Tutorial [Offsets Auto Find] How to use AutoSearchPointerChains.js

[GodModerator 201 iPhone X 13.4]

First, you need to manually find the address of the value you need (such as through fuzzy search, nearby search, etc.), and then load the AutoSearchPointerChains.js script. It will prompt you to enter the following 3 parameters:

1:Please enter the data address to be searched (hex starting with 0x)
This parameter is for you to enter the address of the value you found.

2: Please enter the max search offset (hex starting with 0x)
This parameter allows you to limit the maximum offset you want to search. Different games are different. Generally speaking, the offset of the Unity3D engine is small (0x50 to 0x500 range), and the offset of the Unreal engine is relatively larger (range from 0x100 to 0x2000), you can try a smaller offset (faster) first, and then try a larger offset (slower) if no search results are found.

3: Please enter the max search level
This parameter allows you to limit the maximum search offset chain length. Generally speaking, the offset chain length is less than 10 layers, and in rare cases it may exceed 10 layers. You can try a smaller number of layers first (faster), If there is no search result, try a larger number of layers (slower).

After waiting tens of minutes to a few hours, he will give out all the pointer chains that have been searched.
Each pointer chain consists of the following three parts:
[Module Name] : [Static Offset] -> [Dynamic Offsets]

If there are multiple pointer chains found in the search, the smallest value of the dynamic offsets is more accurate.

Then we can use the pointer chain in h5gg to directly calculate the address of the value we need. With the address, we can read the value or write the value we want. There is no need to restart the game every time Do a fuzzy or nearby search.

For example, the following pointer chain used in H5GG:
UnityFramework:0x123456 -> 0x234 -> 0x456 -> 0x678

var modules = h5gg.getRangesList("UnityFramework"); //Module Name
var base = modules[0].start; //module base addr in runtime memory

var addr = Number(base) + 0x123456; //Static Offset
var pointer = getValue(addr, "U64"); //read pointer

var addr1 = Number (pointer) + 0x234; //First Dynamic Offset 
var pointer1 = getValue(addr1, "U64"); //read pointer

var addr2 = Number (pointer1) + 0x456; //Second Dynamic Offset 
var pointer2 = getValue(addr2, "U64"); //read pointer

var addr3 = Number (pointer2) + 0x678; //Third Dynamic Offset 
var pointer3 = getValue(addr3, "U64"); //read pointer

//final
var value = h5gg.getValue(pointer3,  "I32");
alert("read value=" + value);
h5gg.setValue(pointer3, 99999, "I32"); 

suggestions:

1: On the jailbroken device, you can put the game app into the background, and then use the H5GG APP to run AutoSearchPointerChains.js

2: Because the search process may take several hours, it is recommended to put your iPhone/iPad in the refrigerator to cool down.

 

get AutoSearchPointerChains.js on https://github.com/H5GG/H5GG

[Happy Secret 3.4k iPad Pro (2nd gen) 16.2]

Number 1….Support @tuancc and H5GG

[changqing 1 iPhone 8 Plus 13.3]

Hello I would like to ask a question that appears when I run the script！   ReferenceError: Can't find variable: getValue        May I ask why？

[arho88 0 iPhone 8 Plus 13.3]

您好，我想问一个运行脚本时出现的问题！ 引用错误：找不到变量：获取值 请问为什么？Hello, I would like to ask a question when running the script! Reference error: unable to find variable: get value. Why?

[Pycak1 45 iPhone 11 Pro Max 14.6]

👍🏼

[ToretoTy 4 iPad (8th gen) 16.04.]

Nice

[zyftx 3 iPhone 15 16.3.1]

我出现了非常多的指针，我如何排除哪个是准确的

[มือสมัครเล่น 3.7k iPhone SE (2022) 17.0]

Is there a way to set my settings? Addresses always end with 0x1xxx555.

@tuancc

Updated November 30, 2023 by มือสมัครเล่น

[a15131311725 2 iPhone 11 15.1]

支持

[aminul 2 iPhone 6 Plus 11.3.1]

H5GG can't run the script. ReferenceError: Can't find variable: getValue