Jump to content
  • 0

Game exit if GG starts searching


gumigumi

Question

Hi, I'm using GG on Emulator (LDPlayer, Nox, Memu) and it seems not working recent after the game updated a few weeks ago. Probably their anti-cheat system upgraded and detect GG.

I can add the game process ID to GG any time (before/after log on, any time), and it won't crash. However, once I start searching, the game exits after a few seconds, no matter searching returns values or not.

I tried the following but not working:

1. insinde GG: 1)hide from game, check 1, 2, 3, and 4; 2) Bypass mode for ptrance: frozen or restore; 3) Prevent unload: Lv3.

2. Using HidemyApplist to hide GG (Magisk w/ Shamiko, LSPosed installed and HMA activated via LSPosed).

image.thumb.png.8cb968b72e0d56265590b64c88b0ab66.png

I think I also tried installing GG in virtual space with VirtualXposed, but I'm not sure if my installation was correct or not. The game outside virtual space still exit once searching. I can try again if someone can guide me through that.

If there is any other good way to prevent game exiting, please help, crying.

 

Moreover, since I'm using Android emulator, I also tried Cheat Engine. It works for searching but I have problem cheating the game. I can find the location where the pointer is saved, but the pointer is pointing to an address inside the emulator (virtual memory address I think), and from outside I don't know how to map it... If some one is good at that, please help as well 🙂

 

Thank you!

Link to comment
Share on other sites

8 answers to this question

Recommended Posts

[ @gumigumi ]
---

Quote

I can find the location where the pointer is saved, but the pointer is pointing to an address inside the emulator (virtual memory address I think), and from outside I don't know how to map it

If you're using CheatEngine, I recommend to not use Pointer as it always changed whenever you start the Emulator. You might want to search using ArrayOfBytes/ Hex String. For example:

  • 1) Take the first 16 bytes of your lib > search it on Cheat Engine > now add your pointer / offset to the address founds.
  • 2) You can search the value directly: goto your pointer first on Game Guardian > Memory View -> Set the view as "Hex" -> Copy atleast 16 hex (up-to-down) from your pointer.

---
Have you tried to search for values on the main menu? (the game is closed but still exist on "recent activity"), probably mention the games name.
---

Link to comment
Share on other sites

15 minutes ago, kiynox said:

[ @gumigumi ]
---

If you're using CheatEngine, I recommend to not use Pointer as it always changed whenever you start the Emulator. You might want to search using ArrayOfBytes/ Hex String. For example:

  • 1) Take the first 16 bytes of your lib > search it on Cheat Engine > now add your pointer / offset to the address founds.
  • 2) You can search the value directly: goto your pointer first on Game Guardian > Memory View -> Set the view as "Hex" -> Copy atleast 16 hex (up-to-down) from your pointer.

---
Have you tried to search for values on the main menu? (the game is closed but still exist on "recent activity"), probably mention the games name.
---

Hi there, the game is called The Honor of Kings (CN).

The way I hack it is that I know one value that is unique, I use GG to search it and I can find the address where it stores ( the address is from emulator). Then I search the address and can find the structure.

But if I use CE, I can find the physical address, but I cannot decode what it should be inside the emulator. Hence I cannot go for the next step.

 

I'm not sure if I'm being clear in my expression. Actually I noticedthat I have messaged you earlier about the same issue and you were recommending me using CE, lol.

Link to comment
Share on other sites

@kiynox

Hi, sorry I forgot to mention you and not sure if you got notification regarding my response above.

 

To better illustrate the problem with CE, I have the example below to show how I locate the target structure for further cheating:

1. GG approach

Search a unique value -> GG return one address eg. 80AA0000h -> Seach the address to see where it is called, and returns 80BB0000, and this address identifies the structure, done!

 

2. Using CE

Search a unique value -> CE return one address but it is for sure different from 80AA0000h because it is physical address -> stuck there...

I tried to use GG to search quickly before the game exits, and I can see the target address 80BB0000 is still pointing to 80AA0000, but I cannot decode the physical address returned by CE.

 

Don't know how to solve it. 

Link to comment
Share on other sites

[ @gumigumi ]
---

Quote

Search a unique value -> CE return one address but it is for sure different from 80AA0000h because it is physical address -> stuck there...

So you're talking about "goto pointer". Well.. since you're doing it from outside (using CE), it cannot be done but there's a workaround. 

  • 1) On CE: Right click on the result -> Find out what accessing this address -> Do something in-game to change the value. Hopefully it would lead you to another physical address.
  • 2) Look for any possible pointer that points to the same location (1 address can have multiple pointer). Might want to find Static Pointer using these: ChainerPointer Scan (Find pointer that exist even after restarting the game). After getting static pointer, do number #1 from my earlier comment.

---

  • - Is this the right game?: Honor of Kings [Level Infinite]
  • - You can probably tell me what values you're searching on my DM, so I could help you finding it on CE.

---

Link to comment
Share on other sites

On 10/11/2023 at 11:40 AM, gumigumi said:

Hi, I'm using GG on Emulator (LDPlayer, Nox, Memu) and it seems not working recent after the game updated a few weeks ago. Probably their anti-cheat system upgraded and detect GG.

I can add the game process ID to GG any time (before/after log on, any time), and it won't crash. However, once I start searching, the game exits after a few seconds, no matter searching returns values or not.

I tried the following but not working:

1. insinde GG: 1)hide from game, check 1, 2, 3, and 4; 2) Bypass mode for ptrance: frozen or restore; 3) Prevent unload: Lv3.

2. Using HidemyApplist to hide GG (Magisk w/ Shamiko, LSPosed installed and HMA activated via LSPosed).

image.thumb.png.8cb968b72e0d56265590b64c88b0ab66.png

I think I also tried installing GG in virtual space with VirtualXposed, but I'm not sure if my installation was correct or not. The game outside virtual space still exit once searching. I can try again if someone can guide me through that.

If there is any other good way to prevent game exiting, please help, crying.

 

Moreover, since I'm using Android emulator, I also tried Cheat Engine. It works for searching but I have problem cheating the game. I can find the location where the pointer is saved, but the pointer is pointing to an address inside the emulator (virtual memory address I think), and from outside I don't know how to map it... If some one is good at that, please help as well 🙂

 

Thank you!

Hide gg from game (gg setting) 

Open game and open gameguardian

Target game (gg target game) 

And goto setting and klik hidden gameguardian from game select 2,3 or 1,2,3

Link to comment
Share on other sites

@kiynox

22 hours ago, kiynox said:

[ @gumigumi ]
---

So you're talking about "goto pointer". Well.. since you're doing it from outside (using CE), it cannot be done but there's a workaround. 

  • 1) On CE: Right click on the result -> Find out what accessing this address -> Do something in-game to change the value. Hopefully it would lead you to another physical address.
  • 2) Look for any possible pointer that points to the same location (1 address can have multiple pointer). Might want to find Static Pointer using these: ChainerPointer Scan (Find pointer that exist even after restarting the game). After getting static pointer, do number #1 from my earlier comment.

---

  • - Is this the right game?: Honor of Kings [Level Infinite]
  • - You can probably tell me what values you're searching on my DM, so I could help you finding it on CE.

---

Thank you for your response!

I tried using "which modify/access the address" and also do a pointer scan, nothing returned. Seems something has been blocked.

The game name is same ("honor of kings") but I'm playing on a Chinese version, not sure if the structure is same on the one you mentioned.

The AOBscan I used is "E4 A2 00 00 00 00 00 00 E4 A2 00 00 00 01 00 00 * * * * * * * * E4 A2 00 00 00 00 00 00 E4 A2 00 00". It should return a unique result/address. If I use GG to search the address, the results will include the head of structure I'm looking for.

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...