Tutorial Basic Hooking Tutorial

[imls01245]

Pls help how to hook void bool value like this:

// RVA: 0x66050C Offset: 0x66050C VA: 0x66050C
public static void set_DoubledGems(bool value) { }

// RVA: 0x6610E4 Offset: 0x6610E4 VA: 0x6610E4
private void Update() { }


I tried to hook this using this code:
bool DoubleGems = false;

void (*set_DoubledGems)(void *instance, bool value);
void (*old_doubleGems)(void *instance);
void doubleGems(void *instance) {
if (instance != NULL) {
if (DoubleGems) {
set_DoubledGems(instance, true);
}
}
old_doubleGems(instance);
}

set_DoubledGems = (void (*) (void *, bool))getAbsoluteAddress("libil2cpp.so", 0x66050C);

HOOK_LIB("libil2cpp.so", "0x6610E4", doubleGems, old_doubleGems);

case 0:
DoubleGems = boolean;
break;

And It crashes, tell me what went wrong?

 

[imls01245]

Pls help how to hook void bool value like this:

// RVA: 0x66050C Offset: 0x66050C VA: 0x66050C
public static void set_DoubledGems(bool value) { }

// RVA: 0x6610E4 Offset: 0x6610E4 VA: 0x6610E4
private void Update() { }


I tried to hook this using this code:
bool DoubleGems = false;

void (*set_DoubledGems)(void *instance, bool value);
void (*old_doubleGems)(void *instance);
void doubleGems(void *instance) {
if (instance != NULL) {
if (DoubleGems) {
set_DoubledGems(instance, true);
}
}
old_doubleGems(instance);
}

set_DoubledGems = (void (*) (void *, bool))getAbsoluteAddress("libil2cpp.so", 0x66050C);

HOOK_LIB("libil2cpp.so", "0x6610E4", doubleGems, old_doubleGems);

case 0:
DoubleGems = boolean;
break;

And It crashes, tell me what went wrong?

Solved, nothing wrong from the code

 

[Daleon228_09]

Solved, nothing wrong from the code

Poshel Naxuy

 

[k1046468493]

帖子

111

 

[sekoia]

thx

 

[VH08-Shisui]

Need help to learn modding for first time after search in ida from loaded android binary, any one can help me how to hook or implement this code to some hook template this code:


.text:02531B50 ; =============== S U B R O U T I N E =======================================
.text:02531B50
.text:02531B50
.text:02531B50 ; int __fastcall ExpansionRewardOptionWindow::onDiamondsButtonClicked(ExpansionRewardOptionWindow *this, BaseButton *)
.text:02531B50 EXPORT _ZN27ExpansionRewardOptionWindow23onDiamondsButtonClickedEP10BaseButton
.text:02531B50 _ZN27ExpansionRewardOptionWindow23onDiamondsButtonClickedEP10BaseButton ; DATA XREF: LOAD:00069130↑o
.text:02531B50 ; ExpansionRewardOptionWindow::onPostCCBILoadSetup(void)+5F4↑o ...
.text:02531B50 ; __unwind {
.text:02531B50 000 MOV R1, R0 ; Rd = Op2
.text:02531B54 000 LDR R0, [R0,#0x348] ; Load from Memory
.text:02531B58 000 CMP R0, #0 ; Set cond. codes on Op1 - Op2
.text:02531B5C 000 BXEQ LR ; Branch to/from Thumb mode
.text:02531B60 000 ADD R0, R1, #0x338 ; Rd = Op1 + Op2
.text:02531B64 000 B j__ZNKSt6__ndk18functionIFvP27ExpansionRewardOptionWindowEEclES2_ ; std::function<void ()(ExpansionRewardOptionWindow *)>::operator()(ExpansionRewardOptionWindow *)
.text:02531B64 ; End of function ExpansionRewardOptionWindow::onDiamondsButtonClicked(BaseButton *)

LOAD:0098B928 aZn27expansionr DCB "_ZN27ExpansionRewardOptionWindow18setDescriptionTextERKNSt6__ndk" ; DATA XREF: LOAD:00286550↑o
LOAD:0098B928 DCB "112basic_stringIcNS0_11char_traitsIcEENS0_9allocatorIcEEEE",0
LOAD:0098B9A3 aZn27expansionr_0 DCB "_ZN27ExpansionRewardOptionWindow19onPostCCBILoadSetupEv",0 ; DATA XREF: LOAD:002E62A0↑o
LOAD:0098B9DB aZn27expansionr_1 DCB "_ZN27ExpansionRewardOptionWindow20onCoinsButtonClickedEP10BaseBu" ; DATA XREF: LOAD:003306D0↑o
LOAD:0098B9DB DCB "tton",0
LOAD:0098BA20 aZn27expansionr_2 DCB "_ZN27ExpansionRewardOptionWindow21assignMemberVariablesER17CCBVa" ; DATA XREF: LOAD:000E36E0↑o
LOAD:0098BA20 DCB "riableAssign",0
LOAD:0098BA6D aZn27expansionr_3 DCB "_ZN27ExpansionRewardOptionWindow23onDiamondsButtonClickedEP10Bas" ; DATA XREF: LOAD:00069130↑o
LOAD:0098BA6D DCB "eButton",0
LOAD:0098BAB5 aZn27expansionr_4 DCB "_ZN27ExpansionRewardOptionWindow23setCoinButtonPropertiesENSt6__" ; DATA XREF: LOAD:00206220↑o
LOAD:0098BAB5 DCB "ndk18functionIFvPS_EEExbRKNS0_12basic_stringIcNS0_11char_traitsI"
LOAD:0098BAB5 DCB "cEENS0_9allocatorIcEEEE",0
LOAD:0098BB4D aZn27expansionr_5 DCB "_ZN27ExpansionRewardOptionWindow26setDiamondButtonPropertiesENSt" ; DATA XREF: LOAD:001E8690↑o
LOAD:0098BB4D DCB "6__ndk18functionIFvPS_EEExb",0
LOAD:0098BBA9 aZn27expansionr_6 DCB "_ZN27ExpansionRewardOptionWindowC1Ev",0 ; DATA XREF: LOAD:000B9420↑o
LOAD:0098BBCE aZn27expansionr_7 DCB "_ZN27ExpansionRewardOptionWindowC2Ev",0 ; DATA XREF: LOAD:000C04A0↑o
LOAD:0098BBF3 aZn27expansionr_8 DCB "_ZN27ExpansionRewardOptionWindowD0Ev",0 ; DATA XREF: LOAD:00196260↑o
LOAD:0098BC18 aZn27expansionr_9 DCB "_ZN27ExpansionRewardOptionWindowD1Ev",0 ; DATA XREF: LOAD:0019D020↑o
LOAD:0098BC3D aZn27expansionr_10 DCB "_ZN27ExpansionRewardOptionWindowD2Ev",0 ; DATA XREF: LOAD:001A3D80↑o
LOAD:00069130 DCD aZn27expansionr_3 - byte_33ED10; st_name ; "_ZN27ExpansionRewardOptionWindow23onDiamondsButtonClickedEP10Bas"... ...
LOAD:00069130 DCD _ZN27ExpansionRewardOptionWindow23onDiamondsButtonClickedEP10BaseButton; st_value
LOAD:00069130 DCD 0x18 ; st_size
LOAD:00069130 DCB 0x12 ; st_info
LOAD:00069130 DCB 0 ; st_other
LOAD:00069130 DCW 0xD ; st_shndx
.plt:01E87A38 ; _DWORD __fastcall UnlockSectorMode::init(UnlockSectorMode *__hidden this, CityEntitiesView *, AbstractEntitiesModeController *, BaseCityController *)
.plt:01E87A38 j__ZN16UnlockSectorMode4initEP16CityEntitiesViewP30AbstractEntitiesModeControllerP18BaseCityController
.plt:01E87A38 000 ADRL R12, 0x3D6CA40
.plt:01E87A40 000 LDR PC, [R12,#(_ZN16UnlockSectorMode4initEP16CityEntitiesViewP30AbstractEntitiesModeControllerP18BaseCityController_ptr - 0x3D6CA40)]! ; UnlockSectorMode::init(CityEntitiesView *,AbstractEntitiesModeController *,BaseCityController *)
.plt:01E87A40 ; End of function UnlockSectorMode::init(CityEntitiesView *,AbstractEntitiesModeController *,BaseCityController *)
.plt:01E87A40
.plt:01E87A44 ; [0000000C BYTES: COLLAPSED FUNCTION UnlockSectorMode::exitMode(void). PRESS CTRL-NUMPAD+ TO EXPAND]
.plt:01E87A50
.plt:01E87A50 ; =============== S U B R O U T I N E =======================================
.plt:01E87A50
.plt:01E87A50 ; Attributes: thunk
.plt:01E87A50
.plt:01E87A50 ; _DWORD UnlockSectorMode::enterMode(UnlockSectorMode *__hidden this)
.plt:01E87A50 j__ZN16UnlockSectorMode9enterModeEv
.plt:01E87A50 000 ADRL R12, 0x3D6CA58
.plt:01E87A58 000 LDR PC, [R12,#(_ZN16UnlockSectorMode9enterModeEv_ptr - 0x3D6CA58)]! ; UnlockSectorMode::enterMode(void)
.plt:01E87A58 ; End of function UnlockSectorMode::enterMode(void)
.plt:01E87A58
.plt:01E87A5C ; [0000000C BYTES: COLLAPSED FUNCTION UnlockSectorMode::getModeId(void). PRESS CTRL-NUMPAD+ TO EXPAND]
.plt:01E87A68
.plt:01E87A68 ; =============== S U B R O U T I N E =======================================
.plt:01E87A68
.plt:01E87A68 ; Attributes: thunk
.plt:01E87A68
.plt:01E87A68 ; _DWORD UnlockSectorMode::onBuildingPlacementConfirmed(UnlockSectorMode *__hidden this)
.plt:01E87A68 j__ZN16UnlockSectorMode28onBuildingPlacementConfirmedEv
.plt:01E87A68 000 ADRL R12, 0x3D6CA70
.plt:01E87A70 000 LDR PC, [R12,#(_ZN16UnlockSectorMode28onBuildingPlacementConfirmedEv_ptr - 0x3D6CA70)]! ; UnlockSectorMode::onBuildingPlacementConfirmed(void)
.plt:01E87A70 ; End of function UnlockSectorMode::onBuildingPlacementConfirmed(void)
.plt:01E89B50 ; =============== S U B R O U T I N E =======================================
.plt:01E89B50
.plt:01E89B50 ; Attributes: thunk
.plt:01E89B50
.plt:01E89B50 ; NotificationEvent<ExpansionUnlockedEvent>::notify(Listener *)const
.plt:01E89B50 j__ZNK17NotificationEventI22ExpansionUnlockedEventE6notifyEP8Listener
.plt:01E89B50 000 ADRL R12, 0x3D6CB58
.plt:01E89B58 000 LDR PC, [R12,#(_ZNK17NotificationEventI22ExpansionUnlockedEventE6notifyEP8Listener_ptr - 0x3D6CB58)]! ; NotificationEvent<ExpansionUnlockedEvent>::notify(Listener *)
.plt:01E89B58 ; End of function NotificationEvent<ExpansionUnlockedEvent>::notify(Listener *)
.plt:01E89B58
.plt:01E89B5C
.plt:01E89B5C ; =============== S U B R O U T I N E =======================================
.plt:01E89B5C
.plt:01E89B5C ; Attributes: thunk
.plt:01E89B5C
.plt:01E89B5C ; NotificationEvent<ExpansionUnlockedEvent>::~NotificationEvent()
.plt:01E89B5C j__ZN17NotificationEventI22ExpansionUnlockedEventED2Ev
.plt:01E89B5C 000 ADRL R12, 0x3D6CB64
.plt:01E89B64 000 LDR PC, [R12,#(_ZN17NotificationEventI22ExpansionUnlockedEventED2Ev_ptr - 0x3D6CB64)]! ; NotificationEvent<ExpansionUnlockedEvent>::~NotificationEvent()
.plt:01E89B64 ; End of function NotificationEvent<ExpansionUnlockedEvent>::~NotificationEvent()
.plt:01E89B64
.plt:01E89B68
.plt:01E89B68 ; =============== S U B R O U T I N E =======================================
.plt:01E89B68
.plt:01E89B68 ; Attributes: thunk
.plt:01E89B68
.plt:01E89B68 ; void __fastcall ExpansionUnlockedEvent::~ExpansionUnlockedEvent(ExpansionUnlockedEvent *__hidden this)
.plt:01E89B68 j__ZN22ExpansionUnlockedEventD0Ev
.plt:01E89B68 000 ADRL R12, 0x3D6CB70
.plt:01E89B70 000 LDR PC, [R12,#(_ZN22ExpansionUnlockedEventD0Ev_ptr - 0x3D6CB70)]! ; ExpansionUnlockedEvent::~ExpansionUnlockedEvent()
.plt:01E89B70 ; End of function ExpansionUnlockedEvent::~ExpansionUnlockedEvent()
.plt:01DDF228 ; =============== S U B R O U T I N E =======================================
.plt:01DDF228
.plt:01DDF228 ; Attributes: thunk
.plt:01DDF228
.plt:01DDF228 ; ExpansionRewardOptionWindow *ExpansionRewardOptionWindow::ExpansionRewardOptionWindow(ExpansionRewardOptionWindow *__hidden this)
.plt:01DDF228 j__ZN27ExpansionRewardOptionWindowC2Ev ; CODE XREF: CreateUINode<ExpansionRewardOptionWindow>(void)+14↓p
.plt:01DDF228 000 ADRL R12, 0x3D34230
.plt:01DDF230 000 LDR PC, [R12,#(_ZN27ExpansionRewardOptionWindowC2Ev_ptr - 0x3D34230)]! ; ExpansionRewardOptionWindow::ExpansionRewardOptionWindow(void)
.plt:01DDF230 ; End of function ExpansionRewardOptionWindow::ExpansionRewardOptionWindow(void)
.plt:01D8B234 ; =============== S U B R O U T I N E =======================================
.plt:01D8B234
.plt:01D8B234 ; Attributes: thunk
.plt:01D8B234
.plt:01D8B234 ; void __fastcall ExpansionPlacementVO::~ExpansionPlacementVO(ExpansionPlacementVO *__hidden this)
.plt:01D8B234 j__ZN20ExpansionPlacementVOD2Ev ; CODE XREF: ExpansionPlacementVO::~ExpansionPlacementVO()+8↓p
.plt:01D8B234 ; std::__shared_ptr_emplace<ExpansionPlacementVO>::~__shared_ptr_emplace()+20↓p
.plt:01D8B234 000 ADRL R12, 0x3D1823C
.plt:01D8B23C 000 LDR PC, [R12,#(_ZN20ExpansionPlacementVOD2Ev_ptr - 0x3D1823C)]! ; ExpansionPlacementVO::~ExpansionPlacementVO()
.plt:01D8B23C ; End of function ExpansionPlacementVO::~ExpansionPlacementVO()
.got:03CE725C _ZN27ExpansionRewardOptionWindow23onDiamondsButtonClickedEP10BaseButton_ptr DCD _ZN27ExpansionRewardOptionWindow23onDiamondsButtonClickedEP10BaseButton
.got:03CE725C ; DATA XREF: ExpansionRewardOptionWindow::onPostCCBILoadSetup(void)+5F0↑o
.got:03CE725C ; ExpansionRewardOptionWindow::onPostCCBILoadSetup(void)+5F4↑r ...
.got:03CE725C ; ExpansionRewardOptionWindow::onDiamondsButtonClicked(BaseButton *)
.got:03CE7260 _ZTVNSt6__ndk110__function6__funcINS_6__bindIM27ExpansionRewardOptionWindowFvP10BaseButtonEJPS3_RKNS_12placeholders4__phILi1EEEEEENS_9allocatorISE_EEFvS5_EEE_ptr DCD _ZTVNSt6__ndk110__function6__funcINS_6__bindIM27ExpansionRewardOptionWindowFvP10BaseButtonEJPS3_RKNS_12placeholders4__phILi1EEEEEENS_9allocatorISE_EEFvS5_EEE
.got:03CE7260 ; DATA XREF: ExpansionRewardOptionWindow::onPostCCBILoadSetup(void)+5FC↑o
.got:03CE7260 ; ExpansionRewardOptionWindow::onPostCCBILoadSetup(void)+600↑r ...
.got:03CE7260 ; `vtable for'std::__function::__func<std::__bind<void (ExpansionRewardOptionWindow::*)(BaseButton *),ExpansionRewardOptionWindow*,std::placeholders::__ph<1> const&>,std::allocator<std::__bind<void (ExpansionRewardOptionWindow::*)(BaseButton *),ExpansionRewardOptionWindow*,std::placeholders::__ph<1> const&>>,void ()(BaseButton *)>
.got:03CE7264 _ZN27ExpansionRewardOptionWindow20onCoinsButtonClickedEP10BaseButton_ptr DCD _ZN27ExpansionRewardOptionWindow20onCoinsButtonClickedEP10BaseButton
.got:03CE7264 ; DATA XREF: ExpansionRewardOptionWindow::onPostCCBILoadSetup(void)+634↑o
.got:03CE7264 ; ExpansionRewardOptionWindow::onPostCCBILoadSetup(void)+638↑r ...
.got:03CE7264 ; ExpansionRewardOptionWindow::onCoinsButtonClicked(BaseButton *)

I want to make the hook or function work without consuming my coins or diamonds
I'm so sorry if put in wrong thread/ post

 

[usbsocram]

Hello everyone,

I'm interested in learning more about ByNameModding and was wondering if anyone could share their expertise or point me towards resources or tutorials for beginners. Specifically, I'm looking for best practices and initial steps to take when using this modding approach.

Thank you in advance for your guidance!

Best regards.

 

[usbsocram]

Olá a todos,

Estou interessado em aprender mais sobre ByNameModding e gostaria de saber se alguém poderia compartilhar seus conhecimentos ou me indicar recursos ou tutoriais para iniciantes. Especificamente, estou procurando práticas recomendadas e etapas iniciais a serem seguidas ao usar essa abordagem de modding.

Agradecemos sinceramente por sua orientação!

Atenciosamente.

 

[usbsocram]

Hola a todos,

Estoy interesado en aprender más sobre ByNameModding y me preguntaba si alguien podría compartir sus conocimientos o indicarme recursos o tutoriales para principiantes. Específicamente, estoy buscando las mejores prácticas y los pasos iniciales a seguir al utilizar este enfoque de modificación.

¡Gracias de antemano por su orientación!

Tuyo sinceramente.

 

[usbsocram]

Herkese merhaba,

ByNameModding hakkında daha fazla şey öğrenmek istiyorum ve birisinin bilgilerini paylaşıp paylaşamayacağını veya beni yeni başlayanlar için kaynaklara veya eğitimlere yönlendirip yönlendiremeyeceğini merak ediyordum. Özellikle, modlamada bu yaklaşımı kullanırken en iyi uygulamaları ve atılacak ilk adımları arıyorum.

Rehberliğiniz için şimdiden teşekkür ederiz!

Saygılarımla.

 

[SzxcF]

Game: Geometry Dash 2.2.13 arm64
How i can hook cocos2dcpp library methods?
I wrote hooks like this but its crashes when method is called:

void (*o_incrementDiamondsCount)(int value);
void incrementDiamondsCount(int value) {
    value += 100;
    o_incrementDiamondsCount(value);
}

In thread:

// 0x008baec0 CurrencyRewardLayer::incrementDiamondsCount(int)
DobbyHook((void *)getAbsoluteAddress("libcocos2dcpp.so", 0x008baec0), (void *) incrementDiamondsCount, (void **) &o_incrementDiamondsCount);

 

[nnkiddie]

Is it possible hook double like int?