search

vfsfitvnm / frida-il2cpp-bridge

A Frida module to dump, trace or hijack any Il2Cpp application at runtime, without needing the global-metadata.dat file.
https://github.com/vfsfitvnm/frida-il2cpp-bridge/wiki
MIT License
974 stars 199 forks source link

Couldn't find class System.AppDomain in assembly null #539

Open logwlogw opened 3 weeks ago

logwlogw commented 3 weeks ago

Hello, I can't solve the problem.

-------------Code------------- console.log(Il2Cpp.unityVersion); console.log(Il2Cpp.domain.assemblies); -------------Code-------------

Result:

2022.3.19f1 il2cpp: couldn't find class System.AppDomain in assembly null at class (/node_modules/frida-il2cpp-bridge/dist/index.js:2152) at get object (/node_modules/frida-il2cpp-bridge/dist/index.js:1918) at call (native) at (/node_modules/frida-il2cpp-bridge/dist/index.js:67) at get assemblies (/node_modules/frida-il2cpp-bridge/dist/index.js:1909) at call (native) at (/node_modules/frida-il2cpp-bridge/dist/index.js:67) at (index.ts:11) at perform (/node_modules/frida-il2cpp-bridge/dist/index.js:1058)

logwlogw commented 3 weeks ago

Also, couldn't find class System.Reflection.Module in assembly null

function Test() { const AssemblySharp = Il2Cpp.domain.assembly("Assembly-CSharp").image; var MainClass = AssemblySharp.class("ZXX.XX");

if (MainClass.parent != null)
{
    var method=MainClass.parent.methods[24];

    if (method != null)
    {
        method.implementation = function (p0: any, p1: any)
        {
        }
    }

}

}

il2cpp: couldn't find class System.Reflection.Module in assembly null at class (/node_modules/frida-il2cpp-bridge/dist/index.js:2152) at get virtualAddress (/node_modules/frida-il2cpp-bridge/dist/index.js:2334) at set implementation (/node_modules/frida-il2cpp-bridge/dist/index.js:2371) at Test (index.ts:80) at (index.ts:39) at perform (/node_modules/frida-il2cpp-bridge/dist/index.js:1058)

logwlogw commented 2 weeks ago

Main problem -violation accessing!

-------------Code------------- console.log(Il2Cpp.unityVersion); console.log(Il2Cpp.corlib.classes.length); console.log(Il2Cpp.corlib.classes[0].name); -------------Code-------------

2022.3.19f1 1750 Error: access violation accessing 0x10 at get name (/node_modules/frida-il2cpp-bridge/dist/index.js:1653) at call (native) at (/node_modules/frida-il2cpp-bridge/dist/index.js:67) at (index.ts:23) at perform (/node_modules/frida-il2cpp-bridge/dist/index.js:1058)

vfsfitvnm commented 2 weeks ago

Interesting. What's your platform and app name? So that I can take a look

logwlogw commented 2 weeks ago

app standoff2, ldplayer It worked in previous standoff2 versions, apparently some kind of protection Thank you

namtacs commented 1 day ago

It looks like il2cpp.so is heavily modified. Calling .classes on any assembly gives:

{
    "handle": "0x0"
},

6363 times And while you can't find AppDomain, you can find String? This is madness.

namtacs commented 8 hours ago

Big find. They somehow stripped all exports that aren't actually used for the game. How it should look like: Screenshot from 2024-09-11 19-44-23 Stripped methods: Screenshot from 2024-09-11 19-44-00 And it's not just these. Patching the assembly is, of course, not an option. I really hope this is not a dead end, but it looks like it is.