Basically I'm trying to counter a dlyb hack that gives some advantage to hackers on my game. In it there's an injectHack function that does this in the beginning:
//This is the function: injectHack(char*, int, char*, int)
push {r4, r5, r6, r7, lr} //Pushes args in reverse order + the link register
add r7, sp, #0xc //What is it doing here? Adding r7(the first char*) to the stack pointer? And what is #0xc?
There are also some lines where it stores some fixed addresses like this:
ldr r0, [r0]
str r0, [r7, #0xffffffbc]
ldr r0, [r0]
I don't get it, it's loading from r0 to r0 twice for no reason? Could this address be the function they're going to hook?
The arm architectural reference manuals do a pretty good job of explaining things in pseudo code.
Yes, effectively the registers are pushed in reverse numerical order, the largest number register (r14) is pushed first then r7 and so on.
the arm calling convention uses r0-r3 for parameters and with maybe one exception you cant mess with the other registers without preserving them so r4-r7 in this case are being preserved as well as lr, this function is likely calling another function. Note an odd number of registers is being pushed so this is an older calling convention, the current one always keeps the stack pointer 64 bit aligned.
the add r7 is not modifying sp, it is just making a pointer into the stack. the fourth word in 0x00 (r4) 0x04 (r5) 0x08 (r6) 0x0C (r7)
So they are making a pointer to whatever value was in r7, very strange but perhaps whatever it is you are looking for.
note the load of r0 from the address r0, modifies r0, pointer = *pointer; then that address is preserved at the address in r7 - 0x44 whatever that points to. they they go another level of indirection with the pointer in r0, pointer = *pointer.
That is about all you have provided us with, but if you would get an arm architectural reference manual from infocenter.arm.com you could just look up the instructions and read the pseudo code. to completely understand every instruction.
The ARM Architecture Procedure Call Standard (AAPCS) is described in the appropriately named "Procedure Call Standard for the ARM Architecture" document. There's another document describing the procedure call standard for 64-bit ARM architectures (AAPCS64).