Jump to content
  • 0

x64 and x86 script and architecture


alex772

Question

I made a script and it always worked! on all devices more in the last two days I started having a problem with some people n it is catching! I did some tests and I think it is because of the architecture of the cell, how can I make my script analyze which architecture of the cell so that I can solve this instead of making two scripts!

Link to comment
Share on other sites

5 answers to this question

Recommended Posts

1 hour ago, Enyby said:

Get a list of memory regions, look for the needed .so library there. Read its header in memory and determine the architecture from the header. Description ELF format is on the Internet.

could you explain it better? my english is not cool, sorry!

Link to comment
Share on other sites

  • Administrators

Here another piece of code for get arch in var arch:

	local archs = {[0x3] = 'x86', [0x28] = 'ARM', [0x3E] = 'x86-64', [0xB7] = 'AArch64'}
	local t = gg.getRangesList('^/data/*.so*$')
	local arch = 'unknown'
	for i, v in ipairs(t) do
		if v.type:sub(2, 2) == '-' then
			local t = gg.getValues({{address = v.start, flags = gg.TYPE_DWORD}, {address = v.start + 0x12, flags = gg.TYPE_WORD}})
			if t[1].value == 0x464C457F then
				arch = archs[t[2].value]
				if arch == nil then arch = 'unknown' end
			end
		end
	end

but you need understand: in process memory can be loaded libraries with different architectures.

So no exists such things as "process arch". It is only library based thing.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.