Giter VIP home page Giter VIP logo

frida-il2cpp's Introduction

frida-il2cpp

An helper library for those that want to play around with Unity il2cpp games.

Tested on Windows but should easily work for Android / iOS too. I think only the Process.findModuleByName("GameAssembly.dll")!; in il2cpp.ts needs to be changed.

Example class

import { Il2CppClassWrapper } from "../../frida-il2cpp/lib/il2cpp_class";
import { il2cpp } from "../../frida-il2cpp/lib/il2cpp_globals";
import { Il2CppObject } from "../../frida-il2cpp/lib/il2cpp";

export class CS_List<T> extends Il2CppClassWrapper {

    private _handle: Il2CppObject;
    private _type: (new (instance: Il2CppObject) => T);

    constructor (handle: Il2CppObject, type: (new (instance: Il2CppObject) => T)) {
        super("System.Collections.Generic", "List`1", il2cpp.il2cpp_object_get_class(handle));
        this._handle = handle;
        this._type = type;
    }

    public size(): number {
        return this.get_instance_value(this._handle, "_size").toInt32();
    }

    public count(): number {
        return this.invoke_instance_method(this._handle, "get_Count", "int");
    }

    public item(index: number): T {
        const addrIndex = Memory.alloc(4);

        addrIndex.writeS32(index);
        
        const result = this.invoke_instance_method(this._handle, "get_Item", "object", [
            addrIndex
        ]);

        return new this._type(result);
    }

}

Usage

let players: CS_List<AO_PlayerInfo> = gameData.allPlayers();

for (let index = 0; index < players.count(); index++) {
    const element: AO_PlayerInfo = players.item(index);

    console.log(element.playerName());
}

frida-il2cpp's People

Contributors

aeonlucid avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

alderon86 crackercat bigfacecat2017 laxusic devfares staringtheworldatmyrearview123 dragongt501 ssageparuders zbx911 19245222 ndlm46 waylandgod modder4869

frida-il2cpp's Issues

What will gameData.allPlayers() return?

Hi~
I am new to Frida.
It is very nice of you to offer this frida-il2cpp!
In the Usage section, what will gameData.allPlayers() return?
Is it converted from a native memory pointer?

image
take this for example
an List<> pointer is stored in R6
the get_count function is stored in R1
How can call List<> xxx.get_count just like what you show in the Usage if I have an native pointer of List<>?

How to read/write properties?

The first thing I tried was to implement the property API of unity:

File: il2cpp.ts

    private _il2cpp_class_get_properties: NativeFunction;
    private _il2cpp_property_get_get_method: NativeFunction;
    private _il2cpp_property_get_name: NativeFunction;

    ...

    constructor() {
        ...
        this._il2cpp_class_get_properties = new NativeFunction(module.findExportByName("il2cpp_class_get_properties")!, 'pointer', ['pointer', 'pointer']);
        this._il2cpp_property_get_get_method = new NativeFunction(module.findExportByName("il2cpp_property_get_get_method")!, 'pointer', ['pointer']);
        this._il2cpp_property_get_name = new NativeFunction(module.findExportByName("il2cpp_property_get_name")!, 'pointer', ['pointer']);
    }

    ...

    public il2cpp_class_get_properties(clazz: Il2CppClass, iter: NativePointer): PropertyInfo {
        return this._il2cpp_class_get_properties(clazz, iter) as PropertyInfo;
    }

    // const MethodInfo* il2cpp_property_get_get_method(PropertyInfo * prop)
    public il2cpp_property_get_get_method(prop: PropertyInfo): MethodInfo {
        return this._il2cpp_property_get_get_method(prop) as MethodInfo;
    }

    // const char* il2cpp_property_get_name(PropertyInfo * prop)
    public il2cpp_property_get_name(prop: PropertyInfo): string | null {
        return (this._il2cpp_property_get_name(prop) as NativePointer).readCString();
    }

Then, on il2cpp_class.ts I added this method:

    protected get_property_value(fieldName: string): NativePointer {
        const prop = this._properties.get(fieldName);

        if (prop === undefined) {
            throw new Error(`Property ${fieldName} does not exists for class ${this._className}`);
        }

        const getAddr = il2cpp.il2cpp_property_get_get_method(prop);

        return (new NativeFunction(getAddr, 'pointer', []))() as NativePointer;
    }

Also, I added getAllClassProperties in il2cpp_utils class, it is exactly the same as getAllClassFields, but it uses the property methods above.

Then, on my main file:

class PlayerDataModel extends Il2CppClassWrapper {
	private _handle: NativePointer = il2cpp.il2cpp_object_get_class(il2cppUtils.findClass('', 'PlayerDataModel'));

	constructor() {
		super('', 'PlayerDataModel');
	}

	get money(): any {
		return this.get_property_value('money').readDouble();
	}
}

I always get an Access violation. If I use dump_methods, I can see the get_money method, but it returns NaN (I added double in IlTypes, see below): return this.invoke_instance_method(this._handle, 'get_money', 'double'); // = NaN

    protected unbox(...) {
        case "double":
            return il2cpp.il2cpp_object_unbox(obj).readDouble();
    }

This is for reading, for writing I have no idea (maybe using invoke_instance_method with set_money ?!)

Not really an issue but!

Cool to see someone else who works in the il2cpp field for frida! Been working with a total port of
the c library to typescript, your solution is very clean and straight forward, so well done on that!

A question! There is a specific thing I've noticed, that you might have experienced, on android, for example in Mario Kart.
If you place a hook with Interceptor.attach on any libil2cpp.so export, you end up with a thread deadlock after a few seconds(20 seconds) when you are into the main menu. I'm not sure if you've encountered this, but if possible would you be up to check if you experience the same thing?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.