Achievement Unlockers

[vlerkzicht]

Hey guys,

I'm trying to reverse engineer a lua script from a Hollow Knight achievement unlocker:

[ENABLE]
{$lua}
if (syntaxcheck) then return end
mono_invoke_method(nil, mono_findMethod('','GameManager', 'AwardAchievement'), getAddress('[baseAddress]-1A0'), {{type = vtString, value = "ASCENSION"}})
{$asm}
[DISABLE]

I've found everything I need for the game I'm hacking (Mundaun), but I don't understand what is being referenced by this code:
getAddress('[baseAddress]-1A0'

ChatGPT tells me to JIT from the 'GameManager' class to find the base address of that class, but JIT is greyed on that class. Can someone help me point out what I'm looking for here?

[aSwedishMagyar]

Maybe check out the documentation for mono_invoke_method. Then you would see that it needs the class instance as the third parameter which is what getAddress('[baseAddress]-1A0') is referencing. That also is what ChatGPT is telling you although it doesn't know what your mono_invoke_method is.

[vlerkzicht]

I think I understand what the original script was trying to do with the "Enable Achievement Unlocker" script; as I understand it you use a method in the same class as the "Unlock" method which triggers regularly (GameManager:IncreaseGameTimer+65 in this case), mostly so the value is easier to find rather than actually having to unlock an achievement, if I'm not mistaken? The script writes back this address into a stored value, which is then used as the parameter for getAddress. What I don't understand is how you can get the "-1A0" offset out of this, can you give me some more details on what I need to do here?

I've been trying break and trace on a method which is tied to the same class as my unlocker, but it keeps pointing me to the same instruction in the memory viewer. I'm a bit lost and out of my depth

I've read a bit about mono_invoke_method functionality on fearlessrevolution.org like you said: "In unity games "Update" methods are your best friend to get the base address of the class, which is the instance address you will need to pass to mono_invoke_method then", so I think I'm in the right direction on the first part, but it's so hard to find specific info about this.

[imjustmaxie]

In Unity, Update methods are basically methods that constantly access, most of the time.
and in this case, GameManager:Update, RCX is the instance address of GameManager.

In Cheat Engine 7.5, mono_invoke_method doesn't use the first parameter at all, so you can put whatever the heck you want.
there's also mono_invoke_method_dialog, where you don't need to put any param strings. It will pop up a dialog where you can put the string itself, that's easier for debugging test.

You can test this in Lua Engine:

Code: Select all

local addy = 0xHEX_ADDRESS_HERE
local mtd = mono_findMethod('','GameManager', 'AwardAchievement')
mono_invoke_method_dialog(_,mtd,addy)

You can then just input the string value like e.g ASCENSION in the string value box and invoke it.