Help/Support Getting offsets of functions in a non-unity game

Turtle3925 · March 29, 2020

Hi all,

I have been making simple MS hacks for quite a while now and I decided that I would like to create some mod menu hacks. I followed ZoZo’s tutorial on how to hack a unity game which required you to use IDA Pro and il2cpp get the offsets. il2cpp requires the global-metadata.dat and the globalgamemanagers file which only appear in the files of unity games. So on to the main point of this post; how would I get the offsets without a tool like il2cpp? I have already searched and couldn’t really find anything. I have found tutorials using programs like iGameGuardian and setting watchpoints but that is for values in the memory and I am looking for the offsets of a function. Thanks in advance.

Updated March 29, 2020 by Turtle3925

0xNoctis · March 30, 2020

18 hours ago, Turtle3925 said:

Hi all,

I have been making simple MS hacks for quite a while now and I decided that I would like to create some mod menu hacks. I followed ZoZo’s tutorial on how to hack a unity game which required you to use IDA Pro and il2cpp get the offsets. il2cpp requires the global-metadata.dat and the globalgamemanagers file which only appear in the files of unity games. So on to the main point of this post; how would I get the offsets without a tool like il2cpp? I have already searched and couldn’t really find anything. I have found tutorials using programs like iGameGuardian and setting watchpoints but that is for values in the memory and I am looking for the offsets of a function. Thanks in advance.

Well I mean you could use LLDB method via A cheat engine and lldb debugger or the other way is searching the strings of the game using IDA Just load up the binary in Ida wait for it to load then simply search threw the strings (if you’re not familiar then it will be hella hard)

Turtle3925 · April 4, 2020

On 3/30/2020 at 1:32 PM, Noctisx said:

Well I mean you could use LLDB method via A cheat engine and lldb debugger or the other way is searching the strings of the game using IDA Just load up the binary in Ida wait for it to load then simply search threw the strings (if you’re not familiar then it will be hella hard)

LLDB or GDB are for values in the memory... I’m looking for how to find the offsets for a function such as - (int)coins.

0xNoctis · April 4, 2020

Just now, Turtle3925 said:

LLDB or GDB are for values in the memory... I’m looking for how to find the offsets for a function such as - (int)coins.

use llc2ppdumper and dump the Game if its a unity game and download Dnspy and Drag the dummyDll files into dnspy and search for what you want

example https://prnt.sc/rsx7h7 Also chage the search method to method

Turtle3925 · April 4, 2020

12 minutes ago, Noctisx said:

use llc2ppdumper and dump the Game if its a unity game and download Dnspy and Drag the dummyDll files into dnspy and search for what you want

example https://prnt.sc/rsx7h7 Also chage the search method to method

My post literally says not a unity game lmao

0xNoctis · April 4, 2020

Just now, Turtle3925 said:

My post literally says not a unity game lmao

Oh sh!t lmao well your gonna have to use the Strings View in IDA and Openrend to xref to be able to see the Funtions itself

Turtle3925 · April 4, 2020

11 minutes ago, Noctisx said:

Oh sh!t lmao well your gonna have to use the Strings View in IDA and Openrend to xref to be able to see the Funtions itself

Thanks! Following Shmoos tutorial now. I have 54 functions so rip me 😩

Ted2 · April 8, 2020

I'd suggest setting up LLDB, so you can use strings & breakpoints while hacking. Breakpoints are very useful, as it'll freeze the game if the location you set a breakpoint on is used, so for example if you think you found ammo & you shoot, it should freeze the game because of the ammo value changes.

You can also see which registers hold what, so then you'd also know which register to hack.