29. september 2017

How to dump DLL and other files using GameGuardian (root only) (Android 2.3.3-8.0)

You can dump memory using GameGuardian to extract encrypted file using get_dll_from_bin tool or Winhex. GameGuardian works on ARM, x64 and x86 devices, including x86 emulators (BlueStacks, Droid4X, Koplayer, Andy, Nox, Memu, Leapdroid, AMIDuOS, Windroye, RemixOS, PhoenixOS, AVD, Genymotion etc.)

Requirements:
- Rooted device or emulator.
- Minimum system requirements for Android device: 1 GB RAM, 2 cores CPU. If you have a low-end device, your device may freeze during dumping.
- Available free space of Internal storage or Sdcard: 2+ GB
- Requires Android 2.3.3+ (Gingerbread) and up to 8.0 (Oreo)

Instructions:
Download GameGuardian ap and install it on device or emulator
Download get_dll_from_bin.exe and use it later

Install GameGuardian APK on device or emulator. It's very easy

If you are using emulator that supports shared folder and allows you to changed path of shared folder, please change it.

Example in Memu, I changed music path to D:\Shared that I will use it later

 

Some emulators do not allow you to change the path. I know 2 emulators that uses hardcoded path:
Bluestacks: /sdcard/windows/BstSharedFolder
Nox: /mnt/shared

For others, find it yourself

Launch GG and press Start to launch GG floating icon.

launch the game

Open GG and select process of the game

Click on hamburger menu icon () and click on white folder with down arrow


Change path to shared folder (if supported) and click save. This will allow GG to dump files to your computer directly.



On your computer, navigate to the directory where you have dumped the memory and start recover files using Winhex or other programs


If you are recovering DLL files, copy get_dll_from_bin.exe to dumped folder and double click to start recovering DLL files.


Find the Assembly-Csharp.dll file yourself using .Net Reflector or dnSpy and move  Assembly-Csharp.dll to extracted Managed folder from the game to avoid the save error.

Can't find the Assembly-Csharp.dll file or got PE header error? Download modified get_dll_from_bin.exe and try again and recover PE header by yourself. Don't feed to leechers if you know how to fix it. Nobody likes leeching!


Please do not contact me about DLL dump failure. I don't want to hear more about "Can't dump Assembly-Csharp.dll blah blah blah". It's our secret.

Credits:
iAndroHacker (Tutorial)
Enyby (Deeloper of GameGuardian)

0 kommentarer:

Send en kommentar