3. april 2016

Bypass "ptrace: Operation not permitted" or get around small dump size problem



Have "ptrace: Operation not permitted" error when you try to debug a game using GDB? or have small gcore dump size problem after saved gcore? Follow these steps

"PID" stands for Process ID

The game is EDEN Avalon Legends (th.co.tdp.eden).

Turn off the Advanced Task Killer app, if it is running. Open the game, and press the HOME button to minimize the game.

Image

type

dumpsys meminfo

to view all running processes.

Image 

Take note of the number next to "pid" (PID stands for "Process ID" and changes everytime a process starts). In my example, I'll take note of the number "383".

Now, using the PID you just noted, type:

ls -l /proc/<gamepid>/task/

example

ls -l /proc/4492/task/

This will give a list of clones of the main PID and depending on the game, can attach to it regardless of if ptrace is denying the main process id (PID), if that makes sense.

5. Attach to a clone of the process

gdb -pid xxxxx

Example:
gdb -pid 4546

Image

The symbols are loaded which means the game is debugged

Image

6. Dump as normal with gcore

gcore /sdcard/DUMPEDFILE

Do not worry about any warnings like these you may read in the Terminal app:

Image

Image

7. Extract the DLL file as normal with cracked Winhex

Proof:

Image

This tutorial is used to teach you new things. EDEN Avalon Legends will not run if you replace the modded DLL file

Note: Games such as GrandChase M doesnt work even the clones found through "ls -l" still deny ptrace it basically depends on the securty the game has but its good info and you never know what seems a really hard game might just work as did avalon legends which like 4 i know are trying to bypass ptrace for


0 kommentarer:

Send en kommentar