Help/Support Know registers of specific place

[bR34Kr 19.2k]

I've found a string in my game for "HealthRegen" and what I want to do is to change the value of the Health that is regened to a giant number.

So I thought to get the registers of that specific place and change some stuff for an unlinked godmode. (Enemies don't regen)

Spoiler

sub_10145D538                           ; DATA XREF: __const:00000001028F9C50↓o
__text:000000010145D538
__text:000000010145D538 var_10          = -0x10
__text:000000010145D538 var_s0          =  0
__text:000000010145D538
__text:000000010145D538                 STP             X20, X19, [SP,#-0x10+var_10]!
__text:000000010145D53C                 STP             X29, X30, [SP,#0x10+var_s0]
__text:000000010145D540                 ADD             X29, SP, #0x10
__text:000000010145D544                 MOV             X19, X0
__text:000000010145D548                 LDR             X8, [X19,#8]
__text:000000010145D54C                 LDR             X0, [X8]
__text:000000010145D550                 MOV             W1, #0x1B
__text:000000010145D554                 MOV             X2, #0
__text:000000010145D558                 BL              sub_100A732C4
__text:000000010145D55C                 LDR             X8, [X19,#8]
__text:000000010145D560                 LDR             X19, [X8,#8]
__text:000000010145D564                 ADRP            X0, #aHealthregenera@PAGE ; "HealthRegenerated"
__text:000000010145D568                 ADD             X0, X0, #aHealthregenera@PAGEOFF ; "HealthRegenerated"
__text:000000010145D56C                 BL              sub_102089C74
__text:000000010145D570                 MOV             X1, X0
__text:000000010145D574                 MOV             X0, X19
__text:000000010145D578                 MOV             X2, #0
__text:000000010145D57C                 LDP             X29, X30, [SP,#0x10+var_s0]
__text:000000010145D580                 LDP             X20, X19, [SP+0x10+var_10],#0x20
__text:000000010145D584                 B               sub_100AD0780
__text:000000010145D584 ; End of function sub_10145D538

 

 

Updated March 10, 2018 by bbReakMe

[bR34Kr 19.2k]

Also, is it normal it has 0 xrefs to it?

[bR34Kr 19.2k]

Could it work if I replace var_10?

[bR34Kr 19.2k]

It is also the same with OHK.

__text:000000010145CEF8 sub_10145CEF8                           ; DATA XREF: __const:00000001028F9BB0↓o
__text:000000010145CEF8
__text:000000010145CEF8 var_10          = -0x10
__text:000000010145CEF8 var_s0          =  0
__text:000000010145CEF8
__text:000000010145CEF8                 STP             X20, X19, [SP,#-0x10+var_10]!
__text:000000010145CEFC                 STP             X29, X30, [SP,#0x10+var_s0]
__text:000000010145CF00                 ADD             X29, SP, #0x10
__text:000000010145CF04                 MOV             X19, X0
__text:000000010145CF08                 LDR             X8, [X19,#8]
__text:000000010145CF0C                 LDR             X20, [X8]
__text:000000010145CF10                 ADRP            X0, #aAttackpower@PAGE ; "AttackPower"
__text:000000010145CF14                 ADD             X0, X0, #aAttackpower@PAGEOFF ; "AttackPower"
__text:000000010145CF18                 BL              sub_102089C74
__text:000000010145CF1C                 MOV             X1, X0
__text:000000010145CF20                 MOV             X0, X20
__text:000000010145CF24                 MOV             X2, #0
__text:000000010145CF28                 BL              sub_100AD0780
__text:000000010145CF2C                 LDR             X8, [X19,#8]
__text:000000010145CF30                 LDR             X0, [X8,#8]
__text:000000010145CF34                 MOV             W1, #7
__text:000000010145CF38                 MOV             X2, #0
__text:000000010145CF3C                 LDP             X29, X30, [SP,#0x10+var_s0]
__text:000000010145CF40                 LDP             X20, X19, [SP+0x10+var_10],#0x20
__text:000000010145CF44                 B               sub_100A732C4
__text:000000010145CF44 ; End of function sub_10145CEF8
__text:000000010145CF44

 

[Ted2 39.1k iPhone 13 Pro 16.0 Donor]

I think you actually have to xref in order to get to the right function.

 

But to make sure: set a breakpoint on the function & see if it hits, read registers of it & backtrace.

[bR34Kr 19.2k]

1 minute ago, Ted2 said:

I think you actually have to xref in order to get to the right function.

 

But to make sure: set a breakpoint on the function & see if it hits, read registers of it & backtrace.

Is putting a breakpoint on a function possible with LLDB?

w s e -- 0xFUNCTIONGOESHERE

 

[Ted2 39.1k iPhone 13 Pro 16.0 Donor]

Just now, bbReakMe said:

Is putting a breakpoint on a function possible with LLDB?

w s e -- 0xFUNCTIONGOESHERE

 

w s e command is for a watchpoint.

 

Breakpoint is: ' b 0xIDAOffset + Current ASLR slide'

[bR34Kr 19.2k]

3 minutes ago, Ted2 said:

w s e command is for a watchpoint.

 

Breakpoint is: ' b 0xIDAOffset + Current ASLR slide'

Just to be sure, ASLR slide is the output of image list?

[Ted2 39.1k iPhone 13 Pro 16.0 Donor]

Just now, bbReakMe said:

Just to be sure, ASLR slide is the output of image list?

Yes, the value you substract from your watchpoints, but this time you add it.

[bR34Kr 19.2k]

5 minutes ago, Ted2 said:

Yes, the value you substract from your watchpoints, but this time you add it.

And the IDA offset is where there is the sub_blablabla