Android Tutorial ARM64 Unity String Function Hooking LGL Menu

[xxbatman9898 749 Galaxy S21 11]

Hooking string functions for libil2cpp games is a little different than hooking int or bool functions because unity uses a different type of string.

Create a header file e.g. Strings.h

#include "Includes/Utils.h"
typedef struct _monoString {
    void *klass;
    void *monitor;
    int length;
    char chars[1];

    int getLength() {
        return length;
    }

    char *getChars() {
        return chars;
    }
} monoString;

Paste this code into it. This is a typedef so we can handle mono string types.

Now inside of your Main.cpp include this header

#include "Includes/Strings.h" // location relative to Main.cpp if its in a higher hiarchy use "../"

Now inside Main.cpp create your function pointers I put mine just below the My_Patches struct.

monoString *(*String_CreateString)(void *_this, const char *str);
void (*get_StringInstance);

 

Now inside your hackthread function assign your String_CreateString and get_StringInstance.

String_CreateString = (monoString*(*)(void *,const char *))getAbsoluteAddress(targetLibName, 0x1646CA0);
   get_StringInstance  = (void (*))getAbsoluteAddress(targetLibName,0x1646CA0);

To find the offsets Search in your dump.cs for a createstring method, which takes in only one variable called sbyte* value.

put that offset in both get_StringInstance and String_CreateString.


now you can hook string functions.

here is a hook for function.

First we hook the update function in the playercontroller class.
then inside that class is a function Debug_MoveToPointImmediate which takes a monostring parameter.

void (*Debug_MoveToPointImmediate)(void *instance, monoString * PointID);
bool MoveToCastle = false;
bool MoveToHome = false;
void(* old_UpdateMap)(void * instance);
void UpdateMap(void*instance) {
    if(instance != NULL ) {
       if(MoveToCastle) {
           MoveToCastle = false;
           Debug_MoveToPointImmediate(instance,String_CreateString(get_StringInstance,"castle"));
       }
        if(MoveToHome) {
            MoveToHome = false;
            Debug_MoveToPointImmediate(instance,String_CreateString(get_StringInstance,"home"));
        }

    }
    old_UpdateMap(instance);
}

when passing the string into the parameter use String_CreateString(get_StringInstance,"string you want to pass")

now we assign the pointer function and hook the player update inside the hackthread.

A64HookFunction((void*)getAbsoluteAddress(targetLibName, 0x19DDDD4),  (void*)UpdateMap, (void**)&old_UpdateMap);
Debug_MoveToPointImmediate = (void (*)(void *,monoString *))getAbsoluteAddress(targetLibName, 0x19E07A4);

and your done. You can use the String_CreateString(get_StringInstance,"string you want to pass") in any function which takes a string. If its a string returning function you could use
return String_CreateString(get_StringInstance,"string you want to return").

connecting to a button is simple.

add the features :

add the cases:

Because the function is in a update that is called 60 times per second, we set it to true when the button is clicked and then inside the update function set it to false once it is run. This is so it isn't called more than once. you would do this differently if it was a function you want to keep being called like a toggle function.

DONE.