hi i am a beginner, i don't know if it can help you
Difficulty: medium
Time required: 30 minutes the first time, then about 5 minutes
Required skills: Medium knowledge of modding + optional ARM language knowledge
1) The first thing to do is take the latest version of the Il2cpp dumper: Perfare / Il2CppDumper and unzip it
2) Now, from the APK file you need to extract the files:
assets / bin / Data / Managed / Metadata / global-metadata.dat
lib / armeabi-v7a / libil2cpp.so (I recommend keeping an additional copy of this file)
It is advisable to extract them in the same folder as the il2cpp dumper.
3) If there is a lib / x86 folder, you can delete it from the apk file (unless you know about x86 opcodes, and you will have to do double duty anyway, while most devices can read apk files even without the x86 version, so you might avoid this unnecessary step)
4) Now, run the "Il2CppDumper.exe" file and it will ask you to select two files. The first you need to select is the libil2cpp.so file you previously moved from the apk file, and the second is global-metadata.dat.
5) if you are using the latest version, SKIP STEPS 5 and 6 and go to step 7.
Anticipation (Spoiler)
7) The script will now generate a file called dump.cs and a folder called "Managed", if it doesn't, you will probably have to refer to step 5 and try again, otherwise the game is probably protected against dump.
8) The dump.cs is a simple txt file (open it with Notepad ++) with a list of functions followed by an offset like: public int get_accuracy // 0x123456. You can find your function by searching for its name if you already know it, otherwise refer to step 8a
where is it:
public int indicates that this is an Int32 function (other types of common functions are bool = Boolean, float = Single and Void);
get_accuracy is the name of the function (identical to the name of the function you have in the old dll version of the game);
0x123456 which, simplified, is only: 123456, is the offset (the position of that function in the libil2cpp.so file);
8a) the Managed folder contains the usual .dll files, but with empty functions, it's only useful for finding the function if you don't know what it's called yet. If you want to proceed with this alternative method to find a function, simply drag all the DLLs into NET Reflector (or DnSpy) and find the function you need to modify, then move to the dump.cs file and search for the same function to find the offsets as shown in point 8.
9) Open "Hxd"
10) Drag the libil2cpp.so file into the Hxd window, press Ctrl + G to open the Search Offset window, and paste the offset from the function you found (in this example, 123456) and hit enter
11) If the modified ti re function is an INT32 and you simply want to return a very high value, proceed as follows: select the first 8 bytes from the Hxd window starting from the point it took you to after pressing Enter (one byte is a sequence of 2 letters / numbers, such as 4F, or 4C and so on) and, once selected, paste the following bytes in their place: FF 04 E0 E3 1E FF 2F E1 (make sure you only replace 8 bytes with these other 8 bytes) .
What is that?
FF 04 E0 E3 = MOV R0, 0xFFFFFF = ldc.i4 -> 16777215
1E FF 2F E1 = BX LR = ret
so you are returning a very very high value.
If you want to return only 1 (true) you can write:
01 00 A0 E3 = MOV R0, 1 = ldc.i4.1
1E FF 2F E1 = BX LR = ret
and if you want to return 0 (false) you can write:
00 00 A0 E3 = MOV R0, 0 = ldc.i4.0
1E FF 2F E1 = BX LR = ret
