Un_Known Posted June 20, 2019 Posted June 20, 2019 (edited) If know that this is static address of coins? And I reverse libgame.so what address should i be looking for during static analysis of LIbgame.so to find coins ? @Enyby @NoFear Edited June 20, 2019 by Un_Known
Administrators Enyby Posted June 20, 2019 Administrators Posted June 20, 2019 0x5180 in .bss section. 2
Administrators Enyby Posted June 20, 2019 Administrators Posted June 20, 2019 Round up to full page: 003D5000. 003D5000 + 5170 = 003DA170 Goto (key G): We here: We can press X and go on. 3
Un_Known Posted June 20, 2019 Author Posted June 20, 2019 6 minutes ago, Enyby said: Round up to full page: 003D5000. 003D5000 + 5170 = 003DA170 Goto (key G): We here: We can press X and go on. which version of ida do you use?
Administrators Enyby Posted June 20, 2019 Administrators Posted June 20, 2019 It can be any. 6.5 or 6.8 maybe even 5.0, maybe more new. Does not matter. 2
Un_Known Posted June 20, 2019 Author Posted June 20, 2019 36 minutes ago, Enyby said: Round up to full page: 003D5000. 003D5000 + 5170 = 003DA170 Goto (key G): We here: We can press X and go on. Thnx again for ur keen support
Un_Known Posted June 20, 2019 Author Posted June 20, 2019 (edited) 3 hours ago, Enyby said: It can be any. 6.5 or 6.8 maybe even 5.0, maybe more new. Does not matter. @Enyby I have shared two pics one depicting from where my .bss section another depicting where it(.bss section) ends. As i know that 5170 is the value or offset to be added to some address but bit confused about the address to which i have to add 5170, means how to figure out that address. Help_me Thanx Edited June 20, 2019 by Un_Known
Administrators Enyby Posted June 20, 2019 Administrators Posted June 20, 2019 3 hours ago, Enyby said: Round up to full page: 003D5000. 003D5000 + 5170 = 003DA170 Try read my messages. You need round up .bss start address to full page. 3 last numbers must be zero. [added 1 minute later] 003A4BA8 round up to 003A5000. So you need add 5170 to it. In hex math of course. 4
Un_Known Posted June 20, 2019 Author Posted June 20, 2019 19 minutes ago, Enyby said: Try read my messages. You need round up .bss start address to full page. 3 last numbers must be zero. [added 1 minute later] 00p to 003A5000. So you need add 5170 to it. In hex math of course. Okk I got this concept very well but can't Kill my Curiosity and Enthusiasm and asking you another question that! 003A4BA8 is the address to be rounded off and and as you said we have to round off to thousand (last 3 digits 0) and here 4 is rounded up to 5 because i think B which equals 11 in hex is a large no but if instead of B there would be a small number such as 3 and address should be like 003A43A8 in this case would it be rounded down means 4 would be reduced to 3 and rounded off address should be like 003A3000. Is it correct ? why we have to round off why is it required! longlive well wishes @Enyby
Administrators Enyby Posted June 20, 2019 Administrators Posted June 20, 2019 No. Round up mean round UP. Round down mean round DOWN. And round mean round by math rules. In this case round always UP. .bss section must follow .data section. No gap allowed between its. So .bss, if not start at new page, started at end .data segment. So in game memory it look like round up. 4
Un_Known Posted June 20, 2019 Author Posted June 20, 2019 (edited) 32 minutes ago, Un_Known said: Okk I got this concept very well but can't Kill my Curiosity and Enthusiasm and asking you another question that! 003A4BA8 is the address to be rounded off and and as you said we have to round off to thousand (last 3 digits 0) and here 4 is rounded up to 5 because i think B which equals 11 in hex is a large no but if instead of B there would be a small number such as 3 and address should be like 003A43A8 in this case would it be rounded down means 4 would be reduced to 3 and rounded off address should be like 003A3000. Is it correct ? why we have to round off why is it required! longlive well wishes @Enyby I think I must be wrong with the above concept. If that is so plz pardon me and instead i understood Rounding off but couldn't understand that what Full page or rounding to full page means or what are you trying to say can you help me with that @Enyby Edited June 20, 2019 by Un_Known
Administrators Enyby Posted June 20, 2019 Administrators Posted June 20, 2019 Memory page is 4096 bytes. or 1000 in hex. In general, you do not need to understand what and why. Enough to round up. I do not have time for long and extensive explanations. 4
Un_Known Posted June 21, 2019 Author Posted June 21, 2019 On 6/20/2019 at 11:36 PM, Enyby said: Memory page is 4096 bytes. or 1000 in hex. In general, you do not need to understand what and why. Enough to round up. I do not have time for long and extensive explanations. Thnx @Enyby I Got the concept which you were trying to explain to me. God Bless u! 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now