两个中间跳转编译出来了。
还差两个hook编译不出来。elf2vkp.exe仍然出错。 最后的源码。。。
#define adr_AutoAnswer 0xA09DE7AB
#define PATCH_ID 0xCD09
CODE16
RSEG BODY
BODY:
MOV R2, R6
MOV R0, R5
PUSH {R0-R7,LR}
BL FUN1
BEQ FUN2
CMP R5, #0
BEQ FUN3
CMP R5, #0xB
BGT FUN2
CMP R5, #3
BLS FUN2
SUB R5, R5, #2
FUN3:
BL FUN4
BEQ FUN5
FUN2:
POP {R0-R7,PC}
FUN5:
POP {R0-R7}
B FUN6
NOP
BODY2:
MOV R2, R6
MOV R0, R5
PUSH {R0-R7,LR}
BL FUN1
BEQ FUN7
CMP R5, #0
BEQ FUN8
CMP R5, #0xB
BGT FUN7
CMP R5, #3
BLS FUN7
SUB R5, R5, #2
B FUN9
FUN8:
MOV R0, #1
SWI 0x7D //7D: IsIncognitoCall
CMP R0, #0
BNE FUN9
MOV R5, #0xA
FUN9:
BL FUN4
BEQ FUNA
FUN7:
POP {R0-R7,PC}
FUNA:
POP {R0-R7}
B FUN6
FUN4:
PUSH {R1-R7,LR}
ADD R4, R5, #2
LDRB R1,
CMP R1, #0
BEQ FUNB
MOV R0, #0
B FUNC
FUNB:
SWI 0xB6 // B6: GetProfile()
FUNC:
MOV R1, #0xB
MUL R0, R1
ADD R0, R0, R6
MOV R5, #0xFF
LDRB R2,
LSL R2, R2, #1
ADD PC, R2
NOP
B FUND
B FUNE
B FUNF
B FUN0
B FUNG
FUNF:
MOV R0, #0
MOV R1, #0
SWI 0x66 // 66: EndCallBusy
B FUN0
FUNE:
SWI 0x65 //65: EndCall
B FUN0
FUNG:
LDR R5, =adr_AutoAnswer
BLX R5
FUN0:
MOV R5, #0
FUND:
MOV R0, R5
POP {R1-R7,PC}
NOP
FUN6:
BX PC
CODE32
LDMFD SP!, {LR}
ADD LR, LR, #4
BX LR
FUN1:
CODE16 PUSH {R0-R5,R7,LR}
LDR R0, =PATCH_ID
SWI 0xC4 //C4: GetBuffer
BEQ FUNH
MOV R6, R0
FUNH:
POP {R0-R5,R7,PC}
RSEG HOOK1:CODE(1)
LDR R4, =HOOKA
BLX R4
RSEG HOOK2:CODE(1)
LDR R4, =HOOKB
BLX R4
CODE32
RSEG HOOKA
HOOKA:
LDR R12, =BODY
BX R12
RSEG HOOKB
HOOKB:
LDR R12, =BODY2
BX R12
END
前面开始位置的两个BLX编译不出来,奇怪了。 就这两个东西编译不出来。。。071DC00: 321C281C 0DF124EC
071DC0A: 321C281C 0DF126EC 难道就这么半成品的自己把这两个已知的跳转另外编译出来。。。
页:
1
[2]