[Question] How to find offset on GenshinImpact and Yuanshen.exe?

[prpjzz]

As described, I want to know how you find the offset for Genshin Impact. However, I don't know where to start it. Hope you can guide.

[lanylow]

Hello, I am using a tool called IDA to analyze the file and find the functions.

[prpjzz]

Hello, I am using a tool called IDA to analyze the file and find the functions.

Doesn't it take a lot of time and effort to do this?

[lanylow]

Not really, it doesn’t take me a lot of time because it’s essentially the same process every update.

[z3lx]

I thought the il2cpp global metadata was encrypted and was loaded and decrypted at runtime

[lanylow]

That's correct.

[z3lx]

Are you reversing the loader itself to decrypt the global metadata?

[lanylow]

I don't do anything related to the metadata. Keep in mind I only have to find 5 functions for this tool to work, it's faster to just look specifically for them. Even if I wanted to get information about all methods I think it'd be more efficient to just find the il2cpp api functions and use that instead of reversing the whole metadata encryption.

[z3lx]

Apologies, I'm not all too familiar with reverse engineering. What discriminating trait do the functions have that gives it away so the decompiler can find those specific functions? The function signature and the way it's laid out in memory?

[lanylow]

You can find those functions quickly by looking for signatures and in some cases strings.

[z3lx]

Thank you for answering my questions! I'll take a look at the game binaries with the current offsets later to better understand.

[prpjzz]

I opened the IDA, but for example with your Project, I don't know how to find the correct offset as in your recent update. Could you help me more?

[lanylow]

Unfortunately it's not something I can easily explain.