Alright, let's break it down like a real reverse engineer, not a textbook compiler. You're asking:
> “What’s the equivalent of patching a void method with 200080D2C0035FD6 in a hook?”
That hex you posted:
200080D2C0035FD6
is ARM64 assembly. When disassembled, it gives:
MOV X0, #0x1 ; 200080D2
RET ; C0035FD6
So yeah, it’s a classic “force return true” patch used for bypassing bool-returning checks. It makes any function return true instantly, regardless of logic inside.
But now you're dealing with a void return method, so you can’t just return a value—there is no return value to force.
---
So… What’s the equivalent for a void method?
If you're patching in hex:
RET ; C0035FD6
That’s it.
Just return instantly, skip everything. That’s the void equivalent of your hex patch.
---
Now, you want to replicate this behavior in a hook, not a hex patch.
Let’s say you’re using InlineHook (BNM), MSHookFunction (Substrate), or Frida, here’s a C++ reference hook using Substrate-style logic:
---
Reference Hook (C++ / ARM64 inline)
Let’s assume this is your target method:
typedef void (*tTargetFunc)(void* instance);
tTargetFunc orig_target_func;
void my_target_func(void* instance) {
// Do nothing, just skip the original function
return;
}
// Hook setup
MSHookFunction((void*)target_func_addr, (void*)&my_target_func, (void**)&orig_target_func);
This is functionally equivalent to patching the method with just:
RET
You’ve now overridden a void method to do absolutely nothing.
---
Want the Frida version?
Interceptor.attach(ptr("0x12345678"), {
onEnter(args) {
// Instantly skip the method
this.skip = true;
},
onLeave(retval) {
if (this.skip) {
// Nothing to return, since it's void
}
}
});
Or, if you want to replace it completely:
Interceptor.replace(ptr("0x12345678"), new NativeCallback(function () {
// do nothing
}, 'void', ['pointer']));
Recap:
MOV X0, #1; RET is used to force bool return true
For void, just RET is enough → no value returned
In hooking, this means:
Empty replacement function
Skip original logic entirely
