Solved Help to understand the logic of editing offsets

Status
Not open for further replies.
S

Sanz Tes

Platinian
Original poster
Apr 13, 2023
14
4
3
33
Girona
Hello. In many games there are various bonuses that are given for viewing ads, there are also many mods in which these bonuses can be obtained without viewing it. I analyzed several of these mods and found that offsets are edited by type:
"void showreward", "void ShowRewardedAd"

For editing, something like this is used:
arm7: mov r0, r1
b #0x??????

arm8: mov x0, x1
b #0x??????

Question: What do I need to find in dump.cs (or maybe somewhere else) to figure out what to insert instead of "??????" ? What literature can be read about it? The mods use different large values like "13846E", if you change it a little, for example, to "13846F", then the game crashes after I press the "watch ads" button
 
NotALegitGuy

NotALegitGuy

Solid & Active Platinian
Sep 24, 2018
69
67
18
Costa Rica
iirc the b instruction is similar to jump, it branches to the given address, so the what that does is move to register 0 the value of register 1 then branch into the address 0x??????, So 13846E is the address to where it branches, and if you change it a bit it branches to another one which might be invalid and as a result a crash.
arm asm docs

The what the mods do is probably branch to another location to skip a whole part of the function or to their own hook function, as a result skipping the whole ad.

Just a guess, I'm also not an expert so i ask to please be corrected if I'm wrong.
 
  • Like
Reactions: Sanz Tes
Hiyall360

Hiyall360

Awesome Active Platinian
Jan 14, 2018
132
3,950
193
Mr.Pringlez
These branch instructions are happening within the function (which dumps wont give you). You have to open the Assembly in IDA and analyze the function (as it will hold multiple instructions within)

This "Branch" ( b #0x?????? ) is just skipping to another section of the instruction stack of the same function

Example:

void ShowRewardedAd will have an offset,

but INSIDE void ShowRewardedAd, there are MORE offsets within, which represent instructions in the stack

The Branch is jumping to a specific offset inside the function.

Short answer: Use IDA to look at that function, and you'll see exactly why it jumps to b #0x??????. Dump.cs does not show you offsets WITHIN functions. Only the top of the function.
 
  • Like
Reactions: Sanz Tes
S

Sanz Tes

Platinian
Original poster
Apr 13, 2023
14
4
3
33
Girona
NotALegitGuy said:
iirc the b instruction is similar to jump, it branches to the given address, so the what that does is move to register 0 the value of register 1 then branch into the address 0x??????, So 13846E is the address to where it branches, and if you change it a bit it branches to another one which might be invalid and as a result a crash.
arm asm docs

The what the mods do is probably branch to another location to skip a whole part of the function or to their own hook function, as a result skipping the whole ad.

Just a guess, I'm also not an expert so i ask to please be corrected if I'm wrong.
Click to expand...
Hiyall360 said:
These branch instructions are happening within the function (which dumps wont give you). You have to open the Assembly in IDA and analyze the function (as it will hold multiple instructions within)

This "Branch" ( b #0x?????? ) is just skipping to another section of the instruction stack of the same function

Example:

void ShowRewardedAd will have an offset,

but INSIDE void ShowRewardedAd, there are MORE offsets within, which represent instructions in the stack

The Branch is jumping to a specific offset inside the function.

Short answer: Use IDA to look at that function, and you'll see exactly why it jumps to b #0x??????. Dump.cs does not show you offsets WITHIN functions. Only the top of the function.
Click to expand...
Thank you for your answers, you gave me a lot of information, maybe someday it will come in handy for me. But now, unfortunately, I can't use ida pro because I don't have a computer
 
Raebydett

Raebydett

Awesome Active Platinian
Jan 20, 2020
171
60
28
G
I analyzed several of these mods and found that offsets are edited by type:
"void showreward", "void ShowRewardedAd"
Click to expand...
I wonder how do you even analyzed if you dont have computer, are you one of those kiddo using that "script" ?
 
  • Like
Reactions: AndnixSH
Yaskashije

Yaskashije

PMT Elite Modder
Staff member
Modding-Team
Sep 9, 2018
4,410
844,502
1,213
Minkowski Space
If you know the mod uses some instructions but don't know why it is because you either got spoonfed or worse ( "I analyzed several of these mods" huh).
If you want to be a good modder, then learn how to properly mod by learning assembly instead of living off by other people's efforts and knowledge like skids do.
 
  • Like
Reactions: Minssey, Hiyall360 and AndnixSH
Status
Not open for further replies.
Top Bottom