CN109947466A - A kind of reverse method and device thereof for obtaining UE4 global object table - Google Patents
A kind of reverse method and device thereof for obtaining UE4 global object table Download PDFInfo
- Publication number
- CN109947466A CN109947466A CN201910034236.XA CN201910034236A CN109947466A CN 109947466 A CN109947466 A CN 109947466A CN 201910034236 A CN201910034236 A CN 201910034236A CN 109947466 A CN109947466 A CN 109947466A
- Authority
- CN
- China
- Prior art keywords
- target game
- global object
- obtaining
- guobjectarray
- initial information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention relates to a kind of reverse methods for obtaining UE4 global object table, comprising the following steps: S1, detection target game obtain initial information;S2, it calls initial information and demonstration sample is write based on target game;The deviant of GUObjectArray in S3, analysis demonstration sample;S4, the deviant that GUObjectArray in target game is obtained using the mode in S3;S5, the storage address of positioning target game GUObjectArray in memory;S6, it calls storage address and obtains global object's table of target game.A kind of reverse device for obtaining UE4 global object table, including detection module, sample module, the first analysis module, the second analysis module, locating module and calling module.The present invention realizes the technical effect that target game global object table is obtained under the premise of passive coding, effectively improves working efficiency.
Description
Technical field
The present invention relates to a kind of reverse method and device thereof for obtaining UE4 global object table, belong to development of games field.
Background technique
UE4, full name are Unreal Engine 4, are the development of games engines of a open source, and game is in the process of running
Scene display be to be realized by the combinations of different objects, such as personage, building, vegetation, ground, sky, carrier, weapon, work
Tool, interface UI and other elements;Although their structure types are different, the UObject being inherited from UE4.For
Effectively these game objects of maintenance and management, UE4 have used GUObjectArray, i.e. Global Uobject Array
Instance, translator of Chinese are global object's table.
In actual use scene, developer in order to be grasped to game performance, need to obtain game object and
Corresponding attribute;And maintenance personnel is in order to effectively monitor or assess the security risk of game, it is also desirable to obtain game object and
Corresponding attribute.And when game is in the development phase, the game editing machine built in UE4 can easily realize above-mentioned needs;But
When game is issued and staff has no game source code, how effectively to obtain game object is technology urgently to be solved
Problem.
Summary of the invention
In view of the deficiencies of the prior art, the present invention provides a kind of reverse methods for obtaining UE4 global object table, including with
Lower step:
S1, detection target game obtain initial information;
S2, it calls initial information and demonstration sample is write based on target game;
The deviant of GUObjectArray in S3, analysis demonstration sample;
S4, the deviant that GUObjectArray in target game is obtained using the mode in S3;
S5, the storage address of positioning target game GUObjectArray in memory;
S6, it calls storage address and obtains global object's table of target game.
Further, the initial information includes the version of UE4.
Further, writing UE4 version used in demonstration sample must be identical as the UE4 version in initial information.
Further, the positioning of storage address is to add deviant reality by the plot of GUObjectArray in target game
Existing.
A kind of reverse device for obtaining UE4 global object table, comprises the following modules:
Detection module obtains initial information for detecting target game;
Sample module, for calling initial information and writing demonstration sample based on target game;
First analysis module, for analyzing the deviant of GUObjectArray in demonstration sample;
Second analysis module, for obtaining the deviant of GUObjectArray in target game using the mode in S3;
Locating module, for positioning the storage address of target game GUObjectArray in memory;And
Calling module, for calling storage address and obtaining global object's table of target game.
Further, the initial information includes the version of UE4.
Further, writing UE4 version used in demonstration sample must be identical as the UE4 version in initial information.
Further, the positioning of storage address is to add deviant reality by the plot of GUObjectArray in target game
Existing.
A kind of computer readable storage medium, is stored thereon with computer instruction, it is characterised in that the instruction is by processor
The step of method according to any one of claims 1 to 4 is realized when execution.
The invention has the benefit that realizing the technology effect for obtaining target game global object table under the premise of passive coding
Fruit effectively improves working efficiency.
Detailed description of the invention
Fig. 1 show overview flow chart according to the present invention;
Fig. 2 show apparatus according to the invention connection figure;
Fig. 3 show A according to a particular embodiment of the invention;
Fig. 4 show B according to a particular embodiment of the invention;
Fig. 5 show C according to a particular embodiment of the invention;
Fig. 6 show D1 according to a particular embodiment of the invention;
Fig. 7 show D2 according to a particular embodiment of the invention.
Specific embodiment
It should be appreciated that the embodiment of the present invention can be by computer hardware, the combination of hardware and software or by depositing
The computer instruction in non-transitory computer-readable memory is stored up to be effected or carried out.Standard can be used in the method
Programming technique-includes that the non-transitory computer-readable storage media configured with computer program is realized in computer program,
Wherein configured in this way storage medium operates computer in a manner of specific and is predefined --- according in specific embodiment
Described in method and attached drawing.Each program can with the programming language of level process or object-oriented come realize with calculating
Machine system communication.However, if desired, the program can be realized with compilation or machine language.Under any circumstance, which can
With the language for being compiling or explaining.In addition, the program can be run on the specific integrated circuit of programming for this purpose.
In addition, the operation of process described herein can be performed in any suitable order, unless herein in addition instruction or
Otherwise significantly with contradicted by context.Process described herein (or modification and/or combination thereof) can be held being configured with
It executes, and is can be used as jointly in one or more processors under the control of one or more computer systems of row instruction
The code (for example, executable instruction, one or more computer program or one or more application) of upper execution, by hardware or
A combination thereof is realized.The computer program includes the multiple instruction that can be performed by one or more processors.
Further, the method can be realized in being operably coupled to suitable any kind of computing platform, wrap
Include but be not limited to PC, mini-computer, main frame, work station, network or distributed computing environment, individual or collection
At computer platform or communicate with charged particle tool or other imaging devices etc..Each aspect of the present invention can be with
The machine readable code in non-transitory storage medium or equipment is stored in realize, no matter is moveable or is integrated to
Computing platform, such as hard disk, optical reading and/or write-in storage medium, RAM, ROM, so that it can be read by programmable calculator
It takes, can be used for configuration and operation computer when storage medium or equipment are read by computer to execute mistake described herein
Journey.In addition, machine readable code, or part thereof can be transmitted by wired or wireless network.When such media include that combination is micro-
When processor or other data processors realize the instruction or program of steps described above, invention as described herein includes these
With other different types of non-transitory computer-readable storage medias.When methods and techniques according to the present invention program
When, the invention also includes computers itself.
Computer program can be applied to input data to execute function as described herein, to convert input data with life
At storing to the output data of nonvolatile memory.It is such as aobvious that output information can also be applied to one or more output equipments
Show device.In the preferred embodiment of the invention, the data of conversion indicate physics and tangible object, including generate on display
Physics and physical objects particular visual describe.
It should be noted that such as without Special Statement, in the disclosure used in the "an" of singular, " described " and
"the" is also intended to including most forms, unless the context clearly indicates other meaning.In addition, unless otherwise defined, this paper institute
All technical and scientific terms used are identical as the normally understood meaning of those skilled in the art.Illustrate herein
Term used in book is intended merely to description specific embodiment, is not intended to be limiting of the invention.Art used herein
Language "and/or" includes the arbitrary combination of one or more listed items.
(" such as ", " such as ") makes it should be appreciated that provided in this article any and all example or exemplary language
With being intended merely to that the embodiment of the present invention is better described, and unless the context requires otherwise, otherwise the scope of the present invention will not be applied
Limitation.
Next specific embodiments of the present invention are described further in conjunction with attached drawing:
It show overview flow chart according to the present invention referring to Fig.1, specifically includes the following steps:
S1, detection target game obtain initial information;The initial information includes but is not limited to the version of UE4, is actually obtained
The initial information taken is determined based on need of work;
S2, it calls initial information and demonstration sample is write based on target game;The UE4 of identical version has write difference at any time
Game, but the realization logic of its global object's table is identical, therefore it is necessary to write UE4 version used in demonstration sample
It is identical as the UE4 version in initial information;
The deviant of GUObjectArray in S3, analysis demonstration sample;
S4, the deviant that GUObjectArray in target game is obtained using the mode in S3;
S5, the storage address of positioning target game GUObjectArray in memory;The positioning of storage address is to pass through mesh
Mark what the plot addition deviant of GUObjectArray in game was realized, obtain the purpose of deviant also for by with base
The address of global object's table in memory under the combination positioning present case of location;
S6, it calls storage address and obtains global object's table of target game.
It is shown apparatus according to the invention connection figure referring to Fig. 2, is specifically included with lower module:
Detection module connect realization interaction with sample module, obtains initial information for detecting target game;
Sample module connect realization interaction with the first analysis module, for calling initial information and being compiled based on target game
Write demonstration sample;
First analysis module connect realization interaction with the second analysis module, for analyzing in demonstration sample
The deviant of GUObjectArray;
Second analysis module connect realization interaction with locating module, for obtaining in target game using the mode in S3
The deviant of GUObjectArray;
Locating module connect realization interaction with calling module for positioning target game GUObjectArray in memory
Storage address;And
Calling module, for calling storage address and obtaining global object's table of target game.
A kind of computer readable storage medium, is stored thereon with computer instruction, it is characterised in that the instruction is by processor
Each step in the above method is realized when execution.
Referring to Fig. 3 it show A according to a particular embodiment of the invention, embodiment A shows to be compiled based on the present invention
One UE4 global object scan tool, by program screenshot shown in figure, staff can easily obtain different objects
Real-time address in memory.
It is shown B according to a particular embodiment of the invention referring to Fig. 4, embodiment B shows how to obtain target game
UE4 version.By taking Android game as an example, based on the game of UE4 engine exploitation, in game installation kit, there are entitled
The file of libUE4.so, it is the core document of game engine and game logic.LibUE4.so file is opened by IDA, it
It is scanned in Strings window by keyword of UE4 afterwards, UE4 version used in target game can be obtained.
Referring to Figure 5 for according to specific embodiments of the present invention C, embodiment C show how from IDA by inverse
GUObjectArray deviant is obtained to analysis.
For example, global object's table is the example of a FUObjectArray type in UE4.18 source code:
From the foregoing, it will be observed that we are only it needs to be determined that the address of ObjObjects, is equivalent to have found global object's table.Pass through
UE4.18 source code is read, discovery ObjObjects is cited in the constructed fuction of FUObjectArray:
FUObjectArray::FUObjectArray()
:ObjFirstGCIndex(0)
,ObjLastNonGCIndex(INDEX_NONE)
,MaxObjectsNotConsideredByGC(0)
,OpenForDisregardForGC(!HACK_HEADER_GENERATOR)
,MasterSerialNumber(START_SERIAL_NUMBER)
{
GCoreObjectArrayForDebugVisualizers=&GUObjectArray.ObjOb jects;
}
LibUE4.so is opened using IDA, checks FUObjectArray::FUObjectArray.
That is GCoreObjectArrayForDebugVisualizers=&GUObjectArray.ObjOb jects;With figure
The code of 3 centers choosing is corresponding.
Specifically, unk_7397290 is a global variable, so its offset in libUE4.so is 0x
07397290。
It show D according to a particular embodiment of the invention referring to figure 6 and figure 7, embodiment D shows how to obtain target
The position of game global object table in memory.
The offset of global object's table in target game is determined first:
We need first to determine the address of FUObjectArray::FUObjectArray function, because there are two for the function
System feature can search for byte sequence based on this feature to be positioned in IDA.* ((DOWRD*) v1+83) in Fig. 5
The corresponding ARM instruction of=1000 code statements includes: MOV, R2 and #0x3E8, and the corresponding byte sequence of the instruction is: FA
2F A0E3。
Byte sequence is searched in IDA: FA 2F A0E3, obtaining that FUObjectArray::FUObjectArray is all can
Can it is alternative;From target game it is alternative in, one by one with FUObjectArray::FUObjectArray pairs of DemoGame
Than, so that it is determined that in TargetGame FUObjectArray::FUObjectArray offset, it is final to determine global object's table
Offset.
In the example that Fig. 6 and Fig. 7 is shown, the offset address of ObjObjects is: 0x04170A98;Operational objective game,
The position of global object's table in memory is determined by " plot+offset ";The plot of libUE4.so is 0xc9c98000;Cause
This, the address of global object's table in memory is: ObjObjects_addr=0xc9c98000+0x04170A98.
The above, only presently preferred embodiments of the present invention, the invention is not limited to above embodiment, as long as
It reaches technical effect of the invention with identical means, all should belong to protection scope of the present invention.In protection model of the invention
Its technical solution and/or embodiment can have a variety of different modifications and variations in enclosing.
Claims (9)
1. a kind of reverse method for obtaining UE4 global object table, comprising the following steps:
S1, detection target game obtain initial information;
S2, it calls initial information and demonstration sample is write based on target game;
The deviant of GUObjectArray in S3, analysis demonstration sample;
S4, the deviant that GUObjectArray in target game is obtained using the mode in S3;
S5, the storage address of positioning target game GUObjectArray in memory;
S6, it calls storage address and obtains global object's table of target game.
2. the reverse method for obtaining UE4 global object table according to claim 1, which is characterized in that the initial information
Version including UE4.
3. the reverse method for obtaining UE4 global object table according to claim 1, which is characterized in that write demonstration sample
Used UE4 version must be identical as the UE4 version in initial information.
4. the reverse method for obtaining UE4 global object table according to claim 1, which is characterized in that storage address is determined
Position is to add deviant by the plot of GUObjectArray in target game to realize.
5. a kind of reverse device for obtaining UE4 global object table, comprises the following modules:
Detection module obtains initial information for detecting target game;
Sample module, for calling initial information and writing demonstration sample based on target game;
First analysis module, for analyzing the deviant of GUObjectArray in demonstration sample;
Second analysis module, for obtaining the deviant of GUObjectArray in target game using the mode in S3;
Locating module, for positioning the storage address of target game GUObjectArray in memory;And
Calling module, for calling storage address and obtaining global object's table of target game.
6. the reverse device for obtaining UE4 global object table according to claim 1, which is characterized in that the initial information
Version including UE4.
7. the reverse device for obtaining UE4 global object table according to claim 1, which is characterized in that write demonstration sample
Used UE4 version must be identical as the UE4 version in initial information.
8. the reverse device for obtaining UE4 global object table according to claim 1, which is characterized in that storage address is determined
Position is to add deviant by the plot of GUObjectArray in target game to realize.
9. a kind of computer readable storage medium, is stored thereon with computer instruction, it is characterised in that the instruction is held by processor
The step of method according to any one of claims 1 to 4 is realized when row.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910034236.XA CN109947466B (en) | 2019-01-15 | 2019-01-15 | Method and device for reversely acquiring UE4 global object table |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910034236.XA CN109947466B (en) | 2019-01-15 | 2019-01-15 | Method and device for reversely acquiring UE4 global object table |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109947466A true CN109947466A (en) | 2019-06-28 |
| CN109947466B CN109947466B (en) | 2023-01-03 |
Family
ID=67007214
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910034236.XA Active CN109947466B (en) | 2019-01-15 | 2019-01-15 | Method and device for reversely acquiring UE4 global object table |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109947466B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111897530A (en) * | 2020-07-23 | 2020-11-06 | 上海珀立信息科技有限公司 | UI system and method based on UE4 platform |
| CN112784271A (en) * | 2021-01-21 | 2021-05-11 | 国网河南省电力公司电力科学研究院 | Reverse analysis method for control software of power engineering control system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1686738A1 (en) * | 2005-01-31 | 2006-08-02 | Siemens S.p.A. | Method and system for QoS management in multicast multimedia services, related network, terminal for use in that network and computer program product therefor |
| CN101848092A (en) * | 2009-03-25 | 2010-09-29 | 华为技术有限公司 | Malicious code detection method and device |
| CN102591787A (en) * | 2011-12-19 | 2012-07-18 | 北京握奇数据系统有限公司 | Method and device for data processing of JAVA card |
| CN107908964A (en) * | 2017-10-17 | 2018-04-13 | 珠海金山网络游戏科技有限公司 | The safety detection method and device of shell adding file in a kind of game for Android platform Unity3D |
| CN107943520A (en) * | 2016-10-11 | 2018-04-20 | 腾讯科技(深圳)有限公司 | Application stack information acquisition method and device, stack information analysis method and device |
-
2019
- 2019-01-15 CN CN201910034236.XA patent/CN109947466B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1686738A1 (en) * | 2005-01-31 | 2006-08-02 | Siemens S.p.A. | Method and system for QoS management in multicast multimedia services, related network, terminal for use in that network and computer program product therefor |
| CN101848092A (en) * | 2009-03-25 | 2010-09-29 | 华为技术有限公司 | Malicious code detection method and device |
| CN102591787A (en) * | 2011-12-19 | 2012-07-18 | 北京握奇数据系统有限公司 | Method and device for data processing of JAVA card |
| CN107943520A (en) * | 2016-10-11 | 2018-04-20 | 腾讯科技(深圳)有限公司 | Application stack information acquisition method and device, stack information analysis method and device |
| CN107908964A (en) * | 2017-10-17 | 2018-04-13 | 珠海金山网络游戏科技有限公司 | The safety detection method and device of shell adding file in a kind of game for Android platform Unity3D |
Non-Patent Citations (1)
| Title |
|---|
| PAJARNAS: "《外挂制作之思路总结和基址与偏移量》", 《HTTPS://BLOG.CSDN.NET/SILLY2016/ARTICLE/DETAILS/79884829》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111897530A (en) * | 2020-07-23 | 2020-11-06 | 上海珀立信息科技有限公司 | UI system and method based on UE4 platform |
| CN111897530B (en) * | 2020-07-23 | 2024-02-20 | 上海珀立信息科技有限公司 | UI system and method based on UE4 platform |
| CN112784271A (en) * | 2021-01-21 | 2021-05-11 | 国网河南省电力公司电力科学研究院 | Reverse analysis method for control software of power engineering control system |
| CN112784271B (en) * | 2021-01-21 | 2022-07-22 | 国网河南省电力公司电力科学研究院 | Reverse analysis method for control software of power engineering control system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109947466B (en) | 2023-01-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Lai et al. | Fedscale: Benchmarking model and system performance of federated learning at scale | |
| CN110309071B (en) | Test code generation method and module, and test method and system | |
| US20200401386A1 (en) | Reconfiguring application software into microservice architecture | |
| CN105335412B (en) | For data conversion, the method and apparatus of Data Migration | |
| CN110287097A (en) | Batch testing method, device and computer readable storage medium | |
| Li et al. | An empirical study of three PHP frameworks | |
| CN106919555A (en) | The system and method that the field of the data for being included in log stream is extracted | |
| CN103942099A (en) | Parallel task execution method and device based on Hive | |
| CN109101519B (en) | Information acquisition system and heterogeneous information fusion system | |
| CN109656917A (en) | Data detection method, device, equipment and the readable storage medium storing program for executing of multi-data source | |
| CN108563951A (en) | Method for detecting virus and device | |
| CN103955429B (en) | Determine the method and device of regression test scope | |
| CN114282752A (en) | Method and device for generating flow task, electronic equipment and storage medium | |
| Buinevich et al. | Method and prototype of utility for partial recovering source code for low-level and medium-level vulnerability search | |
| CN109690571A (en) | Group echo system and method based on study | |
| Hacker et al. | Advancing earthquake engineering research through cyberinfrastructure | |
| Buinevich et al. | Method for partial recovering source code of telecommunication devices for vulnerability search | |
| CN110287123A (en) | A kind of method and device around IOS system debug detection | |
| CN109947466A (en) | A kind of reverse method and device thereof for obtaining UE4 global object table | |
| CN105988911A (en) | Establishing a chain of trust in a system log | |
| Kurniaji et al. | The Development of UMS Building Catalogue Information System | |
| CN102385511A (en) | Visualization of runtime analysis across dynamic boundaries | |
| CN110032750A (en) | A kind of model construction, data life period prediction technique, device and equipment | |
| US20240061674A1 (en) | Application transition and transformation | |
| CN115617898A (en) | System and method for processing target range measurement and control data based on SOA (service oriented architecture) and computer equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 519000 Room 102, 202, 302 and 402, No. 325, Qiandao Ring Road, Tangjiawan Town, high tech Zone, Zhuhai City, Guangdong Province, Room 102 and 202, No. 327 and Room 302, No. 329 Applicant after: Zhuhai Jinshan Digital Network Technology Co.,Ltd. Applicant after: Zhuhai Xishanju Digital Technology Co.,Ltd. Address before: Building 3, Jinshan Software Park, 325 Qiandao Ring Road, Tangjiawan Town, high tech Zone, Zhuhai, Guangdong 519000 Applicant before: ZHUHAI KINGSOFT ONLINE GAME TECHNOLOGY Co.,Ltd. Applicant before: ZHUHAI SEASUN MOBILE GAME TECHNOLOGY Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |