frida-il2cpp-bridge icon indicating copy to clipboard operation
frida-il2cpp-bridge copied to clipboard
verified publisher icon vfsfitvnm

Calling the static class method "virtualAddress = 0" resulted in the error: "access violation accessing 0x86"

Open 434432773 opened this issue 6 months ago • 2 comments

On the LDDnplayer9 64-bit emulator, I found a static class. Then I tried to call one of its methods. There was a possibility of encountering a memory access error. After debugging, I found that the class could be located and its methods could also be traversed, but when calling, the memory access failed directly. Then I discovered that the problem was with the virtualAddress being 0.

Also, when hooking a certain method, this kind of situation may occur. However, if I call it by using an instantiated object from another class, these problems will not arise.

The issues mentioned above are all of a probabilistic nature.

434432773 avatar Jun 12 '25 14:06 434432773

Thanks for reporting. What happens if you invoke Il2Cpp.Class::initialize before any other method?

Also, would you console.log(klass)?

vfsfitvnm avatar Jun 14 '25 16:06 vfsfitvnm

Thanks for reporting. What happens if you invoke Il2Cpp.Class::initialize before any other method?

Also, would you console.log(klass)?

I'm currently trying to figure out how to reproduce this issue. When running on multiple devices, there are always a few that don't work properly occasionally. Now I've encountered another strange problem.

private getInstance(assemblyName: string, className: string): Il2Cpp.Object | null {
    try {
        const assembly = Il2Cpp.domain.assembly(assemblyName);
        const targetClass = assembly.image.class(className);
        let instance: Il2Cpp.Object | null = null;
        Il2Cpp.gc.choose(targetClass).forEach(function (obj) {
            instance = obj;
        });
        return instance;
    }
    catch (e) {
        logger.info(`Failed to get ${className}: ${String(e)}`);
        return null;
    }
}

getInstance() After obtaining the object, when it came to the actual invocation, there was a problem with the x86 memory access. Then I attempted to...

console.log(obj.handle) add code After adding this, there was an error in direct memory access in the gc section.

private getInstance(assemblyName: string, className: string): Il2Cpp.Object | null {
    try {
        const assembly = Il2Cpp.domain.assembly(assemblyName);
        const targetClass = assembly.image.class(className);
        let instance: Il2Cpp.Object | null = null;
        Il2Cpp.gc.choose(targetClass).forEach(function (obj) {
            instance = obj;
            console.log(obj.handle)
        });
        return instance;
    }
    catch (e) {
        logger.info(`Failed to get ${className}: ${String(e)}`);
        return null;
    }
}

But after one failure, the second time it was called, it worked properly again.

434432773 avatar Jun 18 '25 06:06 434432773