Help! public void .ctor can be used as update method?
- Thread starter Master TK
- Start date
Why dont you analyze the class to see if there are instances in other classes that have access to it?
github.com
This is a perfect example of this method being used.
GitHub - jbro129/Universal-Unity-NoClip: A universal way to create a noclip mod in Unity games (Mono/IIL2CPP)
A universal way to create a noclip mod in Unity games (Mono/IIL2CPP) - jbro129/Universal-Unity-NoClip
github.com
This is a perfect example of this method being used.
I will do that, thanks!Why dont you analyze the class to see if there are instances in other classes that have access to it?
GitHub - jbro129/Universal-Unity-NoClip: A universal way to create a noclip mod in Unity games (Mono/IIL2CPP)
A universal way to create a noclip mod in Unity games (Mono/IIL2CPP) - jbro129/Universal-Unity-NoClip
This is a perfect example of this method being used.
BTW, FOR YOUR INFORMATION .ctor is not defined method, its full form is constructor, it os automatically added by the Compiler, so i don't think .ctor can Be hooked
You can do Multi class Hooking,
Like:
class:
class a {
int money; // 0x3
}
class b {
public a UserMoney; // 0x10
//0x11111111
public void update()
}
So, Now:
Hooking:
void(_Update)(void *thiz);
void UPDATE(void *thiz) {
if(thiz != NULL) {
void *aClass = *(void**)((uint64_t)thiz + 0x3);
if(a != NULL) {
*(int *) ((uint64_t) aClass + 0x10) = 999;
}
}
}
HOOK_LIB("LIBNAME", "0x11111111", UPDATE, _Update);
You can do Multi class Hooking,
Like:
class:
class a {
int money; // 0x3
}
class b {
public a UserMoney; // 0x10
//0x11111111
public void update()
}
So, Now:
Hooking:
void(_Update)(void *thiz);
void UPDATE(void *thiz) {
if(thiz != NULL) {
void *aClass = *(void**)((uint64_t)thiz + 0x3);
if(a != NULL) {
*(int *) ((uint64_t) aClass + 0x10) = 999;
}
}
}
HOOK_LIB("LIBNAME", "0x11111111", UPDATE, _Update);
Yes .ctor can be used for hooking but the problem is most classes doesn't call it often and most of the time it only get called once when game start loading. Better look if another class is calling it or not if it does then access it from that class. If nothing is working you can try a dirty fix (not sure if it will work or not)
1. Hook .ctor and modify field.
2. Also create a function pointer for .ctor
[Ctor = (void(*)(void *))getAbsoluteAddress(targetLibName, 0x123456);]
3. Now call it from any update function.
1. Hook .ctor and modify field.
2. Also create a function pointer for .ctor
[Ctor = (void(*)(void *))getAbsoluteAddress(targetLibName, 0x123456);]
3. Now call it from any update function.
Well among other things, that would create a new object on every frame. That's a high toll on memory
Also, .ctor might use a completely different object than the one actually being used in the game. So i am not sure how that would actually help in modifying those fields :)
Last edited:
Also not to mention, you probably cannot pass a "*this"/instance to .ctor by using function ptr, as the instance would refer to the object where the update function resides
Yes checked by myself (1st & 2nd option) but 3rd one its totally an experimental
Yes checked by myself (1st & 2nd option) but 3rd one its totally an experimental
C++:
void* globalInstance;
void (*_ctor)(void* this);
void ctor(void* this){
if(this != NULL){
globalInstance = this;
}
_ctor(this);
}
void (*_update)(void* this);
void update(void* this){
if(this != NULL && globalInstance != NULL){
*(int *)((uint_64t)globalInstance + 0x24) = 0;
}
_update(this)
}
HOOK(.ctor//);
HOOK(update//);
Last edited:
Also discard this, it seems like .ctor is only responsible to run the code in the constructor. It's not responsible for the actual object creation in il2cpp. But the second point holds