Help! I need help. Hooking ObscuredInt types in LGL Mod Menu

NotAWeeb!

NotAWeeb!

1/3 Games Approved
As resumed as possible:

Been dealing with a il2cpp game with particular protections. Pairip and codestage. Bypassed pairip for various reasons (mainly converting from XAPK to APK). Codestage doesn't seem to be stopping me from modding (or so it seems). Game has worked before with various hex patches, and also does with the Menu.

So the problem is probably at my hook code. I just don't know where or how.

Been learning hooking intensively and creating my first hooks, for the sake of modifying 3 different currencies from the game that are stored in public ObscuredInt types.

These are the ObscuredInt methods and its field offsets:

Code: 
// RVA: 0x983F90 Offset: 0x983F90 VA: 0x983F90
public ObscuredInt get_Pickles() { }

// RVA: 0x85E1E4 Offset: 0x85E1E4 VA: 0x85E1E4
public ObscuredInt get_CurrentGold() { }

// RVA: 0x85E204 Offset: 0x85E204 VA: 0x85E204
public ObscuredInt get_CurrentGems() { }


//Fields

private ObscuredInt <Pickles>k__BackingField; // 0x18
private ObscuredInt <CurrentGold>k__BackingField; // 0x88
private ObscuredInt <CurrentGems>k__BackingField; // 0x98

Technically talking, offsets and field offsets seem to be the correct ones.

Down below, at the Spoiler, you'll find the screenshots of all my Main.cpp code.

I don't have much hooking experience. I don't know much about hooking Obscured types. I also don't have much experience with the LGL Menu, so I've been figuring new things out lately, now that I'm learning hooks.

My hooks just won't work to change the currencies. Game doesn't crash or anything after enabling the toggles of the currencies' hooks. Hooks apparently work fine, lib loads fine, toggling the hooks doesn't cause errors or related messages in the game... Everything seems fine, according to the logcat.

Don't really know why it doesn't work. Maybe it's just a dumb ass mistake, or the entire hooking code is wrong. I don't know C++ yet, but I can kind of understand what it does. I normally learn and copy code from various examples around sites like this forum, GitHub, YouTube tutorials and so on, and try to adapt it to my needs.


Please, help me out and teach me the ways. I'll seriously appreciate it. :pepe023:

P.D: Only the hex patch for Damage works. Not even the health (GodMode) float hook works.


Here's my code:

1.png

2.png

3.png

(...)
4.png

(...)
5.png
 
Sort by date Sort by votes
JohnnyCappucino said:
I want to ask, what instrument are you using to rewrite the "CRC32"?
Click to expand...
I knew people would be asking me for this :pepe001: that's why I wanted to create a tutorial. I use a handy APK patching tool that facilitates the process of changing the CRC32 a lot.

Gonna create the tutorial thread as soon as possible, just let me have breakfast first :face07:

But for the time being, I should be the one getting help to mod this game, not teaching others LMAO
 
Upvote 0 Downvote
NotAWeeb! said:
I knew people would be asking me for this :pepe001: that's why I wanted to create a tutorial. I use a handy APK patching tool that facilitates the process of changing the CRC32 a lot.

Gonna create the tutorial thread as soon as possible, just let me have breakfast first :face07:

But for the time being, I should be the one getting help to mod this game, not teaching others LMAO
Click to expand...
Yeah, i didn't solicit you to teach me anything, i just needed an instrument, not a big deal.
 
Upvote 0 Downvote
First of all, never call MSHook inside another hook.

Second, why you're using the same featureHookToggle for each case? Meaning, even if your code would be in the right way (which I guess not), just by enabling one of your visual toggles in GUI you will call all of your 4 hooks together!!! 😯😒. For proper testing you better separate it.
Just make it featureHookToggle1, featureHookToggle2, featureHookToggle3, or any custom names.

Third, what is the logic of this? Even if it wasn't obscured, are you sure those methods will use this fields what you've put inside your SetObscured[type]Value method?
C++: 
// RVA: 0x983F90 Offset: 0x983F90 VA: 0x983F90
public ObscuredInt get_Pickles() { }

// RVA: 0x85E1E4 Offset: 0x85E1E4 VA: 0x85E1E4
public ObscuredInt get_CurrentGold() { }

// RVA: 0x85E204 Offset: 0x85E204 VA: 0x85E204
public ObscuredInt get_CurrentGems() { }
I mean, I dont have any information about your reversing research, and parameters for Obscured always empty.

Mostly we search one method like Update() in one huge class where is located fields you want to modify, or class which is maybe call parameters from another shared classes, and just hooking fields Update() hook.

Example how I tried (remaked for your case):
C++: 
MSHookFunction((void *) getAbsoluteAddress(targetLibName, 0x2A1234), (void *) UpdatePlayer, (void **) &old_UpdatePlayer);
void (*old_UpdatePlayer)(void *instance);
void UpdatePlayer(void *instance) {
    if (instance != NULL) {
        if (isMoneyCheatEnable) {
            SetObscuredByteValue((uint64_t)instance + 0x1C, 10000); //0x88 money field
        }
        if (isPickesCheatEnable) {
            SetObscuredIntValue((uint64_t)instance + 0x18, 8500); // it will keep Pickles amount 8500 Forever until you exit game or game crashes
        }
        if (isGemCheatEnable) {
            isGemCheatEnable = false;
            GemsAdd(instance, 908070); //GemsAdd in my case is a void method GemsAdd(float amount), but will add Gems only for 1 time when Update() method updates
        }
    }
    return old_UpdatePlayer(instance);
}

void (*GemsAdd)(void *, float);
    GemsAdd = (void (*)(void *, float)) getAbsoluteAddress(targetLibName, 0xA12345);

For sure you will need to additionally patch FALSE or NOP to the main CodeStage methods (around 10 or more), else game will freeze/crash or even ban 🤣. You can do it like you did with your Damage patch, or custom.

I'm also learning about ACTK bypass and hooks based on LGL. I just look at your thread because I'm interested how to hook Obscured methods, not just fields. But have found nothing yet 😭😭😭Any ideas?
 
Upvote 0 Downvote
@nekrasov I don't create separated featureToggle(s), it works just fine with every other hook I currently have.

I've (theoretically) determined that the cause of the unability to hook the ObscuredInt methods is basically that I'm not using the correct field location to deobfuscate the original methods' location (maybe I'm wrong, I'm still learning :face26:).

Third, what is the logic of this? Even if it wasn't obscured, are you sure those methods will use this fields what you've put inside your SetObscured[type]Value method?
Click to expand...

I don't exactly know what you mean by this, but I have a feeling that's what could fix the hooks if I do it properly. Please, explain to me what you mean.

I already tried to hook other related methods to currencies in order to mod it, but I have to properly bypass CodeStage or my game will freeze every time the currency method hook gets called. I already tried doing NOP to all methods on classes except the main CodeStage class, and still freezes. The problem relays on the fact I don't know how to figure the offsets for the CodeStage's main class methods, and they won't show up in dnSpy.

I've heard I'm able to do so with IDA, but need to figure out exactly how. Do you have any reference or can teach me how?

As soon as I get to bypass CodeStage, I should be able to create all currency cheats with related methods to the original Obscured ones.

I'm still learning hooking, I started creating my first hooks with this same game I'm dealing with. Please keep this in mind.

And I don't know what you mean by learning how to hook Obscured methods and not just fields. Am I not hooking Obscured methods with the required field offsets (BackingFields)?
 
Upvote 0 Downvote
If you're still talking about Pickle Pete, would you tell me which class & field of Obscured types you're trying to modify?
i don't think the cause for your crash is codestage but I'd like to try it first
 
Last edited:
Upvote 0 Downvote
NotAWeeb! said:
@nekrasov I don't create separated featureToggle(s), it works just fine with every other hook I currently have.

I've (theoretically) determined that the cause of the unability to hook the ObscuredInt methods is basically that I'm not using the correct field location to deobfuscate the original methods' location (maybe I'm wrong, I'm still learning :face26:).



I don't exactly know what you mean by this, but I have a feeling that's what could fix the hooks if I do it properly. Please, explain to me what you mean.

I already tried to hook other related methods to currencies in order to mod it, but I have to properly bypass CodeStage or my game will freeze every time the currency method hook gets called. I already tried doing NOP to all methods on classes except the main CodeStage class, and still freezes. The problem relays on the fact I don't know how to figure the offsets for the CodeStage's main class methods, and they won't show up in dnSpy.

I've heard I'm able to do so with IDA, but need to figure out exactly how. Do you have any reference or can teach me how?

As soon as I get to bypass CodeStage, I should be able to create all currency cheats with related methods to the original Obscured ones.

I'm still learning hooking, I started creating my first hooks with this same game I'm dealing with. Please keep this in mind.

And I don't know what you mean by learning how to hook Obscured methods and not just fields. Am I not hooking Obscured methods with the required field offsets (BackingFields)?
Click to expand...
Sorry for late reply. Basically I can't find any tips to hook something like ObscuredInt 0x12345 (offset).
I only know you need to use some hook obscured fields with some Update() method like I said before.

For bypass CodeStage you just need to add more NOP to your patch. Thats all. I have added like 15 Nope to different codestage methods.
 
Upvote 0 Downvote
You must log in or register to reply here.
Back
Top Bottom