Help/Support Calling function when clicking a button

[KillerAE 176 Donor]

I am trying to make a function call when I click a button in a game.

I patched the button clicking function like this:

sub sp, sp, #24
str x30, [sp, #0]
bl 0x0 <-- address of the function I want to call
ldr x30, [sp, #0]
ret
 

When I click the button the game force closes.

Any suggestions or corrections?

[Rook 532.8k iPad Pro (2nd gen) 17.4 Donor]

If it’s in the beginning of the function, you need to use B instead of BL

[KillerAE 176 Donor]

7 minutes ago, Rook said:

If it’s in the beginning of the function, you need to use B instead of BL

I don't understand what you mean by if it is in the beginning. Could you please elaborate?

I have changed it to B instead of BL but still not working.

this is the function I am trying to invoke:

public ToggleView()
{
}

 

Updated April 6, 2021 by KillerAE

[KillerAE 176 Donor]

I get this in lldb when the game crashes:

Process 12737 stopped

* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=2, address=0x104cac6f8)

    frame #0: 0x0000000104cac6f8

-> 0x104cac6f8: .long  0x044f043c                ; unknown opcode

    0x104cac6fc: mul    z0.b, p0/m, z0.b, z0.b

    0x104cac700: sub    z0.b, z2.b, z28.b

    0x104cac704: sub    z21.b, z1.b, z29.b

Target 0: (z) stopped.

[Zahir 386.7k iPad Mini 4 13.6]

On 4/6/2021 at 10:56 PM, KillerAE said:

I patched the button clicking function like this:

I am not sure if you meant you changed the entirety of the function but in most cases, the function that triggers the button click will have an instruction you can modify. I wouldn't modify the entire function, just one instruction is fine. I don't know how your function looks like so can't help you much but I would say look if the function has it's own branches then change those to your desired offset