Rdosk Posted January 9, 2023 Posted January 9, 2023 Is it possible to search or know if a value from another address is being called from another address? For example, if from a different address they are calling this value from this address: Excuse me if I don't make myself understood, thank you in advance for helping me.
XEKEX Posted January 24, 2023 Posted January 24, 2023 use this script it might work for you. Regview (ARMv7) (#5rdiyt3s)
CmP Posted January 24, 2023 Posted January 24, 2023 2 hours ago, XEKEX said: GG is a debugger aswell GG is definitely not a debugger. The differences between memory editors that use ptrace and debuggers are well-explained in the following post: View/Change Register on instruction. (#bu3i9nm8)
XEKEX Posted January 24, 2023 Posted January 24, 2023 3 minutes ago, CmP said: GG is definitely not a debugger. The differences between memory editors that use ptrace and debuggers are well-explained in the following post: View/Change Register on instruction. (#bu3i9nm8) Oh ty for your information
Rdosk Posted January 24, 2023 Author Posted January 24, 2023 3 hours ago, XEKEX said: Oh ty para su información Thank you very much, they help me a lot.
XEKEX Posted January 28, 2023 Posted January 28, 2023 On 1/9/2023 at 2:32 AM, Rdosk said: Is it possible to search or know if a value from another address is being called from another address? For example, if from a different address they are calling this value from this address: Excuse me if I don't make myself understood, thank you in advance for helping me. When you look at the dump file the values on the Field in the same class are calling the methods (same class) if the function (method) is public then it can be called from outside the class if it's private it's just for that class and it can not be called from outside it , if the function is public it's hard to trace it but it's possible use gg to alloc new memory read write and execute and then perform trampoline hook manually on that function ( copy the 2 instruction from the original function (push and somthing else) into the new alloc memory then use STR R0, to an address that contain 0 value then jump back to the original function after the nop address in the original function change push to jump to your alloc memory followed by nop) the address u specifed in the STR instruction will hold the caller address (you need to store R0 only be cause it hold the caller address) if you don't know what is trampoline hook you can search for it on youtube be carfull when doing it manually
XEKEX Posted January 23, 2023 Posted January 23, 2023 On 1/9/2023 at 2:32 AM, Rdosk said: Is it possible to search or know if a value from another address is being called from another address? For example, if from a different address they are calling this value from this address: Excuse me if I don't make myself understood, thank you in advance for helping me. MOV R0, #82 is an instruction R0 -> is a register registers doesn't have access to memory unless using ldr or str their job is just data processing these instruction is for the cpu and in the proccessor you can't know which function they call unless u attach a debugger to the proccessor GG can't handdle what u want to achieve (as far I know)
Rdosk Posted January 23, 2023 Author Posted January 23, 2023 1 hour ago, XEKEX said: MOV R0, #82 is an instruction R0 -> is a register registers doesn't have access to memory unless using ldr or str their job is just data processing these instruction is for the cpu and in the proccessor you can't know which function they call unless u attach a debugger to the proccessor GG can't handdle what u want to achieve (as far I know) Ok, I understand, thank you very much, sorry for so many questions, but do you know how to attach a debugger to the processor?
XEKEX Posted January 24, 2023 Posted January 24, 2023 19 hours ago, Rdosk said: Ok, I understand, thank you very much, sorry for so many questions, but do you know how to attach a debugger to the processor? GG is a debugger aswell but it have a limit which is it cant debug the proccessor limited by the running proccess ( running game ) only other debuggers such as dbg or ida you need a pc and adb and other tools to attach them to the proccessor and the cpu directly you can bypass GG limit by injecting arbitrary codes(shell code) to the running proccess and change it's behaviour in the cpu level
Question
Rdosk
Is it possible to search or know if a value from another address is being called from another address?
For example, if from a different address they are calling this value from this address:
Excuse me if I don't make myself understood, thank you in advance for helping me.
8 answers to this question
Recommended Posts
Archived
This topic is now archived and is closed to further replies.