Jump to content
  • 0

[HELP] Find Offset by using Classname or Method on Non-Unity Games

DoDevil

Asked by DoDevil,

 Share

Question

DoDevil Collaborator

DoDevil

Posted
Posted (edited)

Hi, i'm trying to hack game base on non-unity btw i can't figure out how to find Offset by using Classname or Methodname that i got from DumpMemory

Screenshot_2024-09-20-20-53-00-620-edit_com_ld_cph_gl.thumb.jpg.40db206f180364e602710d414b74de3e.jpg

I tried dump from radare2 and got Offset but it's in unreadable format stringScreenshot_2024-09-20-20-52-08-543-edit_com_ld_cph_gl.thumb.jpg.9ee1ed7bd7227a3260827278e01a255b.jpg

 

Edited by DoDevil
Link to comment
Share on other sites

4 answers to this question

Recommended Posts

  • 0
kiynox Proficient

kiynox

Posted
Posted (edited)

@DoDevil ]
---

Quote

Find Offset by using Classname or Method on Non-Unity Games

You surely cant do that with classname or even method. It depends on how the game stored it's string. But the concept is like this:
Search for string -> pointer -> may lead to method
---
You need surely try with: IDA Pro. Or find anything that starts with: "PUSH" (Mostly PLT Function) or "ADD", it most likely the start of the function.
---

Edited by kiynox
1
Link to comment
Share on other sites
  • 0
DoDevil Collaborator

DoDevil

Posted
  • Author
Posted
4 hours ago, kiynox said:

@DoDevil ]
---

You surely cant do that with classname or even method. It depends on how the game stored it's string. But the concept is like this:
Search for string -> pointer -> may lead to method
---
You need surely try with: IDA Pro. Or find anything that starts with: "PUSH" (Mostly PLT Function) or "ADD", it most likely the start of the function.
---

Well, sadly i know IDA Pro can do but maybe when i have a pc i will try again

Link to comment
Share on other sites
  • 0
MC874 Proficient

MC874

Posted
Posted

Hi @DoDevil

Quote

I tried dump from radare2 and got Offset but it's in unreadable format string

It is not 'unreadable', it's a normal function name. Decompiler tends to rename 'unknown' function from what that function corresponds to and probably most of the function name is obsecured when the library is being compiled.

Link to comment
Share on other sites
  • 0
DoDevil Collaborator

DoDevil

Posted
  • Author
Posted
1 hour ago, MC874 said:

Hi @DoDevil

It is not 'unreadable', it's a normal function name. Decompiler tends to rename 'unknown' function from what that function corresponds to and probably most of the function name is obsecured when the library is being compiled.

Oh yeah i just found out my dump file not fully completed so i need IDA Pro to do the rest part Thanks you anyway 😄

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to question listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept