Help/Support Trying to get ARM code

Gordxn · March 19

I got my methods and found one I wanted to attempt to patch. However, I don't quite understand the HEX to ARM converter. I tried pasting the HEX instructions from DnSpy into it, but it gave some wacky results.

Instruction Hex: "1200FE15C3000002062A"
Offset: "3043E74"

ARM64 Result:

b #0xafc3ebc
.BYTE 0xc3, 0x00, 0x00, 0x02

ARM Result:
ldrbne r0, [lr, #0x12]!
andeq r0, r0, #0xc3

I don't know if it's just my lack of experience with the ARM architecture, but these instructions don't seem right to me. The C# function is a simple get function that returns a SecuredDouble. Any help or related links would be appreciated!

tien0246 · March 19

It's right iíntruction. Maybe "1200FE15C302062A"?

Gordxn · March 19

24 minutes ago, tien0246 said:

It's right iíntruction. Maybe "1200FE15C302062A"?

So I see you removed that string of four 0's, how am I supposed to know to remove that in the future?

tien0246 · March 19

2 minutes ago, Gordxn said:

So I see you removed that string of four 0's, how am I supposed to know to remove that in the future?

I just random delete :troll:

8 char = 1 instruction

your instruction have 20 char. So i guess your instruction is redundant somewhere

Gordxn · March 19

Well, if anyone is still looking to help me, I'm still struggling quite hard. I've decided to just go for a simple isBlahBlah function that only works with booleans. However, I can't even figure out how to write a patch for these.

The function in dnSpy looks as follows:

[Token(Token = "0x6006702")]
[Address(RVA = "0x2C4688C", Offset = "0x2C4688C", VA = "0x2C4688C")]
[CompilerGenerated]
get
{
	return default(bool);
}

I tried using a basic return true or false patch, but neither worked. Return true patch in assembly:

MOV X0, #1
ret

I'm trying to test this using iosGod's live patcher. My offset is "102C4688C" and my patch is "200080D2C0035FD6"

Any help would once again be appreciated!

Saitama · March 20

offset

0x2C4688C

its offset from base address
patch must be at point baseAddr+0x2C4688C

Updated March 20 by Saitama

tien0246 · March 21

On 3/19/2024 at 10:49 AM, Gordxn said:
Well, if anyone is still looking to help me, I'm still struggling quite hard. I've decided to just go for a simple isBlahBlah function that only works with booleans. However, I can't even figure out how to write a patch for these.

The function in dnSpy looks as follows:
[Token(Token = "0x6006702")]
[Address(RVA = "0x2C4688C", Offset = "0x2C4688C", VA = "0x2C4688C")]
[CompilerGenerated]
get
{
	return default(bool);
}
I tried using a basic return true or false patch, but neither worked. Return true patch in assembly:
MOV X0, #1
ret
I'm trying to test this using iosGod's live patcher. My offset is "102C4688C" and my patch is "200080D2C0035FD6"

Any help would once again be appreciated!