Help/Support Calling function when clicking a button

KillerAE · April 6, 2021

I am trying to make a function call when I click a button in a game.

I patched the button clicking function like this:

sub sp, sp, #24
str x30, [sp, #0]
bl 0x0 <-- address of the function I want to call
ldr x30, [sp, #0]
ret

When I click the button the game force closes.

Any suggestions or corrections?

Rook · April 6, 2021

If it’s in the beginning of the function, you need to use B instead of BL

KillerAE · April 6, 2021

7 minutes ago, Rook said:

If it’s in the beginning of the function, you need to use B instead of BL

I don't understand what you mean by if it is in the beginning. Could you please elaborate?

I have changed it to B instead of BL but still not working.

this is the function I am trying to invoke:

public ToggleView()
{
}

Updated April 6, 2021 by KillerAE

KillerAE · April 6, 2021

I get this in lldb when the game crashes:

Process 12737 stopped

* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=2, address=0x104cac6f8)

frame #0: 0x0000000104cac6f8

-> 0x104cac6f8: .long 0x044f043c ; unknown opcode

0x104cac6fc: mul z0.b, p0/m, z0.b, z0.b

0x104cac700: sub z0.b, z2.b, z28.b

0x104cac704: sub z21.b, z1.b, z29.b

Target 0: (z) stopped.

Zahir · April 12, 2021

On 4/6/2021 at 10:56 PM, KillerAE said:

I patched the button clicking function like this:

I am not sure if you meant you changed the entirety of the function but in most cases, the function that triggers the button click will have an instruction you can modify. I wouldn't modify the entire function, just one instruction is fine. I don't know how your function looks like so can't help you much but I would say look if the function has it's own branches then change those to your desired offset