Help! libil2cpp.so Ghidra and Il2CppDumper with different offsets

S

sekoia

Platinian
Original poster
Jan 4, 2023
12
1
3
33
Setubal
Hi guys,
I'm trying to mod an arm64-v8a android game. I used these tools: apktool and Il2CppDumper.
When I load the DummyDll's on dnSpy they have different offsets from Ghidra (i did make sure they're the same function). The offsets don't change much, for example, dnSpy offset: 0x40610B0 and Ghidra offset: 0x41610B0.

I already tried to hook the 2 offsets but it doesn't work, I guess these offsets are wrong... maybe I'm doing something wrong.


Does someone have any idea why this is happening?

Thanks

Edit: When I used Il2CppDumper, I found that doesn't have the file Assembly-CSharp.dll, this means that's that it has some kind of protection?
 
Last edited:
  • Like
Reactions: dartangnham
NotALegitGuy

NotALegitGuy

Solid & Active Platinian
Sep 24, 2018
69
67
18
Costa Rica
I guess the offsets are different due to Ghidra rebasing them to 0x100000
You can just subtract that amount off of Ghidra's offset to get a good one.

Now as to why your hooks might not be working, i have no idea if you can't provide your code.
 
  • Like
Reactions: dartangnham
S

sekoia

Platinian
Original poster
Jan 4, 2023
12
1
3
33
Setubal
My code looks like this, I'm trying to hook the Update function:

C++: 
// already tried without param_2, param_3 and param_4... I put the params because Ghidra shows them
void (*old_Update)(void *instance, float param_2, float param_3, long param_4);
void Update(void *instance, float param_2, float param_3, long param_4) {
    if(instance != NULL) {
        LOGD("Inside update...");
    }
    return old_Update(instance, param_2, param_3, param_4);
}
__attribute__((constructor))
void libhook_main() {
    do {
        sleep(1);
    } while (!utils::is_library_loaded(libName));
    A64HookFunction((void*)utils::get_absolute_address(OFFSET), (void*)Update, (void**)&old_Update);
    A64HookFunction((void*)utils::get_absolute_address(OFFSET_2), (void*)Update, (void**)&old_Update);
}
I already tried with LateUpdate and FixedUpdate.
 
NotALegitGuy

NotALegitGuy

Solid & Active Platinian
Sep 24, 2018
69
67
18
Costa Rica
sekoia said:
My code looks like this, I'm trying to hook the Update function:

C++: 
// already tried without param_2, param_3 and param_4... I put the params because Ghidra shows them
void (*old_Update)(void *instance, float param_2, float param_3, long param_4);
void Update(void *instance, float param_2, float param_3, long param_4) {
    if(instance != NULL) {
        LOGD("Inside update...");
    }
    return old_Update(instance, param_2, param_3, param_4);
}
__attribute__((constructor))
void libhook_main() {
    do {
        sleep(1);
    } while (!utils::is_library_loaded(libName));
    A64HookFunction((void*)utils::get_absolute_address(OFFSET), (void*)Update, (void**)&old_Update);
    A64HookFunction((void*)utils::get_absolute_address(OFFSET_2), (void*)Update, (void**)&old_Update);
}
I already tried with LateUpdate and FixedUpdate.
Click to expand...
I'm not really sure as to why the hooks don't work since it looks pretty correct to me, maybe it could be caused if you are hooking both offsets at the same time ( which i don't think you are )

It could maybe be an issue with the game itself or some kind of protection.
 
  • Like
Reactions: dartangnham
DaRealPanDa

DaRealPanDa

Co-Administrator
Staff member
Supporting-Team
Global Moderator
Social Media
Mar 12, 2018
6,774
15,676
2,120
27
Skyrim
Please only one question for one thread. So users could potential easily find same problems/solutions within the question title.

One Question is different offsets, one is why your hook isn't working.

Thats two different things.

Thanks.
 
You must log in or register to reply here.
Top Bottom