Help/Support LLDB - how to...

Anonymonk · May 24, 2018

hi gods and goddess,

im trying to find what to edit in IDA with lldb, but what i want to edit is a fixe value....

im doing bleach brave souls, i know how to find value to extend radius of an atk but that adress obviously dont change by itself...

so how can i find it? if i make a watchpoint to that adress and edit the value with igg nothing happend... i tried with gdb too

i also tried with something changing and "w s e -- 0x..." work fine

any help would be appreciate

Updated May 24, 2018 by Anonymonk

Ted2 · May 24, 2018

You need to make the watchpoint hit, meaning the value has to change itself. If that's not a option, you can't get the offset of it using lldb

Anonymonk · May 24, 2018

39 minutes ago, Ted2 said:

You need to make the watchpoint hit, meaning the value has to change itself. If that's not a option, you can't get the offset of it using lldb

thats not an option, this value never change.

i edit it when i open the game and it stay like that until i close it...

thats very sad if there is no alternative way...

but thank you for the help

Ted2 · May 24, 2018

Just now, Anonymonk said:

thats not an option, this value never change.

i edit it when i open the game and it stay like that until i close it...

thats very sad if there is no alternative way...

but thank you for the help

You gotta try hack it with strings & breakpoints then

Anonymonk · May 24, 2018

but im a d.ck with string and this value is load at launch from the master.db ....

i found one string in my life and because it was easy to find. in bleach i just find nothing... idk how they name their string but its hard...

Anonymonk · May 26, 2018

On May 24, 2018 at 5:45 PM, Ted2 said:

You gotta try hack it with strings & breakpoints then

actually i found out that when i go back to tittle screen, all atk change adress.

do you think that might do it, or lldb will not be able to find the offset as its kind of unconventional...

(lldb) w s e -- 0x117dc25a0
Watchpoint created: Watchpoint 1: addr = 0x117dc25a0 size = 8 state = enabled type = w
    new value: 10482641723211451
(lldb) c
Process 56961 resuming
Process 56961 stopped
* thread #31: tid = 0x6d18a, 0x0000000180d824ec libsystem_platform.dylib`__bzero + 76, stop reason = EXC_BREAKPOINT (code=258, subcode=0x117dc2580)
    frame #0: 0x0000000180d824ec libsystem_platform.dylib`__bzero + 76
libsystem_platform.dylib`__bzero:
->  0x180d824ec <+76>: dc     zva, x3
    0x180d824f0 <+80>: add    x3, x3, #64
    0x180d824f4 <+84>: subs   x2, x2, #64
    0x180d824f8 <+88>: b.hi   0x180d824ec               ; <+76>
(lldb)

does it look good?

edit: i just run a "conventional" watchpoint to compare as i'm noob...

combo value

(lldb) w s e -- 0x115e0fb10
Watchpoint created: Watchpoint 2: addr = 0x115e0fb10 size = 8 state = enabled type = w
    new value: 0
(lldb) c
Process 56961 resuming
Process 56961 stopped
* thread #1: tid = 0x6cb17, 0x00000001003a16fc bleach`___lldb_unnamed_function15234$$bleach + 24, queue = 'com.apple.main-thread', stop reason = EXC_BREAKPOINT (code=258, subcode=0x115e0fb14)
    frame #0: 0x00000001003a16fc bleach`___lldb_unnamed_function15234$$bleach + 24
bleach`___lldb_unnamed_function15234$$bleach:
->  0x1003a16fc <+24>: strb   w8, [x19, #148]
    0x1003a1700 <+28>: ldr    w8, [x19, #144]
    0x1003a1704 <+32>: add    w8, w8, w1
    0x1003a1708 <+36>: stp    wzr, w8, [x19, #140]
(lldb)

so i guess pointing a dylib is not good...

Updated May 26, 2018 by Anonymonk