darklinux

Ah, in that case I have a feeling GG will not support native threads. I do want to release a small shellcode lib for native functions. I have "LoadLibrary" working, next is CreateThread, VirtualProtect and so on. Should be easy to do with little asm.

GG supports web requests via makeRequest, multi threading would help a lot when making multiple requests.

View File Jad3d arm64 .so injector Info: This project is in a "work in progress" state. Please report any bugs or suggestions. Many features are missing, like "create thread", "save settings", ... Testing was limited, not all .so will work How to use: Attach GG to target process Run script, click "Inject" Locate file via file prompt Select function by name that you would like to run Toggle target app to background and then to foreground Done! Submitter darklinux Submitted 07/26/2022 Category Tools  

You would need to log API requests, unless its over a socket, then its much harder to narrow down.

I have been writing an arm64 .so lib loader for GG over the last week. I'm going to be releasing it soon. It will have some examples of shellcode and hooks. Yes, that's the idea, you would allocate a page and write your asm byte code to it.

https://gameguardian.net/help/classgg.html#a15e72eaba99c1eadac1ccdeb8e2b5009 Has some good info I would use a site like https://godbolt.org/ I'm using ARM64 gcc trunk You can write some c++ code like, int square(int num) { return num * num; } and get asm for it sub sp, sp, #16 str w0, [sp, 12] ldr w0, [sp, 12] mul w0, w0, w0 add sp, sp, 16 ret then use something like http://shell-storm.org/online/Online-Assembler-and-Disassembler/ I'm using AArch64 This will take your asm and convert it to byte code "\xff\x43\x00\xd1\xe0\x0f\x00\xb9\xe0\x0f\x40\xb9\x00\x7c\x00\x1b\xff\x43\x00\x91\xc0\x03\x5f\xd6" You will need to write your own functions, but something like this, local shell_code = "\xff\x43\x00\xd1\xe0\x0f\x00\xb9\xe0\x0f\x40\xb9\x00\x7c\x00\x1b\xff\x43\x00\x91\xc0\x03\x5f\xd6" local shell_address = gg.allocatePage(gg.PROT_READ | gg.PROT_WRITE | gg.PROT_EXEC) local result = hook(offset + base, shell_code, shell_address) I would recommend reading over this project, GGInjector (#9c9qcq9g)

Not the shell code part, that's why I wish GG supported hooks. GG would handle the allocation and hooking, and then passes the values to lua. GG is currently external, so it would be a drastic change. I have implemented my own hooking library for lua, so it can be done. Hook example, hookFun = function(x) return x * 2 end -- address -- lua hook function -- arg sizes array -- return arg size -- return or complete function (ret, complete) gg.hook(offset + base, hookFun, [TYPE_DWORD], TYPE_DWORD, HOOK_RET) Native call example -- address -- name -- arg sizes array -- return arg size gg.regsiterNative(offset + base, 'sendPacket', [TYPE_DWORD, TYPE_DWORD], TYPE_DWORD) function StopFalling() packetStopFallingId = 154 return sendPacket(packetStopFallingId, 1) == 1 end

If you wanted to hook a function to change values, or call thread specific functions. allocate new page write shell code to page write hook to target function GG does something like this for speed hacks, but they load a shared library and not shell code. I have used this method to send packets on a specific game play trigger. Lots of fun and powerful but you start to get into native hacks real quick. I wish GG supported hooks and more native stuff.

It allows you to allocate a new page in the target processes. You can write code to the page for a hook, or data or anything. What are you looking to do?

Nice addition! New goal hype! What happened to the donation rank? Is that still a think?

nvm, this does not look easy https://stackoverflow.com/questions/1083154/how-can-i-catch-sigsegv-segmentation-fault-and-get-a-stack-trace-under-jni-on/1083335#1083335

Ya, that would be cool, I'm not sure where to post requests, but its probably too much work. I haven't checked if they would even be able to catch the access violation via an exception handler. Still learning

If you are changing code it would be easy for them to detect changes. I'm not sure if GG supports hardware debugging to find who is read the address. I don't see anything under the api section. You could find a page of code that does not get executed and remove the page read flag. This would cause an access exception pointing to the code doing the check. --edit Looks like GG does not support page protection changes Should request to have mprotect added as a new feature.