Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {
- onEnter: function (log, args, state) {
- log("get_gacha(" + args[0].toInt32() + "," + args[1].toInt32() + "," + args[2].toInt32() + "," + ")");
- this.args1 = args[1];
- this.args2 = args[2];
- var myfunc = new NativeFunction(Module.findExportByName('libnative-lib.so', 'get_gacha'), 'uint32', ['uint32', 'pointer', 'pointer']);
- log('-----');
- a1 = Memory.alloc(4);
- a2 = Memory.alloc(4);
- var i = 0;
- var flag = [];
- var pos = 0;
- var char = '';
- for (i = 0; i < 300; i++) {
- flag[i]="?";
- }
- for (i = 0; i < 300; i++) {
- myfunc(0xffffff, a1, a2);
- pos = Memory.readUInt(a1);
- char = String.fromCharCode(Memory.readUInt(a2));
- log('pos: ' + pos + ' char: ' + char);
- flag[pos]=char;
- }
- log(flag.join());
- log('-----');
- },
- onLeave: function (log, retval, state) {
- log('onLeave');
- log(hexdump(this.args1, { length: 1 }));
- log(hexdump(this.args2, { length: 1 }));
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
