Help needed for finding functions to hook

[lonevox]

Hi, I'm new to hacking so I'm afraid that I might be looking at this whole process the wrong way. Basically, I want to read the local players data, other players data, visible enemy data, and tile/map data. I'm not trying to cheat, I just want to be able to identify values and hook functions that will give me access to those values so that I can read them. Anyhow, here's what I think my process should be:

1. Identify value in Cheat Engine (such as the local players HP).
2. Find what accesses the address of that value and view its assembly code.
3. Identify what function the assembly code is in with Cheat Engine's mono disector.
4. Try and figure out what the function does and, more importantly, identify its parameters.
5. If I find out that a parameter is something relevant (like a player object or something), hook the function with C++ (not sure how, I'm still looking into how it's done).

So am I thinking of it wrong? How do people seem to find functions to hook so easily? And are there any better ways to achieve what I want? I know it's a big question, so any help is greatly appreciated

[[MPGH]HALOS117]

@lonevox Thread approved.

[DIA4A]

Your best bet at something like that probably is https://******.com/Perfare/Il2CppDum...r/Il2CppDumper
Start it, select the gameassembly.dll and then the global-metadata or whatever for il2cpp and it will generate some shit
If you use IDA, after you have loaded the gameassembly.dll fully and have made sure you have python installed run the script ida_with_structs.py through File -> Run Script File and let it run until it has finished
Most functions should have names as well as some of their parameters and parameter data types which should help with finding functions to hook

[lonevox]

Your best bet at something like that probably is https://******.com/Perfare/Il2CppDum...r/Il2CppDumper
Start it, select the gameassembly.dll and then the global-metadata or whatever for il2cpp and it will generate some shit
If you use IDA, after you have loaded the gameassembly.dll fully and have made sure you have python installed run the script ida_with_structs.py through File -> Run Script File and let it run until it has finished
Most functions should have names as well as some of their parameters and parameter data types which should help with finding functions to hook

Thank you, that worked! The functions that I want to hook are still obfuscated as they're in Assembly-CSharp.dll but IDA will make reverse engineering the code much easier.

[blueboy6032]

Your best bet at something like that probably is https://******.com/Perfare/Il2CppDum...r/Il2CppDumper
Start it, select the gameassembly.dll and then the global-metadata or whatever for il2cpp and it will generate some shit
If you use IDA, after you have loaded the gameassembly.dll fully and have made sure you have python installed run the script ida_with_structs.py through File -> Run Script File and let it run until it has finished
Most functions should have names as well as some of their parameters and parameter data types which should help with finding functions to hook

I am able to generate an IDA script using IL2CPPInspector, but I am using dnSpy to view the dump created by IL2CPPDumper. dnSpy does not have an option to run scripts. I'm still very new to reverse engineering can you elaborate more on the IDA part? Do I just install the Python IDE from their official website and run the script?

[DIA4A]

I am able to generate an IDA script using IL2CPPInspector, but I am using dnSpy to view the dump created by IL2CPPDumper. dnSpy does not have an option to run scripts. I'm still very new to reverse engineering can you elaborate more on the IDA part? Do I just install the Python IDE from their official website and run the script?

First make sure you are generating a script of the real game, not the launcher and then I suggest getting IDA, I personally use IDA 7
Once you have it, load GameAssembly.dll and then after installing python which is 2.7 ( https://www.python.org/downloads/release/python-2714/ ) in this case,
go to the top left and press file and from there Script File ( https://i.gyazo.com/6eede1bc690df905...3ebec137c7.png ) and select the ida_with_structs script

[blueboy6032]

First make sure you are generating a script of the real game, not the launcher and then I suggest getting IDA, I personally use IDA 7
Once you have it, load GameAssembly.dll and then after installing python which is 2.7 ( https://www.python.org/downloads/release/python-2714/ ) in this case,
go to the top left and press file and from there Script File ( https://i.gyazo.com/6eede1bc690df905...3ebec137c7.png ) and select the ida_with_structs script

When I load the GameAssembly.dll, do I load it as a binary file or as the other option? Should I load the dump files generated by ILCPP dumper instead? (The C Sharp DLL File). I also have a IDA python script generated by IL2CPPInspector, should I use that instead or the one in the game's directory? Also when I click on ther "Script File" it doesn't seem to accept python scripts, maybe I'm doing something wrong?

Since it only accepts ".idc" files by default. I changed the file type to "all files" and tried launching the python script with struct. I get the following error



Sorry for these barrage of questions. I'm very noob and I'm learning as I go.

Edit: The image doesn't seem to load, probably since I'm a new member. The error I get is "bad or ill-formed preprocessor command".

[DIA4A]

When I load the GameAssembly.dll, do I load it as a binary file or as the other option? Should I load the dump files generated by ILCPP dumper instead? (The C Sharp DLL File). I also have a IDA python script generated by IL2CPPInspector, should I use that instead or the one in the game's directory? Also when I click on ther "Script File" it doesn't seem to accept python scripts, maybe I'm doing something wrong?

Since it only accepts ".idc" files by default. I changed the file type to "all files" and tried launching the python script with struct. I get the following error



Sorry for these barrage of questions. I'm very noob and I'm learning as I go.

Edit: The image doesn't seem to load, probably since I'm a new member. The error I get is "bad or ill-formed preprocessor command".

Make sure to use IDA64.
Make sure to have python installed and when opening ida make sure it doesnt give an error message about python64.dll not being loaded.
I've no clue what the generated dll file is for but in my eyes its useless.
The image wasnt supposed to load, its a screenie you can open on a new tab.
When using the IDA script, I suggest using the one generated by il2cppdumper as I've no clue how the inspector one varies.
The GameAssembly.dll is technically cpp (il2cpp) so don't go about looking at c# stuff and hoping you can figure something out, rather use a dissasembler like IDA and read the assembly/pseudocode.
Try more conventional methods of finding info like cheat engine your hp, attach debugger, find where its written and from that you will find the offset + a way to get player pointers.
And finally, this il2cpp bullshit is pure anal cancer fat indian curry cock aids compared to assembly fom real c++ code in games like csgo so you might wanna look into normal reverse engineering first.

[blueboy6032]

Make sure to use IDA64.
Make sure to have python installed and when opening ida make sure it doesnt give an error message about python64.dll not being loaded.
I've no clue what the generated dll file is for but in my eyes its useless.
The image wasnt supposed to load, its a screenie you can open on a new tab.
When using the IDA script, I suggest using the one generated by il2cppdumper as I've no clue how the inspector one varies.
The GameAssembly.dll is technically cpp (il2cpp) so don't go about looking at c# stuff and hoping you can figure something out, rather use a dissasembler like IDA and read the assembly/pseudocode.
Try more conventional methods of finding info like cheat engine your hp, attach debugger, find where its written and from that you will find the offset + a way to get player pointers.
And finally, this il2cpp bullshit is pure anal cancer fat indian curry cock aids compared to assembly fom real c++ code in games like csgo so you might wanna look into normal reverse engineering first.

This is very strange. I downloaded the latest version if Python, that is python 3. When I double click on the IDA with struct script nothing happens. That or a terminal opens and instantly closes.

I've done a bit in cheat engine and went as far as using its mono dissassembler. When I'm doing that on ROTMG, it shows the same weird variable names inside the dump files. I don't know how you guys approach it but the standard seems to be to use IDA rather then cheat engine and modifying from there instead.

Adding to the script issue. Before I downloaded Python, I opened a py file with notepad and accidently set this as the default software to open. Maybe this is what causes the problem? Or maybe its because I have Python3 rather than Python2 installed.

[DIA4A]

This is very strange. I downloaded the latest version if Python, that is python 3. When I double click on the IDA with struct script nothing happens. That or a terminal opens and instantly closes.

I've done a bit in cheat engine and went as far as using its mono dissassembler. When I'm doing that on ROTMG, it shows the same weird variable names inside the dump files. I don't know how you guys approach it but the standard seems to be to use IDA rather then cheat engine and modifying from there instead.

Adding to the script issue. Before I downloaded Python, I opened a py file with notepad and accidently set this as the default software to open. Maybe this is what causes the problem? Or maybe its because I have Python3 rather than Python2 installed.

https://www.python.org/downloads/release/python-2714/
This python is the one IDA 7 specifies to install and use lol

[blueboy6032]

O damn, it never mentions that on its official page. Thank you

Before I can finally venture off into this journey of hacking. Do you have any tips when it comes to ROTMG specifically?

[DIA4A]

O damn, it never mentions that on its official page. Thank you

Before I can finally venture off into this journey of hacking. Do you have any tips when it comes to ROTMG specifically?

not really lol

[blueboy6032]

This is very strange. I downloaded the latest version if Python, that is python 3. When I double click on the IDA with struct script nothing happens. That or a terminal opens and instantly closes.

I've done a bit in cheat engine and went as far as using its mono dissassembler. When I'm doing that on ROTMG, it shows the same weird variable names inside the dump files. I don't know how you guys approach it but the standard seems to be to use IDA rather then cheat engine and modifying from there instead.

Adding to the script issue. Before I downloaded Python, I opened a py file with notepad and accidently set this as the default software to open. Maybe this is what causes the problem? Or maybe its because I have Python3 rather than Python2 installed.

Okay so I figured out what was wrong. For anyone else who had the same issue I'll post my solution here.
In order to run Python scripts, you have to use IDA Pro, not the IDA freeware version. IDA pro has a bunch of neat and necessary features for game hacking including the python script issue that I had problems with previously.