ue4游戏dump
创始人
2024-05-24 15:54:03
0次
链接
UE4Dumper:https://github.com/kp7742/UE4Dumper
游戏示例: https://www.bilibili.com/video/BV12v41167Gy
定义
GWorld 指向游戏世界对象
//Engine\Source\Runtime\Engine\Classes\Engine\World.h
/** Global UWorld pointer. Use of this pointer should be avoided whenever possible. */
extern ENGINE_API class UWorldProxy GWorld;
GNames 指向游戏字符串数组
//Engine\Source\Runtime\Core\Private\UObject\UnrealNames.cpp
static bool bNamePoolInitialized;
alignas(FNamePool) static uint8 NamePoolData[sizeof(FNamePool)];
GUObject 指向游戏对象数组
//Engine\Source\Runtime\CoreUObject\Public\UObject\UObjectArray.h
extern class FUObjectArray GUObjectArray;
UE4版本
查看AndroidManifest.xml
游戏版本为 U E 4 + R e l e a s e - 4 . 2 5
指针怎么找
GWorld
切换到Exports
搜索关键词【GWorld】
GNames
1.切换到Exports
搜索关键词【FNamePool::FNamePool(void)】
2.然后 按快捷键X查看是谁调用了该函数 随便点击一个进去
3.Gnames即为0xBBF3780
.text:064D5628 LDR R0, =(unk_BBF3780 - 0x64D5634)
.text:064D562C ADD R0, PC, R0 ; unk_BBF3780
.text:064D5630 BL _ZN9FNamePoolC2Ev ;
FNamePool::FNamePool(void)
GUObject
切换到Exports
搜索关键词【GUObjectArray】
命令
示例
./ue4dumper --newue --sdkw --gworld 0BD23804 --gname 0BBF3780 --guobj 0BC06128 --package com.wangyi.UE4_Bili_Brushify_01 --output /storage/emulated/0/三秋 --verbose
./ue4dumper -hUE4Dumper v0.20 <==> Made By KMODs(kp7742)Usage: ./ue4dumper Dump Lib libUE4.so from Memory of Game Process and Generate structure SDK for UE4 EngineTested on PUBG Mobile Series and Other UE4 Based GamesOptions:--SDK Dump With GObjectArray Args----------------------------------------------------------sdku Dump SDK with GUObject--gname GNames Pointer Address--guobj GUObject Pointer Address--SDK Dump With GWorld Args----------------------------------------------------------------sdkw Dump SDK with GWorld--gname GNames Pointer Address--gworld GWorld Pointer Address--Dump Strings Args------------------------------------------------------------------------strings Dump Strings--gname GNames Pointer Address--Dump Objects Args------------------------------------------------------------------------objs Dumping Object List--gname GNames Pointer Address--guobj GUObject Pointer Address--Lib Dump Args----------------------------------------------------------------------------lib Dump libUE4.so from Memory--raw(Optional) Output Raw Lib and Not Rebuild It--fast(Optional) Enable Fast Dumping(May Miss Some Bytes in Dump)--Show ActorList With GWorld Args----------------------------------------------------------actors Show Actors with GWorld--gname GNames Pointer Address--gworld GWorld Pointer Address--Other Args-------------------------------------------------------------------------------newue(Optional) Run in UE 4.23+ Mode--ptrdec(Optional) Use Pointer Decryption Mode--verbose(Optional) Show Verbose Output of Dumping--derefgname(Optional) De-Reference GNames Address(Default: true)--derefguobj(Optional) De-Reference GUObject Address(Default: false)--package Package Name of App(Default: com.tencent.ig)--output File Output path(Default: /sdcard)--help Display this information
结果
如果dump成功 会产生两个txt文件 SDK.txt Objects.txt
SDK.txt如下
Class: World.ObjectLevel* PersistentLevel;//[Offset: 0x30, Size: 0x0]NetDriver* NetDriver;//[Offset: 0x38, Size: 0x0]LineBatchComponent* LineBatcher;//[Offset: 0x40, Size: 0x0]LineBatchComponent* PersistentLineBatcher;//[Offset: 0x48, Size: 0x0]LineBatchComponent* ForegroundLineBatcher;//[Offset: 0x50, Size: 0x0]GameNetworkManager* NetworkManager;//[Offset: 0x58, Size: 0x0]PhysicsCollisionHandler* PhysicsCollisionHandler;//[Offset: 0x60, Size: 0x0]Object*[] ExtraReferencedObjects;//[Offset: 0x68, Size: 0x0]Object*[] PerModuleDataObjects;//[Offset: 0x78, Size: 0x0]LevelStreaming*[] StreamingLevels;//[Offset: 0x88, Size: 0x0]StreamingLevelsToConsider StreamingLevelsToConsider;//[Offset: 0x98, Size: 0x0]FString StreamingLevelsPrefix;//[Offset: 0xc0, Size: 0x0]Level* CurrentLevelPendingVisibility;//[Offset: 0xd0, Size: 0x0]Level* CurrentLevelPendingInvisibility;//[Offset: 0xd8, Size: 0x0]DemoNetDriver* DemoNetDriver;//[Offset: 0xe0, Size: 0x0]ParticleEventManager* MyParticleEventManager;//[Offset: 0xe8, Size: 0x0]PhysicsVolume* DefaultPhysicsVolume;//[Offset: 0xf0, Size: 0x0]bool bAreConstraintsDirty;//(ByteOffset: 0, ByteMask: 0, FieldMask: 0)[Offset: 0x10e, Size: 0x0]NavigationSystemBase* NavigationSystem;//[Offset: 0x110, Size: 0x0]GameModeBase* AuthorityGameMode;//[Offset: 0x118, Size: 0x0]GameStateBase* GameState;//[Offset: 0x120, Size: 0x0]AISystemBase* AISystem;//[Offset: 0x128, Size: 0x0]AvoidanceManager* AvoidanceManager;//[Offset: 0x130, Size: 0x0]Level*[] Levels;//[Offset: 0x138, Size: 0x0]LevelCollection[] LevelCollections;//[Offset: 0x148, Size: 0x0]GameInstance* OwningGameInstance;//[Offset: 0x180, Size: 0x0]MaterialParameterCollectionInstance*[] ParameterCollectionInstances;//[Offset: 0x188, Size: 0x0]Canvas* CanvasForRenderingToTarget;//[Offset: 0x198, Size: 0x0]Canvas* CanvasForDrawMaterialToRenderTarget;//[Offset: 0x1a0, Size: 0x0] ComponentsThatNeedPreEndOfFrameSync;//[Offset: 0x1f8, Size: 0x0]ActorComponent*[] ComponentsThatNeedEndOfFrameUpdate;//[Offset: 0x248, Size: 0x0]ActorComponent*[] ComponentsThatNeedEndOfFrameUpdate_OnGameThread;//[Offset: 0x258, Size: 0x0]WorldComposition* WorldComposition;//[Offset: 0x5d8, Size: 0x0]WorldPSCPool PSCPool;//[Offset: 0x668, Size: 0x0]WorldSettings* K2_GetWorldSettings();// 0x8f172d8void HandleTimelineScrubbed();// 0x8f1730c--------------------------------
Class: Objectvoid ExecuteUbergraph(int EntryPoint);// 0x67b5908--------------------------------
Class: Level.ObjectWorld* OwningWorld;//[Offset: 0xb8, Size: 0x8800]Model* Model;//[Offset: 0xc0, Size: 0xff0088]ModelComponent*[] ModelComponents;//[Offset: 0xc8, Size: 0x0]LevelActorContainer* ActorCluster;//[Offset: 0xd8, Size: 0x8800]int NumTextureStreamingUnbuiltComponents;//[Offset: 0xe0, Size: 0x88ff]int NumTextureStreamingDirtyResources;//[Offset: 0xe4, Size: 0x8800]LevelScriptActor* LevelScriptActor;//[Offset: 0xe8, Size: 0x88]NavigationObjectBase* NavListStart;//[Offset: 0xf0, Size: 0xff0088]NavigationObjectBase* NavListEnd;//[Offset: 0xf8, Size: 0x88]NavigationDataChunk*[] NavDataChunks;//[Offset: 0x100, Size: 0x0]float LightmapTotalSize;//[Offset: 0x110, Size: 0x88ff]float ShadowmapTotalSize;//[Offset: 0x114, Size: 0x88]Vector[] StaticNavigableGeometry;//[Offset: 0x118, Size: 0x0]Guid[] StreamingTextureGuids;//[Offset: 0x128, Size: 0x0]Guid LevelBuildDataId;//[Offset: 0x1d0, Size: 0xff0088]MapBuildDataRegistry* MapBuildData;//[Offset: 0x1e0, Size: 0xff88]IntVector LightBuildLevelOffset;//[Offset: 0x1e8, Size: 0xff88]bool bIsLightingScenario;//(ByteOffset: 0, ByteMask: 0, FieldMask: 0)[Offset: 0x1f4, Size: 0x8800ff]bool bTextureStreamingRotationChanged;//(ByteOffset: 0, ByteMask: 0, FieldMask: 0)[Offset: 0x1f4, Size: 0x880000]bool bStaticComponentsRegisteredInStreamingManager;//(ByteOffset: 0, ByteMask: 0, FieldMask: 0)[Offset: 0x1f4, Size: 0x8800ff]bool bIsVisible;//(ByteOffset: 0, ByteMask: 0, FieldMask: 0)[Offset: 0x1f4, Size: 0xff0088]WorldSettings* WorldSettings;//[Offset: 0x258, Size: 0xff88ff]AssetUserData*[] AssetUserData;//[Offset: 0x268, Size: 0x0]ReplicatedStaticActorDestructionInfo[] DestroyedReplicatedStaticActors;//[Offset: 0x288, Size: 0x0]--------------------------------
Class: Model.Object--------------------------------
Class: ModelComponent.PrimitiveComponent.SceneComponent.ActorComponent.ObjectBodySetup* ModelBodySetup;//[Offset: 0x450, Size: 0x0]...
Objects.txt如下
[0x0]:
Name: /Script/CoreUObject
Class: Package
ObjectPtr: 0x715fc731c0
ClassPtr: 0x71c61c8080[0x2]:
Name: /Script/CoreUObject
Class: None
ObjectPtr: 0xcdcdcdcd000003ea
ClassPtr: 0xcdcdcdcd00000402[0x3]:
Name: /Script/CoreUObject
Class: None
ObjectPtr: 0x40000000
ClassPtr: 0x40000018[0x4]:
Name: NetDriver
Class: Class
ObjectPtr: 0x719e6c5b00
ClassPtr: 0x71c61c8800[0x7]:
Name: NetDriver
Class: None
ObjectPtr: 0x42000000
ClassPtr: 0x42000018[0x8]:
Name: /Script/OnlineSubsystemSeasun
Class: Package
ObjectPtr: 0x715fc73080
ClassPtr: 0x71c61c8080[0xb]:
Name: /Script/OnlineSubsystemSeasun
Class: None
ObjectPtr: 0x40000000
ClassPtr: 0x40000018...
PS
1.UE4引擎 4.23及以上和4.23以下查找GNames的方法不同,而GWorld和GUObject查找方式一致
2.IDA 解析 so的速度是真的慢,而且非常容易未响应
3.UE4几乎每个版本结构都有区别,所以需要修改 UE4Dumper中的 Offset.h
相关内容
热门资讯
喜欢穿一身黑的男生性格(喜欢穿...
今天百科达人给各位分享喜欢穿一身黑的男生性格的知识,其中也会对喜欢穿一身黑衣服的男人人好相处吗进行解...
发春是什么意思(思春和发春是什...
本篇文章极速百科给大家谈谈发春是什么意思,以及思春和发春是什么意思对应的知识点,希望对各位有所帮助,...
网络用语zl是什么意思(zl是...
今天给各位分享网络用语zl是什么意思的知识,其中也会对zl是啥意思是什么网络用语进行解释,如果能碰巧...
为什么酷狗音乐自己唱的歌不能下...
本篇文章极速百科小编给大家谈谈为什么酷狗音乐自己唱的歌不能下载到本地?,以及为什么酷狗下载的歌曲不是...
华为下载未安装的文件去哪找(华...
今天百科达人给各位分享华为下载未安装的文件去哪找的知识,其中也会对华为下载未安装的文件去哪找到进行解...
怎么往应用助手里添加应用(应用...
今天百科达人给各位分享怎么往应用助手里添加应用的知识,其中也会对应用助手怎么添加微信进行解释,如果能...
家里可以做假山养金鱼吗(假山能...
今天百科达人给各位分享家里可以做假山养金鱼吗的知识,其中也会对假山能放鱼缸里吗进行解释,如果能碰巧解...
四分五裂是什么生肖什么动物(四...
本篇文章极速百科小编给大家谈谈四分五裂是什么生肖什么动物,以及四分五裂打一生肖是什么对应的知识点,希...
一帆风顺二龙腾飞三阳开泰祝福语...
本篇文章极速百科给大家谈谈一帆风顺二龙腾飞三阳开泰祝福语,以及一帆风顺二龙腾飞三阳开泰祝福语结婚对应...
美团联名卡审核成功待激活(美团...
今天百科达人给各位分享美团联名卡审核成功待激活的知识,其中也会对美团联名卡审核未通过进行解释,如果能...