I'm trying to get instances of a class and it keeps crashing.
I'm using a template from: GitHub - seedhollow/IL2CppAndroid: Android Mod Menu Template based on LGL Mod Menu
C++:
#define IL2CPP_MODULE OBFUSCATE("libil2cpp.so")
typedef int64_t (__fastcall* UnityFindObjectOfTypeFunc)(int64_t type);
typedef int64_t (__fastcall* System_Type_GetTypeFunc)(int64_t a1);
UnityFindObjectOfTypeFunc FindObjectOfType =
reinterpret_cast<UnityFindObjectOfTypeFunc>(reinterpret_cast<char*>(findLibrary("libil2cpp.so")) + 0x15EA128);
System_Type_GetTypeFunc GetTypeFunc =
reinterpret_cast<System_Type_GetTypeFunc>(reinterpret_cast<char*>(findLibrary("libil2cpp.so")) + 0xDE0D7C);
template <typename T>
struct monoArray
{
void* klass;
void* monitor;
void* bounds;
int max_length;
void* vector[1];
int getLength()
{
return max_length;
}
T getPointer()
{
return (T)vector;
}
};
typedef struct _monoString
{
void* klass;
void* monitor;
int length;
char chars[1];
int getLength()
{
return length;
}
std::string getChars()
{
return std::string(chars, length * 2);
}
} monoString;
monoString* CreateMonoString(const char* str) {
size_t len = std::strlen(str);
monoString* ms = (monoString*)std::malloc(sizeof(monoString) + len);
if (ms) {
ms->length = (int)len;
std::memcpy(ms->chars, str, len);
}
return ms;
}
void* GetType(monoString* typeStr) {
DWORD addrVal = getAbsoluteAddress(IL2CPP_MODULE, Offsets::UnityEngine::oGetType);
void* addr = reinterpret_cast<void*>(addrVal);
auto fn = reinterpret_cast<void* (*)(monoString*)>(addr);
if (!fn) {
LOGI("GetType function pointer is null\n");
return nullptr;
}
return fn(typeStr);
}
monoArray<void**>* FindObjectsOfType(void* type) {
DWORD addrVal = getAbsoluteAddress(IL2CPP_MODULE, Offsets::UnityEngine::oFindObjectOfType);
void* addr = reinterpret_cast<void*>(addrVal);
auto fn = reinterpret_cast<monoArray<void**>* (*)(void*)>(addr);
if (!fn) {
LOGI("FindObjectsOfType function pointer is null\n");
return nullptr;
}
return fn(type);
}
void Test() {
monoString* enemyAIStr = CreateMonoString("EnemyAI");
if (!enemyAIStr) {
LOGI("Failed to create monoString for EnemyAI\n");
return;
}
void* type = GetType(enemyAIStr);
if (!type) {
LOGI("GetType returned null\n");
return;
}
//
//
// monoArray<void**>* objEnemyAI = FindObjectsOfType(type);
// if (!objEnemyAI) {
// LOGI("objEnemyAI NOT FOUND!\n");
// return;
// }
//
// int length = objEnemyAI->getLength();
// void** objects = objEnemyAI->getPointer();
// for (int j = 0; j < length; j++) {
// void* object = objects[j];
// if (object) {
// LOGI("FOUND: %p\n", object);
// }
// }
int64_t result = FindObjectOfType((reinterpret_cast<int64_t>(type)));
LOGI("FindObjectOfType returned: %lld\n", result);
}I'm using a template from: GitHub - seedhollow/IL2CppAndroid: Android Mod Menu Template based on LGL Mod Menu
C++:
#define IL2CPP_MODULE OBFUSCATE("libil2cpp.so")
void hook_thread() {
}
void *hack_thread(void *) {
LOGI(OBFUSCATE("pthread created"));
do {
sleep(1);
} while (!KittyMemory::getLibraryMap(IL2CPP_MODULE).isValid());
LOGI(OBFUSCATE("%s has been loaded"), (const char *) IL2CPP_MODULE);
LOGI(OBFUSCATE("Trying to hook in il2cpp now..."));
UnityResolve::Init(dlopen(IL2CPP_MODULE, RTLD_NOW));
LOGI(OBFUSCATE("Starting hooks"));
hook_thread();
return NULL;
}
__attribute__((constructor))
void init() {
pthread_t ptid;
pthread_create(&ptid, NULL, hack_thread, NULL);
}