Tutorial List of Android & iOS Tutorials (Code Tutorials)

Numark

Awesome Active Platinian
Hello, my name is SliceCast/ Tiuu (in this forum). This thread is to help people with a lot of problems with their C++ codes. To TRY and fix all of your problems, I will explain some basic information's that could help you all here. This tutorial isn't just for newbies at all. This is for EVERYONE in the modding community to learn.

All of the tutorials that I have put up on here, I will put them here again for more precise and understandable information for you all. Basically I am revamping all of my tutorials and others into one thread.

Let's start with Data Types...
So what are Data Types?

A data type is a type of data. Of course, that is rather circular definition, and also not very helpful. Therefore, a better definition of a data type is a data storage format that can contain a specific type or range of values.

When computer programs store data in variables, each variable must be assigned a specific data type. Some common data types include integers, floating point numbers, characters, strings, and arrays. They may also be more specific types, such as dates, timestamps, boolean values, and varchar (variable character) formats.

1627952115017.png
1627952154310.png


Learn more about these: Java Data Types

In short terms, you already know them. They're:
- int/integer
- bool/boolean
- float/double
- void

What is a void? Most people intend to mod the data type void. Wondering why it doesn't work or the game crashes?
- A void does not return any values. A data type that has no values or operators and is used to represent nothing.
More information: Void Data Type – Programming Fundamentals

Why is this important to part of modding? It's really important to learn this because most people intend to modify wrong values and you're just wondering why the game crashes or why the value in your game didn't change.

Structs:
What are structs? A struct is a C++ data structure that can be used to store together elements of different data types. In C++, a structure is a user-defined data type. The structure creates a data type for grouping items of different data types under a single data type. (Taken from guren99.com)

Examples:
C++:
struct DataTypes {
    int a;
    bool b;
    float c;
} DataTypes;

Examples with Offsets:
C++:
struct Offsets {
    Health = 0x958464
    MyPlayer = 0xDC
} Offsets;

1. Memory/Hex Patching
Lets start with this, most of us has started with patching. It is a library that aims for runtime code patching for both Android & iOS.

We will use KittyMemory for patching, most of us knows what this is. A source code made by Ruit/MJ, credits to him.
KittyMemory: GitHub - MJx0/KittyMemory: This library aims for runtime code patching for both Android and iOS

Lets create a struct. (Taken from LGL's Mod Menu)
C++:
struct My_Patches {
    // let's assume we have patches for these functions for whatever game
    // like show in miniMap boolean function
    MemoryPatch GodMode, GodMode2, SliderExample;
    // etc...
} hexPatches;

Now This, will be put in our hack_thread, which you will see most nowadays in source codes or mod menu templates.

C++:
    // http://shell-storm.org/online/Online-Assembler-and-Disassembler/
    /*
    * mov r0, #1
    * bx lr
    */
    // address = 0x6A6144
    // bytes len = 8
    // patch simple boolean return
    hexPatches.GodMode = MemoryPatch("libil2cpp.so", 0x6A6144,
                                          "\x01\x00\xA0\xE3\x1E\xFF\x2F\xE1", 8);

    // by default MemoryPatch will cache library map for faster lookup when use getAbsoluteAddress
    // You can disable this by passing false for last argument
    //hexPatches.GodMode = MemoryPatch("libil2cpp.so", 0x6A6144, "\x01\x00\xA0\xE3\x1E\xFF\x2F\xE1", 8, false);

    // also possible with hex & no need to specify len
     hexPatches.GodMode = MemoryPatch::createWithHex("libil2cpp.so", 0x6A6144, "0100A0E31EFF2FE1");

    // spaces are fine too
     hexPatches.GodMode = MemoryPatch::createWithHex("libil2cpp.so", 0x6A6144, "01 00 A0 E3 1E FF 2F E1");

    LOGD("===== New Patch Entry =====");

    LOGD("Patch Address: %p", (void *)hexPatches.GodMode.get_TargetAddress());
    LOGD("Patch Size: %zu", hexPatches.GodMode.get_PatchSize());
    LOGD("Current Bytes: %s", hexPatches.GodMode.get_CurrBytes().c_str());

    // modify & print bytes
    if (hexPatches.GodMode.Modify()) {
        LOGD("GodMode has been modified successfully");
        LOGD("Current Bytes: %s", hexPatches.GodMode.get_CurrBytes().c_str());
    }
   
    // restore & print bytes
    if (hexPatches.GodMode.Restore()) {
        LOGD("GodMode has been restored successfully");
        LOGD("Current Bytes: %s", hexPatches.GodMode.get_CurrBytes().c_str());
    }

If you don't understand what to do with this, just look at some source codes inside main.cpp.

Arm Instructions:
Code:
Alright, this is just some arm instructions for you guys to patch. I will show some examples.

This is for archictecure of ARM V7

MOV R0, 0 = 00 00 A0 E3 (0 or False in a boolean function)

MOV R0, 1 = 01 00 A0 E3 (1 or True in a boolean function)

BXLR = 1E FF 2F E1 (To end the function)

Example in Full:

00 00 A0 E3 1E FF 2F E1 = False or just 0 as int.

01 00 A0 E3 1E FF 2F E1 = True or just 1 as int.


Negative Values

MVN R0, 1 = 01 00 E0 E3

01 00 E0 E3 1E FF 2F E1 = -1


ARM 64

MOV X0, 1 = 20 00 80 D2 (1 as an int)

RET = C0 03 5F D6 (Basically ending the function like BXLR)

20 00 80 D2 C0 03 5F D6 (1, True)

Link for these arm Instructions:
shell-storm | Online Assembler and Disassembler


2. Hooking

Now, this one is a problem which most people have with.
What is Hooking? It's hijacking a native code to your own implementation.
Basically can do anything with the games method and modify it to your own likings.

Examples of a Basic Hook:

Our Data Type is an int.
C++:
bool IsRecoil = false; //This is a toggle, for mod menu's

//the void *instance is a self-created variable.
int (*old_recoil)(void *instance);
int recoil(void *instance) {
//Check if instance is NULL to prevent CRASH
    if (instance != NULL) {
        if (IsRecoil) { //our toggle
            return 999; //return any values as an int
        }
    }
    //return the original value (this code isn't really needed if you have a toggle/switch)
    return old_recoil(instance);
}

//Now lets call our hooks.

MSHookFunction((void*)getAbsoluteAddress("libil2cpp.so", 0x000000), (void*)recoil, (void**)&old_recoil);

Boolean Example:
C++:
// A hook without a toggle switch, AKA to keep the mod enabled forever.

bool (*old_isMark)(void *instance);
bool isMark(void *instance) {
//Check if instance is NULL to prevent CRASH
    if (instance != NULL) {
        return true; // return true or false on a boolean function
    }
}



//Now lets call our hooks.



MSHookFunction((void*)getAbsoluteAddress("libil2cpp.so", 0x000000), (void*)isMark, (void**)&old_isMark);

Float/Double Example:
C++:
bool isAccuracy = false;

//the void *instance is a self-created variable.
float (*old_Accuracy)(void *instance);
float Accuracy(void *instance) {
//Check if instance is NULL to prevent CRASH
    if (instance != NULL) {
        if (isAccuracy) { //our toggle
            return 500.0; //return any values as an float, make sure to put a decimal.
        }
    }
    //return the original value (this code isn't really needed if you have a toggle/switch)
    return old_Accuracy(instance);

}



//Now lets call our hooks.



MSHookFunction((void*)getAbsoluteAddress("libil2cpp.so", 0x000000), (void*)Accuracy, (void**)&old_Accuracy);


Those are the examples of a basic hooks.

Next up is Hooking a class with an Update/LateUpdate method.

Lets stop here and learn about what these methods do.
So what is an Update? Any function called LateUpdate or Update is of massive use to you. Why? Because this is a non-static function that is called by Unity once per frame. If you have 60 FPS in a game, Update is being called 60 times a second. Why is this good? Think about it. We wouldn't want to get and set instance variables on a Method object that hasn't been updated for a while right? We need our most current Method object to modify, and what better way of getting it than hooking a function that is called 60 times every second? (Taken from Shmoo)

Note: Most Update functions are different from every games. Most of the games will have a data type void of Update, some games like Critical Ops uses a Boolean of Update. Some games like Bullet Force has renamed their functions of Update to like UpdateFast. Some games, will have an additional parameter inside their Update(float). It is TRIAL and ERROR, meaning try to find and use it.

Okay, so we have a Player class, inside that class has an Update function that is a void.

So lets create our hooks:
C++:
void (*Player_update)(void *instance);
void _Player_update(void *instance){
    if(instance != NULL){ // NULL to prevent crashes
    }
    Player_update(instance);
}

That will be our Player Class hooks.

Now in your dump.cs or dummy dll (Should already know how to dump IL2cpp games, tutorials are on Platinmods, etc) We, have a field of ammo, UnlockWeapons, & firerate.

How do we apply these fields and modify these into our player class hook?
C++:
void (*Player_update)(void *instance);
void _Player_update(void *instance){
    if(instance != NULL){
        //ammo
        *(int *)((uint64_t)instance + 0xDC) = 999;
       
        //firerate
        *(float *)((uint64_t)instance + 0xAC) = 999.0f;

        //UnlockWeapons
        *(bool *)((uint64_t)instance + 0x20) = true;
    }
    Player_update(instance);
}

Now we will call our hooks, in our hack_thread (in some sources, inside your main.cpp once you see it.) Not sure about iOS, but yeth.
C++:
MSHookFunction((void*)getAbsoluteAddress("libil2cpp.so", 0x00000), (void*)_Player_update, (void**)&Player_update);

This is not the end of the tutorials. I will update this thread when I have free time. Function Pointers and Modifying strings will be up next soon.


Credits to the Community for helping.
 
Last edited:
nice tutorial
then how to put toggle on hook with class update ?
pls reply my :D
if you have lgl menu then there is an example of a basic toggle in that and to use an update offset all you have to hook it and then call whatever other offset you are modding in the same hook
 
if you have lgl menu then there is an example of a basic toggle in that and to use an update offset all you have to hook it and then call whatever other offset you are modding in the same hook
i got it
my last question
is that rquired this code > *((uint64_t) ?
bcs im working on armeabi v7
the code is for armb64
after i delete this code *((uint64_t)
igot error
 
i got it
my last question
is that rquired this code > *((uint64_t) ?
bcs im working on armeabi v7
the code is for armb64
after i delete this code *((uint64_t)
igot error
anything you aren't using in the menu you should put // in front of it... that basically means skip anything after that (in the same line) that way you can see if it compiles and if it doesn't then just remove the //
 
anything you aren't using in the menu you should put // in front of it... that basically means skip anything after that (in the same line) that way you can see if it compiles and if it doesn't then just remove the //
I have the same problem as I pass uint64 to uint32 - example that it uses 64 but when I put 32 of error.
 
Very good tutorial! It's still a bit fuzzy but all of this becomes more clear after everytime i revisit. Adapt, Improve, Overcome <3
 
Back
Top Bottom