Identifies 3D game entity objects in a JVM heap by structural validation — checking for coordinate triples, velocity vectors, and rotation angles at sequential memory offsets — without knowing field names, class names, or object layout.
Every 3D entity in every game engine shares the same fundamental structure: position (3 coordinates), velocity (3 components), and rotation (pitch + yaw). These values have physics-constrained ranges that make them identifiable regardless of obfuscation:
| Field | Type | Range | Why |
|---|---|---|---|
| Position X, Z | double |
[-3×10⁷, 3×10⁷] | World boundary |
| Position Y (height) | double |
[-64, 320] | Vertical bounds |
| Velocity X, Y, Z | double |
[-20, 20] | Physics speed cap |
| Pitch | double/float |
[-90, 90] | Vertical camera |
| Yaw | double/float |
[-180, 360] | Horizontal camera |
An object that has 3 consecutive doubles in position range + 3 consecutive doubles in velocity range is almost certainly an entity. The probability of a random object accidentally matching is astronomically low.
Score 4/4: STRONG ENTITY — position + velocity + pitch + yaw all found
Score 3/4: STRONG ENTITY — 3 of 4 criteria met
Score 2/4: POSSIBLE ENTITY — might be a partial entity (2D, static)
Score 1/4: UNLIKELY — one coincidental match
Score 0/4: NOT ENTITY — no spatial data found
For each candidate object:
1. Read all doubles at offsets 16-320 (8-byte aligned)
2. Search for 3 CONSECUTIVE doubles in position range → Score +1
3. Search for 3 CONSECUTIVE doubles in velocity range → Score +1
(must be at different offset than position)
4. Search for 1 double in [-90, 90] → pitch → Score +1
5. Search for 1 double in [-180, 360] at different offset → yaw → Score +1
6. Score ≥ 3 → ENTITY CONFIRMED
Game engines store coordinates as struct fields: posX, posY, posZ are declared sequentially, so the JVM lays them out at consecutive offsets. This constraint eliminates false positives from objects that happen to have one in-range double.
set JAVA_HOME=C:\Program Files\Java\jdk1.8.0_251
build.bat- Inject
entity_validator.dllinto a JVM process - Read
%TEMP%\entity_validator\validator.log
The demo validates JDK objects (Thread, Object, System) which correctly score 0/4. To validate actual game entities, combine with hotspot-class-mirror-scanner to find entity instances first.
1. jvm-oop-calibrator → calibrate OOP range
2. hotspot-class-mirror-scanner → find singleton instances
3. structural-entity-validator → confirm which objects are entities
4. java-field-differential-probe → map exact field offsets
{
"ranges": {
"position": [-30000000, 30000000],
"height": [-64, 320],
"velocity": [-20, 20],
"pitch": [-90, 90],
"yaw": [-180, 360]
},
"validations": [
{"target": "Thread", "score": 0, "verdict": "NOT ENTITY (score=0/4)"},
{"target": "GameEntity", "score": 4, "verdict": "STRONG ENTITY (score=4/4)",
"position": {"offset": 64, "x": 127.5, "y": 72.0, "z": -341.2},
"velocity": {"offset": 88, "x": 0.03, "y": -0.08, "z": 0.01},
"pitch": {"offset": 112, "value": 12.5},
"yaw": {"offset": 120, "value": -87.3}}
]
}Adjust ranges in entity_validator.cpp for different game engines:
static const double POS_MIN = -3.0e7; // world size
static const double HEIGHT_MIN = -64.0; // vertical bounds
static const double VEL_MAX = 20.0; // physics speed capFor reverse engineering education, game modding research, and JVM memory analysis in controlled environments.
MIT — see LICENSE.