Tutorial How to dump decrypted DLL files using GameGuardian (NO ROOT / ROOT)

[AndnixSH]

You can dump memory using GameGuardian to extract encrypted file using get_dll_from_bin tool or Winhex.

Requirements:

• GameGuardian
• get_dll_from_bin.exe
• dnSpyEx
• Rooted device or Virtual space for non-rooted devices
• Available free space of Internal storage or Sdcard: 5+ GB
• Requires Android 4.x and above. May not work on new devices

Instructions:
Download GameGuardian app and install it on rooted device or emulator

Download get_dll_from_bin.exe. We wil need it later

Install GameGuardian APK on non-rooted device or rooted device or emulator. It's very easy

Non-rooted devices:
You can use Virtual Space. See the tutorial

How to use GameGuardian in Virtual Space app without root

Hello dear Cheaters, Since feburary 2018, GameGuardian have the ability to hack games on non-root device only if GG and game are running inside virtual space app, such as VirtualXposed, Parallel Space and Lite version, GO multiple etc. Functionality of GG and apps/games may be limited like you...

platinmods.com

Or use Virtual machine with root support:

List of Android Virtual Machine apps for Android devices

The VM is a virtual machine environment that isolate from your phone system. You can root inside VM, install something fun, install malcious apps, etc without affecting your physical phone. There is no need to worry about the risk of viruses and system crashes, and no information can be stolen...

platinmods.com

Rooted devices:
GameGuardian works with SuperSU and Magisk. All you need is to grant root permission upon launch

Emulator:

Spoiler: Emulator:

If you are using emulator that supports shared folder and allows you to changed path of shared folder, you can use it to dump files directly to your hard drive

Example in Memu, I changed music path to D:\Shared of my external hard drive.

Some emulators do not allow you to change the path. I know 2 emulators that uses hardcoded path:

Bluestacks: /sdcard/windows/BstSharedFolder
Nox: /mnt/shared

For others, find it yourself

------------------------------------------------------------------------------------

Launch GG and press Start to launch GG floating icon.

Launch the game

Open GG and select process of the game

Click on hamburger menu icon (☰) and click on white folder with down arrow

Change path if you want and click Save. This will dump whole memory into the disk

If you use a phone, copy all the dump files to your computer.

Copy get_dll_from_bin.exe to the location of the dumped folder and double click to start extracting DLL files.

After that, you will get dll files

Open them on dnSpy and enjoy

Can't find the Assembly-Csharp.dll file or can't open some dll files? You may need to decrypt some remaining parts or fix some header by yourself. I can't help with DLL protections related

Credits:
AndnixSH (Tutorial)
Enyby (GameGuardian and get_dll_from_bin.exe)

 

[G-Bo ッ]

Awesome, I wanted to make one too but your tutorials are always better bro =D

 

[AndnixSH]

Awesome, I wanted to make one too but your tutorials are always better bro =D

Hehe. I like to make public tutorials to help modders except security related that leechers and devs could take advantage

 

[Mr-SPT]

Thanks for tutorial

 

[zakodai]

:'(

??

 

[AndnixSH]

:'(

??

That's dll corruption trick to prevent dll dumping. I do not want to discuss about this since it's our secrets.

 

[zakodai]

That's dll corruption trick to prevent dll dumping. I do not want to discuss about this since it's our secrets.

I respect your secrets, but is there a way to discover myself

 

[zakodai]

That's dll corruption trick to prevent dll dumping. I do not want to discuss about this since it's our secrets.

Yes, I found the solution

Split files into several batches to reduce size

 

[zakodai]

How to return the file encryption after editing ??

 

[Sookol277]

Please tell me how to recover files via winhex?

 

[Tiger™]

What should I do when there is no Assembly-CSharp.dll at all?
Other dll files are restored except Assembly-CSharp

 

[AndnixSH]

What should I do when there is no Assembly-CSharp.dll at all?
Other dll files are restored except Assembly-CSharp

Header trick used by dev but I don't want to explain how to recover it in public

 

[vinicio999]

I run "get_dll_from_bin" and it recognizes dll files. But when I press any buttom the prompt closes. Is it natural?

 

[AndnixSH]

I run "get_dll_from_bin" and it recognizes dll files. But when I press any buttom the prompt closes. Is it natural?

Yes it is. Just find the right dll you want to work with

 

[Vostox]

Hello.
I can't seem to dump thoroughly because the game force closed during the dumping process. As a result, I couldn't retrieve the dll files.
I assume that the game has protection against dumping. (is that even possible?)

How do I get around this problem?
Thank you.

P.S. The game I'm trying to mod is Utopia: Origin.

 

[nik2143]

Hello.
I can't seem to dump thoroughly because the game force closed during the dumping process. As a result, I couldn't retrieve the dll files.
I assume that the game has protection against dumping. (is that even possible?)

How do I get around this problem?
Thank you.

P.S. The game I'm trying to mod is Utopia: Origin.

Yes this is a protection against dumping but I think only PMT Team know how to get around this protection but they can't (or want) explain this

 

[DaRealPanDa]

Maybe 10% from all Stuff in hacking scenes ( doesn't matter if Phone hacking, PC hacking or real hacking ) is public, 90% is Secret.
When we make all things public, the dev's fix it in a few minutes and we can't mod anymore.
So try to learn more by yourself, become more and more familiar with modding and program languages, deserve it to become advanced knowledge someday and you are on a good way :D

 

[Vostox]

I tried to mod another game now. I successfully dumped it, but there seems to be an error when running the script (get_dll_from_bin_modified.exe) and I cant get all the dlls except the Assembly-Csharp. Here is the error that I got:

I'm sure that 16.dll is the Assembly-Csharp since it has the biggest size compared to the other dlls. However, an error occurs when making the dll and the script stops there. I googled the error message and found that it is related to the memory limit that the script allows. The script allows approximately 128M of memory while making 16.dll requires about 512M. An answer suggested that we should add this to the script:

While being unable to edit the script since it has been compiled to .exe, I don't know any other way to get around this problem. Is there a possible solution to this?

 

[AndnixSH]

@Vostox that because the DLL is manually corrpted by dev but we can't explain how to recover it unfortunately

 

[ak0ztik]

and that's because modders also encrypt their .dll for the anti leech, am i right?