[Tool] All Updates Script Generator

[HorridModz]

Hello, I couldn't figure out where to post this so I hope this is in appropriate place. I've finally completed my CLI tool that makes your Gameguardian scripts work on all updates! Normally, things that rely on function offsets - like hex patches and hooks - break when the game updates. However, this tool generates scripts that use pattern scanning to dynamically find the functions.

Here's the Github. Enjoy!
all_updates_generator.zipall_updates_generator.zip

all_updates_generator.zip

Edited Thursday at 05:46 AM by HorridModz

[MC874]

Hi @HorridModz, this is impressive. Does this work outside IL2CPP? Also with x86 / x64 architecture? (Not Arm)

Edited 14 hours ago by MC874

[HorridModz]

12 hours ago, MC874 said:

Hi @HorridModz, this is impressive. Does this work outside IL2CPP? Also with x86 / x64 architecture? (Not Arm)

@MC874Thank you! This technique works for any game or app - all it needs to do is take the hex from the lib file and generate an array of bytes by reading the opcodes (nothing il2cpp-specific). It does this with python's keystone and capstone modules. As it is for Gameguardian, it only works for ARM and ARM64 (Android's architectures). However, it could be made to work with other architectures:

`

def make_ks(architecture: str) -> keystone.Ks:
    """
    Only do this once, because it is expensive.
    """
    if architecture == "32bit":
        return keystone.Ks(keystone.KS_ARCH_ARM, keystone.KS_MODE_ARM)
    elif architecture == "64bit":
        return keystone.Ks(keystone.KS_ARCH_ARM64, keystone.KS_MODE_LITTLE_ENDIAN)
    else:
        raise ValueError(f"Unrecognized architecture: {architecture}. Only '32bit' and '64bit' are valid strings")

def make_cs(architecture: str) -> capstone.Cs:
    """
    Only do this once, because it is expensive.
    """
    if architecture == "32bit":
        return capstone.Cs(capstone.CS_ARCH_ARM, capstone.CS_MODE_ARM)
    elif architecture == "64bit":
        return capstone.Cs(capstone.CS_ARCH_ARM64, capstone.CS_MODE_LITTLE_ENDIAN)
    else:
        raise ValueError(f"Unrecognized architecture: {architecture}. Only '32bit' and '64bit' are valid strings")

Keystone and Capstone support a wide range of architectures, so simply editing these functions would extend the tool to work for others. However, as I said Android only has ARM and ARM64, so I don't see why this would be necessary.