I recently built VMDumper, a kernel32.dll based memory scanning system.
What it does when you run an Android emulator on PC you’ll see not only the emulator process itself but also helper/extended processes (for example
Because this runs at the memory kernel-access level, you can dynamically recover full app artifacts for example classes.dex blobs directly from memory no rooting, no Frida, no usual PID/package-based targeting required haha 😆That’s also the main constraint: you cannot target processes by package name or PID the way traditional dex-dump tools do. Previously, free tools and most dex-dumpers scanned a process by PID or package name and then dumped dex files. VMDumper is different it operates on raw memory access and provides a far more fundamental, kernel-like ability to extract app memory contents
Same technique I recently use jiagu 360 dumping working My deep learning stage #1
Research paper maked by - @aantik_mods
What it does when you run an Android emulator on PC you’ll see not only the emulator process itself but also helper/extended processes (for example
Mumu.exe or HyperMemu.exe). One of those secondary processes is essentially the *application runner* through it you can access the memory of apps running inside the emulator. Think of it like how a phone kernel can be modified to expose full device memory: here you get similarly deep, low-level access to the emulator’s memory from user space.Because this runs at the memory kernel-access level, you can dynamically recover full app artifacts for example classes.dex blobs directly from memory no rooting, no Frida, no usual PID/package-based targeting required haha 😆That’s also the main constraint: you cannot target processes by package name or PID the way traditional dex-dump tools do. Previously, free tools and most dex-dumpers scanned a process by PID or package name and then dumped dex files. VMDumper is different it operates on raw memory access and provides a far more fundamental, kernel-like ability to extract app memory contents
Same technique I recently use jiagu 360 dumping working My deep learning stage #1
Research paper maked by - @aantik_mods
4🔥9
ADB Port Manager.zip
75.2 KB
Main feature : automatically install ADB on the device and set Environment Variables automatically
Cross-platform support
Windows (7, 8, 8.1, 10, 11)
Termux (Android)
Linux (including Kali)
[1] Scan devices
[2] List forwarded ports
[3] Add forward
[4] Remove forward
[5] Remove all forwards
[6] Open adb shell
[7] Exit
Cross-platform support
Windows (7, 8, 8.1, 10, 11)
Termux (Android)
Linux (including Kali)
[1] Scan devices
[2] List forwarded ports
[3] Add forward
[4] Remove forward
[5] Remove all forwards
[6] Open adb shell
[7] Exit
❤4
IDA Professional 9.0.zip
407.2 MB
Btw you can use this 9.0 version which support the IDA PRO MCP
Private Version Recently Leached
Private Version Recently Leached
❤4
Memory Tracer ( Free @aantik_mods) .apk
1.5 MB
Memory Tracer ( Free @aantik_mods)
No need Login↔️ Completely ( Free )
Arm32 & Arm64 ( working )
Video -- https://youtu.be/g20j4-KGoXE?si=pt0rCll-JODXQm4s
No need Login
Arm32 & Arm64 ( working )
Video -- https://youtu.be/g20j4-KGoXE?si=pt0rCll-JODXQm4s
Please open Telegram to view this post
VIEW IN TELEGRAM
❤9😭9👌3
New : Print the assembly instruction for every memory access
->Traced (3 unique offsets):
1. libgame.so + 0x178380 (10x) [WRITE @7339E5E680] → ldr w9, [x8]
2. libgame.so + 0x3E6FA0 (260x) [WRITE @7339E5E69C] → ldr w8, [x8]
3. libgame.so + 0x413620 (50x) [WRITE @7339E5E69C] → ldr w8, [x22]
ldr w8, [x22] 😁
Old
->Traced (4 unique offsets):
1. libgame.so + 0xBE298 (109x) [Read D8D13A88]
2. libgame.so + 0x3874B4 (50x) [Read D8D13AA4]
3. libgame.so + 0x3BC2E8 (20x) [Read D8D13AA8]
4. libgame.so + 0x3FA788 (179x) [Read D8D1329C]
If you get a good response I will upload it otherwise I can't upload new version
Capstone Version Vs Old Version💥
->Traced (3 unique offsets):
1. libgame.so + 0x178380 (10x) [WRITE @7339E5E680] → ldr w9, [x8]
2. libgame.so + 0x3E6FA0 (260x) [WRITE @7339E5E69C] → ldr w8, [x8]
3. libgame.so + 0x413620 (50x) [WRITE @7339E5E69C] → ldr w8, [x22]
ldr w8, [x22] 😁
Old
->Traced (4 unique offsets):
1. libgame.so + 0xBE298 (109x) [Read D8D13A88]
2. libgame.so + 0x3874B4 (50x) [Read D8D13AA4]
3. libgame.so + 0x3BC2E8 (20x) [Read D8D13AA8]
4. libgame.so + 0x3FA788 (179x) [Read D8D1329C]
If you get a good response I will upload it otherwise I can't upload new version
Capstone Version Vs Old Version
Please open Telegram to view this post
VIEW IN TELEGRAM
1❤9😭2😍1
strdumpv1
67 KB
strdump
./strdump antik.memtools libAntik.so
Any type library String Dumper
Credit - https://github.com/capstone-engine/capstone
ASCII/UTF-8 // 1000% Dump
UTF-16LE, UTF-16BE string V1
UTF-32LE string Decor All args dump
Duplicate skip garbage Skipper
🖥 LGL or ImGUI all string dumping & Any type Library Encrypted string Analyzer
./strdump antik.memtools libAntik.so
Any type library String Dumper
Credit - https://github.com/capstone-engine/capstone
ASCII/UTF-8 // 1000% Dump
UTF-16LE, UTF-16BE string V1
UTF-32LE string Decor All args dump
Duplicate skip garbage Skipper
Please open Telegram to view this post
VIEW IN TELEGRAM
❤9👎1🔥1
Memory Tracer Assembly.apk
3.2 MB
Memory Tracer Assembly
Print Every Address Assembly instruction
->Traced (3 unique offsets):
1. libgame.so + 0x178380 (10x) [WRITE @7339E5E680] → ldr w9, [x8]
2. libgame.so + 0x3E6FA0 (260x) [WRITE @7339E5E69C] → ldr w8, [x8]
3. libgame.so + 0x413620 (50x) [WRITE @7339E5E69C] → ldr w8, [x22]
ldr w8, [x22] 😂
Print Every Address Assembly instruction
->Traced (3 unique offsets):
1. libgame.so + 0x178380 (10x) [WRITE @7339E5E680] → ldr w9, [x8]
2. libgame.so + 0x3E6FA0 (260x) [WRITE @7339E5E69C] → ldr w8, [x8]
3. libgame.so + 0x413620 (50x) [WRITE @7339E5E69C] → ldr w8, [x22]
ldr w8, [x22] 😂
<service
android:name="antik.memtools.modmenu.FloatingModMenuService"
android:enabled="true"
android:exported="false"
android:stopWithTask="true" />
<uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW" />
invoke-static {p0}, Lantik/memtools/MainActivity;->Start(Landroid/content/Context;)V
❤4
Please open Telegram to view this post
VIEW IN TELEGRAM
This media is not supported in your browser
VIEW IN TELEGRAM
AppSealin加固 Dump & Repack 😂 you can't dump this protection
C++ Raw method
C++ Raw method
🤯9😘1
#include <windows.h>
#include <shellapi.h>
#pragma comment(lib, "shell32.lib")
#define ID_J 1001
#define ID_C 1002
static HMODULE hMod;
static HWND hWnd;
static const char* URL = "https://news.1rj.ru/str/aantik_mods";
LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
DWORD WINAPI DlgThread(LPVOID);
extern "C" __declspec(dllexport) void InitDlg() {
if (hWnd) SetForegroundWindow(hWnd);
else CreateThread(NULL, 0, DlgThread, NULL, 0, NULL);
}
DWORD WINAPI DlgThread(LPVOID) {
const char* cls = "JoinDlg";
HINSTANCE hInst = hMod;
WNDCLASSA wc = {};
wc.lpfnWndProc = WndProc;
wc.hInstance = hInst;
wc.hCursor = LoadCursor(NULL, IDC_ARROW);
wc.hbrBackground = (HBRUSH)CreateSolidBrush(RGB(255, 255, 255));
wc.lpszClassName = cls;
RegisterClassA(&wc);
int w = 300, h = 160;
int x = (GetSystemMetrics(SM_CXSCREEN) - w) / 2;
int y = (GetSystemMetrics(SM_CYSCREEN) - h) / 2;
HWND win = CreateWindowExA(
WS_EX_TOPMOST, cls, "Join Telegram",
WS_OVERLAPPED | WS_CAPTION | WS_SYSMENU,
x, y, w, h, NULL, NULL, hInst, NULL);
if (!win) return 0;
hWnd = win;
CreateWindowA("STATIC", "Can You Join My TG",WS_CHILD | WS_VISIBLE | SS_CENTER,15, 40, 260, 60, win, NULL, hInst, NULL);
HWND jBtn = CreateWindowA("BUTTON", "Join",WS_CHILD | WS_VISIBLE | BS_DEFPUSHBUTTON,60, 90, 70, 25, win, (HMENU)ID_J, hInst, NULL);
HWND cBtn = CreateWindowA("BUTTON", "Close",WS_CHILD | WS_VISIBLE | BS_PUSHBUTTON,160, 90, 70, 25, win, (HMENU)ID_C, hInst, NULL);
SendMessage(jBtn, WM_CTLCOLORBTN, (WPARAM)GetSysColorBrush(COLOR_BTNFACE), 0);
SendMessage(cBtn, WM_CTLCOLORBTN, (WPARAM)GetSysColorBrush(COLOR_BTNFACE), 0);
ShowWindow(win, SW_SHOW);
UpdateWindow(win);
MSG msg;
while (GetMessageA(&msg, NULL, 0, 0)) {TranslateMessage(&msg);DispatchMessageA(&msg);
if (!IsWindow(win)) break;
}
return 0;
}
LRESULT CALLBACK WndProc(HWND win, UINT msg, WPARAM w, LPARAM l)
{
switch (msg) {
case WM_COMMAND:
switch (LOWORD(w)) {
case ID_J:
ShellExecuteA(NULL, "open", URL, NULL, NULL, SW_SHOWNORMAL);
DestroyWindow(win);
break;
case ID_C:
DestroyWindow(win);
break;
}
break;
case WM_CTLCOLORSTATIC:
case WM_CTLCOLORBTN: {
HDC dc = (HDC)w;
SetTextColor(dc, RGB(0, 0, 0));
SetBkMode(dc, TRANSPARENT);
return (LRESULT)GetStockObject(WHITE_BRUSH);
}
case WM_CLOSE:
DestroyWindow(win);
break;
case WM_DESTROY:
hWnd = NULL;
PostQuitMessage(0);
break;
default:
return DefWindowProcA(win, msg, w, l);
}
return 0;
}
BOOL APIENTRY DllMain(HMODULE h, DWORD r, LPVOID) {
if (r == DLL_PROCESS_ATTACH) {
hMod = h;
CreateThread(NULL, 0, DlgThread, NULL, 0, NULL);
}
else if (r == DLL_PROCESS_DETACH && hWnd) {
PostMessage(hWnd, WM_CLOSE, 0, 0);
}
return TRUE;
}
❤2