Tutorial How to hook arrays in Unity's Il2cpp

[Numark]

Okay, so apparently I've been asked many times on how to modify arrays, not gonna get deep into this, but here we go.


First of all, you need a monoArray struct, which I will provide.

template <typename T>
struct monoArray
{
    void* klass;
    void* monitor;
    void* bounds;
    int   max_length;
    void* vector [1];
    int getLength()
    {
        return max_length;
    }
    T getPointer()
    {
        return (T)vector;
    }
};

Let's say you wanted to modify a Player List in a photon game, like getting other players?

When you use this Array, you need to make a hook for this.

monoArray<void *> *(*PhotonNetwork_get_OtherPlayers)() = (monoArray<void *> *(*)())il2cppAddress + 0x84EB8C;

To access players as an example, you can use this code to get a vector to the players.

auto photonplayers = PhotonNetwork_getOtherPlayers();

for (int i = 0; i < photonplayers->getLength(); ++i)
{
    auto photonplayer = photonplayers->getPointer()[i];
}

If whatever type the method is, change it if it's a void, int, bool, float, whatever it is.

Credits: Toshiro and Slice Cast

 

[hienngocloveyou]

Hi @
Tiuu

How about struct's member. Can you show me how to access member in struct.

Thanks

 

[nitchi zx]

Error' bro

 

[hienngocloveyou]

Error' bro

use
monoArray<void **> instead of monoArray<void *>

 

[nitchi zx]

use
monoArray<void **> instead of monoArray<void *>

Not working, error'

 

[hienngocloveyou]

Not working, error'

In my case work. You must find what are your problem. Check your code carefully

 

[asdf101]

Can you help me with List<>. I dont know how to hook that

// RVA: 0x140D26C Offset: 0x140D26C VA: 0x140D26C
    public static List<RemotePlayer> GetRemotePlayers(Predicate<RemotePlayer> predicate) { }

 

[hienngocloveyou]

Can you help me with List<>. I dont know how to hook that

// RVA: 0x140D26C Offset: 0x140D26C VA: 0x140D26C
    public static List<RemotePlayer> GetRemotePlayers(Predicate<RemotePlayer> predicate) { }

Use this link

UnityStuff/Unity.h at master · kp7742/UnityStuff

A collection of structs and other useful things for hacking 64 bit iOS Unity games - kp7742/UnityStuff

github.com

You can find the struct monoList in that page.

Regards,

 

[asdf101]

I mean how can you get the predicate<playerbase> because you need it in order for the hook to work correctly

 

[hienngocloveyou]

I mean how can you get the predicate<playerbase> because you need it in order for the hook to work correctly

You must make that object and reference to it

 

[asdf101]

Another question: I want to read c# list of strings

// RVA: 0x140C528 Offset: 0x140C528 VA: 0x140C528
    public static List<string> GetAllPlayersIdShuffled() { }

Is this how I should do it?

monoList<monoString> *(*GetPlayerIds)() = (monoList<monoString> *(*)()) getAbsoluteAddress(targetLibName, 0x140C528);
auto getplayerids = GetPlayerIds();

I dont know how to read it. Help please

 

[hienngocloveyou]

Another question: I want to read c# list of strings

// RVA: 0x140C528 Offset: 0x140C528 VA: 0x140C528
    public static List<string> GetAllPlayersIdShuffled() { }

Is this how I should do it?

monoList<monoString> *(*GetPlayerIds)() = (monoList<monoString> *(*)()) getAbsoluteAddress(targetLibName, 0x140C528);
auto getplayerids = GetPlayerIds();

I dont know how to read it. Help please

Please read document I posted above

 

[asdf101]

You must make that object and reference to it

In c# predicate class only returns boolean, true or false. Since it only returns that can you do this?

monoList<void**> *(*GetPlayers)(bool) = (monoList<void**> *(*)(bool)) getAbsoluteAddress(targetLibName, offset);

 

[Onlyfaris]

How to get player list in List< ?

 

[Baba44]

public void InitiatePurchase(Product product, string developerPayload) { }

In lgl menu how to hack this free store using monostring??