Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access violation when tracing with parameters = true #557

Open
UnknownAPI opened this issue Oct 12, 2024 · 10 comments
Open

Access violation when tracing with parameters = true #557

UnknownAPI opened this issue Oct 12, 2024 · 10 comments
Labels
bug Something isn't working

Comments

@UnknownAPI
Copy link

UnknownAPI commented Oct 12, 2024
edited
Loading

When tracing specific assemblies (or all at once) with parameters to true I get an access violation error.

my code:

import "frida-il2cpp-bridge";

Il2Cpp.perform(() => {
    Il2Cpp.trace(true)
        .assemblies(...Il2Cpp.domain.assemblies)
        .and()
        .attach();
});

error with stack trace trace:

Error: access violation accessing 0x132
    at tryMethod (/node_modules/frida-il2cpp-bridge/dist/index.js:1755)
    at method (/node_modules/frida-il2cpp-bridge/dist/index.js:1732)
    at method (/node_modules/frida-il2cpp-bridge/dist/index.js:2602)
    at toString (/node_modules/frida-il2cpp-bridge/dist/index.js:2622)
    at concat (native)
    at <anonymous> (/node_modules/frida-il2cpp-bridge/dist/index.js:1307)
    at map (native)
    at callback (/node_modules/frida-il2cpp-bridge/dist/index.js:1307)

Is there some way to ignore parameters that cause this access violation or to prevent it at all?
@hajdaini
Copy link

Hello I have the same problem on my side

@UnknownAPI
Copy link
Author 

        toString() {
            try{
                return this.isNull() ? "null" : this.method("ToString", 0).invoke().content ?? "null";
            }
            finally{
                return "Failed to get value"
            }
        }

Replacing Il2Cpp.Object's toString() method with this does prevent the error. It is obviously a cheap hack, I'm hoping a cleaner fix will come in future versions.

@thinhbuzz
Copy link
Contributor 

        toString() {
            try{
                return this.isNull() ? "null" : this.method("ToString", 0).invoke().content ?? "null";
            }
            finally{
                return "Failed to get value"
            }
        }

Replacing Il2Cpp.Object's toString() method with this does prevent the error. It is obviously a cheap hack, I'm hoping a cleaner fix will come in future versions.

@UnknownAPI that makes sense, I think you should contribute a PR for this.

@vfsfitvnm
Copy link
Owner

@UnknownAPI Thanks for reporting - we need to investigate this a little further I think. It's unusual that attempting to get ToString throws an access violation, it's probably due to something else...

What are the app name and platform?

(PS: we definitely need to attach some context when exception occurs! So that we know that tryMethod("ToString") caused the Error: access violation accessing 0x132)

@vfsfitvnm vfsfitvnm reopened this Nov 1, 2024
@vfsfitvnm vfsfitvnm added the bug Something isn't working label Nov 1, 2024
@UnknownAPI
Copy link
Author

UnknownAPI commented Nov 1, 2024
edited
Loading

@vfsfitvnm I encountered the exception when tracing Assembly-CSharp on Avakin Life on android. Here's some code you can try to reproduce the exception

import "frida-il2cpp-bridge";

Il2Cpp.perform(() => {
    Il2Cpp.trace(true)
        .assemblies(Il2Cpp.domain.assembly("Assembly-CSharp"))
        .and()
        .attach();
});

@AkaShrug
Copy link

AkaShrug commented Nov 9, 2024
edited
Loading

frida-il2cpp-bridge/src/tracer.ts

Line 304 in a28fa2e

state.buffer.push(`\x1b[2m0x${paddedVirtualAddress}\x1b[0m ${`│ `.repeat(--state.depth)}└─\x1b[33m${method.class.type.name}::\x1b[1m${method.name}\x1b[0m\x1b[0m${returnValue == undefined ? "" : ` = \x1b[36m${fromFridaValue(returnValue, method.returnType)}`}\x1b[0m`);

not much unrelated but think it still count as tracer issue , wouldnt this fail if return value is 0x0?
on that game
0x0 System.Collections.IEnumerator.get_Current <InitialiseHelpshift>d__31 System.Object false true
console.warn(returnValue,method.name,method.class.name,method.returnType,(returnValue == void 0),returnValue == 0x0)

class HelpshiftHandler.<InitialiseHelpshift>d__31 : System.Object, System.Collections.Generic.IEnumerator<System.Object>, System.Collections.IEnumerator, System.IDisposable
{
    System.Int32 <>1__state; // 0x8
    System.Object <>2__current; // 0xc
    HelpshiftHandler <>4__this; // 0x10
    System.Void .ctor(System.Int32 <>1__state); // 0x0220ffa4
    System.Void System.IDisposable.Dispose(); // 0x0220ffc0
    System.Boolean MoveNext(); // 0x0220ffc4
    System.Object System.Collections.Generic.IEnumerator<System.Object>.get_Current(); // 0x022105dc
    System.Void System.Collections.IEnumerator.Reset(); // 0x022105e4
    System.Object System.Collections.IEnumerator.get_Current(); // 0x02210630
}

@kalinathalie
Copy link 

        toString() {
            try{
                return this.isNull() ? "null" : this.method("ToString", 0).invoke().content ?? "null";
            }
            finally{
                return "Failed to get value"
            }
        }

Replacing Il2Cpp.Object's toString() method with this does prevent the error. It is obviously a cheap hack, I'm hoping a cleaner fix will come in future versions.

Thank you a lot! This saved me!!!!

peiga added a commit to peiga/frida-il2cpp-bridge that referenced this issue Jan 1, 2025
@peiga
workaround for access violation when tracing with parameters vfsfitvn…
aa784d3 
…m#557

issue vfsfitvnm#557 
workaround from UnknownAPI
@peiga peiga mentioned this issue Jan 1, 2025
Open
@peiga
Copy link

peiga commented Jan 1, 2025
edited
Loading 

        toString() {
            try{
                return this.isNull() ? "null" : this.method("ToString", 0).invoke().content ?? "null";
            }
            finally{
                return "Failed to get value"
            }
        }

Replacing Il2Cpp.Object's toString() method with this does prevent the error. It is obviously a cheap hack, I'm hoping a cleaner fix will come in future versions.

@UnknownAPI that makes sense, I think you should contribute a PR for this.

credits to @UnknownAPI

here you go:
#578

the original workaround always returns "failed to get value" for strings.

added this to pr:

/** */
toString(): string {
    try {
        return this.isNull() ? "null" : this.method<Il2Cpp.String>("ToString", 0).invoke().content ?? "null";
    } catch (error) {
        return "Error: ToString failed";
    }
}

peiga added a commit to peiga/frida-il2cpp-bridge that referenced this issue Jan 2, 2025
@peiga
workaround for access violation when tracing with parameters vfsfitvn…
46d4fa2 
…m#557
@UnknownAPI
Copy link
Author

Maybe it should be changed so that top layer user can add a custom serializer for values. (I've had much better and consistent result using System.Convert or Newtonsoft for object serialization). While the proposed fix effectively prevents the trace from crashing, it still fails to get a lot of the values.

@vfsfitvnm
Copy link
Owner

Maybe it should be changed so that top layer user can add a custom serializer for values. (I've had much better and consistent result using System.Convert or Newtonsoft for object serialization). While the proposed fix effectively prevents the trace from crashing, it still fails to get a lot of the values.

This is a good feature to add 💇‍♀️ And it should be very easy for a Il2Cpp.Tracer to accept a stringifier

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@thinhbuzz @kalinathalie @hajdaini @AkaShrug @vfsfitvnm @peiga @UnknownAPI