Access violation when tracing with parameters = true

[UnknownAPI]

When tracing specific assemblies (or all at once) with parameters to true I get an access violation error.

my code:

import "frida-il2cpp-bridge";

Il2Cpp.perform(() => {
    Il2Cpp.trace(true)
        .assemblies(...Il2Cpp.domain.assemblies)
        .and()
        .attach();
});

error with stack trace trace:

Error: access violation accessing 0x132
    at tryMethod (/node_modules/frida-il2cpp-bridge/dist/index.js:1755)
    at method (/node_modules/frida-il2cpp-bridge/dist/index.js:1732)
    at method (/node_modules/frida-il2cpp-bridge/dist/index.js:2602)
    at toString (/node_modules/frida-il2cpp-bridge/dist/index.js:2622)
    at concat (native)
    at <anonymous> (/node_modules/frida-il2cpp-bridge/dist/index.js:1307)
    at map (native)
    at callback (/node_modules/frida-il2cpp-bridge/dist/index.js:1307)

Is there some way to ignore parameters that cause this access violation or to prevent it at all?

[hajdaini]

Hello I have the same problem on my side

[UnknownAPI]

        toString() {
            try{
                return this.isNull() ? "null" : this.method("ToString", 0).invoke().content ?? "null";
            }
            finally{
                return "Failed to get value"
            }
        }

Replacing Il2Cpp.Object's toString() method with this does prevent the error. It is obviously a cheap hack, I'm hoping a cleaner fix will come in future versions.

[thinhbuzz]

        toString() {
            try{
                return this.isNull() ? "null" : this.method("ToString", 0).invoke().content ?? "null";
            }
            finally{
                return "Failed to get value"
            }
        }

Replacing Il2Cpp.Object's toString() method with this does prevent the error. It is obviously a cheap hack, I'm hoping a cleaner fix will come in future versions.

@UnknownAPI that makes sense, I think you should contribute a PR for this.

[vfsfitvnm]

@UnknownAPI Thanks for reporting - we need to investigate this a little further I think. It's unusual that attempting to get ToString throws an access violation, it's probably due to something else...

What are the app name and platform?

(PS: we definitely need to attach some context when exception occurs! So that we know that tryMethod("ToString") caused the Error: access violation accessing 0x132)

[UnknownAPI]

@vfsfitvnm I encountered the exception when tracing Assembly-CSharp on Avakin Life on android. Here's some code you can try to reproduce the exception

import "frida-il2cpp-bridge";

Il2Cpp.perform(() => {
    Il2Cpp.trace(true)
        .assemblies(Il2Cpp.domain.assembly("Assembly-CSharp"))
        .and()
        .attach();
});

[AkaShrug]

https://github.com/vfsfitvnm/frida-il2cpp-bridge/blob/a28fa2eb5f10ef4a5c0635de1d9a11ec73a7231a/src/tracer.ts#L304 not much unrelated but think it still count as tracer issue , wouldnt this fail if return value is 0x0? on that game 0x0 System.Collections.IEnumerator.get_Current <InitialiseHelpshift>d__31 System.Object false true console.warn(returnValue,method.name,method.class.name,method.returnType,(returnValue == void 0),returnValue == 0x0)

class HelpshiftHandler.<InitialiseHelpshift>d__31 : System.Object, System.Collections.Generic.IEnumerator<System.Object>, System.Collections.IEnumerator, System.IDisposable
{
    System.Int32 <>1__state; // 0x8
    System.Object <>2__current; // 0xc
    HelpshiftHandler <>4__this; // 0x10
    System.Void .ctor(System.Int32 <>1__state); // 0x0220ffa4
    System.Void System.IDisposable.Dispose(); // 0x0220ffc0
    System.Boolean MoveNext(); // 0x0220ffc4
    System.Object System.Collections.Generic.IEnumerator<System.Object>.get_Current(); // 0x022105dc
    System.Void System.Collections.IEnumerator.Reset(); // 0x022105e4
    System.Object System.Collections.IEnumerator.get_Current(); // 0x02210630
}

[kalinathalie]

        toString() {
            try{
                return this.isNull() ? "null" : this.method("ToString", 0).invoke().content ?? "null";
            }
            finally{
                return "Failed to get value"
            }
        }

Replacing Il2Cpp.Object's toString() method with this does prevent the error. It is obviously a cheap hack, I'm hoping a cleaner fix will come in future versions.

Thank you a lot! This saved me!!!!

[peiga]

        toString() {
            try{
                return this.isNull() ? "null" : this.method("ToString", 0).invoke().content ?? "null";
            }
            finally{
                return "Failed to get value"
            }
        }

Replacing Il2Cpp.Object's toString() method with this does prevent the error. It is obviously a cheap hack, I'm hoping a cleaner fix will come in future versions.

@UnknownAPI that makes sense, I think you should contribute a PR for this.

credits to @UnknownAPI

here you go: https://github.com/vfsfitvnm/frida-il2cpp-bridge/pull/578

the original workaround always returns "failed to get value" for strings.

added this to pr:

/** */
toString(): string {
    try {
        return this.isNull() ? "null" : this.method<Il2Cpp.String>("ToString", 0).invoke().content ?? "null";
    } catch (error) {
        return "Error: ToString failed";
    }
}

[UnknownAPI]

Maybe it should be changed so that top layer user can add a custom serializer for values. (I've had much better and consistent result using System.Convert or Newtonsoft for object serialization). While the proposed fix effectively prevents the trace from crashing, it still fails to get a lot of the values.

[vfsfitvnm]

Maybe it should be changed so that top layer user can add a custom serializer for values. (I've had much better and consistent result using System.Convert or Newtonsoft for object serialization). While the proposed fix effectively prevents the trace from crashing, it still fails to get a lot of the values.

This is a good feature to add 💇‍♀️ And it should be very easy for a Il2Cpp.Tracer to accept a stringifier