Giter Site home page Giter Site logo

issuimo / unityresolve.hpp Goto Github PK

View Code? Open in Web Editor NEW
214.0 5.0 56.0 324 KB

Unity引擎C++接口 | Unity Engine C++ API | Mono/il2cpp | 支持 Windows, Android, Linux | Game Cheat | 游戏作弊

License: MIT License

C++ 100.00%
gamehack unityhack gamecheat unitydumper il2cpp-hacking il2cppdumper mono-hacking android cheat game

unityresolve.hpp's Introduction

Note

有新的功能建议或者Bug可以提交Issues (当然你也可以尝试自己修改代码后提交到该仓库
New feature suggestions or bugs can be commit as issues. Of course, you can also try modifying the code yourself and then commit it to the repository.

Dome

如果是MSVC编译器请打开SEH选项
If using the MSVC compiler, please open the SEH option.
对于高版本安卓程序崩溃的可能问题请参阅 link
For potential issues related to crashes in higher version Android programs, please refer to the link link

简要概述 (Brief overview)

UnityResolve.hpp

支持的平台 (Supported platforms)

  • Windows
  • Android
  • Linux

类型 (Type)

  • Camera
  • Transform
  • Component
  • Object (Unity)
  • LayerMask
  • Rigidbody
  • MonoBehaviour
  • Renderer
  • Mesh
  • Behaviour
  • Physics
  • GameObject
  • Collider
  • Vector4
  • Vector3
  • Vector2
  • Quaternion
  • Bounds
  • Plane
  • Ray
  • Rect
  • Color
  • Matrix4x4
  • Array
  • String
  • Object (C#)
  • Type (C#)
  • List
  • Dictionary
  • Animator
  • CapsuleCollider
  • BoxCollider
  • Time
  • FieldInfo
  • More...

功能 (Function)

  • DumpToFile
  • 附加线程 (Thread Attach / Detach)
  • 修改静态变量值 (Modifying the value of a static variable)
  • 获取对象 (Obtaining an instance)
  • 创建C#字符串 (Create C# String)
  • 创建C#数组 (Create C# Array)
  • 创建C#对象 (Create C# instance)
  • 世界坐标转屏幕坐标/屏幕坐标转世界坐标 (WorldToScreenPoint/ScreenToWorldPoint)
  • 获取继承子类的名称 (Get the name of the inherited subclass)
  • 获取函数地址(变量偏移) 及调用(修改/获取) (Get the function address (variable offset) and invoke (modify/get))
  • 获取Gameobject组件 (Get GameObject component)
  • More...

功能使用 (How to use)

更改平台 (Change platform)

#define WINDOWS_MODE 1 // 如果需要请改为 1 | 1 if you need
#define ANDROID_MODE 0
#define LINUX_MODE 0

初始化 (Initialization)

UnityResolve::Init(GetModuleHandle(L"GameAssembly.dll | mono.dll"), UnityResolve::Mode::Mono);
// Linux or Android
UnityResolve::Init(dlopen(L"GameAssembly.so | mono.so", RTLD_NOW), UnityResolve::Mode::Mono);

参数1: dll句柄
Parameter 1: DLL handle
参数2: 使用模式
Parameter 2: Usage mode

  • Mode::Il2cpp
  • Mode::Mono

附加线程 (Thread Attach / Detach)

// C# GC Attach
UnityResolve::ThreadAttach();

// C# GC Detach
UnityResolve::ThreadDetach();

获取函数地址(变量偏移) 及调用(修改/获取) (Get the function address (variable offset) and invoke (modify/get))

const auto assembly = UnityResolve::Get("assembly.dll | 程序集名称.dll");
const auto pClass   = assembly->Get("className | 类名称");
                   // assembly->Get("className | 类名称", "*");
                   // assembly->Get("className | 类名称", "namespace | 空间命名");

const auto field       = pClass->Get<UnityResolve::Field>("Field Name | 变量名");
const auto fieldOffset = pClass->Get<std::int32_t>("Field Name | 变量名");
const int  time        = pClass->GetValue<int>(obj Instance | 对象地址, "time");
                      // pClass->GetValue(obj Instance*, name);
                       = pClass->SetValue<int>(obj Instance | 对象地址, "time", 114514);
                      // pClass->SetValue(obj Instance*, name, value);
const auto method      = pClass->Get<UnityResolve::Method>("Method Name | 函数名");
                      // pClass->Get<UnityResolve::Method>("Method Name | 函数名", { "System.String" });
                      // pClass->Get<UnityResolve::Method>("Method Name | 函数名", { "*", "System.String" });
                      // pClass->Get<UnityResolve::Method>("Method Name | 函数名", { "*", "", "System.String" });
                      // pClass->Get<UnityResolve::Method>("Method Name | 函数名", { "*", "System.Int32", "System.String" });
                      // pClass->Get<UnityResolve::Method>("Method Name | 函数名", { "*", "System.Int32", "System.String", "*" });
                      // "*" == ""

const auto functionPtr = method->function;

const auto method1 = pClass->Get<UnityResolve::Method>("method name1 | 函数名称1");
const auto method2 = pClass->Get<UnityResolve::Method>("method name2 | 函数名称2");

method1->Invoke<int>(114, 514, "114514");
// Invoke<return type>(args...);

// Cast<return type, args...>(void);
// Cast(IM::MethodPointer<return type, args...>&);
const IM::MethodPointer<void, int, bool> ptr = method2->Cast<void, int, bool>();
ptr(114514, true);
IM::MethodPointer<void, int, bool> add;
ptr = method1->Cast(add);

转存储到文件 (DumpToFile)

UnityResolve::DumpToFile("./output/");

创建C#字符串 (Create C# String)

const auto str     = UnityResolve::UnityType::String::New("string | 字符串");
std::string cppStr = str.ToString();

创建C#数组 (Create C# Array)

const auto assembly = UnityResolve::Get("assembly.dll | 程序集名称.dll");
const auto pClass   = assembly->Get("className | 类名称");
const auto array    = UnityResolve::UnityType::Array<T>::New(pClass, size);
std::vector<T> cppVector = array.ToVector();

创建C#对象 (Create C# instance)

const auto assembly = UnityResolve::Get("assembly.dll | 程序集名称.dll");
const auto pClass   = assembly->Get("className | 类名称");
const auto pGame    = pClass->New<Game*>();

获取对象 (Obtaining an instance)

const auto assembly = UnityResolve::Get("assembly.dll | 程序集名称.dll");
const auto pClass   = assembly->Get("className | 类名称");
std::vector<Player*> playerVector = pClass->FindObjectsByType<Player*>();
// FindObjectsByType<return type>(void);
playerVector.size();

世界坐标转屏幕坐标/屏幕坐标转世界坐标 (WorldToScreenPoint/ScreenToWorldPoint)

Camera* pCamera = UnityResolve::UnityType::Camera::GetMain();
Vector3 point   = pCamera->WorldToScreenPoint(Vector3, Eye::Left);
Vector3 world   = pCamera->ScreenToWorldPoint(point, Eye::Left);

获取继承子类的名称 (Get the name of the inherited subclass)

const auto assembly = UnityResolve::Get("UnityEngine.CoreModule.dll");
const auto pClass   = assembly->Get("MonoBehaviour");
Parent* pParent     = pClass->FindObjectsByType<Parent*>()[0];
std::string child   = pParent->GetType()->GetFullName();

获取Gameobject组件 (Get GameObject component)

std::vector<T*> objs = gameobj->GetComponents<T*>(UnityResolve::Get("assembly.dll")->Get("class")));
                    // gameobj->GetComponents<return type>(Class* component)
std::vector<T*> objs = gameobj->GetComponentsInChildren<T*>(UnityResolve::Get("assembly.dll")->Get("class")));
                    // gameobj->GetComponentsInChildren<return type>(Class* component)
std::vector<T*> objs = gameobj->GetComponentsInParent<T*>(UnityResolve::Get("assembly.dll")->Get("class")));
                    // gameobj->GetComponentsInParent<return type>(Class* component)

unityresolve.hpp's People

Contributors

axhlzy avatar issuimo avatar kn0wns avatar riritoninigaya avatar taiga74164 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

rjgcssw undefinedidentifier orcun9988 mikacybertron jiemking crackercat dalion971 binguoa user23333 1226357697 nonobject14514 ngoalong123 axhlzy 1sland99 mengxipeng1122 juanyess dvgco antoinelee riritoninigaya jdzjames aobanana-chan ly774508966 kenn475 x20888450 iiiimmmyyy lanbaicode npc2000 trananh1992 bmjoy stevezhou6 brynhildrinthedarkness uid000222 codsz peterpang1110 yuaom taiga74164 lin-2syq kongbaiz smallzhong bobh233 yh1094632455 matrixkung my-git-li qazwar shuaibibobo layanohateyou morrrrrrrrrrr deuteriunt malitsplus linyesyc 123456789zws kn0wns suixinba666 yimq asdlei11

unityresolve.hpp's Issues

通过字段获取其属性中的字段 

// 静态字段 private static MiniMapEntityCtrl _entityCtrl;
UnityResolve::UnityType::Object *MiniMapEntityCtrl;
assembly->Get("UIMainBattleMiniMapCtrl")->Get<UnityResolve::Field>("_entityCtrl")->GetStaticValue(&MiniMapEntityCtrl);
if (!MiniMapEntityCtrl) {
    LE("MiniMapEntityCtrl is null");
    return miniIcons;
}
LD("MiniMapEntityCtrl %p", MiniMapEntityCtrl);

// 实例字段 private UIMiniMapIconCtrl miniMapIconCtrl; // 0x160;
// 获取偏移
auto miniMapIconCtrl_Field = assembly->Get("MiniMapEntityCtrl")->Get<UnityResolve::Field>("miniMapIconCtrl");
LD("miniMapIconCtrl_Field %#x", miniMapIconCtrl_Field ? miniMapIconCtrl_Field->offset : -1);  // 能获取偏移值 0x160⭐
// 通过实例获取
auto bindingFlags = static_cast<int>(UnityResolve::UnityType::BindingFlags::NonPublic) | static_cast<int>(UnityResolve::UnityType::BindingFlags::Instance);
auto flags = static_cast<UnityResolve::UnityType::BindingFlags>(bindingFlags);
LD("miniMapIconCtrl_FieldInfo 1 %p", MiniMapEntityCtrl->GetType()->GetField("miniMapIconCtrl", flags));  // 无法获取值 0x0⭐

在 C# 中尝试构造目标内存数据进行获取能正常获取,请问是我使用姿势问题吗?
0d1f830e20c61225bd7af244840e0d27

how to fill an array with data?

const auto assembly = UnityResolve::Get("assembly.dll | 程序集名称.dll");
const auto pClass = assembly->Get("className | 类名称");
const auto array = UnityResolve::UnityType::Array::New(pClass, size);
std::vector cppVector = array.ToVector();

how to fill an array with int, float, string, object, etc. values?

crash on first attempt

hello, thanks for your making this tool, this is my first attempt to use it, it work but crash after 1-2 seconds
im using kernelsu and using zygisk to inject to game i have also tried using xdl_open , setenforce 0 but no luck, not sure if im doing something wrong or is this problem in my device?, thanks for your feedback guys.

dump file:

// Dll : Assembly-CSharp.dll
// Namespace: 
public class MyController : MonoBehaviour
{
	// Fields
        ..................
	public Boolean standup; // 0x68

code:

void hack_start() {
    LOGI("start");
    // tested with/without the following two lines
    UnityResolve::Init(dlopen("libil2cpp.so", RTLD_NOW), UnityResolve::Mode::Il2Cpp);
    UnityResolve::ThreadAttach(); // tested with/without this
    const auto assembly = UnityResolve::Get("Assembly-CSharp.dll"); 
    const auto pClass   = assembly->Get("MyController"); // crash start here
    const bool standup       = pClass->Get<UnityResolve::Field>("standup");
    LOGI("standup: %i", standup);

    LOGI("end");

    
}

crash log:

08-12 21:16:07.615 12311 12328 E CRASH   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
08-12 21:16:07.615 12311 12328 E CRASH   : Version '2022.3.11f1 (d00248457e15)', Build type 'Release', Scripting Backend 'il2cpp', CPU 'arm64-v8a'
08-12 21:16:07.615 12311 12328 E CRASH   : Build fingerprint: 'Redmi/tapas_global/tapas:13/TKQ1.221114.001/V14.0.14.0.TMTMIXM:user/release-keys'
08-12 21:16:07.615 12311 12328 E CRASH   : Revision: '0'
08-12 21:16:07.615 12311 12328 E CRASH   : ABI: 'arm64'
08-12 21:16:07.616 12311 12328 E CRASH   : Timestamp: 2024-08-12 21:16:07.615685277+0200
08-12 21:16:07.616 12311 12328 E CRASH   : pid: 12311, tid: 12328, name: lerians.evilnun  >>> com.keplerians.evilnun <<<
08-12 21:16:07.616 12311 12328 E CRASH   : uid: 10339
08-12 21:16:07.616 12311 12328 E CRASH   : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr --------
08-12 21:16:07.616 12311 12328 E CRASH   : Cause: null pointer dereference
08-12 21:16:07.616 12311 12328 E CRASH   :     x0  0000000000000000  x1  0000007a88c94af8  x2  0000007a88c94b40  x3  0000007a88c94b28
08-12 21:16:07.616 12311 12328 E CRASH   :     x4  0000007a8bf5195b  x5  0000007a88c94b2a  x6  000000000000002a  x7  000000000000002a
08-12 21:16:07.616 12311 12328 E CRASH   :     x8  000000000000002a  x9  0000000000000000  x10 0000000000000038  x11 fffffffffffffffd
08-12 21:16:07.616 12311 12328 E CRASH   :     x12 53432d796c626d65  x13 6c6c642e70726168  x14 0000007a88c94698  x15 0000007b664d8982
08-12 21:16:07.616 12311 12328 E CRASH   :     x16 0000007a8bf69920  x17 0000007b66536160  x18 0000007a2db04000  x19 b400007b67e88ee0
08-12 21:16:07.616 12311 12328 E CRASH   :     x20 0000000000000000  x21 0000007a88c95000  x22 0000000000000061  x23 0000007a88c95000
08-12 21:16:07.616 12311 12328 E CRASH   :     x24 0000000000000026  x25 0000000000000000  x26 0000000000000000  x27 00000000000fc000
08-12 21:16:07.616 12311 12328 E CRASH   :     x28 00000000000fe000  x29 0000007a88c94ae0
08-12 21:16:07.616 12311 12328 E CRASH   :     lr  0000007a8bea3104  sp  0000007a88c94a80  pc  0000007a8bea33b8  pst 0000000080000000
08-12 21:16:07.616 12311 12328 E CRASH   : backtrace:
08-12 21:16:07.616 12311 12328 E CRASH   :       #00 pc 000000000000e3b8  /memfd:jit-cache (deleted)
08-12 21:16:07.616 12311 12328 E CRASH   :       #01 pc 000000000000e100  /memfd:jit-cache (deleted)
08-12 21:16:07.616 12311 12328 E CRASH   :       #02 pc 000000000000e760  /memfd:jit-cache (deleted)
08-12 21:16:07.616 12311 12328 E CRASH   :       #03 pc 000000000000dbc0  /memfd:jit-cache (deleted)
08-12 21:16:07.616 12311 12328 E CRASH   :       #04 pc 00000000000f55c8  /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+208) (BuildId: 449f781894033dce6346794a1ee593e0)
08-12 21:16:07.616 12311 12328 E CRASH   :       #05 pc 000000000008efbc  /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+68) (BuildId: 449f781894033dce6346794a1ee593e0)

#ASK

in dump.cs:
public class SystemData // TypeDefIndex: 6327
{
public static bool bIsHookProtect; // 0x1020 field
public static bool GetIsFirstLogin() { } //method
}

in main.cpp:
const auto assembly = UnityResolve::Get("Assembly-CSharp.dll");
const auto SystemData = assembly->Get("SystemData");
const auto bIsHookProtect = SystemData->GetUnityResolve::Field("bIsHookProtect");
const auto GetIsFirstLogin = SystemData->GetUnityResolve::Method("GetIsFirstLogin");
auto disable = false;
bIsHookProtect->SetValue(&disable);
GetIsFirstLogin->Invoke(true);

am I right?

mono-2.0-bdwgc.dll crash

unity 2018.4.36f
Mono Mode is Process Crashed
UnityResolve::Init(GetModuleHandle(L"mono-2.0-bdwgc.dll"), UnityResolve::Mode::Mono);

Generic

Would you possibly be able to add generic methods?

How to create an instance and call a method?

For example, we have a DirectoryInfo class in mscorlib, which methods take an its instance as first argument, which in-game being created using .ctor method and passing in it the needed path for later usage.

GetFiles, for example:

image

How to process that using UnityResolve?

error on android device

There was no error in the compilation but when opening the game it closes, game used: Subway Surfers V_3.26.1

关于Android平台闪退问题

我试了下应该是Invoke函数模板的问题 可能在win下面是能获取到il2cpp函数地址的 但在Android下面会闪退 如果用三方工具获取il2cpp函数地址的话能正常使用 逻辑应该没问题是通用的 我只改了部分代码 能看到image dll数量可以获取到 参考来自这个项目https://github.com/Perfare/Zygisk-Il2CppDumper

Screenshot_2024-04-19-10-45-03-307_com termux
Screenshot_2024-04-19-10-45-45-520_bin mt plus
Screenshot_2024-04-19-10-45-37-185_bin mt plus

How to Access a Component (class) for a specific object

Like the title says, I would like to ask how to Access a script attached to a specific Gameobject
in your Doc you Said that it's Possible to Get All instances of a Class
using FindGameobjectofType...
for example

auto playerControllerClass = UnityResolve::Get("Assembly-CSharp.dll")->Get("PlayerTargetCloser")
auto playerObjects = playerControllerClass->FindObjectsByType<UnityResolve::UnityType::GameObject*>();

and then iterate for each instance..
for (auto playerObject : playerObjects) { etc

But what if , i want to access a specific Component Script attached to A Specific gameobject : "Player1" using ..

UnityResolve::UnityType::GameObject* player1 = UnityResolve::UnityType::GameObject::Find("Player1");

i want to access the PlayerControllerClass of this Specific Gameobject that i found Using Find( ) function

an Other Question is
how to access an other component (script) that is Attached to this Player, i Already get the PlayerController gameobject instances
these gameobject instances have an other component HealthController

how to access them based on the gameobject instances we already found

auto playerControllerClass = UnityResolve::Get("Assembly-CSharp.dll")->Get("PlayerTargetCloser")
auto playerObjects = playerControllerClass->FindObjectsByType<UnityResolve::UnityType::GameObject*>();
for (auto playerObject : playerObjects) {
// here i want to get the HealthComponent Class of Each PlayerObject

And the Final Question

I want to
1 Find All Instances of PlayerController
for each gameobject instance of this class
i want to access this PlayerControllerCompont Because in it's Fields it have a reference to an other script called
playerbehaviour in the field --- (PlayerController._behaviour)

this playerbehaviour component (script) have a reference to an other Custom class in it's field
playerbehaviour._playerstatsTemplate

This Playerstats

Based on the dump is a custom class

(ObjectModel.Playerstats)


	namespace: ObjectModel
	Assembly: Assembly-CSharp.dll
	AssemblyFile: Assembly-CSharp.dll 
	class Playerstats: Object {
	
	        +0X030 | System.String name;
		+0X038 | System.String description;
		+0X044 | System.Int32 stamina;
		+0X050 | System.Decimal Weight;

i would be very thankful to you if you clarify on more how to use your tool, its very awesome, flexible
but a bit overwhelming

i tried Asking GPT4 OPUS GEMINI , none could give me the answer by the way )
thanks

DumpToFile does not write data to a file

I used the unityresolve file from the phasmophobia project, because the file from the main project is erroneous, when using the following lines, the code does not perform its function but simply creates empty files

UnityResolve::Init(GetModuleHandleA("GameAssembly.dll"), UnityResolve::Mode::Il2Cpp);

   UnityResolve::DumpToFile("C:/Users/hz/somethinggg/");

#include <ranges>

if you getting error with #include

just use change it to
#if WINDOWS_MODE || LINUX_MODE /__cplusplus >= 202002L/
#include
#endif

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.