Jump to content
  • 0

Finding values that depend on another


Rdosk

Question

Is it possible to search or know if a value from another address is being called from another address?

 

For example, if from a different address they are calling this value from this address:

image.thumb.png.b4797e851674982a74b116ddbe9f28ce.png

Excuse me if I don't make myself understood, thank you in advance for helping me.

 

Link to comment
Share on other sites

8 answers to this question

Recommended Posts

On 1/9/2023 at 2:32 AM, Rdosk said:

Is it possible to search or know if a value from another address is being called from another address?

 

For example, if from a different address they are calling this value from this address:

image.thumb.png.b4797e851674982a74b116ddbe9f28ce.png

Excuse me if I don't make myself understood, thank you in advance for helping me.

 

MOV R0, #82 is an instruction 
R0 -> is a register
registers doesn't have access to memory unless using ldr or str their job is just data processing
these instruction is for the cpu and in the proccessor
you can't know which function they call  unless u attach a debugger to the proccessor
GG can't handdle what u want to achieve (as far I know)

Link to comment
Share on other sites

1 hour ago, XEKEX said:

MOV R0, #82 is an instruction 
R0 -> is a register
registers doesn't have access to memory unless using ldr or str their job is just data processing
these instruction is for the cpu and in the proccessor
you can't know which function they call  unless u attach a debugger to the proccessor
GG can't handdle what u want to achieve (as far I know)

Ok, I understand, thank you very much, sorry for so many questions, but do you know how to attach a debugger to the processor?

Link to comment
Share on other sites

19 hours ago, Rdosk said:

Ok, I understand, thank you very much, sorry for so many questions, but do you know how to attach a debugger to the processor?

GG is a debugger aswell but it have a limit which is it cant debug the proccessor limited by the running proccess ( running game ) only
other debuggers such as dbg or ida you need a pc and adb  and other tools to attach them to the proccessor and the cpu directly
you can bypass GG limit by injecting arbitrary codes(shell code) to the running proccess and change it's behaviour in the cpu level

Link to comment
Share on other sites

On 1/9/2023 at 2:32 AM, Rdosk said:

Is it possible to search or know if a value from another address is being called from another address?

 

For example, if from a different address they are calling this value from this address:

image.thumb.png.b4797e851674982a74b116ddbe9f28ce.png

Excuse me if I don't make myself understood, thank you in advance for helping me.

 

When you look at the dump file the values on the Field in the same class are calling the methods (same class)
if the function (method) is public then it can be called from outside the class if it's private it's just for that class and it can not be called from outside it ,
if the function is public it's hard to trace it but it's possible use gg to alloc new memory read write and execute and then perform trampoline hook manually on that function ( copy the 2 instruction from the original function (push and somthing else) into the new alloc memory then use STR R0, to an address that contain 0 value then jump back to the original function after the nop address in the original function change push to jump to your alloc memory followed by nop)
the address u specifed in the STR instruction will hold the caller address (you need to store R0 only be cause it hold the caller address) 
if you don't know what is trampoline hook you can search for it on youtube
be carfull when doing it manually

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.