search

vfsfitvnm / frida-il2cpp-bridge

A Frida module to dump, trace or hijack any Il2Cpp application at runtime, without needing the global-metadata.dat file.
https://github.com/vfsfitvnm/frida-il2cpp-bridge/wiki
MIT License
974 stars 199 forks source link

some suggestions #221

Closed axhlzy closed 1 year ago

axhlzy commented 1 year ago

Enumeration class first parameter value__ If the value is 0x8, an error will occur in (readPointer). It is recommended to try catch

export const enumNumToName = (value: number, enumName: string) => { let clsPtr = findClass(enumName) if (clsPtr.isNull()) throw new Error("Don't find class " + enumName) let localCls = new Il2Cpp.Class(findClass(enumName)) if (!localCls.isEnum) throw new Error("Not enum class") let retStr: string = "" let iter = alloc() let field while (field = Il2Cpp.Api._classGetFields(clsPtr, iter)) { if (field.isNull()) break Il2Cpp.Api._fieldGetStaticValue let fieldName = field.readPointer().readCString() let value = alloc() try { Il2Cpp.Api._fieldGetStaticValue(field, value) } catch (error) { } LOGD("" + fieldName + " " + value.readPointer() + " ") } return retStr }

In your code, it is located in frida-il2cpp-bridge/src/il2cpp/structs/field.ts .line64 (Fix #171)

In addition, field The meaning of value should be that it is more appropriate to obtain the real value of this enumerated field. Here, it is resolved into a name, that is to say field.name === field.value ... It seems a little inappropriate

vfsfitvnm commented 1 year ago

I apologize but I don't understand what you are saying. The only thing I got is the first line:

Enumeration class first parameter value__ If the value is 0x8, an error will occur in (readPointer).

If so, would you provide more context about this and an example to reproduce?

axhlzy commented 1 year ago

1663063244772

As shown in the code above:

The problem of value 0x8 can be solved by trying to catch it outside, but the field here field.value === field.name seems inappropriate.

We are using field.value When calculating value, you should expect to obtain the specific value of the field, not the name. Of course, your code here can also be written in this way, but you should add a method to obtain the specific value of enum through the class name and the field name, as shown in the following figure

1663063530677

vfsfitvnm commented 1 year ago

When calculating value, you should expect to obtain the specific value of the field, not the name

The default C# behavior is to the return the name, decision I second because it's readable. If you want to get the value, you can do the following:

Il2Cpp.perform(() => {
    const UnityEngineCoreModule = Il2Cpp.Domain.assembly("UnityEngine.CoreModule").image;
    const OperatingSystemFamily = UnityEngineCoreModule.class("UnityEngine.OperatingSystemFamily");

    console.log(OperatingSystemFamily);
    console.log("//", OperatingSystemFamily.field<Il2Cpp.ValueType>("Linux").value.handle.readS32());
});
// UnityEngine.CoreModule
enum UnityEngine.OperatingSystemFamily : System.Enum
{
    System.Int32 value__; // 0x10
    static UnityEngine.OperatingSystemFamily Other = 0;
    static UnityEngine.OperatingSystemFamily MacOSX = 1;
    static UnityEngine.OperatingSystemFamily Windows = 2;
    static UnityEngine.OperatingSystemFamily Linux = 3;

}
// 3
axhlzy commented 1 year ago

Oh yes, I didn't understand enough and misunderstood here, thank you very much for your answer ^_^