search

vfsfitvnm / frida-il2cpp-bridge

A Frida module to dump, trace or hijack any Il2Cpp application at runtime, without needing the global-metadata.dat file.
https://github.com/vfsfitvnm/frida-il2cpp-bridge/wiki
MIT License
1.03k stars 202 forks source link

Empty structs are incorrectly handled #132

Closed thinhbuzz closed 2 years ago

thinhbuzz commented 2 years ago

I just upgraded from 0.6.8 to 0.7.7 and I can't hook to any method with struct parameter.

Error message:

Error: failed to compile function call interface

Code snippet

assemblyCsharp.class("Niantic.Holoholo.Encounter." + className).method("GEFJHFEACPH")
      .implementation = function (p0: any) {
      try {
        console.log("GEFJHFEACPH is calling", "p0");
        const result = this.method("GEFJHFEACPH").invoke(p0);
        console.log("GEFJHFEACPH is result", "result");
        return result;
      } catch (e) {
        console.error("GEFJHFEACPH", e);
      }
    };

Sample method

 System.Void GEFJHFEACPH(BNCJPAHJNGI ACOEAODMKPC); // 0x031894f4

image

vfsfitvnm commented 2 years ago

I couldn't find that method (the class name is missing) - I just installed version 0.229.2... Please print BNCJPAHJNGI class and 

assemblyCsharp.class("Niantic.Holoholo.Encounter." + className).method("GEFJHFEACPH").fridaSignature
thinhbuzz commented 2 years ago

I still live at version 0.229.1, here is more details

Pokémon GO 0.229.1

console.log(assemblyCsharp.class("Niantic.Holoholo.Encounter.EncounterInteractionState ").method("GEFJHFEACPH").fridaSignature);
// output: pointer,
// Assembly-CSharp
struct BNCJPAHJNGI : System.ValueType, DKMNAIEOMOE
{

}
// Assembly-CSharp                                                                                                                                                    
class Niantic.Holoholo.Encounter.EncounterInteractionState : Niantic.Zeppelin.GameStates.GameState, GBBAJJABICI, Niantic.Zeppelin.DependencyInjection.ICustomInstaller
{                                                                                                                                                                     
    Niantic.Holoholo.Encounter.EncounterIntroState encounterIntroStatePrefab; // 0x58                                                                                 
    Niantic.Holoholo.Encounter.ArPlus.EncounterArPlusIntroState encounterArPlusIntroStatePrefab; // 0x60                                                              
    Niantic.Holoholo.Encounter.EncounterCaptureState captureStatePrefab; // 0x68
    Niantic.Holoholo.Encounter.EncounterSnapshotState snapshotStatePrefab; // 0x70
    Niantic.Holoholo.Encounter.EncounterPokemon encounterPokemonPrefab; // 0x78
    Niantic.Holoholo.Encounter.ArPlus.ArPlusEncounterPokemon arPlusEncounterPokemonPrefab; // 0x80
    Niantic.Holoholo.Encounter.SnorlaxEncounterPokemon snorlaxEncounterPokemonPrefab; // 0x88
    Niantic.Holoholo.Encounter.Reticle reticlePrefab; // 0x90
    Niantic.Holoholo.Encounter.EncounterGuiController uiControllerPrefab; // 0x98
    Niantic.Holoholo.Badges.EncounterBadgeDisplayGuiController badgeDisplayGuiPrefab; // 0xa0
    Niantic.Holoholo.Encounter.EncounterItemUseGuiController itemUseConfirmationGuiPrefab; // 0xa8
    Niantic.Holoholo.Encounter.BackgroundController backgroundControllerPrefab; // 0xb0
    Niantic.Holoholo.Encounter.Pokeball pokeballPrefab; // 0xb8
    Niantic.Holoholo.Encounter.EncounterNameplate namePlatePrefab; // 0xc0
    Niantic.Holoholo.Encounter.EncounterToast toastPrefab; // 0xc8
    Niantic.Holoholo.Encounter.Gestures.EncounterGestureHandler encounterGestureHandlerPrefab; // 0xd0
    UnityEngine.AudioClip userFledSound; // 0xd8
    Niantic.Holoholo.Encounter.EncounterParkCameraController parkCameraController; // 0xe0
    Niantic.Holoholo.Encounter.EncounterArCameraController arCameraController; // 0xe8
    System.Single runAwayTransitionDuration; // 0xf0
    System.Single postFleeWait; // 0xf4
    System.Single enterStateFadeInTimeoutSeconds; // 0xf8
    PINKLDAACHH MKPAAPMBGFO; // 0x100
    Niantic.Holoholo.Encounter.EncounterState CHPMKDNOGFJ; // 0x108
    GameMasterData KGLLKDOIEKM; // 0x110
    BFBLMLEOCHN FGABIMHKCIE; // 0x118
    GAEEHJMMBFK KMDPGLPLLAO; // 0x120
    PAIOJMOONMC HKLINFGLBPO; // 0x128
    IKDILNKKPHA BCBHINAOGEF; // 0x130
    LPPOCMFEJPH FGNOCFFOFLL; // 0x138
    FDHAPKMCCHI CKMGJEFPLIB; // 0x140
    EJBBNAODJKO BDAMLKJEMDH; // 0x148
    Niantic.Holoholo.Encounter.EncounterPokemon.DHNEGAAPJBI CBHPLCNBIBK; // 0x150
    Niantic.Holoholo.Encounter.SnorlaxEncounterPokemon.EACMLAIHKBL PCJMPIOLLNN; // 0x158
    Niantic.Holoholo.Encounter.ArPlus.ArPlusEncounterPokemon.MEOBAEJJENH DCNCFFNFFEC; // 0x160
    Niantic.Holoholo.Encounter.BackgroundController.DAMMLBLHKOD PEJFIKFCMMP; // 0x168
    Niantic.Holoholo.Encounter.Reticle.KJPJCEEIMIO JLGDOIJLOBA; // 0x170
    Niantic.Holoholo.Encounter.Pokeball.IIKIIEJHDDK AFKBHFOIFJI; // 0x178
    KGMMNCHJDHE JOFKNFFIALL; // 0x180
    JOAIFAACKMN FMCBKPAPIEK; // 0x188
    OGGFLNACBIG OCGNLPCLOAK; // 0x190
    Niantic.Holoholo.Encounter.Gestures.EncounterGestureHandler.IABOPDPPPKH JADCHOEECOH; // 0x198
    Niantic.Holoholo.Encounter.EncounterItemUseGuiController.DADIKEGHIGE KJCEGCFJJIK; // 0x1a0
    Niantic.Holoholo.UI.Transitions.ScreenFadeGuiController.JFLGDCDCJBK IBOJNHCINAF; // 0x1a8
    NKNLDGGJLDE LBFEEPFHDKI; // 0x1b0
    Niantic.Zeppelin.Scheduler.IScheduler CHMMNONFMHP; // 0x1b8
    MOAMNPEGPJI CILNJBKCPDJ; // 0x1c0
    MFHIDGOFJBJ GJMANBOEJGL; // 0x1c8
    KKLIDNHHAAM DLDPOFHANDK; // 0x1d0
    NKNLDGGJLDE CPIOLOCLIEG; // 0x1d8
    LJCFLPMFLAM NFBNADNPIDB; // 0x1e0
    AJAHJMKIFIO FBHFMJENKBP; // 0x1e8
    PMLBNMDBMFP MHPDGELKAJL; // 0x1f0
    KCIJKEBHHGO KHELHBPIEHD; // 0x1f8
    EAKGHOAFHBA <CCNBKCCOPBN>k__BackingField; // 0x200
    LEFIJIEKDCK <FNELELEDNOH>k__BackingField; // 0x208
    Niantic.Holoholo.Encounter.BackgroundController <KFOPGEAMGDF>k__BackingField; // 0x210
    EAPEBJNEPOL <OIAHFDENKJH>k__BackingField; // 0x218
    BHCCEPBKJOA <CJCEEAJLDHH>k__BackingField; // 0x220
    GHGKBFKIGHG <OBDOEGGPIAH>k__BackingField; // 0x228
    HNIPDFMLHJA AGLBGNPJHBF; // 0x230
    AEDLBJJPKFA CBJIPEOJLBA; // 0x238
    System.Boolean OKCNCGKHGNE; // 0x23c
    Niantic.Holoholo.Encounter.Gestures.EncounterGestureHandler DFDDMMHGHGG; // 0x240
    Niantic.Promises.IReceipt MHAOINGFBFB; // 0x248
    System.Int32 JLFCLBCPACG; // 0x250
    NGLHNGPHEPP HPDBGMLGPPI; // 0x258
    AEDLBJJPKFA DMNHBGGCOGN; // 0x260
    System.Int32 EJDEMLGKHFP; // 0x264
    System.Boolean IBLDBCLIECP; // 0x268
    Niantic.Zeppelin.Scheduler.ISchedulerPromise KIDPMGPGEPE; // 0x270
    CJLJMGNHBGA<JIBEOGLPPPO> FMFFHGHFEOE; // 0x278
    IOBAIONGNIA OIDDJOGIJCH; // 0x280
    System.Action OLLHPHFCEIC; // 0x288
    System.Action GLOGGNPIBPL; // 0x290
    System.Action DOAPNMCPNPP; // 0x298
    System.Action FKMKPDPEPGN; // 0x2a0
    DMCBHGDDBGM HGNHOIEEFPJ; // 0x2a8
    System.Void HandlePokemonFled(EABGOJPIIND NMHADKDEIIH, System.Boolean GCIDHLGCFNL, System.String ACLABOODCCL); // 0x03186dfc
    System.Void EnterState(); // 0x03186f7c
    System.Void GIANEOPBEKG(); // 0x03187810
    System.Void MGHEFGIPNNO(); // 0x03187b74
    System.Void FMAMFOJGPKN(Niantic.Holoholo.Encounter.BackgroundController CHKLGGMOFFM); // 0x03187b7c
    System.Void EnterCaptureState(); // 0x03187b84
    System.Void OAFLHMINODJ(); // 0x03187bf0
    System.Void HIJFDLDDBFB(FNJFLDCCMOG LCHJIHIDBOI); // 0x031874b0
    System.Void SelectPokeball(AEDLBJJPKFA BHPFDCJAJPJ); // 0x03189114
    System.Void GEFJHFEACPH(BNCJPAHJNGI ACOEAODMKPC); // 0x031894f4
    System.Void ExitState(); // 0x03189788
    System.Void ArPlusPokemonFrightenedInPhotoMode(); // 0x03189da0
    System.Void AOEFFKLLCBC(); // 0x03189dac
    System.Void remove_ArToggled(System.Action CHKLGGMOFFM); // 0x03189e60
    System.Void FOIKGNFLLGF(BABIONIAGID DPGEEECNNND); // 0x03189f08
    System.Void SelectPokeball(); // 0x0318a638
    System.Void LJIKNOBDHHO(EABGOJPIIND.CPCGPMDHFFJ.MELCBHAGPEN IGMLNDMGKHO); // 0x0318a9bc
    System.Void ELFFMHKBOPI(System.Boolean CJEBIOHFFKC); // 0x0318aa94
    System.Void DeselectItems(); // 0x031893c0
    System.Void FNDHKFOIPFP(AEDLBJJPKFA CHKLGGMOFFM); // 0x03187dd4
    System.Void BAJHLMPBJNA(); // 0x0318af20
    EAKGHOAFHBA get_EncounterPokemon(); // 0x0318b0a0
    System.Void DAANFPIBFDO(); // 0x0318b0a8
    System.Void ArPlusPokemonFrightened(); // 0x0318b164
    System.Void EJFDPGKJDMM(); // 0x0318b69c
    System.Collections.Generic.IEnumerator<Niantic.Zeppelin.Scheduler.ISchedule> JPMOBDHCDBA(EABGOJPIIND GNNNDMNCEII, System.Boolean GCIDHLGCFNL, System.String ACLABOODCCL); // 0x03186ee4
    System.Void PlayFleeAnimation(); // 0x0318b4fc
    System.Void InstallBindings(Zenject.DiContainer KPPGNFCJNOO); // 0x0318b784
    System.Void OPOGAGPAANI(BHCCEPBKJOA CHKLGGMOFFM); // 0x0318b820
    System.Void EDEAGPDODHG(); // 0x0318b828
    AEDLBJJPKFA get_ActiveBerry(); // 0x0318b8e4
    System.Void add_IntroComplete(System.Action CHKLGGMOFFM); // 0x0318b8ec
    System.Void PokemonBrokeOut(); // 0x0318b994
    Niantic.Holoholo.Encounter.BackgroundController get_BackgroundController(); // 0x0318b9c4
    LEFIJIEKDCK get_ArPlusEncounterPokemon(); // 0x0318b9cc
    System.Void OEGOLGDLGKJ(EABGOJPIIND NMHADKDEIIH); // 0x0318b9d4
    System.Void IntroCompleted(); // 0x0318a560
    System.Collections.Generic.IEnumerator<Niantic.Zeppelin.Scheduler.ISchedule> KLDKELFPNAH(); // 0x0318ba98
    System.Boolean get_CanUseBerry(); // 0x0318bb34
    System.Void add_PokemonJumpToBush(System.Action CHKLGGMOFFM); // 0x0318bb44
    Niantic.Promises.IPromise<EABGOJPIIND> AttemptCapture(ELLLKIDFFJN OPFGDMDLCBE); // 0x0318bbec
    System.Boolean get_PokeballInPlay(); // 0x03189300
    System.Boolean MDMNCDGJFLC(); // 0x03187ec4
    System.Boolean get_IsInPhotoMode(); // 0x0318c34c
    System.Void EFPDAKBLCJC(EABGOJPIIND NMHADKDEIIH); // 0x0318c3d0
    System.Void remove_ActiveBerryChanged(System.Action CHKLGGMOFFM); // 0x0318c3dc
    System.Void FINEEDFMFHM(); // 0x0318c484
    GHGKBFKIGHG get_CaptureProbability(); // 0x0318c500
    System.Boolean IDEFGPMHIAN(); // 0x0318c508
    System.Void DBNLOBDPADB(EAKGHOAFHBA CHKLGGMOFFM); // 0x0318c5c8
    System.Void KMNHEJMIINM(); // 0x0318c5d0
    System.Void HIGDAPFGLFG(GHGKBFKIGHG CHKLGGMOFFM); // 0x0318c6e4
    System.Void remove_IntroComplete(System.Action CHKLGGMOFFM); // 0x0318c6ec
    System.Void GJFBKDEMDIO(KHOAJFAPAEE KOKMPCODMCL); // 0x0318c794
    Niantic.Promises.IPromise ECBIKLIGKMN(); // 0x0318ac18
    System.Void SnapshotModeCompleted(); // 0x0318c800
    System.Void OnApplicationPause(System.Boolean OIHHHEIKOOC); // 0x0318c83c
    System.Void OBJIHNHONGA(); // 0x0318a844
    System.Void PMJNNGFACMC(EABGOJPIIND NMHADKDEIIH); // 0x0318cc14
    System.Void add_ActiveBerryChanged(System.Action CHKLGGMOFFM); // 0x0318cd00
    System.Void LJKICEDLCCD(LEFIJIEKDCK CHKLGGMOFFM); // 0x0318cda8
    System.Void GPNEHPKDKGA(); // 0x03187fa0
    System.Void GPFHEGILAHD(); // 0x0318c8e0
    System.Void ABIPCFPMIBA(); // 0x03188a6c
    System.Void DJKPADFJFOH(); // 0x03189a18
    System.Void add_ArToggled(System.Action CHKLGGMOFFM); // 0x0318cdb8
    EAPEBJNEPOL get_Pokeball(); // 0x0318ce60
    System.Void .ctor(); // 0x0318ce68
    System.Void OCAMIGGACNK(System.Boolean JMLECINJNAG); // 0x0318cee4
    System.Void PFKBDHAICMP(); // 0x0318d070
    AEDLBJJPKFA get_CurrentItem(); // 0x0318d620
    System.Void SelectBerry(AEDLBJJPKFA KJFEKFHIBIL); // 0x0318d628
    System.Void remove_PokemonJumpToBush(System.Action CHKLGGMOFFM); // 0x0318d740
    System.Void EnterSnapshotMode(); // 0x0318d7e8
    System.Void AICEKKILPEB(); // 0x0318d86c
    System.Void ThrowMissed(); // 0x0318db48
    System.Void KGIPAOKIDNE(); // 0x03187944
    System.Void NCGKNMOLJON(); // 0x0318db58
    System.Void GJMLIGONKNE(); // 0x03188a98
    EBFPMGNGCOO GetCameraController(); // 0x0318a6f8
    System.Void NNNJNNCJMAO(EAPEBJNEPOL CHKLGGMOFFM); // 0x0318dc0c
    System.Void RunAway(); // 0x0318dc14
    System.Void BMNFIOLBEBF(); // 0x0318ddf0
    BHCCEPBKJOA get_EncounterUI(); // 0x0318df1c
    System.Void DFKLMHOJEAF(System.Action CHKLGGMOFFM); // 0x0318df24
    System.Void PokemonCaptured(); // 0x0318dfcc
}
vfsfitvnm commented 2 years ago

Thanks, I found it. This is the frida signature it generates: ["pointer",[]], which clearly is incorrect, I'll find out asap

vfsfitvnm commented 2 years ago

Yeah, the struct is empty. So I should remove empty arrays from there

vfsfitvnm commented 2 years ago

Well, I don't know how empty struct are managed (do they become pointers?):

const KFFMELBKBIJ = AssemblyCSharp.class("Niantic.Holoholo.Encounter.EncounterInteractionState").method("KFFMELBKBIJ")

console.log(KFFMELBKBIJ.parameters[0].type.class.valueSize);

This logs 1, so, would you try this line before implementation and tell me if it correctly works? I don't want to register & play the game to find out:

Reflect.defineProperty(KFFMELBKBIJ, "fridaSignature", {
    value: ["pointer", ["char"]]
});
thinhbuzz commented 2 years ago

still the same error Log:

1 Error: failed to compile function call interface

const KFFMELBKBIJ = assemblyCsharp.class("Niantic.Holoholo.Encounter.EncounterInteractionState").method("GEFJHFEACPH")
console.log(KFFMELBKBIJ.parameters[0].type.class.valueSize);
Reflect.defineProperty(KFFMELBKBIJ, "fridaSignature", {
  value: ["pointer", ["char"]]
});
assemblyCsharp.class("Niantic.Holoholo.Encounter.EncounterInteractionState").method("GEFJHFEACPH")
  .implementation = function (p0: any) {
  try {
    console.log("GEFJHFEACPH is calling", "p0");
    const result = this.method("GEFJHFEACPH").invoke(p0);
    console.log("GEFJHFEACPH is result", "result");
    return result;
  } catch (e) {
    console.error("GEFJHFEACPH", e);
  }
};
vfsfitvnm commented 2 years ago

Well yeah you have to replace KFFMELBKBIJ with GEFJHFEACPH

thinhbuzz commented 2 years ago

It's just a variable name, I changed it to GEFJHFEACPH but I still the same error

const GEFJHFEACPH = assemblyCsharp.class("Niantic.Holoholo.Encounter.EncounterInteractionState").method("GEFJHFEACPH")
console.log(GEFJHFEACPH.parameters[0].type.class.valueSize);
Reflect.defineProperty(GEFJHFEACPH, "fridaSignature", {
  value: ["pointer", ["char"]]
});
assemblyCsharp.class("Niantic.Holoholo.Encounter.EncounterInteractionState").method("GEFJHFEACPH")
  .implementation = function (p0: any) {
  try {
    console.log("GEFJHFEACPH is calling", "p0");
    const result = this.method("GEFJHFEACPH").invoke(p0);
    console.log("GEFJHFEACPH is result", "result");
    return result;
  } catch (e) {
    console.error("GEFJHFEACPH", e);
  }
};
vfsfitvnm commented 2 years ago 
const GEFJHFEACPH = assemblyCsharp.class("Niantic.Holoholo.Encounter.EncounterInteractionState").method("GEFJHFEACPH");

Reflect.defineProperty(GEFJHFEACPH, "fridaSignature", {
  value: ["pointer", ["char"]]
});

GEFJHFEACPH.implementation = function (p0: any) {
  try {
    console.log("GEFJHFEACPH is calling", "p0");
    const result = this.method("GEFJHFEACPH").invoke(p0);
    console.log("GEFJHFEACPH is result", "result");
    return result;
  } catch (e) {
    console.error("GEFJHFEACPH", e);
  }
};
thinhbuzz commented 2 years ago

haha, I got it. love bro

vfsfitvnm commented 2 years ago

Why did you close this? This is an issue and the solution I posted is definitely not the fix

thinhbuzz commented 2 years ago

@vfsfitvnm I closed this because my problem was solved by your snippet above. So you want to keep it open to find a solution, I'll keep it as is