Giters

vfsfitvnm / frida-il2cpp-bridge

A Frida module to dump, trace or hijack any Il2Cpp application at runtime, without needing the global-metadata.dat file.

Home Page:https://github.com/vfsfitvnm/frida-il2cpp-bridge/wiki

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

How to hook a function by Address ?

b00tkitism opened this issue · comments

commented

There is a class in System.Net named RemoteCertificateValidationCallback that's used for validating remote certificate, I hooked this class's constructor and it had an argument that contains the address of validator function, I want to hook that to always return true

already tried this for hooking the address and it didn't work:

system = Il2Cpp.domain.assembly("System");
system.image.classes.forEach((clazz) => {if (clazz.name.includes("RemoteCertificateValidationCallback")) {rcvc = clazz}});
m = rcvc.method(".ctor");
m.implementation = function(a, b) {
    Interceptor.attach(
        ptr(b.toString()), { 
            onLeave: function(ret){
                console.log(ret)
            }
        }
    );
    this.method(".ctor").invoke(a, b)
}