vfsfitvnm
Error: access violation accessing
I'm using code below to trace some dll:
import "frida-il2cpp-bridge";
Il2Cpp.perform(() => {
Il2Cpp.trace(true)
.verbose(true)
.assemblies(Il2Cpp.domain.assembly("Assembly-CSharp"))
.and()
.attach();
}
but often get Error: access violation accessing ... error, and process get terminated.
Error: access violation accessing 0x400000319
at callback (tracer.ts:300)
Error: access violation accessing 0x4000000bc
at callback (tracer.ts:300)
Error: access violation accessing 0x4000000bc
at callback (tracer.ts:300)
Process terminated
Error: access violation accessing 0x794304efa0
at tryMethod (structs/class.ts:332)
at tryMethod (structs/object.ts:117)
at method (structs/object.ts:82)
at toString (structs/object.ts:135)
at concat (native)
at <anonymous> (tracer.ts:297)
at map (native)
at callback (tracer.ts:297)
Process terminated
Could you please fix this problem so that process not terminate?
if you just want the process to not terminate make a custom tracer that has a catch and call it instead
function customTracer(): Il2Cpp.Tracer {
const applierparams = (): Il2Cpp.Tracer.Apply => (method, state, threadId) => {
const paddedVirtualAddress = method.relativeVirtualAddress.toString(16).padStart(8, "0");
const startIndex = +!method.isStatic | +Il2Cpp;
const callback = function (...args) {
if (this.threadId == threadId) {
const thisParameter = method.isStatic ? undefined : new Il2Cpp.Parameter("this", -1, method.class.type);
const parameters = thisParameter ? [thisParameter].concat(method.parameters) : method.parameters;
// @ts-ignore
// prettier-ignore
state.buffer.push(`\x1b[2m0x${paddedVirtualAddress}\x1b[0m ${`│ `.repeat(state.depth++)}┌─\x1b[35m${method.class.type.name}::\x1b[1m${method.name}\x1b[0m\x1b[0m(${parameters.map(e => {
try {
// @ts-ignore
const value = Il2Cpp.fromFridaValue(args[e.position + startIndex], e.type);
return `\x1b[32m${e.name}\x1b[0m = \x1b[31m${value}\x1b[0m`;
} catch (error) {
return `\x1b[32m${e.name}\x1b[0m = \x1b[31m<error: ${error.message}>\x1b[0m`;
}
}).join(", ")})`);
}
// @ts-ignore
const returnValue = method.nativeFunction(...args);
if (this.threadId == threadId) {
// @ts-ignore
// prettier-ignore
state.buffer.push(`\x1b[2m0x${paddedVirtualAddress}\x1b[0m ${`│ `.repeat(--state.depth)}└─\x1b[33m${method.class.type.name}::\x1b[1m${method.name}\x1b[0m\x1b[0m${returnValue == undefined ? "" : ` = \x1b[36m${Il2Cpp.fromFridaValue(returnValue, method.returnType)}`}\x1b[0m`);
state.flush();
}
return returnValue;
};
method.revert();
const nativeCallback = new NativeCallback(callback, method.returnType.fridaAlias, method.fridaSignature);
Interceptor.replace(method.virtualAddress, nativeCallback);
};
return new Il2Cpp.Tracer(applierparams());
}
credit to this guy although keep in mind its a very crude solution and usually access errors make the following calls errors too, so you'd have to restart it anyways, at least my implementation which is probably especially jank
just adding this here if someone sees this i think i got a tracer function that worked on some access violations i previously had at least from my testing, hope it works for the most part (although the output is a bit messy on this one)
edit: ive still gotten cases with onleave access violation so it definitely didn't fix it completely but at least it did reduce the number of access violation cases edit2: fixed that issue, very hacky though and not that flexible