I
I
Ildar Gizetdinov2019-11-05 15:49:27
assembler
Ildar Gizetdinov, 2019-11-05 15:49:27

How to change the return value of a function?

There is a code:

il2cpp:000000018043EE60 ; =============== S U B R O U T I N E =======================================
il2cpp:000000018043EE60
il2cpp:000000018043EE60
il2cpp:000000018043EE60 GetAutoBattleTicketsLimit proc near     ; CODE XREF: sub_18043F120+9C↓p
il2cpp:000000018043EE60                                         ; sub_18043F270+177↓p
il2cpp:000000018043EE60                                         ; DATA XREF: ...
il2cpp:000000018043EE60
il2cpp:000000018043EE60 arg_0           = qword ptr  8
il2cpp:000000018043EE60 arg_8           = qword ptr  10h
il2cpp:000000018043EE60
il2cpp:000000018043EE60                 mov     [rsp+arg_0], rbx
il2cpp:000000018043EE65                 mov     [rsp+arg_8], rsi
il2cpp:000000018043EE6A                 push    rdi
il2cpp:000000018043EE6B                 sub     rsp, 20h
il2cpp:000000018043EE6F                 cmp     cs:byte_181B5FB70, 0
il2cpp:000000018043EE76                 mov     rbx, rdx
il2cpp:000000018043EE79                 jnz     short loc_18043EE8D
il2cpp:000000018043EE7B                 mov     ecx, cs:dword_1818218D4
il2cpp:000000018043EE81                 call    sub_180136AB0
il2cpp:000000018043EE86                 mov     cs:byte_181B5FB70, 1
il2cpp:000000018043EE8D
il2cpp:000000018043EE8D loc_18043EE8D:                          ; CODE XREF: GetAutoBattleTicketsLimit+19↑j
il2cpp:000000018043EE8D                 xor     r8d, r8d
il2cpp:000000018043EE90                 mov     rcx, rbx
il2cpp:000000018043EE93                 lea     edx, [r8+5]
il2cpp:000000018043EE97                 call    sub_180583F40
il2cpp:000000018043EE9C                 mov     rsi, rax
il2cpp:000000018043EE9F                 mov     rax, cs:qword_181BB4608
il2cpp:000000018043EEA6                 test    byte ptr [rax+127h], 2
il2cpp:000000018043EEAD                 jz      short loc_18043EEC7
il2cpp:000000018043EEAF                 cmp     dword ptr [rax+0D8h], 0
il2cpp:000000018043EEB6                 jnz     short loc_18043EEC7
il2cpp:000000018043EEB8                 mov     rcx, rax
il2cpp:000000018043EEBB                 call    il2cpp_runtime_class_init_0
il2cpp:000000018043EEC0                 mov     rax, cs:qword_181BB4608
il2cpp:000000018043EEC7
il2cpp:000000018043EEC7 loc_18043EEC7:                          ; CODE XREF: GetAutoBattleTicketsLimit+4D↑j
il2cpp:000000018043EEC7                                         ; GetAutoBattleTicketsLimit+56↑j
il2cpp:000000018043EEC7                 mov     rcx, [rax+0B8h]
il2cpp:000000018043EECE                 mov     rdi, [rcx+8]
il2cpp:000000018043EED2                 test    rdi, rdi
il2cpp:000000018043EED5                 jnz     short loc_18043EF3B
il2cpp:000000018043EED7                 test    byte ptr [rax+127h], 2
il2cpp:000000018043EEDE                 jz      short loc_18043EEF7
il2cpp:000000018043EEE0                 cmp     [rax+0D8h], edi
il2cpp:000000018043EEE6                 jnz     short loc_18043EEF7
il2cpp:000000018043EEE8                 mov     rcx, rax
il2cpp:000000018043EEEB                 call    il2cpp_runtime_class_init_0
il2cpp:000000018043EEF0                 mov     rax, cs:qword_181BB4608
il2cpp:000000018043EEF7
il2cpp:000000018043EEF7 loc_18043EEF7:                          ; CODE XREF: GetAutoBattleTicketsLimit+7E↑j
il2cpp:000000018043EEF7                                         ; GetAutoBattleTicketsLimit+86↑j
il2cpp:000000018043EEF7                 mov     rax, [rax+0B8h]
il2cpp:000000018043EEFE                 mov     rcx, cs:qword_181BB4638
il2cpp:000000018043EF05                 mov     rbx, [rax]
il2cpp:000000018043EF08                 call    sub_180175F50
il2cpp:000000018043EF0D                 mov     r9, cs:qword_181BB9AD8
il2cpp:000000018043EF14                 mov     rdx, rbx
il2cpp:000000018043EF17                 mov     r8, cs:qword_181B72DE8
il2cpp:000000018043EF1E                 mov     rcx, rax
il2cpp:000000018043EF21                 mov     rdi, rax
il2cpp:000000018043EF24                 call    sub_1802CFD20
il2cpp:000000018043EF29                 mov     rax, cs:qword_181BB4608
il2cpp:000000018043EF30                 mov     rcx, [rax+0B8h]
il2cpp:000000018043EF37                 mov     [rcx+8], rdi
il2cpp:000000018043EF3B
il2cpp:000000018043EF3B loc_18043EF3B:                          ; CODE XREF: GetAutoBattleTicketsLimit+75↑j
il2cpp:000000018043EF3B                 mov     r8, cs:qword_181B731B8
il2cpp:000000018043EF42                 mov     rdx, rdi
il2cpp:000000018043EF45                 mov     rcx, rsi
il2cpp:000000018043EF48                 call    sub_1804F5020
il2cpp:000000018043EF4D                 mov     rax, cs:qword_181BC7930
il2cpp:000000018043EF54                 mov     rcx, [rax+0B8h]
il2cpp:000000018043EF5B                 mov     rax, [rcx+8]
il2cpp:000000018043EF5F                 test    rax, rax
il2cpp:000000018043EF62                 jz      short loc_18043EF8D
il2cpp:000000018043EF64                 mov     rax, [rax+30h]
il2cpp:000000018043EF68                 test    rax, rax
il2cpp:000000018043EF6B                 jz      short loc_18043EF8D
il2cpp:000000018043EF6D                 mov     rcx, [rax+28h]
il2cpp:000000018043EF71                 test    rcx, rcx
il2cpp:000000018043EF74                 jz      short loc_18043EF8D
il2cpp:000000018043EF76                 mov     rbx, [rsp+28h+arg_0]
il2cpp:000000018043EF7B                 mov     rsi, [rsp+28h+arg_8]
il2cpp:000000018043EF80                 cvttsd2si eax, xmm0
il2cpp:000000018043EF84                 add     eax, [rcx+20h]
il2cpp:000000018043EF87                 add     rsp, 20h
il2cpp:000000018043EF8B                 pop     rdi
il2cpp:000000018043EF8C                 retn
il2cpp:000000018043EF8D ; ---------------------------------------------------------------------------
il2cpp:000000018043EF8D
il2cpp:000000018043EF8D loc_18043EF8D:                          ; CODE XREF: GetAutoBattleTicketsLimit+102↑j
il2cpp:000000018043EF8D                                         ; GetAutoBattleTicketsLimit+10B↑j ...
il2cpp:000000018043EF8D                 xor     ecx, ecx
il2cpp:000000018043EF8F                 call    sub_1801659F0
il2cpp:000000018043EF8F ; ---------------------------------------------------------------------------
il2cpp:000000018043EF94                 db 0CCh
il2cpp:000000018043EF94 GetAutoBattleTicketsLimit endp
il2cpp:000000018043EF94
il2cpp:000000018043EF95 algn_18043EF95:                         ; DATA XREF: .pdata:0000000181ECC140↓o
il2cpp:000000018043EF95                 align 20h

How can I replace the return value with "99999" for example? I don't understand where the return value is.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
A
Armenian Radio, 2019-11-05
@KFan

Most likely, the value lies in EAX. Put whatever you want in there.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question