how to edit a specific memory address?

[vcry]

hello i need to edit a libil2cpp memory value.

 

I need to modify two values inside the memory, the main and the secondary (bottom), where is: 

main value modify to : A MOV R0, #1

sec value modify to: A BX LR

rangeList: libil2cpp.so

offset: 0x6225F4

I looked for a template and found it, but it can only modify the main value and not the secondary one, see: 

 

local start = gg.getRangesList('libil2cpp.so')[1].start

  gg.setValues({{address = start + 0x6225F4, flags = 4, value = '~A MOV R0, #1'}})

 

how do i modify the low value of it together? 

 

 

 

[Platonic]

On 6/11/2022 at 1:22 PM, vcry said:

 

local start = gg.getRangesList('libil2cpp.so')[1].start
gg.setValues({{address = start + 0x6225F4, flags = 4, value = '~A MOV R0, #1'},{address = start + 0x6225F0, flags = 4, value = '~A BX LR'}})

 

[Godiskata]

2 hours ago, Platonic said:

local start = gg.getRangesList('libil2cpp.so')[1].start
gg.setValues({{address = start + 0x6225F4, flags = 4, value = '~A MOV R0, #1'},{address = start + 0x6225F0, flags = 4, value = '~A BX LR'}})

 

I think second offset is 0x6225f8

Edited January 16 by Godiskata

[Platonic]

2 hours ago, Godiskata said:

I think second offset is 0x6225f8

It was just an example

[Platonic]

16 minutes ago, zolotov_official0 said:

why do you continue to use these ancient methods of patching, there are loadlists that are faster and easier to update and take less code and are more amenable to obfuscation

Because the question was not "improve my script" or something like that. Personally i build on what is provided unless asked otherwise.

 

Edited January 19 by Platonic
Added screenshot

[CmP]

56 minutes ago, zolotov_official0 said:

why do you continue to use these ancient methods of patching, there are loadlists that are faster and easier to update and take less code and are more amenable to obfuscation

Is this opinion based on facts or your subjective preferences? Almost all claims don't correspond to reality.

1. "ancient methods of patching". Restoring saved list has been there before scripts, so it's clearly the other way around.

2. "loadlists are faster". Based on what? Where are the results of performance tests? What's obvious without tests is that both methods are "instant" for editing hundreds or even few thousands values.

3. "loadlists are easier to update". Nothing prevents one from writing script in a way to be as easy updatable as possible, for example, with configuration table. And format of saved lists is far from being comfortable to work with manually.

4. "loadlists take less code". They do, at cost of losing all flexibility. How to restore only some of patched values with saved lists? To keep saved list for each desired state of values? What if there are tens of such states?

And for some reason one of the most obvious disadvantages of saved lists isn't mentioned. It is required to (at least temporary) have a file for each one. So instead of directly patching values you suggest to create a file with saved list data and load it only to accomplish the same. If that isn't highly redundant approach, then I don't know what is.

[XEKEX]

On 6/11/2022 at 12:22 PM, vcry said:

hello i need to edit a libil2cpp memory value.

 

I need to modify two values inside the memory, the main and the secondary (bottom), where is: 

main value modify to : A MOV R0, #1

sec value modify to: A BX LR

rangeList: libil2cpp.so

offset: 0x6225F4

I looked for a template and found it, but it can only modify the main value and not the secondary one, see: 

 

local start = gg.getRangesList('libil2cpp.so')[1].start

  gg.setValues({{address = start + 0x6225F4, flags = 4, value = '~A MOV R0, #1'}})

 

how do i modify the low value of it together? 

 

 

 

to change 2 values u need to select 2 values u can add the 2ed address by adding new value to your table : 
arm_True= { ------------- we add new tabe that contain the arm instruction we want
[1] = '~A MOV R0, #1',
[2] = '~A BX LR',
}
-- in the table below (base_T) u can save only the address + offset of multiple functions (function a , b , c ,d .. )
base_T = {['address'] = gg.getRangesList('libil2cpp.so')[1].start + offset } -------- we add another table that contain the base address + offset


for i = 1 ,#arm_True do ------------ I prefer use for loop this will make changes depending on the number of changes in arm table
base_T[i].value = arm_True[i]
base_T[i].address + 4 ------------- the 2ed address is always the prev one + 4 
end
-- if u use the loop above it will change all the functions a,b,c ,d .. to the arm instruction u want (true) without any other coding or searching for every 2ed address

gg.setValues(base_T) ----- then we set the values
--this method work for 2+ modification
--u can also write base_T[1] = .. base_T[2] = .. manually instead
-- u can add new index contain the original value in case u want to perform multiple changes
base_T  = gg.getValues(base)  ---- and it's values

Edited January 20 by XEKEX

[zolotov_official0]

On 1/20/2023 at 12:48 AM, CmP said:

Is this opinion based on facts or your subjective preferences? Almost all claims don't correspond to reality.

1. "ancient methods of patching". Restoring saved list has been there before scripts, so it's clearly the other way around.

2. "loadlists are faster". Based on what? Where are the results of performance tests? What's obvious without tests is that both methods are "instant" for editing hundreds or even few thousands values.

3. "loadlists are easier to update". Nothing prevents one from writing script in a way to be as easy updatable as possible, for example, with configuration table. And format of saved lists is far from being comfortable to work with manually.

4. "loadlists take less code". They do, at cost of losing all flexibility. How to restore only some of patched values with saved lists? To keep saved list for each desired state of values? What if there are tens of such states?

And for some reason one of the most obvious disadvantages of saved lists isn't mentioned. It is required to (at least temporary) have a file for each one. So instead of directly patching values you suggest to create a file with saved list data and load it only to accomplish the same. If that isn't highly redundant approach, then I don't know what is.

Script ended:
Loading time 100000 load list -> 0.00000000000000007
Loading time 100000 setValues -> 5699.009999999902684
 

 

Before arguing, you yourself should raise the level of knowledge.

[CmP]

13 minutes ago, zolotov_official0 said:

Script ended:
Loading time 100000 load list -> 0.00000000000000007
Loading time 100000 setValues -> 5699.009999999902684

Do you even understand yourself these "results"? They are beyond nonsense. Loading list with 100000 values took less than a millisecond? Setting 100000 values took 5699 seconds? At least include the code that has been used for "testing".

[zolotov_official0]

Just now, CmP said:

Do you even understand yourself these "results"? They are beyond nonsense. Loading list with 100000 values took less than a millisecond? Setting 100000 values took 5699 seconds? At least include the code that has been used for "testing".

no.

[CmP]

26 minutes ago, zolotov_official0 said:

no.

Then I can do it for you, since it turns out that you are not only wrong about performance of loading saved list and setting values, but are terribly wrong.

Code that has been used for test: 

local savedListFilePath = "/mnt/windows/BstSharedFolder/com.cxinventor.file.explorer.txt"

gg.clearList()

local clockStart = os.clock()
gg.loadList(savedListFilePath, gg.LOAD_VALUES)
local loadListTime = os.clock() - clockStart

local values = gg.getListItems()

clockStart = os.clock()
gg.setValues(values)
local setValuesTime = os.clock() - clockStart

print("gg.loadList time: " .. string.format("%.3f", loadListTime))
print("gg.setValues time: " .. string.format("%.3f", setValuesTime))

Saved list file that has been used for test: 
com.cxinventor.file.explorer.txt

Result of the test:

Interpretation of result:
Loading list of 8192 4-byte values with option to set values with "loadList" API function took around 100x more time than setting the same values with "setValues" API function.

So it's not a question of which method works faster. The question that remains is why did you, @zolotov_official0, post nonsense results instead of doing proper test.

[CmP]

And loading saved list with option to set values can't really be faster than setting values directly by definition, since loading list in this case includes setting values. Also what makes loading saved list significantly slower than directly setting values is not setting values part, it's everything that needs to be done before that: reading and parsing saved list file, populating saved list with items.

[MC189]

Quote

The question that remains is why did you, @zolotov_official0, post nonsense results instead of doing proper test.

Aha, I love it.

[zolotov_official0]

On 1/16/2023 at 9:50 AM, Platonic said:

local start = gg.getRangesList('libil2cpp.so')[1].start
gg.setValues({{address = start + 0x6225F4, flags = 4, value = '~A MOV R0, #1'},{address = start + 0x6225F0, flags = 4, value = '~A BX LR'}})

 

why do you continue to use these ancient methods of patching, there are loadlists that are faster and easier to update and take less code and are more amenable to obfuscation