Tutorial How to modify Set Methods in Unity's il2cpp

[Kurumi0343]

Thanks

 

[ShadowStormOne]

 

[nowhere_222]

once again, i'm new to hooking, but u helped me a lot, thanks for sharing your knowledge!

 

[koolboyox]

help

 

[koolboyox]

Cứu giúp
[/TRÍCH DẪN]
0x1897D8C setspeed
Cập nhật 0x189A764
please help

 

[nowhere_222]

help

search the fields in the same class for it (0x@@) (@@ is the number like 0x10, 0x18 etc)

 

[760223127]

如何 hook this ：public int GetFinalAttr(int attrId) { }

 

[Daleon228_09]

Cool

 

[power2020202020]

Please help. I did everything according to the tutorial, but all to no avail. Can you suggest what I did wrong?

This is from dnspy

[Token(Token = "0x17000015")]
public bool IsWin
{
    [Token(Token = "0x60000F2")]
    [Address(RVA = "0x4DB7F0", Offset = "0x4DB7F0", VA = "0x4DB7F0")]
    [Attribute(Name = "CompilerGeneratedAttribute", RVA = "0x2764E4", Offset = "0x2764E4")]
    get
    {
        return default(bool);
    }
    [Token(Token = "0x60000F3")]
    [Address(RVA = "0x4DB7F8", Offset = "0x4DB7F8", VA = "0x4DB7F8")]
    [Attribute(Name = "CompilerGeneratedAttribute", RVA = "0x2764F4", Offset = "0x2764F4")]
    set
    {
    }
}

this is hook

void (*set_IsWin)(void *instance, bool value);

//the void *instance is a self-created variable.
bool (*old_get_IsWin)(void *instance);
bool get_IsWin(void *instance) {
    //Check if instance is NULL to prevent CRASH
    if (instance != NULL && WinOK)
    {
        set_IsWin(instance, true); //Function Pointer mod
    }
    //return the original value (this code isn't really needed if you have a toggle/switch)
    return old_get_IsWin(instance);
}

and this call

set_IsWin = (void (*)(void *, bool))getAbsoluteAddress(targetLibName,0x4DB7F8);
    HOOK_LIB("libil2cpp.so", "0x4DB7F0", get_IsWin, old_get_IsWin);

use mshookfunction .. no hook_lib

 

[Alirezanassari]

hi bro ,
i need help to my code
because its crash when i run it
ok let me explain :
on my mind
i need call a method with her parameters on another methode

this methode :

insid this methode :

and this my code :

#include <list>
#include <vector>
#include <string.h>
#include <pthread.h>
#include <thread>
#include <cstring>
#include <jni.h>
#include <unistd.h>
#include <fstream>
#include <iostream>
#include <dlfcn.h>
#include "Includes/Logger.h"
#include "Includes/obfuscate.h"
#include "Includes/Utils.h"
#include "Includes/Toast.hpp"
#include "KittyMemory/MemoryPatch.h"

//Target lib here
#define targetLibName OBFUSCATE("libil2cpp.so")

#include "Includes/Macros.h"


void (*decS)(void *instance, int St, std::string Se);
void (*old_insta)(void *instance);
void insta(void *instance) {
    if (instance != NULL) {
        decS(instance, -999999, "0");
    }
    return old_insta(instance);
}

/*
int (*old_a)(void *instance);
int a(void *instance) {
    if (instance != NULL) {


        return 99999;
    }
    return old_a(instance);
}


int (*old_b)(void *instance);
int b(void *instance) {
    if (instance != NULL) {
        return 9999;
    }
    return old_b(instance);
}
 */

/*
bool (*old_get_BoolExample)(void *instance);

bool get_BoolExample(void *instance) {
    if (instance != NULL && featureHookToggle) {
        return true;
    }
    return old_get_BoolExample(instance);
}

float (*old_get_FloatExample)(void *instance);
float get_FloatExample(void *instance) {
    if (instance != NULL && sliderValue > 1) {
        return (float) sliderValue;
    }
    return old_get_FloatExample(instance);
}

int (*old_Level)(void *instance);
int Level(void *instance) {
    if (instance != NULL && level) {
        return (int) level;
    }
    return old_Level(instance);
}

void (*old_FunctionExample)(void *instance);
void FunctionExample(void *instance) {

    if (instance != NULL) {
        if (Health) {
            *(int *) ((uint64_t) instance + 0x48) = 999;
        }
    }
    return old_FunctionExample(instance);
}
*/

// we will run our hacks in a new thread so our while loop doesn't block process main thread
void *hack_thread(void *) {

    //Check if target lib is loaded
    do {
        sleep(1);
    } while (!isLibraryLoaded(targetLibName));

    //Anti-lib rename

    do {
        sleep(1);
    } while (!isLibraryLoaded("libModzRoid.so"));

    LOGI(OBFUSCATE("Lib has been loaded"));

#if defined(__aarch64__)

    decS = (void (*)(void *, int, std::string)) getAbsoluteAddress(targetLibName,0x229FCBC);
    HOOK_LIB("libil2cpp.so", "0x207EFD0", insta, old_insta);

#else //To compile this code for armv7 lib only.
    /*// Hook example. Comment out if you don't use hook
    // Strings in macros are automatically obfuscated. No need to obfuscate!
    HOOK("str", FunctionExample, old_FunctionExample);
    HOOK_LIB("libFileB.so", "0x123456", FunctionExample, old_FunctionExample);
    HOOK_NO_ORIG("0x123456", FunctionExample);
    HOOK_LIB_NO_ORIG("libFileC.so", "0x123456", FunctionExample);
    HOOKSYM("__SymbolNameExample", FunctionExample, old_FunctionExample);
    HOOKSYM_LIB("libFileB.so", "__SymbolNameExample", FunctionExample, old_FunctionExample);
    HOOKSYM_NO_ORIG("__SymbolNameExample", FunctionExample);
    HOOKSYM_LIB_NO_ORIG("libFileB.so", "__SymbolNameExample", FunctionExample);

    // Patching offsets directly. Strings are automatically obfuscated too!
    PATCH("0x20D3A8", "00 00 A0 E3 1E FF 2F E1");
    PATCH_LIB("libFileB.so", "0x20D3A8", "00 00 A0 E3 1E FF 2F E1");
    HOOK_LIB("libil2cpp.so", "0x1EC9AA4", Player, old_Player);
*/

    LOGI(OBFUSCATE("Done"));
#endif

    return NULL;
}

void Init(JNIEnv *env, jclass clazz, jobject context) {

    Toast(env, context, OBFUSCATE("Modded by @ModzRoid 🙂"), ToastLength::LENGTH_LONG);

    // Create a new thread so it does not block the main thread, means the game would not freeze
    pthread_t ptid;
    pthread_create(&ptid, NULL, hack_thread, NULL);

    if (!toastCalled) {
        //bad function to make it crash
        int *p = 0;
        *p = 0;
    }
}

int RegisterMain(JNIEnv *env) {
    JNINativeMethod methods[] = {
            {OBFUSCATE("Init"), OBFUSCATE(
                    "(Landroid/content/Context;)V"), reinterpret_cast<void *>(Init)},
    };
    jclass clazz = env->FindClass(OBFUSCATE("com/ModzRoid/Main"));
    if (!clazz)
        return JNI_ERR;
    if (env->RegisterNatives(clazz, methods, sizeof(methods) / sizeof(methods[0])) != 0)
        return JNI_ERR;

    return JNI_OK;
}

extern "C"
JNIEXPORT jint

JNICALL
JNI_OnLoad(JavaVM *vm, void *reserved) {
    JNIEnv *env;
    vm->GetEnv((void **) &env, JNI_VERSION_1_6);

    if (RegisterMain(env) != 0)
        return JNI_ERR;
    return JNI_VERSION_1_6;
}

/*
__attribute__((constructor))
void lib_main() {
    // Create a new thread so it does not block the main thread, means the game would not freeze
    pthread_t ptid;
    pthread_create(&ptid, NULL, hack_thread, NULL);
}*/

pleas help me what can i dooo

thank you❤.