2

hello, I disassembled the request sent to the game server, I need to change the symbol, but I don’t know its memory address. Help me understand the ADRP and LDR instructions, I need to understand what address will be assigned to the register "x1".enter image description here

my disassembly experience is very small, i will be happy for any help.

will this user's question help me? getting function address by reading ADRP and ADD instruction values

qazwsx135
  • 71
  • 3
  • I looked at similar examples in the code, there are nop everywhere but I don't know why. The address that turned out went beyond the boundaries of the program (I disassembled the unity engine) I was told to look in the debugger for what the address is, but the debugger does not work. – qazwsx135 Jul 25 '22 at 14:34
  • 2
    Given that the architecture is arm64 (you didn't say it). From this post, ADRP will set the x8 value to pc + 0x2d71000, then zero out the lower 12 bit. Then nop will do nothing (wonder if it's a hole for debugging?) Then ldr x1, [x8, 0x250] will load the value in the memory address x8 + 0x250. If your program has correct address (the address in the left size of the picture, provide that you don't have some kind of randomized address), then the value in address 0x4151250 in memory will be loaded to x1 register. Please correct me if I'm wrong. – raspiduino Jul 25 '22 at 14:36
  • I was told to look in the debugger for what the address is, but the debugger does not work. What debugger are you using? – raspiduino Jul 25 '22 at 14:37
  • im use Cutter disassembler – qazwsx135 Jul 25 '22 at 14:39
  • Can you be specific about does not work? WDYM by does not work? – raspiduino Jul 25 '22 at 14:42
  • there is a similar question about ARDP but instead of LDR there is ADD, I tested and ADD is also suitable in my case – qazwsx135 Jul 25 '22 at 14:42
  • 1
    when you click on the debug button, the download occurs, but the program is not executed. only emulator works – qazwsx135 Jul 25 '22 at 14:45
  • will this user's question help me? https://reverseengineering.stackexchange.com/questions/15418/getting-function-address-by-reading-adrp-and-add-instruction-values – qazwsx135 Jul 25 '22 at 14:48
  • I think not possible without knowing the base of the program. In the link you put, OP has ADD instruction after get the x8 register's value (we also got that value), so he can add it. In your case, you need to load value from memory, it can be the value that is produced by another function in the program (for example global variable?) – raspiduino Jul 25 '22 at 15:30
  • 1
    thanks for the help, I wrote about this issue on 2 more sites, maybe this is a very problematic task – qazwsx135 Jul 25 '22 at 15:43
  • In case someone need it: https://stackoverflow.com/questions/73092001/how-to-find-address-in-memory-without-debugger – raspiduino Jul 25 '22 at 15:52

0 Answers0