offset from lib

[blocx]

hi some one if something is wrong or missing when i do manualy with gg it load good adress (start lib & 10BBCdC ) but script no go good adress thx

pi = 
gg.getRangesList("libil2cpp.so:")[1].start
local addr = pi + 0x10BBCDC
gg.setValues({ {address = addr, flags = 4, value = 1384440288} })

 

Edited October 12, 2022 by blocx
error

[MonkeySAN]

try this..?

pi = 
gg.getRangesList("libil2cpp.so:")[2].start
local addr = pi + 0x10BBCDC
gg.setValues({ {address = addr, flags = 4, value = 1384440288} })

 

[blocx]

https://play.google.com/store/apps/details?id=com.vng.g6.a.zombie 

[RealWanteD]

function setvalue(address,flags,value) local tt={} tt[1]={} tt[1].address=address tt[1].flags=flags tt[1].value=value gg.setValues(tt) end 



so=gg.getRangesList('libil2cpp.so')[1].start

py=0x10BBCDC 

setvalue(so+py,4,1384440288)

 

[blocx]

this give error 

[RealWanteD]

Like this brother

See the photo

Line 1

 

Line 38

 

 

test.lua

[blocx]

thx i test that

still error

[Collen]

33 minutes ago, blocx said:

thx i test that

still error

Change the function name.

[MC874]

1 hour ago, blocx said:

thx i test that

still error

Hi! could it the script confused by one-liner? You might want to try this:
 

function setprops(address,flags,value)
	local tt={}
	tt[1]={}
	tt[1].address=address
	tt[1].flags=flags
	tt[1].value=value
	gg.setValues(tt)
end

so=gg.getRangesList('libil2cpp.so')[1].start
py=0x10BBCDC 
setprops(so+py,4,1384440288)

• - Fixed Indentation
• - Changing Function Name

Edited October 12, 2022 by MainC

[Platonic]

2 hours ago, blocx said:

hi some one if something is wrong or missing when i do manualy with gg it load good adress (start lib & 10BBCdC ) but script no go good adress thx

pi = 
gg.getRangesList("libil2cpp.so:")[1].start
local addr = pi + 0x10BBCDC
gg.setValues({ {address = addr, flags = 4, value = 1384440288} })

 

You will get the wrong path name. Remove the double point in that string. You have:

"libil2cpp.so:"

Do:

"libil2cpp.so"

Should solve the issue.

[blocx]

i delete : but still edit wrong value

 

[Platonic]

7 minutes ago, blocx said:

i delete : but still edit wrong value

 

Can you show how you do it manually.

[blocx]

1 adress of lib & 10BBCDC = VALUE I WANT EDIT BUT WHEN I WRITTE IN SCRIPT IT NOT THE RIGHT VALUE

[Platonic]

The script is fine when you remove that double point, if not removed you start address will be at Cb. So use print() to see what is happening. Then we also can stop guessing and wasting your time.

Try:

print(gg.getRangesList("libil2cpp.so"))

See which libil2cpp.so is at the top. And if its "state" is "Xa". If its "state" is in a other memory region you will have to apply a filter to your script so that it only takes the libil2cpp address from region Xa.

If not sure you can post the print result here.

Edited October 12, 2022 by Platonic

[blocx]

39 minutes ago, MonkeySAN said:

try this..?

pi = 
gg.getRangesList("libil2cpp.so:")[2].start
local addr = pi + 0x10BBCDC
gg.setValues({ {address = addr, flags = 4, value = 1384440288} })

 

it work fine bro thx

why {2] instead {1] ?

[MonkeySAN]

as @Platonic had suggested..

Xa region in 'libil2cpp.so' start at 2

hence the = 'libil2cpp.so'[2].start

Edited October 12, 2022 by MonkeySAN