Can a group search be done for encrypted value or any other way to speed up the process?

[Sami1982]

Hello,

The value I need is encrypted.  So I perform a search on the exact value and I check the "value is encrypted" option. Then I do the usual decrease, refine....etc until I find the correct value. I know it's encrypted because if I don't use the "value is encrypted" option I can't find it.  My question is, how can I speed up or automate the process? Normally for a non-encrypted value I would perform a group search and then create a script and done. But unfortunately in this case the value is encrypted and once I type in my group search the "value is encrypted option" disappears. And no matter what I use for a group search does not find the value. So when I close and reopen the game I am forced to repeat the whole search then decrease then refine process every time which is time consuming. Any trick to speed up or automate this situation?  Thank you very much

Edited December 27, 2023 by Sami1982

[nok1a]

If works test out the script:

gg.setRanges(gg.REGION_ANONYMOUS | gg.REGION_C_BSS | gg.REGION_C_ALLOC)
gg.searchNumber("327,684D;22D;28D;0D;33,554,931D::65", gg.TYPE_DWORD)
gg.refineNumber("0", gg.TYPE_DWORD)
print("Group search: ", gg.getResultsCount())
local grp = gg.getResults(1)
gg.loadResults({{address = grp[1].address + 0x4, flags = gg.TYPE_DWORD}})
gg.searchPointer(0)
print("First Pointer search: ", gg.getResultsCount())
gg.searchPointer(0)
print("Second Pointer search: ", gg.getResultsCount())
local t = gg.getResults(gg.getResultsCount())
local sensitivity = {}
for i, v in ipairs(t) do
  sensitivity[i] = {address = v.address - 0x4, flags = gg.TYPE_FLOAT}
end
sensitivity = gg.getValues(sensitivity)
local healthPointer = {}
for i = 1, #sensitivity do
  if sensitivity[i].value == 1.0 then
    healthPointer[i] = {address = t[i].address, flags = gg.TYPE_DWORD}
  end
end
gg.loadResults(healthPointer)
print("Results healthPointer: ", gg.getResultsCount())
gg.searchPointer(0)
print("Third Pointer search: ", gg.getResultsCount())
local res = gg.getResults(1)
local health = {[1] = {address = res[1].address + 0x4, flags = gg.TYPE_FLOAT, name = "Health"}}
gg.addListItems(health)
gg.loadResults(health)

 

Edited January 5 by nok1a
correction of type comparison at line 19.

[Sami1982]

8 hours ago, nok1a said:

Just connecting dods that perhaps is useful for others.

Btw can you try as shown in the video?:

And on top of that also try this group search, its in region A, Ca or Cb...ranges changes at restart...could also be ranges Other actually: 327,684D;22D;28D;0D;33,554,931D::65

Okay the search of 257;1.0F::13 in the video worked but refining to 256;1.0F::13 produced no results for me.

                 

But this search didn't produce any results at all.

                   And on top of that also try this group search, its in region A, Ca or Cb...ranges changes at restart...

                     could also be ranges Other actually: 327,684D;22D;28D;0D;33,554,931D::65

 

Do I need to be in the same mission as you?

 

 

Edited January 4 by Sami1982

[nok1a]

18 minutes ago, Sami1982 said:

Okay the search of 257;1.0F::13 in the video worked but refining to 256;1.0F::13 produced no results for me.

                 

But this search didn't produce any results at all.

                   And on top of that also try this group search, its in region A, Ca or Cb...ranges changes at restart...

                     could also be ranges Other actually: 327,684D;22D;28D;0D;33,554,931D::65

 

Do I need to be in the same mission as you?

 

 

You don't need to be in same mission. search 256;1.0 when the pause menu is visible. And search 257;1.0 when the pause menu is hidden.

Edited January 4 by nok1a

[nok1a]

41 minutes ago, Sami1982 said:

But this search didn't produce any results at all.

                   And on top of that also try this group search, its in region A, Ca or Cb...ranges changes at restart...

                     could also be ranges Other actually: 327,684D;22D;28D;0D;33,554,931D::65

Enable all regions

[Sami1982]

36 minutes ago, nok1a said:

You don't need to be in same mission. search 256;1.0 when the pause menu is visible. And search 257;1.0 when the pause menu is hidden.

Okay, whether I search with or without the pause menu visible doesn't seem to have any bearing on whether or not I find results. The only thing that seems to determine whether or not I get results is what group size I use. If I use ::13 I get nothing (again with or without the pause menu visible) for both the 256 and 257. Whereas if I use ::65536  I get thousands of results for the 257 and 5 to 7 results for the 256. I did a "goto" on all 7 results and randomly messed with the nearby negative values but unfortunately none were the correct health value.

The funny thing is that having the "autopause game" setting in GG on "no" VS "yes" seems to make no difference at all.  While actively in a mission, if you tap on GG's icon, you can perform your search without the pause menu visible regardless of what the setting says.  If you want to perform the search WITH the pause menu visible all you have to do is tap on the X of GG's upper right corner and you'll immediately be brought to the pause menu and then you can tap on GG's icon again to perform your search with the pause menu visible. 

11 minutes ago, nok1a said:

Enable all regions

Way ahead of you Lol.  Had already done it on my own but forgot to mention it

EDIT:  Sorry this may have been an oversight on my part.....I just now re-confirmed this, and with all regions enabled, the 327,684D;22D;28D;0D;33,554,931D::65 search yields the following restuls:

But again none of the negative values around those results are the correct ones

Edited January 4 by Sami1982

[Sami1982]

17 minutes ago, nok1a said:

Oke and what about the group search 327,684D;22D;28D;0D;33,554,931D? When you enable all regions and go in match and search. No result?

The thing is, the group search and script i have tried on emulator and mobile phone and on both worked. And the values remain same even after restart of the game. So perhaps you have to find your health value and then you have to execute a script i can give you. And then we perhaps find out what for values are at the location of which your supposed to have: 327,684D;22D;28D;0D;33,554,931D. Possible it will be static for you as well. But first check if this group search works when enabling all regions.

Sorry this may have been an oversight on my part.....I just now re-confirmed this, and with all regions enabled, the 327,684D;22D;28D;0D;33,554,931D::65 search yields the following restuls:

But again none of the negative values around those results are the correct ones

[Sami1982]

20 minutes ago, nok1a said:

Execute the script i gave you, and send screenshot of the prompt.

Okay I did, and it fails with this error (attached):

[nok1a]

29 minutes ago, Sami1982 said:

Okay I did, and it fails with this error (attached):

Could be wrong but it says that there is a character that isn't supposed to be there at line 1. I think you pasted the code in a file and typed some character in it by accident which then caused the error. Please recheck the script. Delete all and past again. If still same error it's odd. Should not be scripts mistake. Perhaps a character got added while copy pasting it. Upload script here if still not work.

8 minutes ago, nok1a said:

Could be wrong but it says that there is a character that isn't supposed to be there at line 1. I think you pasted the code in a file and typed some character in it by accident which then caused the error. Please recheck the script. Delete all and past again. If still same error it's odd. Should not be scripts mistake. Perhaps a character got added while copy pasting it. Upload script here if still not work.

You can download this one, it's the same script.

pointerTest.lua

Edited January 4 by nok1a
added the line on which error is

[Sami1982]

58 minutes ago, nok1a said:

Could be wrong but it says that there is a character that isn't supposed to be there at line 1. I think you pasted the code in a file and typed some character in it by accident which then caused the error. Please recheck the script. Delete all and past again. If still same error it's odd. Should not be scripts mistake. Perhaps a character got added while copy pasting it. Upload script here if still not work.

You can download this one, it's the same script.

pointerTest.lua 1.2 kB · 0 downloads

You are a genius man. It worked!  But the sad part is that I have no idea how you did it and I would've loved to be able to learn how to do it myself. Looking at your script nothing makes sense to me as to how you came up with that group search or even how the pointer search is working

 

FYI I've reached my maximum posts for today. So if you reply to me and I can't reply until tomorrow you know why lol

Edited January 4 by Sami1982

[Sami1982]

1 hour ago, nok1a said:

Got it.

Glad to hear. Thank you to for continuing with it instead of dropping out halfway. Finding group searches for other members through communication of a forum takes time. Requires a bit of Forward and Back communication. People can get demotivated. You pulled through.

Group search was possible to find using my emulator and phone. When searching group search for other person or for your self you need to at least have the game on 2 different devices or virtuals to have some confirmation that your group search is possibly a static one.

As far i know in gameguardian a pointer is a value that points to an address in the virtual memory of the process. I don't want to tell you wrong info so i keep it with this link: https://en.wikipedia.org/wiki/Pointer_(computer_programming)#:~:text=Pointers are used to store,which objects are dynamically allocated.

GameGuardian highlights possible pointers with a colour: https://gameguardian.net/help/help.html#help_hex_colors

Pointers are more clear in 64bit games. On 32bit games to many values are highlighted but they aren't all pointers...after some practise you can quickly filter out the none pointers from actual pointers.

The pointer represents some object. 

If you can't find a group search around the value of interest you can follow the pointers which usually will lead to some static values. In lot's of cases the game needs to uses pointer references from an object in order to update for example your health value when you take damage.

In GG i used the nearest pointer that had the same distance from the health value on both devices. And kept using "go to pointer" till i saw a block of values that is the same on both devices so i could use it to make a group search. Then what you have to do in the script is use "gg.searchPointer(0)" and this will do the opposite. Instead of going to pointer you will be get all addresses that have a pointer that points to your address.

I advice you to check some scripts that uses pointer search and combine it with your manual knowledge on how to use the GG pointer feature.

Use the print() feature in the script to slowly debug the script. And use --[[ ]] to ignore code so that you can see line by line what happens.

Thanks again for all your help and precious efforts. This information is extremely valuable. I will try my best to apply this knowledge.  You are awesome dude

[Sami1982]

2 hours ago, nok1a said:

Got it.

Glad to hear. Thank you to for continuing with it instead of dropping out halfway. Finding group searches for other members through communication of a forum takes time. Requires a bit of Forward and Back communication. People can get demotivated. You pulled through.

Group search was possible to find using my emulator and phone. When searching group search for other person or for your self you need to at least have the game on 2 different devices or virtuals to have some confirmation that your group search is possibly a static one.

As far i know in gameguardian a pointer is a value that points to an address in the virtual memory of the process. I don't want to tell you wrong info so i keep it with this link: https://en.wikipedia.org/wiki/Pointer_(computer_programming)#:~:text=Pointers are used to store,which objects are dynamically allocated.

GameGuardian highlights possible pointers with a colour: https://gameguardian.net/help/help.html#help_hex_colors

Pointers are more clear in 64bit games. On 32bit games to many values are highlighted but they aren't all pointers...after some practise you can quickly filter out the none pointers from actual pointers.

The pointer represents some object. 

If you can't find a group search around the value of interest you can follow the pointers which usually will lead to some static values. In lot's of cases the game needs to uses pointer references from an object in order to update for example your health value when you take damage.

In GG i used the nearest pointer that had the same distance from the health value on both devices. And kept using "go to pointer" till i saw a block of values that is the same on both devices so i could use it to make a group search. Then what you have to do in the script is use "gg.searchPointer(0)" and this will do the opposite. Instead of going to pointer you will be get all addresses that have a pointer that points to your address.

I advice you to check some scripts that uses pointer search and combine it with your manual knowledge on how to use the GG pointer feature.

Use the print() feature in the script to slowly debug the script. And use --[[ ]] to ignore code so that you can see line by line what happens.

I got it first try!  Got a group search that gives me 5 pointer results every time and one of them always works.  But I'm a bit hazy on the "gg.searchPointer(0)" part.  What exactly do I need to do? I am looking at your script and you executed 3 pointer searches. But where does the script show what it's doing to grab that single health value?  Like what is the syntax or command that is performing this function? Is it this?

address = v.address - 0x4, flags = gg.TYPE_FLOAT

 

 

Edited January 4 by Sami1982

[Sami1982]

1 hour ago, Sami1982 said:

I got it first try!  Got a group search that gives me 5 pointer results every time and one of them always works.  But I'm a bit hazy on the "gg.searchPointer(0)" part.  What exactly do I need to do? I am looking at your script and you executed 3 pointer searches. But where does the script show what it's doing to grab that single health value?  Like what is the syntax or command that is performing this function? Is it this?

address = v.address - 0x4, flags = gg.TYPE_FLOAT

 

 

Got excited too soon Lol.  I did it wrong.  Still trying to get the hang of it. By the way, why did you refine "0" in your group search?  If it had any value or purpose shouldn't I be able to "go to pointer" or "pointer search" it? I get nowhere with it.

[Sami1982]

7 minutes ago, nok1a said:

It finds all pointers pointing to your address. To use it you need to load the address(es) you want to perform the pointer search on in the result list.

gg.loadResults({{address = grp[1].address + 0x4, flags = gg.TYPE_DWORD}})

Adds 4 bytes to the address, 0x9865E5B0 + 0x4 = 0x9865E5B4 and then loads it in the result list in data type dword.

gg.searchPointer(0)

Does the pointer search in the given ranges. Basically it's like doing: gg.searchNumber(9865E5B4h, gg.TYPE_DWORD)

You get a few results.

I dunno how gameguardian does it behind the hood but now i use gg.searchPointer(0) again because i want to perform pointer search on each of those addresses...that's why a second time.

I have now more results because there are a lot of pointers pointing to those few addresses from previous screenshot. Now i need to filter them out because the health value was one more pointer search away, and the address to pointer search is in this result list. One of those addresses had 4 bytes above it a value 1.0F. That's the same value i asked you to search using 256F;1.0F::16. Sadly it returned no results for you. But the 1.0F value is located 4 bytes under one of those addresses in the result list. So i used that for filter out all these values and to get only 1 address left.

local t = gg.getResults(gg.getResultsCount())
local sensitivity = {}
for i, v in ipairs(t) do
  sensitivity[i] = {address = v.address - 0x4, flags = gg.TYPE_FLOAT}
end
sensitivity = gg.getValues(sensitivity)

subtracted 0x4 from all the addresses in the result list and stored it in a new table(sensitivity) with data type float.

local healthPointer = {}
for i = 1, #sensitivity do
  if sensitivity[i].value == "1.0" then
    healthPointer[i] = {address = t[i].address, flags = gg.TYPE_DWORD}
  end
end

Checked which address of the table sensitivity contained the value 1.0F using iteration and if it found it should store the address that is 4 bytes under it in the table healthPointer and then load it in the result list using:

gg.loadResults(healthPointer)

It found a match and loaded the address in result list:

Script performs pointer search again.

local res = gg.getResults(1)
local health = {[1] = {address = res[1].address + 0x4, flags = gg.TYPE_FLOAT, name = "Health"}}

Will get 1 result, the health value is 4 bytes under that address...so i add 4 bytes to the address and store in the table health and gave it a name.

gg.addListItems(health)
gg.loadResults(health)

Add the table health in the saved list.

And loads it as well in the result list.

Adviced to check out the Lua scripting documentation.

Wow that's incredible. It's sure going to take a lot of time for me to digest all of this lol.  Thanks again for all the explanations and screenshots. I truly appreciate your time.

[Sami1982]

10 hours ago, nok1a said:

It finds all pointers pointing to your address. To use it you need to load the address(es) you want to perform the pointer search on in the result list.

gg.loadResults({{address = grp[1].address + 0x4, flags = gg.TYPE_DWORD}})

Adds 4 bytes to the address, 0x9865E5B0 + 0x4 = 0x9865E5B4 and then loads it in the result list in data type dword.

gg.searchPointer(0)

Does the pointer search in the given ranges. Basically it's like doing: gg.searchNumber(9865E5B4h, gg.TYPE_DWORD)

You get a few results.

I dunno how gameguardian does it behind the hood but now i use gg.searchPointer(0) again because i want to perform pointer search on each of those addresses...that's why a second time.

I have now more results because there are a lot of pointers pointing to those few addresses from previous screenshot. Now i need to filter them out because the health value was one more pointer search away, and the address to pointer search is in this result list. One of those addresses had 4 bytes above it a value 1.0F. That's the same value i asked you to search using 256F;1.0F::16. Sadly it returned no results for you. But the 1.0F value is located 4 bytes above one of those addresses in the result list. So i used that for filter out all these values and to get only 1 address left.

local t = gg.getResults(gg.getResultsCount())
local sensitivity = {}
for i, v in ipairs(t) do
  sensitivity[i] = {address = v.address - 0x4, flags = gg.TYPE_FLOAT}
end
sensitivity = gg.getValues(sensitivity)

subtracted 0x4 from all the addresses in the result list and stored it in a new table(sensitivity) with data type float.

local healthPointer = {}
for i = 1, #sensitivity do
  if sensitivity[i].value == 1.0 then
    healthPointer[i] = {address = t[i].address, flags = gg.TYPE_DWORD}
  end
end

Checked which address of the table sensitivity contained the value 1.0F using iteration and if it found it should store the address that is 4 bytes under it in the table healthPointer and then load it in the result list using:

gg.loadResults(healthPointer)

It found a match and loaded the address in result list:

Script performs pointer search again.

local res = gg.getResults(1)
local health = {[1] = {address = res[1].address + 0x4, flags = gg.TYPE_FLOAT, name = "Health"}}

Will get 1 result, the health value is 4 bytes under that address...so i add 4 bytes to the address and store in the table health and gave it a name.

gg.addListItems(health)
gg.loadResults(health)

Add the table health in the saved list.

And loads it as well in the result list.

Adviced to check out the Lua scripting documentation.

Aside from upvoting and hearting your answers and marking the answer containing the script as "best answer", is there anything else I can do to express my sincere gratitude?

[nok1a]

3 minutes ago, Sami1982 said:

Aside from upvoting and hearting your answers and marking the answer containing the script as "best answer", is there anything else I can do to express my sincere gratitude?

Thanks for the vote but that's more about status. Account status not that relevant but perhaps it can work as a backbone regarding the reliability of the information provided and as well the individual his contribution in the forum. Positive votes always better then negative ones to.

Aside from that most important to me is that the information shared is done good enough in a way that the person communicating to understands it. And of course to use the knowledge obtained for himself and improve so the person becomes a even better person.