[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-81891":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":8,"htmlUrl":8,"language":9,"languages":8,"totalLinesOfCode":8,"stars":10,"forks":11,"watchers":12,"openIssues":13,"contributorsCount":14,"subscribersCount":14,"size":14,"stars1d":14,"stars7d":15,"stars30d":16,"stars90d":14,"forks30d":14,"starsTrendScore":17,"compositeScore":18,"rankGlobal":8,"rankLanguage":8,"license":19,"archived":20,"fork":20,"defaultBranch":21,"hasWiki":22,"hasPages":20,"topics":23,"createdAt":8,"pushedAt":8,"updatedAt":24,"readmeContent":25,"aiSummary":26,"trendingCount":14,"starSnapshotCount":14,"syncStatus":17,"lastSyncTime":27,"discoverSource":28},81891,"Andriod_UnrealMemoryTools","DreamFekk\u002FAndriod_UnrealMemoryTools","DreamFekk",null,"C",62,25,42,3,0,8,20,2,47.19,"MIT License",false,"main",true,[],"2026-06-12 04:01:35","# UnrealMemoryTools\n\nAndroid Unreal Engine Dumper with a Vulkan \u002F ImGui overlay UI, dedicated game profiles, and a generic `AutoFix` pipeline.\n\n> Author: 曦曦 (DreamFekk) — https:\u002F\u002Fgithub.com\u002FDreamFekk\n> No reselling for profit \u002F 禁止圈钱盗卖\n> QQ Group(群) 977186929\n\n[English](#english) | [中文](#中文)\n\n---\n\n## English\n\n### Overview\n\n`UnrealMemoryTools` is an external (out-of-process) Unreal Engine dumper for Android. It runs as a regular ELF binary and reads the target game memory through `KittyMemoryEx`. The previous CLI workflow has been replaced with a Vulkan + ImGui overlay UI inspired by `AndUEProber`, and the dump pipeline has been split into two explicit steps: **Probe** then **Dump**.\n\nThe program ships with both:\n\n- **Dedicated profiles** — hardcoded offsets for known games\n- **AutoFix** — a generic UE4 \u002F UE5 fallback that brute-force locates `GNames`, `FNamePool`, `GUObjectArray`, etc., and patches struct offsets at runtime\n\nIf a dedicated profile fails to initialize on a newer game build, UnrealMemoryTools automatically falls back to AutoFix and clearly tells you so in the UI.\n\n### Preview\n\n![English UI](EN.jpg)\n\n### Features\n\n- ImGui overlay UI (Vulkan, FreeType, Chinese \u002F English switch at runtime)\n- Two-step pipeline: **Probe** (validate offsets) then **Dump** (write SDK)\n- Per-process state isolation — switching processes always re-resolves the UE ELF and `UEVars`\n- Dedicated profiles + AutoFix fallback (with visible \"fell back to auto\" hint)\n- Per-tab structure inspector: UObject \u002F UField \u002F UStruct \u002F UClass \u002F UFunction \u002F FField+FProperty \u002F FName \u002F FUObjectArray \u002F UEnum\n  Each tab lists `Field \u002F Type \u002F Offset \u002F Status \u002F Notes`, color-coded green = identified, red = unknown\n- One-click **Dump Library** button — dumps `libUE4.so` \u002F `libUnreal.so` from process memory via `\u002Fproc\u002F\u003Cpid>\u002Fmem`\n- SDK output split per category, plus a Dumper-7 style `SDK_Offset.hpp` member-offset header\n\n### Output files\n\nDefault output root: `\u002Fsdcard\u002FUnrealMemoryTools\u002F\u003Cpackage>\u002F`\n\n| File | Purpose |\n|---|---|\n| `Logs.txt` | Full run log |\n| `Objects.txt` | Object index \u002F address \u002F full name dump |\n| `Offsets.hpp` | Key engine pointers (`GNames`, `GUObjectArray`, `GWorld`, `Matrix`, `ProcessEvent`, ...) relative to UE base |\n| `AIOHeader.hpp` | Aggregator that includes `SDK_Enums.hpp` \u002F `SDK_Structs.hpp` \u002F `SDK_Classes.hpp` |\n| `SDK_Enums.hpp` | All enums |\n| `SDK_Structs.hpp` | All structs |\n| `SDK_Classes.hpp` | All classes (with vtable comments: `VTableIndex` \u002F slot offset \u002F function RVA) |\n| `SDK_Offset.hpp` | Dumper-7 style member offsets — see below |\n| `script.json` | Function script for IDA \u002F Ghidra automation |\n| `libUE4.so` \u002F `libUnreal.so` | (Optional) memory dump of the runtime UE library |\n\n#### `SDK_Offset.hpp` layout\n\n```cpp\n#pragma once\n#include \u003Ccstdint>\n\nnamespace SDKOffset\n{\n\n\u002F\u002F Class CoreUObject.Object  Size: 0x28 (Inherited: 0x0)\nnamespace UObject\n{\n    constexpr ::std::uintptr_t __Size      = 0x28;\n    constexpr ::std::uintptr_t __Inherited = 0x0;\n\n    constexpr ::std::uintptr_t ObjectFlags   = 0x8;  \u002F\u002F EObjectFlags\n    constexpr ::std::uintptr_t InternalIndex = 0xC;  \u002F\u002F int32_t\n    \u002F\u002F ...\n\n    namespace Functions\n    {\n        constexpr ::std::uintptr_t ExecuteUbergraph = 0x12345; \u002F\u002F RVA from UE base\n    }\n}\n\n}\n```\n\nUsage:\n\n```cpp\nauto flags = ReadAt\u003Cuint32_t>(uobj + SDKOffset::UObject::ObjectFlags);\nuintptr_t func = libUE_base + SDKOffset::UObject::Functions::ExecuteUbergraph;\n```\n\n### UI workflow\n\n1. Process list (left pane) lists every running process that has `libUE4.so` \u002F `libUnreal.so` loaded, plus everything matched by a dedicated profile.\n2. Pick a process, click **Start Probe**. The probe initializes `KittyMemoryMgr`, locates `GNames` \u002F `GUObjectArray`, runs `AutoFix`, and fills the tabs.\n3. Inspect tabs — anything red means AutoFix could not resolve that field. The probe still succeeds as long as the core pointers are valid.\n4. Click **Start Dump** to write the SDK and all `*.hpp` files.\n5. Click **Dump Library** to additionally save the in-memory `libUE4.so` \u002F `libUnreal.so`.\n6. Switch language any time with the **中文 \u002F English** small buttons in the title bar.\n\n### Mode column: Dedicated vs Auto\n\nThe process list shows **Dedicated** (matched by hardcoded offsets) or **Auto** (matched only by having `libUE*.so` loaded). The actual probe may still fall back from Dedicated to Auto if the dedicated profile's offsets are stale for the current game build. When that happens you will see:\n\n```\nW: 专用 Profile 初始化失败 (...)，回退到自动 Profile。\nI: 使用自动 Profile (UE4\u002FUE5 通用) 进行探测。\n```\n\n…and the **Mode** label in the summary tab will switch to `Auto`.\n\n### Built-in dedicated profiles\n\n`暗区突围`, `三角洲行动`, `远光 84`, `枪战特训 2`, `无畏契约`, `洛克王国: 世界`, `和平精英`.\n\n### Build\n\nToolchain:\n\n- Android NDK r25 or newer\n- CMake + Ninja\n- clang with C++20\n\n```bash\ncd UnrealMemoryTools\ncmake -S . -B build -G Ninja -DCMAKE_BUILD_TYPE=Release\ncmake --build build -j4\n```\n\nThe output binary lands in `UnrealMemoryTools\u002Foutputs\u002Farm64-v8a\u002F`.\n\n> Tip: building under a Chinese-character path may trigger `GetOverlappedResult` errors with Ninja on Windows. Prefer building inside CLion or use an ASCII path.\n\n### Run\n\n```bash\nadb push UnrealMemoryTools \u002Fdata\u002Flocal\u002Ftmp\u002F\nadb shell \"su -c 'chmod 777 \u002Fdata\u002Flocal\u002Ftmp\u002FUnrealMemoryTools && \u002Fdata\u002Flocal\u002Ftmp\u002FUnrealMemoryTools'\"\n```\n\nA Vulkan overlay window will appear on the device. Root or equivalent access is required to read other processes' memory.\n\n### License \u002F use\n\nFor learning, reverse-engineering practice, and personal research only. **Do not** repackage or sell. **Do not** use the dumped SDK to build paid hacks.\n\n### Credits\n\n- [AndUEDumper](https:\u002F\u002Fgithub.com\u002FMJx0\u002FAndUEDumper)\n- [Dumper-7](https:\u002F\u002Fgithub.com\u002FEncryqed\u002FDumper-7)\n- [UEDumper](https:\u002F\u002Fgithub.com\u002FSpuckwaffel\u002FUEDumper)\n- [UE4Dumper-4.25](https:\u002F\u002Fgithub.com\u002Fguttir14\u002FUnrealDumper-4.25)\n- KittyMemoryEx\n- ImGui \u002F FreeType \u002F Vulkan\n\n---\n\n## 中文\n\n### 简介\n\n`UnrealMemoryTools` 是一个面向 Android Unreal Engine 游戏的**外部** Dumper（不注入、不 hook，纯 `\u002Fproc\u002F\u003Cpid>\u002Fmem` 读内存）。基于 `AndUEDumper` 改造而来，并融合了 `Dumper-7` 风格的 SDK 输出与 `AndUEProber` 风格的两步交互。\n\n旧版命令行交互已经全部移除，改成 **Vulkan + ImGui 悬浮 UI**，流程拆成两步：**探针 → Dump**。\n\n工具同时具备：\n\n- **专用 Profile**：内置游戏的硬编码偏移\n- **AutoFix（通用兜底）**：UE4 \u002F UE5 通用，通过特征码暴搜 `GNames`、`FNamePool`、`GUObjectArray`，并在运行时修补结构偏移\n\n专用 Profile 在新版游戏上失效时会**自动回退到 AutoFix**，并在 UI 上明确标出\"已回退\"。\n\n### 界面预览\n\n![中文界面](CH.jpg)\n\n### 特性\n\n- ImGui 悬浮窗 UI（Vulkan + FreeType，运行时随时切换 中文 \u002F English）\n- 两步流程：**开始探测**（校验偏移） → **开始 Dump**（写 SDK）\n- 跨进程状态隔离：每次切换进程都会重新定位 UE ELF 和 `UEVars`，不会读到上次残留\n- 专用 Profile + AutoFix 兜底，带\"已回退到自动\"提示\n- 结构体逐标签查看：UObject \u002F UField \u002F UStruct \u002F UClass \u002F UFunction \u002F FField+FProperty \u002F FName \u002F FUObjectArray \u002F UEnum\n  每个标签 5 列：`字段 \u002F 类型 \u002F 偏移 \u002F 状态 \u002F 说明`，绿色\"已识别\"红色\"未识别\"\n- 一键 **Dump 动态库**：直接通过 `\u002Fproc\u002F\u003Cpid>\u002Fmem` 转储 `libUE4.so` \u002F `libUnreal.so`\n- SDK 按类型拆文件，附 Dumper-7 风格的 `SDK_Offset.hpp` 成员偏移头\n\n### 输出文件\n\n默认输出根目录：`\u002Fsdcard\u002FUnrealMemoryTools\u002F\u003Cpackage>\u002F`\n\n| 文件 | 说明 |\n|---|---|\n| `Logs.txt` | 完整运行日志 |\n| `Objects.txt` | 对象索引 \u002F 地址 \u002F 全名 列表 |\n| `Offsets.hpp` | 关键引擎指针（`GNames`、`GUObjectArray`、`GWorld`、`Matrix`、`ProcessEvent` 等），相对 UE 基址 |\n| `AIOHeader.hpp` | 总聚合头，include 下面三个 SDK 头 |\n| `SDK_Enums.hpp` | 所有枚举 |\n| `SDK_Structs.hpp` | 所有结构体 |\n| `SDK_Classes.hpp` | 所有类（虚表注释含 `VTableIndex` \u002F 槽位偏移 \u002F 函数 RVA） |\n| `SDK_Offset.hpp` | Dumper-7 风格的成员偏移头，见下文 |\n| `script.json` | 给 IDA \u002F Ghidra 自动化用的函数脚本 |\n| `libUE4.so` \u002F `libUnreal.so` | （可选）从进程内存转储的 UE 动态库 |\n\n#### `SDK_Offset.hpp` 形态\n\n```cpp\n#pragma once\n#include \u003Ccstdint>\n\nnamespace SDKOffset\n{\n\n\u002F\u002F Class CoreUObject.Object  Size: 0x28 (Inherited: 0x0)\nnamespace UObject\n{\n    constexpr ::std::uintptr_t __Size      = 0x28;\n    constexpr ::std::uintptr_t __Inherited = 0x0;\n\n    constexpr ::std::uintptr_t ObjectFlags   = 0x8;  \u002F\u002F EObjectFlags\n    constexpr ::std::uintptr_t InternalIndex = 0xC;  \u002F\u002F int32_t\n    \u002F\u002F ...\n\n    namespace Functions\n    {\n        constexpr ::std::uintptr_t ExecuteUbergraph = 0x12345; \u002F\u002F 相对 UE 基址\n    }\n}\n\n}\n```\n\n使用：\n\n```cpp\nauto flags = ReadAt\u003Cuint32_t>(uobj + SDKOffset::UObject::ObjectFlags);\nuintptr_t func = libUE_base + SDKOffset::UObject::Functions::ExecuteUbergraph;\n```\n\n### UI 流程\n\n1. 左侧\"进程列表\"会列出所有加载了 `libUE4.so` \u002F `libUnreal.so` 的进程，外加命中专用 Profile 的进程\n2. 选中一个进程，点 **开始探测**：会初始化 `KittyMemoryMgr`、定位 `GNames` \u002F `GUObjectArray`、跑 AutoFix，结果填到右侧标签页\n3. 看标签页：红色 = AutoFix 未识别该字段。只要核心指针都有效，探针就算成功\n4. 点 **开始 Dump**：写出 SDK 和所有 `*.hpp`\n5. 点 **Dump 动态库**：追加保存内存中的 `libUE4.so` \u002F `libUnreal.so`\n6. 顶栏 **中文 \u002F English** 小按钮可随时切换语言\n\n### 模式列：专用 vs 自动\n\n进程列表里的\"专用 \u002F 自动\"只代表\"包名是不是命中了内置 Profile\"，并不代表实际跑哪条管线。如果命中了专用 Profile 但偏移已经过期，会自动回退到 AutoFix，此时日志会出现：\n\n```\nW: 专用 Profile 初始化失败 (...)，回退到自动 Profile。\nI: 使用自动 Profile (UE4\u002FUE5 通用) 进行探测。\n```\n\n并且摘要标签页里\"模式\"会变成 `自动`。\n\n### 已适配的专用 Profile\n\n暗区突围 \u002F 三角洲行动 \u002F 远光 84 \u002F 枪战特训 2 \u002F 无畏契约 \u002F 洛克王国: 世界 \u002F 和平精英\n\n### 构建\n\n工具链要求：\n\n- Android NDK r25 或更新\n- CMake + Ninja\n- 支持 C++20 的 clang\n\n```bash\ncd UnrealMemoryTools\ncmake -S . -B build -G Ninja -DCMAKE_BUILD_TYPE=Release\ncmake --build build -j4\n```\n\n产物在 `UnrealMemoryTools\u002Foutputs\u002Farm64-v8a\u002F`。\n\n> 注意：Windows 上 Ninja 在中文路径下会偶发 `GetOverlappedResult` 报错。建议在 CLion 内构建，或换成纯英文路径。\n\n### 运行\n\n```bash\nadb push UnrealMemoryTools \u002Fdata\u002Flocal\u002Ftmp\u002F\nadb shell \"su -c 'chmod 777 \u002Fdata\u002Flocal\u002Ftmp\u002FUnrealMemoryTools && \u002Fdata\u002Flocal\u002Ftmp\u002FUnrealMemoryTools'\"\n```\n\n设备上会出现 Vulkan 悬浮窗。读取其它进程内存需要 root 或等价权限。\n\n### 使用许可\n\n仅用于学习、逆向研究和个人技术练习。**禁止**重新打包售卖、**禁止**用 Dump 出来的 SDK 制作付费外挂、**禁止**圈钱盗卖。\n\n### 致谢\n\n- [AndUEDumper](https:\u002F\u002Fgithub.com\u002FMJx0\u002FAndUEDumper)\n- [Dumper-7](https:\u002F\u002Fgithub.com\u002FEncryqed\u002FDumper-7)\n- [UEDumper](https:\u002F\u002Fgithub.com\u002FSpuckwaffel\u002FUEDumper)\n- [UE4Dumper-4.25](https:\u002F\u002Fgithub.com\u002Fguttir14\u002FUnrealDumper-4.25)\n- KittyMemoryEx\n- ImGui \u002F FreeType \u002F Vulkan\n","UnrealMemoryTools 是一个针对 Android 平台的 Unreal Engine 外部内存读取工具。它通过 KittyMemoryEx 读取目标游戏内存，并使用 Vulkan 和 ImGui 构建了图形用户界面，支持中英文切换。该工具提供两步工作流程：先探查（验证偏移量）再导出（生成 SDK）。其核心功能包括为已知游戏预设配置文件和通用的 AutoFix 回退机制，后者能够自动定位并修复 UE4\u002FUE5 结构体偏移量。此外，它还具有每个进程状态隔离、一键导出库文件及按类别拆分输出文件等特性。适用于需要对基于 Unreal Engine 的 Android 游戏进行逆向工程或内存分析的场景。","2026-06-11 04:07:05","CREATED_QUERY"]