Jump to content

Recommended Posts

Posted (edited)

 

If know that this is static address of coins?

And I reverse libgame.so what address should i be looking for  during static analysis of LIbgame.so to find coins ?

@Enyby @NoFear

Screenshot_Hill_Climb_Racing_20190619-204132.png

Edited by Un_Known

Share this post


Link to post
Share on other sites

0x5180 in .bss section.

Share this post


Link to post
Share on other sites

scr_1561028857.png

scr_1561029312.png

Round up to full page: 003D5000.

003D5000 + 5170 = 003DA170

Goto (key G):

scr_1561029361.png

We here:

scr_1561029387.png

We can press X and go on.

Share this post


Link to post
Share on other sites
6 minutes ago, Enyby said:

scr_1561028857.png

scr_1561029312.png

Round up to full page: 003D5000.

003D5000 + 5170 = 003DA170

Goto (key G):

scr_1561029361.png

We here:

scr_1561029387.png

We can press X and go on.

which version of ida do you use?  

Share this post


Link to post
Share on other sites

It can be any. 6.5 or 6.8 maybe even 5.0, maybe more new. Does not matter.

Share this post


Link to post
Share on other sites
36 minutes ago, Enyby said:

scr_1561028857.png

scr_1561029312.png

Round up to full page: 003D5000.

003D5000 + 5170 = 003DA170

Goto (key G):

scr_1561029361.png

We here:

scr_1561029387.png

We can press X and go on.

Thnx again for ur keen support

Share this post


Link to post
Share on other sites
Posted (edited)
3 hours ago, Enyby said:

It can be any. 6.5 or 6.8 maybe even 5.0, maybe more new. Does not matter.

IMG_20190620_200552.thumb.jpg.cfdbb0ddc8e9e21a07652a0fe1848464.jpg

@Enyby I have shared two pics one depicting  from where my .bss section another depicting where it(.bss section) ends.

As i know that 5170 is the value or offset to be added to some address but bit confused about the address to which i have to add 5170, means how to figure out that address. Help_me Thanx

IMG_20190620_201128.jpg

Edited by Un_Known

Share this post


Link to post
Share on other sites
3 hours ago, Enyby said:

Round up to full page: 003D5000.

003D5000 + 5170 = 003DA170

Try read my messages.

You need round up .bss start address to full page. 3 last numbers must be zero.

[added 1 minute later]

003A4BA8 round up to 003A5000. So you need add 5170 to it. In hex math of course.

Share this post


Link to post
Share on other sites
19 minutes ago, Enyby said:

Try read my messages.

You need round up .bss start address to full page. 3 last numbers must be zero.

[added 1 minute later]

00p to 003A5000. So you need add 5170 to it. In hex math of course.

Okk I got this concept very well but can't Kill my Curiosity and Enthusiasm and asking you another question that!

003A4BA8 is the address to be rounded off and and as you said we have to round off to thousand (last 3 digits 0)

and here 4 is rounded up to 5 because i think B which equals 11 in hex is a large no but if instead of B there would be a small number such as 3

and address should be like 003A43A8 in this case would it be rounded down means 4 would be reduced to 3 and  rounded off address should be like 003A3000. Is it correct ?

why we have to round off why is it required!

longlive well wishes @Enyby

 

Share this post


Link to post
Share on other sites

No. Round up mean round UP. Round down mean round DOWN. And round mean round by math rules.

In this case round always UP.

.bss section must follow .data section. No gap allowed between its. So .bss, if not start at new page, started at end .data segment. So in game memory it look like round up.

Share this post


Link to post
Share on other sites
Posted (edited)
32 minutes ago, Un_Known said:

Okk I got this concept very well but can't Kill my Curiosity and Enthusiasm and asking you another question that!

003A4BA8 is the address to be rounded off and and as you said we have to round off to thousand (last 3 digits 0)

and here 4 is rounded up to 5 because i think B which equals 11 in hex is a large no but if instead of B there would be a small number such as 3

and address should be like 003A43A8 in this case would it be rounded down means 4 would be reduced to 3 and  rounded off address should be like 003A3000. Is it correct ?

why we have to round off why is it required!

longlive well wishes @Enyby

 

I think I must be wrong with the above concept.

If that is so plz pardon me and instead i understood Rounding off but couldn't understand that what Full page or rounding to full page means or what are you trying to say can you help me with that @Enyby

Edited by Un_Known

Share this post


Link to post
Share on other sites

Memory page is 4096 bytes. or 1000 in hex.

In general, you do not need to understand what and why. Enough to round up.
I do not have time for long and extensive explanations.

Share this post


Link to post
Share on other sites
On 6/20/2019 at 11:36 PM, Enyby said:

Memory page is 4096 bytes. or 1000 in hex.

In general, you do not need to understand what and why. Enough to round up.
I do not have time for long and extensive explanations.

Thnx @Enyby

I Got the concept which you were trying to explain to me.

God Bless u!

PicsArt_06-21-09.52.17.jpg

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...