hackcatml
commented
9 months ago I updated the GUObjectArray pattern and tested it with the latest Night Crows (v1.6.15). Try using the updated script. If it's still not working then check if the package name is "com.wemade.nightcrows". If the package name is different, then simply find the string "com.wemade.nightcrows" in the script.js and replace it with the correct package name.
[Pixel 6::PID::9161 ]-> set("libUnreal.so") [!] Cannot find GUObjectArray [] Try to search GUObjectArray on memory [] Memory scan done for GUObjectArray! [!] Cannot find GName [] Try to search GName on memory [!] error while scanning GName in memory [!] Cannot find GName. Try other pattern [] Memory scan done for GName! [Pixel 6::PID::9161 ]-> [] GUObjectArray pattern found at 0x6de597aa80 [] Disassemble it using armconvert.com [] offset of GUObjectArray_ptr from the base address: 0x8ad2e68 [] GName pattern found at 0x6de7b665b4 [] Disassemble it using armconvert.com [] offset of GName from the base address: 0x8c05f40
[*] set libUnreal.so base: 0x6de2c0e000, GUObjectArray: 0x6deb7fbd80, GName: 0x6deb813f40 [Pixel 6::PID::9161 ]-> [Pixel 6::PID::9161 ]-> [Pixel 6::PID::9161 ]-> [Pixel 6::PID::9161 ]-> dumpSdk() Error: access violation accessing 0x1 at (frida/runtime/core.js:141)
at getUObjectBaseObjectFromId (C:\Users\Lenovo\Downloads\frida-ue4dump-main (1)\frida-ue4dump-main\script.js:470)
at dumpSdk (C:\Users\Lenovo\Downloads\frida-ue4dump-main (1)\frida-ue4dump-main\script.js:946)
at (:1)
[Pixel 6::PID::9161 ]-> exit