aeonlucid / frida-il2cpp Goto Github PK
View Code? Open in Web Editor NEWAn helper library for those that want to play around with Unity il2cpp games.
An helper library for those that want to play around with Unity il2cpp games.
The first thing I tried was to implement the property API of unity:
File: il2cpp.ts
private _il2cpp_class_get_properties: NativeFunction;
private _il2cpp_property_get_get_method: NativeFunction;
private _il2cpp_property_get_name: NativeFunction;
...
constructor() {
...
this._il2cpp_class_get_properties = new NativeFunction(module.findExportByName("il2cpp_class_get_properties")!, 'pointer', ['pointer', 'pointer']);
this._il2cpp_property_get_get_method = new NativeFunction(module.findExportByName("il2cpp_property_get_get_method")!, 'pointer', ['pointer']);
this._il2cpp_property_get_name = new NativeFunction(module.findExportByName("il2cpp_property_get_name")!, 'pointer', ['pointer']);
}
...
public il2cpp_class_get_properties(clazz: Il2CppClass, iter: NativePointer): PropertyInfo {
return this._il2cpp_class_get_properties(clazz, iter) as PropertyInfo;
}
// const MethodInfo* il2cpp_property_get_get_method(PropertyInfo * prop)
public il2cpp_property_get_get_method(prop: PropertyInfo): MethodInfo {
return this._il2cpp_property_get_get_method(prop) as MethodInfo;
}
// const char* il2cpp_property_get_name(PropertyInfo * prop)
public il2cpp_property_get_name(prop: PropertyInfo): string | null {
return (this._il2cpp_property_get_name(prop) as NativePointer).readCString();
}
Then, on il2cpp_class.ts
I added this method:
protected get_property_value(fieldName: string): NativePointer {
const prop = this._properties.get(fieldName);
if (prop === undefined) {
throw new Error(`Property ${fieldName} does not exists for class ${this._className}`);
}
const getAddr = il2cpp.il2cpp_property_get_get_method(prop);
return (new NativeFunction(getAddr, 'pointer', []))() as NativePointer;
}
Also, I added getAllClassProperties
in il2cpp_utils
class, it is exactly the same as getAllClassFields
, but it uses the property methods above.
Then, on my main file:
class PlayerDataModel extends Il2CppClassWrapper {
private _handle: NativePointer = il2cpp.il2cpp_object_get_class(il2cppUtils.findClass('', 'PlayerDataModel'));
constructor() {
super('', 'PlayerDataModel');
}
get money(): any {
return this.get_property_value('money').readDouble();
}
}
I always get an Access violation
. If I use dump_methods
, I can see the get_money
method, but it returns NaN
(I added double
in IlTypes, see below): return this.invoke_instance_method(this._handle, 'get_money', 'double'); // = NaN
protected unbox(...) {
case "double":
return il2cpp.il2cpp_object_unbox(obj).readDouble();
}
This is for reading, for writing I have no idea (maybe using invoke_instance_method
with set_money
?!)
Hi~
I am new to Frida.
It is very nice of you to offer this frida-il2cpp!
In the Usage section, what will gameData.allPlayers() return?
Is it converted from a native memory pointer?
take this for example
an List<> pointer is stored in R6
the get_count function is stored in R1
How can call List<> xxx.get_count just like what you show in the Usage if I have an native pointer of List<>?
Cool to see someone else who works in the il2cpp field for frida! Been working with a total port of
the c library to typescript, your solution is very clean and straight forward, so well done on that!
A question! There is a specific thing I've noticed, that you might have experienced, on android, for example in Mario Kart
.
If you place a hook with Interceptor.attach
on any libil2cpp.so export, you end up with a thread deadlock after a few seconds(20 seconds) when you are into the main menu. I'm not sure if you've encountered this, but if possible would you be up to check if you experience the same thing?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.