Jump to content

🛡️ Introducing Shiro Security - Game Security Research & Engineering

×
Community Announcements, Giveaways & More!

MSHookFunction issue. Game crashes instantly on launch

carpoa

By carpoa
in Help & Support

 Share

5 posts in this topic

Recommended Posts

carpoa Community Regular

carpoa 3.6k
  •   iPhone SE (2020) 
  •   16

    • Posted
    Posted (edited)

    I havent really got too much of a clue of what I am doing as I don't exaactly have a clear understanding off how MS stuff works. I follow this tutorial. Not sure if its out dated or not.

    Code: 

    @import Foundation;
@import UIKit;
#import "Menu.h"
#import <substrate.h>
#import <mach-o/dyld.h>
#include <substrate.h>

/*%ctor {
    [APMenu.sharedInstance setTargetBinaryNamed:APEncrypt("@Framework/UnityFramework.framework/UnityFramework")];
    //[APMenu.sharedInstance setTargetBinaryNamed:@"Frameworks/FrameworkName.framework/ExecutableName"];
    //[APPatch writeToOffset:APEncrypt("10020081C") hexValue:APEncrypt("C0035FD6")]; // 

  	// obf long: get_Value)_
    //[APPatch writeToOffset:APEncrypt("024E038C") hexValue:APEncrypt("400680D21F2003D5C0035FD6")]; // 
    //iG_writeData((APEncrypt("1001D9900")), APEncrypt("20008052C0035FD6")); // writeData is still available for use
}*/
// ignore WIP
void infAutoSwipe()
{
}

bool ReturnTrue()
{
 return true; 
}

double ReturnNone()
{
 return 0; 
}
double multi()
{
 return 99; 
}

%ctor{
  [APMenu.sharedInstance setTargetBinaryNamed:APEncrypt("@Framework/UnityFramework.framework/UnityFramework")];
  //MSHookFunction(((void*)MSFindSymbol(NULL, "Alexplay.OilRush.App.Extraction.Machines.SwipeChargingMachineActionDetector$$SetSwipeProgress")),(void*)infAutoSwipe, NULL); // should give inf auto swipe
  MSHookFunction(((bool*)MSFindSymbol(NULL, "Alexplay.OilRush.App.Extraction.Machines.MachineUtils$$IsMachineOwned")),(bool*)ReturnTrue, NULL); // own all machines
  MSHookFunction(((double*)MSFindSymbol(NULL, "Alexplay.OilRush.App.Extraction.Machines.Upgrades.MachineUpgradeUtils$$GetPrice")),(double*)ReturnNone, NULL); // 0 upgrade price
  MSHookFunction(((double*)MSFindSymbol(NULL, "Alexplay.OilRush.App.Extraction.Machines.Machine$$get_ExtractionMultiplier")),(double*)multi, NULL); // 99x extract multi
}

     

    If someone could help that would mean alot aswell as give a good explanation of function hooking etc. The tutorials available kind of confuse me.

    Also some functions have custom types and or types that I cannot define by default so I am not too sure what to do about those.

    Updated by carpoa
    0xNoctis Community Regular

    0xNoctis 9.8k
  •   iPad Pro (5th gen) 
  •   13.3
  • Donor
  •  

    • Posted
    Posted
    1 hour ago, carpoa said: 
    //MSHookFunction(((void*)MSFindSymbol(NULL, "Alexplay.OilRush.App.Extraction.Machines.SwipeChargingMachineActionDetector$$SetSwipeProgress")),(void*)infAutoSwipe, NULL); // should give inf auto swipe

    Is there supposed to be a // at the start?

    0xNoctis Community Regular

    0xNoctis 9.8k
  •   iPad Pro (5th gen) 
  •   13.3
  • Donor
  •  

    • Posted
    Posted
    1 hour ago, carpoa said: 
    /*%ctor {
    [APMenu.sharedInstance setTargetBinaryNamed:APEncrypt("@Framework/UnityFramework.framework/UnityFramework")];
    //[APMenu.sharedInstance setTargetBinaryNamed:@"Frameworks/FrameworkName.framework/ExecutableName"];
    //[APPatch writeToOffset:APEncrypt("10020081C") hexValue:APEncrypt("C0035FD6")]; // 

  	// obf long: get_Value)_
    //[APPatch writeToOffset:APEncrypt("024E038C") hexValue:APEncrypt("400680D21F2003D5C0035FD6")]; // 
    //iG_writeData((APEncrypt("1001D9900")), APEncrypt("20008052C0035FD6")); // writeData is still available for use
}*/
// ignore WIP

    Im no expert but worth a shot

    Wouldn't you need to uncomment  /*%ctor { so that @Framework/UnityFramework.framework/UnityFramework" can be used? 

    carpoa Community Regular

    carpoa 3.6k
  •   iPhone SE (2020) 
  •   16

    • Posted
    • Author
    Posted
    Just now, Zeref said:

    Im no expert but worth a shot

    Wouldn't you need to uncomment  /*%ctor { so that @Framework/UnityFramework.framework/UnityFramework" can be used? 

    If you look down its already done again.

     

    Quote 
    %ctor{
  [APMenu.sharedInstance setTargetBinaryNamed:APEncrypt("@Framework/UnityFramework.framework/UnityFramework")];
  //MSHookFunction(((void*)MSFindSymbol(NULL, "Alexplay.OilRush.App.Extraction.Machines.SwipeChargingMachineActionDetector$$SetSwipeProgress")),(void*)infAutoSwipe, NULL); // should give inf auto swipe
  MSHookFunction(((bool*)MSFindSymbol(NULL, "Alexplay.OilRush.App.Extraction.Machines.MachineUtils$$IsMachineOwned")),(bool*)ReturnTrue, NULL); // own all machines
  MSHookFunction(((double*)MSFindSymbol(NULL, "Alexplay.OilRush.App.Extraction.Machines.Upgrades.MachineUpgradeUtils$$GetPrice")),(double*)ReturnNone, NULL); // 0 upgrade price
  MSHookFunction(((double*)MSFindSymbol(NULL, "Alexplay.OilRush.App.Extraction.Machines.Machine$$get_ExtractionMultiplier")),(double*)multi, NULL); // 99x extract multi
}

     

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now
     Share
    Go to topic listing
    ×
    ×
    • Create New...

    Important Information

    We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines