Help/Support Branch to my own function (hooking??)

tryingtolearnsum32 · November 9, 2024

As seen in the title i want to know if this even possible. Essentially i only to edit a branch call to go to my own function sort of like a hook but only for this one time as the function gets called in a different place but i only want to edit it in this specific instance. for example.

UnityEngine.Random

offset blah blah

public static Vector2 get_insideUnitCircle()

This function in this game gets called in multiple areas in different functions and returns a random vector2 in a circle of radius of 1.

i guess you can say i would like to hook it? only for this specific case and let the regular function do it thing in the other methods its use in.

Might be tedious in alot of cases having to rehook branch after a game update but it wouldnt bother me at all :)

Now here what i was thinking. using the get realoffset function for where the branch occurs let's say the var name is Blah so ( uint64_t Blah = GRL(0xWhatever)) . Now for the first problem which i think i figured out which is two ways i didn't try yet first setting a void* var to my function then casting it as let the var for both ideas is Target so first way (void *var = myfunction next uint64_t Target = cast the var). Now for the second way which kind of using the same thing but using kitty scanner findsymbol with the location of my dylib and name of my function. Now after getting both locations doing a simple calculation of target - Blah and setting the value to a new var named NewBranchLoc. Now I'm stuck i know this newer version of kittymemory with asm and formater just for it. but what if i get a negative hex value for my NewBranchLoc because in arm converter it doesnt give a hexcode back so im overthinking that the asm wont work. When i tried find a example of a negative NewBranchLoc in ida such as 0x1523A54 BL sub_1309D9C (bl #0xffffffffffde6348 ) it gives out some crazy looking hex in this case 0xffffffffffde6348 so it using some time of bitwise operation im guessing...

Anyways sorry for the blabbering basically i just want to ask if what im trying to do is even possible? if so am in the right direction and just overthinking it?

if not is there a alternative other than just hooking the value (i know in some cases you could unlink?(i think is the term ...basically doing the effect you want with some type of check when hooking but for this case that wouldnt really work.) if are they any source to them?

If not is there a to hook in the middle of function i saw something called a midhook function for pc somewhere else but some of the stuff there needed is only for pc i think.

Anyways thank you for your time this just has been bugging me and im a noob coder well noob+ hahaha.

tryingtolearnsum32 · November 10, 2024

update after some think i think i figured out why it's giving me that weird hex for backward branch jumps such as bl #0xffffffffffde6348 by using the Two's Complement to represent a negative hex value. does the compiler do this itself i don't know hahaha but i will try once i figure out this new problem.

Which is trying use the new kitty memory with the asm

So @Rook or maybe @Ted2

im using ted2 old mod menu template im ios 14.4 using dopamine

in my makefile i added

$(TWEAK_NAME)_OBJ_FILES = $(KITTYMEMORY_PATH)/Deps/Keystone/libs-ios/$(THEOS_CURRENT_ARCH)/libkeystone.a ( for this i changed $(Tweak name) to my name so tweakname_OBJ_FILES so i believe i did the right thing

and

KITTYMEMORY_PATH = path/to/KittyMemory for this i simply did KITTYMEMORY_PATH = KittyMemory

i didnt add

-DkNO_KEYSTONE Since i wanted to use the arm function.

Anyways i didnt even use the asm function i just wanted to compile my current mod with the new kittymemory

and the result were all some stuff recompiled

but at the tweak linking procress i got some warnings 1 of many examples

ld: warning: object file (KittyMemory/Deps/KeyStone/libs-ios/arm64/libkeystone.a(X86MCTargetDesc.cpp.o)) was built for newer ios version (14.0) than being linked (9.0)

So it was spamming me this for different cpp.o's in libkeystone.a

another specific ld warning was this

ld: warning: Could not find or use auto - linked framework 'UniformTypeIdentifiers' undefined symbols for architecture arm64:

"___chkstk_darwin", referenced from: getMemoryBufferForStream(int, llvm_ks::Twine const&) in libkeystone.a(MemoryBuffer.cpp.o)

llvm_ks::APFloat::roundSignificandWithExponent(unsigned long long const*, unsigned int, int, llvm_ks::APFloat::roundingmode) in libkeystone.a(APFloat.cpp.o)

ld: symbol(s) not found for architecture arm64

clang-16: error: linker command failed with exit code 1(use -v to see invocation)

Some INFO like i said using a old reliable ted2 mode menu temp, Sdk 12.4, and i seen on the github it said c++11 or higher in my makefile myname_CCFLAGS its has -std=c++11 i dont know if that its.

So I'm asking for help on this or a provided mod menu template with this new kitty memory please! I feel like I'm so close!!