search

vfsfitvnm / frida-il2cpp-bridge

A Frida module to dump, trace or hijack any Il2Cpp application at runtime, without needing the global-metadata.dat file.
https://github.com/vfsfitvnm/frida-il2cpp-bridge/wiki
MIT License
1.03k stars 202 forks source link

How I can can hook functions? #216

Closed Abdelrahmanamhawy closed 2 years ago

Abdelrahmanamhawy commented 2 years ago

Hello ,

Here 's my code 👍 

const Modulebase = Module.load("libil2cpp.so").base
const CSharp = Il2Cpp.Domain.assembly("Assembly-CSharp").image;
const targetClass = CSharp.class("gameManager")
const story = "Hello"
//console.log(ptr(story))
var targetMethod = targetClass.method("addMoney")
var diff1 = (ptr(CSharp)-Modulebase)
var diff2 = (ptr(targetClass)-ptr(CSharp))

I am trying to hook the targetmetod variable ,but i can't . In the dump.cs file dumped by the ill2cppdumper ,this method has an offset of ( 0x6DD060) . My debugging output is as follows :

Difference between libil2cpp and Assembly-CSharp : 22624712 Difference between Assembly-CSharp and TargetClass: 466822088

libil2cpp Base: 0x7c57990000 ptr(Assembly-Csharp) : 0x7c563fc638 targetMethod : System.Void addMoney(System.Int32 amount, System.Boolean counting); // 0x00ae7358 ptr(targetMethod): 0x7c6c31fe00 Instuction of the targetclass : ldr x24, #0x7c6c3aec68

I can't use the intercept function,it tells me access violation and file bug ,or can't intercept the function . Tried heap scanning using the code in the snippets but i get a syntax error saying "SyntaxError: expecting ',' "

vfsfitvnm commented 2 years ago

Uhm, I see a lot of confusion here. All you need to do is:

Il2Cpp.perform(() => {
    const AssemblyCSharp = Il2Cpp.Domain.assembly("Assembly-CSharp").image;
    const gameManager = AssemblyCSharp.class("gameManager");

   gameManager.method("addMoney").implementation = function (amount: number, counting: boolean) {
       // do whatever you want
       this.method("addMoney").invoke<void>(amount + 1000, counting);
   }
});