search

vfsfitvnm / frida-il2cpp-bridge

A Frida module to dump, trace or hijack any Il2Cpp application at runtime, without needing the global-metadata.dat file.
https://github.com/vfsfitvnm/frida-il2cpp-bridge/wiki
MIT License
946 stars 194 forks source link

Enum types are incorrectly handled #385

Closed vfsfitvnm closed 10 months ago

vfsfitvnm commented 11 months ago

IL2CPP considers enum types as value types, hence frida-il2cpp-bridge treated them as such.

When interacting with IL2CPP, value types (aka structs) are represented as an array of values; enum types only have one field (value__), which contains the actual integer value, hence their "binary" representation is an array of a single integer.

From a Frida point of view, the following enum

enum Foo : System.Int32
{
    A,
    B
}

is encoded to ["int32"] (an array of a single integer).

However, considering the following snippet,

Il2Cpp.perform(() => {
    const Environment = Il2Cpp.corlib.class("System.Environment");
    const get_Platform = Environment.method<Il2Cpp.ValueType>("get_Platform");

    // Doesn't work on x86 (current behaviour)
    console.log(new NativeFunction(get_Platform.virtualAddress, ["int32"], [])());

    // Does work everywhere
    console.log(new NativeFunction(get_Platform.virtualAddress, "int32", [])());
});

it looks like this is not true: natively, enum types are treated as integers! Foo should be represented as a "int32". It seems that on arm64, arm32 and x86_64 it makes no difference at all, that's why I couldn't spot this problem earlier.

vfsfitvnm commented 11 months ago

It should be fixed now. Internally, enums are still mapped to Il2Cpp.ValueTypes. I don't know whether they should deserve a Il2Cpp.Enum instead.

Let me know if you encounter a regression.

vfsfitvnm commented 11 months ago

Fixed in v0.8.7