Il2CppInspector icon indicating copy to clipboard operation
Il2CppInspector copied to clipboard

Published 20 hours ago verified publisher icon djkaty

How to get field offsets in il2cpp.h header file?

Open srvasn opened this issue 3 years ago • 3 comments

First of all, thanks a lot for the wonderful project!

I trying to access/modify in memory game structures for an ARM 32 bit game externally (using RPM). I was able to dump all the game structures successfully using IL2CppInspector and noticed that although the C# dump contained field offsets, the il2cpp.h containing the game structures as present in memory did not contain any. Is it possible to get field offsets and padding (if present) in the il2cpp.h file? I have a feeling that it will require playing with the toString() implementation in CppTypes.cs, however, I am unsure of how exactly to progress.

I am looking for output like below.

struct HelicopterTurret
{
	char pad_0x0[0x10]; //0x0
	void* m_CachedPtr; //0x10
	PatrolHelicopterAI* _heliAI; //0x18
	Transform* gun_yaw; //0x20
	Transform* gun_pitch; //0x28
	Transform* muzzleTransform; //0x30
	BaseCombatEntity* _target; //0x38
	float lastBurstTime; //0x40
	float lastFireTime; //0x44
	float lastSeenTargetTime; //0x48
	bool targetVisible; //0x4c
	char pad_0x4d[0x3]; //0x4d
	float fireRate; //0x50
	float burstLength; //0x54
	float timeBetweenBursts; //0x58
	float maxTargetRange; //0x5c
	float loseTargetAfter; //0x60
	bool left; //0x64
};

srvasn avatar May 05 '21 09:05 srvasn

You'd want to select c++ scaffolding instead as that generates files that contains pointers to classes and methods. These are located in the appdata folder eg. appdata/il2cpp-types-ptr.h

OsOmE1 avatar May 05 '21 09:05 OsOmE1

I took a look at appdata/il2cpp-types-ptr.h and I believe it contains a pointer to type definitions and not the classes themselves.

I am looking for particular instances of a class, like for example the player Camera in a game.

appdata/il2cpp-types-ptr.h contains an entry like

DO_TYPEDEF(0x07FE1734, List_1_GameEngine_PlayerCamera_);

How can I use this to find a specific instance of this class? I don't think it is possible, as my approach is completely external. I need to navigate pointer chains and need offsets for that.

Any quick way to add offsets to the il2cpp-types.h file, keeping in mind inheritance and any padding that may be present?

Basically, it's about going from this

struct HelicopterTurret
{
	void* m_CachedPtr;
	PatrolHelicopterAI* _heliAI;
	Transform* gun_yaw;
}

To this

struct HelicopterTurret
{
	char pad_0x0[0x10]; //0x0
	void* m_CachedPtr; //0x10
	PatrolHelicopterAI* _heliAI; //0x18
	Transform* gun_yaw; //0x20
}

srvasn avatar May 05 '21 09:05 srvasn

I'm personally not really experienced with external trainers but what you could do is look at il2cpp-method-ptr.h and get method pointers and then use those methods to either hook MonoBehaviour::Update/FixedUpdate loops or get GameObjects/Components.

OsOmE1 avatar May 06 '21 11:05 OsOmE1