Jump to content
alex772

x64 and x86 script and architecture

Recommended Posts

I made a script and it always worked! on all devices more in the last two days I started having a problem with some people n it is catching! I did some tests and I think it is because of the architecture of the cell, how can I make my script analyze which architecture of the cell so that I can solve this instead of making two scripts!

Share this post


Link to post
Share on other sites

Get a list of memory regions, look for the needed .so library there. Read its header in memory and determine the architecture from the header. Description ELF format is on the Internet.

Share this post


Link to post
Share on other sites

More than likely won't be x64 vs x86 if Mobile device. X64 vs x32 is there more likely scenario. 

Now if users are on emulator, then it translates arm to x86.

 

Share this post


Link to post
Share on other sites
1 hour ago, Enyby said:

Get a list of memory regions, look for the needed .so library there. Read its header in memory and determine the architecture from the header. Description ELF format is on the Internet.

could you explain it better? my english is not cool, sorry!

Share this post


Link to post
Share on other sites

Also some scripts already do this checks. For example:

ElfInfo | Get Elf Info Using GG (#s3a1quy)

Also search in google: "how determine 32-bit ELF"

[added 3 minutes later]

For detect x32/x64 enough:

gg.getTargetInfo().x64

for get boolean.

Share this post


Link to post
Share on other sites

Here another piece of code for get arch in var arch:

	local archs = {[0x3] = 'x86', [0x28] = 'ARM', [0x3E] = 'x86-64', [0xB7] = 'AArch64'}
	local t = gg.getRangesList('^/data/*.so*$')
	local arch = 'unknown'
	for i, v in ipairs(t) do
		if v.type:sub(2, 2) == '-' then
			local t = gg.getValues({{address = v.start, flags = gg.TYPE_DWORD}, {address = v.start + 0x12, flags = gg.TYPE_WORD}})
			if t[1].value == 0x464C457F then
				arch = archs[t[2].value]
				if arch == nil then arch = 'unknown' end
			end
		end
	end

but you need understand: in process memory can be loaded libraries with different architectures.

So no exists such things as "process arch". It is only library based thing.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...