GithubHelp home page GithubHelp logo

Comments (7)

axhlzy avatar axhlzy commented on May 28, 2024

使用b (methodinfo)解析出来的 byte[] 会带出 byte所属 class 指针( 或者是使用 findClass()去找到cls),再用m(class) 可以查看该class下面的方法,最后用callFunction(functionPtr,args....) 去调用拿值
至于byte具体要怎么改 你可以用 hexdumpA(mptr) 去读内存,Memory.writeByteArray 去写内存

from il2cpphookscripts.

xavieryang007 avatar xavieryang007 commented on May 28, 2024

我试试 多谢

from il2cpphookscripts.

xavieryang007 avatar xavieryang007 commented on May 28, 2024

我测试了上述方法,不过觉得这样查询一个值需要嵌套太多次查询。

struct System_Byte_array {
	Il2CppObject obj;
	Il2CppArrayBounds *bounds;
	il2cpp_array_size_t max_length;
	uint8_t m_Items[65535];
};

struct Il2CppClass;

struct Il2CppObject
{
    Il2CppClass *klass; 
    void *monitor; 
};

typedef uintptr_t il2cpp_array_size_t;
typedef int32_t il2cpp_array_lower_bound_t;
struct Il2CppArrayBounds
{
    il2cpp_array_size_t length; 
    il2cpp_array_lower_bound_t lower_bound; 
};

可以看到byte[] 对应结构体System_Byte_array ,那么byte的长度为max_length,数据存放在m_Items当中,

当我获取到参数byte[],那么该地址我偏移一定地址之后不就应该获取到max_length么,这里有些不懂,因为获取到的是类的地址,和这个结构体如何关联

from il2cpphookscripts.

xavieryang007 avatar xavieryang007 commented on May 28, 2024 
struct Il2CppClass;

struct Il2CppObject
{
    Il2CppClass *klass; 1
    void *monitor; 4
};

typedef uintptr_t il2cpp_array_size_t;
typedef int32_t il2cpp_array_lower_bound_t;
struct Il2CppArrayBounds
{
    il2cpp_array_size_t length; 4
    il2cpp_array_lower_bound_t lower_bound; 2
};

如果我偏移11个字节,获取到的仍然不是max_length,这块比较迷糊

from il2cpphookscripts.

xavieryang007 avatar xavieryang007 commented on May 28, 2024

通过IDA发现,byte[]的长度是基址偏移24

from il2cpphookscripts.

axhlzy avatar axhlzy commented on May 28, 2024

通过IDA发现,byte[]的长度是基址偏移24

那意思是 64位 你把它当成32位再看?

from il2cpphookscripts.

HimekoEx avatar HimekoEx commented on May 28, 2024

数组([])类型就是Il2cppArray,直接拿来用就行了

话说你这个脚本写的好杂啊...看不懂@axhlzy

from il2cpphookscripts.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.