sneakyevil / il2cpp_resolver Goto Github PK

Hi, its really not easy to know what to do with this source code, I tried Code::Block but failed, nothing worked.

Can you tell me what software did you use ? What compiler ? And how did you build the .dll ?

Thanks.

Working on a mod menu for Sons of the Forest, calling some of the game methods it's fine, but others always gives access violation. I'm pretty sure it's all setup correctly and there isn't any nullpointer at the moment of calling.

// Finding the GameObject and storing one of his methods (the method is public and inside the CharacterManager GameObject)
Globals::CharacterManager = Unity::GameObject::Find("CharacterManager");

Globals::Methods::DebugAddCharacter = IL2CPP::Class::Utils::GetMethodPointer("Sons.Characters.CharacterManager", "DebugAddCharacter");

The method has a return of type bool and takes two parameters (string, bool).
I tried to call it in these different ways:

// Calling passing Unity::System_string*
Unity::System_String* str = IL2CPP::String::New("cannibal");

Globals::CharacterManager->CallMethod<bool, Unity::System_String*, bool>(Globals::Methods::DebugAddCharacter, str, true);

// Calling passing const char*
Globals::CharacterManager->CallMethod<bool, const char*, bool>(Globals::Methods::DebugAddCharacter, "cannibal", true);

// Calling passing std::string
Globals::CharacterManager->CallMethod<bool, std::string, bool>(Globals::Methods::DebugAddCharacter, "cannibal", true);

// Calling passing wchar_t* (doesn't crash but it doesn't do anything)
Globals::CharacterManager->CallMethod<bool, wchar_t*, bool>(Globals::Methods::DebugAddCharacter, L"cannibal", true);

Both GameObject and method pointer have valid values at the moment of calling, stepping through assembly the exception always occur when a nullptr is dereferenced, like lea register, qword ptr [rax] and rax register is 0 so the access violation occur.
Passing nullptr as the string parameter doesn't make the game to crash.

I can't understand why it happens since calling the method using UnityExplorer works fine and the same is for other C# codes I've seen online with the same methods on the same game.

I don't want to ask for help/fix since it could be game related, but if anyone has more knowledge than me any suggestion is highly appreciated.

If this is off-topic close the issue without any doubt and sorry for bothering.

How can I obtain a singleton from a parent class

GameManager inherits Singleton, how to call instance of parent class and return a singleton of GameManager

This is the function signature generated by Il2CppDumper

I want to get the GameManager in Singleton pattern, but this does not seem to work. m_ Get_ Instance is a null pointer

This is the correct C sharp code

This is a simple little game

Hello sneakyevil , your work is super useful , and i learned a lot from it. I wanted to benefit other potential users of your tool by improving the wiki , adding more examples and more explanations. Is it possible to do that ?
Is there a repository of the wiki of il2cpp_resolver we can work and improve or anything that could do ?

I am currently rewriting my cheat for Devour using your library but i can't call a function without an access violation happening.
Original C# code (using MelonLoader) :

NolanRankController NolanRank = UnityEngine.Object.FindObjectOfType<NolanRankController>();
NolanRank.SetRank(50);

New C++ code (using IL2CPP Resolver) :

void OnUpdate() {
    if (settings::spoof_level) {
        Unity::CGameObject* NolanBehaviour = Unity::Object::FindObjectOfType<Unity::CGameObject>("NolanRankController");
        NolanBehaviour->CallMethodSafe<void*>("SetRank", 50);
    }
}

The code crashes at void* GetMethodPointer(Unity::il2cppClass* m_pClass, const char* m_pMethodName, int m_iArgs), line 176 of Class.cpp :

Unity::il2cppMethodInfo* pMethod = reinterpret_cast<Unity::il2cppMethodInfo*(IL2CPP_CALLING_CONVENTION)(void*, const char*, int)>(Data.Functions.m_pClassGetMethodFromName)(m_pClass, m_pMethodName, m_iArgs);

Result : "Access violation in GameAssembly.dll when reading at 0xFFFFFFFF20000133."

What am i missing there ?

Seems "UnityEngine.Camera::WorldToScreenPoint_Injected(UnityEngine.Vec" might be a
better alternative, only requiring a Vector3 as a parameter.
il2cpp_resolve_icall("UnityEngine.Camera::WorldToScreenPoint_Injected(UnityEngine.Vec");
would be used like
UnityEngine.Camera::WorldToScreenPoint_Injected(this,UnityEngine.Vector3 m_vec);

Seems the resolve icall functionality supports slightly different names for method overloads.

static void Update()
{
    while (true)
    {
        Sleep(1000);
       // do stuff
     }
}

I create a thread like this: IL2CPP::Thread::Create(&Update); then when I close the game, deadlock happens. I tried to using a variable instead of true and signalling the function to break on shutdown, didn't work.

Hey, first of all thank you for the library it is really good and easy to expand for your needs. Hoewer i am having an issue and i am not sure if it related to library or i am missing something, So i am trying to get the value from a Field of the game i am working on.

Here is the field i want to get, it is a member of ActorModel class (dnspy view)

Here is how i am trying to retreive it on my proyect:

int GetHp()
		{
			if (!MemoryMgr::IsValidPtr(this))
				return 0;

			auto m_pFieldOffset = IL2CPP::Class::Utils::GetFieldOffset(xorstr_("ActorModel"), xorstr_("get_Hp"));
			printf("Hp Offset %i || ptr %p\r\n", *reinterpret_cast<int8_t*>(reinterpret_cast<uintptr_t>(this + m_pFieldOffset), reinterpret_cast<uintptr_t>(this) + m_pFieldOffset);
			return *reinterpret_cast<int8_t*>(this + m_pFieldOffset);
		}

		int GetHpMax()
		{
			if (!MemoryMgr::IsValidPtr(this))
				return 0;

			auto m_pFieldOffset = IL2CPP::Class::Utils::GetFieldOffset(xorstr_("ActorModel"), xorstr_("get_HpMax"));
			printf("Hp Offset %i || ptr %p\r\n", *reinterpret_cast<int8_t*>(reinterpret_cast<uintptr_t>(this + m_pFieldOffset), reinterpret_cast<uintptr_t>(this) + m_pFieldOffset);
			return *reinterpret_cast<int8_t*>(this + m_pFieldOffset);
		}

Once i call it from any ActorModel it dones't make any exception, it just give me an invalid value like this:

Any help is appreciated, thank you!

I don't know if this is Unity version specific or not but when I looked up the methods thread methods were named like "mono_thread_attach" etc. instead of "il2cpp_..."

I tried to use the basic example to loop over GameObjects

std::string m_sObjectSubstring = "Player";

// Obtain list
Unity::il2cppArray<Unity::CGameObject*>* m_pObjects = Unity::Object::FindObjectsOfType<Unity::CGameObject>(UNITY_GAMEOBJECT_CLASS);

for (uintptr_t u = 0U; m_pObjects->m_uMaxLength > u; ++u)
{
    if (m_pObjects->m_pValues[u] == NULL) continue; // I added this because some values were NULL

    Unity::CGameObject* m_pObject = m_pObjects->m_pValues[u];
    if (!m_pObject) continue; // Just in-case

    // Obtaining object name and then converting it to std::string
    std::string m_sObjectName = m_pObject->GetName()->ToString();
    if (m_sObjectName.find(m_sObjectSubstring) != std::string::npos)
    {
        // logger.AddLog("Found Player!");
        break;
    }
}

I get an access violation error here: std::string m_sObjectName = m_pObject->GetName()->ToString();

In Visual Studio 2022, I added this line into C/C++ -> Additional Include Directories
C:\Path\To\Project\IL2CPP_Resolver

When I include
#include "Main.hpp"

And use something like this:

IL2CPP::Initialize(); // This needs to be called once!
Unity::il2cppArray<Unity::CGameObject**>* m_pObjects = Unity::Object::FindObjectsOfType<Unity::CGameObject*>("UnityEngine.GameObject");

Then I get these errors:

I am not a cpp dev so excuse my ignorance.

i don't known how to find the asm code in the android arm for the IL2CPP::Callback::Initialize

I am a bit new to c++, I came across this issue and was hoping you might be able
to help?

Hi is there any way to get a private field from a class with IL2CPP Resolver? I am able to see it on DnSpy and Cheat Engine via .Net Info but after trying to get the class variables with IL2CPP Resolver via IL2CPP::Class::GetFields it dones't find any field m_uMaxLength is always zero. Thanks in advance.

Hey there, this project is pretty amazing (great work on it!), I've used this on many il2cpp game then tried using it on BLOCKPOST (x86 il2cpp), and when calling the initialize function i get a crash. So i went to go change the calling convention from __fastcall to __cdecl and it seemed to fix the crash. But then i am not able to get the camera main or use any other functions. Any ideas?

I dont understand how?????

Hmm, the game crashes when i call some functions for example WorldToScreenPoint

but when I hook these functions they work fine any fixes for this?

My English is poor,
does this program not support x64 applications?
injected x64 into the game to run It just collapsed

IL2CPP::SystemTypeCache::Initializer::Add("CharacterManager");
IL2CPP::ResolveCall("CharacterManager::GetCharacterByFid") -> return zero

IL2CPP::Class::GetSystemType("CharacterManager") -> return address, class have in game
auto ooooo = IL2CPP::Class::Find("CharacterManager"); -> return address same as IL2CPP::Class::GetSystemType("CharacterManager") 

std::vector<Unity::il2cppMethodInfo*> methods;
IL2CPP::Class::FetchMethods(ooooo, &methods);

 for (auto method : methods)
{
 print(method->name); // return string GetCharacterByFid
}

public sealed class CharacterManager : Il2CppSystem.Object
{
public unsafe ActorModel GetCharacterByFid(int fid)
}

when my error?

IL2CPP::Data.Functions.m_pResolveFunction not zero

please make it for android:(

Not sure if I would class it as a bug or not, but when running GetTransform on an object that doesn't have a Transform ( for example RectTransform ) game crashes, was hoping it'd return a nullptr or something is all.

I tried to remedy this with
Unity::CComponent* component = pickup->GetComponent("UnityEngine.Transform");

However this seems to return a nullptr even if the object does have a transform :)

While I am relatively new to il2cpp, I do have a genuine enquiry related to IL2CPP Resolver

My class names are \u0088\u008B\u0092\u0097\u0089\u008F\u008C\u0090\u0087

However, looping through each class and logging the hex of m_pName of an Il2CppClass* yields

C3 82 C2 88 C3 82 C2 8B C3 82 C2 92 C3 82 C2 97 C3 82 C2 89 C3 82 C2 8F C3 82 C2 8C C3 82 C2 90 C3 82 C2 87

Which is unicode, for

\00C2 \0088 \00C2 \008B \00C2 \0092 \00C2 \0097 \00C2 \0089 \00C2 \008F \00C2 \008C \00C2 \0090 \00C2 \0087

I understand this doesn't seem to be an issue with IL2CPP Resolver, but I was wondering how you'd reference the m_pName with this format, as referencing the unicode above doesn't yield any results nor does the first class name above.

I've heard about using tokens to find classes that are otherwise obfuscated, which I'm happy to look into, just wanted some insight on this before hand and how il2cpp reads / stores these class names itself

Hello,

First of all I would like to say sorry for my shitty C++ skills, I've been trying to run the example of getting the GameObject list but it seems I've stumbled upon pointer hell.

Also the Unity::il2cppArray type has no m_pArray, I'm thinking this has been replaced with m_pValues?

Other than that, the lib seems to be working fine, I've successfully printed methods of my PlayerManager class, but I have no idea how to call them. CClass has the CallMethod function, I got the method pointer through IL2CPP::Class::Utils::GetMethodPointer, but how do I get a CClass in the first place? I couldn't find a constructor and got stuck.

I would really appreciate some support, and thank you from the bottom of my heart for the nice lib!

I am trying to add a light component to the camera which is stored in the player class stored in an obfuscated value

IL2CPP::Thread::Attach(IL2CPP::Domain::Get());
Unity::il2cppClass* unityEngineLightType = IL2CPP::Class::Find("UnityEngine.Light");
Unity::il2cppObject* unityEngineLightInstance = Unity::Object::New(unityEngineLightType);
Unity::CComponent* playerInstance = Unity::Object::FindObjectOfType<Unity::CComponent>("Player");
Unity::CCamera* cam = playerInstance->GetMemberValue<Unity::CCamera*>("ഠപര\u0D3Bബഢരഫധ");
cam->AddComponent(unityEngineLightInstance);
Unity::CComponent* unityEngineLightComponent = cam->GetComponent("UnityEngine.Light");
unityEngineLightComponent->SetPropertyValue<float>("intensity", 10);
IL2CPP::Thread::Detach(IL2CPP::Domain::Get());

And I am getting an error within GetMemberValue

Unity::il2cppFieldInfo* pField = reinterpret_cast<Unity::il2cppFieldInfo * (IL2CPP_CALLING_CONVENTION)(void*, const char*)>(Functions.m_ClassGetFieldFromName)(m_Object.m_pClass, m_pMemberName);

Unity version: 2022.3.5f1
Error: Access violation reading location 0xFFFFFFFFFFFFFFFF

I tried it in a Game and it was Initializing fine.. Then i tried the Substring loop or anything else and the game Crashed.

Hi,

1 - How to make it work in Code::Block ?

I created a new C++ Console project then in Project->Debug->Search Directories->Compiler, I clicked on Add and added the folder downloaded here containing all sources from IL2CPP_Resolver.

But I get errors like _undefined reference to `IL2CPP::String::New(char const)'_*

2 - How does IL2CPP_Resolver work ?

I'm not a C++ programmer so I don't understand how this works. Do we need to compile a .DLL and inject it ? Does it find the Unity game process automatically?

If you could answer these two questions, it would be great and I think usefull to others too. Thanks.

I used to loop over methods but it prints gibberish like this:
U‹ìÿu\fÿu\x10ÿU\b‹M\x18ƒÄ\b‰\x1]ÃÌÌÌÌÌÌÌÌÌÌU‹ì‹U\x14ÿu\f‹B\bÿr\fƒì\x10\xf\x10

Unity::il2cppClass* m_pClass = IL2CPP::Class::Find("MyClass");
void* methodIterator = nullptr;
Unity::il2cppMethodInfo* currentMethod = nullptr;

while ((currentMethod = IL2CPP::Class::GetMethods(m_pClass, &methodIterator)) != nullptr) {
    Logger::AddLog("%s", currentMethod->m_pName);
}

And is there a way to get methods with same name but different parameters?

Hello, i've been toying with this il2cpp_resolver and gotten some basic stuff to work. but after a minute or 2 my game kept crashing. upon repeatedly inspecting what might've happened. it appears this is the last line of code that is attempted to execute before the program crashes. not always but guaranteed once every 5 minutes or so requiring me to restart my game.

any insights on what might cause it or what i could do ?