Help/Support Code Injection

Archangel04 · January 9, 2017

So, I got offsets for Galaxy on Fire v1.12 and I wanna make a patcher for it. I have the moddable functions.

The only problem is that any cracked/thinned binary causes app to crash with EXEC_BAD_ACCESS and subtype KERN_INVALID_ADDRESS (basically some stuff necessary for it to work got killed with patch).

Will offsets from cracked binary in IDA work with the game? Like if i make a patcher, will it still work or will there be an error?

Also, I got an ASLR value of f0000 (or so). So i delete f0000 from all offsets i got right? I did that and got the functions but im not sure if they r the right ones. (Im using a non-thinned version of binary in 64 bit mode in ida)

AxCE · January 9, 2017

Just try it

Crypto · January 9, 2017

Trial & Error

Archangel04 · January 9, 2017

Trial & Error

Just try it

In IDA, i got this offset from LLDB on modding money (this watchpoint ocurred while increasing value)

__text:000000010015B3F8 sub_10015B3F8                           ; CODE XREF: sub_10001EFA0+718p
__text:000000010015B3F8                                         ; sub_10008DCD0+18B4p ...
__text:000000010015B3F8
__text:000000010015B3F8 var_30          = -0x30
__text:000000010015B3F8 var_20          = -0x20
__text:000000010015B3F8 var_10          = -0x10
__text:000000010015B3F8
__text:000000010015B3F8                 STP             X22, X21, [SP,#var_30]!
__text:000000010015B3FC                 STP             X20, X19, [SP,#0x30+var_20]
__text:000000010015B400                 STP             X29, X30, [SP,#0x30+var_10]
__text:000000010015B404                 ADD             X29, SP, #0x20
__text:000000010015B408                 MOV             X19, X1
__text:000000010015B40C                 MOV             X20, X0
__text:000000010015B410                 LDR             X21, [X20,#0x200]
__text:000000010015B414                 CBZ             X21, loc_10015B42C
__text:000000010015B418                 MOV             X0, X21
__text:000000010015B41C                 BL              sub_10013AC3C
__text:000000010015B420                 MOV             X0, X21
__text:000000010015B424                 BL              __ZdlPv ; operator delete(void *)
__text:000000010015B428                 STR             XZR, [X20,#0x200]

Should i replace

__text:000000010015B404                 ADD             X29, SP, #0x20

with

__text:000000010015B404                 LDR            X29, R7

I got this offset on selling some random stuff in shop. Does replacing it mean i get R7 whenever i sell something? Assuming that this is infact the function for selling stuff

Updated January 9, 2017 by Archangel04

Archangel04 · January 9, 2017

the BL function leads to

__text:000000010013AC3C sub_10013AC3C                           ; CODE XREF: sub_1000842C4+30p
__text:000000010013AC3C                                         ; sub_10008DCD0+16D0p ...
__text:000000010013AC3C
__text:000000010013AC3C var_20          = -0x20
__text:000000010013AC3C var_10          = -0x10
__text:000000010013AC3C
__text:000000010013AC3C                 STP             X20, X19, [SP,#var_20]!
__text:000000010013AC40                 STP             X29, X30, [SP,#0x20+var_10]
__text:000000010013AC44                 ADD             X29, SP, #0x20+var_10
__text:000000010013AC48                 MOV             X19, X0
__text:000000010013AC4C                 BL              sub_10013AB7C
__text:000000010013AC50                 MOV             X0, X19
__text:000000010013AC54                 LDP             X29, X30, [SP,#0x20+var_10]
__text:000000010013AC58                 LDP             X20, X19, [SP+0x20+var_20],#0x20
__text:000000010013AC5C                 RET
__text:000000010013AC5C ; End of function sub_10013AC3C