Page 1 of 1

Unity Engine : Universal Background Unlocker

Posted: Thu Dec 05, 2019 10:48 pm
by cfemen
Hey,

it bothered me a lot that unity games are always pause the complete process if the game is not focused.
maybe some table makers here can relate that, almost every unity game stops when you tab out to cheat engine or doing something else while the game loads...

i have created 2 scripts that should work as "universal background unlocker" :)
activate mono - execute the x64 or x86 script -> focus the game for a sec -> deactivate script and game should run in background.

if you want to reverse it:
push 0 for x86
mov ecx,0 for x64

X86:

Code: Select all

[ENABLE]
aobscanregion(activate,UnityEngine:Application:set_runInBackground,UnityEngine:Application:set_runInBackground+5,55)
aobscanregion(aobMono86,UnityEngine:Camera:get_clearFlags,UnityEngine:Camera:get_clearFlags+100,E8 ** ** ** ** **) // should be unique
alloc(newmem,$1000,aobMono86)

label(code)
label(return)

alloc(orig,5)
registersymbol(orig)

orig:
readmem(aobMono86,5)

newmem:

code:
  reassemble(aobMono86)
  mov eax,"UnityEngine:Application:set_runInBackground"
  push 1
  call eax
  pop eax
  jmp return

aobMono86:
  jmp newmem
return:
registersymbol(aobMono86)

[DISABLE]

aobMono86:
  readmem(orig,5)

unregistersymbol(aobMono86)
dealloc(newmem)
X64:

Code: Select all

[ENABLE]
aobscanregion(activate,UnityEngine:Application:set_runInBackground,UnityEngine:Application:set_runInBackground+5,55)
aobscanregion(aobMono64,UnityEngine:Camera:get_clearFlags,UnityEngine:Camera:get_clearFlags+100,0F 84 ** ** ** ** **) // should be unique
alloc(newmem,$1000,aobMono64)

label(code)
label(return)

alloc(orig64,6)
registersymbol(orig64)

orig64:
readmem(aobMono64,6)

newmem:

code:
  reassemble(aobMono64)
  mov ecx,1
  mov r11,"UnityEngine:Application:set_runInBackground"
  call r11
  jmp return

aobMono64:
  jmp newmem
  nop
return:
registersymbol(aobMono64)

[DISABLE]

aobMono64:
  readmem(orig64,6)

unregistersymbol(aobMono64)
dealloc(newmem)
thats it, maybe someone can need it :)
i tested it on 10+ unity games and it always worked

Edit:

i also did a script for IL2CPP Unity games :)

tested on 3 IL2CPP games now, and it worked perfectly.

note : script needs to stay activated

Code: Select all

aobscanmodule(aobILBackg,UnityPlayer.dll,E8 ** ** ** ** 48 85 C0 75 05 48 83 C4 28 C3 E8 ** ** ** ** 48 85 C0) 

aobILBackg+08:
  db 90 90
registersymbol(aobILBackg)

[DISABLE]

aobILBackg+08:
  db 75 05

unregistersymbol(aobILBackg)

Re: Unity Engine : Universal Background Unlocker

Posted: Fri Dec 06, 2019 1:40 pm
by GreenHouse
This is amazing. It will surely be of so much help. Thanks :D

Re: Unity Engine : Universal Background Unlocker

Posted: Tue Dec 10, 2019 9:20 pm
by Chiados
Niiice. Thanks a lot for this :D

Re: Unity Engine : Universal Background Unlocker

Posted: Wed Dec 11, 2019 1:19 am
by JohnFK
Why so complicated when you can just call it directly? (Need to mouse hover game window once after activating when its currently paused)

Code: Select all

{$lua}
local method = mono_findMethod('UnityEngine', 'Application', 'set_runInBackground')
local domain = mono_enumDomains()[1]
local args={}
args[1]={}
args[1].type=vtByte
args[1].value=1
mono_invoke_method(domain, method, 0, args)
{$asm}

Re: Unity Engine : Universal Background Unlocker

Posted: Thu Dec 26, 2019 8:49 pm
by cfemen
JohnFK wrote:
Wed Dec 11, 2019 1:19 am
Why so complicated when you can just call it directly? (Need to mouse hover game window once after activating when its currently paused)

Code: Select all

{$lua}
local method = mono_findMethod('UnityEngine', 'Application', 'set_runInBackground')
local domain = mono_enumDomains()[1]
local args={}
args[1]={}
args[1].type=vtByte
args[1].value=1
mono_invoke_method(domain, method, 0, args)
{$asm}
nice!
i really didnt know that i can find a mono method and call it with lua

///

updated the main post with a script for IL2CPP games.

if someone is interested how it works:
Application.runInBackground writes to PlayerSettings
GetPlayerShouldRunInBackground reads from GetPlayerSetting

script injects at UnityPlayer.GetPlayerShouldRunInBackground and kills the jump check = always true.

i tested the script on 3 unity games with IL2CPP and own builds with unity version 2018,2019,2020
it always worked :)