Android Tutorial Some C# To Il2cpp Conversions

Jbro129 · February 9, 2018

Background

I created a unity project on my computer and wrote simple C# to then convert to Arm through Unity's Il2cpp compiler. I have more complicated conversions but they would be pretty hard to explain. If you do want those conversions then make sure to comment below

Example Conversions

Force True: C#

    private bool True()
    {
        return true;
    }

Force True: IDA Arm

 MOV             R0, #1
 BX              LR
hex -> 01 00 A0 E3 1E FF 2F E1

Force False: C#

    private bool False()
    {
        return false;
    }

Force False: IDA Arm

 MOV             R0, #0
 BX              LR
hex -> 00 00 A0 E3 1E FF 2F E1

Force positive int: C#

    private int pInt()
    {
        return 999;
    }

Force positive int: IDA Arm

 MOV             R0, #999
 BX              LR
hex -> E7 03 00 E3 1E FF 2F E1

Force Float: C#

    private float pFloat()
    {
        return 999f;
    }

Force Float: IDA Arm

 MOV             R0, #0x447A
 BX              LR
hex -> 7A 04 04 E3 1E FF 2F E1
// 447A <= 447A0000 Float Hexadecimal
// Convert Int to Float here - https://babbage.cs.qc.cuny.edu/IEEE-754.old/Decimal.html
// Convert Float to Int here - https://babbage.cs.qc.cuny.edu/IEEE-754.old/32bit.html

You CANNOT use hexadecimals longer than 4 character long

Working example => Movt r0, #447A (1000 int)

Not-Working Example => Movt r0, #4479C (999 int)

There is a way to use longer hexadecimal floating points with MOV and I plan on adding it in the future.

Force Int or Float into a field: C#

//float
    private void setFieldF()
    {
        fieldF = 1000F;
    }

    public float fieldF;

//int
    private void setFieldI()
    {
        fieldI = 1000;
    }

    public int fieldI;

Force Int or Float into a field: IDA Arm

Get your field offset from your generated dump.cs from Il2CppDumper by Prefare.

//float field
 MOV             R1, #0x447A
 STR             R1, [R0,#0x10] // replace "0x10" with your field offset inside of dump.cs
 BX              LR
hex -> 7A 14 04 E3 10 10 80 E5 1E FF 2F E1
   
//int field
 MOV             R1, #1000
 STR             R1, [R0,#0x14] // replace "0x14" with your field offset inside of dump.cs
 BX              LR
hex -> FA 1F A0 E3 14 10 80 E5 1E FF 2F E1

Force Return with Parameters: C#

// 1 Parameter
	private string Param1(string one)
    {
        return one;
    }

//2 Parameters
	private int Param2(int one, int two)
    {
        return two;
    }

//3 Parameters
	private int Param2(float one, float two, float three)
    {
        return three;
    }

Force Return with Parameters: IDA Arm

It does not matter if the function is string, int, or float, if the function is the same type as the parameter then it will be the same arm code regardless.

//1 Parameter
 MOV             R0, R1
 BX              LR
hex -> 01 00 A0 E1 1E FF 2F E1
//2 Parameters
 MOV             R0, R2
 BX              LR
hex -> 02 00 A0 E1 1E FF 2F E1
//3 Parameters
 MOV             R0, R3
 BX              LR
hex -> 03 00 A0 E1 1E FF 2F E1
//if the function has more than 3 parameters then reolace the second "R" with said parameter number
Example: 7 Parameters
 MOV             R0, R7
 BX              LR
hex -> 07 00 A0 E1 1E FF 2F E1
Example: 5 Parameters
 MOV             R0, R5
 BX              LR
hex -> 05 00 A0 E1 1E FF 2F E1

Force end an IEnumertor/IEnumerable: C#

    private IEnumerator setYielEnumerator()
    {
        yield break;
    }

    private IEnumerable setYieldEnumerable()
    {
        yield break;
    }

Force end an IEnumertor/IEnumerable: IDA Arm

Using BX LR to end an IEnumertor or IEnumerable is wrong. Go to dump.cs and find the IEnumertor or IEnumerable function

Say for example dump.cs says this

private IEnumerator setYielEnumerator(); // 0xOFFSET

or

private IEnumerable setYieldEnumerable(); // 0xOFFSET

Find the "sealed class" that has the function name in the class name

Example

// Namespace: 
private sealed class <setYielEnumerator>c__Iterator0 : IEnumerator, IDisposable, IEnumerator`1<object> // TypeDefIndex: 1446
{
	// Fields
	internal object $current; // 0x8
	internal bool $disposing; // 0xC
	internal int $PC; // 0x10

	// Methods
	public void .ctor(); // 0xOFFSET
	public bool MoveNext(); // 0xOFFSET
	private object System.Collections.Generic.IEnumerator<object>.get_Current(); // 0xOFFSET
	private object System.Collections.IEnumerator.get_Current(); // 0xOFFSET
	public void Dispose(); // 0xOFFSET
	public void Reset(); // 0xOFFSET
}

// Namespace: 
private sealed class <setYieldEnumerable>c__Iterator1 : IEnumerable, IEnumerable`1<object>, IEnumerator, IDisposable, IEnumerator`1<object> // TypeDefIndex: 1447
{
	// Fields
	internal object $current; // 0x8
	internal bool $disposing; // 0xC
	internal int $PC; // 0x10

	// Methods
	public void .ctor(); // 0xOFFSET
	public bool MoveNext(); // 0xOFFSET
	private object System.Collections.Generic.IEnumerator<object>.get_Current(); // 0xOFFSET
	private object System.Collections.IEnumerator.get_Current(); // 0xOFFSET
	public void Dispose(); // 0xOFFSET
	public void Reset(); // 0xOFFSET
	private IEnumerator System.Collections.IEnumerable.GetEnumerator(); // 0xOFFSET
	private IEnumerator`1<object> System.Collections.Generic.IEnumerable<object>.GetEnumerator(); // 0xOFFSET
}

Go to the offset of MoveNext()

public bool MoveNext(); // 0xOFFSET

And write this in hex editor

 MOV             R1, #0xFFFFFFFF
 STR             R1, [R0,#0x10]
 MOV             R0, #0
 BX              LR
hex -> 00 10 E0 E3 10 10 80 E5 00 00 A0 E3 1E FF 2F E1
//same hex for both IEnumertor and IEnumerable

Credits

@Jbro129 for the tutorial

Prefare for Il2CppDumper

- Kienn, @Valeschi , @Earthiest and @DiDA for Armconverter.com

Updated February 9, 2018 by Jbro129