Curtain

I think the problem has been solved. Registers can only be modified when debugging, and can not be made into a patch switch.

@@DiDA please locked

nice one

let me see e ... 0xA99C0 CMP R0, R10 //compare R10 with R0 0xA99C4 BLE 0xA99E8 //branch to 0xA99E8 if it is less than or equal to if R10 less or eq R0,then branch to 0xA99E8.. so why you wrote 0xA99F8 is it wrong ?

hook function?

great job

thx

simcity /shadowsfight2/freeplay/HungryShark The latest version when i debugging simcity via GDB,it work fine,but convert it to .deb,crash,(once start game it will crash) i have tried countless times.the other three games also have different difficulty for me.

as i still a noob,when i try to hack the game with IDA,GDB,LLDB,it is appear sevaral issue,and i dont know why .so i want to have a look at correct offset from cheaters.

NO,the same as you

How did you deal with it ? please PM me greatly appreciated!

are there any other ways ?

thx

i have no idea for "EXC_BAD_ACCESS" maybe it is a wrong offset,

thx

the same one

thx

bro ,i still a noob in my case ,that are offset any better solution?

maybe you will stall Simcity game green money offset : 0x498324 orighex :98 40 86 e5 origfunction:str r4, [r6, #152]

yes,i think so because i learned code inject tut from DIDA/airmax etc they always found offset /funtion/data then done such as : offset:0xaddress STR R4, [R6,#0x98] ----------->STR R7, [R6,#0x98] tweak like this:writeData(0xoffset, 0xhex) because once run ,app will crash _________________​_________________​_________________ if i want to change register value,(set $r4=0xhex or set $r4=$r7) which is my offset and hex for make a patcher. i am so sorry for pool english.

i set $r4=0x99999 only whether "$r4=0x999" or "$r4=$r7" how converted to just like [0xoffset,0xhex] in this way ,make a patcher.

i am sorry.it is my mistake

hey everybody,i need your help,please I tried to hack Simcity via GDB/IDA .i found the offset is 0x498324 orig:str r4, [r6, #152] hack: str r7,[r6,#152] as usually,i changed it to str r7,[r6,#152], set *0x498324=E5867098 press c enter return device make money change ,then app crash so,i tried to set $r4=oxVALUE,work now, my quesion is : 1.is it possible to code inject directly like change r4 value ? if it is possible ,how to do. 2.why r4 to r7 will crash. Hardware watchpoint 3: *257995816 Old value = 30 New value = 29 0x00498324 in g_s3e_code () 3: x/i $pc 0x498324: 98 40 86 e5 str r4, [r6, #152] 2: $r0 = 484640170 1: x/i $pc 0x498324: 98 40 86 e5 str r4, [r6, #152] (gdb) info r r0 0x1ce305aa 484640170 r1 0xc6ef3720 -957401312 r2 0x88c110 8962320 r3 0x0 0 r4 0x1d 29 r5 0x88c118 8962328 r6 0xf60b390 257995664 r7 0x1 1 r8 0x6ce500cb 1826947275 r9 0x52ae977f 1387173759 r10 0x30317681 808547969 r11 0x0 0 r12 0x0 0 sp 0x52d1ab8 86842040 lr 0x4982d4 4817620 pc 0x498324 4817700 cpsr 0x280d0010 671940624 (gdb) set $r4=0x999999 warning: Unrecognized osabi 0 in arm_set_osabi_from_host_info (gdb) c Continuing. warning: Unrecognized osabi 0 in arm_set_osabi_from_host_info warning: Unrecognized osabi 0 in arm_set_osabi_from_host_info Hardware watchpoint 3: *257995816 Old value = 29 New value = 10066329 0x00498324 in g_s3e_code () 3: x/i $pc 0x498324: 98 40 86 e5 str r4, [r6, #152] 2: $r0 = 484640170 1: x/i $pc 0x498324: 98 40 86 e5 str r4, [r6, #152] (gdb) c Continuing. game running image symbolstub1:004982AC ; --------------------------------------------------------------------------- __symbolstub1:004982AC __symbolstub1:004982AC loc_4982AC ; CODE XREF: sub_49828C+14j __symbolstub1:004982AC ADD R4, R0, #0xA0 __symbolstub1:004982B0 ADD R5, R0, #0x98 __symbolstub1:004982B4 MOV R0, R5 __symbolstub1:004982B8 MOV R1, R4 __symbolstub1:004982BC BL loc_496AC4 __symbolstub1:004982C0 CMP R0, R7 __symbolstub1:004982C4 BCC loc_4982A4 __symbolstub1:004982C8 MOV R0, R5 __symbolstub1:004982CC MOV R1, R4 __symbolstub1:004982D0 BL loc_496AC4 __symbolstub1:004982D4 LDR R5, =0x3F3E38 __symbolstub1:004982D8 ADD R5, PC, R5 __symbolstub1:004982DC LDR R10, [R5] __symbolstub1:004982E0 CMP R10, #0 __symbolstub1:004982E4 RSB R4, R7, R0 __symbolstub1:004982E8 BNE loc_4982F4 __symbolstub1:004982EC BL sub_3C39EC __symbolstub1:004982F0 LDR R10, [R5] __symbolstub1:004982F4 __symbolstub1:004982F4 loc_4982F4 ; CODE XREF: sub_49828C+5Cj __symbolstub1:004982F4 LDR R1, =0x3F3E0C __symbolstub1:004982F8 LDR R2, =0x3F3E04 __symbolstub1:004982FC LDR R3, =0x3F3DFC __symbolstub1:00498300 ADD R1, PC, R1 __symbolstub1:00498304 ADD R2, PC, R2 __symbolstub1:00498308 ADD R3, PC, R3 __symbolstub1:0049830C LDR R9, [R1] __symbolstub1:00498310 MOV R12, #0 __symbolstub1:00498314 LDR R8, [R2] __symbolstub1:00498318 LDR R1, =0xC6EF3720 __symbolstub1:0049831C LDR R0, [R3] __symbolstub1:00498320 MOV R3, R12 __symbolstub1:00498324 STR R4, [R6,#0x98] __symbolstub1:00498328 __symbolstub1:00498328 loc_498328 ; CODE XREF: sub_49828C+E0j __symbolstub1:00498328 ADD R3, R3, #0x9E000000 __symbolstub1:0049832C ADD R3, R3, #0x374000 __symbolstub1:00498330 ADD R3, R3, #0x3980 __symbolstub1:00498334 ADD R3, R3, #0x39 __symbolstub1:00498338 ADD R11, R10, R12,LSL#4 __symbolstub1:0049833C ADD R2, R9, R12,LSR#5 __symbolstub1:00498340 ADD R5, R12, R3 __symbolstub1:00498344 EOR R2, R11, R2 __symbolstub1:00498348 EOR R2, R2, R5 __symbolstub1:0049834C ADD R4, R4, R2 __symbolstub1:00498350 ADD R5, R4, R3 __symbolstub1:00498354 ADD R11, R8, R4,LSL#4 __symbolstub1:00498358 ADD R2, R0, R4,LSR#5 __symbolstub1:0049835C EOR R2, R11, R2 __symbolstub1:00498360 EOR R2, R2, R5 __symbolstub1:00498364 CMP R3, R1 __symbolstub1:00498368 ADD R12, R12, R2 __symbolstub1:0049836C BNE loc_498328 __symbolstub1:00498370 MOV R2, #0 __symbolstub1:00498374 LDR R1, [R6,#0xBC] __symbolstub1:00498378 ORR R2, R2, R12 __symbolstub1:0049837C MOV R3, R4 __symbolstub1:00498380 CMP R1, #0 __symbolstub1:00498384 STRD R2, [R6,#0xA0] __symbolstub1:00498388 BEQ loc_4982A4 __symbolstub1:0049838C CMP R7, R1 __symbolstub1:00498390 MOVCS R7, R1 __symbolstub1:00498394 MOV R0, R7 __symbolstub1:00498398 RSB R7, R7, R1 __symbolstub1:0049839C STR R7, [R6,#0xBC] __symbolstub1:004983A0 LDMFD SP!, {R3-R11,PC} __symbolstub1:004983A0 ; End of function sub_49828C __symbolstub1:004983A0 __symbolstub1:004983A0 ;

there are two ways to change functions follow you. 1,STR r7,[r0,#9] 2.NOP function i really want to learn some other things from you but thx for shareing,shmoo..

really want it