Help/Support How to MSHOOK CMP

[FEDuo 0]

IDA Code:

             loc_A1AAC0                              ; CODE XREF: Labyrinth$$EnterBattleZone+2C9C↑j
il2cpp:00A1AAC0 BB 30 D0 E5                 LDRB            R3, [R0,#0xBB]
il2cpp:00A1AAC4 02 00 13 E3                 TST             R3, #2
il2cpp:00A1AAC8 08 00 00 0A                 BEQ             loc_A1AAF0
il2cpp:00A1AACC 74 30 90 E5                 LDR             R3, [R0,#0x74]
il2cpp:00A1AAD0 00 00 53 E3                 CMP             R3, #0
il2cpp:00A1AAD4 05 00 00 1A                 BNE             loc_A1AAF0
il2cpp:00A1AAD8 8E 15 F8 EB                 BL              il2cpp_runtime_class_init
il2cpp:00A1AADC 34 08 9F E5                 LDR             R0, =(off_4840C38 - 0xA1AAE8)
il2cpp:00A1AAE0 00 00 9F E7                 LDR             R0, [PC,R0] ; off_4840C38 ; RestoreGameplay_TypeInfo
il2cpp:00A1AAE4 00 00 90 E5                 LDR             R0, [R0] ; RestoreGameplay_TypeInfo
il2cpp:00A1AAE8 5C 10 90 E5                 LDR             R1, [R0,#0x5C] ; method
il2cpp:00A1AAEC 1C 20 91 E5                 LDR             R2, [R1,#28]
il2cpp:00A1AAF0
il2cpp:00A1AAF0             loc_A1AAF0                              ; CODE XREF: Labyrinth$$EnterBattleZone+2D44↑j
il2cpp:00A1AAF0                                                     ; Labyrinth$$EnterBattleZone+2D50↑j
il2cpp:00A1AAF0 01 00 52 E3                 CMP             R2, #1
il2cpp:00A1AAF4 02 00 00 1A                 BNE             loc_A1AB04
il2cpp:00A1AAF8 04 00 9D E5                 LDR             R0, [SP,#0x28+var_24] ; this
il2cpp:00A1AAFC 9C 1E 00 EB                 BL              Labyrinth$$Victory
il2cpp:00A1AB00 4E 01 00 EA                 B               loc_A1B040

I want hook 0xA1AAF0 CMP return true.

My MSHOOK Code:

void (*old_Victory)(bool);

void Labyrinth$$Victory(bool value) {
    value = true;
    return (*old_Victory)(value);
}
    MSHookFunction((void *) getAbsoluteAddress(targetLibName, string2Offset(OBFUSCATE_KEY("0xA1AAF0", '?'))), (void *) Labyrinth$$Victory, (void **) &old_Victory);

But it will crash.

How to fix?

[0xygen 395k iPad Mini 4 13.6]

What if you hardcode return it true?

il2cpp:00A1AAEC 1C 20 91 E5                 LDR             R2, [R1,#28]

Set this to MOV R2, #1

[FEDuo 0]

Not work

 

[X204 38.5k iPhone 5s 20.0]

You can’t hook at the middle of the function 

[FEDuo 0]

How to modify this in the function header hook?

[Shenchni 0 iPhone 6s Plus 14.4.2]

Is mod work for iPhone 6s Plus 

[X204 38.5k iPhone 5s 20.0]

This tut may help you

 

[xiaov 6.6k iPhone 6 8.3]

On 4/19/2021 at 10:11 AM, FEDuo said:

How to this in the function header hook?

On 4/18/2021 at 11:24 PM, Zahir said:

What if you hardcode return it true?

il2cpp:00A1AAEC 1C 20 91 E5                 LDR             R2, [R1,#28]

Set this to MOV R2, #1

change to mov r2,#1???

[Saitama 32.2k iPhone 6s Plus 15.7.9]

basically if i need remove some compare

il2cpp:00A1AAF0 01 00 52 E3                 CMP             R2, #1
il2cpp:00A1AAF4 02 00 00 1A                 BNE             loc_A1AB04

Compare r2 with number int 1
if NotEqual -> branch to location loc_A1AB04

just NOP both lines and code will move next line

[0xygen 395k iPad Mini 4 13.6]

On 5/7/2021 at 2:19 PM, xiaov said:

change to mov r2,#1???

The CMP is comparing the R2 with 1

Above it is the load to R2 so instead of loading, you set to 1 right away, then CMP is always true

I think