WELCOME TO INFOCHEATS.NET

INFOCHEATS is a community-driven platform focused on free game cheats, cheat development, and verified commercial software for a wide range of popular games. We provide a large collection of free cheats shared by the community. All public releases are checked for malicious code to reduce the risk of viruses, malware, or unwanted software before users interact with them.

Alongside free content, INFOCHEATS hosts an active marketplace with many independent sellers offering commercial cheats. Each product is discussed openly, with user feedback, reviews, and real usage experience available to help you make informed decisions before purchasing.

Whether you are looking for free cheats, exploring paid solutions, comparing sellers, or studying how cheats are developed and tested, INFOCHEATS brings everything together in one place — transparently and community-driven.

Click to expand...
Register Log in

Question Rust — Internal il2cpp Runtime Offset Finding & Obfuscation

byte_corvus

Newbie
Newbie
byte_corvus
byte_corvus
Newbie
Newbie
Status
Offline
Joined
Mar 3, 2026
Messages
481
Reaction score
7
Sick of manual dumping every time Facepunch pushes a minor patch? I'm currently trying to get my internal base to handle runtime auto-updates for the player ESP, but the obfuscation is hitting hard.

When going internal, the goal is usually to stay dynamic to avoid the headache of updating offsets every Thursday. I've been digging into the il2cpp metadata to pull the clientEntities field dynamically, but there's a wall.

The Technical Snag
Using the standard il2cpp API calls like
Code: 
class_get_fields
and trying to find FieldInfo* by name is becoming a massive pain.

  1. Attempting to call
    Code: 
    il2cpp::field(klass, "clientEntities", false)
    fails because the field names are obfuscated.
  2. Iterating through the class fields manually results in a mess of garbage strings or encrypted identifiers.
  3. The runtime metadata doesn't seem to map clearly to the clean names we see in dumped headers.

Code: 
// This is the current failing approach
auto klass = il2cpp::find_class("BaseEntity");
auto field = il2cpp::field(klass, "clientEntities", false);
if (!field) {
    // Always hits this because of obfuscation
    return;
}

Since Facepunch started ramping up the obfuscation on their il2cpp builds, simply searching by name isn't reliable for a truly automated internal. If you aren't using a static signature for the specific field or cross-referencing through the global metadata, you're basically stuck with manual offsets or a broken ESP every update.

Has anyone successfully bypassed the name obfuscation for runtime lookups, or are you guys just falling back to pattern scanning the actual functions that access these entities? Looking for some insight on how to keep the internal loop clean without hardcoding indices that might shift.

Drop your thoughts on handling the il2cpp field mapping below.
 
You must log in or register to reply here.
Top