I got the concept with the string replace, [Update] cancle this. You can't simpley replace the ref to %d,0, because we need it, we have to use another reference.[/Update]
but thats what I tought,
Code:
.text:0000CDFC MOV R0, SP ; char *
.text:0000CE00 LDR R3, =0x3FC
.text:0000CE04 LDR R1, [R10,R3] ; char *
.text:0000CE08 MOV R2, R6
.text:0000CE0C BL _sprintf
.text:0000CE10 MOV R0, R5
.text:0000CE14 MOV R1, SP
.text:0000CE18 BL SubcpuThreadPostDigitEvent
.text:0000CE1C B loc_CE98
.text:0000CE20 ; ---------------------------------------------------------------------------
.text:0000CE20
.text:0000CE20 loc_CE20 ; CODE XREF: SubcpuThreadPostKeyEvent+F0j
.text:0000CE20 MOV R4, SP
.text:0000CE24 MOV R0, SP ; char *
.text:0000CE28 LDR R3, =0x3FC
.text:0000CE2C LDR R1, [R10,R3] ; char *
.text:0000CE30 MOV R2, R6
.text:0000CE34 BL _sprintf
...
.text:0000CEEC ; End of function SubcpuThreadPostKeyEvent
.text:0000CEEC
.text:0000CEEC ; ---------------------------------------------------------------------------
.text:0000CEF0 off_CEF0 DCD __GLOBAL_OFFSET_TABLE_
.text:0000CEF0 ; DATA XREF: SubcpuThreadPostKeyEvent+8
.text:0000CEF4 dword_CEF4 DCD 0x410 ; DATA XREF: SubcpuThreadPostKeyEvent+D8
.text:0000CEF4 ; SubcpuThreadPostKeyEvent+16C ...
.text:0000CEF8 dword_CEF8 DCD 0x3FC ; DATA XREF: SubcpuThreadPostKeyEvent+108
.text:0000CEF8 ; SubcpuThreadPostKeyEvent+130
The reference to .got is done via the relative offset DCD at 0CEF8, which happens to occur only once.
So we would have to trick the offset-calculation at line ce2c so get [EDIT] the new ref [\EDIT] as result.
psst: Disassembler used is I D A