Jump to content
  • 0

Why extra bytes between string length and string name


nok1a

Question

Posted

Have a key name from a .xml file. I noticed that each key had 4 bytes in between string length and string name. Can someone perhaps explain why is that?

Tried on many games and same results. Always the 4 bytes in-between.

Screenshot_2023-04-15-06-02-55-764_com.f1player.jpg

5 answers to this question

Recommended Posts

Posted

Because that's how ART implements Java strings, the "4 bytes in between" is a field with the following declaration: 

uint32_t hash_code_;
Posted

Hi @nok1a, as mentioned above. Since the string is being 'loaded' in Memory, you can try to encapsulate those string using UTF-16 or ASCII. You can call it Unicode, and it is very often for UTF-16 string to have Memory left-over or fingerprint. You might want to find UTF-8 version of the string, if you didn't find them or it is already flushed from Memory: you can try to set-breakpoint until the UTF-8 string is fully loaded. The reason for this is: you can easily find the UTF-8 comings from.

Posted
On 4/15/2023 at 11:28 AM, CmP said:

Because that's how ART implements Java strings, the "4 bytes in between" is a field with the following declaration: 

uint32_t hash_code_;

Thanks, would it be possible for dump the key, values and their representing hash codes so that it is more easy to find desired values since those values change address all the time?
I don't have much to work with, There is a pointer for strings, pointer for long floats and pointers for integer types. They are under the path name: system@[email protected], and all these pointers then point to one pointer. Which i do be calling main pointer which points to it's own memory address.


strings keys/values:

image.thumb.png.1d8fe442f6338c892556110cca81b3f7.png

Floats values:

image.thumb.png.d5daa7bb9e1a84930cc290b3d19aa076.png

...other types ...etc

main pointer to which all types point to:

image.thumb.png.e5b056499ea45f9afe2f58c49021a782.png

How can i find that main pointer directly on any game with script? Is there perhaps a key word that exist in any xml file in shared_ref which i then can use to find string pointer and from string pointer to main pointer? Just a theory, haven't tried anything yet in practice because not sure if the objective is possible.

Also not sure how to write values to files and structure them properly. All new.

Posted
On 4/16/2023 at 9:24 PM, nok1a said:

Thanks, would it be possible for dump the key, values and their representing hash codes so that it is more easy to find desired values since those values change address all the time?

Neither the question itself nor how it follows from the topic of the first post is not clear, so I can only add a comment regarding "hash_code_" field. It doesn't have to be initialized (to have value that is not 0), so it's value shouldn't be used in search for instances of a string, since it can and often will be 0.

Posted

additional info : 
 

public string test(string id){}

the argument passed to test (id of type string) will be the pointer to this string means R1 will be 0x13bf6d30 ( from your img)

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.