sneakyevil / il2cpp_resolver Goto Github PK
View Code? Open in Web Editor NEWA run-time API resolver for IL2CPP Unity.
Home Page: https://sneakyevil.gitbook.io/il2cpp-resolver/
License: The Unlicense
A run-time API resolver for IL2CPP Unity.
Home Page: https://sneakyevil.gitbook.io/il2cpp-resolver/
License: The Unlicense
This is a simple little game
please make it for android:(
Hello,
First of all I would like to say sorry for my shitty C++ skills, I've been trying to run the example of getting the GameObject list but it seems I've stumbled upon pointer hell.
Also the Unity::il2cppArray
type has no m_pArray
, I'm thinking this has been replaced with m_pValues
?
Other than that, the lib seems to be working fine, I've successfully printed methods of my PlayerManager class, but I have no idea how to call them. CClass
has the CallMethod
function, I got the method pointer through IL2CPP::Class::Utils::GetMethodPointer
, but how do I get a CClass
in the first place? I couldn't find a constructor and got stuck.
I would really appreciate some support, and thank you from the bottom of my heart for the nice lib!
I tried to use the basic example to loop over GameObject
s
std::string m_sObjectSubstring = "Player";
// Obtain list
Unity::il2cppArray<Unity::CGameObject*>* m_pObjects = Unity::Object::FindObjectsOfType<Unity::CGameObject>(UNITY_GAMEOBJECT_CLASS);
for (uintptr_t u = 0U; m_pObjects->m_uMaxLength > u; ++u)
{
if (m_pObjects->m_pValues[u] == NULL) continue; // I added this because some values were NULL
Unity::CGameObject* m_pObject = m_pObjects->m_pValues[u];
if (!m_pObject) continue; // Just in-case
// Obtaining object name and then converting it to std::string
std::string m_sObjectName = m_pObject->GetName()->ToString();
if (m_sObjectName.find(m_sObjectSubstring) != std::string::npos)
{
// logger.AddLog("Found Player!");
break;
}
}
I get an access violation error here: std::string m_sObjectName = m_pObject->GetName()->ToString();
I used to loop over methods but it prints gibberish like this:
U‹ìÿu\fÿu\x10ÿU\b‹M\x18ƒÄ\b‰\x1]ÃÌÌÌÌÌÌÌÌÌÌU‹ì‹U\x14ÿu\f‹B\bÿr\fƒì\x10\xf\x10
Unity::il2cppClass* m_pClass = IL2CPP::Class::Find("MyClass");
void* methodIterator = nullptr;
Unity::il2cppMethodInfo* currentMethod = nullptr;
while ((currentMethod = IL2CPP::Class::GetMethods(m_pClass, &methodIterator)) != nullptr) {
Logger::AddLog("%s", currentMethod->m_pName);
}
And is there a way to get methods with same name but different parameters?
I am currently rewriting my cheat for Devour using your library but i can't call a function without an access violation happening.
Original C# code (using MelonLoader) :
NolanRankController NolanRank = UnityEngine.Object.FindObjectOfType<NolanRankController>();
NolanRank.SetRank(50);
New C++ code (using IL2CPP Resolver) :
void OnUpdate() {
if (settings::spoof_level) {
Unity::CGameObject* NolanBehaviour = Unity::Object::FindObjectOfType<Unity::CGameObject>("NolanRankController");
NolanBehaviour->CallMethodSafe<void*>("SetRank", 50);
}
}
The code crashes at void* GetMethodPointer(Unity::il2cppClass* m_pClass, const char* m_pMethodName, int m_iArgs)
, line 176 of Class.cpp :
Unity::il2cppMethodInfo* pMethod = reinterpret_cast<Unity::il2cppMethodInfo*(IL2CPP_CALLING_CONVENTION)(void*, const char*, int)>(Data.Functions.m_pClassGetMethodFromName)(m_pClass, m_pMethodName, m_iArgs);
Result : "Access violation in GameAssembly.dll when reading at 0xFFFFFFFF20000133."
What am i missing there ?
Hey, first of all thank you for the library it is really good and easy to expand for your needs. Hoewer i am having an issue and i am not sure if it related to library or i am missing something, So i am trying to get the value from a Field of the game i am working on.
Here is the field i want to get, it is a member of ActorModel class (dnspy view)
Here is how i am trying to retreive it on my proyect:
int GetHp()
{
if (!MemoryMgr::IsValidPtr(this))
return 0;
auto m_pFieldOffset = IL2CPP::Class::Utils::GetFieldOffset(xorstr_("ActorModel"), xorstr_("get_Hp"));
printf("Hp Offset %i || ptr %p\r\n", *reinterpret_cast<int8_t*>(reinterpret_cast<uintptr_t>(this + m_pFieldOffset), reinterpret_cast<uintptr_t>(this) + m_pFieldOffset);
return *reinterpret_cast<int8_t*>(this + m_pFieldOffset);
}
int GetHpMax()
{
if (!MemoryMgr::IsValidPtr(this))
return 0;
auto m_pFieldOffset = IL2CPP::Class::Utils::GetFieldOffset(xorstr_("ActorModel"), xorstr_("get_HpMax"));
printf("Hp Offset %i || ptr %p\r\n", *reinterpret_cast<int8_t*>(reinterpret_cast<uintptr_t>(this + m_pFieldOffset), reinterpret_cast<uintptr_t>(this) + m_pFieldOffset);
return *reinterpret_cast<int8_t*>(this + m_pFieldOffset);
}
Once i call it from any ActorModel it dones't make any exception, it just give me an invalid value like this:
Any help is appreciated, thank you!
Hi, its really not easy to know what to do with this source code, I tried Code::Block but failed, nothing worked.
Can you tell me what software did you use ? What compiler ? And how did you build the .dll ?
Thanks.
Hi,
1 - How to make it work in Code::Block ?
I created a new C++ Console project then in Project->Debug->Search Directories->Compiler, I clicked on Add and added the folder downloaded here containing all sources from IL2CPP_Resolver.
But I get errors like _undefined reference to `IL2CPP::String::New(char const)'_*
2 - How does IL2CPP_Resolver work ?
I'm not a C++ programmer so I don't understand how this works. Do we need to compile a .DLL and inject it ? Does it find the Unity game process automatically?
If you could answer these two questions, it would be great and I think usefull to others too. Thanks.
I don't know if this is Unity version specific or not but when I looked up the methods thread methods were named like "mono_thread_attach" etc. instead of "il2cpp_..."
My English is poor,
does this program not support x64 applications?
injected x64 into the game to run It just collapsed
Waven
Game simply close after calling m_pObject->GetName() .
No response
void Test() {
Unity::il2cppArrayUnity::CGameObject** m_pObjects = Unity::Object::FindObjectsOfTypeUnity::CGameObject(UNITY_GAMEOBJECT_CLASS);
printf("GameObjects found : %I64u", m_pObjects->m_uMaxLength);
for (uintptr_t u = 0U; m_pObjects->m_uMaxLength > u; ++u)
{
Unity::CGameObject* m_pObject = m_pObjects->m_pValues[u];
if (!m_pObject) continue; // Just in-case
m_pObject->GetName();
}
}
void OnUpdate() {
}
void OnLoad() {
AllocConsole();
ReOpenConsoleStreams();
IL2CPP::Initialize();
IL2CPP::Callback::Initialize();
IL2CPP::Callback::OnUpdate::Add(OnUpdate);
Test();
}
Hey there, this project is pretty amazing (great work on it!), I've used this on many il2cpp game then tried using it on BLOCKPOST (x86 il2cpp), and when calling the initialize function i get a crash. So i went to go change the calling convention from __fastcall
to __cdecl
and it seemed to fix the crash. But then i am not able to get the camera main or use any other functions. Any ideas?
Working on a mod menu for Sons of the Forest, calling some of the game methods it's fine, but others always gives access violation. I'm pretty sure it's all setup correctly and there isn't any nullpointer at the moment of calling.
// Finding the GameObject and storing one of his methods (the method is public and inside the CharacterManager GameObject)
Globals::CharacterManager = Unity::GameObject::Find("CharacterManager");
Globals::Methods::DebugAddCharacter = IL2CPP::Class::Utils::GetMethodPointer("Sons.Characters.CharacterManager", "DebugAddCharacter");
The method has a return of type bool and takes two parameters (string, bool).
I tried to call it in these different ways:
// Calling passing Unity::System_string*
Unity::System_String* str = IL2CPP::String::New("cannibal");
Globals::CharacterManager->CallMethod<bool, Unity::System_String*, bool>(Globals::Methods::DebugAddCharacter, str, true);
// Calling passing const char*
Globals::CharacterManager->CallMethod<bool, const char*, bool>(Globals::Methods::DebugAddCharacter, "cannibal", true);
// Calling passing std::string
Globals::CharacterManager->CallMethod<bool, std::string, bool>(Globals::Methods::DebugAddCharacter, "cannibal", true);
// Calling passing wchar_t* (doesn't crash but it doesn't do anything)
Globals::CharacterManager->CallMethod<bool, wchar_t*, bool>(Globals::Methods::DebugAddCharacter, L"cannibal", true);
Both GameObject and method pointer have valid values at the moment of calling, stepping through assembly the exception always occur when a nullptr is dereferenced, like lea register, qword ptr [rax]
and rax register is 0 so the access violation occur.
Passing nullptr as the string parameter doesn't make the game to crash.
I can't understand why it happens since calling the method using UnityExplorer works fine and the same is for other C# codes I've seen online with the same methods on the same game.
I don't want to ask for help/fix since it could be game related, but if anyone has more knowledge than me any suggestion is highly appreciated.
If this is off-topic close the issue without any doubt and sorry for bothering.
Hi is there any way to get a private field from a class with IL2CPP Resolver? I am able to see it on DnSpy and Cheat Engine via .Net Info but after trying to get the class variables with IL2CPP Resolver via IL2CPP::Class::GetFields it dones't find any field m_uMaxLength is always zero. Thanks in advance.
static void Update()
{
while (true)
{
Sleep(1000);
// do stuff
}
}
I create a thread like this: IL2CPP::Thread::Create(&Update);
then when I close the game, deadlock happens. I tried to using a variable instead of true
and signalling the function to break on shutdown, didn't work.
IL2CPP::SystemTypeCache::Initializer::Add("CharacterManager");
IL2CPP::ResolveCall("CharacterManager::GetCharacterByFid") -> return zero
IL2CPP::Class::GetSystemType("CharacterManager") -> return address, class have in game
auto ooooo = IL2CPP::Class::Find("CharacterManager"); -> return address same as IL2CPP::Class::GetSystemType("CharacterManager")
std::vector<Unity::il2cppMethodInfo*> methods;
IL2CPP::Class::FetchMethods(ooooo, &methods);
for (auto method : methods)
{
print(method->name); // return string GetCharacterByFid
}
public sealed class CharacterManager : Il2CppSystem.Object
{
public unsafe ActorModel GetCharacterByFid(int fid)
}
when my error?
IL2CPP::Data.Functions.m_pResolveFunction not zero
Hello sneakyevil , your work is super useful , and i learned a lot from it. I wanted to benefit other potential users of your tool by improving the wiki , adding more examples and more explanations. Is it possible to do that ?
Is there a repository of the wiki of il2cpp_resolver we can work and improve or anything that could do ?
In Visual Studio 2022, I added this line into C/C++ -> Additional Include Directories
C:\Path\To\Project\IL2CPP_Resolver
When I include
#include "Main.hpp"
And use something like this:
IL2CPP::Initialize(); // This needs to be called once!
Unity::il2cppArray<Unity::CGameObject**>* m_pObjects = Unity::Object::FindObjectsOfType<Unity::CGameObject*>("UnityEngine.GameObject");
I am not a cpp dev so excuse my ignorance.
I dont understand how?????
While I am relatively new to il2cpp, I do have a genuine enquiry related to IL2CPP Resolver
My class names are \u0088\u008B\u0092\u0097\u0089\u008F\u008C\u0090\u0087
However, looping through each class and logging the hex of m_pName of an Il2CppClass* yields
C3 82 C2 88 C3 82 C2 8B C3 82 C2 92 C3 82 C2 97 C3 82 C2 89 C3 82 C2 8F C3 82 C2 8C C3 82 C2 90 C3 82 C2 87
Which is unicode, for
\00C2 \0088 \00C2 \008B \00C2 \0092 \00C2 \0097 \00C2 \0089 \00C2 \008F \00C2 \008C \00C2 \0090 \00C2 \0087
I understand this doesn't seem to be an issue with IL2CPP Resolver, but I was wondering how you'd reference the m_pName with this format, as referencing the unicode above doesn't yield any results nor does the first class name above.
I've heard about using tokens to find classes that are otherwise obfuscated, which I'm happy to look into, just wanted some insight on this before hand and how il2cpp reads / stores these class names itself
My Own Game
When I run this code
The game crashes when the GetName function runs any idea?
No response
Unity::il2cppArray<Unity::CGameObject*>* m_pObjects = Unity::Object::FindObjectsOfType<Unity::CGameObject>(UNITY_GAMEOBJECT_CLASS);
for (uintptr_t u = 0U; m_pObjects->m_uMaxLength > u; ++u)
{
Unity::CGameObject* m_pObject = m_pObjects->m_pValues[u];
if (!m_pObject) continue;
cout << m_pObject->GetName();
}
Not sure if I would class it as a bug or not, but when running GetTransform on an object that doesn't have a Transform ( for example RectTransform ) game crashes, was hoping it'd return a nullptr or something is all.
I tried to remedy this with
Unity::CComponent* component = pickup->GetComponent("UnityEngine.Transform");
However this seems to return a nullptr even if the object does have a transform :)
I tried it in a Game and it was Initializing fine.. Then i tried the Substring loop or anything else and the game Crashed.
I am trying to add a light component to the camera which is stored in the player class stored in an obfuscated value
IL2CPP::Thread::Attach(IL2CPP::Domain::Get());
Unity::il2cppClass* unityEngineLightType = IL2CPP::Class::Find("UnityEngine.Light");
Unity::il2cppObject* unityEngineLightInstance = Unity::Object::New(unityEngineLightType);
Unity::CComponent* playerInstance = Unity::Object::FindObjectOfType<Unity::CComponent>("Player");
Unity::CCamera* cam = playerInstance->GetMemberValue<Unity::CCamera*>("ഠപര\u0D3Bബഢരഫധ");
cam->AddComponent(unityEngineLightInstance);
Unity::CComponent* unityEngineLightComponent = cam->GetComponent("UnityEngine.Light");
unityEngineLightComponent->SetPropertyValue<float>("intensity", 10);
IL2CPP::Thread::Detach(IL2CPP::Domain::Get());
And I am getting an error within GetMemberValue
Unity::il2cppFieldInfo* pField = reinterpret_cast<Unity::il2cppFieldInfo * (IL2CPP_CALLING_CONVENTION)(void*, const char*)>(Functions.m_ClassGetFieldFromName)(m_Object.m_pClass, m_pMemberName);
Unity version: 2022.3.5f1
Error: Access violation reading location 0xFFFFFFFFFFFFFFFF
i don't known how to find the asm code in the android arm for the IL2CPP::Callback::Initialize
Hmm, the game crashes when i call some functions for example WorldToScreenPoint
but when I hook these functions they work fine any fixes for this?
Seems "UnityEngine.Camera::WorldToScreenPoint_Injected(UnityEngine.Vec" might be a
better alternative, only requiring a Vector3 as a parameter.
il2cpp_resolve_icall("UnityEngine.Camera::WorldToScreenPoint_Injected(UnityEngine.Vec");
would be used like
UnityEngine.Camera::WorldToScreenPoint_Injected(this,UnityEngine.Vector3 m_vec);
Seems the resolve icall functionality supports slightly different names for method overloads.
Hello, i've been toying with this il2cpp_resolver and gotten some basic stuff to work. but after a minute or 2 my game kept crashing. upon repeatedly inspecting what might've happened. it appears this is the last line of code that is attempted to execute before the program crashes. not always but guaranteed once every 5 minutes or so requiring me to restart my game.
any insights on what might cause it or what i could do ?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.