Get Function Address By Name

[Gdzin]

In Cheat Engine, I can get the address of a function by simply putting the function name in the 'add address' field. However, in Game Guardian, this does not seem to be possible. I would like to know if it is possible to do this or if there is already a Lua script available that can obtain the address of the function by name in a specific memory location.

Location where the function is stored: 'libGTASA.so'

Function Name: '_ZN4CPed8TeleportE7CVectorh'

[kiynox]

[ @Gdzin ]
---

Quote

I can get the address of a function by simply putting the function name in the 'add address' field

I couldn't reproduce your steps. On Cheat-Engine, the address field doesn't show any value when I put the function name (which is not work), however it is working if I'm using Memory Address (ex: AB0123). So, I want to know more about that.
---

Quote

in Game Guardian, this does not seem to be possible

Yes, search your function name as text search and find any pointer that will lead you into the function. Usually it is located on "others" memory region.
---

Edited September 17, 2023 by Kiynox

[Gdzin]

Sorry, I didn't understand very well, but how did you get the address of the function in the game Guardian just by searching for the name of the function as text? I searched for the name of the function as text there, but how can I get the address of the function through that? because then it was the name of the function nothing more

[kiynox]

[ @Gdzin ]
---

Quote

how did you get the address of the function in the game Guardian just by searching for the name of the function as text?

In Android, texts name are treated separately like a variable, so you can search the "name" of the function and then find any pointers to it. You'll lead to instruction/codes the function have (via pointer). It is worth to note that: "pointer" is the key here, since anything that points to that name is likely to be related to that function.
---
There's an easy way off course, you can decompile the library using: IDA Pro or anykind of Dissasembler App. Here's how you can do it:

• - Open your .SO file inside IDA. (If your SO file is 64-bit, use IDA x64)
• - Make sure you're selecting ELF and Processor Type as: ARM Little Endian
• - Just keep pressing "OK" if any window appears, then inside Function Window, press CTRL+F and type your function name there
• - Just click on the function (double-click) and copy the address (left-side on IDA View, ex: 0027AFFE)
• - Inside Game Guardian -> Memory Viewer (!!!) -> Goto (->) -> Select XA -> Choose your Library (libGTASA.so) -> "goto" button -> Long Press the Address -> Calculate Offset -> Paste your copied address from IDA as Offset -> Select "Hex" -> Click OK.
• - You're now inside the function.

---

[Gdzin]

21 hours ago, Kiynox said:

[@Gdzin ]
---

No Android, os nomes dos textos são tratados separadamente como uma variável, para que você possa pesquisar o "nome" da função e encontrar quaisquer ponteiros para ela. Você levará a instruções/códigos que a função possui (via ponteiro). Vale a pena notar que: "ponteiro" é a chave aqui, pois qualquer coisa que aponte para esse nome provavelmente estará relacionada a essa função.
---
Existe uma maneira fácil, é claro, você pode descompilar a biblioteca usando:  IDA Pro  ou qualquer tipo de aplicativo Dissassembler. Veja como você pode fazer isso:

• - Abra seu arquivo .SO dentro do IDA. (Se o seu arquivo SO for de 64 bits, use IDA x64)
• - Certifique-se de selecionar ELF e tipo de processador como: ARM Little Endian
• - Continue pressionando "OK" se alguma janela aparecer, então dentro da Janela de Função, pressione CTRL+F e digite o nome da sua função lá
• - Basta clicar na função (clique duplo) e copiar o endereço (lado esquerdo no IDA View, ex: 0027AFFE)
• - Dentro do Game Guardian -> Memory Viewer (!!!) -> Goto (->) -> Selecione XA -> Escolha sua biblioteca (libGTASA.so) -> botão "goto" -> Pressione longamente o endereço -> Calcular deslocamento -> Cole seu endereço copiado do IDA como Offset -> Selecione "Hex" -> Clique em OK.
• - Agora você está dentro da função.

---

Yes, I know that, what I want is to make a script that does this automatically, because the apk I'm modifying has several versions and if it's direct like that with the offset, it may work in one version and not in another, now if it catches the function address is safer, as it is already the same base address for all versions, the function "_ZN4CPed8TeleportE7CVectorh" has it in all versions, so I want to get its base address through its name and not through the offset

Edited September 21, 2023 by Gdzin