Help! How to find instance

[ArmorTage]

Hello there. I find the required method, and find offset, but i not find instance (0x??) in void method.
I use apktool pc and il2cppdumper on github
Example, public void AddCoins(int coin) offset 0xBC44DD instance 0x??

 

[Sevol]

instance in examples like lgl is pointer on class where method that u hooking placed. No need to find offset

 

[ArmorTage]

instance in examples like lgl is pointer on class where method that u hooking placed. No need to find offset

But i try a64hook, for void methods need number, like 0x??. For int, float its no need. Fields have instance, but not methods.

 

[ArmorTage]

 

[ArmorTage]

I use example lgl menu. And only 64 bits.

 

[ArmorTage]

instance in examples like lgl is pointer on class where method that u hooking placed. No need to find offset

If you russian, please answer on russian

 

[Kurumi0343]

Wards please notify me if you get answer

 

[Sevol]

If you russian, please answer on russian

instance просто указываешь как параметр и просто на него забиваешь. но в данном случае тебе нужно вызывать update, который вызывается в игре каждое обновление кадра и там вызывать метод addcoins, взяв instance из update

 

[ArmorTage]

instance просто указываешь как параметр и просто на него забиваешь

Ахахахахаха серьезно? Абалдеть,я могу написать туда любое число, типо 0х44 или типо того?

 

[ArmorTage]

Wards please notify me if you get answer

Just enter random 0xXX i think

 

[Sevol]

Just enter random 0xXX i think

не так

 

[ArmorTage]

instance просто указываешь как параметр и просто на него забиваешь. но в данном случае тебе нужно вызывать update, который вызывается в игре каждое обновление кадра и там вызывать метод addcoins, взяв instance из update

не так

А как? 0х44 подойдёт?

 

[Sevol]

напиши в личные сообщение, потом сам человеку объяснишь

 

[ArmorTage]

Wards please notify me if you get answer

There no answer

 

[alsya]

View attachment 422007

void (*old_AddCoin)(void *instance, int coins);
void _AddCoin(void *instance, int coins)
{
if(instance != NULL && getCoins){
old_AddCoin(instance, 9999999);
}
}

 

[ArmorTage]

void (*old_AddCoin)(void *instance, int coins);
void _AddCoin(void *instance, int coins)
{
if(instance != NULL && getCoins){
old_AddCoin(instance, 9999999);
}
}

I try thanks

 

[Kurumi0343]

found this coin offset 0x50 btw can i get the github link where you found the example

 

[ArmorTage]

found this coin offset 0x50 btw can i get the github link where you found the example

/*
 * Credits:
 *
 * Octowolve - Mod menu: https://github.com/z3r0Sec/Substrate-Template-With-Mod-Menu
 * And hooking: https://github.com/z3r0Sec/Substrate-Hooking-Example
 * VanHoevenTR A.K.A Nixi: https://github.com/LGLTeam/VanHoevenTR_Android_Mod_Menu
 * MrIkso - Mod menu: https://github.com/MrIkso/FloatingModMenu
 * Rprop - https://github.com/Rprop/And64InlineHook
 * MJx0 A.K.A Ruit - KittyMemory: https://github.com/MJx0/KittyMemory
 * */
#include <list>
#include <vector>
#include <string.h>
#include <pthread.h>
#include <cstring>
#include <jni.h>
#include <unistd.h>
#include <fstream>
#include <iostream>
#include "Includes/obfuscate.h"
#include "KittyMemory/MemoryPatch.h"
#include "Includes/Logger.h"
#include "Includes/Utils.h"
#include "Menu.h"

#if defined(__aarch64__) //Compile for arm64 lib only
#include <And64InlineHook/And64InlineHook.hpp>
#else //Compile for armv7 lib only. Do not worry about greyed out highlighting code, it still works
#include <Substrate/SubstrateHook.h>
#include <Substrate/CydiaSubstrate.h>
#endif


struct My_Patches {
    MemoryPatch Tutorial;
} hexPatches;

bool feature1 = false, feature2 = false, featureHookToggle = false;

//Target lib here
#define targetLibName OBFUSCATE("libil2cpp.so")

// Hooking example

//Обычный Хук
bool (*old_DefaultHook)(void *instance);
bool DefaultHook(void *instance) {
    if (feature2) {   //Привязка функции к кнопке
        return true;   //На что изменяется оффсет. Пример - true, false, 9999.
    }
    return old_DefaultHook(instance);
}

//Хук Поля
void (*old_Tutorial)(void *instance);
void Tutorial(void *instance) {
    if (feature2) {   //Подключение к кнопке
        *(float *) ((uint64_t) instance + 0x54) = 150; // После = значение на которое изменяется поле
    }
    return old_Tutorial(instance);
}

//Хук Параметров
void (*old_Parameters)(void *instance, float health, float armor, bool isGod, float shieldDuration);
void Parameters(void *instance, float health, float armor, bool isGod, float shieldDuration) {
    if (instance != NULL) {
        if (feature2) {   //Подключение к кнопке
            armor = 9999.0f;
        }
    }
    return old_Parameters(instance, health, armor, isGod, shieldDuration);
}

void *hack_thread(void *) {
    LOGI(OBFUSCATE("pthread created"));

    do {
        sleep(1);
    } while (!isLibraryLoaded(targetLibName));

    LOGI(OBFUSCATE("%s has been loaded"), (const char *) targetLibName);

#if defined(__aarch64__) //Compile for arm64 lib only
#else //Compile for armv7 lib only. Do not worry about greyed out highlighting code, it still works

    MSHookFunction((void *) getAbsoluteAddress(targetLibName, 0x1A33FD4), (void *) Parameters,
                   (void **) &old_Parameters);

    MSHookFunction((void *) getAbsoluteAddress(targetLibName, 0x121E6B4), (void *) Tutorial,
                   (void **) &old_Tutorial);
                  
    MSHookFunction((void *) getAbsoluteAddress(targetLibName, 0x90D5D8), (void *) DefaultHook,
                   (void **) &old_DefaultHook);
//                            Имя старой переменной           Библиотека      Оффсет                    Переменная
    LOGI(OBFUSCATE("Done"));
#endif

    return NULL;
}

//JNI calls
extern "C" {
JNIEXPORT void JNICALL
Java_uk_lgl_MainActivity_Toast(JNIEnv *env, jclass obj, jobject context) {
    MakeToast(env, context, OBFUSCATE("Hooking Tutorial"), Toast::LENGTH_LONG);
}


JNIEXPORT jobjectArray
JNICALL
Java_uk_lgl_modmenu_FloatingModMenuService_getFeatureList(JNIEnv *env, jobject activityObject) {
    jobjectArray ret;

    const char *features[] = {
            OBFUSCATE("Category_Hook Tutorial"), //Not counted
            OBFUSCATE("Toggle_KittyMemory Example"), //Starts with 0
            OBFUSCATE("Toggle_MSHook Example"), //1
    };

    //Now you dont have to manually update the number everytime;
    int Total_Feature = (sizeof features / sizeof features[0]);
    ret = (jobjectArray)
            env->NewObjectArray(Total_Feature, env->FindClass(OBFUSCATE("java/lang/String")),
                                env->NewStringUTF(""));

    for (int i = 0; i < Total_Feature; i++)
        env->SetObjectArrayElement(ret, i, env->NewStringUTF(features[i]));

    pthread_t ptid;
    pthread_create(&ptid, NULL, antiLeech, NULL);

    return (ret);
}

JNIEXPORT void JNICALL
Java_uk_lgl_modmenu_Preferences_Changes(JNIEnv *env, jclass clazz, jobject obj,
                                        jint featNum, jstring featName, jint value,
                                        jboolean boolean, jstring str) {
    //Convert java string to c++
    const char *featureName = env->GetStringUTFChars(featName, 0);
    const char *TextInput;
    if (str != NULL)
        TextInput = env->GetStringUTFChars(str, 0);
    else
        TextInput = "Empty";

    LOGD(OBFUSCATE("Feature name: %d - %s | Value: = %d | Bool: = %d | Text: = %s"), featNum,
         featureName, value,
         boolean, TextInput);


    switch (featNum) {
        case 0:
            feature1 = boolean;
            break;
        case 1:
            feature2 = boolean;
            break;
    }
}
}

//No need to use JNI_OnLoad, since we don't use JNIEnv
//We do this to hide OnLoad from disassembler
__attribute__((constructor))
void lib_main() {
    // Create a new thread so it does not block the main thread, means the game would not freeze
    pthread_t ptid;
    pthread_create(&ptid, NULL, hack_thread, NULL);
}

/*
JNIEXPORT jint JNICALL
JNI_OnLoad(JavaVM *vm, void *reserved) {
    JNIEnv *globalEnv;
    vm->GetEnv((void **) &globalEnv, JNI_VERSION_1_6);

    return JNI_VERSION_1_6;
}
 */

 

[alsya]

[SEMBUNYIKAN][/SEMBUNYIKAN]

/*
* Credits:
*
* Octowolve - Mod menu: https://github.com/z3r0Sec/Substrate-Template-With-Mod-Menu
* And hooking: https://github.com/z3r0Sec/Substrate-Hooking-Example
* VanHoevenTR A.K.A Nixi: https://github.com/LGLTeam/VanHoevenTR_Android_Mod_Menu
* MrIkso - Mod menu: https://github.com/MrIkso/FloatingModMenu
* Rprop - https://github.com/Rprop/And64InlineHook
* MJx0 A.K.A Ruit - KittyMemory: https://github.com/MJx0/KittyMemory
* */
#include <list>
#include <vector>
#include <string.h>
#include <pthread.h>
#include <cstring>
#include <jni.h>
#include <unistd.h>
#include <fstream>
#include <iostream>
#include "Includes/obfuscate.h"
#include "KittyMemory/MemoryPatch.h"
#include "Includes/Logger.h"
#include "Includes/Utils.h"
#include "Menu.h"

#if defined(__aarch64__) //Compile for arm64 lib only
#include <And64InlineHook/And64InlineHook.hpp>
#else //Compile for armv7 lib only. Do not worry about greyed out highlighting code, it still works
#include <Substrate/SubstrateHook.h>
#include <Substrate/CydiaSubstrate.h>
#endif


struct My_Patches {
    MemoryPatch Tutorial;
} hexPatches;

bool feature1 = false, feature2 = false, featureHookToggle = false;

//Target lib here
#define targetLibName OBFUSCATE("libil2cpp.so")

// Hooking example

//Обычный Хук
bool (*old_DefaultHook)(void *instance);
bool DefaultHook(void *instance) {
    if (feature2) {   //Привязка функции к кнопке
        return true;   //На что изменяется оффсет. Пример - true, false, 9999.
    }
    return old_DefaultHook(instance);
}

//Хук Поля
void (*old_Tutorial)(void *instance);
void Tutorial(void *instance) {
    if (feature2) {   //Подключение к кнопке
        *(float *) ((uint64_t) instance + 0x54) = 150; // После = значение на которое изменяется поле
    }
    return old_Tutorial(instance);
}

//Хук Параметров
void (*old_Parameters)(void *instance, float health, float armor, bool isGod, float shieldDuration);
void Parameters(void *instance, float health, float armor, bool isGod, float shieldDuration) {
    if (instance != NULL) {
        if (feature2) {   //Подключение к кнопке
            armor = 9999.0f;
        }
    }
    return old_Parameters(instance, health, armor, isGod, shieldDuration);
}

void *hack_thread(void *) {
    LOGI(OBFUSCATE("pthread created"));

    do {
        sleep(1);
    } while (!isLibraryLoaded(targetLibName));

    LOGI(OBFUSCATE("%s has been loaded"), (const char *) targetLibName);

#if defined(__aarch64__) //Compile for arm64 lib only
#else //Compile for armv7 lib only. Do not worry about greyed out highlighting code, it still works

    MSHookFunction((void *) getAbsoluteAddress(targetLibName, 0x1A33FD4), (void *) Parameters,
                   (void **) &old_Parameters);

    MSHookFunction((void *) getAbsoluteAddress(targetLibName, 0x121E6B4), (void *) Tutorial,
                   (void **) &old_Tutorial);
                 
    MSHookFunction((void *) getAbsoluteAddress(targetLibName, 0x90D5D8), (void *) DefaultHook,
                   (void **) &old_DefaultHook);
//                            Имя старой переменной           Библиотека      Оффсет                    Переменная
    LOGI(OBFUSCATE("Done"));
#endif

    return NULL;
}

//JNI calls
extern "C" {
JNIEXPORT void JNICALL
Java_uk_lgl_MainActivity_Toast(JNIEnv *env, jclass obj, jobject context) {
    MakeToast(env, context, OBFUSCATE("Hooking Tutorial"), Toast::LENGTH_LONG);
}


JNIEXPORT jobjectArray
JNICALL
Java_uk_lgl_modmenu_FloatingModMenuService_getFeatureList(JNIEnv *env, jobject activityObject) {
    jobjectArray ret;

    const char *features[] = {
            OBFUSCATE("Category_Hook Tutorial"), //Not counted
            OBFUSCATE("Toggle_KittyMemory Example"), //Starts with 0
            OBFUSCATE("Toggle_MSHook Example"), //1
    };

    //Now you dont have to manually update the number everytime;
    int Total_Feature = (sizeof features / sizeof features[0]);
    ret = (jobjectArray)
            env->NewObjectArray(Total_Feature, env->FindClass(OBFUSCATE("java/lang/String")),
                                env->NewStringUTF(""));

    for (int i = 0; i < Total_Feature; i++)
        env->SetObjectArrayElement(ret, i, env->NewStringUTF(features[i]));

    pthread_t ptid;
    pthread_create(&ptid, NULL, antiLeech, NULL);

    return (ret);
}

JNIEXPORT void JNICALL
Java_uk_lgl_modmenu_Preferences_Changes(JNIEnv *env, jclass clazz, jobject obj,
                                        jint featNum, jstring featName, jint value,
                                        jboolean boolean, jstring str) {
    //Convert java string to c++
    const char *featureName = env->GetStringUTFChars(featName, 0);
    const char *TextInput;
    if (str != NULL)
        TextInput = env->GetStringUTFChars(str, 0);
    else
        Masukan Teks = "Kosong";

    LOGD(OBFUSCATE("Nama fitur: %d - %s | Nilai: = %d | Bool: = %d | Teks: = %s"), featNum,
         fiturNama, nilai,
         boolean, Masukan Teks);


    beralih (featNum) {
        kasus 0:
            fitur1 = boolean;
            merusak;
        kasus 1:
            fitur2 = boolean;
            merusak;
    }
}
}

//Tidak perlu menggunakan JNI_OnLoad, karena kami tidak menggunakan JNIEnv
//Kami melakukan ini untuk menyembunyikan OnLoad dari disassembler
__atribut__((konstruktor))
batal lib_main() {
    // Buat utas baru agar tidak memblokir utas utama, berarti game tidak akan membeku
    pthread_t titik;
    pthread_create(&ptid, NULL, hack_thread, NULL);
}

/*
JNIEXPORT jint JNICALL
JNI_OnLoad(JavaVM *vm, batal *reserved) {
    JNIEnv *globalEnv;
    vm->GetEnv((void **) &globalEnv, JNI_VERSION_1_6);

    kembalikan JNI_VERSION_1_6;
}
*/

[/KODE]
[/MENGUTIP]
hhey dude if you use arm64 it's not mshook, you have a lot to learn.