Jump to content

Question

Posted

i have a problem (ok more than one 😁). i can t find game lib in /data/game/lib nor in process/range list when i run gg, but it is present in apk. so i can t use chainer anymore because cd and cb are empty. any suggestion?

sorry for my bad english

Recommended Posts

  • 0
Posted (edited)

thanks @nok1a i ll try it with chainer asap. meanwhile i did some test manually and i manage to get it works.

when libRealRacing.so is not present in /data/app/etc... i get this using gg.getRangesList("com.ea.games.r3_row*base.apk*bss"):

Script terminato:
Start: 0x7CF1C07000
dimension: 0x32000


Start: 0x7CFE362000
dimension: 0x42000


Start: 0x7CFE4AD000
dimension: 0x3000


Start: 0x7CFEDFE000
dimension: 0x2000


{ -- table(2e1b136)
	[1] = { -- table(3db1837)
		['end'] = 536632070144,
		['internalName'] = '/data/app/com.ea.games.r3_row-64kIDFJ_5MVEqukwLYrwhQ==/base.apk:bss',
		['name'] = '[anon:.bss]',
		['start'] = 536631865344,
		['state'] = 'O',
		['type'] = 'rw-p',
	},
	[2] = { -- table(73441a4)
		['end'] = 536841175040,
		['internalName'] = '/data/app/com.ea.games.r3_row-64kIDFJ_5MVEqukwLYrwhQ==/base.apk:bss',
		['name'] = '[anon:.bss]',
		['start'] = 536840904704,
		['state'] = 'O',
		['type'] = 'rw-p',
	},
	[3] = { -- table(6181b0d)
		['end'] = 536842272768,
		['internalName'] = '/data/app/com.ea.games.r3_row-64kIDFJ_5MVEqukwLYrwhQ==/base.apk:bss',
		['name'] = '[anon:.bss]',
		['start'] = 536842260480,
		['state'] = 'O',
		['type'] = 'rw-p',
	},
	[4] = { -- table(98faac2)
		['end'] = 536852037632,
		['internalName'] = '/data/app/com.ea.games.r3_row-64kIDFJ_5MVEqukwLYrwhQ==/base.apk:bss',
		['name'] = '[anon:.bss]',
		['start'] = 536852029440,
		['state'] = 'O',
		['type'] = 'rw-p',
	},
}

the first one starting at 0x7CF1C07000 is the working one.

Now i have a new question:

all ranges have same state,type,name. how to get the correct one writing a script? by  checking size? 

furthermore, if the game library is present, the getRangesList function only returns the last 3 ranges you see. Any ideas for managing everything via script?
many thanks in advance

Edited by MarioRossi93i
  • 0
Posted
3 hours ago, MarioRossi93i said:

thanks @nok1a i ll try it with chainer asap. meanwhile i did some test manually and i manage to get it works.

when libRealRacing.so is not present in /data/app/etc... i get this using gg.getRangesList("com.ea.games.r3_row*base.apk*bss"):

Script terminato:
Start: 0x7CF1C07000
dimension: 0x32000


Start: 0x7CFE362000
dimension: 0x42000


Start: 0x7CFE4AD000
dimension: 0x3000


Start: 0x7CFEDFE000
dimension: 0x2000


{ -- table(2e1b136)
	[1] = { -- table(3db1837)
		['end'] = 536632070144,
		['internalName'] = '/data/app/com.ea.games.r3_row-64kIDFJ_5MVEqukwLYrwhQ==/base.apk:bss',
		['name'] = '[anon:.bss]',
		['start'] = 536631865344,
		['state'] = 'O',
		['type'] = 'rw-p',
	},
	[2] = { -- table(73441a4)
		['end'] = 536841175040,
		['internalName'] = '/data/app/com.ea.games.r3_row-64kIDFJ_5MVEqukwLYrwhQ==/base.apk:bss',
		['name'] = '[anon:.bss]',
		['start'] = 536840904704,
		['state'] = 'O',
		['type'] = 'rw-p',
	},
	[3] = { -- table(6181b0d)
		['end'] = 536842272768,
		['internalName'] = '/data/app/com.ea.games.r3_row-64kIDFJ_5MVEqukwLYrwhQ==/base.apk:bss',
		['name'] = '[anon:.bss]',
		['start'] = 536842260480,
		['state'] = 'O',
		['type'] = 'rw-p',
	},
	[4] = { -- table(98faac2)
		['end'] = 536852037632,
		['internalName'] = '/data/app/com.ea.games.r3_row-64kIDFJ_5MVEqukwLYrwhQ==/base.apk:bss',
		['name'] = '[anon:.bss]',
		['start'] = 536852029440,
		['state'] = 'O',
		['type'] = 'rw-p',
	},
}

the first one starting at 0x7CF1C07000 is the working one.

Now i have a new question:

all ranges have same state,type,name. how to get the correct one writing a script? by  checking size? 

furthermore, if the game library is present, the getRangesList function only returns the last 3 ranges you see. Any ideas for managing everything via script?
many thanks in advance

To be honest i don't think it can work using size calculation. You will get all the BSS parts. But the size could differ. Did some tests:

32 bit

imagen.thumb.png.77bf3efca6c5748aef03ec245f3fca09.png

64 bit

Screenshot_2024-01-20-17-17-18-929_com.f1player.thumb.jpg.f859a1b5266dd2e768a3c08d79c874be.jpg

And then you have your size which is 32000

  • 0
Posted

I imagined the size might change. the only idea I have left is to try to load a known value for each range and see if it is found, otherwise move on to searching for the values. I'm a little worried about the time this check will take...

  • 0
Posted

Personally with my current knowledge on the topic i just think that finding some unique values in the executable is enough.

Search unique value. Then call gg.getRangesList(). All ranges will be displayed with there start and end address. In my case i know that the UTF8 string "libRealRacing3.so" resides in the Xa region of the executable. So i just search it and then get the first address of that char. So i know that's the right executable. But since lack of infomration on what your script does i adjusted my function getLib() for it to work with getRanges() by calling gg.getRangeList() to obtain the start address of the executable in which the string i just searched is located. Since the getRanges() function expects a table from gg.getRangeList(). Then knowing that the executable is divided in to 4 segments

imagen.thumb.png.ae8542c0c7da7ca2184946eb9016439c.png

but the chainer only will take the first segment that includes the "w" permission i just increment the table i took from gg.getRangeList() by 3 since the third segment is the one the chainer use since it has the "w" permission.

I test on 2 emulators that are 32 bit and on the 64 bit as well. Both worked. And as you can see in the post of

Game lib (#c64p69nw)

It worked for Count_Nosferatu after executing the script as expected.

  • 0
Posted
2 hours ago, nok1a said:

It worked for Count_Nosferatu after executing the script as expected.

Doesn't really work. It is not clear which of base apk to count from.

gg.setRanges(gg.REGION_CODE_APP)
t = gg.getRangesList('^/data/*com.ea.games.r3_row*base.apk*$')
print('Found ' ..#t ..' results')
a = 0
for i = 1, #t do
	if t[i]['type'] == 'rw-p' then
		print(t[i])
		a = a + 1
	end
end
print('Found ' ..a ..' rw-p results')

-- ->
Script ended:
Found 37 results
{ -- table(5d5648b)
	['end'] = 133868052664320,
	['internalName'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['name'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['start'] = 133868052647936,
	['state'] = 'O',
	['type'] = 'rw-p',
}
{ -- table(f005968)
	['end'] = 133868054269952,
	['internalName'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['name'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['start'] = 133868054241280,
	['state'] = 'O',
	['type'] = 'rw-p',
}
{ -- table(cd3f181)
	['end'] = 133868055478272,
	['internalName'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['name'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['start'] = 133868055474176,
	['state'] = 'O',
	['type'] = 'rw-p',
}
{ -- table(4995226)
	['end'] = 133868055621632,
	['internalName'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['name'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['start'] = 133868055617536,
	['state'] = 'O',
	['type'] = 'rw-p',
}
{ -- table(bb3be67)
	['end'] = 133868057997312,
	['internalName'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['name'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['start'] = 133868057923584,
	['state'] = 'O',
	['type'] = 'rw-p',
}
{ -- table(a35a414)
	['end'] = 133868058820608,
	['internalName'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['name'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['start'] = 133868058816512,
	['state'] = 'O',
	['type'] = 'rw-p',
}
{ -- table(c4d24bd)
	['end'] = 133868059889664,
	['internalName'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['name'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['start'] = 133868059885568,
	['state'] = 'O',
	['type'] = 'rw-p',
}
{ -- table(5386ab2)
	['end'] = 133868116672512,
	['internalName'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['name'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['start'] = 133868116594688,
	['state'] = 'O',
	['type'] = 'rw-p',
}
Found 8 rw-p results

 

  • 0
Posted (edited)
38 minutes ago, Count_Nosferatu said:

Doesn't really work. It is not clear which of base apk to count from.

gg.setRanges(gg.REGION_CODE_APP)
t = gg.getRangesList('^/data/*com.ea.games.r3_row*base.apk*$')
print('Found ' ..#t ..' results')
a = 0
for i = 1, #t do
	if t[i]['type'] == 'rw-p' then
		print(t[i])
		a = a + 1
	end
end
print('Found ' ..a ..' rw-p results')

-- ->
Script ended:
Found 37 results
{ -- table(5d5648b)
	['end'] = 133868052664320,
	['internalName'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['name'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['start'] = 133868052647936,
	['state'] = 'O',
	['type'] = 'rw-p',
}
{ -- table(f005968)
	['end'] = 133868054269952,
	['internalName'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['name'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['start'] = 133868054241280,
	['state'] = 'O',
	['type'] = 'rw-p',
}
{ -- table(cd3f181)
	['end'] = 133868055478272,
	['internalName'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['name'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['start'] = 133868055474176,
	['state'] = 'O',
	['type'] = 'rw-p',
}
{ -- table(4995226)
	['end'] = 133868055621632,
	['internalName'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['name'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['start'] = 133868055617536,
	['state'] = 'O',
	['type'] = 'rw-p',
}
{ -- table(bb3be67)
	['end'] = 133868057997312,
	['internalName'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['name'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['start'] = 133868057923584,
	['state'] = 'O',
	['type'] = 'rw-p',
}
{ -- table(a35a414)
	['end'] = 133868058820608,
	['internalName'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['name'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['start'] = 133868058816512,
	['state'] = 'O',
	['type'] = 'rw-p',
}
{ -- table(c4d24bd)
	['end'] = 133868059889664,
	['internalName'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['name'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['start'] = 133868059885568,
	['state'] = 'O',
	['type'] = 'rw-p',
}
{ -- table(5386ab2)
	['end'] = 133868116672512,
	['internalName'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['name'] = '/data/app/com.ea.games.r3_row-etCOPHVNo-lYN2A8uKT50Q==/base.apk',
	['start'] = 133868116594688,
	['state'] = 'O',
	['type'] = 'rw-p',
}
Found 8 rw-p results

 

That's not my script. You changed the search string and added your own string in it. It's also not how you implement it in the chainer and removed the function to i guess?

Also i did not read the full chainer script which was very big mistake of me, so i did not knew you needed to load results in order for it to work. I do now. So will implement the function in the chainer script.

Edited by nok1a
  • 0
Posted
12 minutes ago, nok1a said:

Script

Script ended:
Script error: luaj.o: /storage/emulated/0/Pictures/Scripts/pointerTest.lua:67
`    if ((a[1].address > v["start"]) and (a[1].address < v["end"])) then`
attempt to index ? (a nil value) with key 'address' (field '1')

 

  • 0
Posted
18 minutes ago, Count_Nosferatu said:
Script ended:
Script error: luaj.o: /storage/emulated/0/Pictures/Scripts/pointerTest.lua:67
`    if ((a[1].address > v["start"]) and (a[1].address < v["end"])) then`
attempt to index ? (a nil value) with key 'address' (field '1')

 

That's odd if it worked for you before, do you get any results if you  manually search libRealRacing3.so in UTF8 in region code app ?

  • 0
Posted

@nok1a thanks for your help, I solved the problem, the chainer is working now. now I just have to do some tests to select the right range in the scripts. unfortunately searching for a string takes too long, so I will directly use a getValues() to test for a known value.
I'd say the problem is solved, thanks everyone!

chainer.rrnolib.lua

  • -1
Posted (edited)

I think that the problem has not yet been solved.
It is not clear which range should be used.
The script finds many ranges with ['type'] = 'rw-p'

t = gg.getRangesList('com.ea.games.r3_row*base.apk')
for i = 1, #t do
	if t[i]['type'] == 'rw-p' then
		print(t[i])
	end
end

 

script-output.txt

Edited by Count_Nosferatu
  • 0
Posted

my problem was the chainer, and now it is working.

check all ranges for a known value and select the one (and only) that works. pm me if you need help.

by the way, to also select the bss add an * and a $ (optional) after base.apk*$

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.