bynamemodding / bnm-android Goto Github PK
View Code? Open in Web Editor NEWModding il2cpp games by classes, methods, field names on Android.
License: MIT License
bnm-android's People
Contributors
Stargazers
Watchers
Forkers
liner0211 catkings adminxyz666 crackercat xiabei-cy mikuceo bsrbhanwarsingh z422616225 vaginessa c3nb hungtran123456piuy baxmlmm csteam666 feiji77 doctor-yoi requiemde17thdev chizuui 3594547803 qqizai petespencer voidkenny x20888450 devfares liro0206 janit8r nomadwithoutahome dbloow nisemoe 1370026397 shad0wxp arifrios1st trananh1992 stevezhou6 mikacybertronbnm-android's Issues
How to Inflate?
How to do this in BNM?
GetComponent<Class>();
LoadClass PlayerController = LoadClass("", "PlayerController");
LoadClass GO = LoadClass("UnityEngine", "GameObject");
Method<void *> GetComponent = Go.GetMethodByName("GetComponent", 0);
void *componentInstance = GetComponent[instance].call(); //how to inflate PlayerController here?
BNM_NewStaticMethodInit problem
i make new class something like this
struct PlayerData : public BNM::UnityEngine::MonoBehaviour {
BNM_NewClassInit("NewClass", PlayerData, {
return BNM::LoadClass(OBFUSCATES_BNM("UnityEngine"),
OBFUSCATES_BNM("MonoBehaviour"),
OBFUSCATES_BNM("UnityEngine.CoreModule"));
}
);
static bool Move(BNM::Structures::Unity::Vector3 pos){
//do something
return true;
}
BNM_NewStaticMethodInit(BNM::GetType<bool>(), Move, 1, BNM::GetType<BNM::Structures::Unity::Vector3>());
}
in BNM_NewStaticMethodInit(BNM::GetType<bool>(), Move, 1, BNM::GetType<BNM::Structures::Unity::Vector3>());
i got error In template: cannot initialize return object of type 'void *' with an rvalue of type 'bool'
can you help me ? @BNM-Dev
Custom Attribute for custom class
How to add custom attribute in custom class/method ( in c# it's like
[Attribute("any")] void method() {})
Call Static Virtual method
How call from bnm like this
public static Task<TResult> FromResult<TResult>(TResult result) { }
App crash using BNM 1.4
Game tested: Subway Surfers
Crash Log
12-09 17:08:24.860 31517 31517 I crash_dump32: performing dump of process 31449 (target tid = 31449)
12-09 17:08:24.863 31517 31517 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
12-09 17:08:24.863 31517 31517 F DEBUG : Build fingerprint: 'samsung/beyond1qlteue/beyond1q:9/LMY48Z/901230529:user/release-keys'
12-09 17:08:24.863 31517 31517 F DEBUG : Revision: '0'
12-09 17:08:24.863 31517 31517 F DEBUG : ABI: 'x86'
12-09 17:08:24.863 31517 31517 F DEBUG : pid: 31449, tid: 31449, name: iloo.subwaysurf >>> com.kiloo.subwaysurf <<<
12-09 17:08:24.863 31517 31517 F DEBUG : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x4
12-09 17:08:24.863 31517 31517 F DEBUG : Cause: null pointer dereference
12-09 17:08:24.863 31517 31517 F DEBUG : eax c9554040 ebx 80000009 ecx 00000001 edx f2df3494
12-09 17:08:24.863 31517 31517 F DEBUG : edi 00000004 esi e7987580
12-09 17:08:24.863 31517 31517 F DEBUG : ebp ea914760 esp ffd41e90 eip ea2f86a5
12-09 17:08:24.863 31517 31517 F DEBUG :
12-09 17:08:24.863 31517 31517 F DEBUG : backtrace:
12-09 17:08:24.863 31517 31517 F DEBUG : #00 pc 001366a5 /system/vendor/lib/libhoudini.so
12-09 17:08:25.130 1643 1643 E /system/bin/tombstoned: Tombstone written to: /data/tombstones/tombstone_13
12-09 17:08:25.136 1801 31533 W ActivityManager: Force finishing activity com.kiloo.subwaysurf/com.sybogames.chili.multidex.ChiliMultidexSupportActivity
12-09 17:08:25.139 1801 31533 W ActivityManager: Exception thrown during pause
12-09 17:08:25.139 1801 31533 W ActivityManager: android.os.DeadObjectException
12-09 17:08:25.139 1801 31533 W ActivityManager: at android.os.BinderProxy.transactNative(Native Method)
12-09 17:08:25.139 1801 31533 W ActivityManager: at android.os.BinderProxy.transact(Binder.java:1129)
12-09 17:08:25.139 1801 31533 W ActivityManager: at android.app.IApplicationThread$Stub$Proxy.scheduleTransaction(IApplicationThread.java:1777)
12-09 17:08:25.139 1801 31533 W ActivityManager: at android.app.servertransaction.ClientTransaction.schedule(ClientTransaction.java:129)
12-09 17:08:25.139 1801 31533 W ActivityManager: at com.android.server.am.ClientLifecycleManager.scheduleTransaction(ClientLifecycleManager.java:47)
12-09 17:08:25.139 1801 31533 W ActivityManager: at com.android.server.am.ClientLifecycleManager.scheduleTransaction(ClientLifecycleManager.java:69)
12-09 17:08:25.139 1801 31533 W ActivityManager: at com.android.server.am.ActivityStack.startPausingLocked(ActivityStack.java:1463)
12-09 17:08:25.139 1801 31533 W ActivityManager: at com.android.server.am.ActivityStack.finishActivityLocked(ActivityStack.java:3738)
12-09 17:08:25.139 1801 31533 W ActivityManager: at com.android.server.am.ActivityStack.finishActivityLocked(ActivityStack.java:3680)
12-09 17:08:25.139 1801 31533 W ActivityManager: at com.android.server.am.ActivityStack.finishTopCrashedActivityLocked(ActivityStack.java:3563)
12-09 17:08:25.139 1801 31533 W ActivityManager: at com.android.server.am.ActivityStackSupervisor.finishTopCrashedActivitiesLocked(ActivityStackSupervisor.java:2261)
12-09 17:08:25.139 1801 31533 W ActivityManager: at com.android.server.am.AppErrors.handleAppCrashLocked(AppErrors.java:747)
12-09 17:08:25.139 1801 31533 W ActivityManager: at com.android.server.am.AppErrors.makeAppCrashingLocked(AppErrors.java:579)
12-09 17:08:25.139 1801 31533 W ActivityManager: at com.android.server.am.AppErrors.crashApplicationInner(AppErrors.java:447)
12-09 17:08:25.139 1801 31533 W ActivityManager: at com.android.server.am.AppErrors.crashApplication(AppErrors.java:392)
12-09 17:08:25.139 1801 31533 W ActivityManager: at com.android.server.am.ActivityManagerService.handleApplicationCrashInner(ActivityManagerService.java:15468)
12-09 17:08:25.139 1801 31533 W ActivityManager: at com.android.server.am.NativeCrashListener$NativeCrashReporter.run(NativeCrashListener.java:85)
Crash at AmongUs
at TWD and RAID SHADOW LEGENDS it works fine but on AmongUs it just crash I even set the proper settings.
you dont even have to do anything yet to trigger the error.. just include it on cmakelists.txt thats it and it will crash game wont open.
03-25 20:51:24.959 5049 5075 E CRASH : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
03-25 20:51:24.959 5049 5075 E CRASH : Version '2020.3.22f1 (e1a7f79fd887)', Build type 'Release', Scripting Backend 'il2cpp', CPU 'armeabi-v7a'
03-25 20:51:24.959 5049 5075 E CRASH : Build fingerprint: 'samsung/z3qksx/z3qksx:9/PPR1.180720.122/6736742:user/release-keys'
03-25 20:51:24.959 5049 5075 E CRASH : Revision: '0'
03-25 20:51:24.959 5049 5075 E CRASH : ABI: 'arm'
03-25 20:51:24.960 5049 5075 E CRASH : Timestamp: 2023-03-25 20:51:24+0800
03-25 20:51:24.960 5049 5075 E CRASH : pid: 5049, tid: 5075, name: UnityMain >>> com.innersloth.spacemafia <<<
03-25 20:51:24.960 5049 5075 E CRASH : uid: 10082
03-25 20:51:24.960 5049 5075 E CRASH : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x6
03-25 20:51:24.960 5049 5075 E CRASH : Cause: null pointer dereference
03-25 20:51:24.961 5049 5075 E CRASH : r0 00000006 r1 e9001f60 r2 00000003 r3 00000000
03-25 20:51:24.961 5049 5075 E CRASH : r4 e9002f78 r5 00000006 r6 e8ffbfe0 r7 e9001f60
03-25 20:51:24.961 5049 5075 E CRASH : r8 00000006 r9 f2c6ed9c r10 ca1fefa0 r11 ca1fe590
03-25 20:51:24.961 5049 5075 E CRASH : ip 00000002 sp ca1fe560 lr 0796a90c pc 0b7ef894
03-25 20:51:24.961 5049 5075 E CRASH :
03-25 20:51:24.961 5049 5075 E CRASH : backtrace:
03-25 20:51:24.962 5049 5075 E CRASH : #00 pc 0001b894 /system/lib/arm/nb/libc.so (strlen+36) (BuildId: f1478175a6e1d79b85bd0f9edf43ead1)
03-25 20:51:24.962 5049 5075 E CRASH : #01 pc 00696908 /data/app/com.innersloth.spacemafia-QQBDcg3gjTMxFew6UL1vlg==/lib/arm/libil2cpp.so (BuildId: 3d9623f6dd6025e28ffad5e8933cb29b979cbad2)
03-25 20:51:24.962 5049 5075 E CRASH : #02 pc 0067f08c /data/app/com.innersloth.spacemafia-QQBDcg3gjTMxFew6UL1vlg==/lib/arm/libil2cpp.so (BuildId: 3d9623f6dd6025e28ffad5e8933cb29b979cbad2)
03-25 20:51:24.963 5049 5075 E CRASH : #03 pc 00653a5c /data/app/com.innersloth.spacemafia-QQBDcg3gjTMxFew6UL1vlg==/lib/arm/libil2cpp.so (il2cpp_init+32) (BuildId: 3d9623f6dd6025e28ffad5e8933cb29b979cbad2)
03-25 20:51:24.963 5049 5075 E CRASH : #04 pc 002247e1 /data/app/com.innersloth.spacemafia-QQBDcg3gjTMxFew6UL1vlg==/lib/arm/libunity.so (BuildId: 88606acb4b5775557e8641b5e649f467101a6ded)
03-25 20:51:24.964 5049 5075 E CRASH : #05 pc 00270855 /data/app/com.innersloth.spacemafia-QQBDcg3gjTMxFew6UL1vlg==/lib/arm/libunity.so (BuildId: 88606acb4b5775557e8641b5e649f467101a6ded)
03-25 20:51:24.964 5049 5075 E CRASH : #06 pc 00271461 /data/app/com.innersloth.spacemafia-QQBDcg3gjTMxFew6UL1vlg==/lib/arm/libunity.so (BuildId: 88606acb4b5775557e8641b5e649f467101a6ded)
03-25 20:51:24.964 5049 5075 E CRASH : #07 pc 00280ae1 /data/app/com.innersloth.spacemafia-QQBDcg3gjTMxFew6UL1vlg==/lib/arm/libunity.so (BuildId: 88606acb4b5775557e8641b5e649f467101a6ded)
03-25 20:51:24.964 5049 5075 E CRASH : #08 pc 0007e65e /system/lib/arm/nb/libtcb.so
03-25 20:51:25.125 5049 5075 E CRASH : Tombstone written to: /storage/emulated/0/Android/data/com.innersloth.spacemafia/files/tombstone_01
03-25 20:51:25.125 5049 5075 E AndroidRuntime: FATAL EXCEPTION: UnityMain
03-25 20:51:25.125 5049 5075 E AndroidRuntime: Process: com.innersloth.spacemafia, PID: 5049
03-25 20:51:25.125 5049 5075 E AndroidRuntime: java.lang.Error: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
03-25 20:51:25.125 5049 5075 E AndroidRuntime: Version '2020.3.22f1 (e1a7f79fd887)', Build type 'Release', Scripting Backend 'il2cpp', CPU 'armeabi-v7a'
03-25 20:51:25.125 5049 5075 E AndroidRuntime: Build fingerprint: 'samsung/z3qksx/z3qksx:9/PPR1.180720.122/6736742:user/release-keys'
03-25 20:51:25.125 5049 5075 E AndroidRuntime: Revision: '0'
03-25 20:51:25.125 5049 5075 E AndroidRuntime: ABI: 'arm'
03-25 20:51:25.125 5049 5075 E AndroidRuntime: Timestamp: 2023-03-25 20:51:24+0800
03-25 20:51:25.125 5049 5075 E AndroidRuntime: pid: 5049, tid: 5075, name: UnityMain >>> com.innersloth.spacemafia <<<
03-25 20:51:25.125 5049 5075 E AndroidRuntime: uid: 10082
03-25 20:51:25.125 5049 5075 E AndroidRuntime: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x6
03-25 20:51:25.125 5049 5075 E AndroidRuntime: Cause: null pointer dereference
03-25 20:51:25.125 5049 5075 E AndroidRuntime: r0 00000006 r1 e9001f60 r2 00000003 r3 00000000
03-25 20:51:25.125 5049 5075 E AndroidRuntime: r4 e9002f78 r5 00000006 r6 e8ffbfe0 r7 e9001f60
03-25 20:51:25.125 5049 5075 E AndroidRuntime: r8 00000006 r9 f2c6ed9c r10 ca1fefa0 r11 ca1fe590
03-25 20:51:25.125 5049 5075 E AndroidRuntime: ip 00000002 sp ca1fe560 lr 0796a90c pc 0b7ef894
03-25 20:51:25.125 5049 5075 E AndroidRuntime:
03-25 20:51:25.125 5049 5075 E AndroidRuntime: backtrace:
03-25 20:51:25.125 5049 5075 E AndroidRuntime: #00 pc 0001b894 /system/lib/arm/nb/libc.so (strlen+36) (BuildId: f1478175a6e1d79b85bd0f9edf43ead1)
03-25 20:51:25.125 5049 5075 E AndroidRuntime: #01 pc 00696908 /data/app/com.innersloth.spacemafia-QQBDcg3gjTMxFew6UL1vlg==/lib/arm/libil2cpp.so (BuildId: 3d9623f6dd6025e28ffad5e8933cb29b979cbad2)
03-25 20:51:25.125 5049 5075 E AndroidRuntime: #02 pc 0067f08c /data/app/com.innersloth.spacemafia-QQBDcg3gjTMxFew6UL1vlg==/lib/arm/libil2cpp.so (BuildId: 3d9623f6dd6025e28ffad5e8933cb29b979cbad2)
03-25 20:51:25.125 5049 5075 E AndroidRuntime: #03 pc 00653a5c /data/app/com.innersloth.spacemafia-QQBDcg3gjTMxFew6UL1vlg==/lib/arm/libil2cpp.so (il2cpp_init+32) (BuildId: 3d9623f6dd6025e28ffad5e8933cb29b979cbad2)
03-25 20:51:25.125 5049 5075 E AndroidRuntime: #04 pc 002247e1 /data/app/com.innersloth.spacemafia-QQBDcg3gjTMxFew6UL1vlg==/lib/arm/libunity.so (BuildId: 88606acb4b5775557e8641b5e649f467101a6ded)
03-25 20:51:25.125 5049 5075 E AndroidRuntime: #05 pc 00270855 /data/app/com.innersloth.spacemafia-QQBDcg3gjTMxFew6UL1vlg==/lib/arm/libunity.so (BuildId: 88606acb4b5775557e8641b5e649f467101a6ded)
03-25 20:51:25.125 5049 5075 E AndroidRuntime: #06 pc 00271461 /data/app/com.innersloth.spacemafia-QQBDcg3gjTMxFew6UL1vlg==/lib/arm/libunity.so (BuildId: 88606acb4b5775557e8641b5e649f467101a6ded)
03-25 20:51:25.125 5049 5075 E AndroidRuntime: #07 pc 00280ae1 /data/app/com.innersloth.spacemafia-QQBDcg3gjTMxFew6UL1vlg==/lib/arm/libunity.so (BuildId: 88606acb4b5775557e8641b5e649f467101a6ded)
03-25 20:51:25.125 5049 5075 E AndroidRuntime: #08 pc 0007e65e /system/lib/arm/nb/libtcb.so
03-25 20:51:25.125 5049 5075 E AndroidRuntime:
03-25 20:51:25.125 5049 5075 E AndroidRuntime: at libc.strlen(strlen:36)
03-25 20:51:25.125 5049 5075 E AndroidRuntime: at libil2cpp.0x696908(Native Method)
03-25 20:51:25.125 5049 5075 E AndroidRuntime: at libil2cpp.0x67f08c(Native Method)
03-25 20:51:25.125 5049 5075 E AndroidRuntime: at libil2cpp.il2cpp_init(il2cpp_init:32)
03-25 20:51:25.125 5049 5075 E AndroidRuntime: at libunity.0x2247e1(Native Method)
03-25 20:51:25.125 5049 5075 E AndroidRuntime: at libunity.0x270855(Native Method)
03-25 20:51:25.125 5049 5075 E AndroidRuntime: at libunity.0x271461(Native Method)
03-25 20:51:25.125 5049 5075 E AndroidRuntime: at libunity.0x280ae1(Native Method)
03-25 20:51:25.125 5049 5075 E AndroidRuntime: at libtcb.0x7e65e(Native Method)The one version that work for me is the ByNameModding at https://github.com/NepMods/Aide-Imgui/tree/master/app/src/main/jni/ByNameModding.
amongc.mp4
I dont think i will go back again on doing some offset xD after I discover your project xD its so hella easy to use <3 xD
something break on span of that old ByNameModding vs new one. i just dont know what xD also that old one doesnt have BNM::Method which is one of the feature i love sadly.
but it looks like it breaks on PrepareBNM part.. where u hook il2cpp_init
The application crashes when using NewClasses or ModifyClasses on Unity versions below 212 with BNM version 1.2
Game tested using NewClasses or ModifyClasses with BNM version 1.2:
| Game | Unity Version | Result |
|---|---|---|
| Dead Target | 2021.3.9f1 | Working |
| Stick War: Legacy | 2020.3.47f1 | Crash |
| Dead Trigger | 2019.4.38f1 | Crash |
how to fix this sir @BNM-Dev
проблема с инициализацией / troubles with init
игра - Pixel Combats 2
бнм 1.5
версия юнити 2023.1 (последняя)
когда инициализирую бнм через хард байпасс - краш
инициализирую другими способами - не работает ничего или краш
в логи ничего не пишет (или я неправильно пишу команду для фильтрации по тегам)
game - pixel combats 2
bnm ver 1.5
unity ver 2023.1 (last)
when i init bnm by using hard bypass - getting crash or crash
init by other - dont working
dont writing anything to logs (or i misspell the command for filtering by tags)
Request for Action, UnityAction, and UnityEvent support
System.Action
// Token: 0x04000B48 RID: 2888
[Token(Token = "0x4000B48")]
[FieldOffset(Offset = "0x4")]
public Action<float> OnCrystalChange;
void Update(void* instance)
{
auto OnCrystalChange = *(Action<float>**)((uint64_t)instance + 0x4);
if (OnCrystalChange != NULL)
{
OnCrystalChange.Invoke(999999.0f);
}
}
UnityEngine.Events.UnityAction
// Token: 0x04000B48 RID: 2888
[Token(Token = "0x4000B48")]
[FieldOffset(Offset = "0x4")]
public UnityAction<float> OnCrystalChange;
void Update(void* instance)
{
auto OnCrystalChange = *(UnityAction<float>**)((uint64_t)instance + 0x4);
if (OnCrystalChange != NULL)
{
OnCrystalChange.Invoke(999999.0f);
}
}
UnityEngine.Events.UnityEvent
// Token: 0x04000B48 RID: 2888
[Token(Token = "0x4000B48")]
[FieldOffset(Offset = "0x4")]
public UnityEvent<float> OnCrystalChange;
void Update(void* instance)
{
auto OnCrystalChange = *(UnityEvent<float>**)((uint64_t)instance + 0x4);
if (OnCrystalChange != NULL)
{
OnCrystalChange.Invoke(999999.0f);
}
}
With parameter
// Token: 0x0400002F RID: 47
[Token(Token = "0x400002F")]
[FieldOffset(Offset = "0x4")]
public UnityAction<IAPOperationStatus, string, StoreProduct> OnCompleteMethod;
void Update(void* instance)
{
auto OnCompleteMethod = *(UnityAction<int, monoString*, void*>**)((uint64_t)instance + 0x4);
if (OnCompleteMethod != NULL)
{
auto newString = BNM::CreateMonoString("Testing");
auto newClassStore = NULL;
OnCompleteMethod.Invoke(0, newString, newClassStore);
}
}
Создание нового экземпляра класса
Хочу создать экземпляр класса игры, передав свои параметры, как такое сделать?
Any chance to call Java method of hooked game?
Hello. I want to call some Java method of hooking game from BNM. How can i achieve it?
For example:
class = com.game..Util; methodToast = class.showToast; methodToast("MOD by Bruno");
Crash
The last release of bnm crashes without a reason
Question? How to read text from byte array
Hello. I have arg (byte[] value);
How to read this byte array as a utf8 string?
Previously i can do this with frida like this:
Memory.readUtf8String(value.add(0x20), Memory.readInt(value.add(0x18)))
Where 0x18 is "value"'s length.
Can you help me?
I tried but without success look what I did:
Hello, ByNameModding!
I hope you are doing well. I want to take this moment to express my admiration for the work you are doing on BNM. The effort and creativity you've applied are remarkable, and it really makes a difference in the community.
Recently, I tried exploring a bit of BNM. Although I faced some personal challenges in the process, it only reinforced my respect for the complexity and depth of your work.
I want to highlight that, even without mastering it, I am genuinely impressed with what you have accomplished. It's incredible to see how the project is evolving and contributing to our field.
Please continue with this excellent work. You have my full support and admiration. I'm looking forward to seeing the next developments for BNM.
A big hug and all the best to you!
Sincerely,
Evilmu
I tried but without success look what I did:
Class: public sealed class FarmerNameManager : MonoBehaviour, IUserBlobCallbacks2, IUserBlobCallbacksBase
Method: public void CreateFarmerName(string farmerName) { }
#if !BNM_DISABLE_NEW_CLASSES
using namespace BNM::Structures::Mono;
using namespace BNM::Operators;
BNM::LoadClass FarmerNameManagerClass{};
BNM::Method<monoString*> CreateFarmerNameMethod{};
void (*old_CreateFarmerNameA)(BNM::UnityEngine::Object*, monoString*);
void NewCreateFarmerName(BNM::UnityEngine::Object* instance, monoString* originalName) {
monoString* newNameA = BNM::CreateMonoString("BILL GATES");
old_CreateFarmerNameA(instance, newNameA);
}
void OnLoaded() {
using namespace BNM;
FarmerNameManagerClass = LoadClass(OBFUSCATE_BNM("Assembly-CSharp"), OBFUSCATE_BNM("FarmerNameManager"));
CreateFarmerNameMethod = FarmerNameManagerClass.GetMethodByName(OBFUSCATE_BNM("CreateFarmerName"), 1);
InvokeHook(CreateFarmerNameMethod, NewCreateFarmerName, old_CreateFarmerNameA);
}
#endif
case 14: {
BNM::AddOnLoadedEvent(OnLoaded);
break;
}
Thank you for posting BNM, even though I haven't gotten it yet, your work is perfect
Can load BNM Extenally using KittyMemory instead ?
because KittyMemory have findSymbol like that, can i just use that instead ? what must be replace to load BNM Externally ?
Zygisk crashing -> Can not start Zygisk while having ByNameModding included as lib
I am running Magisk 26.1 on a Samsung Galaxy S10+ (SM-g975f).
I've a the ByNameMod in my cmake list Zygisk failed to start. There are no helpfull logs..
add_library(${MODULE_NAME}
SHARED
ByNameModding/BNM.cpp
ImGui/imgui.cpp
ImGui/imgui_draw.cpp
ImGui/imgui_demo.cpp
ImGui/imgui_widgets.cpp
ImGui/imgui_tables.cpp
ImGui/backends/imgui_impl_opengl3.cpp
ImGui/backends/imgui_impl_android.cpp
KittyMemory/KittyArm64.cpp
KittyMemory/KittyMemory.cpp
KittyMemory/KittyScanner.cpp
KittyMemory/KittyUtils.cpp
KittyMemory/MemoryBackup.cpp
KittyMemory/MemoryPatch.cpp
main.cpp
hook.cpp
)my settings
/********** USER AREA **************/
//#define UNITY_VER 171 // 2017.1.x
//#define UNITY_VER 172 // From 2017.2.x to 2017.4.x
//#define UNITY_VER 181 // 2018.1.x
//#define UNITY_VER 182 // 2018.2.x
//#define UNITY_VER 183 // From 2018.3.x to 2018.4.x
//#define UNITY_VER 191 // From 2019.1.x to 2019.2.x
//#define UNITY_VER 193 // 2019.3.x
//#define UNITY_VER 194 // 2019.4.x
//#define UNITY_VER 201 // 2020.1.x
//#define UNITY_VER 202 // From 2020.2.x to 2020.3.19 (They are probably same because BNM don't use things like Il2CppCodeGen)
//#define UNITY_VER 203 // From 2020.3.20 to 2020.3.xx
//#define UNITY_VER 211 // 2021.1.x (You need set UNITY_PATCH_VER to 24 if build 24 and upper)
//#define UNITY_VER 212 // 2021.2.x
#define UNITY_VER 213 // 2021.3.x
//#define UNITY_VER 221 // 2022.1.x
//#define UNITY_VER 222 // 2022.2.x - 2022.3.x
//#define UNITY_VER 231 // 2023.1.x+
#ifndef NDEBUG
//! DEBUG LOGS
#define BNM_DEBUG
//! INFO LOGS
#define BNM_INFO
//! ERROR LOGS
#define BNM_ERROR
//! WARNING LOGS
#define BNM_WARNING
#endif
//! Include your string obfuscator
#define OBFUSCATE_BNM(str) str // const char *
#define OBFUSCATES_BNM(str) std::string(str) // std::string
#define BNMTAG OBFUSCATE_BNM("ByNameModding")
//! DobbyHook
//!!!!!!!! Recommended !!!!!!!!
#include "../Includes/Dobby/dobby.h"
template<typename PTR_T, typename NEW_T, typename OLD_T>
inline void HOOK(PTR_T ptr, NEW_T newMethod, OLD_T&& oldBytes) {
if (((void *)ptr) != nullptr)
DobbyHook((void *)ptr, (void *) newMethod, (void **) &oldBytes);
}
// If you need hide dl calls or use custom dl for external BNM initialization
#define BNM_dlopen dlopen
#define BNM_dlsym dlsym
#define BNM_dlclose dlclose
#define BNM_dladdr dladdr
#include <thread>
#define BNM_thread std::thread
// Disabling BNM automatic loading when your lib loaded
// Define it when you using BNM::HardBypass to speed up loading or when you externally loading BNM
// #define BNM_DISABLE_AUTO_LOAD
#define BNM_DISABLE_NEW_CLASSES 0
// Can make game crashes on arm64
// #define BNM_USE_APPDOMAIN // Use System.AppDomain to find il2cpp::vm::Assembly::GetAllAssemblies
// Enable zero-padding of new il2cpp objects
// #define BNM_IL2CPP_ZERO_PTR
/********** USER AREA **************/
#include <android/log.h>
#ifdef BNM_INFO
#define LOGIBNM(...) ((void)__android_log_print(4, BNMTAG, __VA_ARGS__))
#else
#define LOGIBNM(...) ((void)0)
#endif
#ifdef BNM_DEBUG
#define LOGDBNM(...) ((void)__android_log_print(3, BNMTAG, __VA_ARGS__))
#else
#define LOGDBNM(...) ((void)0)
#endif
#ifdef BNM_ERROR
#define LOGEBNM(...) ((void)__android_log_print(6, BNMTAG, __VA_ARGS__))
#else
#define LOGEBNM(...) ((void)0)
#endif
#ifdef BNM_WARNING
#define LOGWBNM(...) ((void)__android_log_print(5, BNMTAG, __VA_ARGS__))
#else
#define LOGWBNM(...) ((void)0)
#endifIf I just remove the line including the ByNameModding/BNM.cpp it start normaly.
Overloaded Method
how to hook method that have same name and params count but different type ?
// RVA: 0x8BD0E0 Offset: 0x8BD0E0 VA: 0x8BD0E0 Slot: 17
public void TargetMove(float speed, Transform targetTransform, float range, Action endCallBack) { }
// RVA: 0x8BD1E0 Offset: 0x8BD1E0 VA: 0x8BD1E0
public void TargetMove(float speed, Vector3 position, float range, Action endCallBack) { }
Hook libil2cpp.so but game exit
unity version: 2021.3.17f1
log print:
Class: []::[PhotonPlayer] - not found
from source code:
BNM_NewStaticMethodInit(BNM::GetType(), MethodWithGameArgs, 1, BNM::GetType(OBFUSCATE_BNM(""), OBFUSCATE_BNM("PhotonPlayer")));
excuseme, why here GetType is empty string?-------> BNM::GetType(OBFUSCATE_BNM("")
full log:
2023-10-05 14:21:35.712 17568-17615/? E/ByNameModding: BNM_il2cpp_init start domain_name: IL2CPP Root Domain --------------
2023-10-05 14:21:36.371 17568-17615/? D/ByNameModding: [InitIl2cppMethods] il2cpp::vm::Class::Init in lib: 0x19f9f3c
2023-10-05 14:21:36.371 17568-17615/? D/ByNameModding: [InitIl2cppMethods] game has il2cpp_image_get_class. BNM will use it
2023-10-05 14:21:36.371 17568-17615/? E/ByNameModding: add hook 1 func start ------------
2023-10-05 14:21:36.371 17568-17615/? E/ByNameModding: add hook 1 func end ------------
2023-10-05 14:21:36.371 17568-17615/? D/ByNameModding: [InitIl2cppMethods] il2cpp::vm::Class::FromIl2CppType in lib: 0x19f9a14
2023-10-05 14:21:36.371 17568-17615/? E/ByNameModding: add hook 1 func start ------------
2023-10-05 14:21:36.371 17568-17615/? E/ByNameModding: add hook 1 func end ------------
2023-10-05 14:21:36.371 17568-17615/? D/ByNameModding: [InitIl2cppMethods] il2cpp::vm::Type::GetClassOrElementClass в библиотеке: 0x1989f64.
2023-10-05 14:21:36.371 17568-17615/? E/ByNameModding: add hook 1 func start ------------
2023-10-05 14:21:36.371 17568-17615/? E/ByNameModding: add hook 1 func end ------------
2023-10-05 14:21:36.371 17568-17615/? D/ByNameModding: [InitIl2cppMethods] il2cpp::vm::Image::FromName in lib: 0x1986164
2023-10-05 14:21:36.371 17568-17615/? D/ByNameModding: [InitIl2cppMethods] il2cpp::vm::Assembly::GetAllAssemblies by domain in lib: 0x19bd8e0
2023-10-05 14:21:36.961 17568-17615/? E/ByNameModding: We can't normally without hooks set args name, because names moved to metadata
2023-10-05 14:21:37.011 17568-17615/? E/ByNameModding: We can't normally without hooks set args name, because names moved to metadata
2023-10-05 14:21:37.307 17568-17615/? W/ByNameModding: Class: []::[PhotonPlayer] - not found
BNM Crash
Any way to fix bootloop when the game has metadata version -30?
unity version: 2021.3.23f1
Game: Critical Ops
BNM Version: Latest
BNM can't find class
What's the issue here?
`Process com.aldagames.zombieshooter (PID: 16690) ended Process com.aldagames.zombieshooter created for next-top-act ivity {com.aldagames.zombieshooter/com.unity3d.player.UnityPl
ayerActivity} caller=com.mi.android.globallauncher
PID: 30002 UID: GIDs:
ByNameModding D [InitIl2cppMethods] il2cpp::vm::Class::Init in lib: 0x57b274
D [InitIl2cppMethods] game has il2cpp_image_get_class. BNM will
use it
D [InitIl2cppMethods] il2cpp::vm::Assembly::GetAllAssemblies by
domain in lib: 0x57b41c
W Class: [UnityEngine]::[Screen] - not found
W Class: [UnityEngine]::[Input] - not found
W Class: [UnityEngine]::[Component] - not found
W Class: [UnityEngine]::[GameObject] - not found
W Class: [UnityEngine]::[Transform] - not found
W Class: [UnityEngine]::[Camera] - not found
W Class: []::[PhotonNetwork] - not found
W Class: []::[PhotonPlayer] - not found
W Class: []::[PlayerUtils] - not found
W Class: []::[PlayerScript] - not found
Process com.aldagames.zombieshooter (PID: 30002) ended`
Crash but I just add ByNameModding into Android.mk
Question: How to get value of "int" field of another class?
Hello.
I have some fighting Unity game.
And every hit is calling method "void CritChance(void* attribute)"
I need to read field of this attribute and after read another int value from another filed. Before I use frida script and my snippet looks like that:
int player_id = Memory.readInt(Memory.readPointer(attribute.add(0x38)).add(0x8));
Which "add(0x38)" is field of current class.
"add(0x8)" is field of other class called.
How can I achieve it with BNM?
If you need I can show some part of dump of il2cpp.
Thank you.
Hooking question
First of all sorry for noob question but i need help .
namespace Legion.Shared.Battles.Data.Stats
{
public class AbilityStats : StatsBase<AbilityStats>
{
public float HealingRadius
{
get
{
return 0f;
}
}
Imagine this is a game code , and i want to hook HealingRadius or say get_HealingRadius .
How would i do that ? i have tried multiple work arounds like -
auto Player = LoadClass("Legion.Shared.Model","AbilityStats");
HOOK(Player.GetMethodByName("get_Cooldown", 0.0).GetOffset(), get_CD, old_CD);
dll name - Legion.Shared.Model.dll
Help will be thankful .
Loading BNM
How can i load BNM if i already have a base address? I'm internal. And somehow i can't acess BNM_Internal.
ModMenu(LGL) file Android.mk
Thanks, could you show an example with a class
public class ProtoPartnerAnimalBreed : ProtoData // TypeDefIndex: 12771
{
// Fields
[ProtoMemberAttribute] // RVA: 0x3A5218 Offset: 0x3A5218 VA: 0x3A5218
public float OrderScore; // 0x10
add a value to
OrderScore = 10000.0f;
There is an error on 64bit when using NewClasses and ModifyClasses
I tried modding using 64bit
Can't add component 'RectTransform' to TextSubtitle because such a component is already added to the game object!
UnityEngine.GameObject:AddComponent()
TMPro.TextMeshProUGUI:Awake()
[ line 1639933832]
Can't add component 'CanvasRenderer' to TextSubtitle because such a component is already added to the game object!
UnityEngine.GameObject:AddComponent()
TMPro.TextMeshProUGUI:Awake()
[ line 1639933832]
Can't add component 'RectTransform' to Locked because such a component is already added to the game object!
UnityEngine.GameObject:AddComponent()
TMPro.TextMeshProUGUI:Awake()
[ line 1639934200]
Can't add component 'CanvasRenderer' to Locked because such a component is already added to the game object!
UnityEngine.GameObject:AddComponent()
TMPro.TextMeshProUGUI:Awake()
[ line 1639934200]
Can't add component 'RectTransform' to Text (2) because such a component is already added to the game object!
UnityEngine.GameObject:AddComponent()
TMPro.TextMeshProUGUI:Awake()
[ line 1639933832]
Can't add component 'CanvasRenderer' to Text (2) because such a component is already added to the game object!
UnityEngine.GameObject:AddComponent()
TMPro.TextMeshProUGUI:Awake()
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.