Jump to content
  • 0

how to edit a specific memory address?


vcry
 Share

Question

hello i need to edit a libil2cpp memory value.

 

I need to modify two values inside the memory, the main and the secondary (bottom), where is: 

main value modify to : A MOV R0, #1

sec value modify to: A BX LR

rangeList: libil2cpp.so

offset: 0x6225F4

I looked for a template and found it, but it can only modify the main value and not the secondary one, see: 

 

local start = gg.getRangesList('libil2cpp.so')[1].start

  gg.setValues({{address = start + 0x6225F4, flags = 4, value = '~A MOV R0, #1'}})

 

how do i modify the low value of it together? 

 

 

 

Link to comment
Share on other sites

13 answers to this question

Recommended Posts

  • 0
On 6/11/2022 at 1:22 PM, vcry said:

 

local start = gg.getRangesList('libil2cpp.so')[1].start
gg.setValues({{address = start + 0x6225F4, flags = 4, value = '~A MOV R0, #1'},{address = start + 0x6225F0, flags = 4, value = '~A BX LR'}})

 

Link to comment
Share on other sites

  • 0
2 hours ago, Platonic said:
local start = gg.getRangesList('libil2cpp.so')[1].start
gg.setValues({{address = start + 0x6225F4, flags = 4, value = '~A MOV R0, #1'},{address = start + 0x6225F0, flags = 4, value = '~A BX LR'}})

 

I think second offset is 0x6225f8

Edited by Godiskata
Link to comment
Share on other sites

  • 0
16 minutes ago, zolotov_official0 said:

why do you continue to use these ancient methods of patching, there are loadlists that are faster and easier to update and take less code and are more amenable to obfuscation

Because the question was not "improve my script" or something like that. Personally i build on what is provided unless asked otherwise.

 

IMG_20230119_214336.jpg

IMG_20230119_214351.jpg

Edited by Platonic
Added screenshot
Link to comment
Share on other sites

  • 0
56 minutes ago, zolotov_official0 said:

why do you continue to use these ancient methods of patching, there are loadlists that are faster and easier to update and take less code and are more amenable to obfuscation

Is this opinion based on facts or your subjective preferences? Almost all claims don't correspond to reality.

1. "ancient methods of patching". Restoring saved list has been there before scripts, so it's clearly the other way around.

2. "loadlists are faster". Based on what? Where are the results of performance tests? What's obvious without tests is that both methods are "instant" for editing hundreds or even few thousands values.

3. "loadlists are easier to update". Nothing prevents one from writing script in a way to be as easy updatable as possible, for example, with configuration table. And format of saved lists is far from being comfortable to work with manually.

4. "loadlists take less code". They do, at cost of losing all flexibility. How to restore only some of patched values with saved lists? To keep saved list for each desired state of values? What if there are tens of such states?

And for some reason one of the most obvious disadvantages of saved lists isn't mentioned. It is required to (at least temporary) have a file for each one. So instead of directly patching values you suggest to create a file with saved list data and load it only to accomplish the same. If that isn't highly redundant approach, then I don't know what is.

Link to comment
Share on other sites

  • 0
On 6/11/2022 at 12:22 PM, vcry said:

hello i need to edit a libil2cpp memory value.

 

I need to modify two values inside the memory, the main and the secondary (bottom), where is: 

main value modify to : A MOV R0, #1

sec value modify to: A BX LR

rangeList: libil2cpp.so

offset: 0x6225F4

I looked for a template and found it, but it can only modify the main value and not the secondary one, see: 

 

local start = gg.getRangesList('libil2cpp.so')[1].start

  gg.setValues({{address = start + 0x6225F4, flags = 4, value = '~A MOV R0, #1'}})

 

how do i modify the low value of it together? 

 

 

 

to change 2 values u need to select 2 values u can add the 2ed address by adding new value to your table : 
arm_True= { ------------- we add new tabe that contain the arm instruction we want
[1] = '~A MOV R0, #1',
[2] = '~A BX LR',
}
-- in the table below (base_T) u can save only the address + offset of multiple functions (function a , b , c ,d .. )
base_T = {['address'] = gg.getRangesList('libil2cpp.so')[1].start + offset } -------- we add another table that contain the base address + offset


for i = 1 ,#arm_True do ------------ I prefer use for loop this will make changes depending on the number of changes in arm table
base_T[i].value = arm_True[i]
base_T[i].address + 4 ------------- the 2ed address is always the prev one + 4 
end
-- if u use the loop above it will change all the functions a,b,c ,d .. to the arm instruction u want (true) without any other coding or searching for every 2ed address

gg.setValues(base_T) ----- then we set the values
--this method work for 2+ modification
--u can also write base_T[1] = .. base_T[2] = .. manually instead
-- u can add new index contain the original value in case u want to perform multiple changes
base_T  = gg.getValues(base)  ---- and it's values

Edited by XEKEX
Link to comment
Share on other sites

  • 0
On 1/20/2023 at 12:48 AM, CmP said:

Is this opinion based on facts or your subjective preferences? Almost all claims don't correspond to reality.

1. "ancient methods of patching". Restoring saved list has been there before scripts, so it's clearly the other way around.

2. "loadlists are faster". Based on what? Where are the results of performance tests? What's obvious without tests is that both methods are "instant" for editing hundreds or even few thousands values.

3. "loadlists are easier to update". Nothing prevents one from writing script in a way to be as easy updatable as possible, for example, with configuration table. And format of saved lists is far from being comfortable to work with manually.

4. "loadlists take less code". They do, at cost of losing all flexibility. How to restore only some of patched values with saved lists? To keep saved list for each desired state of values? What if there are tens of such states?

And for some reason one of the most obvious disadvantages of saved lists isn't mentioned. It is required to (at least temporary) have a file for each one. So instead of directly patching values you suggest to create a file with saved list data and load it only to accomplish the same. If that isn't highly redundant approach, then I don't know what is.

Script ended:
Loading time 100000 load list -> 0.00000000000000007
Loading time 100000 setValues -> 5699.009999999902684
 

 

Before arguing, you yourself should raise the level of knowledge.

Link to comment
Share on other sites

  • 0
13 minutes ago, zolotov_official0 said:

Script ended:
Loading time 100000 load list -> 0.00000000000000007
Loading time 100000 setValues -> 5699.009999999902684

Do you even understand yourself these "results"? They are beyond nonsense. Loading list with 100000 values took less than a millisecond? Setting 100000 values took 5699 seconds? At least include the code that has been used for "testing".

Link to comment
Share on other sites

  • 0
Just now, CmP said:

Do you even understand yourself these "results"? They are beyond nonsense. Loading list with 100000 values took less than a millisecond? Setting 100000 values took 5699 seconds? At least include the code that has been used for "testing".

no.

Link to comment
Share on other sites

  • 0
26 minutes ago, zolotov_official0 said:

no.

Then I can do it for you, since it turns out that you are not only wrong about performance of loading saved list and setting values, but are terribly wrong.

Code that has been used for test: 

local savedListFilePath = "/mnt/windows/BstSharedFolder/com.cxinventor.file.explorer.txt"

gg.clearList()

local clockStart = os.clock()
gg.loadList(savedListFilePath, gg.LOAD_VALUES)
local loadListTime = os.clock() - clockStart

local values = gg.getListItems()

clockStart = os.clock()
gg.setValues(values)
local setValuesTime = os.clock() - clockStart

print("gg.loadList time: " .. string.format("%.3f", loadListTime))
print("gg.setValues time: " .. string.format("%.3f", setValuesTime))

Saved list file that has been used for test: 
com.cxinventor.file.explorer.txt

Result of the test:
image.thumb.png.6c6115c7571b1fb5cc7117961c059b4e.png

Interpretation of result:
Loading list of 8192 4-byte values with option to set values with "loadList" API function took around 100x more time than setting the same values with "setValues" API function.

So it's not a question of which method works faster. The question that remains is why did you, @zolotov_official0, post nonsense results instead of doing proper test.

Link to comment
Share on other sites

  • 0

And loading saved list with option to set values can't really be faster than setting values directly by definition, since loading list in this case includes setting values. Also what makes loading saved list significantly slower than directly setting values is not setting values part, it's everything that needs to be done before that: reading and parsing saved list file, populating saved list with items.

Link to comment
Share on other sites

  • -1
On 1/16/2023 at 9:50 AM, Platonic said:
local start = gg.getRangesList('libil2cpp.so')[1].start
gg.setValues({{address = start + 0x6225F4, flags = 4, value = '~A MOV R0, #1'},{address = start + 0x6225F0, flags = 4, value = '~A BX LR'}})

 

why do you continue to use these ancient methods of patching, there are loadlists that are faster and easier to update and take less code and are more amenable to obfuscation

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.