First of all, the world address is only for the second drawing method. If you don’t use base address drawing, you don’t need to find the world address. You can skip this chapter and find the character coordinates directly.
There are only two ways to find the world address, forward or reverse
3.1 Forward looking
Compared with the reverse search for the world address, the forward search is obviously easier and has a lower threshold
Open the modifier and search for 50~300 A memory D type. If the values found for the first time are not enough, you can appropriately increase the search range. In addition, you must enter the game and search in the battle hall.
Pick up a gun after you find it, and shooting it will increase the value.
After repeating this several times, find the smaller one and go to this address for the remaining value.
Worlds are generally not too large.
Find a smaller value, and turn it in. If the value is 8 offsets away from the original address (this value is two units up and down), if the value is purple.
Then select this purple value (note that it is not the original address) and the data after transferring to the pointer is very neat. The sum of any two data is equal to 8, and this purple value is the world array.
3.2 Reverse search
It is a very deep subject that requires some engine knowledge and reverse engineering. Here is a course recommended by Xiaopozhan.
UE4 DUMP SDK "UE4 Game Security Engine Analysis Course"
It may be a bit esoteric for Xiaobai, and the course is long.
So if you are only pursuing results, you don't need to understand how this is done.
There are many excellent open source projects on Github that can be easily dumped out of SDK
For example, il2cppdumper can be used to dump the sdk of u3d engine games.
And ue4dumper is used to dump the game of ue4 engine.
But beware:
il2cppdumper and the derived auto-il2cppdumper can dump all the data of the game including the world array with one click.
And ue4dumper needs to find the world array offset through forward search in advance
3.3 Positioning the world array
You can also use the feature code or the base address tool to locate the matrix above
If base address positioning is used, the scan depth 4 offset starts from 512,
The shortest one is usually the world array offset.
ps: There is a big difference between terminal games and mobile games
For end games, there are the following three methods (transferred from UE4Engine reverse documentation)
48 8B 1D ?? ?? ?? ?? 48 85 DB 74 3B 41 B0 01
1), string method
UE4 general keyword: SeamlessTravel FlushLevelStreamin
2), debugging symbol method
Keyword: Gworld
Ctrl+G Search Gworld, copy the jump address - the base address is the offset
3), reverse derivation method (mobile game)
Find the count and push back