How I turn this main.cpp into 'Damage and Defence multiplier'?

Hello, dear friends! It's a pleasure to meet you all! I'm new here and I need some help for my learning. My question is about a main.cpp, how to basically run with 'Damage' and 'Defence' multiplier function (with the floating mod). It's possible to use hooking and hex in the same, one enable and the other disabled (to alternate)? Please, if possible can you help me with the code below? Note: The target offsets be like this: The first below is the Damage. // Token: 0x17000D53 RID: 3411 // (get) Token: 0x06003223 RID: 12835 RVA: 0x00010770 File Offset: 0x0000E970 [Token(Token = "0x17000D53")] public int AttackPower { [Token(Token = "0x6003223")] [Address(RVA = "0xDF6200", Offset = "0xDF6200", VA = "0xCCDF6200")] get { return 0; } The second below is Defence: // Token: 0x17000D54 RID: 3412 // (get) Token: 0x06003224 RID: 12836 RVA: 0x00010788 File Offset: 0x0000E988 [Token(Token = "0x17000D54")] public int DefencePower { [Token(Token = "0x6003224")] [Address(RVA = "0xDF6410", Offset = "0xDF6410", VA = "0xCCDF6410")] get { return 0; } } You have all my thanks!!! Code: /* #include <list> #include <vector> #include <string.h> #include <pthread.h> #include <cstring> #include <jni.h> #include <unistd.h> #include <fstream> #include "Includes/obfuscate.h" #include "KittyMemory/MemoryPatch.h" #include "Includes/Logger.h" #include "Includes/Utils.h" #include "Menu.h" #if defined(__aarch64__) //Compile for arm64 lib only #include <And64InlineHook/And64InlineHook.hpp> #else //Compile for armv7 lib only. Do not worry about greyed out highlighting code, it still works #include <Substrate/SubstrateHook.h> #include <Substrate/CydiaSubstrate.h> #include <iostream> #endif // fancy struct for patches for kittyMemory struct My_Patches { // let's assume we have patches for these functions for whatever game // like show in miniMap boolean function MemoryPatch Damage, Defence, SliderDamage, SliderDefence, SliderArmor; // etc... } hexPatches; bool feature2 = false, attackpower = false, featureHookToggle = false, gem = false, defencepower = false; int sliderValue = 1; void *instanceBtn; int slider = 1; // Function pointer splitted because we want to avoid crash when the il2cpp lib isn't loaded. // If you putted getAbsoluteAddress here, the lib tries to read the address without il2cpp loaded, // will result in a null pointer which will cause crash void (*get_gem)(void *instance, int amount); //Target lib here #define targetLibName OBFUSCATE("libil2cpp.so") extern "C" { JNIEXPORT void JNICALL Java_uk_lgl_MainActivity_Toast(JNIEnv *env, jclass obj, jobject context) { MakeToast(env, context, OBFUSCATE("Modded by Yamasu"), Toast::LENGTH_LONG); } JNIEXPORT jobjectArray JNICALL Java_uk_lgl_modmenu_FloatingModMenuService_getFeatureList(JNIEnv *env, jobject activityObject) { jobjectArray ret; const char *features[] = { OBFUSCATE("Category_The Category"), //Not counted OBFUSCATE("Toggle_Damage"), //0 Case OBFUSCATE("Toggle_Defence"), //1 Case OBFUSCATE("SeekBar_DamageMT_1_100"), //2 Case OBFUSCATE("SeekBar_DamageHeX_1_100"), //3 Case OBFUSCATE("Toggle_AttackPower"), //4 Case OBFUSCATE("Slider_Damage"), //5 Case OBFUSCATE("Slider_Defence"), //6 Case OBFUSCATE("Slider_Armor"), //7 Case OBFUSCATE("Toggle_Gems"), //8 Case OBFUSCATE("Toggle_Gems"), //9 Case OBFUSCATE("Toggle_FeatureHook"), //10 Case OBFUSCATE("Toggle_Gems"), //11 Case OBFUSCATE("Toggle_DefencePower"), //12 Case }; //Now you dont have to manually update the number everytime; int Total_Feature = (sizeof features / sizeof features[0]); ret = (jobjectArray) env->NewObjectArray(Total_Feature, env->FindClass(OBFUSCATE("java/lang/String")), env->NewStringUTF("")); for (int i = 0; i < Total_Feature; i++) env->SetObjectArrayElement(ret, i, env->NewStringUTF(features[i])); pthread_t ptid; pthread_create(&ptid, NULL, antiLeech, NULL); return (ret); } JNIEXPORT void JNICALL Java_uk_lgl_modmenu_Preferences_Changes(JNIEnv *env, jclass clazz, jobject obj, jint featNum, jstring featName, jint value, jboolean boolean, jstring str) { //Convert java string to c++ const char *featureName = env->GetStringUTFChars(featName, 0); const char *TextInput; if (str != NULL) TextInput = env->GetStringUTFChars(str, 0); else TextInput = "On~Off"; LOGD(OBFUSCATE("Feature name: %d - %s | Value: = %d | Bool: = %d | Text: = %s"), featNum, featureName, value, boolean, TextInput); //BE CAREFUL NOT TO ACCIDENTLY REMOVE break; switch (featNum) { case 0: feature2 = boolean; if (feature2) { hexPatches.Damage.Modify(); } else { hexPatches.Damage.Restore(); } break; case 1: feature2 = boolean; if (feature2) { hexPatches.Defence.Modify(); } else { hexPatches.Defence.Restore(); } break; } switch (value) { case 2: if (value >= 1) { sliderValue = value; //no multiplication } break; } switch (value) { case 3 : if (value >= 1) { sliderValue = value * 99999; // with multiplication does freeze the game } break; } switch (featNum) { case 4: attackpower = boolean; break; } switch (value) { case 5: hexPatches.SliderDamage = MemoryPatch::createWithHex( targetLibName, string2Offset( OBFUSCATE_KEY("0x15ED0C8", 't')), OBFUSCATE( "60 0A 0E E3 1E FF 2F E1")); hexPatches.SliderDamage.Modify(); break; case 6: hexPatches.SliderDefence = MemoryPatch::createWithHex( targetLibName, string2Offset( OBFUSCATE_KEY("0x15ED148", 'b')), OBFUSCATE( "60 0A 0E E3 1E FF 2F E1")); hexPatches.SliderDefence.Modify(); break; case 7: hexPatches.SliderArmor = MemoryPatch::createWithHex( targetLibName, string2Offset( OBFUSCATE_KEY("0x96D7B8", 'q')), OBFUSCATE( "60 0A 0E E3 1E FF 2F E1")); hexPatches.SliderArmor.Modify(); break; } switch (value) case 8: { if (instanceBtn != NULL) get_gem(instanceBtn, 9999); MakeToast(env, obj, OBFUSCATE("Button pressed"), Toast::LENGTH_SHORT); break; } switch (featNum) { case 9: featureHookToggle = boolean; break; } switch (featNum) { case 10: MakeToast(env, obj, TextInput, Toast::LENGTH_SHORT); break; } switch (featNum) { case 11: gem = boolean; break; } switch (featNum) { case 12: defencepower = boolean; break; } } // Hooking example int (*old_attack)(void *instance); int attack(void *instance) { if (instance != NULL && attackpower) { return 9999; } return old_attack(instance); } int (*old_defence)(void *instance); int defence(void *instance) { if (instance != NULL && defencepower) { return 9999; } return old_defence(instance); } double (*old_Attack)(void *instance); double (AttackPower)(void *instance) { if (instance != NULL && sliderValue > 1) { //is true when slidervalue more than 1 and not null return (double) sliderValue; } old_Attack(instance); // otherwise return to old value } //Toast int (*old_gem)(void *instance); int Gem(void *instance) { if (instance != NULL && gem) { return 9999; } return old_gem(instance); } // we will run our patches in a new thread so our while loop doesn't block process main thread // Don't forget to remove or comment out logs before you compile it. //KittyMemory Android Example: https://ift.tt/eJPbwnE //Use ARM Converter to convert ARM to HEX: https://ift.tt/47p2JTU //Note: We use OBFUSCATE_KEY for offsets which is the important part xD void *hack_thread(void *) { LOGI(OBFUSCATE("pthread called")); //Check if target lib is loaded do { sleep(1); } while (!isLibraryLoaded(targetLibName)); LOGI(OBFUSCATE("%s has been loaded"), (const char *) targetLibName); #if defined(__aarch64__) //Compile for arm64 lib only // New way to patch hex via KittyMemory without need to specify len. Spaces or without spaces are fine //hexPatches.GodMode = MemoryPatch::createWithHex(targetLibName, //string2Offset(OBFUSCATE_KEY("0x123456", '3')), //OBFUSCATE("00 00 A0 E3 1E FF 2F E1")); //You can also specify target lib like this //hexPatches.GodMode2 = MemoryPatch::createWithHex("libtargetLibHere.so", //string2Offset(OBFUSCATE_KEY("0x222222", 'g')), //OBFUSCATE("00 00 A0 E3 1E FF 2F E1")); // Offset Hook example // A64HookFunction((void *) getAbsoluteAddress(targetLibName, string2Offset(OBFUSCATE_KEY("0x123456", 'l'))), (void *) get_BoolExample, // (void **) &old_get_BoolExample); // Function pointer splitted because we want to avoid crash when the il2cpp lib isn't loaded. // See https://ift.tt/IOKhHfV gem = (void(*)(void *,int))getAbsoluteAddress(targetLibName, 0x123456); #else //Compile for armv7 lib only. Do not worry about greyed out highlighting code, it still works // New way to patch hex via KittyMemory without need to specify len. Spaces or without spaces are fine hexPatches.Damage = MemoryPatch::createWithHex(targetLibName, string2Offset(OBFUSCATE_KEY("0x15ED0C8", 'g')), OBFUSCATE("DC OF OF E3 1E FF 2F E1")); //You can also specify target lib like this hexPatches.Defence = MemoryPatch::createWithHex(targetLibName, string2Offset(OBFUSCATE_KEY("0x15ED148", 'g')), OBFUSCATE("DC OF OF E3 1E FF 2F E1")); hexPatches.SliderDamage = MemoryPatch::createWithHex(targetLibName, string2Offset( OBFUSCATE_KEY("0x15ED0C8", 'g')), OBFUSCATE("12 07 80 E3 1E FF 2F E1")); hexPatches.SliderDefence = MemoryPatch::createWithHex(targetLibName, string2Offset( OBFUSCATE_KEY("0x15ED148", 'g')), OBFUSCATE("12 07 80 E3 1E FF 2F E1")); hexPatches.SliderArmor = MemoryPatch::createWithHex(targetLibName, string2Offset( OBFUSCATE_KEY("0x96D7B8", 'g')), OBFUSCATE("12 07 80 E3 1E FF 2F E1")); //Apply patches here if you don't use mod menu //hexPatches.GodMode.Modify(); //hexPatches.GodMode2.Modify(); // Offset Hook example MSHookFunction((void *) getAbsoluteAddress(targetLibName, string2Offset(OBFUSCATE_KEY("0x1C8C8E0", '?'))), (void *) get_gem, (void **) &old_gem); MSHookFunction((void *) getAbsoluteAddress(targetLibName, string2Offset(OBFUSCATE_KEY("0x1C8B70C", '?'))), (void *) get_gem, (void **) &old_gem); // Symbol hook example (untested). Symbol/function names can be found in IDA if the lib are not stripped. This is not for il2cpp games MSHookFunction((void *) ("__unwind_"), (void *) get_gem, (void **) &old_gem); // Function pointer splitted because we want to avoid crash when the il2cpp lib isn't loaded. // See https://ift.tt/IOKhHfV get_gem = (void (*)(void *, int)) getAbsoluteAddress(targetLibName, 0x1C8C8E0); get_gem = (void (*)(void *, int)) getAbsoluteAddress(targetLibName, 0x1C8B70C); LOGI(OBFUSCATE("Done")); #endif return NULL; } //No need to use JNI_OnLoad, since we don't use JNIEnv //We do this to hide OnLoad from disassembler __attribute__((constructor)) void lib_main() { // Create a new thread so it does not block the main thread, means the game would not freeze pthread_t ptid; pthread_create(&ptid, NULL, hack_thread, NULL); } /* JNIEXPORT jint JNICALL JNI_OnLoad(JavaVM *vm, void *reserved) { JNIEnv *globalEnv; vm->GetEnv((void **) &globalEnv, JNI_VERSION_1_6); return JNI_VERSION_1_6; } */ }

from iOSGods RSS Feed https://ift.tt/r8NDpFI