Opcodes Explanation

[Dr. Prakamya Khare]

Hello, this is me Prakamya, can anyone explain me clearly the uses and functions of these opcodes, Each one apparently .

0DD3 = 2, context_set_reg% 1d% value% 2d%; Android 

 0DD4 = 2,% 1d% = context_get_reg% 2d%; Android 

 0DD6 = 1,% 1d% = get_game_version; Android 

 0DD7 = 1,% 1d% = get_image_base; Android

[OrionSR]

0DD6: get_game_version 0@

Identifies which executable is being used. I've lost track of the documentation of what is reported for each version - probably included in Alexander Blade's original docs. Example: this command could be used to adjust for different limits to radar blips prior to 1.06 or new widget IDs used in 2.00.
 

0DD7: get_image_base 0@

Identifies the address of the Start of SCM (image base). GTA Mobile has two address schemes; one relative to the start of SCM and the other relative to the start of game memory. The image base value can be used to convert between add_ib 1 and add_ib 0 as used by the read and write memory codes.

Edited March 8, 2020 by OrionSR

[Dr. Prakamya Khare]

Okay I understand 0DD6 and 0DD7

0DD6: is for checking version

Such as 

if

0DD6: 0@ = get_game_version 

 0@ == 17 // 2.00

And 0DD7: identifies the address of SCM and start of the game memory, but why it uses the word image base if it is not referred to the image?

Is there any instances so that brings clarifications to me.

Thank you

And what about others 0DD3 and 0DD4?

 

Edited March 8, 2020 by Dr. Prakamya Khare

[OrionSR]

The term "image" often has technical uses that might apply to this context. But when I went looking for this value internally I never found anything identified with "image." Maybe it made sense to Alexander Blade or he found something I didn't. I'm not terribly skilled in this sort of thing. "Start of SCM" doesn't make a lot of sense out of the context of ADMA memory addressing either; and almost no one bothers with that anymore.

 

I'd much rather know how the image base and game version values are calculated so I could do this without cleo if necessary.

 

Sorry, 0DD3 and 0DD4 are way over my head. I think these are wedges into pushing and popping some lower level commands into the game engine.

[Dr. Prakamya Khare]

No problem, yep Alexander blade is really a great programmer. And thanks for the explanation :).

[Dr. Prakamya Khare]

Hey, bro, one more thing do you have a SA android v2.0 memory address in a text file, I need it because my PC is broken.

Edited March 8, 2020 by Dr. Prakamya Khare

[OrionSR]

47 minutes ago, Dr. Prakamya Khare said:

0@ == 17 // 2.00

Please confirm that this is more than just an example and that 17 identifies game version SA Android 2.00.

 

Please let me know if you find reference for other game versions.

 

Added: You might find this topic on writing to android memory without cleo interesting.

Edited March 8, 2020 by OrionSR

[Dr. Prakamya Khare]

40 minutes ago, OrionSR said:

Please confirm that this is more than just an example and that 17 identifies game version SA Android 2.00.

 

Please let me know if you find reference for other game versions.

 

Added: You might find this topic on writing to android memory without cleo interesting.

Bro 17 identifies game version which is 2.00 ofSA.

3 //1.00

5 // 1.02

6 // 1.03

7 // 1.05

8 // 1.06

10 // 1.07

13 // 1.08

17 // 2.00

: SA

 

 

[fastman92]

6 hours ago, OrionSR said:

Please confirm that this is more than just an example and that 17 identifies game version SA Android 2.00.

 

Please let me know if you find reference for other game versions.

 

Added: You might find this topic on writing to android memory without cleo interesting.

The game version IDs used in CLEO can be found in the documentation of the FLA.

 

I recommend you to use my command script definitions for GAME_SIMPLE_NAME_GTA_SA, COMMAND_CONFIGURATION_MOBILE.

0DD2=1,context_call_func %1d% ; android
0DD3=2,context_set_reg %1d% value %2d% ; android
0DD4=2,%1d% = context_get_reg %2d% ; android

 

0DD3 can be used before making a call with 0DD2.

0DD4 can be used after making a call.

 

The ARM/Thumb ABI states that four registers R0, R1, R2, R3 are used to hold arguments.

If argument is structure, then pointer to the structure should be passed. The rest of arguments is passed on the stack.

Now I see Alexander didn't make a possibility to pass arguments on the stack.

 

The R0 and R1 registers are used to return the value. Usually only R0 is used. In some cases, for example 'double' type, which takes 8 bytes the value will be returned in R0 and R1.

 

0DD7=1,%1d% = get_image_base ; android

This command sets the variable to hold the base address of game library, for example the base address of libGTASA.so

The game library is loaded on different memory address on each run.

You may need to know the base address and calculate some other address, which is a part of game library if you're writing to memory.

Edited March 8, 2020 by fastman92

[XMDS]

On Mon Mar 09 2020 at 5:49 AM, fastman92 said:

The game version IDs used in CLEO can be found in the documentation of the FLA.

 

I recommend you to use my command script definitions for GAME_SIMPLE_NAME_GTA_SA, COMMAND_CONFIGURATION_MOBILE.

0DD2=1,context_call_func %1d% ; android
0DD3=2,context_set_reg %1d% value %2d% ; android
0DD4=2,%1d% = context_get_reg %2d% ; android

 

0DD3 can be used before making a call with 0DD2.

0DD4 can be used after making a call.

 

The ARM/Thumb ABI states that four registers R0, R1, R2, R3 are used to hold arguments.

If argument is structure, then pointer to the structure should be passed. The rest of arguments is passed on the stack.

Now I see Alexander didn't make a possibility to pass arguments on the stack.

 

The R0 and R1 registers are used to return the value. Usually only R0 is used. In some cases, for example 'double' type, which takes 8 bytes the value will be returned in R0 and R1.

 

0DD7=1,%1d% = get_image_base ; android

This command sets the variable to hold the base address of game library, for example the base address of libGTASA.so

The game library is loaded on different memory address on each run.

You may need to know the base address and calculate some other address, which is a part of game library if you're writing to memory.

I think it's easy to understand.  0DD2 is used to call the function, 0DD3 is used to set the parameters of the function, reg represents the register, and the register is used to store the parameter.  0DD4 receive the return value of the function.  0DD0 obtains a string and saves the pointer, 0DD1 obtains the corresponding function address according to the character name of the pointer.

As for 0DD7, I feel like an addressing operation.  Of course, this is based on my understanding of using and writing CLEO. In fact, I only have some basics for ARM assembly.

I also have a few questions to ask you.

——————————————————————

1.0DD3 When setting the reg register, what is the upper limit of the number of registers used in CLEO.  Can I only use 4 registers in the range R0-R3?  Can reg 4 and above work?  For example, I want to use a function to create lights in CLEO, but this function has more than 4 parameters. Can it be used normally in CLEO?

 

2.Use 0DD4 to receive the return value, as you mentioned, use R0 and R1. R0 is commonly used, but I may recently use a string conversion double function (strtod or atof), but because double is 8 bytes, CLEO variables can only accept 4 bytes of data. So after R0 and R1 return, can I normally get a double data with two variables?

 

3.I want to get the home directory (files /) of Android GTASA in CLEO, which is to get the absolute path. I've used the getcwd function, and the function executed successfully, but I got a "/". I don't understand why I get such a symbol? Or is there a better function to get the absolute path?

 

4.I also tried to use CLEO for more complicated operations, such as using the dlopen function to obtain a libmedia.so library file in the Android system directory. And use the dlsym function to successfully obtain the address of the _ZN7android11MediaPlayer13setDataSourceEixx (setDataSource) function. I want to use it to play a custom game directory external mp3 audio file. But I don't know how to use the setDataSource function, and I don't know what its parameters are?

 

————————————————————

In fact, I am learning C ++, but because I have to work, I have less extra time. I know that using cleo for complex operations is not very suitable. But I still prefer CLEO. Or just I took the time to learn C ++ ... Regarding playing mp3, can your FLA Android library add some audio functions for playing mp3, so that I can better use these functions to play music in CLEO? Or will you try to make several new OP?