search

vfsfitvnm / frida-il2cpp-bridge

A Frida module to dump, trace or hijack any Il2Cpp application at runtime, without needing the global-metadata.dat file.
https://github.com/vfsfitvnm/frida-il2cpp-bridge/wiki
MIT License
946 stars 194 forks source link

how to backtrace #392

Closed yujack008 closed 10 months ago

yujack008 commented 10 months ago

i have see https://github.com/vfsfitvnm/frida-il2cpp-bridge/issues/10 but no success。 can write a demo to use backtrace. thank you.

vfsfitvnm commented 10 months ago 
Il2Cpp.perform(() => {
    Il2Cpp.backtrace(Backtracer.FUZZY | Backtracer.ACCURATE) // defaults to undefined
        .assemblies(Il2Cpp.domain.assembly("Assembly-CSharp"))
        .and()
        .attach();
});
yujack008 commented 10 months ago 
Il2Cpp.perform(() => {
    Il2Cpp.backtrace(Backtracer.FUZZY | Backtracer.ACCURATE) // defaults to undefined
        .assemblies(Il2Cpp.domain.assembly("Assembly-CSharp"))
        .and()
        .attach();
});

how to get backtrace in a function call。 like:

MyClass.method("MyMethod").implementation = function (...args: any[]) {
    this.backtrace();
    return this.method("MyMethod").invoke(args);
};
350030173 commented 10 months ago 
    Il2Cpp.backtrace()
        .verbose(true)
        .assemblies(Il2Cpp.domain.assembly("Assembly-CSharp"))
        .filterClasses(clazz => clazz.name.includes("your class name"))
        .filterMethods(method => method.name.toLowerCase().includes("you method name".toLowerCase()))
        .and()
        .attach();
vfsfitvnm commented 10 months ago

More concise:

Il2Cpp.backtrace()
    .methods(MyClass.method("MyMethod"))
    .and()
    .attach();