api相关 - 350030173/frida-il2cpp-bridge GitHub Wiki
参考: https://github.com/vfsfitvnm/frida-il2cpp-bridge/tree/3abafa75c8485e6c45417efee2484479e6961031#api
Il2Cpp.ArrayIl2Cpp.AssemblyIl2Cpp.ClassIl2Cpp.DomainIl2Cpp.FieldIl2Cpp.ImageIl2Cpp.MethodIl2Cpp.ObjectIl2Cpp.ParameterIl2Cpp.StringIl2Cpp.TypeIl2Cpp.ValueType
It's not possible to add or remove an array element at the moment.
//获取系统库
const mscorlib = Il2Cpp.Domain.assemblies.mscorlib.image;
//获取系统字符串类
const SystemString = mscorlib.classes["System.String"];
//构造一个字符串数组
const arr = Il2Cpp.Array.from<Il2Cpp.String>(SystemString, [
Il2Cpp.String.from("One"), Il2Cpp.String.from("Two"), Il2Cpp.String.from("Three")
]);
//获取数组中的元素长度??
console.log(arr.elementSize == StringClass.arrayElementSize);//返回3,true
//数组长度
console.log(arr.length == 3);//true
//获取数组返回类型
console.log(arr.object.class.type.name == "System.String[]");//true
//获取数组元素类型
console.log(arr.elementType.name == "System.String");//true
console.log(Array.from(arr).join(",") == "One,Two,Three");//false
//获取数组指定位置元素
console.log(arr.get(0).content == "One");//true
//替换数组中指定位置的元素
arr.set(0, Il2Cpp.String.from("Replaced"));
console.log(arr.get(0).content == "Replaced");//true//获取系统dll
const mscorlib = Il2Cpp.Domain.assemblies.mscorlib.image;
//或者
//const mscorlib = Il2Cpp.Domain.assemblies["mscorlib"].image
//const AssemblyCSharp = Il2Cpp.Domain.assemblies["Assembly-CSharp"].image
console.log(mscorlib.name == "mscorlib");const mscorlib = Il2Cpp.Domain.assemblies.mscorlib.image;
//获取系统各种类型
const BooleanClass = mscorlib.classes["System.Boolean"];
const Int32Class = mscorlib.classes["System.Int32"];
const Int64Class = mscorlib.classes["System.Int64"];
const ObjectClass = mscorlib.classes["System.Object"];
const DayOfWeekClass = mscorlib.classes["System.DayOfWeek"];
const MathClass = mscorlib.classes["System.Math"];
const IFormattableClass = mscorlib.classes["System.IFormattable"];
const ExecutionContextClass = mscorlib.classes["System.Threading.ExecutionContext"];
const ExecutionContextFlagsClass = mscorlib.classes["System.Threading.ExecutionContext.Flags"];
//获取枚举类型
const SignInStatus = Il2Cpp.Domain.assembly("Google.Play.Games").image.class("GooglePlayGames.BasicApi.SignInStatus")
const Success = SignInStatus.field<Il2Cpp.ValueType>("Success").value;
console.log("SignInStatus:" + Success);
//获取系统类的数组类型
console.log(BooleanClass.arrayClass.name == "Boolean[]");//true
//获取int32数组中的元素长度??
console.log(Int32Class.arrayElementSize == 4);//true
//获取int32数组中的元素长度??
console.log(Int64Class.arrayElementSize == 8);//true
console.log(ObjectClass.arrayElementSize == Process.pointerSize);//true
//没看懂啥意思
console.log(BooleanClass.arrayClass.elementClass?.name == "Boolean");//true
console.log(ExecutionContextFlagsClass.declaringClass!.handle.equals(ExecutionContextClass.handle));//true
//是否有构造函数
console.log(Int32Class.hasStaticConstructor == ".cctor" in Int32Class.methods);//true
console.log(Int32Class.image.name == "mscorlib.dll");//true
//是否枚举类型
console.log(DayOfWeekClass.isEnum);//true
console.log(!ObjectClass.isEnum);//true
//是否接口类型
console.log(IFormattableClass.isInterface);//true
console.log(!ObjectClass.isInterface);//true
//是否数值类型
console.log(Int32Class.isValueType);//true
console.log(!ObjectClass.isValueType);//true
console.log(BooleanClass.name == "Boolean");//true
//获取类的命名空间
console.log(BooleanClass.namespace == "System");//true
//获取类的父类
console.log(BooleanClass.parent);
console.log(BooleanClass.parent!.type.name == "System.ValueType");//true
console.log(ObjectClass.parent == null);//true
console.log(BooleanClass.type.name == "System.Boolean");//trueconsole.log(Il2Cpp.Domain.reference.name == "IL2CPP Root Domain");const mscorlib = Il2Cpp.Domain.assemblies.mscorlib.image;
const coreModule = Il2Cpp.Domain.assemblies["UnityEngine.CoreModule"].image;
const BooleanClass = mscorlib.classes["System.Boolean"];
const MathClass = mscorlib.classes["System.Math"];
const ThreadClass = mscorlib.classes["System.Threading.Thread"];
const Vector2Class = coreModule.classes["UnityEngine.Vector2"];
console.log(MathClass.fields.PI.class.handle.equals(MathClass.handle));
console.log(!Vector2Class.fields.x.isStatic);
console.log(Vector2Class.fields.oneVector.isStatic);
//确定该字段值在编译时是否已知,就是编译的时候是否已经赋值
console.log(MathClass.fields.PI.isLiteral);//true
//是否静态线程?
console.log(ThreadClass.fields.current_thread.isThreadStatic);//true
console.log(!ThreadClass.fields.m_Delegate.isThreadStatic);
console.log(BooleanClass.fields.TrueLiteral.name == "TrueLiteral");
console.log(MathClass.fields.PI.type.name == "System.Double");
//转为数值类型
const vec = Vector2Class.fields.oneVector.value as Il2Cpp.ValueType;
console.log(vec.fields.x.value == 1);
console.log(vec.fields.y.value == 1);
vec.fields.x.value = 42;
console.log(vec.fields.x.value == 42);const mscorlib = Il2Cpp.Domain.assemblies.mscorlib.image;
console.log(mscorlib.name == "mscorlib.dll");const mscorlib = Il2Cpp.Domain.assemblies.mscorlib.image;
const BooleanClass = mscorlib.classes["System.Boolean"];
const ArrayClass = mscorlib.classes["System.Array"];
const MathClass = mscorlib.classes["System.Math"];
//获取实例
console.log(MathClass.methods.Sqrt.class.handle.equals(MathClass.handle));
//判断方法是否泛型
console.log(ArrayClass.methods.Empty.isGeneric);
//判断方法是否静态
console.log(!BooleanClass.methods.ToString.isStatic);
console.log(!BooleanClass.methods.Parse.isStatic);
console.log(MathClass.methods.Sqrt.name == "Sqrt");
//方法参数个数
console.log(MathClass.methods[".cctor"].parameterCount == 0);
console.log(MathClass.methods.Abs.parameterCount == 1);
console.log(MathClass.methods.Max.parameterCount == 2);
//主动调用静态方法,参数是字符串,构造出来的
console.log(BooleanClass.methods.Parse.invoke<boolean>(Il2Cpp.String.from("true")));
//hook住指定方法
MathClass.methods.Max.implementation = function (val1, val2)
{
console.log("val1:" + val1);//打印参数
console.log("val2:" + val2);
return this.methods.Max.invoke(val1, val2)//主动调用该方法
};
//主动调用静态方法
console.log(MathClass.methods.Max.invoke<number>(1, 2) == 1);//对于新版来说,好像很多错误
const mscorlib = Il2Cpp.Domain.assemblies.mscorlib.image;
const coreModule = Il2Cpp.Domain.assemblies["UnityEngine.CoreModule"].image;
const OrdinalComparerClass = mscorlib.classes["System.OrdinalComparer"];
const Vector2Class = coreModule.classes["UnityEngine.Vector2"];
const ordinalComparer = Il2Cpp.Object.from(OrdinalComparerClass);
console.log(ordinalComparer.class.name == "OrdinalComparer");
console.log(ordinalComparer.base.class.name == "StringComparer");
const vec = Il2Cpp.Object.from(Vector2Class);
vec.methods[".ctor"].invoke(36, 4);
const vecUnboxed = vec.unbox();
console.log(vec.fields.x.value == vecUnboxed.fields.x.value);
console.log(vec.fields.y.value == vecUnboxed.fields.y.value);
const vecBoxed = vecUnboxed.box();
console.log(vecBoxed.fields.x.value == vecUnboxed.fields.x.value);
console.log(vecBoxed.fields.y.value == vecUnboxed.fields.y.value);
console.log(!vecBoxed.handle.equals(vec.handle));const mscorlib = Il2Cpp.Domain.assemblies.mscorlib.image;
const dParameter = mscorlib.classes["System.Math"].methods.Sqrt.parameters.d;
//获取参数名
console.log(dParameter.name == "d");
//获取参数位置
console.log(dParameter.position == 0);
//获取参数类型
console.log(dParameter.type.name == "System.Double");const str = Il2Cpp.String.from("Hello!");
console.log(str.content == "Hello!");//true
str.content = "Bye";
console.log(str.content == "Bye");//true
console.log(str.length == 3);//true
console.log(str.content?.length == 3);//true
console.log(str.object.class.type.name == "System.String");//true
console.log(str.object.class.type.typeEnum == "string");//trueconst mscorlib = Il2Cpp.Domain.assemblies.mscorlib.image;
const Int32Class = mscorlib.classes["System.Int32"];
const StringClass = mscorlib.classes["System.String"];
const ObjectClass = mscorlib.classes["System.Object"];
console.log(StringClass.type.class.handle.equals(StringClass.handle));
//构造数值数组
const array = Il2Cpp.Array.from<number>(Int32Class, [0, 1, 2, 3, 4]);
console.log(array.object.class.type.name == "System.Int32[]");
console.log(array.object.class.type.dataType?.name == "System.Int32");
//构造bool数组
var Booleanaa = Il2Cpp.Domain.assembly("mscorlib").image.class("System.Boolean");
var BooleanArray = Il2Cpp.Array.from<boolean>(Booleanaa, [true, true, true, true, true, true, true, true, true]);
console.log(StringClass.type.name == "System.String");
console.log(Int32Class.type.typeEnum == "i4");
console.log(ObjectClass.type.typeEnum == "object");const coreModule = Il2Cpp.Domain.reference.assemblies["UnityEngine.CoreModule"].image;
const Vector2Class = coreModule.classes["UnityEngine.Vector2"];
const vec = Vector2Class.fields.positiveInfinityVector.value as Il2Cpp.ValueType;
console.log(vec.class.type.name == "UnityEngine.Vector2");
console.log(vec.fields.x.value == Infinity);
console.log(vec.fields.y.value == Infinity);const CoinManager = Il2Cpp.Domain.assembly("Assembly-CSharp").image.class("CoinManager"); CoinManager.method("TryUseMoney").overload("MontyType", "System.Single", "UseItemSourceType").implementation = function (MontyType, money, UseItemSourceType) { console.log("\nMontyType:" + MontyType); console.log("money:" + money); console.log("UseItemSourceType:" + UseItemSourceType);
money = -money;
var ret = this.method("TryUseMoney").overload("MontyType", "System.Single", "UseItemSourceType").invoke(MontyType, money, UseItemSourceType);
console.log("TryUseMoney_ret:" + ret);
return ret;
};