Trace functions flow

_GS_

_GS_

New User
3
03/25/17
0
Thread Author
Hi dudes,
I'd like to know if there is any way to trace every functions called in a game.
I mean, getting a list of every function called (included native ones) from start to end.

I need this because I'm trying to patch a game that close itself due to anti-tampering protection (it doesn't force close, it just close). If I manage to get the last function called (the one that close the game), I can then patch it.
 
xy problem
try to remove the anti tamper rather then the idea you're suggesting, run thru ida, otherwise you might just have to implement the debugger earlier to attach to the process, but that can be pretty hard to accomplish
 
s810car said:
xy problem
try to remove the anti tamper rather then the idea you're suggesting, run thru ida, otherwise you might just have to implement the debugger earlier to attach to the process, but that can be pretty hard to accomplish
Click to expand...
I surely can use Ida, but reversing a full il2cpp.so can be extremely time consuming. I need to know (atleast) what functions are called in order to find where the anti-tamper reside. What do you think about?

What debugger do you use anyway?
 
not too experienced with il2cpp yet, not sure what their standard methods are, most likely you need to look for a ptrace_attach would be my guess since it crashes out when you try to attach. If that's a dead end look into unity 3d programming forums, im sure there's a lot of anti-tamper threads that'll show some function names to look for.
For debugging dynamically ill just go with gdb usually, cant argue with the classics lol (obv this is a different circumstance so that doesn't apply here)
 
I understand, thank you so much. Also, I've found a tool called Frida that can hook functions and inject code... I'll give it a closer look later...

Last question, I promise: what do you think about the ida pro remote debugger for dalvik/art? Have you tried it?
 
haven't tried it yet, there's some work that needs to be done to make ida work with its debuggers and I've been too lazy to do it lol
it's on my bucket list once i get my new computer (last one died waiting for replacement)

and yea i heard of frida, sounds awesome but never tried it yet, it takes some setup as well, you're adding a server daemon with that
 
You must log in or register to reply here.
Back
Top Bottom