Jump to content

5 posts in this topic

Recommended Posts

Posted

Hey, So I've been trying to hack Plants vs Zombies Heroes for a few days now and im getting really stuck.

I've found the offsets for the player's sun which is 0x100683328.

QDEWxI5.png

This offset is triggered when the player uses their sun. When I change:

SUB             W9, W9, W1

Into this 

ADD            W9, W9, W1

It affects the player's sun value visually, however it still does not allow you to use more than what you initially had(Correct Value).

 

There is also another offset that is triggered on each new wave which again affects the Player's sun (it acts like a reset of sorts) which is located at 0x100683264 

jAyVn9J.png

Once again if I change

STR             W1, [X0,#0x48]

To

STR             W7, [X0,#0x48]

It changes the players sun, but only visually. (Note [19,#0x48] and [X0,#0x48] both point to the same address).

 

Now to me it seems there is obviously some sort of check happening to make sure the values are the same and if theyre not restore them to what they were, but I cant seem to find it.

Any help would be greatly appreciated.

Posted

Have you looked at loc_100683344 ?

Theres a compare, and looks like a branch if W9 does not equal #3. The location I listed above is where it branches to.  I'm still an IDA noobie (especially 64 bit) but I'd check out the code in that location. Seems to be the location the function you hacked ultimately branches to as well.  I forget what CBZ is but it seems like a callback that goes to or checks a value at that same address.

Hope that was of some help. If ya figure it out on ur own plz post back maybe I'll learn something.  Hopefully one of the more experienced ppl can be of more help.

Posted
3 hours ago, i0s_tweak3r said:

Have you looked at loc_100683344 ?

Theres a compare, and looks like a branch if W9 does not equal #3. The location I listed above is where it branches to.  I'm still an IDA noobie (especially 64 bit) but I'd check out the code in that location. Seems to be the location the function you hacked ultimately branches to as well.  I forget what CBZ is but it seems like a callback that goes to or checks a value at that same address.

Hope that was of some help. If ya figure it out on ur own plz post back maybe I'll learn something.  Hopefully one of the more experienced ppl can be of more help.

Here is the full function

Y6qhzuO.png

 

From further testing it seems W2 Branches to 

LDR             W9, [X19,#0x40]
CMP             W9, #3
B.NE            loc_100683344

When the Suns do not match up ie. The correct value is 1, however what is displayed is 10.

However [X19, #0x40] seems to always hold 2 (as I have set a watchpoint on the address and it never triggers). Which means it branches back to the original link (loc_100683344).

 

I am really lost now in where the "true" value is getting stored

Posted
On 7/7/2017 at 2:57 AM, Miscdemeanor said:

Here is the full function

Y6qhzuO.png

 

From further testing it seems W2 Branches to 


LDR             W9, [X19,#0x40]
CMP             W9, #3
B.NE            loc_100683344

When the Suns do not match up ie. The correct value is 1, however what is displayed is 10.

However [X19, #0x40] seems to always hold 2 (as I have set a watchpoint on the address and it never triggers). Which means it branches back to the original link (loc_100683344).

 

I am really lost now in where the "true" value is getting stored

The CBZ means "Compare and Branch when Zero", meaning if the value of register (W2 in this case) is zero, to branch to the address shown, loc_100683344.

Notice it's the same address branched to if W9 does not equal 3. 

I'm curious what's at sub_1006831B0, since you know you are branching there  from either the CMP or CBZ regardless b4 the function ends. Can u show what's at sub_1006831B0? 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
  • Create New...

Important Information

We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines