Quote:
Originally Posted by netkas
cmp then branch is two instructions, 4 bytes in thumb mode
cb/cbnz is just 2 bytes
u cant fit it
Turbo made an userspace sse3 emu for osx86(cathing unknown opcode interrupt and etc), i think it can be ported to iphone to emulate those instr
|
I did a tiny bit of programming on game trainers in the past. "We" had this method called "code injection".
basicly what you do is take an instruction you want to replace with more code.
replace it with a JMP to a memory location with your injection code. Then JMP back to the original flow. But you'd have to find some "code caves" (locations that are filled with NOPs) that are big enough to place your injection code. if you push the memory location you came from to the stack, you can re-use the code to replace all CBZ/CBNZ by POP'ing the memory location off the stack again, and JMP'ing back.
Not sure if this is at all possible, but just thought I'd share.