| View previous topic :: View next topic |
| Author |
Message |
myrth Newbie cheater
Reputation: 0
Joined: 14 Jul 2014 Posts: 17
|
Posted: Sun Jul 20, 2014 5:55 am Post subject: |
|
|
up
|
|
| Back to top |
|
 |
Dark Byte Site Admin
Reputation: 474
Joined: 09 May 2003 Posts: 25954 Location: The netherlands
|
Posted: Sun Jul 20, 2014 6:29 am Post subject: |
|
|
Before wasting too much time on this check if the address of the code is in a module
Easiest is checking the modulename inside the hexview of memoryview
if it's not inside a module but jitted, or in libdvm, then this code belongs to the java vm which requires a different approach, but if it uses it's own native binary (.so) then try learning the thumb instruction set and write a thumb disassembler
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
 |
myrth Newbie cheater
Reputation: 0
Joined: 14 Jul 2014 Posts: 17
|
Posted: Mon Jul 21, 2014 4:08 pm Post subject: |
|
|
| Dark Byte wrote: | Before wasting too much time on this check if the address of the code is in a module
Easiest is checking the modulename inside the hexview of memoryview
if it's not inside a module but jitted, or in libdvm, then this code belongs to the java vm which requires a different approach, but if it uses it's own native binary (.so) then try learning the thumb instruction set and write a thumb disassembler |
I'm searching in hex viewer for the module but where is it?
I can see Address,bytes ,opcode and comment
sorry for my stupidity
another time thank you
|
|
| Back to top |
|
 |
Dark Byte Site Admin
Reputation: 474
Joined: 09 May 2003 Posts: 25954 Location: The netherlands
|
Posted: Mon Jul 21, 2014 4:10 pm Post subject: |
|
|
Hexview is the bottom part
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
 |
myrth Newbie cheater
Reputation: 0
Joined: 14 Jul 2014 Posts: 17
|
Posted: Mon Jul 21, 2014 4:47 pm Post subject: |
|
|
oh yes sorry but there I can read the address ,execute/read/write ,base address ,size and physical address .
where is the module's name?
please don't hate me , I'm doing my best...
|
|
| Back to top |
|
 |
Dark Byte Site Admin
Reputation: 474
Joined: 09 May 2003 Posts: 25954 Location: The netherlands
|
Posted: Mon Jul 21, 2014 5:27 pm Post subject: |
|
|
If there is no modulename at the address of the code that accesses it (pc register) it's likely jitted code.
This makes things more complex so you may wish to look into recompiling the java classes instead.
You can still find it by doing aobscans or replacing libdvm.so with your own build that is easily debugged, but it's going to be slow and difficult
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
 |
myrth Newbie cheater
Reputation: 0
Joined: 14 Jul 2014 Posts: 17
|
Posted: Mon Jul 21, 2014 8:12 pm Post subject: |
|
|
How can i recompile the java classes?
I noticed that the values "OPCODE" are all the same in all the "ADDRESS", could I use the method of searching for "LEVEL POINTERS"?
As you know, I need any "stable value" to give it to AutoHotkey, any value that does not change over time, so I could tell AutoHotkey to research the "stable value" using Cheatengine every time.
Any way to enable AutoHotkey to understand the value would be fine.
Unfortunately, I also tried with OCR programs but without success.
Any idea is welcome.
Thanks for your patience
| Description: |
|
| Filesize: |
387.62 KB |
| Viewed: |
10032 Time(s) |

|
|
|
| Back to top |
|
 |
Dark Byte Site Admin
Reputation: 474
Joined: 09 May 2003 Posts: 25954 Location: The netherlands
|
Posted: Tue Jul 22, 2014 2:46 am Post subject: |
|
|
No, not that address. The address of the code that accesses (or writes) that address. (The pc register)
The modulename should show after "size="
Anyhow, if the bytes around the address are most of the time the same try an groupscan
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
 |
myrth Newbie cheater
Reputation: 0
Joined: 14 Jul 2014 Posts: 17
|
Posted: Tue Jul 22, 2014 5:46 am Post subject: |
|
|
Mhhh not exactly , they are always the same among themselves but if i restart the game they change.
I try to do it anyway?
what method do you recommend I use to do the scan group?
meanwhile I'm studying everything that I find interesting on the forum...
thank you dark byte
|
|
| Back to top |
|
 |
myrth Newbie cheater
Reputation: 0
Joined: 14 Jul 2014 Posts: 17
|
Posted: Wed Jul 23, 2014 6:47 am Post subject: |
|
|
| upupup
|
|
| Back to top |
|
 |
lampuiho Expert Cheater
Reputation: 6
Joined: 16 Jan 2010 Posts: 122
|
Posted: Wed Jul 23, 2014 7:52 am Post subject: |
|
|
| Search Java Disassembler/Decompiler
|
|
| Back to top |
|
 |
myrth Newbie cheater
Reputation: 0
Joined: 14 Jul 2014 Posts: 17
|
Posted: Wed Jul 23, 2014 9:05 pm Post subject: |
|
|
| lampuiho wrote: | | Search Java Disassembler/Decompiler |
Ok but are you sure that Ce is useless with this game?
Should I decompile directly the "apk" file with a java decompiler?
and so how can If the correct string?
plase more explain in newbie!
thank you
|
|
| Back to top |
|
 |
Dark Byte Site Admin
Reputation: 474
Joined: 09 May 2003 Posts: 25954 Location: The netherlands
|
Posted: Thu Jul 24, 2014 3:20 am Post subject: |
|
|
First confirm with ce if the code is inside a module belonging to libdvm.so or jitted.(no module) Most games i've seen have the game inside a native library.
Of course, this game even looks like a browsergame so it's possible it's fully dalvik vm
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
 |
myrth Newbie cheater
Reputation: 0
Joined: 14 Jul 2014 Posts: 17
|
Posted: Sun Jul 27, 2014 4:09 pm Post subject: |
|
|
| Dark Byte wrote: | First confirm with ce if the code is inside a module belonging to libdvm.so or jitted.(no module) Most games i've seen have the game inside a native library.
Of course, this game even looks like a browsergame so it's possible it's fully dalvik vm |
Using hexviewer how can I confir that the code belong to libdvm.so or jitted.?
thank you
|
|
| Back to top |
|
 |
|