Jump to content
  • 0

Help offset pointers


MANDO01

Question

6 answers to this question

Recommended Posts

I already gave you the answer. You ask for example but not all games are the same. So i can only give example of how it works in general. Which i just did but i was expecting to leave the rest your knowledge on how to use pointers...etc.

Most examples are for Unity games but not all games are Unity so i give you a general explenation that does not care about the game engine or whatsoever. 

Scenario:

I found X coordinates in some game, took me 5 min to find. When i restart the game i must find the values again. I don't want that. The values around the coordinates are changing each time so i can't do group search. My only option is doing pointer search.

Solution:

You need to find a value that points to an executable. First you check if the distance between your value(in my case the X coordinate with address 0x6FCF08C690)and the pointer you found stays the same. Even after restart. If its not the same then you need to look for the next pointer. 

I found a pointer at offset -0x1E0, with address 0x6FCF08C4B0

Screenshot_2022-08-27-16-47-51-702_com.levelinfinite.hotta_gp.thumb.jpg.ede8a32b0cfaaa2f204eb219b1a7766d.jpg

it pointed directly to a segment of an executable. The pointer met the following conditions:

  1. It points to an segment of an executable / or it points to an address on which you can use pointer search as well which eventually gets you to an executable or some static data on which you can perform an offset calculation.
  2. The offset from the pointer to the X coordinate did not change.

So you do pointer search, you can see it points a segment of the executable. Its in Cb: .data. with address 0x70836DCAC8

Screenshot_2022-08-27-16-48-03-578_com.levelinfinite.hotta_gp.thumb.jpg.7096cc4169fc4a4eeb5f1662a9023bef.jpg

Screenshot_2022-08-27-17-10-24-417_com.android.chrome.thumb.jpg.d8a4aeed8cb0516db61200090d96e481.jpg

We now know that as long the process is running the pointer in region A will point to that address in CD. Even if the X coordinate value in A changes address we know that on its offset - 0x1E0 there will be that pointer pointing to that address.

If we would restart the game the offset from X coordinate to that value pointer would still be - 0x1E0. 

Since the value on that address in Cd is a pointer as well we need to search a bit deeper so that we reach the place where it's only assembly instructions. So i goto its pointer. 

The address is 0x707D66CBB8

Screenshot_2022-08-27-17-18-50-136_com.android.chrome.thumb.jpg.d30670204d0d222bb878a74f0a1da81d.jpg

So we reached the segment of the executable where its all ARM assembly instructions. In this case the instructions are 64 bit. Now we need to see where is the start of the executable is. Copy the address 0x707D66CBB8 and see which region it is.

Screenshot_2022-08-27-17-27-14-202_com.android.chrome.thumb.jpg.6ddfb956f35af7fa5c17bb4a720d9797.jpg

  1. The address 0x707D66CBB8 is located in Xa
  2. The start of that segment is in 0x707D33D000 however in this case its not the start of the executable. But its because of this type of game and the architecture. Normally in most games the start of that segment in which your value is located is the start of the executable. For me the start of thr executable is the first libUE4.so path that you can see. Which is in region Cd and has address 0x7079183000

Screenshot_2022-08-27-17-35-22-647_com.android.chrome.thumb.jpg.1fb96f54f7854f5deaa6a85f393ddc2d.jpg

You calculate the offset from start of executable to the address where you found your value which was in Xa.

In my case thats 0x44E9BBA

Screenshot_2022-08-27-17-43-52-966_com.android.chrome.thumb.jpg.a98f74c5317cd5984f48f1fa5ec20c85.jpg

Now you have everything you need. I saved it all in the saved list, hope it looks clear.

Screenshot_2022-08-27-17-37-34-757_com.android.chrome.thumb.jpg.6b4eaf9be834363f72a4dbb1a583b774.jpg

So now next time you start the game and search for X coordinate you can directly do this: 

  1. Find the mapped memory region in which the start of your executable is. In my case its in Cd and the name of the executable is libUE4.so
  2. Do the offset calculation which was 0x44E9BBA
  3. Then pointer search its address since we have a value that points to that address in region Cd
  4. Then pointer search the address in Cd which eventually shows you the pointer in region A
  5. Then offset 0x1E0 which eventually gets you to the X coordinate value

It can happend that you get multiply unwanted results while doing pointer searches but thats up to your eyes on how to filter those out.

Link to comment
Share on other sites

On 8/22/2022 at 2:45 PM, Platonic said:

I wonder why its posted in a forum which is mainly about mod menus. This kind of posts should be in the GG forum.

There is an issue, Original poster is finding a value in Cb. And using it as a offset, Cb does not has a fixed size. So your offset starting from the start of the executable should not reach that portion of memory. 

Yes if your value in A has a nearby pointer that eventually points to a memory region that has some static data in Xa for example and has a fixed size you can do pointer search back to your value in Anonymous. You need to make sure that the distance between the pointer and value in region A are same distance.

This doesn't help but thanks 😇

Link to comment
Share on other sites

All hacks in all or most of the games are in each storage with different values if you can't access A You will find it in another storage, If you find the value, you can convert it to offset

 

Link to comment
Share on other sites

2 hours ago, ENDUP said:

All hacks in all or most of the games are in each storage with different values if you can't access A You will find it in another storage, If you find the value, you can convert it to offset

 

I can find the value but how to convert it to offset

Link to comment
Share on other sites

I wonder why its posted in a forum which is mainly about mod menus. This kind of posts should be in the GG forum.

There is an issue, Original poster is finding a value in Cb. And using it as a offset, Cb does not has a fixed size. So your offset starting from the start of the executable should not reach that portion of memory. 

17 hours ago, MANDO01 said:

But some people saying there a way to get offsets from anonymous range by using pointers anyone know how to do it

Yes if your value in A has a nearby pointer that eventually points to a memory region that has some static data in Xa for example and has a fixed size you can do pointer search back to your value in Anonymous. You need to make sure that the distance between the pointer and value in region A are same distance.

Link to comment
Share on other sites

On 8/27/2022 at 6:48 PM, Platonic said:

I already gave you the answer. You ask for example but not all games are the same. So i can only give example of how it works in general. Which i just did but i was expecting to leave the rest your knowledge on how to use pointers...etc.

Most examples are for Unity games but not all games are Unity so i give you a general explenation that does not care about the game engine or whatsoever. 

Scenario:

I found X coordinates in some game, took me 5 min to find. When i restart the game i must find the values again. I don't want that. The values around the coordinates are changing each time so i can't do group search. My only option is doing pointer search.

Solution:

You need to find a value that points to an executable. First you check if the distance between your value(in my case the X coordinate with address 0x6FCF08C690)and the pointer you found stays the same. Even after restart. If its not the same then you need to look for the next pointer. 

I found a pointer at offset -0x1E0, with address 0x6FCF08C4B0

Screenshot_2022-08-27-16-47-51-702_com.levelinfinite.hotta_gp.thumb.jpg.ede8a32b0cfaaa2f204eb219b1a7766d.jpg

it pointed directly to a segment of an executable. The pointer met the following conditions:

  1. It points to an segment of an executable / or it points to an address on which you can use pointer search as well which eventually gets you to an executable or some static data on which you can perform an offset calculation.
  2. The offset from the pointer to the X coordinate did not change.

So you do pointer search, you can see it points a segment of the executable. Its in Cb: .data. with address 0x70836DCAC8

Screenshot_2022-08-27-16-48-03-578_com.levelinfinite.hotta_gp.thumb.jpg.7096cc4169fc4a4eeb5f1662a9023bef.jpg

Screenshot_2022-08-27-17-10-24-417_com.android.chrome.thumb.jpg.d8a4aeed8cb0516db61200090d96e481.jpg

We now know that as long the process is running the pointer in region A will point to that address in CD. Even if the X coordinate value in A changes address we know that on its offset - 0x1E0 there will be that pointer pointing to that address.

If we would restart the game the offset from X coordinate to that value pointer would still be - 0x1E0. 

Since the value on that address in Cd is a pointer as well we need to search a bit deeper so that we reach the place where it's only assembly instructions. So i goto its pointer. 

The address is 0x707D66CBB8

Screenshot_2022-08-27-17-18-50-136_com.android.chrome.thumb.jpg.d30670204d0d222bb878a74f0a1da81d.jpg

So we reached the segment of the executable where its all ARM assembly instructions. In this case the instructions are 64 bit. Now we need to see where is the start of the executable is. Copy the address 0x707D66CBB8 and see which region it is.

Screenshot_2022-08-27-17-27-14-202_com.android.chrome.thumb.jpg.6ddfb956f35af7fa5c17bb4a720d9797.jpg

  1. The address 0x707D66CBB8 is located in Xa
  2. The start of that segment is in 0x707D33D000 however in this case its not the start of the executable. But its because of this type of game and the architecture. Normally in most games the start of that segment in which your value is located is the start of the executable. For me the start of thr executable is the first libUE4.so path that you can see. Which is in region Cd and has address 0x7079183000

Screenshot_2022-08-27-17-35-22-647_com.android.chrome.thumb.jpg.1fb96f54f7854f5deaa6a85f393ddc2d.jpg

You calculate the offset from start of executable to the address where you found your value which was in Xa.

In my case thats 0x44E9BBA

Screenshot_2022-08-27-17-43-52-966_com.android.chrome.thumb.jpg.a98f74c5317cd5984f48f1fa5ec20c85.jpg

Now you have everything you need. I saved it all in the saved list, hope it looks clear.

Screenshot_2022-08-27-17-37-34-757_com.android.chrome.thumb.jpg.6b4eaf9be834363f72a4dbb1a583b774.jpg

So now next time you start the game and search for X coordinate you can directly do this: 

  1. Find the mapped memory region in which the start of your executable is. In my case its in Cd and the name of the executable is libUE4.so
  2. Do the offset calculation which was 0x44E9BBA
  3. Then pointer search its address since we have a value that points to that address in region Cd
  4. Then pointer search the address in Cd which eventually shows you the pointer in region A
  5. Then offset 0x1E0 which eventually gets you to the X coordinate value

It can happend that you get multiply unwanted results while doing pointer searches but thats up to your eyes on how to filter those out.

Thanks bro

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.