hackf5 / unityspy Goto Github PK

Hey,

I have a user who reported an "Access denied" issue with the following stack trace:

Access is denied
at System.Diagnostics.ProcessManager.OpenProcess(Int32 processId, Int32 access, Boolean throwIfExited)
at System.Diagnostics.Process.GetProcessHandle(Int32 access, Boolean throwIfExited)
at System.Diagnostics.Process.OpenProcessHandle(Int32 access)
at System.Diagnostics.Process.get_Handle()
at HackF5.UnitySpy.Util.Native.GetProcessModulePointers(ProcessFacade process)
at HackF5.UnitySpy.AssemblyImageFactory.GetMonoModule(ProcessFacade process)
at HackF5.UnitySpy.AssemblyImageFactory.Create(Int32 processId, String assemblyName)

Running the app in Admin mode solves the issue.

However it's difficult to ask users to run the app as admin. Are you familiar with this? Are you aware of a way to ask for less permissions, so that it might work in more restrictive environments?

Looking at the trace I'm not sure exactly what part is causing the issue. It looks like Native.EnumProcessModulesEx is the only thing that does some actual access here, so it's probably it?

Uploading UnitySpy.dll to https://www.virustotal.com results in some engines flagging the DLL as malware:

I wanted to know what piece of code was raising the flag, so I've started removing some code from the DLL and submitting it to the scan until I had a full green result.

I did two tests, removing the code in a different order:

1. In https://github.com/hackf5/unityspy/tree/investigate_antivurs_scan, I started to remove the Util package, then slowly removed some code from the Detail package. The code present in the branch still fails the 9 antivirus checks.
   However, if I remove any line from ITypeDefinition or IFieldDefinition (and their corresponding implementation), the test is suddenly green, even though the methods do nothing and are never called.

2. In https://github.com/hackf5/unityspy/tree/test2_antivirus I then did it the other way around: start by removing code from the interfaces (and the implementations), then from the classes in Detail. The code present in the branch fails the 9 engines.
   However, if I remove any line from what's left of TypeCode, the result is suddenly full green.
   (maybe worth noting: if I remove one line, and replace it with a random value, it still fails)

In short, I have no clue as to what's going on :/

The game that I'm trying to get state out of stores state on a script mounted on a GameObject.

Is there any way to get this data? There are no static references to that GameObject, and there are no static instances of the state class.

I know that Cheat Engine has functionality to find instances of an object. Could that be implemented here? (I don't know much about Assemblies.)

Hi there,

first of all this is a really crazy and cool project and might help me out a lot as i've been struggeling to get data from the game my current project it about.

So right now i'm trying to get it working but it throws this exception right from the point where i select the process:

Game executable file closed, unity version = 2020.3.31.7034039.
The unity version the process is running (2020.3.31 in 64 bits mode) is not supported.
Offsets of 2020.3.13 selected instead.
System.ArgumentNullException: Value cannot be null. (Parameter 'moduleInfo')
   at HackF5.UnitySpy.ProcessFacade.ProcessFacade.ReadModule(ModuleInfo moduleInfo) in C:\dev\github.com\unityspy\src\HackF5.UnitySpy\ProcessFacade\ProcessFacade.cs:line 164
   at HackF5.UnitySpy.ProcessFacade.UnityProcessFacade.ReadModule(ModuleInfo moduleInfo) in C:\dev\github.com\unityspy\src\HackF5.UnitySpy\ProcessFacade\UnityProcessFacade.cs:line 59
   at HackF5.UnitySpy.AssemblyImageFactory.Create(UnityProcessFacade process, String assemblyName) in C:\dev\github.com\unityspy\src\HackF5.UnitySpy\AssemblyImageFactory.cs:line 35
   at HackF5.UnitySpy.Gui.Avalonia.ViewModel.MainWindowViewModel.BuildImageAsync() in C:\dev\github.com\unityspy\src\HackF5.UnitySpy.Gui.Avalonia\ViewModel\MainWindowViewModel.cs:line 355

I've tried to debug though it and it seems it's trying to find mono-2.0-bdwgc.dll in the game process but that does not exist.

Any help on this is greatly appreciated!

Hey!

I just stumbled upon your article, which is a godsend - I've been looking for something like this for ages, as I was struggling to figure my way inside HearthMirror.
I have yet to test it (on the phone at the moment), but I just wanted to let you know that the Offsets have changed following the latest patch, that uses a new version of Unity.

See https://github.com/HearthSim/HearthMirror/commit/e3d4d5c751817c5e0a3ebaaad81647c1d8cada8f

(also, I think it will be a bit easier to maintain if all the offsets are maintained as constants in their own class, instead as appearing as magic numbers inside the code).

Thanks again!

@frcaton Sorry for the ping, but I need your help here. I don't know how to work on this in a systematic way, and I'm fumbling in the dark.
Would you be available for a paid contracting work to add support for this version, as well as teaching me how to do it next time?