Начинающий
Начинающий
- Статус
- Оффлайн
- Регистрация
- 22 Июн 2025
- Сообщения
- 16
- Реакции
- 1
То есть вот сам код с декриптами:
#include "features.h"
#include <algorithm>
#include <vector>
#include <string>
#include <cmath>
#include <map>
#include <unordered_map>
#include <unordered_set>
#include <cctype>
#include <Windows.h>
#include <iostream>
using namespace std;
#ifndef M_PI
#define M_PI 3.14159265358979323846f
#endif
namespace decrypt {
inline bool BIT_TEST(uint64_t mask, int bit) {
return (mask >> bit) & 1;
}
inline uintptr_t get_gchandle_target(uint32_t ObjectHandleID) {
uint64_t rdi_1 = ((uint64_t)(ObjectHandleID >> 3));
uint64_t rcx_1 = ((uint64_t)((ObjectHandleID & 7) - 1));
uint64_t baseAddr = mem::game_assembly +offsets::il2cpphandle + 0x28 * rcx_1;
uint32_t limit = mem::read<uint32_t>(baseAddr + 0x10);
if (rdi_1 < limit)
{
uint64_t objAddr = mem::read<uint64_t>(baseAddr);
uint64_t bitMask = mem::read<uint64_t>(objAddr + ((rdi_1 >> 5) << 2));
if (BIT_TEST(bitMask, rdi_1 & 0x1f))
{
uint64_t ObjectArray = mem::read<uint64_t>(baseAddr + 0x8) + (rdi_1 << 3);
if (mem::read<uint8_t>(baseAddr + 0x14) > 1)
{
return mem::read<uintptr_t>(ObjectArray);
}
else
{
uint32_t eax = mem::read<uint32_t>(ObjectArray);
eax = ~eax;
return eax;
}
}
}
return 0;
}
uintptr_t client_entities(uintptr_t clientEntitiesAddr) {
if (!clientEntitiesAddr) return 0;
if (mem::read<uint8_t>(clientEntitiesAddr + 0x10)) {
uint32_t data[2];
data[0] = mem::read<uint32_t>(clientEntitiesAddr + 0x18);
data[1] = mem::read<uint32_t>(clientEntitiesAddr + 0x1C);
for (int i = 0; i < 2; i++) {
uint32_t v5 = data;
uint32_t temp = (v5 ^ 0xBBE99AB1) + 0x281C8867;
uint32_t rolled = (temp << 0x1C) | (temp >> 4);
data = rolled - 0x18ACDD64;
}
uint64_t final_handle = *(uint64_t*)data;
return get_gchandle_target(final_handle);
}
return 0;
}
}
void log(string name, uintptr_t ptr) {
cout << name << ": 0x" << hex << ptr << endl;
}
void features::features() {
auto baseNetworkable = mem::read<uintptr_t>(mem::game_assembly + offsets::basenetworkable);
auto static_fields = mem::read<uintptr_t>(baseNetworkable + 0xb8);
auto client_entities = mem::read<uintptr_t>(static_fields + 0x20);
log("client_entities", client_entities);
auto entity_list = decrypt::client_entities(client_entities);
log("entity_list", entity_list);
}
Вот дамп в ida:
clientEntities:
sub_10B4250 (crypt):
__int64 __fastcall sub_10B4250(__int64 a1, __int64 a2, __int64 a3)
{
__int64 v3; // rdi
int v5; // eax
bool v6; // zf
signed __int64 v7; // rcx
__int64 target; // rax
__int64 v9; // rcx
__int64 v10; // rbp
__int64 v11; // rdi
__int64 v12; // rsi
int v13; // eax
signed __int64 v14; // rcx
__int64 v16; // rax
__int64 v17; // rbx
__int64 v18; // rax
__int64 v19; // rax
signed __int32 v20[8]; // [rsp+0h] [rbp-48h] BYREF
__int128 v21; // [rsp+20h] [rbp-28h] BYREF
signed __int64 v22; // [rsp+50h] [rbp+8h] BYREF
v3 = a2;
if ( !*(_QWORD *)(a2 + 0x38) )
{
sub_6E0450(&unk_DD71330);
_InterlockedOr(v20, 0);
sub_6E0450(&unk_DD71338);
_InterlockedOr(v20, 0);
if ( !*(_QWORD *)(v3 + 0x38) )
sub_660B70(v3);
}
if ( !a1 )
sub_655380(a1, a2, a3);
if ( *(_BYTE *)(a1 + 0x10) )
{
a2 = (__int64)&v21;
LODWORD(a3) = 2;
v21 = *(_OWORD *)(a1 + 0x18);
do
{
v5 = *(_DWORD *)a2;
a2 += 4i64;
*(_DWORD *)(a2 - 4) = ((((v5 ^ 0xBBE99AB1) + 0x281C8867) << 0x1C) | (((v5 ^ 0xBBE99AB1) + 0x281C8867) >> 4))
- 0x18ACDD64;
v6 = (_DWORD)a3 == 1;
a3 = (unsigned int)(a3 - 1);
}
while ( !v6 );
v7 = v21;
}
else
{
v7 = 0i64;
}
v22 = v7;
if ( !v7 )
return 0i64;
target = j_il2cpp_gchandle_get_target(v7, a2, a3);
v9 = *(_QWORD *)(v3 + 0x38);
v10 = target;
v11 = *(_QWORD *)(v9 + 8);
if ( (*(_BYTE *)(v11 + 0x135) & 1) == 0 )
v11 = sub_660AF0(*(_QWORD *)(v9 + 8));
if ( v10 )
{
v12 = sub_673B00(v10, v11);
if ( !v12 )
sub_655C00(v10, v11);
}
else
{
v12 = 0i64;
}
v13 = *(_DWORD *)(a1 + 0x28) + 1;
*(_DWORD *)(a1 + 0x28) = v13;
if ( v13 >= 0x3E8 )
{
*(_DWORD *)(a1 + 0x28) = 0;
sub_94FD7F0(v12, 2i64);
v14 = v22;
if ( !v22 || _InterlockedCompareExchange64(&v22, 0i64, v22) != v14 )
{
v16 = sub_654F50(&qword_DDEE5C0);
v17 = sub_655330(v16);
v18 = sub_654F50(&unk_DDFE7A0);
sub_9641050(v17, v18, 0i64);
v19 = sub_654F50(&unk_DDFE7A8);
sub_655340(v17, v19);
}
il2cpp_gchandle_free_0();
}
return v12;
}
j_il2cpp_gchandle_get_target:
__int64 __fastcall j_il2cpp_gchandle_get_target(unsigned int a1)
{
__int64 v1; // rbx
il2cpp_baselib *v2; // rcx
__int64 v3; // rsi
char *v4; // rdi
__int64 CurrentThreadId; // rbp
int v7; // r8d
int v8; // ecx
__int64 v9; // rsi
__int64 v10; // rax
__int64 v11; // rax
v1 = a1 >> 3;
v2 = (il2cpp_baselib *)((a1 & 7) - 1);
v3 = 0i64;
v4 = (char *)&unk_E0E3260 + 0x28 * (_QWORD)v2;
if ( (unsigned int)v2 > 3 )
return 0i64;
CurrentThreadId = il2cpp_baselib::Baselib_Thread_GetCurrentThreadId(v2);
if ( CurrentThreadId == qword_E0E6DD8 )
{
v7 = dword_E0E6DE0 + 1;
}
else
{
if ( _InterlockedExchangeAdd(&dword_E0E6D98, 0xFFFFFFFF) <= 0 )
il2cpp_baselib::Baselib_SystemSemaphore_Acquire(qword_E0E6D90);
qword_E0E6DD8 = CurrentThreadId;
v7 = 1;
}
dword_E0E6DE0 = v7;
if ( (unsigned int)v1 < *((_DWORD *)v4 + 4) )
{
v8 = *(_DWORD *)(*(_QWORD *)v4 + 4 * ((unsigned __int64)(unsigned int)v1 >> 5));
if ( _bittest(&v8, v1 & 0x1F) )
{
v9 = 8 * v1;
v10 = *((_QWORD *)v4 + 1);
if ( (unsigned __int8)v4[0x14] > 1u )
{
v3 = *(_QWORD *)(v9 + v10);
}
else
{
v11 = sub_6C55B0(v9 + v10);
v7 = dword_E0E6DE0;
v3 = v11;
}
}
}
if ( v7 > 0 )
{
if ( v7 == 1 )
{
qword_E0E6DD8 = 0i64;
dword_E0E6DE0 = 0;
sub_651150(&qword_E0E6D90);
return v3;
}
dword_E0E6DE0 = v7 - 1;
}
return v3;
}
Оффсеты забыл скинуть:
constexpr auto basenetworkable = 0xDD79970;
constexpr auto il2cpphandle = 0xE0E3260;
И в лог выводит только адрес clientEntities
#include "features.h"
#include <algorithm>
#include <vector>
#include <string>
#include <cmath>
#include <map>
#include <unordered_map>
#include <unordered_set>
#include <cctype>
#include <Windows.h>
#include <iostream>
using namespace std;
#ifndef M_PI
#define M_PI 3.14159265358979323846f
#endif
namespace decrypt {
inline bool BIT_TEST(uint64_t mask, int bit) {
return (mask >> bit) & 1;
}
inline uintptr_t get_gchandle_target(uint32_t ObjectHandleID) {
uint64_t rdi_1 = ((uint64_t)(ObjectHandleID >> 3));
uint64_t rcx_1 = ((uint64_t)((ObjectHandleID & 7) - 1));
uint64_t baseAddr = mem::game_assembly +offsets::il2cpphandle + 0x28 * rcx_1;
uint32_t limit = mem::read<uint32_t>(baseAddr + 0x10);
if (rdi_1 < limit)
{
uint64_t objAddr = mem::read<uint64_t>(baseAddr);
uint64_t bitMask = mem::read<uint64_t>(objAddr + ((rdi_1 >> 5) << 2));
if (BIT_TEST(bitMask, rdi_1 & 0x1f))
{
uint64_t ObjectArray = mem::read<uint64_t>(baseAddr + 0x8) + (rdi_1 << 3);
if (mem::read<uint8_t>(baseAddr + 0x14) > 1)
{
return mem::read<uintptr_t>(ObjectArray);
}
else
{
uint32_t eax = mem::read<uint32_t>(ObjectArray);
eax = ~eax;
return eax;
}
}
}
return 0;
}
uintptr_t client_entities(uintptr_t clientEntitiesAddr) {
if (!clientEntitiesAddr) return 0;
if (mem::read<uint8_t>(clientEntitiesAddr + 0x10)) {
uint32_t data[2];
data[0] = mem::read<uint32_t>(clientEntitiesAddr + 0x18);
data[1] = mem::read<uint32_t>(clientEntitiesAddr + 0x1C);
for (int i = 0; i < 2; i++) {
uint32_t v5 = data;
uint32_t temp = (v5 ^ 0xBBE99AB1) + 0x281C8867;
uint32_t rolled = (temp << 0x1C) | (temp >> 4);
data = rolled - 0x18ACDD64;
}
uint64_t final_handle = *(uint64_t*)data;
return get_gchandle_target(final_handle);
}
return 0;
}
}
void log(string name, uintptr_t ptr) {
cout << name << ": 0x" << hex << ptr << endl;
}
void features::features() {
auto baseNetworkable = mem::read<uintptr_t>(mem::game_assembly + offsets::basenetworkable);
auto static_fields = mem::read<uintptr_t>(baseNetworkable + 0xb8);
auto client_entities = mem::read<uintptr_t>(static_fields + 0x20);
log("client_entities", client_entities);
auto entity_list = decrypt::client_entities(client_entities);
log("entity_list", entity_list);
}
Вот дамп в ida:
clientEntities:
sub_10B4250 (crypt):
__int64 __fastcall sub_10B4250(__int64 a1, __int64 a2, __int64 a3)
{
__int64 v3; // rdi
int v5; // eax
bool v6; // zf
signed __int64 v7; // rcx
__int64 target; // rax
__int64 v9; // rcx
__int64 v10; // rbp
__int64 v11; // rdi
__int64 v12; // rsi
int v13; // eax
signed __int64 v14; // rcx
__int64 v16; // rax
__int64 v17; // rbx
__int64 v18; // rax
__int64 v19; // rax
signed __int32 v20[8]; // [rsp+0h] [rbp-48h] BYREF
__int128 v21; // [rsp+20h] [rbp-28h] BYREF
signed __int64 v22; // [rsp+50h] [rbp+8h] BYREF
v3 = a2;
if ( !*(_QWORD *)(a2 + 0x38) )
{
sub_6E0450(&unk_DD71330);
_InterlockedOr(v20, 0);
sub_6E0450(&unk_DD71338);
_InterlockedOr(v20, 0);
if ( !*(_QWORD *)(v3 + 0x38) )
sub_660B70(v3);
}
if ( !a1 )
sub_655380(a1, a2, a3);
if ( *(_BYTE *)(a1 + 0x10) )
{
a2 = (__int64)&v21;
LODWORD(a3) = 2;
v21 = *(_OWORD *)(a1 + 0x18);
do
{
v5 = *(_DWORD *)a2;
a2 += 4i64;
*(_DWORD *)(a2 - 4) = ((((v5 ^ 0xBBE99AB1) + 0x281C8867) << 0x1C) | (((v5 ^ 0xBBE99AB1) + 0x281C8867) >> 4))
- 0x18ACDD64;
v6 = (_DWORD)a3 == 1;
a3 = (unsigned int)(a3 - 1);
}
while ( !v6 );
v7 = v21;
}
else
{
v7 = 0i64;
}
v22 = v7;
if ( !v7 )
return 0i64;
target = j_il2cpp_gchandle_get_target(v7, a2, a3);
v9 = *(_QWORD *)(v3 + 0x38);
v10 = target;
v11 = *(_QWORD *)(v9 + 8);
if ( (*(_BYTE *)(v11 + 0x135) & 1) == 0 )
v11 = sub_660AF0(*(_QWORD *)(v9 + 8));
if ( v10 )
{
v12 = sub_673B00(v10, v11);
if ( !v12 )
sub_655C00(v10, v11);
}
else
{
v12 = 0i64;
}
v13 = *(_DWORD *)(a1 + 0x28) + 1;
*(_DWORD *)(a1 + 0x28) = v13;
if ( v13 >= 0x3E8 )
{
*(_DWORD *)(a1 + 0x28) = 0;
sub_94FD7F0(v12, 2i64);
v14 = v22;
if ( !v22 || _InterlockedCompareExchange64(&v22, 0i64, v22) != v14 )
{
v16 = sub_654F50(&qword_DDEE5C0);
v17 = sub_655330(v16);
v18 = sub_654F50(&unk_DDFE7A0);
sub_9641050(v17, v18, 0i64);
v19 = sub_654F50(&unk_DDFE7A8);
sub_655340(v17, v19);
}
il2cpp_gchandle_free_0();
}
return v12;
}
j_il2cpp_gchandle_get_target:
__int64 __fastcall j_il2cpp_gchandle_get_target(unsigned int a1)
{
__int64 v1; // rbx
il2cpp_baselib *v2; // rcx
__int64 v3; // rsi
char *v4; // rdi
__int64 CurrentThreadId; // rbp
int v7; // r8d
int v8; // ecx
__int64 v9; // rsi
__int64 v10; // rax
__int64 v11; // rax
v1 = a1 >> 3;
v2 = (il2cpp_baselib *)((a1 & 7) - 1);
v3 = 0i64;
v4 = (char *)&unk_E0E3260 + 0x28 * (_QWORD)v2;
if ( (unsigned int)v2 > 3 )
return 0i64;
CurrentThreadId = il2cpp_baselib::Baselib_Thread_GetCurrentThreadId(v2);
if ( CurrentThreadId == qword_E0E6DD8 )
{
v7 = dword_E0E6DE0 + 1;
}
else
{
if ( _InterlockedExchangeAdd(&dword_E0E6D98, 0xFFFFFFFF) <= 0 )
il2cpp_baselib::Baselib_SystemSemaphore_Acquire(qword_E0E6D90);
qword_E0E6DD8 = CurrentThreadId;
v7 = 1;
}
dword_E0E6DE0 = v7;
if ( (unsigned int)v1 < *((_DWORD *)v4 + 4) )
{
v8 = *(_DWORD *)(*(_QWORD *)v4 + 4 * ((unsigned __int64)(unsigned int)v1 >> 5));
if ( _bittest(&v8, v1 & 0x1F) )
{
v9 = 8 * v1;
v10 = *((_QWORD *)v4 + 1);
if ( (unsigned __int8)v4[0x14] > 1u )
{
v3 = *(_QWORD *)(v9 + v10);
}
else
{
v11 = sub_6C55B0(v9 + v10);
v7 = dword_E0E6DE0;
v3 = v11;
}
}
}
if ( v7 > 0 )
{
if ( v7 == 1 )
{
qword_E0E6DD8 = 0i64;
dword_E0E6DE0 = 0;
sub_651150(&qword_E0E6D90);
return v3;
}
dword_E0E6DE0 = v7 - 1;
}
return v3;
}
Оффсеты забыл скинуть:
constexpr auto basenetworkable = 0xDD79970;
constexpr auto il2cpphandle = 0xE0E3260;
И в лог выводит только адрес clientEntities
