CE Lua Mono Code Repository

Section's for general approaches on hacking various options in games. No online-related discussions/posts OR warez!
Post Reply
User avatar
Cake-san
Table Makers
Table Makers
Posts: 382
Joined: Sun Mar 26, 2017 4:32 pm
Reputation: 610

CE Lua Mono Code Repository

Post by Cake-san »

Just a few Lua functions available in my mono based table with explanation...
Feel free to use it or write your own...

This will enable mono before script is execute & disable mono when script finish executing...

Code: Select all

function onMemRecPreExecute(memoryrecord, newstate)
  if memoryrecord.Type == vtAutoAssembler then LaunchMonoDataCollector()end
end
function onMemRecPostExecute(memoryrecord, newState, succeeded )
  if memoryrecord.Type == vtAutoAssembler then
    miMonoActivateClick(sender)
  end
end


Public Static variable parsing

print the variable class name so you know which is which...

Code: Select all

function mono_printAllStaticfrom(Address,size)
    Address=getAddressSafe(Address)
    if not size then size=0x100 end
	local i=0
	local j=1
	while(i<size) do
		local ext, opc, byt, add=splitDisassembledString(disassemble(Address+i))
		if ext~="" then
			if(opc:find(",")~=nil)then
				opc=opc:sub(opc:find(",")+1,opc:len())
			else
				opc=opc:sub(opc:find(" ")+1,opc:len())
			end
			local currentaddress, classaddress, classname=mono_object_findRealStartOfObject(readPointer(opc))
            if classname then print(j..'.'..classname)end
            j=j+1
        end
		if opc:find('],') then
            opc=opc:sub(opc:find("%[")+1,opc:find("]")-1)
            if tonumber(opc,16) then
              local currentaddress, classaddress, classname=mono_object_findRealStartOfObject(readPointer(opc))
              if classname then print(j..'.'..classname)end
              j=j+1
            end
        end
		i=i+getInstructionSize(Address+i)
	end
end
Image



register the static variable symbol, number is index, start from 1

Code: Select all

function findAddress(Symbol,number,Address,size)
    Address=getAddressSafe(Address)
    if not size then size=0x100 end
	local addr={}
	local i=0
	local j=1
	while(i<size) do
		local ext, opc, byt, add=splitDisassembledString(disassemble(Address+i))
		if ext~="" then
			if(opc:find(",")~=nil)then
				opc=opc:sub(opc:find(",")+1,opc:len())
			else
				opc=opc:sub(opc:find(" ")+1,opc:len())
			end
			addr[j]=opc:gsub("%[",""):gsub("]","") j=j+1
        end
		if opc:find('],') then
            opc=opc:sub(opc:find("%[")+1,opc:find("]")-1)
            if tonumber(opc,16) then addr[j]=opc j=j+1 end
        end

		i=i+getInstructionSize(Address+i)
	end
    if number<=0 then return addr end
    --for i=1,#addr do print(addr[i]) end
	unregisterSymbol(Symbol)
	registerSymbol(Symbol,getAddressSafe(addr[number]),true)
end
Image



if there're a lot of static variables inside function/method use this to register the symbol & symbol need to be the same as class name...

Code: Select all

function mono_getStatic(list,Address,size)
    if not list or type(list)~=type({}) then print('invalid list for '..Address) return  end
    Address=getAddressSafe(Address)
    if not size then size=0x100 end
	local i=0
    local k=0
	while(i<size) do
		local ext, opc, byt, add=splitDisassembledString(disassemble(Address+i))
		if ext~="" then
			if(opc:find(",")~=nil)then
				opc=opc:sub(opc:find(",")+1,opc:len())
			else
				opc=opc:sub(opc:find(" ")+1,opc:len())
			end
			local currentaddress, classaddress, classname=mono_object_findRealStartOfObject(readPointer(opc))
            for j=1,#list do
              if classname==list[j] then unregisterSymbol(list[j]) registerSymbol(list[j],opc,true) k=k+1 break end
            end
            if k>=#list then break end
        end
		if opc:find('],') then
            opc=opc:sub(opc:find("%[")+1,opc:find("]")-1)
            if tonumber(opc,16) then
              local currentaddress, classaddress, classname=mono_object_findRealStartOfObject(readPointer(opc))
              for j=1,#list do
                if classname==list[j] then unregisterSymbol(list[j]) registerSymbol(list[j],opc,true) k=k+1 break end
              end
              if k>=#list then break end
            end
        end
		i=i+getInstructionSize(Address+i)
	end
end
Image



Class searching

return a list of classes that contain that name

Code: Select all

function mono_find_classes(namespace,classname)
	local ass=mono_enumAssemblies()
	local classes,k={},1
	if string.find(classname,':') then parent=classname:sub(1,string.find(classname,':')-1) classname=classname:sub(string.find(classname,':')+1,classname:len()) end
	if ass==nil then return nil end
	for i=1, #ass do
		if monopipe==nil then print('mono not active...')return 0 end
		local c=mono_image_enumClasses(mono_getImageFromAssembly(ass[i]))
		if c then
			local j
			for j=1, #c do
				if c[j].namespace==namespace and string.find(c[j].classname,classname) then classes[k]=c[j] k=k+1 end
			end
		end
	end
    return classes
end


good for finding struct that has the same name as class or "class in class", by providing field name or field type name

Code: Select all

function mono_findClassWithField(namespace,classname,fieldname,fieldtypename)
  local class=mono_find_classes(namespace,classname)
  for i=1,#class do
    local fields =mono_class_enumFields(class[i].class,true)
    for j=1,#fields do
      if fieldname and fieldname==fields[j].name then return class[i].class end
      if fieldtypename and fieldtypename==fields[j].typename then return class[i].class end
    end
  end
end


function/method searching

return a list of methods that have the same name inside that class...also work for method that reside inside "class in class"

Code: Select all

function mono_findMethods(namespace,classname,methodname)
    if not namespace then namespace='' end
	local class=mono_find_classes(namespace,classname)
	local result,m,methods={},1
	for i=1,#class do
        methods = mono_class_enumMethods(class[i].class,false)
		for l,v in ipairs(methods) do if v.name==methodname then result[m]=v.method m=m+1 end  end
	end
	return result
end



return a method that has the highest score according to filter set... work for finding overloaded method...
you can put printall as true to print all the method's signature found, so you know the format...

Code: Select all

function mono_findMethodBySignature(classname,methodname,paramtype,paramname,rettype,printall)
  local methods=mono_findMethods(classname,methodname)
  local score,result,ptype,pname,rtype,j={}
  if #methods==0 then return nil end
  for i=1,#methods do
    score[i]=0
    ptype,pname,rtype=mono_method_getSignature(methods[i])
    if printall then
      print('\n'..i..'.'..ptype..'\n{')
      for k=1,#pname do
        print('  '..pname[k])
      end
      print('}\n'..rtype)
    end
    if paramtype and paramtype==ptype then score[i]=score[i]+1 end
    if paramname and type(paramname)==type({}) then
      if #paramname==#pname then score[i]=score[i]+1 end
      for j=1,#paramname do
        if paramname[j]==pname[j] then score[i]=score[i]+1 end
      end
    end
    if rettype and rettype==rtype then score[i]=score[i]+1 end
    if not result and score[i]>0 then result=i
    elseif result and score[i]>score[result] then result=i end
  end
  if result then result=methods[result] end
  return result
end



return the method's compile address as hexadecimal string

Code: Select all

function mono_compile_methodS(method)
  local address=mono_compile_method(method)
  if not address then return address end
  return string.format('%X',address)
end


Dissect Structure

Creating dissect structure for use in script & table so when offset change when the game update, you dont have to update your table...

will dump all members for that class/struct

Code: Select all

function monocreatestruct(namespace,classname)
  local struct=isStructExist(classname)
  if struct then struct:Destroy() end
  local fields =mono_class_enumFields(mono_findClass(namespace,classname),true)
  local struct=createStructure(classname)
  struct.beginUpdate()
  for n=1,#fields do
    local e=struct.addElement()
    e.Offset=fields[n].offset
    e.Name=fields[n].name
    e.Vartype=monoTypeToVarType(fields[n].monotype)
  end
  struct.endUpdate()
  struct.addToGlobalStructureList()
end

function monocreatestructC(class)
  local classname=mono_class_getName(class)
  local struct=isStructExist(classname)
  if struct then struct:Destroy() end
  local fields =mono_class_enumFields(class,true)
  local struct=createStructure(classname)
  struct.beginUpdate()
  for n=1,#fields do
    local e=struct.addElement()
    e.Offset=fields[n].offset
    e.Name=fields[n].name
    e.Vartype=monoTypeToVarType(fields[n].monotype)
  end
  struct.endUpdate()
  struct.addToGlobalStructureList()
end



Code injection/ function/method manipulating...

Since, mono use jit compilation, this function is written to be just like jit compilation,lol, which not like the static way,
this function calculate the bytes need to replace for jump & its nop & save the instruction & bytes prior replacing...
So, automatic stuff...
Dont know how reliable it is...

Code: Select all

function getInsForJump(address,registername,destination,allocsize,SharedMemoryName)
  address = getAddressSafe(address)
  if not address then error('getInsForJump address nil') return end
  if not allocsize then allocsize=4096 end
  destination=getAddressSafe(destination)
  if not destination then
	if not SharedMemoryName then destination = allocateMemory(allocsize,address)
	else destination = allocateSharedMemory(SharedMemoryName,allocsize) end
  end
  local size = (address+5-destination>0x7FFFFFFF) and 14 or 5
  if registername then
	unregisterSymbol(registername)
	registerSymbol(registername,destination,true)
  end
  local opcodes = {}
  local i = 0
  while(i<size) do
    local ext, opc=splitDisassembledString(disassemble(address+i))
    opcodes[#opcodes+1] = opc
    i=i+getInstructionSize(address+i)
  end
  local copy = table.concat(opcodes,'\r\n')
  local readAsTable = true
  local byt = readBytes(address,i,readAsTable)
  for j=1,#byt do byt[j] = ('%02X'):format(byt[j]) end
  local bytes = table.concat(byt, ' ')
  return i,copy,bytes,size,destination
end

function enablescript(name,registername,addressname,script,disable)
    local address=getAddress(addressname)
    if disable then script=(script):format(address,registername,readBytes(registername,1))
    else
        local i,copy,bytes,size =getInsForJump(address,name)
        script=(script):format(registername, registername, name, copy, registername, i, bytes, address)..string.rep('nop\n',i-size)..'returnhere:'
    end
    local success,erro=autoAssembleCheck(script)
    if not success then print('\n'..erro..'\n')
      local scriptstr=createStringlist()scriptstr.Text=script
      for j=0,scriptstr.Count-1 do print(string.format('%u\t%s',j+1,scriptstr[j])) end
      if not disable then deAlloc(name)unregisterSymbol(name)end
      error(name..' autoAssemble failed')
    end
    autoAssemble(script)
    if disable then deAlloc(name)unregisterSymbol(name)unregisterSymbol(registername)end
end

template:

Code: Select all

[ENABLE]
enablescript('symbol_name_for_allocate_address','symbol_name_for_saved_original_bytes','hook_address',[[
label(newmem)
label(returnhere)
label(%s)
registersymbol(%s)

%s:
newmem:

//your code here

%s  //<--original code

//or code here

jmp returnhere

%s:
db %X %s
%X:
jmp newmem
]])

[DISABLE]
enablescript('symbol_name_for_allocate_address','symbol_name_for_saved_original_bytes','hook_address',[[
%X:
readmem(%s+1,%u)
]],true)



Just a function to run AA script inside Lua script with error printing,lol....

Code: Select all

function AAscript(script)
  local success,erro=autoAssembleCheck(script)
  if not success then
    print('\n'..erro..'\n')
    local scriptstr=createStringlist()scriptstr.Text=script
    for j=0,scriptstr.Count-1 do print(string.format('%u\t%s',j+1,scriptstr[j])) end
    error('autoAssemble failed')
  end
  autoAssemble(script)
end



I use this instead of aobscan, because although the instruction opcode is the same, the bytes will probably change every time jit compilation occur...

Code: Select all

function findOpcodes(address,opcode,size)
  if not size then size=0x50 end
  address=getAddressSafe(address)
  if not address then return nil end
  local addr={}
  local i=0
  local j=1
  while(i<size) do
    local ext, opc, byt, add=splitDisassembledString(disassemble(address+i))
    if string.find(opc,opcode) then
      addr[j]=address+i
      j=j+1
    end
    i=i+getInstructionSize(address+i)
  end
  return addr
end

index Disassemble, I use this when ever I want to make a call hook, because making a call hook from pre-function will most likely crash the game...

Code: Select all

function indexdism(Address)
  Address=getAddressSafe(Address)
  if not Address then return nil end
  size=0x100
  local addr={}
  local i=0
  local j=1
  while(i<size) do
    addr[j]={}
    addr[j].ext, addr[j].opc, addr[j].byt, addr[j].add=splitDisassembledString(disassemble(Address+i))
    j=j+1
	i=i+getInstructionSize(Address+i)
  end
  return addr
end
Welp, Good Luck,then :roll:

User avatar
mochongli
Expert Cheater
Expert Cheater
Posts: 83
Joined: Wed Apr 22, 2020 7:36 pm
Reputation: 86

Re: CE Lua Mono Code Repository

Post by mochongli »

This makes it easy to create train even for java games
--ce lua

User avatar
Dread_Pony_Roberts
Fearless Donors
Fearless Donors
Posts: 515
Joined: Sun Dec 09, 2018 8:46 am
Reputation: 344

Re: CE Lua Mono Code Repository

Post by Dread_Pony_Roberts »

Thanks a lot for this. the disable/enable mono is exactly what I've been looking for. Now I don't need to use cheap bypass methods to get around the freeze on exit game issue.

Y.A.K.E
Noobzor
Noobzor
Posts: 7
Joined: Sat Sep 07, 2019 4:26 am
Reputation: 0

Re: CE Lua Mono Code Repository

Post by Y.A.K.E »

How to hack this game?



'mono_printAllStaticfrom' not working.
I don't know how to use it.

Code: Select all

monocreatestruct('Unliving.Player','PlayerBehaviour')

findAddress('LocalPlayer',1,'Unliving.Player.PlayerBehaviour:.ctor')

print(string.format('%08X',getAddress('LocalPlayer')))
print(string.format('%08X',getAddress('[LocalPlayer]')))
print(readFloat(string.format('%08X',getAddress('[LocalPlayer]+PlayerBehaviour.currentStamina'))))


LocalPlayer is not a true address.

Can you help me, thank you.

User avatar
LeFiXER
Expert Cheater
Expert Cheater
Posts: 297
Joined: Wed Mar 24, 2021 9:35 am
Reputation: 121

Re: CE Lua Mono Code Repository

Post by LeFiXER »

Y.A.K.E wrote:
Fri Jan 14, 2022 1:44 pm
How to hack this game?



'mono_printAllStaticfrom' not working.
I don't know how to use it.

Code: Select all

monocreatestruct('Unliving.Player','PlayerBehaviour')

findAddress('LocalPlayer',1,'Unliving.Player.PlayerBehaviour:.ctor')

print(string.format('%08X',getAddress('LocalPlayer')))
print(string.format('%08X',getAddress('[LocalPlayer]')))
print(readFloat(string.format('%08X',getAddress('[LocalPlayer]+PlayerBehaviour.currentStamina'))))


LocalPlayer is not a true address.

Can you help me, thank you.
You should really create your own thread with your own questions rather than hijack a thread that doesn't really pertain to your query. Also, the game you want to hack hasn't released yet; despite there being a demo available, there could be many changes between now and the official release date.

Post Reply

Who is online

Users browsing this forum: No registered users