├── .gitignore ├── LICENSE ├── README.md ├── dump.PNG └── src ├── dumper ├── api.hpp ├── classes.hpp ├── dumper.hpp └── images.hpp └── main.cpp /.gitignore: -------------------------------------------------------------------------------- 1 | ## Ignore Visual Studio temporary files, build results, and 2 | ## files generated by popular Visual Studio add-ons. 3 | ## 4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore 5 | 6 | # User-specific files 7 | *.rsuser 8 | *.suo 9 | *.user 10 | *.userosscache 11 | *.sln.docstates 12 | 13 | # User-specific files (MonoDevelop/Xamarin Studio) 14 | *.userprefs 15 | 16 | # Mono auto generated files 17 | mono_crash.* 18 | 19 | # Build results 20 | [Dd]ebug/ 21 | [Dd]ebugPublic/ 22 | [Rr]elease/ 23 | [Rr]eleases/ 24 | x64/ 25 | x86/ 26 | [Aa][Rr][Mm]/ 27 | [Aa][Rr][Mm]64/ 28 | bld/ 29 | [Bb]in/ 30 | [Oo]bj/ 31 | [Ll]og/ 32 | [Ll]ogs/ 33 | 34 | # Visual Studio 2015/2017 cache/options directory 35 | .vs/ 36 | # Uncomment if you have tasks that create the project's static files in wwwroot 37 | #wwwroot/ 38 | 39 | # Visual Studio 2017 auto generated files 40 | Generated\ Files/ 41 | 42 | # MSTest test Results 43 | [Tt]est[Rr]esult*/ 44 | [Bb]uild[Ll]og.* 45 | 46 | # NUnit 47 | *.VisualState.xml 48 | TestResult.xml 49 | nunit-*.xml 50 | 51 | # Build Results of an ATL Project 52 | [Dd]ebugPS/ 53 | [Rr]eleasePS/ 54 | dlldata.c 55 | 56 | # Benchmark Results 57 | BenchmarkDotNet.Artifacts/ 58 | 59 | # .NET Core 60 | project.lock.json 61 | project.fragment.lock.json 62 | artifacts/ 63 | 64 | # StyleCop 65 | StyleCopReport.xml 66 | 67 | # Files built by Visual Studio 68 | *_i.c 69 | *_p.c 70 | *_h.h 71 | *.ilk 72 | *.meta 73 | *.obj 74 | *.iobj 75 | *.pch 76 | *.pdb 77 | *.ipdb 78 | *.pgc 79 | *.pgd 80 | *.rsp 81 | *.sbr 82 | *.tlb 83 | *.tli 84 | *.tlh 85 | *.tmp 86 | *.tmp_proj 87 | *_wpftmp.csproj 88 | *.log 89 | *.vspscc 90 | *.vssscc 91 | .builds 92 | *.pidb 93 | *.svclog 94 | *.scc 95 | 96 | # Chutzpah Test files 97 | _Chutzpah* 98 | 99 | # Visual C++ cache files 100 | ipch/ 101 | *.aps 102 | *.ncb 103 | *.opendb 104 | *.opensdf 105 | *.sdf 106 | *.cachefile 107 | *.VC.db 108 | *.VC.VC.opendb 109 | 110 | # Visual Studio profiler 111 | *.psess 112 | *.vsp 113 | *.vspx 114 | *.sap 115 | 116 | # Visual Studio Trace Files 117 | *.e2e 118 | 119 | # TFS 2012 Local Workspace 120 | $tf/ 121 | 122 | # Guidance Automation Toolkit 123 | *.gpState 124 | 125 | # ReSharper is a .NET coding add-in 126 | _ReSharper*/ 127 | *.[Rr]e[Ss]harper 128 | *.DotSettings.user 129 | 130 | # TeamCity is a build add-in 131 | _TeamCity* 132 | 133 | # DotCover is a Code Coverage Tool 134 | *.dotCover 135 | 136 | # AxoCover is a Code Coverage Tool 137 | .axoCover/* 138 | !.axoCover/settings.json 139 | 140 | # Visual Studio code coverage results 141 | *.coverage 142 | *.coveragexml 143 | 144 | # NCrunch 145 | _NCrunch_* 146 | .*crunch*.local.xml 147 | nCrunchTemp_* 148 | 149 | # MightyMoose 150 | *.mm.* 151 | AutoTest.Net/ 152 | 153 | # Web workbench (sass) 154 | .sass-cache/ 155 | 156 | # Installshield output folder 157 | [Ee]xpress/ 158 | 159 | # DocProject is a documentation generator add-in 160 | DocProject/buildhelp/ 161 | DocProject/Help/*.HxT 162 | DocProject/Help/*.HxC 163 | DocProject/Help/*.hhc 164 | DocProject/Help/*.hhk 165 | DocProject/Help/*.hhp 166 | DocProject/Help/Html2 167 | DocProject/Help/html 168 | 169 | # Click-Once directory 170 | publish/ 171 | 172 | # Publish Web Output 173 | *.[Pp]ublish.xml 174 | *.azurePubxml 175 | # Note: Comment the next line if you want to checkin your web deploy settings, 176 | # but database connection strings (with potential passwords) will be unencrypted 177 | *.pubxml 178 | *.publishproj 179 | 180 | # Microsoft Azure Web App publish settings. Comment the next line if you want to 181 | # checkin your Azure Web App publish settings, but sensitive information contained 182 | # in these scripts will be unencrypted 183 | PublishScripts/ 184 | 185 | # NuGet Packages 186 | *.nupkg 187 | # NuGet Symbol Packages 188 | *.snupkg 189 | # The packages folder can be ignored because of Package Restore 190 | **/[Pp]ackages/* 191 | # except build/, which is used as an MSBuild target. 192 | !**/[Pp]ackages/build/ 193 | # Uncomment if necessary however generally it will be regenerated when needed 194 | #!**/[Pp]ackages/repositories.config 195 | # NuGet v3's project.json files produces more ignorable files 196 | *.nuget.props 197 | *.nuget.targets 198 | 199 | # Microsoft Azure Build Output 200 | csx/ 201 | *.build.csdef 202 | 203 | # Microsoft Azure Emulator 204 | ecf/ 205 | rcf/ 206 | 207 | # Windows Store app package directories and files 208 | AppPackages/ 209 | BundleArtifacts/ 210 | Package.StoreAssociation.xml 211 | _pkginfo.txt 212 | *.appx 213 | *.appxbundle 214 | *.appxupload 215 | 216 | # Visual Studio cache files 217 | # files ending in .cache can be ignored 218 | *.[Cc]ache 219 | # but keep track of directories ending in .cache 220 | !?*.[Cc]ache/ 221 | 222 | # Others 223 | ClientBin/ 224 | ~$* 225 | *~ 226 | *.dbmdl 227 | *.dbproj.schemaview 228 | *.jfm 229 | *.pfx 230 | *.publishsettings 231 | orleans.codegen.cs 232 | 233 | # Including strong name files can present a security risk 234 | # (https://github.com/github/gitignore/pull/2483#issue-259490424) 235 | #*.snk 236 | 237 | # Since there are multiple workflows, uncomment next line to ignore bower_components 238 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) 239 | #bower_components/ 240 | 241 | # RIA/Silverlight projects 242 | Generated_Code/ 243 | 244 | # Backup & report files from converting an old project file 245 | # to a newer Visual Studio version. Backup files are not needed, 246 | # because we have git ;-) 247 | _UpgradeReport_Files/ 248 | Backup*/ 249 | UpgradeLog*.XML 250 | UpgradeLog*.htm 251 | ServiceFabricBackup/ 252 | *.rptproj.bak 253 | 254 | # SQL Server files 255 | *.mdf 256 | *.ldf 257 | *.ndf 258 | 259 | # Business Intelligence projects 260 | *.rdl.data 261 | *.bim.layout 262 | *.bim_*.settings 263 | *.rptproj.rsuser 264 | *- [Bb]ackup.rdl 265 | *- [Bb]ackup ([0-9]).rdl 266 | *- [Bb]ackup ([0-9][0-9]).rdl 267 | 268 | # Microsoft Fakes 269 | FakesAssemblies/ 270 | 271 | # GhostDoc plugin setting file 272 | *.GhostDoc.xml 273 | 274 | # Node.js Tools for Visual Studio 275 | .ntvs_analysis.dat 276 | node_modules/ 277 | 278 | # Visual Studio 6 build log 279 | *.plg 280 | 281 | # Visual Studio 6 workspace options file 282 | *.opt 283 | 284 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.) 285 | *.vbw 286 | 287 | # Visual Studio LightSwitch build output 288 | **/*.HTMLClient/GeneratedArtifacts 289 | **/*.DesktopClient/GeneratedArtifacts 290 | **/*.DesktopClient/ModelManifest.xml 291 | **/*.Server/GeneratedArtifacts 292 | **/*.Server/ModelManifest.xml 293 | _Pvt_Extensions 294 | 295 | # Paket dependency manager 296 | .paket/paket.exe 297 | paket-files/ 298 | 299 | # FAKE - F# Make 300 | .fake/ 301 | 302 | # CodeRush personal settings 303 | .cr/personal 304 | 305 | # Python Tools for Visual Studio (PTVS) 306 | __pycache__/ 307 | *.pyc 308 | 309 | # Cake - Uncomment if you are using it 310 | # tools/** 311 | # !tools/packages.config 312 | 313 | # Tabs Studio 314 | *.tss 315 | 316 | # Telerik's JustMock configuration file 317 | *.jmconfig 318 | 319 | # BizTalk build output 320 | *.btp.cs 321 | *.btm.cs 322 | *.odx.cs 323 | *.xsd.cs 324 | 325 | # OpenCover UI analysis results 326 | OpenCover/ 327 | 328 | # Azure Stream Analytics local run output 329 | ASALocalRun/ 330 | 331 | # MSBuild Binary and Structured Log 332 | *.binlog 333 | 334 | # NVidia Nsight GPU debugger configuration file 335 | *.nvuser 336 | 337 | # MFractors (Xamarin productivity tool) working folder 338 | .mfractor/ 339 | 340 | # Local History for Visual Studio 341 | .localhistory/ 342 | 343 | # BeatPulse healthcheck temp database 344 | healthchecksdb 345 | 346 | # Backup folder for Package Reference Convert tool in Visual Studio 2017 347 | MigrationBackup/ 348 | 349 | # Ionide (cross platform F# VS Code tools) working folder 350 | .ionide/ 351 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## Note: This project is no longer maintained, I have no idea if it'll still work or not.. 2 | 3 | 4 | 5 | 6 | # Memity! 7 | An internal dumper for eliminating the need for offsets in games using the Il2cpp backend or optionally dumping offsets to be used in an external cheat. 8 | No need to tinker with Unity metadata files, everything is processed at runtime. 9 | 10 | # How do I use it? 11 | 12 | First, initalize the api used by Memity and create a Dumper object. (You can initalize it on the heap or stack if you'd prefer). 13 | ```cpp 14 | api::init(); 15 | const auto game = std::make_unique(new Dumper()); 16 | ``` 17 | All subsequent calls on any dumper classes **will** fail if the api is not initalized. 18 | Memity needs to resolve the exports from Il2cpp. 19 | 20 | ### Retrieving class types from images 21 | Before dumping Il2CppClasses classes, you first have to get the image associated with the class. Afterwards, you can retrieve the Il2CppClass. 22 | ```cpp 23 | const auto image = game->get_image("Assembly-CSharp.dll"); 24 | const auto base_player = image->get_class("BasePlayer"); 25 | ``` 26 | ### Modifying fields 27 | When you get the field of a function, it returns a void pointer, leaving it up to the programmer to decide what to do with it. 28 | ```cpp 29 | // Class functions 30 | const auto position = reinterpret_cast( 31 | base_player->get_field("Position") 32 | ); 33 | 34 | position->x = 5.0; 35 | position->y = 3.0; 36 | position->z = 2.0; 37 | ``` 38 | ## Dumping offsets 39 | Below is an example of how one could dump offsets to be used in an external application. 40 | 41 | ```cpp 42 | #include 43 | #include // different for where you decide to include your files 44 | 45 | // code somewhere.. 46 | void dump() 47 | { 48 | // Initalize our API if it isn't already 49 | api::init(); 50 | 51 | // Passing false since we won't be using the global class table 52 | const auto dumper = std::make_unique(new Dumper(false)); 53 | 54 | for (const auto image : dumper->get_images()) 55 | { 56 | printf("[memity] current image: %s (0x%llx)\n", image->get_name(), static_cast< void* >(image)); 57 | for (const auto object : image->get_classes()) 58 | { 59 | const auto klass = static_cast< Class* >(object); // Cast from void* to our custom Il2CppClass implementation 60 | if (klass) 61 | { 62 | printf("\t[memity] dumping class %s (0x%llx)\n", klass->get_name(), static_cast< void* >(klass)); 63 | for (const auto field : klass->get_fields()) 64 | { 65 | if (field) 66 | printf("\t\t[memity] field %s dumped at offset 0x%x\n", api::get_field_name(field), klass->get_field_offset(api::get_field_name(field))); 67 | } 68 | } 69 | } 70 | } 71 | } 72 | ``` 73 | ## Rust example 74 | ![Rust BasePlayer dump](dump.PNG "Rust BasePlayer dump") 75 | 76 | ### Other necessary information 77 | - When getting classes from an image, the dumper does not include templated classes such as ListDictionaries. 78 | - If you would like to get a class inside of a class, use the ``Class::get_nested_type(const char* name)`` method. Make sure the class is pointing to a valid class type. 79 | - I plan to add functionality to automatically dump information and format it into a proper header file, if you'd like to add that functionality feel free to make a pull request. 80 | - This is my first real "release" of something, constructive critism is appreciated. Additionally, ``api.hpp`` contains some useful il2cpp exports if you'd like to fiddle around with it yourself. 81 | 82 | -------------------------------------------------------------------------------- /dump.PNG: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/absceptual/unity-dumper/9b8a9072275bd9d0aefd4f3df05e3f3603eb747e/dump.PNG -------------------------------------------------------------------------------- /src/dumper/api.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | 5 | #ifdef _WIN64 6 | #define APICALL __fastcall 7 | #else 8 | #define APICALL __cdecl 9 | #endif 10 | 11 | 12 | class Class; 13 | class Image; 14 | 15 | namespace api 16 | { 17 | inline bool initalized { false }; 18 | 19 | // domain & assembly 20 | using get_domain_t = void* (APICALL*)(void); 21 | using get_assemblies_t = void** (APICALL*)(const void* domain, size_t* count); 22 | 23 | inline get_domain_t get_domain = nullptr; 24 | inline get_assemblies_t get_assemblies = nullptr; 25 | 26 | // images 27 | using get_image_t = Image* (APICALL*)(const void* assembly); 28 | using get_image_name_t = const char* (APICALL*)(const void* image); 29 | using get_class_count_t = size_t (APICALL*)(const void* image); 30 | 31 | inline get_image_t get_image = nullptr; 32 | inline get_image_name_t get_image_name = nullptr; 33 | inline get_class_count_t get_class_count = nullptr; 34 | 35 | // class 36 | using get_class_t = Class* (APICALL*)(const void* image, const char* namespaze, const char* name); 37 | using get_class_from_id_t = Class* (APICALL*)(const void* image, size_t index); 38 | using get_class_name_t = const char* (APICALL*)(const void* klass); 39 | 40 | inline get_class_t get_class = nullptr; 41 | inline get_class_from_id_t get_class_from_id = nullptr; 42 | inline get_class_name_t get_class_name = nullptr; 43 | 44 | // types 45 | using get_nested_types_t = Class* (APICALL*)(const void* klass, void*); 46 | using get_type_class_t = Class* (APICALL*)(const void* type); 47 | using get_type_name_t = const char* (APICALL*)(const void* type); 48 | 49 | inline get_nested_types_t get_nested_types = nullptr; 50 | inline get_type_class_t get_type_class = nullptr; 51 | inline get_type_name_t get_type_name = nullptr; 52 | 53 | // fields 54 | using get_field_t = void* (APICALL*)(const void* klass, const char* name); 55 | using get_field_offset_t = size_t (APICALL*)(const void* field); 56 | using get_field_count_t = size_t (APICALL*)(const void* klass); 57 | using get_fields_t = void* (APICALL*)(const void* klass, void* iter); 58 | using get_field_name_t = const char* (APICALL*)(const void* field); 59 | 60 | inline get_field_t get_field = nullptr; 61 | inline get_field_offset_t get_field_offset = nullptr; 62 | inline get_field_count_t get_field_count = nullptr; 63 | inline get_fields_t get_fields = nullptr; 64 | inline get_field_name_t get_field_name = nullptr; 65 | 66 | // Required to be called before initalization of the dumper for the rest of the dumper to work properly 67 | inline void init(); 68 | } 69 | 70 | #pragma warning(disable : 6387) 71 | void api::init() 72 | { 73 | if (initalized) 74 | return; 75 | 76 | get_domain = reinterpret_cast< get_domain_t >( 77 | GetProcAddress(GetModuleHandle(L"GameAssembly.dll"), "il2cpp_domain_get") 78 | ); 79 | 80 | get_assemblies = reinterpret_cast< get_assemblies_t >( 81 | GetProcAddress(GetModuleHandle(L"GameAssembly.dll"), "il2cpp_domain_get_assemblies") 82 | ); 83 | 84 | get_image = reinterpret_cast< get_image_t >( 85 | GetProcAddress(GetModuleHandle(L"GameAssembly.dll"), "il2cpp_assembly_get_image") 86 | ); 87 | 88 | 89 | get_image_name = reinterpret_cast< get_image_name_t >( 90 | GetProcAddress(GetModuleHandle(L"GameAssembly.dll"), "il2cpp_image_get_name") 91 | ); 92 | 93 | get_class_count = reinterpret_cast< get_class_count_t >( 94 | GetProcAddress(GetModuleHandle(L"GameAssembly.dll"), "il2cpp_image_get_class_count") 95 | ); 96 | 97 | get_class = reinterpret_cast< get_class_t >( 98 | GetProcAddress(GetModuleHandle(L"GameAssembly.dll"), "il2cpp_class_from_name") 99 | ); 100 | 101 | get_class_from_id = reinterpret_cast< get_class_from_id_t >( 102 | GetProcAddress(GetModuleHandle(L"GameAssembly.dll"), "il2cpp_image_get_class") 103 | ); 104 | 105 | get_class_name = reinterpret_cast< get_class_name_t >( 106 | GetProcAddress(GetModuleHandle(L"GameAssembly.dll"), "il2cpp_class_get_name") 107 | ); 108 | 109 | get_type_name = reinterpret_cast< get_type_name_t >( 110 | GetProcAddress(GetModuleHandle(L"GameAssembly.dll"), "il2cpp_type_get_name") 111 | ); 112 | 113 | get_type_class = reinterpret_cast< get_type_class_t >( 114 | GetProcAddress(GetModuleHandle(L"GameAssembly.dll"), "il2cpp_type_get_class_or_element_class") 115 | ); 116 | 117 | get_field = reinterpret_cast< get_field_t >( 118 | GetProcAddress(GetModuleHandle(L"GameAssembly.dll"), "il2cpp_class_get_field_from_name") 119 | ); 120 | 121 | get_field_offset = reinterpret_cast< get_field_offset_t >( 122 | GetProcAddress(GetModuleHandle(L"GameAssembly.dll"), "il2cpp_field_get_offset") 123 | ); 124 | 125 | get_nested_types = reinterpret_cast< get_nested_types_t >( 126 | GetProcAddress(GetModuleHandle(L"GameAssembly.dll"), "il2cpp_class_get_nested_types") 127 | ); 128 | 129 | get_field_count = reinterpret_cast< get_field_count_t >( 130 | GetProcAddress(GetModuleHandle(L"GameAssembly.dll"), "il2cpp_class_num_fields") 131 | ); 132 | 133 | get_fields = reinterpret_cast( 134 | GetProcAddress(GetModuleHandle(L"GameAssembly.dll"), "il2cpp_class_get_fields") 135 | ); 136 | 137 | get_field_name = reinterpret_cast( 138 | GetProcAddress(GetModuleHandle(L"GameAssembly.dll"), "il2cpp_field_get_name") 139 | ); 140 | } 141 | -------------------------------------------------------------------------------- /src/dumper/classes.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | 4 | class Class 5 | { 6 | public: 7 | using fields_t = std::vector; 8 | private: 9 | const char* m_name { }; 10 | 11 | public: 12 | Class() = default; 13 | 14 | // Returns a field by name 15 | template 16 | auto get_field(const char* name) const 17 | { 18 | const auto field = api::get_field(this, name); 19 | if (!field) 20 | return nullptr; 21 | 22 | const auto offset = api::get_field_offset(field); 23 | return reinterpret_cast< type >(this + offset); 24 | } 25 | 26 | // Returns the offset of the field relative to the class 27 | size_t get_field_offset(const char* name) const 28 | { 29 | const auto field = api::get_field(this, name); 30 | return api::get_field_offset(field); 31 | } 32 | 33 | // Returns a class nested inside of the current class by name 34 | auto get_nested_type(const char* name) const -> Class* 35 | { 36 | void* iterator = NULL; 37 | while (auto type = api::get_nested_types(this, &iterator)) 38 | { 39 | const auto class_name = api::get_class_name(type); 40 | if (!strcmp(class_name, name)) 41 | return type; 42 | } 43 | 44 | return nullptr; 45 | } 46 | 47 | // Returns a vector of fields (as void pointers) 48 | auto get_fields() const -> fields_t 49 | { 50 | fields_t m_fields{ }; 51 | if (m_fields.size()) 52 | return m_fields; 53 | 54 | const auto count = api::get_field_count(this); 55 | if (count) 56 | m_fields.resize(count); 57 | 58 | void* iterator = NULL; 59 | void* field = nullptr; 60 | 61 | size_t index = 0; 62 | while ((field = api::get_fields(this, &iterator))) 63 | { 64 | if (!field || field == NULL) 65 | continue; 66 | 67 | m_fields[index++] = field; 68 | } 69 | 70 | return m_fields; 71 | } 72 | 73 | auto get_name() const -> const char* { return api::get_class_name(this); } 74 | }; 75 | -------------------------------------------------------------------------------- /src/dumper/dumper.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | #include 8 | 9 | class Dumper 10 | { 11 | public: 12 | using images_t = std::vector; 13 | private: 14 | images_t m_images { }; 15 | 16 | public: 17 | 18 | // Dumps all images on initalization 19 | Dumper() 20 | { 21 | size_t count = 0U; 22 | const auto domain = api::get_domain(); 23 | const auto assemblies = api::get_assemblies(domain, &count); 24 | 25 | for (size_t index = 0U; index < count; ++index) 26 | { 27 | auto image = api::get_image(assemblies[index]); 28 | if (image) 29 | m_images.emplace_back(static_cast< Image* >(image)); 30 | } 31 | 32 | }; 33 | 34 | // Loop through current image names and checks their names to find a matching image 35 | auto get_image(const char* name) const -> Image* 36 | { 37 | for (const auto image : m_images) 38 | { 39 | if (!strcmp(name, image->get_name())) 40 | return image; 41 | } 42 | return nullptr; 43 | } 44 | 45 | // Returns image table 46 | auto get_images() const -> images_t { return m_images; } 47 | 48 | 49 | }; 50 | -------------------------------------------------------------------------------- /src/dumper/images.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | #include 8 | 9 | class Image 10 | { 11 | public: 12 | using classes_t = std::vector; 13 | private: 14 | const char* m_name{ }; 15 | 16 | public: 17 | 18 | // Gets an Il2CppClass from a namespace (global by default) and name 19 | auto get_class(const char* name, const char* namespaze = "") const -> Class* 20 | { 21 | const auto klass = api::get_class(this, namespaze, name); 22 | return klass; 23 | } 24 | 25 | // Returns a static vector of Il2CppClasses for that image 26 | auto get_classes() const -> classes_t 27 | { 28 | static classes_t m_classes{ }; 29 | if (m_classes.size()) 30 | return m_classes; 31 | 32 | size_t count = api::get_class_count(this); 33 | if (count) 34 | m_classes.resize(count); 35 | 36 | size_t valid_classes = 0; 37 | for (size_t index = 0U; index < count; ++index) 38 | { 39 | auto address = api::get_class_from_id(this, index); 40 | if (!address) 41 | continue; 42 | 43 | auto name = api::get_class_name(address); 44 | if (!name) 45 | continue; 46 | 47 | if (!strcmp(name, "")) 48 | continue; 49 | 50 | m_classes[valid_classes++] = address; 51 | } 52 | return m_classes; 53 | } 54 | 55 | // Returns the image name 56 | auto get_name() const { return m_name; } 57 | }; 58 | -------------------------------------------------------------------------------- /src/main.cpp: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | #include 4 | 5 | auto startup() 6 | { 7 | AllocConsole(); 8 | FILE* output; 9 | freopen_s(&output, "CONOUT$", "w", stdout); 10 | 11 | return output; 12 | } 13 | 14 | DWORD cleanup(HMODULE module, FILE* output) 15 | { 16 | fclose(output); 17 | FreeConsole(); 18 | FreeLibraryAndExitThread(module, 0); 19 | 20 | return 0; 21 | } 22 | 23 | DWORD WINAPI entry_point(HMODULE module) 24 | { 25 | auto output{ startup() }; 26 | printf("[memity] console started\n"); 27 | 28 | 29 | // Example for Rust (x64) 30 | api::init(); 31 | printf("[memity] api initalized\n"); 32 | 33 | const auto game = std::make_unique(); 34 | printf("[memity] images dumped\n"); 35 | 36 | const auto image = game->get_image("Assembly-CSharp.dll"); 37 | printf("[memity] Assembly-CSharp -> %s (0x%llx)\n", image->get_name(), reinterpret_cast(image)); 38 | 39 | const auto base_player = image->get_class("BasePlayer"); 40 | printf("[memity] BasePlayer -> %s (0x%llx)\n", base_player->get_name(), reinterpret_cast(base_player)); 41 | 42 | for (const auto field : base_player->get_fields()) 43 | { 44 | const auto name = api::get_field_name(field); 45 | printf("\t[memity] %s (0x%zx)\n", name, base_player->get_field_offset(name)); 46 | } 47 | 48 | Sleep(50000); 49 | return cleanup(module, output); 50 | } 51 | 52 | DWORD WINAPI DllMain(HINSTANCE module, 53 | DWORD reason, 54 | void* reserved 55 | ) 56 | { 57 | if (reason == DLL_PROCESS_ATTACH) 58 | { 59 | const auto thread = CreateThread(nullptr, 0x0, reinterpret_cast(entry_point), module, 0x0, nullptr); 60 | if (thread) 61 | { 62 | DisableThreadLibraryCalls(module); 63 | CloseHandle(thread); 64 | } 65 | } 66 | return TRUE; 67 | } 68 | 69 | 70 | --------------------------------------------------------------------------------