search

vfsfitvnm / frida-il2cpp-bridge

A Frida module to dump, trace or hijack any Il2Cpp application at runtime, without needing the global-metadata.dat file.
https://github.com/vfsfitvnm/frida-il2cpp-bridge/wiki
MIT License
946 stars 194 forks source link

Il2Cpp.perform doesn't run on WSA Magisk #374

Closed toastyyyxd closed 11 months ago

toastyyyxd commented 11 months ago

I'm using Magisk on WSA

import "frida-il2cpp-bridge";
console.log("Start");
Il2Cpp.perform(() => {
    console.log(Il2Cpp.unityVersion)
});

Output:

PS C:\Users\sapoi\Desktop\dbc> npm run attach

> dbc@1.0.0 attach
> frida -U "Droneboi: Conquest" -l _.js --runtime=v8

     ____
    / _  |   Frida 16.1.4 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
   . . . .
   . . . .   Connected to Pixel 5 (id=127.0.0.1:58526)
Attaching...
Start
[Pixel 5::Droneboi: Conquest ]->

using --realm=emulated didn't work either and returns: Failed to attach: process is not using emulation

Adding Il2Cpp.trace() gives an error

Start
Error: unable to find module 'libil2cpp.so'
    at Object.value [as getModuleByName] (frida/runtime/core.js:339:1)
    at Object.<anonymous> (il2cpp/module.ts:30:24)
    at Object.descriptor.get (utils/lazy.ts:10:30)
    at r (il2cpp/api.ts:499:31)
    at Object.get threadGetAttachedThreads (il2cpp/api.ts:464:20)
    at Object.descriptor.get [as threadGetAttachedThreads] (utils/lazy.ts:10:30)
    at Object.<anonymous> (il2cpp/structs/thread.ts:135:42)
    at Object.<anonymous> (il2cpp/structs/thread.ts:152:16)
    at Tracer.<instance_members_initializer> (il2cpp/tracer.ts:28:36)
    at new Tracer (il2cpp/tracer.ts:63:9)

on x86_64

commonuserlol commented 11 months ago

isn't this mean, that game don't have x86 libs. Mostly they switched to arm64-v8a and ameabi-v7a (deprecated)

vfsfitvnm commented 11 months ago

Yeah, I second that, too. It looks like Process.getModuleByName("libil2cpp.so") doesn't work, hence I believe this is related to frida or whatever. What's the output of the following (send it via REPL)?

Process.enumerateModules().map(_ => _.name).sort()
toastyyyxd commented 11 months ago

I had to remove WSA from my system since it generated too many log files for my small SSD. Before that I did try to print out all the module names but couldn't find anything with the name il2cpp, I'm not 100% sure but I didn't see libunity either. Sorry I couldn't provide more information

vfsfitvnm commented 11 months ago

Well, it is definitely related to frida, unfortunately! Closing for now