Couldn't find class System.AppDomain in assembly null

[logwlogw]

Hello,
I can't solve the problem.

-------------Code-------------
console.log(Il2Cpp.unityVersion);
console.log(Il2Cpp.domain.assemblies);
-------------Code-------------

Result:

2022.3.19f1
�[0m�[38;5;9mil2cpp�[0m: �[0mcouldn't find class System.AppDomain in assembly null�[3m�[2m
at class (/node_modules/frida-il2cpp-bridge/dist/index.js:2152)
at get object (/node_modules/frida-il2cpp-bridge/dist/index.js:1918)
at call (native)
at (/node_modules/frida-il2cpp-bridge/dist/index.js:67)
at get assemblies (/node_modules/frida-il2cpp-bridge/dist/index.js:1909)
at call (native)
at (/node_modules/frida-il2cpp-bridge/dist/index.js:67)
at (index.ts:11)
at perform (/node_modules/frida-il2cpp-bridge/dist/index.js:1058)�[0m

[logwlogw]

Also, couldn't find class System.Reflection.Module in assembly null

function Test() {
const AssemblySharp = Il2Cpp.domain.assembly("Assembly-CSharp").image;
var MainClass = AssemblySharp.class("ZXX.XX");

if (MainClass.parent != null)
{
    var method=MainClass.parent.methods[24];

    if (method != null)
    {
        method.implementation = function (p0: any, p1: any)
        {
        }
    }

}

}

il2cpp: couldn't find class System.Reflection.Module in assembly null
at class (/node_modules/frida-il2cpp-bridge/dist/index.js:2152)
at get virtualAddress (/node_modules/frida-il2cpp-bridge/dist/index.js:2334)
at set implementation (/node_modules/frida-il2cpp-bridge/dist/index.js:2371)
at Test (index.ts:80)
at (index.ts:39)
at perform (/node_modules/frida-il2cpp-bridge/dist/index.js:1058)

[logwlogw]

Main problem -violation accessing!

-------------Code-------------
console.log(Il2Cpp.unityVersion);
console.log(Il2Cpp.corlib.classes.length);
console.log(Il2Cpp.corlib.classes[0].name);
-------------Code-------------

2022.3.19f1
1750
Error: access violation accessing 0x10
at get name (/node_modules/frida-il2cpp-bridge/dist/index.js:1653)
at call (native)
at (/node_modules/frida-il2cpp-bridge/dist/index.js:67)
at (index.ts:23)
at perform (/node_modules/frida-il2cpp-bridge/dist/index.js:1058)

[vfsfitvnm]

Interesting. What's your platform and app name? So that I can take a look

[logwlogw]

app standoff2, ldplayer
It worked in previous standoff2 versions, apparently some kind of protection
Thank you

[namtacs]

It looks like il2cpp.so is heavily modified. Calling .classes on any assembly gives:

{
    "handle": "0x0"
},

6363 times
And while you can't find AppDomain, you can find String? This is madness.

[namtacs]

Big find. They somehow stripped all exports that aren't actually used for the game.
How it should look like:

Stripped methods:

And it's not just these.
Patching the assembly is, of course, not an option.
I guess this is just like #300 and you need to match signatures yourself (i tested and it works).

[logwlogw]

Thank you. So far I have solved my problem simply using ghidra+frida Interceptor.attach without frida-il2cpp-bridge :(

[namtacs]

а ты читы делаешь или просто поиграться?

[vfsfitvnm]

Thank you guys for the update.

As a gentle reminder, you can provide different handles to the IL2CPP exports using the global variable IL2CPP_EXPORTS (reference) so that you can still use frida-il2cpp-bridge if exports are elided.

However, no automatic IL2CPP exports detection is currently implemented, unfortunately. Signature pattern matching is a big feature that I'd be glad to implement in the future.

As of now, I could simply raise an meaningful error in case the export handle is NULL 🥲