saltyNxFunctionReplacement.cpp

// Here's an example function we'll use to replace _ZN3app11peachdaikon32PEACH_PEACHDAIKON_DAIKON_1_POWEREv
// The return type and arguments should match that of the function we are replacing
// but the contents can be any valid C
float _ZN3app11peachdaikon32PEACH_PEACHDAIKON_DAIKON_1_POWEREv_replace() {
    return 80.0;
}

// Function to replace a function with the name [function_sym] with a function pointed at by [new_func]
// param | char* function_sym - name of the function to search for
// param | u64   new_func     - a pointer to the function you want to replace it with
int SaltySD_function_replace_sym(const char* function_sym, u64 new_func) {
    u64 addr = SaltySDCore_FindSymbol(function_sym); //maybe try findbuiltinsymbol
    return SaltySD_function_replace(addr, new_func);
}

int SaltySD_function_replace(u64 addr, u64 new_func) {
  // If the function address is not null  
  if (addr) {
        // This overwrites the first 4 instructions of the given function with code that links it to your new function
        SaltySD_Memcpy(addr, "\x49\x00\x00\x58", 4); // LDR X9, .+8
        SaltySD_Memcpy(addr+4, "\x20\x01\x1F\xD6", 4); // BR X9
        SaltySD_Memcpy(addr+8, &new_func, 8); // .dword newaddr
        
        SaltySD_printf("SaltySD Plugin: forcing function at %llx to jump to %11x\n", addr, new_func);
        
        return 0;
    }
    
    return -1;
}

...
// Example usage
SaltySD_function_replace_sym("_ZN3app11peachdaikon32PEACH_PEACHDAIKON_DAIKON_1_POWEREv", &_ZN3app11peachdaikon32PEACH_PEACHDAIKON_DAIKON_1_POWEREv_replace);