search

vfsfitvnm / frida-il2cpp-bridge

A Frida module to dump, trace or hijack any Il2Cpp application at runtime, without needing the global-metadata.dat file.
https://github.com/vfsfitvnm/frida-il2cpp-bridge/wiki
MIT License
974 stars 199 forks source link

How to build an array<string> instance ? #256

Closed axhlzy closed 1 year ago

axhlzy commented 1 year ago

I saw in the wiki document that inflate can find the real function address of the generic function,and it's easy to build build a unity string Using Il2Cpp.String.from("")

here's some questions about how to build array instance or list instance

I tried using mscorlib.System.Array.CreateInstance(Type, Int64[]) : Array @ 0x993330 callFunction(0x993330,Il2Cpp.Image.corlib.class("System.String").type.handle,10) but it's not working ....

Then I tried to look at their instance memory structure. @arm64 like this : 1676623537614

The first pointer is the type, the fourth pointer position is the size of the array, and the pointer arrangement of the real data continues.

So I tried to directly apply for a space to manually overwrite this area according to its format, but it is not very convenient to obtain the type (At present, we can only consider finding a function with a parameter or a return value with a string[] type, and then parse it to get the handle of the type), so I want to ask if there is a better and more elegant way to build an array or list.

Thanks very much

vfsfitvnm commented 1 year ago

Uhm, I don't quite understand what the problem is. You can obtain the System.Array<System.String> class like this:

const SystemString = Il2Cpp.Image.corlib.class("System.String");
const SystemStringArray = SystemString.arrayClass; // System.String[]
axhlzy commented 1 year ago

I write such a demo should be able to better express my intention: "Is there a simpler way to implement the above code function?"

1676647336228

The above is the construction of string[], what if it is the construction of list, as for the memory structure of list, it seems that a clear memory construction rule cannot be found simply from hexdump

vfsfitvnm commented 1 year ago

I think the function you are looking for is this: https://github.com/vfsfitvnm/frida-il2cpp-bridge/blob/master/src/il2cpp/structs/array.ts#L11

const SystemString = Il2Cpp.Image.corlib.class("System.String");
const array = Il2Cpp.Array.from(SystemString, ["hello", "how", "are", "you?"]);
axhlzy commented 1 year ago

yes i was looking for it

Is there a legal construct for this type? ↓ System.Collections.Generic.List<T>

System.Collections.Generic.List<String>

vfsfitvnm commented 1 year ago

Nope, System.Collections.Generic.List<T> is a class like any other (i.e. it doesn't have its own underlying Il2Cpp* struct). You can easily call the methods the class offers!

qiaozhi-4 commented 1 year ago 
Il2Cpp.Image.corlib.class("System.String")

Can I create an empty one

netgamehelp commented 6 months ago

If a function has a parameter of type List, and I want to convert this parameter to List to directly access the objects in the list, How could I do?

  • © Githubissues.
  • Githubissues is a development platform for aggregating issues.