search

vfsfitvnm / frida-il2cpp-bridge

A Frida module to dump, trace or hijack any Il2Cpp application at runtime, without needing the global-metadata.dat file.
https://github.com/vfsfitvnm/frida-il2cpp-bridge/wiki
MIT License
918 stars 191 forks source link

il2cpp: couldn't resolve export il2cpp_get_corlib #451

Open justqstn opened 7 months ago

justqstn commented 7 months ago

Device: Emulator LDPlayer Android 7.1 64-bit

Command frida -H 127.0.0.1 -l dist/agent.js --realm=emulated

so, i can get libil2cpp.so address, but i cant dump game Il2Cpp.dump() dont working i didnt tested other functions

log:

il2cpp: couldn't resolve export il2cpp_get_corlib
    at r (il2cpp/api.ts:501)
    at get getCorlib (il2cpp/api.ts:272)
    at call (native)
    at <anonymous> (utils/lazy.ts:10)
    at initialize (il2cpp/module.ts:17)

script:

import "frida-il2cpp-bridge";

console.log("start!");
Il2Cpp.perform(() => {
    console.log("true");
});
justqstn commented 7 months ago

maybe, i fixed this by script:

import "frida-il2cpp-bridge";

globalThis.IL2CPP_MODULE_NAME = "libil2cpp.so";
Reflect.defineProperty(Il2Cpp, "module", {value: Process.findModuleByAddress(DebugSymbol.fromName("il2cpp_init").address)});

declare global {
    let IL2CPP_EXPORTS: Record<string, () => NativePointer>;
}

(globalThis as any).IL2CPP_EXPORTS = {
}

for (const module_ of Process.enumerateModules()) {
    for (const export_ of module_.enumerateExports()) {
        if (export_.name.includes("il2cpp")) {
            send(`${module_.name}!${export_.name} @ ${export_.address}`);
            IL2CPP_EXPORTS[export_.name] = () => Il2Cpp.module.base.add(new NativePointer(export_.address));
        }
    }
}

but i have another problem in #452