Modding (hacking) il2cpp games by classes, methods, fields names.

Related tags

Game ByNameModding
Overview

ByNameModding

Modding (hacking) il2cpp games by classes, methods, fields names.

Status: Ready to use

Why did I do it

1. In order not to update the offset of the unity methods

2. For fun.

Bugs:

Everything is fixed. but it is not exactly :)

File structure:

  • Class LoadClass

    • Methods:

      • LoadClass(const char *namespce, const char *clazz, const char *dllname - optional)
      • GetFieldInfoByName(const char *name)
      • GetFieldByName(const char *name)
      • GetFieldOffset(const char *name or Fieldinfo *filed)
      • GetMethodInfoByName(const char *name, int paramcount)
      • GetMethodOffsetByName(const char *name, int paramcoun)
  • Class Field

    • Methods:

      • Field(FieldInfo *thiz, void *clas - optional for static)
      • get_offset()
      • get()
      • set(T val)
    • Fields:

      • init
      • thread_static
      • clazz
  • void * get_Method(const char *str)

Usage

get_method example

/* get_method: edit fov example
* code from here
* Il2CppResolver
* https://github.com/MJx0/IL2CppResolver/blob/master/Android/test/src/demo.cpp
* MJx0's IL2CppResolver doesn't work
* get_method working ONLY with extren methods
*/
void *set_fov(float value) {
    int (*Screen$$get_height)();
    int (*Screen$$get_width)();
    InitResolveFunc(Screen$$get_height, OBFUSCATE("UnityEngine.Screen::get_height()")); // #define InitResolveFunc(x, y)
    InitResolveFunc(Screen$$get_width, OBFUSCATE("UnityEngine.Screen::get_width()"));// Don't forgot about OBFUSCATE
    if (Screen$$get_height && Screen$$get_width) {
        LOGI(OBFUSCATE("%dx%d"), Screen$$get_height(), Screen$$get_width());
    }

    uintptr_t (*Camera$$get_main)(); // you can use void *
    float (*Camera$$get_fieldofview)(uintptr_t);
    void (*Camera$$set_fieldofview)(uintptr_t, float);

    InitResolveFunc(Camera$$get_main, OBFUSCATE("UnityEngine.Camera::get_main()"));
    InitResolveFunc(Camera$$set_fieldofview, OBFUSCATE("UnityEngine.Camera::set_fieldOfView(System.Single)"));
    InitResolveFunc(Camera$$get_fieldofview, OBFUSCATE("UnityEngine.Camera::get_fieldOfView()"));

    if (Camera$$get_main && Camera$$get_fieldofview && Camera$$set_fieldofview) {
        uintptr_t mainCamera = Camera$$get_main();
        if (mainCamera != 0) {
            float oldFOV = Camera$$get_fieldofview(mainCamera);
            Camera$$set_fieldofview(mainCamera, value);
            float newFOV = Camera$$get_fieldofview(mainCamera);
            LOGI(OBFUSCATE("Camera Ptr: %p  |  oldFOV: %.2f  |  newFOV: %.2f"), (void *) mainCamera, oldFOV,
                 newFOV);
        } else {
            LOGE(OBFUSCATE("mainCamera is currently not available!"));
        }
    }
}

LoadClass and Field exampels

void *(*get_Transform)(void *instance);
void (*set_position)(void *Transform, Vector3);
void *myPlayer;
void (*old_Update)(void *instance);
void Update(void *instance){
    old_Update(instance);
    if (instance){
        /** We have public static FPSControler LocalPlayer; **/
        FieldBN(localpalyer, void *, 0, "", "FPSControler", "LocalPlayer", 'z') // #define FieldBN(myfield, type, inst, nameSpacec, clazzz, fieldName, key)
        myPlayer = localpalyer; // or myPlayer = localpalyer();
        void *myPlayer_Transform = get_Transform(myPlayer);
        set_position(myPlayer_Transform, Vector3(0, 0, 0);
    }
}
void *hack_thread(void *) {
    do {
        sleep(1);
    } while (!isLibraryLoaded(libName));
    auto *Transform = new LoadClass(OBFUSCATE("UnityEngine"), OBFUSCATE("Transform"));
    auto *Component = new LoadClass(OBFUSCATE("UnityEngine"), OBFUSCATE("Component"));
    InitFunc(get_Transform, Component->GetMethodOffsetByName(OBFUSCATE("get_transform"), 0); // 0 - parametrs count in original c# method
    InitFunc(set_position, Transform->GetMethodOffsetByName(OBFUSCATE("set_position_Injected"), 1); // set_position working badly
    MSHookFunction((void *)(new LoadClass(OBFUSCATE_KEY("", 'i'),
                        OBFUSCATE("FPSControler")))->GetMethodOffsetByName(
            OBFUSCATE_KEY("Update", '|'), 0), (void *) Update, (void **) &old_Update);
    
}
Comments
  • Sir pls help me.  cant hook field

    Sir pls help me. cant hook field

    your example.cpp don't have hook field

    i hook like:

    HOOK(FPSController.GetFieldByName(OBFUSCATE_BNM("Update")).GetOffset(), Update, old_Update);

    and it crash

    pls give one example which can hook field

    Thank you very much!

    opened by wwwww56 16
  • sir  Hook field  There's still a problem

    sir Hook field There's still a problem

    BNM::Field skillCooldown; void *(*old_CreateSkill)(int, int); void *CreateSkill(int skillT, int skillId) { auto skill = old_CreateSkill(skillT, skillId); // Get created Skill skillCooldown(skill) = 0.f; // Set skillCooldown to zero return skill; // Return modded skill }


    sir this way unless。its has bug , cant use

    opened by wwwww56 9
  • Getting crash in a game

    Getting crash in a game

    I have tried it in many games and it worked fine but a game name codm in it giving crash. I got this in LogCat. Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xa24c9078 in tid 13658 (Thread-7), pid 13579 #(lofduty.shooter)

    FATAL EXCEPTION: UnityMain Process: com.activision.callofduty.shooter, PID: 13574 java.lang.Error: signal 6 (SIGABRT), code 0 (?), fault addr -------- Build fingerprint: 'xiaomi/wayne/wayne:8.1.0/OPM1.171019.011/V9.5.11.0.ODCCNFA:user/release-keys' Revision: '0' pid: 13574, tid: 23817, name: UnityMain >>> com.activision.callofduty.shooter <<< r0 00000000 r1 00005d09 r2 00000006 r3 adbfc660 r4 adbfc674 r5 adbfc658 r6 00003506 r7 0000016b r8 adbfc660 r9 adbfc670 sl adbfc690 fp adbfc680 ip 00005d09 sp adbfc630 lr ebcb9001 pc ebcb9014 cpsr 3131302e

    I tried with all il2cpp version result is same.

    opened by ULTRAxHURRICANE 9
  • Help me 🥺

    Help me 🥺

    Sorry, I just tried LoadClass on android 11 , but always stuck on loading screen.Unity 2017.4.x Code:

    static LoadClass UTime;
    
    namespace HackThread
    {
        void *init(void *) {
        	do {
               sleep(1);
        	} while (!isLibLoaded("libil2cpp.so"));
    	sleep(2);
    		
    	UTime = LoadClass("UnityEngine","Time");
    		
    	return NULL;
        }
    }
    
    __attribute__((constructor))
    void initialize_hack_thread() {
        pthread_t ptid;
        pthread_create(&ptid, NULL, HackThread::init, NULL);
    }
    
    opened by ghost 4
  • Blue screen

    Blue screen

    Hello, I add BNM to LGL mod template but when the game is loading the screen becomes blue: image

    I'm using Dobby and I don't have any hook, just adding BNM.cpp to Android.mk this happen. Any solution?

    opened by chiteroman 3
  • Hooking Method when both are very identical ??

    Hooking Method when both are very identical ??

    Hello brother , is it possible to hook something like this ? Screenshot_2 Screenshot_3

    Both have same number of params and same param names . Only difference is param type. Can hook this ?? If not will you add something for this types of methods ?

    opened by Gourov 3
  • Как получить оффсет метода, находящися в классе, который внутри другого класса?)

    Как получить оффсет метода, находящися в классе, который внутри другого класса?)

    Я хочу сделать мод на игру Among Us с этой утилитой.

    Есть класс: HatManager Update Start ... ..

    А там - есть это: public sealed class <>c

    Там же, есть метод отвечающий за шляпы и т.д. Есть способ, как получить этот метод?)

    opened by ozMod 3
  • How to hook classes with  : such as   battleperformancecommandcard: basemonobehavior

    How to hook classes with : such as battleperformancecommandcard: basemonobehavior

    This is how I write it now

    auto bsvtd = LoadClass("", "BattlePerformanceCommandCard:BaseMonoBehaviour"); HOOK(bsvtd.GetMethodOffsetByName("updateCardMag", 0), fp, &old_fp); HOOK(bsvtd.GetMethodOffsetByName("GetBaseCommandCard", 0), up, &old_up);

    But it will cause the game to jam Please help me

    opened by oobbb 2
  • How to LoadClass (inner class)

    How to LoadClass (inner class)

    I want to load class Setting

    //namespace :
    public class Game {
       public class Setting{
       }
    }
    //dump.cs
    //namespace :
    public class Game.Setting{
    }
    

    I tried LoadClass("","Game.Setting") and LoadClass("","Game::Setting") but error

    opened by ghost 2
  • unity2019.4.30 crashed

    unity2019.4.30 crashed

    09-06 13:55:25.288 28762 28813 E CRASH : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** 09-06 13:55:25.288 28762 28813 E CRASH : Version '2019.4.30f1 (0)', Build type 'Development', Scripting Backend 'il2cpp', CPU 'arm64-v8a' 09-06 13:55:25.288 28762 28813 E CRASH : Build fingerprint: 'OnePlus/OnePlus7T_CH/OnePlus7T:10/QKQ1.190716.003/2001030004:user/release-keys' 09-06 13:55:25.288 28762 28813 E CRASH : Revision: '0' 09-06 13:55:25.288 28762 28813 E CRASH : ABI: 'arm64' 09-06 13:55:25.288 28762 28813 E CRASH : Timestamp: 2022-09-06 13:55:25+0800 09-06 13:55:25.288 28762 28813 E CRASH : pid: 28762, tid: 28813, name: .memLeakPatched >>> com.king3soft.memLeakPatched <<< 09-06 13:55:25.288 28762 28813 E CRASH : uid: 10285 09-06 13:55:25.288 28762 28813 E CRASH : signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr -------- 09-06 13:55:25.288 28762 28813 E CRASH : x0 0000000000000000 x1 000000000000708d x2 0000000000000006 x3 0000007a9b4f99b0 09-06 13:55:25.288 28762 28813 E CRASH : x4 fefeff7a8aff7164 x5 fefeff7a8aff7164 x6 fefeff7a8aff7164 x7 7f7f7f7fff7f7f7f 09-06 13:55:25.288 28762 28813 E CRASH : x8 00000000000000f0 x9 f0cee28690d62610 x10 0000000000000001 x11 0000000000000000 09-06 13:55:25.288 28762 28813 E CRASH : x12 fffffff0fffffbdf x13 000000006316e0cd x14 000e40e31c1a2558 x15 00003c0b4c7a664d 09-06 13:55:25.288 28762 28813 E CRASH : x16 0000007b8c1a9738 x17 0000007b8c187be0 x18 0000000000000005 x19 000000000000705a 09-06 13:55:25.288 28762 28813 E CRASH : x20 000000000000708d x21 00000000ffffffff x22 ffffff80ffffffc8 x23 0000007a9b4f9c00 09-06 13:55:25.288 28762 28813 E CRASH : x24 0000007a9b4f9ae0 x25 0000007a9b4f9b20 x26 0000007a9b4fc020 x27 0000007b8e766020 09-06 13:55:25.288 28762 28813 E CRASH : x28 0000007a9b51b00c x29 0000007a9b4f9a50 09-06 13:55:25.288 28762 28813 E CRASH : sp 0000007a9b4f9990 lr 0000007b8c139404 pc 0000007b8c139430 09-06 13:55:25.288 28762 28813 E CRASH : 09-06 13:55:25.288 28762 28813 E CRASH : backtrace: 09-06 13:55:25.288 28762 28813 E CRASH : #00 pc 0000000000073430 /apex/com.android.runtime/lib64/bionic/libc.so (abort+160) (BuildId: a2584ee8458a61d422edf24b4cd23b78) 09-06 13:55:25.288 28762 28813 E CRASH : #01 pc 0000000000615b48 /data/app/com.king3soft.memLeakPatched-y_np4plRNtso3GTV1RUb-Q==/lib/arm64/libil2cpp.so (std::set_unexpected(void ()())) (BuildId: 2fd6aa9d2105ba462127e2f66fc8f0aad40aa320) 09-06 13:55:25.289 28762 28813 E CRASH : #02 pc 0000000000615cc4 /data/app/com.king3soft.memLeakPatched-y_np4plRNtso3GTV1RUb-Q==/lib/arm64/libil2cpp.so (demangling_unexpected_handler()) (BuildId: 2fd6aa9d2105ba462127e2f66fc8f0aad40aa320) 09-06 13:55:25.289 28762 28813 E CRASH : #03 pc 0000000000612f54 /data/app/com.king3soft.memLeakPatched-y_np4plRNtso3GTV1RUb-Q==/lib/arm64/libil2cpp.so (std::__terminate(void ()())+12) (BuildId: 2fd6aa9d2105ba462127e2f66fc8f0aad40aa320) 09-06 13:55:25.289 28762 28813 E CRASH : #04 pc 0000000000612638 /data/app/com.king3soft.memLeakPatched-y_np4plRNtso3GTV1RUb-Q==/lib/arm64/libil2cpp.so (__cxa_get_exception_ptr) (BuildId: 2fd6aa9d2105ba462127e2f66fc8f0aad40aa320) 09-06 13:55:25.289 28762 28813 E CRASH : #05 pc 00000000006125b8 /data/app/com.king3soft.memLeakPatched-y_np4plRNtso3GTV1RUb-Q==/lib/arm64/libil2cpp.so (__cxxabiv1::exception_cleanup_func(_Unwind_Reason_Code, _Unwind_Exception*)) (BuildId: 2fd6aa9d2105ba462127e2f66fc8f0aad40aa320) 09-06 13:55:25.289 28762 28813 E CRASH : #06 pc 00000000004c1b74 /data/app/com.king3soft.memLeakPatched-y_np4plRNtso3GTV1RUb-Q==/lib/arm64/libil2cpp.so (il2cpp::vm::Exception::Raise(Il2CppException*, MethodInfo*)+96) (BuildId: 2fd6aa9d2105ba462127e2f66fc8f0aad40aa320) 09-06 13:55:25.289 28762 28813 E CRASH : #07 pc 0000000000447768 /data/app/com.king3soft.memLeakPatched-y_np4plRNtso3GTV1RUb-Q==/lib/arm64/libil2cpp.so (il2cpp_exception_from_name_msg) (BuildId: 2fd6aa9d2105ba462127e2f66fc8f0aad40aa320) 09-06 13:55:25.289 28762 28813 E CRASH : #08 pc 0000000000c33110 /data/app/com.king3soft.memLeakPatched-y_np4plRNtso3GTV1RUb-Q==/lib/arm64/libunity.so (ScriptingExceptionPtr::GetBackendPtr() const) (BuildId: 4add47ca148d41fe94977db941b2e4c3af1cd559) 09-06 13:55:25.289 28762 28813 E CRASH : #09 pc 0000000000c42f20 /data/app/com.king3soft.memLeakPatched-y_np4plRNtso3GTV1RUb-Q==/lib/arm64/libunity.so (scripting_raise_exception(ScriptingExceptionPtr)+56) (BuildId: 4add47ca148d41fe94977db941b2e4c3af1cd559) 09-06 13:55:25.289 28762 28813 E CRASH : #10 pc 0000000000c43730 /data/app/com.king3soft.memLeakPatched-y_np4plRNtso3GTV1RUb-Q==/lib/arm64/libunity.so (CreateUnityExceptionCommonMessage(char const*)) (BuildId: 4add47ca148d41fe94977db941b2e4c3af1cd559) 09-06 13:55:25.289 28762 28813 E CRASH : #11 pc 0000000000c475bc /data/app/com.king3soft.memLeakPatched-y_np4plRNtso3GTV1RUb-Q==/lib/arm64/libunity.so (ThreadAndSerializationSafeCheck::ReportError(int, char const*, ...)) (BuildId: 4add47ca148d41fe94977db941b2e4c3af1cd559) 09-06 13:55:25.289 28762 28813 E CRASH : #12 pc 0000000000c47630 /data/app/com.king3soft.memLeakPatched-y_np4plRNtso3GTV1RUb-Q==/lib/arm64/libunity.so (TextAsset::TextAsset(MemLabelId, ObjectCreationMode)) (BuildId: 4add47ca148d41fe94977db941b2e4c3af1cd559) 09-06 13:55:25.289 28762 28813 E CRASH : #13 pc 0000000000c45d04 /data/app/com.king3soft.memLeakPatched-y_np4plRNtso3GTV1RUb-Q==/lib/arm64/libunity.so (ThreadAndSerializationSafeCheck::ReportError(char const*)+76) (BuildId: 4add47ca148d41fe94977db941b2e4c3af1cd559) 09-06 13:55:25.289 28762 28813 E CRASH : #14 pc 0000000000d16964 /data/app/com.king3soft.memLeakPatched-y_np4plRNtso3GTV1RUb-Q==/lib/arm64/libunity.so (Camera_Get_Custom_PropMain()+36) (BuildId: 4add47ca148d41fe94977db941b2e4c3af1cd559) 09-06 13:55:25.289 28762 28813 E CRASH : #15 pc 000000000001b2bc /data/data/com.king3soft.memLeakPatched/libIL2CPPResolver.so (InitGameThread()+292) (BuildId: 2ee20cf492949fe867e6e727de92ef2a1dc6d719) 09-06 13:55:25.289 28762 28813 E CRASH : #16 pc 000000000001b48c /data/data/com.king3soft.memLeakPatched/libIL2CPPResolver.so (void* std::__ndk1::__thread_proxy<std::__ndk1::tuple<std::__ndk1::unique_ptr<std::__ndk1::__thread_struct, std::__ndk1::default_deletestd::__ndk1::__thread_struct >, void ()()> >(void)+44) (BuildId: 2ee20cf492949fe867e6e727de92ef2a1dc6d719) 09-06 13:55:25.289 28762 28813 E CRASH : #17 pc 00000000000d6b70 /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+36) (BuildId: a2584ee8458a61d422edf24b4cd23b78) 09-06 13:55:25.289 28762 28813 E CRASH : #18 pc 0000000000074eac /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: a2584ee8458a61d422edf24b4cd23b78)

    opened by nzcv 1
  • Question

    Question

    What should I write if the methods are encrypted? For example, I have the CanSpawnPlayer method in the old version, but in the new version it is called DKJSKDKSNDJS. What should I write when I download this method? write DKJSKDKSNDJS or CanSpawnPlayer?

    opened by Oifox 0
Owner
null
Collections of AndLua modding related projects

AndLua Modding Projects Just my collections of AndLua modding related projects. Sorry, if I become file hoarder now, I collect everything but never us

null 11 Sep 24, 2022
Minetest is an open source voxel game engine with easy modding and game creation

Minetest is an open source voxel game engine with easy modding and game creation

Minetest 8.2k Nov 28, 2022
Advanced modding framework for multiplayer modifications

A suite of tools and libraries to accelerate multi-player modification development.

MafiaHub 28 Oct 23, 2022
A romhack created by the Hylian Modding community as a collective project.

OotCommunityHack2022 A romhack created by the Hylian Modding community as a collective project. The structure of this repository is subject to change.

Hylian Modding 3 Aug 23, 2022
This is a list of different open-source video games and commercial video games open-source remakes.

This is a list of different open-source video games and commercial video games open-source remakes.

Ivan Bobev 152 Nov 28, 2022
A video game I created for one of my CS classes.

Eclipse This is a video game I created for one of my CS classes. It game will run on Mac or Linux. Requirements This game requires that Mednafen be in

null 2 Oct 29, 2022
The DirectX Tool Kit (aka DirectXTK) is a collection of helper classes for writing DirectX 11.x code in C++

DirectX Tool Kit for DirectX 11 http://go.microsoft.com/fwlink/?LinkId=248929 Copyright (c) Microsoft Corporation. November 8, 2021 This package conta

Microsoft 2.2k Nov 17, 2022
Open-source, cross-platform, C++ game engine for creating 2D/3D games.

GamePlay v3.0.0 GamePlay is an open-source, cross-platform, C++ game framework/engine for creating 2D/3D mobile and desktop games. Website Wiki API De

gameplay3d 3.9k Nov 24, 2022
A C math library targeted at games

Kazmath Kazmath is a simple 3D maths library written in C. It was initially coded for use in my book, Beginning OpenGL Game Programming - Second editi

Luke Benstead 506 Nov 18, 2022
3D games console based on RP2040 and iCE40 UP5k

PicoStation 3D This is an unfinished, untested project to develop a 3D games console based on an RP2040 microcontroller and an iCE40 UP5k FPGA. Quick

Luke Wren 37 Sep 12, 2022
A set of libraries and tools to make MSX games using the C programming language.

ubox MSX lib This is a set of libraries and tools to make MSX games using the C programming language. There are three main components: ubox: thin wrap

Juan J. Martínez 42 May 30, 2022
TIC-80 is a fantasy computer for making, playing and sharing tiny games.

TIC-80 is a fantasy computer for making, playing and sharing tiny games.

Vadim Grigoruk 3.7k Nov 21, 2022
Enfusion Artifical Intelligence for DayZ and future Bohemia Interactive games.

Enfusion AI Project (eAI) This mod adds headless player units under the control of a script on the server. Although the script is very rudimentary now

William Bowers 60 Nov 10, 2022
Game engine behind Sea Dogs, Pirates of the Caribbean and Age of Pirates games.

Game engine behind Sea Dogs, Pirates of the Caribbean and Age of Pirates games.

Storm Devs 675 Nov 30, 2022
null 5.2k Nov 26, 2022
Cute Framework (CF for short) is the cutest framework available for making 2D games in C/C++

Cute Framework (CF for short) is the cutest framework available for making 2D games in C/C++. CF comprises of different features, where the various features avoid inter-dependencies. In this way using CF is about picking and choosing which pieces are needed for your game

null 307 Nov 25, 2022
OGRE is a scene-oriented, flexible 3D engine written in C++ designed to make it easier and more intuitive for developers to produce games and demos utilising 3D hardware.

OGRE (Object-Oriented Graphics Rendering Engine) is a scene-oriented, flexible 3D engine written in C++ designed to make it easier and more intuitive for developers to produce games and demos utilising 3D hardware. The class library abstracts all the details of using the underlying system libraries like Direct3D and OpenGL and provides an interface based on world objects and other intuitive classes.

null 3k Nov 19, 2022
Insomniac games cache simulation tool plugin for UE4

Insomniac Games CacheSim plugin for UE4 This plugin for Unreal Engine 4 lets you use the Insomniac Games Cache Simulation tool to detect cache misses

Toni Rebollo Berná 29 Aug 27, 2022
Bounce is a 3D physics engine for games.

Bounce Welcome! Bounce is a 3D physics engine for games. Features Common Efficient data structures with no use of STL Fast memory allocators Built-in

Irlan Robson 72 Aug 3, 2022