gum_memory_patch_code causes EXC_BAD_ACCESS (code=2) on jailbroken iOS 16.5

[HMaker]

I am trying to use gum_memory_patch_code() to patch a single instruction of some binary function loaded from a shared library (dylib) I manually opened with dlopen(), but it's causing EXC_BAD_ACCESS at gum_arm64_writer_put_instruction().

I checked the address of the EXC_BAD_ACCESS, it's the correct one, the disassemble (di -s address in LLDB) shows the correct instruction to be patched.

I also tried to manually set the address writable with gum_try_mprotect(address, 4, GUM_PAGE_RWX), it succeeds but gum_arm64_writer_put_instruction() stiil fails with EXC_BAD_ACCESS.

I am trying to replace a bl by a mov, both instructions are 4 byte wide.

I am using frida-gum-devkit-16.1.7-ios-arm64. The jailbroken device is a iPhone 8.

[HMaker]

Nevermind, I forgot to call gum_init_embedded() to setup Gum properly.