how to hook void offsets? gg script full tutorial

[Rxhacker]

  

For hooking void you need to call the void method by modifying another method to call it. This might be confusing for new gg users so i created an script template which allows you to hook void in gg with parameters (basic data types). With inbuild switch off code and ability to choose how many times you want to call the void method. These are the steps to use the template : 
1. Download this code which i like to call method patching library , then paste it at the very top of your script

2. Now copy code for voidHook and then paste this anywhere, you can paste this in your script menu or how you would like to make your cheat active

3. Find the offset from dump.cs file or anywhere, and use those offsets to apply patches

 

Below you can see an example of usage of this code : 

    -- RVA: 0x1000 Offset: 0x1000
    -- public static void Update() { }

    -- RVA: 0x2000 Offset: 0x2000
    -- public void AddHealth(float health) { }

    HackersHouse.voidHook({
        { ['libName'] = "libil2cpp",
          ['targetOffset'] = 0x1000,
          ['destinationOffset'] = 0x2000,
          ['parameters'] ={ { "float", 999999} }, 
          ['repeat'] = 1,
          ['libIndex'] = 'auto'
        }
    })

    HackersHouse.voidHookOff({
        { ['libName'] = "libil2cpp",
          ['targetOffset'] = 0x1000,
          ['destinationOffset'] = 0x2000,
        }
    })

This probably has some bugs you can either report in the comments or you can come to telegram.
 

 

[MC874]

Hi @Rxhacker, this is great. Since 'hooking' is being mentioned, is there a chance to add feature such as: method linking, update() hooking, etc?

[Michael1541]

This is an awesome script and I have had fun playing around with it. In the future do you plan on adding support for strings for the parameters?

[Rxhacker]

Yes , string will be added in new version

 

[moh4mmed]

Not working for x64bit

[bs6489570]

Can I do this process without script?? I want to learn the genuine process. 

I tried using "Go to =>"

Then "Xa" 

Then "libil2cpp.so" 

after saving th adress i used offset calculator to go to the offset adress.  then changed value.  but it did't work

[Rxhacker]

19 hours ago, bs6489570 said:

Can I do this process without script?? I want to learn the genuine process. 

I tried using "Go to =>"

Then "Xa" 

Then "libil2cpp.so" 

after saving th adress i used offset calculator to go to the offset adress.  then changed value.  but it did't work

When you choose "Xa" and clicked on "il2ccpp" there might me multiple items in that have "il2cpp" in it, try selecting another option and then change the value. Also sometimes the code is in "Ca" or "Cb or Cd" i forgot, but sometimes it is in another range , so insted of xa choose someting else and edit 

Edited January 22 by Rxhacker

[bs6489570]

4 hours ago, Rxhacker said:

When you choose "Xa" and clicked on "il2ccpp" there might me multiple items in that have "il2cpp" in it, try selecting another option and then change the value. Also sometimes the code is in "Ca" or "Cb or Cd" i forgot, but sometimes it is in another range , so insted of xa choose someting else and

Are you asking to Do something like this :

Screen Record

 

Can you kindly record a shrt video how you do it for void offset which have float or other type value (except the bool functions)

Edited January 22 by bs6489570
correction

[Rxhacker]

15 hours ago, bs6489570 said:

Are you asking to Do something like this :

Screen Record

 

Can you kindly record a shrt video how you do it for void offset which have float or other type value (except the bool functions)

 

The void hooking i did in this post requires writing a small arm assembly program to work, so manually doing it is not the best approach and isn't practical.  And yes i saw your video, you got it right, the first "il2cpp" is not always right for applying the offset, 

The "HEX" code from the ida applied offset and il2ccp applied offset sould be same, sometimes the second, third or fourth il2cpp is the right choice, 


Also you can try editing arm code with random value, if the game crash then you applied offset at right place, if you changed but game didnt crash then you applied offset at wrong place. 

The void hook function used in this post is defined here https://hackershouse.tech/method-patching-library-game-guardian/void-hooking , 

It works this way : 
1. Add arm instruction to jump to new address
2. Change the registers value (registers contain info about the parameters passed into a function)
3. Call another function 
4. Retail the original register values of original function calls
5. Refill the overwritten arm code so game dont crash
6. Return to the appropirate addresss 

[bs6489570]

@Rxhacker Suppose for the Void Function Offset, I some how disabled or by passed condition or change a value by editing arm instructiona.  

 

No next what I have to change in "Update" offset???  May I disable it??  Or need any kind of bypass or give a instruction to Jump to the void offset using B command? 

 

I need a another suggestion : For IDA pro latest version I am unable to live analysis either the function is called or not.  

At present I can just disassamble the libil2cpp and check them graph view or pseudocode to read what conditions are applied.  Is this enough for analysis the game?

or I go for live debuggung to see what function is calling and not. IDA is not setting up in my pc. IDA Old version also not available.  What software can be used alternatively all what software you use to analyse?