Help/Support Tweak Crashes - IDA Function Offset Hooking

Dan L. · August 22, 2019

I'm trying to hack Guns of Boom by hooking offsets from IDA into tweak.xm but it crashes.

I used IL2cppdumper to dump the unity files.

My Device:

iPhone 7 Plus

12.1.4 Unc0ver Jailbreak

Using SDK 10.3

Used this tut to install Theos:

Here is my tweak.xm

#import <substrate.h>
#import <Foundation/Foundation.h>
#import <mach-o/dyld.h>

void (*old_updateSpread)(void *self);

static void updateSpread(void *self) {
	
}

void (*old_applySpread)(void *self);

static void applySpread(void *self) {
	
}

void (*old_resetAccum)(void *self);

static void resetAccum(void *self) {
	
}

void (*old_accumulationEnd)(void *self);

static void accumulationEnd(void *self) {
	
}


%ctor {
	MSHookFunction((void*)(_dyld_get_image_vmaddr_slide(0) + 0x01B95FBC),(void*)updateSpread,(void**)&old_updateSpread);

	MSHookFunction((void*)(_dyld_get_image_vmaddr_slide(0) + 0x01B96670),(void*)applySpread,(void**)&old_applySpread);

	MSHookFunction((void*)(_dyld_get_image_vmaddr_slide(0) + 0x01B96C3C),(void*)resetAccum,(void**)&old_resetAccum);

	MSHookFunction((void*)(_dyld_get_image_vmaddr_slide(0) + 0x01B980FC),(void*)accumulationEnd,(void**)&old_accumulationEnd);
}

Also my makefile:

ARCHS = armv7 arm64
TARGET = iphone:clang:latest:latest
THEOS_PACKAGE_DIR_NAME = debs
CFLAGS = -fobjc-arc

include /var/theos/makefiles/common.mk

TWEAK_NAME = GunsOfBoomCheats
GunsOfBoomCheats_FILES = Tweak.xm
GunsOfBoomCheats_LDFLAGS += -Wl,-segalign,4000

include /var/theos/makefiles/tweak.mk

after-install::
	install.exec "killall -9 SpringBoard"

Crash report: https://imgur.com/a/LyYDHVL

Rook · August 22, 2019

Hello,

This won't work because you're using vp_Shooter$$ResetAccumulation as symbols when they are not.

You should hook the function offset instead of the function name.

Dan L. · August 22, 2019

35 minutes ago, DADi said:

Hello,

This won't work because you're using vp_Shooter$$ResetAccumulation as symbols when they are not.

You should hook the function offset instead of the function name.

Would this be the offset? https://imgur.com/a/mGBaqKA