D:\android-ndk-r16b\ndk-build

NDK_PROJECT_PATH=\

NDK_APPLICATION_MK=\jni\Application.mk

LOCAL_PATH := $(call my-dir)

MAIN_LOCAL_PATH := $(call my-dir)

include $(CLEAR_VARS)

LOCAL_MODULE := wolve

LOCAL_CFLAGS := -Wno-error=format-security -fpermissive

LOCAL_CFLAGS += -fno-rtti -fno-exceptions

LOCAL_C_INCLUDES += $(MAIN_LOCAL_PATH)

LOCAL_SRC_FILES := main.cpp

LOCAL_LDLIBS := -llog

include $(BUILD_SHARED_LIBRARY)

APP_ABI := armeabi-v7a x86

APP_OPTIM := release

APP_PLATFORM := android-27

APP_STL := system

APP_STL := gnustl_static

APP_THIN_ARCHIVE := true

APP_PIE:= true

ifneq ($(APP_OPTIM), debug)

$(info APP_OPTIM is $(APP_OPTIM) ...)

APP_LDFLAGS += -Wl,--strip-all

APP_CFLAGS += -fvisibility=hidden -fvisibility-inlines-hidden

APP_CFLAGS += -g0 -O3 -fomit-frame-pointer -ffunction-sections -fdata-sections

#ifndef IL2CPP_H

#define IL2CPP_H

typedef void Il2CppDomain;

typedef void Il2CppImage;

#define PUBLIC_KEY_BYTE_LENGTH 8

struct Il2CppAssemblyName

{

const char* name;

const char* culture;

const char* hash_value;

const char* public_key;

uint32_t hash_alg;

int32_t hash_len;

uint32_t flags;

int32_t major;

int32_t minor;

int32_t build;

int32_t revision;

uint8_t public_key_token[PUBLIC_KEY_BYTE_LENGTH];

};

struct Il2CppAssembly

{

Il2CppImage* image;

uint32_t token;

int32_t referencedAssemblyStart;

int32_t referencedAssemblyCount;

Il2CppAssemblyName aname;

};

typedef void Il2CppDomain;

typedef void Il2CppClass;

struct MethodInfo {

void* methodPointer;

};

typedef Il2CppDomain* (*il2cpp_domain_get_)();

typedef const Il2CppAssembly** (*il2cpp_domain_get_assemblies_) (const Il2CppDomain * domain, unsigned long * size);

typedef const Il2CppImage* (*il2cpp_assembly_get_image_) (const Il2CppAssembly * assembly);

typedef Il2CppClass* (*il2cpp_class_from_name_) (const Il2CppImage * image, const char* namespaze, const char *name);

typedef const MethodInfo* (*il2cpp_class_get_method_from_name_) (Il2CppClass * klass, const char* name, int argsCount);

#ifndef LOGGER_H

#define LOGGER_H

#include <android/log.h>

enum daLogType {

daDEBUG = 3,

daERROR = 6,

daINFO = 4,

daWARN = 5

};

#define TAG "il2cppHacking"

#define LOGD(...) ((void)__android_log_print(daDEBUG, TAG, __VA_ARGS__))

#define LOGE(...) ((void)__android_log_print(daERROR, TAG, __VA_ARGS__))

#define LOGI(...) ((void)__android_log_print(daINFO, TAG, __VA_ARGS__))

#define LOGW(...) ((void)__android_log_print(daWARN, TAG, __VA_ARGS__))

#endif //LOGGER_H

#ifndef UTILS_H

#define UTILS_H

#include <jni.h>

#include <unistd.h>

typedef unsigned long DWORD;

static DWORD libBase;

static void* il2cpp_handle = NULL;

DWORD findLibrary(const char *library) {

FILE *fp;

unsigned long addr = 0;

char *pch;

char filename[32];

char buffer[1024];

snprintf(filename, sizeof(filename), "/proc/self/maps");

fp = fopen(filename, "r");

if (fp != NULL) {

while( fgets( buffer, sizeof(buffer), fp ) ) {

if( strstr( buffer, library ) ){

addr = (DWORD)strtoul( buffer, NULL, 16 );

if (addr == 0x8000)

addr = 0;

break;

}

}

fclose(fp);

}

return addr;

}

DWORD getAbsoluteAddress(const char* libraryName, DWORD relativeAddr) {

if(libBase == 0)

libBase = findLibrary(libraryName);

if (libBase != 0)

return (reinterpret_cast<DWORD>(libBase + relativeAddr));

else

return 0;

}

bool isLibraryLoaded(const char *libraryName) {

char line[512] = {0};

FILE *fp = fopen("/proc/self/maps", "rt");

if (fp != NULL) {

while (fgets(line, sizeof(line), fp)) {

if (strstr(line, libraryName))

return true;

}

fclose(fp);

}

return false;

}

#include <pthread.h>

#include <jni.h>

#include <memory.h>

#include <dlfcn.h>

#include <cstdio>

#include <cstdlib>

#include "includes/utils.h"

#include "includes/il2cpp.h"

#include "includes/logger.h"

void* main_thread(void*){

il2cpp_handle = dlopen("libil2cpp.so", RTLD_LAZY);

if(!il2cpp_handle){

LOGE("Cannot open library: %s", dlerror());

}

else{

il2cpp_domain_get_ il2cpp_domain_get = (il2cpp_domain_get_)dlsym(il2cpp_handle, "il2cpp_domain_get");

il2cpp_domain_get_assemblies_ il2cpp_domain_get_assemblies = (il2cpp_domain_get_assemblies_)dlsym(il2cpp_handle, "il2cpp_domain_get_assemblies");

il2cpp_assembly_get_image_ il2cpp_assembly_get_image = (il2cpp_assembly_get_image_)dlsym(il2cpp_handle, "il2cpp_assembly_get_image");

il2cpp_class_from_name_ il2cpp_class_from_name = (il2cpp_class_from_name_)dlsym(il2cpp_handle, "il2cpp_class_from_name");

il2cpp_class_get_method_from_name_ il2cpp_class_get_method_from_name = (il2cpp_class_get_method_from_name_)dlsym(il2cpp_handle, "il2cpp_class_get_method_from_name");

sleep(2);

LOGD("hack game begin");

Il2CppDomain* domain = il2cpp_domain_get();

unsigned long ass_len = 0;

const Il2CppAssembly** assembly_list = il2cpp_domain_get_assemblies(domain, &ass_len);

while(strcmp((*assembly_list)->aname.name, "Assembly-CSharp") != 0){

LOGD("Assembly name: %s", (*assembly_list)->aname.name);

assembly_list++;

}

const Il2CppImage* image = il2cpp_assembly_get_image(*assembly_list);

Il2CppClass* clazz = il2cpp_class_from_name(image, "<Namespace> ", "<Classname> Player");

//octo_hook((unsigned long)il2cpp_class_get_method_from_name(clazz, "<Your Method> PlayerUpdate", 1)->methodPointer, (void*)Player_Update, (void**)&old_Player_Update)

}

}

__attribute__((constructor))

void libil2cpp_main() {

pthread_t ptid;

pthread_create(&ptid, NULL, main_thread, NULL);

}