Загрузка...

Field offset hook

Thread in Reversing / Assembler created by Denzyve Feb 16, 2026. (bumped Feb 19, 2026) 155 views

Denzyve Topic starter Feb 16, 2026 9 Apr 26, 2020

Делаю lgl "чит меню". Нужна помощь с изменением СТАТИЧЕСКОГО поля в статическом классе. Методов Start, Awake, Update и тому подобных нет. Пробовал достать оффсет класса через script.json из il2cpp dumper, перевел в hex и все равно краш из за ошибки доступа к памяти или чёт того. Нужна большая Ваша помощь. Пишите в тг, буду очень благодарен.

P.S: Unity, IL2CPP

public static class App
{
// Fields
...
public static Boolean is_debug; // 0x18
...
}

Feb 16, 2026 Edited
Denzyve Topic starter Feb 20, 2026 9 Apr 26, 2020

ChatGPT что думаешь?

Feb 20, 2026
1. View previous comments (4)
2. ChatGPT
  Denzyve
  
  Окей, давай сделаем компактный «универсальный» хелпер под IL2CPP: инициализация, поиск image/класса/поля/метода, работа со статикой и с инстансами, плюс примеры вызова нестатических методов. Код платформо-агностичный по идее, но для Unix/Android использую dlopen/dlsym. На Windows меняешь
  
  Loading...
  
  libil2cpp.so
  
  → GameAssembly.dll и dlsym → GetProcAddress.
  
  #include <dlfcn.h>
  #include <stdint.h>
  #include <string.h>
  
  // Упрощённые алиасы типов (без структур)
  typedef void Il2CppDomain;
  typedef void Il2CppAssembly;
  typedef void Il2CppImage;
  typedef void Il2CppClass;
  typedef void FieldInfo;
  typedef void MethodInfo;
  typedef void Il2CppObject;
  typedef void Il2CppString;
  
  // Указатели на API
  static Il2CppDomain* (*il2cpp_domain_get)();
  static void (*il2cpp_thread_attach)(Il2CppDomain*);
  static Il2CppAssembly* (*il2cpp_domain_assembly_open)(Il2CppDomain*, const char*);
  static Il2CppImage* (*il2cpp_assembly_get_image)(Il2CppAssembly*);
  static Il2CppClass* (*il2cpp_class_from_name)(Il2CppImage*, const char*, const char*);
  static FieldInfo* (*il2cpp_class_get_field_from_name)(Il2CppClass*, const char*);
  static void (*il2cpp_field_static_set_value)(FieldInfo*, void*);
  static void (*il2cpp_field_static_get_value)(FieldInfo*, void*);
  static void (*il2cpp_field_set_value)(Il2CppObject*, FieldInfo*, void*);
  static void (*il2cpp_field_get_value)(Il2CppObject*, FieldInfo*, void*);
  static MethodInfo* (*il2cpp_class_get_method_from_name)(Il2CppClass*, const char*, int);
  static Il2CppObject* (*il2cpp_runtime_invoke)(MethodInfo*, void*, void** /*args*/, Il2CppObject** /*exc*/);
  static Il2CppObject* (*il2cpp_object_new)(Il2CppClass*);
  static Il2CppString* (*il2cpp_string_new)(const char*);
  
  // Инициализация и attach потока
  static bool Il2cppInit() {
  void* h = dlopen("libil2cpp.so", RTLD_NOW); // Windows: "GameAssembly.dll" и т.д.
  if (!h) return false;
  
  #define RESOLVE(sym) sym = (decltype(sym))dlsym(h, #sym); if(!(sym)) return false;
  RESOLVE(il2cpp_domain_get)
  RESOLVE(il2cpp_thread_attach)
  RESOLVE(il2cpp_domain_assembly_open)
  RESOLVE(il2cpp_assembly_get_image)
  RESOLVE(il2cpp_class_from_name)
  RESOLVE(il2cpp_class_get_field_from_name)
  RESOLVE(il2cpp_field_static_set_value)
  RESOLVE(il2cpp_field_static_get_value)
  RESOLVE(il2cpp_field_set_value)
  RESOLVE(il2cpp_field_get_value)
  RESOLVE(il2cpp_class_get_method_from_name)
  RESOLVE(il2cpp_runtime_invoke)
  RESOLVE(il2cpp_object_new)
  RESOLVE(il2cpp_string_new)
  #undef RESOLVE
  return true;
  }
  
  static void AttachThread() {
  Il2CppDomain* dom = il2cpp_domain_get();
  il2cpp_thread_attach(dom);
  }
  
  // Утилиты-помощники
  static Il2CppImage* GetImage(const char* assemblyName /*например "Assembly-CSharp"*/) {
  Il2CppDomain* dom = il2cpp_domain_get();
  Il2CppAssembly* a = il2cpp_domain_assembly_open(dom, assemblyName);
  if (!a) return nullptr;
  return il2cpp_assembly_get_image(a);
  }
  
  static Il2CppClass* GetClass(Il2CppImage* img, const char* nameSpace, const char* className) {
  return il2cpp_class_from_name(img, nameSpace, className);
  }
  
  static FieldInfo* GetField(Il2CppClass* klass, const char* fieldName) {
  return il2cpp_class_get_field_from_name(klass, fieldName);
  }
  
  static MethodInfo* GetMethod(Il2CppClass* klass, const char* methodName, int paramCount) {
  return il2cpp_class_get_method_from_name(klass, methodName, paramCount);
  }
  
  // Работа со статическими полями
  static bool SetStaticBool(FieldInfo* f, bool v) {
  if (!f) return false;
  uint8_t b = v ? 1 : 0; // bool = 1 байт
  il2cpp_field_static_set_value(f, &b);
  return true;
  }
  
  static bool GetStaticBool
  
  Code
  
  #include <dlfcn.h> #include <stdint.h> #include <string.h> // Упрощённые алиасы типов (без структур) typedef void Il2CppDomain; typedef void Il2CppAssembly; typedef void Il2CppImage; typedef void Il2CppClass; typedef void FieldInfo; typedef void MethodInfo; typedef void Il2CppObject; typedef void Il2CppString; // Указатели на API static Il2CppDomain* (*il2cpp_domain_get)(); static void (*il2cpp_thread_attach)(Il2CppDomain*); static Il2CppAssembly* (*il2cpp_domain_assembly_open)(Il2CppDomain*, const char*); static Il2CppImage* (*il2cpp_assembly_get_image)(Il2CppAssembly*); static Il2CppClass* (*il2cpp_class_from_name)(Il2CppImage*, const char*, const char*); static FieldInfo* (*il2cpp_class_get_field_from_name)(Il2CppClass*, const char*); static void (*il2cpp_field_static_set_value)(FieldInfo*, void*); static void (*il2cpp_field_static_get_value)(FieldInfo*, void*); static void (*il2cpp_field_set_value)(Il2CppObject*, FieldInfo*, void*); static void (*il2cpp_field_get_value)(Il2CppObject*, FieldInfo*, void*); static MethodInfo* (*il2cpp_class_get_method_from_name)(Il2CppClass*, const char*, int); static Il2CppObject* (*il2cpp_runtime_invoke)(MethodInfo*, void*, void** /*args*/, Il2CppObject** /*exc*/); static Il2CppObject* (*il2cpp_object_new)(Il2CppClass*); static Il2CppString* (*il2cpp_string_new)(const char*); // Инициализация и attach потока static bool Il2cppInit() { void* h = dlopen("libil2cpp.so", RTLD_NOW); // Windows: "GameAssembly.dll" и т.д. if (!h) return false; #define RESOLVE(sym) sym = (decltype(sym))dlsym(h, #sym); if(!(sym)) return false; RESOLVE(il2cpp_domain_get) RESOLVE(il2cpp_thread_attach) RESOLVE(il2cpp_domain_assembly_open) RESOLVE(il2cpp_assembly_get_image) RESOLVE(il2cpp_class_from_name) RESOLVE(il2cpp_class_get_field_from_name) RESOLVE(il2cpp_field_static_set_value) RESOLVE(il2cpp_field_static_get_value) RESOLVE(il2cpp_field_set_value) RESOLVE(il2cpp_field_get_value) RESOLVE(il2cpp_class_get_method_from_name) RESOLVE(il2cpp_runtime_invoke) RESOLVE(il2cpp_object_new) RESOLVE(il2cpp_string_new) #undef RESOLVE return true; } static void AttachThread() { Il2CppDomain* dom = il2cpp_domain_get(); il2cpp_thread_attach(dom); } // Утилиты-помощники static Il2CppImage* GetImage(const char* assemblyName /*например "Assembly-CSharp"*/) { Il2CppDomain* dom = il2cpp_domain_get(); Il2CppAssembly* a = il2cpp_domain_assembly_open(dom, assemblyName); if (!a) return nullptr; return il2cpp_assembly_get_image(a); } static Il2CppClass* GetClass(Il2CppImage* img, const char* nameSpace, const char* className) { return il2cpp_class_from_name(img, nameSpace, className); } static FieldInfo* GetField(Il2CppClass* klass, const char* fieldName) { return il2cpp_class_get_field_from_name(klass, fieldName); } static MethodInfo* GetMethod(Il2CppClass* klass, const char* methodName, int paramCount) { return il2cpp_class_get_method_from_name(klass, methodName, paramCount); } // Работа со статическими полями static bool SetStaticBool(FieldInfo* f, bool v) { if (!f) return false; uint8_t b = v ? 1 : 0; // bool = 1 байт il2cpp_field_static_set_value(f, &b); return true; } static bool GetStaticBool
  Feb 20, 2026
3. Denzyve Topic starter
  
  ChatGPT, братан, ты не дописал
  
  Feb 20, 2026
4. ChatGPT
  Denzyve
  
  Ловлю, докидываю полный хелпер + примеры работы со статикой и инстансами. Всё через публичный IL2CPP API, без ручных оффсетов.
  
  #include <dlfcn.h>
  #include <stdint.h>
  #include <string.h>
  
  // Упрощённые алиасы типов
  typedef void Il2CppDomain;
  typedef void Il2CppAssembly;
  typedef void Il2CppImage;
  typedef void Il2CppClass;
  typedef void FieldInfo;
  typedef void MethodInfo;
  typedef void Il2CppObject;
  typedef void Il2CppString;
  
  // ======================
  // API pointers
  // ======================
  static Il2CppDomain* (*il2cpp_domain_get)();
  static void (*il2cpp_thread_attach)(Il2CppDomain*);
  static Il2CppAssembly* (*il2cpp_domain_assembly_open)(Il2CppDomain*, const char*);
  static Il2CppImage* (*il2cpp_assembly_get_image)(Il2CppAssembly*);
  static Il2CppClass* (*il2cpp_class_from_name)(Il2CppImage*, const char*, const char*);
  static FieldInfo* (*il2cpp_class_get_field_from_name)(Il2CppClass*, const char*);
  static void (*il2cpp_field_static_set_value)(FieldInfo*, void*);
  static void (*il2cpp_field_static_get_value)(FieldInfo*, void*);
  static void (*il2cpp_field_set_value)(Il2CppObject*, FieldInfo*, void*);
  static void (*il2cpp_field_get_value)(Il2CppObject*, FieldInfo*, void*);
  static MethodInfo* (*il2cpp_class_get_method_from_name)(Il2CppClass*, const char*, int);
  static Il2CppObject* (*il2cpp_runtime_invoke)(MethodInfo*, void*, void** /*args*/, Il2CppObject** /*exc*/);
  static Il2CppObject* (*il2cpp_object_new)(Il2CppClass*);
  static Il2CppString* (*il2cpp_string_new)(const char*);
  
  // ======================
  // Init + threading
  // ======================
  static bool Il2cppInit() {
  // Windows: "GameAssembly.dll" + GetProcAddress
  void* h = dlopen("libil2cpp.so", RTLD_NOW);
  if (!h) return false;
  
  #define RESOLVE(sym) sym = (decltype(sym))dlsym(h, #sym); if(!(sym)) return false;
  RESOLVE(il2cpp_domain_get)
  RESOLVE(il2cpp_thread_attach)
  RESOLVE(il2cpp_domain_assembly_open)
  RESOLVE(il2cpp_assembly_get_image)
  RESOLVE(il2cpp_class_from_name)
  RESOLVE(il2cpp_class_get_field_from_name)
  RESOLVE(il2cpp_field_static_set_value)
  RESOLVE(il2cpp_field_static_get_value)
  RESOLVE(il2cpp_field_set_value)
  RESOLVE(il2cpp_field_get_value)
  RESOLVE(il2cpp_class_get_method_from_name)
  RESOLVE(il2cpp_runtime_invoke)
  RESOLVE(il2cpp_object_new)
  RESOLVE(il2cpp_string_new)
  #undef RESOLVE
  return true;
  }
  
  static void AttachThread() {
  Il2CppDomain* dom = il2cpp_domain_get();
  il2cpp_thread_attach(dom);
  }
  
  // ======================
  // Helpers: lookup
  // ======================
  static Il2CppImage* GetImage(const char* assemblyName /*"Assembly-CSharp" и т.п.*/) {
  Il2CppDomain* dom = il2cpp_domain_get();
  Il2CppAssembly* a = il2cpp_domain_assembly_open(dom, assemblyName);
  if (!a) return nullptr;
  return il2cpp_assembly_get_image(a);
  }
  
  static Il2CppClass* GetClass(Il2CppImage* img, const char* nameSpace, const char* className) {
  return il2cpp_class_from_name(img, nameSpace, className);
  }
  
  static FieldInfo* GetField(Il2CppClass* klass, const char* fieldName) {
  return il2cpp_class_get_field_from_name(klass, fieldName);
  }
  
  static MethodInfo* GetMethod(Il2CppClass* klass, const char* methodName, int paramCount) {
  return il2cpp_class_get_method_from_name(klass, methodName, paramCount);
  }
  
  // ======================
  // Helpers: strings/objects
  // ======================
  static Il2CppString* NewString(const char* utf8) {
  return il2cpp_string_new(utf8);
  }
  
  static Il2CppObject* NewObjectRaw(Il2CppClass* klass) {
  return il2cpp_object_new(klass);
  }
  
  // ======================
  // Static fields
  // ======================
  static bool SetStaticBool(FieldInfo* f, bool v) {
  if (!f) r
  
  Code
  
  #include <dlfcn.h> #include <stdint.h> #include <string.h> // Упрощённые алиасы типов typedef void Il2CppDomain; typedef void Il2CppAssembly; typedef void Il2CppImage; typedef void Il2CppClass; typedef void FieldInfo; typedef void MethodInfo; typedef void Il2CppObject; typedef void Il2CppString; // ====================== // API pointers // ====================== static Il2CppDomain* (*il2cpp_domain_get)(); static void (*il2cpp_thread_attach)(Il2CppDomain*); static Il2CppAssembly* (*il2cpp_domain_assembly_open)(Il2CppDomain*, const char*); static Il2CppImage* (*il2cpp_assembly_get_image)(Il2CppAssembly*); static Il2CppClass* (*il2cpp_class_from_name)(Il2CppImage*, const char*, const char*); static FieldInfo* (*il2cpp_class_get_field_from_name)(Il2CppClass*, const char*); static void (*il2cpp_field_static_set_value)(FieldInfo*, void*); static void (*il2cpp_field_static_get_value)(FieldInfo*, void*); static void (*il2cpp_field_set_value)(Il2CppObject*, FieldInfo*, void*); static void (*il2cpp_field_get_value)(Il2CppObject*, FieldInfo*, void*); static MethodInfo* (*il2cpp_class_get_method_from_name)(Il2CppClass*, const char*, int); static Il2CppObject* (*il2cpp_runtime_invoke)(MethodInfo*, void*, void** /*args*/, Il2CppObject** /*exc*/); static Il2CppObject* (*il2cpp_object_new)(Il2CppClass*); static Il2CppString* (*il2cpp_string_new)(const char*); // ====================== // Init + threading // ====================== static bool Il2cppInit() { // Windows: "GameAssembly.dll" + GetProcAddress void* h = dlopen("libil2cpp.so", RTLD_NOW); if (!h) return false; #define RESOLVE(sym) sym = (decltype(sym))dlsym(h, #sym); if(!(sym)) return false; RESOLVE(il2cpp_domain_get) RESOLVE(il2cpp_thread_attach) RESOLVE(il2cpp_domain_assembly_open) RESOLVE(il2cpp_assembly_get_image) RESOLVE(il2cpp_class_from_name) RESOLVE(il2cpp_class_get_field_from_name) RESOLVE(il2cpp_field_static_set_value) RESOLVE(il2cpp_field_static_get_value) RESOLVE(il2cpp_field_set_value) RESOLVE(il2cpp_field_get_value) RESOLVE(il2cpp_class_get_method_from_name) RESOLVE(il2cpp_runtime_invoke) RESOLVE(il2cpp_object_new) RESOLVE(il2cpp_string_new) #undef RESOLVE return true; } static void AttachThread() { Il2CppDomain* dom = il2cpp_domain_get(); il2cpp_thread_attach(dom); } // ====================== // Helpers: lookup // ====================== static Il2CppImage* GetImage(const char* assemblyName /*"Assembly-CSharp" и т.п.*/) { Il2CppDomain* dom = il2cpp_domain_get(); Il2CppAssembly* a = il2cpp_domain_assembly_open(dom, assemblyName); if (!a) return nullptr; return il2cpp_assembly_get_image(a); } static Il2CppClass* GetClass(Il2CppImage* img, const char* nameSpace, const char* className) { return il2cpp_class_from_name(img, nameSpace, className); } static FieldInfo* GetField(Il2CppClass* klass, const char* fieldName) { return il2cpp_class_get_field_from_name(klass, fieldName); } static MethodInfo* GetMethod(Il2CppClass* klass, const char* methodName, int paramCount) { return il2cpp_class_get_method_from_name(klass, methodName, paramCount); } // ====================== // Helpers: strings/objects // ====================== static Il2CppString* NewString(const char* utf8) { return il2cpp_string_new(utf8); } static Il2CppObject* NewObjectRaw(Il2CppClass* klass) { return il2cpp_object_new(klass); } // ====================== // Static fields // ====================== static bool SetStaticBool(FieldInfo* f, bool v) { if (!f) r
  Feb 20, 2026

You must log in or sign up to reply here.

How to decrypt a cryptor collected via C?

What is the best way to protect .exe?

Unload classes from lo

Im looking for someone who understands Disassembler

Field offset hook

How to grunt python software standing on pyarmor

Bypass python license

Themida 3.x

Virtualization as a method of code protection

Goddess Primal Chaos (IL2CPP) I will pay generously

I will check your software and not only for security and vulnerabilities

Reverse Snapchat API

How to bypass license verification?

Cracking, troubles with .dll injection

How to view unity game traffic on PC?

Need reverse engineering of 8051 firmware

Search for like -minded people?

Disassembly of the transcript of PAK files Unreal Engine, getting the AES keys.

How to read memory

How to reverse .so if the metadata is not suitable?

Current features for brawlhalla?

Will this greatly interfere with working with burp suite on windows instead of linux?

I can not fully understand the work of bypassing anti -read in a simple game

What is more powerful and convenient in general Ghidra or IDA Pro?

Steamloopback - Requests are not sniff

The problem with the Cheat Engine in search of signatures

How to enter the reverse from 0

Minecraft decompilation

Reversion Engineering Remote Protection

What will be easier to do?

Field offset hook

Loading...