say sub_140567DF8 is referenced by a CreateThreadEx call), then in the uncracked one just look at every CreateThreadEx call and see which one is similar to the call inside the cracked version, once you've found that it's a good bet whatever function is being passed to CreateThreadEx is the function you're looking for.
say the byte to change is at +0x3FDA from the start of sub_140567DF8 in the already cracked version, once you've found sub_140567DF8 inside the version you're cracking (maybe it's at sub_140692EA0 instead), you can just go to sub_140692EA0 + 0x3FDA and hopefully the byte to change is somewhere around there.Īctually finding those functions is a different matter, usually you can just find what references that function (eg. Luckily the bytes you need to change don't normally move around much relative to the function they're inside, so you can usually just use the offset of the byte from the start of the function instead.Įg. So searching manually isn't really an option here. With Cemu those DRM functions are tens of thousands of bytes long though, filled with obfuscation and other shit to try and make you pull your hair out reversing it. Sometimes it's as easy as searching for the bytes around the one your changing ("signature searching"), but usually those will differ so you'll probably have to search through it manually. Then open the version you're cracking in IDA and locate those same functions, and go through the functions to find the bytes/instructions you need to change, that's the jist of it anyway. You basically just have to find the bytes that were changed in the version you're porting from, by comparing the uncracked patreon build vs cracked (of the same version ofc), then use something like IDA Pro to find what functions those bytes are inside.
Well for a crack like this it isn't really that hard to pull off, since we're just porting the crack from another version.