I recently built VMDumper, a kernel32.dll based memory scanning system.
What it does when you run an Android emulator on PC you’ll see not only the emulator process itself but also helper/extended processes (for example
Because this runs at the memory kernel-access level, you can dynamically recover full app artifacts for example classes.dex blobs directly from memory no rooting, no Frida, no usual PID/package-based targeting required haha 😆That’s also the main constraint: you cannot target processes by package name or PID the way traditional dex-dump tools do. Previously, free tools and most dex-dumpers scanned a process by PID or package name and then dumped dex files. VMDumper is different it operates on raw memory access and provides a far more fundamental, kernel-like ability to extract app memory contents
Same technique I recently use jiagu 360 dumping working My deep learning stage #1
Research paper maked by - @aantik_mods
What it does when you run an Android emulator on PC you’ll see not only the emulator process itself but also helper/extended processes (for example
Mumu.exe or HyperMemu.exe). One of those secondary processes is essentially the *application runner* through it you can access the memory of apps running inside the emulator. Think of it like how a phone kernel can be modified to expose full device memory: here you get similarly deep, low-level access to the emulator’s memory from user space.Because this runs at the memory kernel-access level, you can dynamically recover full app artifacts for example classes.dex blobs directly from memory no rooting, no Frida, no usual PID/package-based targeting required haha 😆That’s also the main constraint: you cannot target processes by package name or PID the way traditional dex-dump tools do. Previously, free tools and most dex-dumpers scanned a process by PID or package name and then dumped dex files. VMDumper is different it operates on raw memory access and provides a far more fundamental, kernel-like ability to extract app memory contents
Same technique I recently use jiagu 360 dumping working My deep learning stage #1
Research paper maked by - @aantik_mods
4🔥9
ADB Port Manager.zip
75.2 KB
Main feature : automatically install ADB on the device and set Environment Variables automatically
Cross-platform support
Windows (7, 8, 8.1, 10, 11)
Termux (Android)
Linux (including Kali)
[1] Scan devices
[2] List forwarded ports
[3] Add forward
[4] Remove forward
[5] Remove all forwards
[6] Open adb shell
[7] Exit
Cross-platform support
Windows (7, 8, 8.1, 10, 11)
Termux (Android)
Linux (including Kali)
[1] Scan devices
[2] List forwarded ports
[3] Add forward
[4] Remove forward
[5] Remove all forwards
[6] Open adb shell
[7] Exit
❤4
IDA Professional 9.0.zip
407.2 MB
Btw you can use this 9.0 version which support the IDA PRO MCP
Private Version Recently Leached
Private Version Recently Leached
❤4
Memory Tracer ( Free @aantik_mods) .apk
1.5 MB
Memory Tracer ( Free @aantik_mods)
No need Login↔️ Completely ( Free )
Arm32 & Arm64 ( working )
Video -- https://youtu.be/g20j4-KGoXE?si=pt0rCll-JODXQm4s
No need Login
Arm32 & Arm64 ( working )
Video -- https://youtu.be/g20j4-KGoXE?si=pt0rCll-JODXQm4s
Please open Telegram to view this post
VIEW IN TELEGRAM
❤9😭9👌3
New : Print the assembly instruction for every memory access
->Traced (3 unique offsets):
1. libgame.so + 0x178380 (10x) [WRITE @7339E5E680] → ldr w9, [x8]
2. libgame.so + 0x3E6FA0 (260x) [WRITE @7339E5E69C] → ldr w8, [x8]
3. libgame.so + 0x413620 (50x) [WRITE @7339E5E69C] → ldr w8, [x22]
ldr w8, [x22] 😁
Old
->Traced (4 unique offsets):
1. libgame.so + 0xBE298 (109x) [Read D8D13A88]
2. libgame.so + 0x3874B4 (50x) [Read D8D13AA4]
3. libgame.so + 0x3BC2E8 (20x) [Read D8D13AA8]
4. libgame.so + 0x3FA788 (179x) [Read D8D1329C]
If you get a good response I will upload it otherwise I can't upload new version
Capstone Version Vs Old Version💥
->Traced (3 unique offsets):
1. libgame.so + 0x178380 (10x) [WRITE @7339E5E680] → ldr w9, [x8]
2. libgame.so + 0x3E6FA0 (260x) [WRITE @7339E5E69C] → ldr w8, [x8]
3. libgame.so + 0x413620 (50x) [WRITE @7339E5E69C] → ldr w8, [x22]
ldr w8, [x22] 😁
Old
->Traced (4 unique offsets):
1. libgame.so + 0xBE298 (109x) [Read D8D13A88]
2. libgame.so + 0x3874B4 (50x) [Read D8D13AA4]
3. libgame.so + 0x3BC2E8 (20x) [Read D8D13AA8]
4. libgame.so + 0x3FA788 (179x) [Read D8D1329C]
If you get a good response I will upload it otherwise I can't upload new version
Capstone Version Vs Old Version
Please open Telegram to view this post
VIEW IN TELEGRAM
1❤9😭2😍1
strdumpv1
67 KB
strdump
./strdump antik.memtools libAntik.so
Any type library String Dumper
Credit - https://github.com/capstone-engine/capstone
ASCII/UTF-8 // 1000% Dump
UTF-16LE, UTF-16BE string V1
UTF-32LE string Decor All args dump
Duplicate skip garbage Skipper
🖥 LGL or ImGUI all string dumping & Any type Library Encrypted string Analyzer
./strdump antik.memtools libAntik.so
Any type library String Dumper
Credit - https://github.com/capstone-engine/capstone
ASCII/UTF-8 // 1000% Dump
UTF-16LE, UTF-16BE string V1
UTF-32LE string Decor All args dump
Duplicate skip garbage Skipper
Please open Telegram to view this post
VIEW IN TELEGRAM
❤9👎1🔥1
Memory Tracer Assembly.apk
3.2 MB
Memory Tracer Assembly
Print Every Address Assembly instruction
->Traced (3 unique offsets):
1. libgame.so + 0x178380 (10x) [WRITE @7339E5E680] → ldr w9, [x8]
2. libgame.so + 0x3E6FA0 (260x) [WRITE @7339E5E69C] → ldr w8, [x8]
3. libgame.so + 0x413620 (50x) [WRITE @7339E5E69C] → ldr w8, [x22]
ldr w8, [x22] 😂
Print Every Address Assembly instruction
->Traced (3 unique offsets):
1. libgame.so + 0x178380 (10x) [WRITE @7339E5E680] → ldr w9, [x8]
2. libgame.so + 0x3E6FA0 (260x) [WRITE @7339E5E69C] → ldr w8, [x8]
3. libgame.so + 0x413620 (50x) [WRITE @7339E5E69C] → ldr w8, [x22]
ldr w8, [x22] 😂
<service
android:name="antik.memtools.modmenu.FloatingModMenuService"
android:enabled="true"
android:exported="false"
android:stopWithTask="true" />
<uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW" />
invoke-static {p0}, Lantik/memtools/MainActivity;->Start(Landroid/content/Context;)V
❤4
Please open Telegram to view this post
VIEW IN TELEGRAM
This media is not supported in your browser
VIEW IN TELEGRAM
AppSealin加固 Dump & Repack 😂 you can't dump this protection
C++ Raw method
C++ Raw method
🤯9😘1
#include <windows.h>
#include <shellapi.h>
#pragma comment(lib, "shell32.lib")
#define ID_J 1001
#define ID_C 1002
static HMODULE hMod;
static HWND hWnd;
static const char* URL = "https://news.1rj.ru/str/aantik_mods";
LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
DWORD WINAPI DlgThread(LPVOID);
extern "C" __declspec(dllexport) void InitDlg() {
if (hWnd) SetForegroundWindow(hWnd);
else CreateThread(NULL, 0, DlgThread, NULL, 0, NULL);
}
DWORD WINAPI DlgThread(LPVOID) {
const char* cls = "JoinDlg";
HINSTANCE hInst = hMod;
WNDCLASSA wc = {};
wc.lpfnWndProc = WndProc;
wc.hInstance = hInst;
wc.hCursor = LoadCursor(NULL, IDC_ARROW);
wc.hbrBackground = (HBRUSH)CreateSolidBrush(RGB(255, 255, 255));
wc.lpszClassName = cls;
RegisterClassA(&wc);
int w = 300, h = 160;
int x = (GetSystemMetrics(SM_CXSCREEN) - w) / 2;
int y = (GetSystemMetrics(SM_CYSCREEN) - h) / 2;
HWND win = CreateWindowExA(
WS_EX_TOPMOST, cls, "Join Telegram",
WS_OVERLAPPED | WS_CAPTION | WS_SYSMENU,
x, y, w, h, NULL, NULL, hInst, NULL);
if (!win) return 0;
hWnd = win;
CreateWindowA("STATIC", "Can You Join My TG",WS_CHILD | WS_VISIBLE | SS_CENTER,15, 40, 260, 60, win, NULL, hInst, NULL);
HWND jBtn = CreateWindowA("BUTTON", "Join",WS_CHILD | WS_VISIBLE | BS_DEFPUSHBUTTON,60, 90, 70, 25, win, (HMENU)ID_J, hInst, NULL);
HWND cBtn = CreateWindowA("BUTTON", "Close",WS_CHILD | WS_VISIBLE | BS_PUSHBUTTON,160, 90, 70, 25, win, (HMENU)ID_C, hInst, NULL);
SendMessage(jBtn, WM_CTLCOLORBTN, (WPARAM)GetSysColorBrush(COLOR_BTNFACE), 0);
SendMessage(cBtn, WM_CTLCOLORBTN, (WPARAM)GetSysColorBrush(COLOR_BTNFACE), 0);
ShowWindow(win, SW_SHOW);
UpdateWindow(win);
MSG msg;
while (GetMessageA(&msg, NULL, 0, 0)) {TranslateMessage(&msg);DispatchMessageA(&msg);
if (!IsWindow(win)) break;
}
return 0;
}
LRESULT CALLBACK WndProc(HWND win, UINT msg, WPARAM w, LPARAM l)
{
switch (msg) {
case WM_COMMAND:
switch (LOWORD(w)) {
case ID_J:
ShellExecuteA(NULL, "open", URL, NULL, NULL, SW_SHOWNORMAL);
DestroyWindow(win);
break;
case ID_C:
DestroyWindow(win);
break;
}
break;
case WM_CTLCOLORSTATIC:
case WM_CTLCOLORBTN: {
HDC dc = (HDC)w;
SetTextColor(dc, RGB(0, 0, 0));
SetBkMode(dc, TRANSPARENT);
return (LRESULT)GetStockObject(WHITE_BRUSH);
}
case WM_CLOSE:
DestroyWindow(win);
break;
case WM_DESTROY:
hWnd = NULL;
PostQuitMessage(0);
break;
default:
return DefWindowProcA(win, msg, w, l);
}
return 0;
}
BOOL APIENTRY DllMain(HMODULE h, DWORD r, LPVOID) {
if (r == DLL_PROCESS_ATTACH) {
hMod = h;
CreateThread(NULL, 0, DlgThread, NULL, 0, NULL);
}
else if (r == DLL_PROCESS_DETACH && hWnd) {
PostMessage(hWnd, WM_CLOSE, 0, 0);
}
return TRUE;
}
❤2
dialog.dll
13 KB
Many people believe that modifying mobile applications is simple
add a Java dialog box and claim the credit. However, adding dialog boxes to desktop software is a different challenge. Some individuals purchase cracked PC software and try to redistribute it with their own credits, but the process is not the same as for mobile apps.
I have a method that can help, but please use it responsibly. This technique can be abused to create malicious DLLs and inject them into applications. Such misuse can harm other users and may be illegal. Do not use this method for malicious purposes only for legitimate tasks such as adding credits or creating harmless dialog boxes.
Software Required
• https://github.com/master131/ExtremeInjector/releases/tag/v3.7.3
• https://ntcore.com/explorer-suite
• https://visualstudio.microsoft.com/
Dialog Code - https://news.1rj.ru/str/c/2307920458/130
Reverse Engineering Exe - @aantik_mods
Tutorial - https://news.1rj.ru/str/c/2307920458/132
add a Java dialog box and claim the credit. However, adding dialog boxes to desktop software is a different challenge. Some individuals purchase cracked PC software and try to redistribute it with their own credits, but the process is not the same as for mobile apps.
I have a method that can help, but please use it responsibly. This technique can be abused to create malicious DLLs and inject them into applications. Such misuse can harm other users and may be illegal. Do not use this method for malicious purposes only for legitimate tasks such as adding credits or creating harmless dialog boxes.
Software Required
• https://github.com/master131/ExtremeInjector/releases/tag/v3.7.3
• https://ntcore.com/explorer-suite
• https://visualstudio.microsoft.com/
Dialog Code - https://news.1rj.ru/str/c/2307920458/130
Reverse Engineering Exe - @aantik_mods
Tutorial - https://news.1rj.ru/str/c/2307920458/132
❤8