Help/Support LF help with hooking function calls with latest mod menu template (Unity)

n1ce0n3 · December 19, 2021

Hi there guys,

It's been a while since I did mod something for iOS, please, let me know what I'm doing wrong here.

Below is the top of my Tweak.xm

#import "Macros.h"

/***********************************************************
  INSIDE THE FUNCTION BELOW YOU'LL HAVE TO ADD YOUR SWITCHES!
***********************************************************/


void(*Load)(void *this_) = (void(*) (void *))getRealOffset("0x101D46508");
void(*ctor0)(void *this_) = (void(*) (void *))getRealOffset("0x101DFA0B4");
void(*ctor1)(void *this_) = (void(*) (void *))getRealOffset("0x101D4752C");
void(*ctor2)(void *this_) = (void(*) (void *))getRealOffset("0x101D475C0");
void(*ctor3)(void *this_) = (void(*) (void *))getRealOffset("0x10247B024");
void(*ctor4)(void *this_) = (void(*) (void *))getRealOffset("0x10247B610");
void(*ctor5)(void *this_) = (void(*) (void *))getRealOffset("0x101B75B94");
void(*ctor6)(void *this_) = (void(*) (void *))getRealOffset("0x101E26324");
void(*OnGui)(void *this_) = (void(*) (void *))getRealOffset("0x101D46B6C");

void (*oldBattle)(void *e);
void onBattle(void *e){
  if (e != NULL) {
  if ([switches isSwitchOn:NSSENCRYPT("onBattle")]) {
      ctor0(e);
      ctor1(e);
      ctor2(e);
      ctor3(e);
      ctor4(e);
      ctor5(e);
      ctor6(e);
      Load(e);
      OnGui(e);
      return oldBattle(e);
  }
  else
    return oldBattle(e);
  } 
}


void setup()
{


  [switches addSwitch:NSSENCRYPT("onBattle")
    description:NSSENCRYPT("onBattle")
  ];


HOOK(ENCRYPTOFFSET("0x101C6B714"), onBattle, oldBattle);
}

I'm not C guy, so I don't completely understand the 'void(*ctor5)(void *this_) = (void(*) (void *))getRealOffset("0x101B75B94");' structure, but it used to work pretty much like that in the old days.

The mod menu I'm using is this one: https://github.com/joeyjurjens/iOS-Mod-Menu-Template-for-Theos

It is mentioned in the repo's readme that

A quick note before showing all the switch examples; You can and should encrypt offsets, hexes, c-strings and NSStrings. Below you can find the proper syntax per string-type.

ENCRYPTOFFSET("0x10047FD90")

However, the template tweak.xm doesn't have any "HOOK's" or getting void from an existing pointer into a variable (?not sure if that makes sense)

Basically, what I'm trying to do is:

There is a function, e.g. killAll with the address 0x1337FFFF and a Battle Update function on another address.

First I need to get the killAll function from an address.

Earlier, I would do something like that (void(*killAll)(void *instance) = (void (*)(void*))getRealOffset(0x1337FFFF);

Nowadays, I'm not sure about these things and would love you to help me figure:

1.Whether that is going to work or not

2. Should I do getRealOffset(0x1337FFFF) or getRealOffset(ENCRYPTOFFSET("0x1337FFFF"));

3. Should I add the ENCRYPTOFFSET part in the HOOK at the very end of my code

4. Anything else I'm missing or doing wrong.

Also, according to my logic - these two codes below should result in the same

if ([switches isSwitchOn:NSSENCRYPT("onBattle")]) {
      ctor0(e);
      ctor1(e);
      ctor2(e);
      ctor3(e);
      ctor4(e);
      ctor5(e);
      ctor6(e);
      Load(e);
      OnGui(e);
      return oldBattle(e);
  }
  else
    return oldBattle(e);
  } 

or 


if ([switches isSwitchOn:NSSENCRYPT("onBattle")]) {
      ctor0(e);
      ctor1(e);
      ctor2(e);
      ctor3(e);
      ctor4(e);
      ctor5(e);
      ctor6(e);
      Load(e);
      OnGui(e);
  }
     return oldBattle(e);
  }

Just wanted to make sure about the last one too.

Thanks in advance

X204 · December 22, 2021

On 12/20/2021 at 12:36 AM, n1ce0n3 said:

1.Whether that is going to work or not

2. Should I do getRealOffset(0x1337FFFF) or getRealOffset(ENCRYPTOFFSET("0x1337FFFF"));

3. Should I add the ENCRYPTOFFSET part in the HOOK at the very end of my code

4. Anything else I'm missing or doing wrong.

1- it depends on the game
2- doesn't matter
3- no need for that " i recommend use it for strings & bytes"
4- 👇

if ([switches isSwitchOn:NSSENCRYPT("onBattle")]) {
      ctor0(e);
      ctor1(e);
      ctor2(e);
      ctor3(e);
      ctor4(e);
      ctor5(e);
      ctor6(e);
      Load(e);
      OnGui(e);
  }
     oldBattle(e);
  }