a hack. Again, I was trying to improve my skill at finding offsets and group searches (and also try something new!). Thanks though, I just wish I could understand what you mean.

16 minutes ago, Platonic said:

Making group searches is most of time just trying. But to confirm the values are swuitable for group search you could do a few tests. And since you mostly publicise scripts values on your device could be different then the values on someone else devices although doing it the same thing. With ammo probably not. But it happens. You don't really need to compare dumps from your own device. Compare two dumps from two different devices, me i usually compare emulators(32 or 64) and a mobile(32 or 64) if in all the same then you should be good for copy and make the group search. Its more accurate...if your doing dump comparison for find group searches i mean. Make sure you restarted the game several times to confirm the group search. Make sure you understand the behaviour of the values your trying to make a group search with.

So you recommend finding the value and comparing the addresses and values on two devices at once? This is a smart method, thank you!

Link to comment
Share on other sites

  • 0
On 6/25/2022 at 4:49 AM, HorridModz said:

What do you mean by search the string at that offset? What is a string at an offset? Do you mean to search for the hex bytes like hex patching and save the string at the first byte? I have never heard of a method like that. I don't really know what you are talking about when it comes to strings.

Anyway, my main goal is not to make a hack. Again, I was trying to improve my skill at finding offsets and group searches (and also try something new!). Thanks though, I just wish I could understand what you mean.

So you recommend finding the value and comparing the addresses and values on two devices at once? This is a smart method, thank you!

Probably he just mentioned about debug symbols wich can be the same on each update. Just search some string near or on that area of target, it can pinpoint you to that target. 

On the other hand, game may have different offsets depending on library architecture wich can differs each device. I only recommend doing it only on Armeabi (armv7), x86, or arm64 arch if you're going to make public hacks. 

Link to comment
Share on other sites

  • 0
On 6/26/2022 at 2:19 AM, Yuukis said:

Probably he just mentioned about debug symbols wich can be the same on each update. Just search some string near or on that area of target, it can pinpoint you to that target. 

On the other hand, game may have different offsets depending on library architecture wich can differs each device. I only recommend doing it only on Armeabi (armv7), x86, or arm64 arch if you're going to make public hacks. 

Offsets in metadata are the first character of the string. So unless the string name changes each update you could use this method to.

@HorridModz you can use the guns of boom script for check how offset is used. Its open source. Print the offsets or save them in the saved list. Then go to its address...you can see that each offset is the first char of a string. The string is equal to the class name. Then the address of that first char is used as new search...so you can either use offsets to get that first char..or you can search the full string. Check the script

Link to comment
Share on other sites

  • 0
On 6/26/2022 at 2:19 AM, Yuukis said:

On the other hand, game may have different offsets depending on library architecture wich can differs each device. I only recommend doing it only on Armeabi (armv7), x86, or arm64 arch if you're going to make public hacks. 

But you can just dump both 32/64 of the game so that you can input the right offsets. You then need to know the instruction set architecture and check if its 32 or 64 bit so that script works for most devices.

Link to comment
Share on other sites

  • 0
12 hours ago, Platonic said:

Offsets in metadata are the first character of the string. So unless the string name changes each update you could use this method to.

@HorridModz you can use the guns of boom script for check how offset is used. Its open source. Print the offsets or save them in the saved list. Then go to its address...you can see that each offset is the first char of a string. The string is equal to the class name. Then the address of that first char is used as new search...so you can either use offsets to get that first char..or you can search the full string. Check the script

If class name changes, it won't work?

Link to comment
Share on other sites

  • 0
1 hour ago, HorridModz said:

If class name changes, it won't work?

Then it won't work no, but i haven't tried it on so much games so maby the name changing is mostly a thing with obfuscated games. Not sure.

Link to comment
Share on other sites

  • 0
22 hours ago, Platonic said:

But you can just dump both 32/64 of the game so that you can input the right offsets. You then need to know the instruction set architecture and check if its 32 or 64 bit so that script works for most devices.

It's true, just suggesting what arch most device use.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.