Jump to content

Recommended Posts

So does it means that need to find pointers again after every process restart and their old addresses generally can't help?

Share this post


Link to post
Share on other sites

Just now, oled said:

So does it means that need to find pointers again after every process restart and their old addresses generally can't help?

Yes, just as I have written in one of the previous messages.

Share this post


Link to post
Share on other sites

It is very sad.

But there are often values which sometimes change even without restarting a game. May the method (from pointers.pdf) work without restarting?

Share this post


Link to post
Share on other sites
Posted (edited)
35 minutes ago, oled said:

May the method (from pointers.pdf) work without restarting?

"Pointer search" feature in GG will find all pointers to the value, if the offset is set to 0, or to the range of values , if the offset is set to a positive integer. There may be no results or too many results. Adjust "offset" parameter accordingly.

Once you have the list of pointers to desired value/structure, according to the document, you need to filter the list "until the number of pointers will not decrease". That's how filtering is done there:

Quote

Restart the game. Click "Filter" and enter the value of Experience - "650".
Click "OK".

Obviously, this won't work for Android. So you need to think of another way to reduce the count of found pointers or simply use all of them to keep the reference to desired value.

Short conclusion (and probably the answer to your initial question): filtering of found pointers on Android can not be done as described in the document, because restarting the process causes all values to relocate.

Edited by CmP

Share this post


Link to post
Share on other sites

No need to restart. It works not only with the restart but it is the most effective to filter pointers (that is why it is used in the description). For example in another level the address of some parameter will be changed. So the same as in the method but without restart. What about that?

Share this post


Link to post
Share on other sites

ArtMoney was written for Windows when there was no ASLR. Android was originally created, taking into account the ASLR. Therefore, many methods ArtMoney inapplicable. I think that now, on the latest versions of Windows, they also do not work if ASLR and DEP are enabled. And they are included for all processes, except for exceptions running in compatibility mode.

Plus it's Windows and Linux. They have different concepts of work. Therefore, not everything that works on Windows can be transferred to Linux.

Share this post


Link to post
Share on other sites

Look at this post and the picture to it:

Using Offsets (#5nf243is)

I also advise you to read the whole topic there. Just discussed your question.

scr_1476572000.png.b264b5241edbdd697ef56dc5c0e3838d.png

Usually, the depth of the pointers does not allow to restore the path to the value, especially because offsets are unknown and can be quite large.
This is for the case of restarting.

If the games have allocated a pointer to the stack (a rare case, but possible), then you generally will not have any chance to find something, because the starting address will not be tied to the library memory space.

[added 2 minutes later]

Here is another discussion you should read:

Finding real offsets of IDA (#8cdn5dao)

 

Share this post


Link to post
Share on other sites

It all depends on how it works. How deep is the chain of pointers.
Most often, there is not one level. If you look at the picture, this will be the case with Gold3.
Suppose the World Object has not been moved, and pointerPlayer has remained the same.
But you do not know offset6 and offset7.
Most often you cannot reduce the number of results until the pointers are unchanged. Therefore, you have hundreds of thousands of values and find the right problematic.

How will you search for the desired pointer chain after level overload?

Even if you have 1 level of pointers, this is already a problem.

And this is all seen in the context of static pointers.

If you have a garbage collector, for example, a game in C# (Unity), then all this does not work. Pointers can be moved at any time during garbage collection.
And you cannot know whether it happened or not.

We continue. If arrays with offsets are used somewhere, then pointers can change their offset. So it is make more complicated.

Share this post


Link to post
Share on other sites

From pdf:

Quote

At    first,    search    for    pointer    2    level,    if    not    find,    then    pointer    3    level.
Each    next    level    is    searched    in    10    times    slower    than    previous    level.
If     you     have     1     minute     for     pointer     2     level,     then     time     for     3     level     will     be     10
minutes,    for    4    level    will    be    100    minutes.

Even on PC it is very slow. Even with powerful CPU.

A typical PC processor does not care about power consumption and dissipates 50-100 watts. A typical Android device processor is not able to dissipate even 1 watt for a long time without risking to melt the device or burn the battery.
The fact that the PC is looking for 10 minutes, on Android you will search for hours.
Another problem is the amount of memory.
The amounts of memory for processing are approximately the same, but you will not have free space to process them, since the entire memory has most often been taken by the game. And it also consumes CPU, resources, which are already lacking.
Add here another RISC architecture, where memory access is quite expensive, and caches are not very large and you will get even more slowdown.
When the memory for GG runs out, it has to use a memory card to store data. The speed of which is extremely small.

Summarizing all of the above, I can say that there can be no common and simple tool.
What will be, will be slow, work only in some particular case. And all this will be so complicated that only a few will be able to use it, if anyone can at all.

 

Share this post


Link to post
Share on other sites

You can try to do something in a test form on the scripts.
If you get something worthwhile that can be applied to many games, we can consider the possibility of implementing outside of scripts as an embedded feature.
While this is not, nothing to talk about. Provide a workable concept so that you can talk about something.
So far, everything looks like an unviable idea, which is not worth wasting time.
There are many other tasks that are real and more useful.

Scripts provide you with the ability to store intermediate search data in tables, not limited to one saved list. It may be convenient for your task.

You can write a simple test application with pointers and try to make a script for it. Well, or find a simple game that is guaranteed to fit your criteria. Although it can be difficult.

And then try to write a search for the desired pointer using scripts.

Share this post


Link to post
Share on other sites

Knowledge of offsets alone is often not enough.
Or you should know them all completely, in a chain. And from the address, which is more or less static. For example, from a pointer in .bss or .data.
Most often, you do not have such data.
However, if you have them, you can write a simple enough script to always get the desired value by following the pointers.

The problem is that offsets can change when recompiling, so you have to refine them with each new update of the game libraries.

And the rest, yes, it can be done.

Share this post


Link to post
Share on other sites

Can you please help me figure out how to give a negative number for the boathouse in tropic escape like the picture below? 

I’ve tried several different search methods and none of them have worked.  

Also, my floating icon frequently disappears and I have it set to never disappear.  I have enabled all permissions.  

I’m using gg no root through parallel space.  

Thank you! 

78008559-6873-48BD-A159-2790E1DE923F.jpeg

Share this post


Link to post
Share on other sites
6 minutes ago, jlynnwc said:

my floating icon frequently disappears and I have it set to never disappear.

GG closed by system low memory killer.

Share this post


Link to post
Share on other sites

Okay, I will see if I can change the default.  

Thank you 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By Enyby
      Overview: Play games your way!
      “GameGuardian” is a game cheat / hack / alteration tool. With it, you can modify money, HP, SP, and much more. You can enjoy the fun part of a game without suffering from its unseasonable design.
      Requires Android: 2.3.3+
      GameGuardian Features Summary
      Runs on ARM, x64 and x86 devices, including x86 emulators (LDPlayer, Droid4X, MOMO, KOPlayer, Andy, Memu, Leapdroid, AMIDuOS, Windroye, RemixOS, PhoenixOS, AVD, Genymotion, Nox, BlueStacks etc.) Supports Android 2.3.3+ (Gingerbread) through Lollipop (5+), Marshmallow (6+), Nougat (7+), Oreo (8+), Pie (9+), 10+. Support work without root via different virtual spaces. Support different emulators like PPSSPP, ePSXe, GameBoy etc. Game deceleration and acceleration (speedhack) for ARM and x86 devices, including x86 emulators.  Also supports both 32-bit and 64-bit applications on 64-bit devices using speedhack. Search feature: encrypted values. Search of unknown values when specifying the difference between values. Search addresses by mask. Explicit and "fuzzy" numeric searches. Text (String, Hex, AoB) search. Supports: Double, Float, Qword, Dword, XOR, Word, Byte, or Auto data-type searches. Lua scripting support. Modify all search results at once. Filtering of search results (address greater than and less than, value greater than and less than). Search in the background feature. 'The fill' feature. Time jump feature. Dump memory. Copy memory. Customizable UI. App locale for over 50 languages. And, much, much more. Notes:
      ** ROOT or VIRTUAL ENVIRONMENT ONLY **
      This tool only works on rooted devices or in virtual environment (without root in limited mode)!
      GG can work in limited mode without root, through a virtual environment. For example, through Parallel Space, VirtualXposed, Parallel Space Lite, GO multiple, 2Face and many others.
      Read the help for more details. You can find more information about rooting your device at XDA Developers. Want to help us improve, or add a translation? Then please visit thread "If you want to add a new translation or improve an existing". If you are having issues with the app, please visit thread "Gathering information about GG errors". Want to donate and help keep the project going? That's awesome! You can donate any amount (anything helps) here: Donate Need help with how to use this application? Please visit "Video tutorials" and forum "Guides". Credit:
      @d2dyno - Owner, lead designer, project management. @Enyby - Lead coder, project management. @Trasd - Technical consultant, project management. @Aqua - Creator (retired).  
       
    • By CrewMaster
      This is basically a copy of pokemon that is removed from playstore but the server is still up.
      There is like 25+ servers right now therefore it is somehow alive.
      I am requesting a simple Energy and Fatigue hack. 
      I tried simple XOR search on the ads and bottles but no luck.
      I don't know if this kind of game is cheatable or not please let me know.

       
      APK LINK: https://apkpure.com/monster-carnival/com.qqch.hfaa.en
    • By Melki12
      I used Game guardian V.7.3.12 for hacking MergeHeroes was succesful but when i used gameguardian v.8.30 no address found.
      just info.
      thanku
×
×
  • Create New...