search

vfsfitvnm / frida-il2cpp-bridge

A Frida module to dump, trace or hijack any Il2Cpp application at runtime, without needing the global-metadata.dat file.
https://github.com/vfsfitvnm/frida-il2cpp-bridge/wiki
MIT License
946 stars 194 forks source link

Access violation accessing #333

Closed VanHoevenTR closed 1 year ago

VanHoevenTR commented 1 year ago

I encountered a game that it throws an error "Error: access violation accessing 0x0" during dumping.

The game: https://apkcombo.com/takt-op-symphony/com.dgames.g65002002.google/

Unity version: 2021.2.0f1

il2cpp: dumping Assembly-CSharp...
il2cpp: dumping Takasho.ProtobufGenerated...
il2cpp: dumping mscorlib...
il2cpp: dumping System.Xml...
il2cpp: dumping UnityEngine.UIElementsModule...
il2cpp: dumping System.Runtime.Serialization...
il2cpp: dumping System...
il2cpp: dumping System.Data...
il2cpp: dumping Unity.RenderPipelines.Universal.Runtime...
il2cpp: dumping UnityEngine.CoreModule...
il2cpp: dumping System.Core...
il2cpp: dumping Grpc.Core...
il2cpp: dumping Newtonsoft.Json...
il2cpp: dumping Unity.TextMeshPro...
il2cpp: dumping spine-unity...
il2cpp: dumping Cinemachine...
il2cpp: dumping LCXSDK...
il2cpp: dumping Google.Protobuf...
il2cpp: dumping UnityEngine.UI...
il2cpp: dumping UnityEngine.TextCoreTextEngineModule...
il2cpp: dumping DOTween...
il2cpp: dumping Takasho.Generated...
il2cpp: dumping StompyRobot.SRDebugger...
il2cpp: dumping UnityEngine.IMGUIModule...
il2cpp: dumping Mono.Security...
il2cpp: dumping Unity.Timeline...
il2cpp: dumping UniTask...
il2cpp: dumping Unity.RenderPipelines.Core.Runtime...
il2cpp: dumping Assembly-CSharp-firstpass...
il2cpp: dumping ICSharpCode.SharpZipLib...
il2cpp: dumping StompyRobot.SRF...
il2cpp: dumping System.ServiceModel.Internals...
il2cpp: dumping IFix.Core...
il2cpp: dumping UnityEngine.AndroidJNIModule...
il2cpp: dumping UnityEngine...
il2cpp: dumping Takasho.Core...
il2cpp: dumping UnityEngine.AnimationModule...
il2cpp: dumping System.Numerics...
il2cpp: dumping System.Xml.Linq...
il2cpp: dumping UnityEngine.UIElementsNativeModule...
il2cpp: dumping Unity.Notifications.Android...
il2cpp: dumping UnityEngine.UnityWebRequestModule...
il2cpp: dumping System.Memory...
il2cpp: dumping UnityEngine.PhysicsModule...
il2cpp: dumping UnityEngine.TextCoreFontEngineModule...
il2cpp: dumping StylizedGrass.Runtime...
il2cpp: dumping UnityEngine.Physics2DModule...
il2cpp: dumping UnityEngine.AIModule...
il2cpp: dumping Unity.Mathematics...
il2cpp: dumping Grpc.Core.Api...
il2cpp: dumping UnityEngine.ParticleSystemModule...
il2cpp: dumping Unity.Burst...
il2cpp: dumping UnityEngine.UIModule...
il2cpp: dumping UnityEngine.XRModule...
il2cpp: dumping UnityEngine.AudioModule...
il2cpp: dumping Coffee.SoftMaskForUGUI...
il2cpp: dumping NavMeshComponentsExamples...
il2cpp: dumping PBT.Inner...
il2cpp: dumping UnityEngine.TextRenderingModule...
il2cpp: dumping UnityEngine.TerrainModule...
il2cpp: dumping UnityEngine.InputLegacyModule...
il2cpp: dumping UnityEngine.SharedInternalsModule...
il2cpp: dumping NavMeshComponents...
il2cpp: dumping UnityEngine.TilemapModule...
il2cpp: dumping UnityEngine.VFXModule...
il2cpp: dumping UnityEngine.AssetBundleModule...
il2cpp: dumping UnityEngine.DirectorModule...
il2cpp: dumping UnityEngine.SubsystemsModule...
il2cpp: dumping Google.Play.Common...
il2cpp: dumping UnityEngine.VideoModule...
il2cpp: dumping Takasho.ProtobufKernel...
il2cpp: dumping UnityEngine.UnityAnalyticsModule...
il2cpp: dumping UnityEngine.UnityWebRequestWWWModule...
il2cpp: dumping UnityEngine.UnityWebRequestTextureModule...
il2cpp: dumping UnityEngine.InputModule...
il2cpp: dumping UnityEngine.UnityWebRequestAssetBundleModule...
il2cpp: dumping UnityEngine.JSONSerializeModule...
il2cpp: dumping spine-timeline...
il2cpp: dumping UnityEngine.GridModule...
il2cpp: dumping UnityEngine.VRModule...
il2cpp: dumping UnityEngine.ImageConversionModule...
il2cpp: dumping UnityEngine.SpriteShapeModule...
il2cpp: dumping Google.Play.Core...
il2cpp: dumping UnityEngine.WindModule...
il2cpp: dumping System.Buffers...
il2cpp: dumping Takasho...
il2cpp: dumping MiniJson...
il2cpp: dumping Google.Play.Review...
il2cpp: dumping Unity.RenderPipeline.Universal.ShaderLibrary...
il2cpp: dumping System.Configuration...
il2cpp: dumping System.Runtime.CompilerServices.Unsafe...
il2cpp: dumping D4L...
il2cpp: dumping D4L.Tasks.UniTask...
il2cpp: dumping UniTask.DOTween...
Error: access violation accessing 0x0
    at get class (il2cpp/structs/object.ts:12)
    at call (native)
    at <anonymous> (utils/lazy.ts:10)
    at method (il2cpp/structs/object.ts:38)
    at get (il2cpp/structs/assembly.ts:27)
    at call (native)
    at <anonymous> (utils/lazy.ts:10)
    at get name (il2cpp/structs/assembly.ts:42)
    at call (native)
    at <anonymous> (utils/lazy.ts:10)
    at dump (il2cpp/dump.ts:13)
    at <anonymous> (index.ts:7)
    at apply (native)
    at <anonymous> (frida/runtime/core.js:51)

And another game that throws an error during init: https://apkcombo.com/takt-op-%E9%81%8B%E5%91%BD%E3%81%AF%E7%9C%9F%E7%B4%85%E3%81%8D%E6%97%8B%E5%BE%8B%E3%81%AE%E8%A1%97%E3%82%92/com.dgames.g85002002.google/download/apk

Same Unity version

Spawned `com.dgames.g85002002.google`. Resuming main thread!
[XXXX::com.dgames.g85002002.google ]-> Error: access violation accessing 0x744efa0
    at initialize (il2cpp/module.ts:43)
b00tkitism commented 1 year ago 
    at NativeFunction.<anonymous> (<anonymous>)
    at NativeStruct.get class (/node_modules/frida-il2cpp-bridge/dist/index.js:2595:48)
    at NativeStruct.descriptor.get (/node_modules/frida-il2cpp-bridge/dist/index.js:41:30)
    at NativeStruct.method (/node_modules/frida-il2cpp-bridge/dist/index.js:2615:25)
    at NativeStruct.toString (/node_modules/frida-il2cpp-bridge/dist/index.js:2651:50)
    at /node_modules/frida-il2cpp-bridge/dist/index.js:1360:249
    at Array.map (<anonymous>)
    at InvocationContext.callback (/node_modules/frida-il2cpp-bridge/dist/index.js:1360:195)
    at NativeFunction.<anonymous> (<anonymous>)
    at InvocationContext.callback (/node_modules/frida-il2cpp-bridge/dist/index.js:1362:44)
Error: access violation accessing 0x1
    at NativeFunction.<anonymous> (<anonymous>)
    at NativeStruct.get class (/node_modules/frida-il2cpp-bridge/dist/index.js:2595:48)
    at NativeStruct.descriptor.get (/node_modules/frida-il2cpp-bridge/dist/index.js:41:30)
    at NativeStruct.method (/node_modules/frida-il2cpp-bridge/dist/index.js:2615:25)
    at NativeStruct.toString (/node_modules/frida-il2cpp-bridge/dist/index.js:2651:50)
    at /node_modules/frida-il2cpp-bridge/dist/index.js:1360:249
    at Array.map (<anonymous>)
    at InvocationContext.callback (/node_modules/frida-il2cpp-bridge/dist/index.js:1360:195)
    at NativeFunction.<anonymous> (<anonymous>)
    at InvocationContext.callback (/node_modules/frida-il2cpp-bridge/dist/index.js:1362:44)
Error: access violation accessing 0x5
    at NativeFunction.<anonymous> (<anonymous>)
    at NativeStruct.get class (/node_modules/frida-il2cpp-bridge/dist/index.js:2595:48)
    at NativeStruct.descriptor.get (/node_modules/frida-il2cpp-bridge/dist/index.js:41:30)
    at NativeStruct.method (/node_modules/frida-il2cpp-bridge/dist/index.js:2615:25)
    at NativeStruct.toString (/node_modules/frida-il2cpp-bridge/dist/index.js:2651:50)
    at /node_modules/frida-il2cpp-bridge/dist/index.js:1360:249
    at Array.map (<anonymous>)
    at InvocationContext.callback (/node_modules/frida-il2cpp-bridge/dist/index.js:1360:195)
    at NativeFunction.<anonymous> (<anonymous>)
    at InvocationContext.callback (/node_modules/frida-il2cpp-bridge/dist/index.js:1362:44)
Error: access violation accessing 0x5
    at NativeFunction.<anonymous> (<anonymous>)
    at NativeStruct.get class (/node_modules/frida-il2cpp-bridge/dist/index.js:2595:48)
    at NativeStruct.descriptor.get (/node_modules/frida-il2cpp-bridge/dist/index.js:41:30)
    at NativeStruct.method (/node_modules/frida-il2cpp-bridge/dist/index.js:2615:25)
    at NativeStruct.toString (/node_modules/frida-il2cpp-bridge/dist/index.js:2651:50)
    at /node_modules/frida-il2cpp-bridge/dist/index.js:1360:249
    at Array.map (<anonymous>)
    at InvocationContext.callback (/node_modules/frida-il2cpp-bridge/dist/index.js:1360:195)
    at NativeFunction.<anonymous> (<anonymous>)
    at InvocationContext.callback (/node_modules/frida-il2cpp-bridge/dist/index.js:1362:44)
[SM A507FN::gadget ]-> Error: abort was called
    at NativeFunction.<anonymous> (<anonymous>)
    at Method.invokeRaw (/node_modules/frida-il2cpp-bridge/dist/index.js:2438:42)
    at NativeStruct.toString (/node_modules/frida-il2cpp-bridge/dist/index.js:2651:69)
    at /node_modules/frida-il2cpp-bridge/dist/index.js:1360:249
    at Array.map (<anonymous>)
    at InvocationContext.callback (/node_modules/frida-il2cpp-bridge/dist/index.js:1360:195)
    at NativeFunction.<anonymous> (<anonymous>)
    at Method.invokeRaw (/node_modules/frida-il2cpp-bridge/dist/index.js:2438:42)
    at NativeStruct.toString (/node_modules/frida-il2cpp-bridge/dist/index.js:2651:69)
    at /node_modules/frida-il2cpp-bridge/dist/index.js:1360:249
Error: access violation accessing 0x8
    at NativeFunction.<anonymous> (<anonymous>)
    at String.get length [as length] (/node_modules/frida-il2cpp-bridge/dist/index.js:2838:31)
    at String.get content [as content] (/node_modules/frida-il2cpp-bridge/dist/index.js:2821:73)
    at NativeStruct.toString (/node_modules/frida-il2cpp-bridge/dist/index.js:2651:77)
    at /node_modules/frida-il2cpp-bridge/dist/index.js:1360:249
    at Array.map (<anonymous>)
    at InvocationContext.callback (/node_modules/frida-il2cpp-bridge/dist/index.js:1360:195)
    at NativeFunction.<anonymous> (<anonymous>)
    at InvocationContext.callback (/node_modules/frida-il2cpp-bridge/dist/index.js:1362:44)
    at NativeFunction.<anonymous> (<anonymous>)
Error: abort was called
    at NativeFunction.<anonymous> (<anonymous>)
    at Method.invokeRaw (/node_modules/frida-il2cpp-bridge/dist/index.js:2438:42)
    at NativeStruct.toString (/node_modules/frida-il2cpp-bridge/dist/index.js:2651:69)
    at /node_modules/frida-il2cpp-bridge/dist/index.js:1360:249
    at Array.map (<anonymous>)
    at InvocationContext.callback (/node_modules/frida-il2cpp-bridge/dist/index.js:1360:195)
    at NativeFunction.<anonymous> (<anonymous>)
    at Method.invokeRaw (/node_modules/frida-il2cpp-bridge/dist/index.js:2438:42)
    at NativeStruct.toString (/node_modules/frida-il2cpp-bridge/dist/index.js:2651:69)
    at /node_modules/frida-il2cpp-bridge/dist/index.js:1360:249
Error: access violation accessing 0x8
    at NativeFunction.<anonymous> (<anonymous>)
    at String.get length [as length] (/node_modules/frida-il2cpp-bridge/dist/index.js:2838:31)
    at String.get content [as content] (/node_modules/frida-il2cpp-bridge/dist/index.js:2821:73)
    at NativeStruct.toString (/node_modules/frida-il2cpp-bridge/dist/index.js:2651:77)
    at /node_modules/frida-il2cpp-bridge/dist/index.js:1360:249
    at Array.map (<anonymous>)
    at InvocationContext.callback (/node_modules/frida-il2cpp-bridge/dist/index.js:1360:195)
    at NativeFunction.<anonymous> (<anonymous>)
    at InvocationContext.callback (/node_modules/frida-il2cpp-bridge/dist/index.js:1362:44)
    at NativeFunction.<anonymous> (<anonymous>)
Error: abort was called
    at NativeFunction.<anonymous> (<anonymous>)
    at Method.invokeRaw (/node_modules/frida-il2cpp-bridge/dist/index.js:2438:42)
    at NativeStruct.toString (/node_modules/frida-il2cpp-bridge/dist/index.js:2651:69)
    at /node_modules/frida-il2cpp-bridge/dist/index.js:1360:249
    at Array.map (<anonymous>)
    at InvocationContext.callback (/node_modules/frida-il2cpp-bridge/dist/index.js:1360:195)
    at NativeFunction.<anonymous> (<anonymous>)
    at Method.invokeRaw (/node_modules/frida-il2cpp-bridge/dist/index.js:2438:42)
    at NativeStruct.toString (/node_modules/frida-il2cpp-bridge/dist/index.js:2651:69)
    at /node_modules/frida-il2cpp-bridge/dist/index.js:1360:249
Error: access violation accessing 0x8
    at NativeFunction.<anonymous> (<anonymous>)
    at String.get length [as length] (/node_modules/frida-il2cpp-bridge/dist/index.js:2838:31)
    at String.get content [as content] (/node_modules/frida-il2cpp-bridge/dist/index.js:2821:73)
    at NativeStruct.toString (/node_modules/frida-il2cpp-bridge/dist/index.js:2651:77)
    at /node_modules/frida-il2cpp-bridge/dist/index.js:1360:249
    at Array.map (<anonymous>)
    at InvocationContext.callback (/node_modules/frida-il2cpp-bridge/dist/index.js:1360:195)
    at NativeFunction.<anonymous> (<anonymous>)
    at InvocationContext.callback (/node_modules/frida-il2cpp-bridge/dist/index.js:1362:44)
    at NativeFunction.<anonymous> (<anonymous>)

same but while tracing

vfsfitvnm commented 1 year ago

What's the frida-il2cpp-bridge version you are using? Is it up to date?

VanHoevenTR commented 1 year ago

What's the frida-il2cpp-bridge version you are using? Is it up to date?

Yes, v0.8.5

VanHoevenTR commented 1 year ago

This issue seems to be fixed all of sudden. I think upgrading Python and frida to latest version fixed it, so closing

vfsfitvnm commented 1 year ago

Thanks for the update; that's weird - I apologize for not finding the time to attempt to reproduce it