Help! Help with Hooking and KittyMemory

[Tortellio]

Hello i'm new in mod menu stuffs, i've used LGL template and tried to make a Toggle/Switch menu, and it works, but i don't know how to hook the SliderValue and InputValue for KittyMemory patches, can someone help me please?

 

[Yaskashije]

The LGL's mod menu template comes with an already done example, that you can literally copy/paste and replace 2 or 3 parameters for your own case.
You can find online tutorials about hooks on other sites like G************.

Spoiler: (The following is my opinion about how do I view the situation)

You should realize you need to improve your C++ programming skills (tutorials everywhere on the web) {You won't be able to hook without some basic knowledge on it}. If you disagree with me: How do you expect to do something yourself if you can't understand the core behind the example?

 

[TheLGL]

You can try like Yaskashije said but you need more programming and modding knowledge

 

[TAYK47]

I have a question as well. How can I get offsets and hexes without paying 600 bucks for ida pro

 

[Yaskashije]

I have a question as well. How can I get offsets and hexes without paying 600 bucks for ida pro

You don't need IDA pro to do so. You requiere practice, experience and asm knowledge.
IDA is just a helping tool, that makes everything easier by doing work for you (finding xrefs, showing branched subs...)
When we say "This game requieres IDA", we mean there's no easy/fast way to acquiere the hexes or that analysis of the asm instructions is requiered. You could copy instructions sets into an Hex to Arm converter and also manage to find stuff.

Also, you can find "Free" IDA Pro (wink wink) on the internet, or, you may use Ghidra, which is free, open source and backened by the NSA.

 

[TAYK47]

Omg thx for answering! Thanks

 

[CRaZYAuf]

God, this forum is for newbies, here's an example

 

[CRaZYAuf]

#include <list>
#include <vector>
#include <string.h>
#include <pthread.h>
#include <cstring>
#include <jni.h>
#include <unistd.h>
#include <fstream>
#include "KittyMemory/MemoryPatch.h"
#include "Includes/Logger.h"
#include "Includes/Utils.h"
#include "Includes/obfuscate.h"

#include "Menu.h"

#include "Toast.h"

#if defined(__aarch64__) //Compile for arm64 lib only
#include <And64InlineHook/And64InlineHook.hpp>
#else //Compile for armv7 lib only. Do not worry about greyed out highlighting code, it still works

#include <Substrate/SubstrateHook.h>
#include <Substrate/CydiaSubstrate.h>

#endif

// fancy struct for patches for kittyMemory
struct My_Patches {
    // let's assume we have patches for these functions for whatever game
    // like show in miniMap boolean function
    MemoryPatch GodMode, GodMode2, GodMode3 ;
    // etc...
} hexPatches;
bool feature2 = false;

#define LibName OBFUSCATE("libil2cpp.so")

extern "C" {
JNIEXPORT void JNICALL
Java_uk_lgl_modmenu_Preferences_Changes(JNIEnv *env, jclass clazz, jobject obj,
                                        jint feature, jint value, jboolean boolean, jstring str) {

    const char *featureName = env->GetStringUTFChars(str, 0);
    feature += 1;  // No need to count from 0 anymore. yaaay :)))

    LOGD(OBFUSCATE("Feature name: %d - %s | Value: = %d | Bool: = %d"), feature, featureName, value,
         boolean);

    switch (feature) {
        case 1:
            break;
        case 2:
            feature2 = boolean;
            if (feature2) {
                hexPatches.GodMode.Modify();
                hexPatches.GodMode2.Modify();
                hexPatches.GodMode3.Modify();
            } else {
                hexPatches.GodMode.Restore();
                hexPatches.GodMode2.Restore();
                hexPatches.GodMode3.Restore();
    }
}
}

// ---------- Hooking ---------- //
void *hack_thread(void *) {
    LOGI(OBFUSCATE("pthread called"));

    do {
        sleep(1);
    } while (!isLibraryLoaded(LibName));

    LOGI(OBFUSCATE("%s has been loaded"), (const char *) LibName);

#if defined(__aarch64__)
#else 
    // New way to patch hex via KittyMemory without need to specify len. Spaces or without spaces are fine
    hexPatches.GodMode = MemoryPatch::createWithHex(LibName,
                                                    string2Offset(OBFUSCATE_KEY("0x5EE840",'-')),
                                                    OBFUSCATE("01 02 A0 E3 1E FF 2F E1"));
 
     hexPatches.GodMode2 = MemoryPatch::createWithHex(LibName,
                                                    string2Offset(OBFUSCATE_KEY("0x5EDD0C",'-')),
                                                    OBFUSCATE("01 02 A0 E3 1E FF 2F E1"));
                                                    
     hexPatches.GodMode3 = MemoryPatch::createWithHex(LibName,
                                                    string2Offset(OBFUSCATE_KEY("0x5EEFFC",'-')),
                                                    OBFUSCATE("01 02 A0 E3 1E FF 2F E1"));                                           
                                                    
    LOGI(OBFUSCATE("Hooked"));
#endif

    return NULL;
}

__attribute__((constructor))
void lib_main() {
 
    pthread_t ptid;
    pthread_create(&ptid, NULL, hack_thread, NULL);
    }
 }

 

[Numark]

I have a tutorial called "Basic Hooking Tutorial" if you want to look at that.

 

[HizroMxDz]

#include <list>
#include <vector>
#include <string.h>
#include <pthread.h>
#include <cstring>
#include <jni.h>
#include <unistd.h>
#include <fstream>
#include "KittyMemory/MemoryPatch.h"
#include "Includes/Logger.h"
#include "Includes/Utils.h"
#include "Includes/obfuscate.h"

#include "Menu.h"

#include "Toast.h"

#if defined(__aarch64__) //Compile for arm64 lib only
#include <And64InlineHook/And64InlineHook.hpp>
#else //Compile for armv7 lib only. Do not worry about greyed out highlighting code, it still works

#include <Substrate/SubstrateHook.h>
#include <Substrate/CydiaSubstrate.h>

#endif

// fancy struct for patches for kittyMemory
struct My_Patches {
    // let's assume we have patches for these functions for whatever game
    // like show in miniMap boolean function
    MemoryPatch GodMode, GodMode2, GodMode3 ;
    // etc...
} hexPatches;
bool feature2 = false;

#define LibName OBFUSCATE("libil2cpp.so")

extern "C" {
JNIEXPORT void JNICALL
Java_uk_lgl_modmenu_Preferences_Changes(JNIEnv *env, jclass clazz, jobject obj,
                                        jint feature, jint value, jboolean boolean, jstring str) {

    const char *featureName = env->GetStringUTFChars(str, 0);
    feature += 1;  // No need to count from 0 anymore. yaaay :)))

    LOGD(OBFUSCATE("Feature name: %d - %s | Value: = %d | Bool: = %d"), feature, featureName, value,
         boolean);

    switch (feature) {
        case 1:
            break;
        case 2:
            feature2 = boolean;
            if (feature2) {
                hexPatches.GodMode.Modify();
                hexPatches.GodMode2.Modify();
                hexPatches.GodMode3.Modify();
            } else {
                hexPatches.GodMode.Restore();
                hexPatches.GodMode2.Restore();
                hexPatches.GodMode3.Restore();
    }
}
}

// ---------- Hooking ---------- //
void *hack_thread(void *) {
    LOGI(OBFUSCATE("pthread called"));

    do {
        sleep(1);
    } while (!isLibraryLoaded(LibName));

    LOGI(OBFUSCATE("%s has been loaded"), (const char *) LibName);

#if defined(__aarch64__)
#else
    // New way to patch hex via KittyMemory without need to specify len. Spaces or without spaces are fine
    hexPatches.GodMode = MemoryPatch::createWithHex(LibName,
                                                    string2Offset(OBFUSCATE_KEY("0x5EE840",'-')),
                                                    OBFUSCATE("01 02 A0 E3 1E FF 2F E1"));

     hexPatches.GodMode2 = MemoryPatch::createWithHex(LibName,
                                                    string2Offset(OBFUSCATE_KEY("0x5EDD0C",'-')),
                                                    OBFUSCATE("01 02 A0 E3 1E FF 2F E1"));
                                                   
     hexPatches.GodMode3 = MemoryPatch::createWithHex(LibName,
                                                    string2Offset(OBFUSCATE_KEY("0x5EEFFC",'-')),
                                                    OBFUSCATE("01 02 A0 E3 1E FF 2F E1"));                                          
                                                   
    LOGI(OBFUSCATE("Hooked"));
#endif

    return NULL;
}

__attribute__((constructor))
void lib_main() {

    pthread_t ptid;
    pthread_create(&ptid, NULL, hack_thread, NULL);
    }
}

Your code does not include any example of a seekbar or input value, stop misleading others.

 

[CRaZYAuf]

Your code does not include any example of a seekbar or input value, stop misleading others.

Hello, this is an old Lgl menu, this menu contains a search engine in another script

 

[NhoNYC]

Hello, I use kittymemory.

It works fine with armv7, but not work with arm64-v8a. Please hint me