How to get instruction set architecture on emulator | virtual memory addresses

[Platonic]

Hi,

I want to make script that can check instruction set architecture of the game. I'm using emulator, gg.getTargetInfo() does not work.

I want to writte as less as possible but clear and effecient Currently im using path name to filter out strings.

function ISACheck()
  -- possible instruction sets
  local ISA_x64Emulator = "/x86_64/" -- 64 bit emulator
  local ISA_x64 = "/arm64/"   -- 64 bit
  local ISA_x32Emulator = "/x86/" -- 32 bit emulator
  local ISA_x32 = "/arm/" -- 32 bit
  local ranges = gg.getRangesList('base.odex')
  if #ranges == 0 then
    ranges = gg.getRangesList('classes.dex')
  end
  
  for i, v in ipairs(ranges) do
    if v.state == "Xa" then
      if string.find(v.internalName, ISA_x64Emulator) ~= nil or string.find(v.internalName, ISA_x64) ~= nil then
        instructionSetArchitecture = 64
        dataType = gg.TYPE_QWORD
      elseif string.find(v.internalName, ISA_x32Emulator) ~= nil or string.find(v.internalName, ISA_x32) ~= nil then
        instructionSetArchitecture = 32
        dataType = gg.TYPE_DWORD
      else
        print('Does not recognize instruction set')
        os.exit()
      end
    end
  end
  print(instructionSetArchitecture)
end
ISACheck()

But this script quite long for its objective i think.

1.) If current script can be optimized, please post it.

2.) So i wanted to ask if it would be reasonable to use the ["end"] key in gg.getRangesList() to decide if the game is 64 or 32bit by putting a condition on that address if it exceeds 32bit? But it also got me to the next question.

3.) Games of 32bit are always loaded in memory addresses of max 32bit. But 64bit games uses 32bit memory addresses but also memory addresses of max 64bit. But is this "always" the case? Can it happen that a 64bit game is loaded at only memory addresses of max 32bit in size? It would make the whole calculating address size useless i think.

4.) Or if there is a more efficient way to get instruction set architecture. Please let me know.

Please keep note, the game being a split.apk should not intervene with getting the instruction set architecture.

[Lover1500]

function is_x64()
    local ranges = gg.getRangesList("/data/".."*.so") --.so or.apk
    --you can also use "/data/*"..gg.getTargetPackage if it works.
    if #ranges==0 then return "Not found lib.so" end
    if ranges[1].start>0xFFFFFFFF then return true end
    return false
end
print(is_x64())

I think No.2 checking is cool.

 

[CmP]

Finding out whether process is 32-bit or 64-bit doesn't require finding out libraries for which architecture are used in the process, so these questions are not equivalent. According to the provided code, the topic is more likely about the first question.

To find out whether process is 32-bit or 64-bit there are the following simple options (both of which are mentioned in topic starting post, but not implemented in the code from the post):
  - by using "x64" field of table returned by "gg.getTargetInfo" function (only if the function returns table and the field is present in returned table);
  - by checking whether address range of last memory region (the one with highest address) is within 32 bits or not.

Since the first option can not work in some cases, suggested algorithm is to first try checking using the first option, then if it fails, check using the second option. Alternatively only check using the second option.

Implementation of the first option is trivial. The second option can be implemented, for example, like: 

function isProcess64Bit()
  local regions = gg.getRangesList()
  local lastAddress = regions[#regions]["end"]
  return (lastAddress >> 32) ~= 0
end