Jump to content
  • 0

Different offset on dumping

moh4mmed

Asked by moh4mmed,

Question

moh4mmed Contributor

moh4mmed

Posted
Posted

RVA: 0x2760510 Offset: 0x275F510 VA: 0x2760510 (float value)

Why there is two different offset and when I hook this offset then it's not working

Someone HELP

3 answers to this question

Recommended Posts

MC874 Proficient

MC874

Posted
Posted

Hi @moh4mmed, RVA is Relative Virtual Address, it takes the offset from the beginning of a file / the start of lib address that exist on memory. Meanwhile VA (Virtual Address) is the method address while you're dumping the game. VA should not be used, you need to use only RVA.

Quote

RVA: 0x2760510 Offset: 0x275F510 VA: 0x2760510 (float value)

It seems the RVA & VA is the same. It should be different. Try redumping.

moh4mmed Contributor

moh4mmed

Posted
  • Author
Posted

 

8 hours ago, MC874 said:

Hi @moh4mmed, RVA is Relative Virtual Address, it takes the offset from the beginning of a file / the start of lib address that exist on memory. Meanwhile VA (Virtual Address) is the method address while you're dumping the game. VA should not be used, you need to use only RVA.

It seems the RVA & VA is the same. It should be different. Try redumping.

RVA: 0x2760510 VA: 0x7e24399510

 protected Void [[[][]][[][[[][[[[[]]]]][[[][[][]]][][[[][[][[](Int32 [[]]][[]][]]][][][[[][[[[[][[]]][][[[[]]]]][[[]) { }

I tried Hooking this (64bit game) but no luck so far RVA = same VA = change everytime. When I dump the lib through il2cpp dumper apk it gives offset as above mentioned but this one is dumped by zygisk dumper. Can you please help me to hook this offset through GG & BTW int32=1 here and I want it to be int32= 0

MC874 Proficient

MC874

Posted
Posted

Hi @moh4mmed, as I said earlier:

Quote

RVA = same VA = change everytime

That's why you need to use RVA because it's constant. Just grab the library base address and add RVA to it (Base address + RVA)
---

Quote

protected Void [[[][]][[][[[][[[[[]]]]][[[][[][]]][][[[][[][[](Int32 [[]]][[]][]]][][][[[][[[[[][[]]][][[[[]]]]][[[]) { }

You're trying to hook a method, also it is void types. You can change the "int32" as desired, but you need to find some instruction based on parameter it's located. For example, if "int32" is the first parameter, you need to find register R1 and change it to your value. For example: 

MOV R0, R1 -> MOV R0, #1

---
So yeah, editing void method is kind of hard. You need to understand assembly first.

Archived

This topic is now archived and is closed to further replies.

Go to question listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.