Fatal exception when using ll2Cpp.GC.choose #265
Comments
|
Yeah, this is a bug I "discovered" few months ago, but I never filed an issue for that smh. It's not related to a specific application. See these release notes and the source code! |
|
Ahh I see. Specifically it looks like it starts at Which throws But as I'm a total noob with all this I wouldn't even know where to begin attempting to find that function in something like Ghidra and tracing what might be happening. I think for my case a temporary "solution" can be this ghetto generic wrapper to hook the constructor of any objects I used Il2Cpp.GC.choose for before and save them to variables until something better is found and can be replaced later. Sure there might be issues with that but I'll get to those later. |
|
Beware of two things:
const handles: Record<string, Il2Cpp.GC.Handle[]> = {};
// ...
if (this instanceof Il2Cpp.Object) {
handles[klass].push(this.ref(true));
}
// ...
for (const handle of handles[klass]) {
const object = handle.target;
// ...
handle.free();
} |
|
I don't know if that counts as a workaround or if it's the proper solution, but it looks like it's fixed 😄 |
|
I don't think this issue should be closed. The thing still crashes. We can greatly reduce the crashes by stopping garbage collection before using it, and then restarting garbage collection, this causes the game to drop frames / freeze, but its better than a crash -- this approach will still crash on occasion, but it goes from crash every time to crash randomly.
|
|
@ash47 Yeah that's what I did in the commit, however I could not reproduce the crashes. Would you elaborate (i.e. application name, platform, timing etc)? |
|
Hi, I can give you anything you need, this crash happens in Bloons TD 6, if
I select a class such as system.string, it's all good, if I select a class
that is based on a monobehaviour then it crashes -- if I log inside of the
for loop, it does work, I can see the logs for the instance, it crashes
after the loop like a timing issue.
I'm using Windows.
I can buy you a copy of the game if that helps fix the issue.
I can provide the script or anything else, just let me know exactly what
would be useful and I can provide it, I can test things too if required.
…On Wed, 12 Apr 2023, 4:57 am vfsfitvnm, ***@***.***> wrote:
@ash47 <https://github.com/ash47> Yeah that's what I did in the commit,
however I could not reproduce the crashes. Would you elaborate (i.e.
application name, platform, timing etc)?
—
Reply to this email directly, view it on GitHub
<#265 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AA4UUDT4UD2VFWBIALDKGBDXAWSTFANCNFSM6AAAAAAWDJJNCY>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Would you share the script you are using? |
|
I have a full GUI set up for creating mods for games which lets me hook various modding engines including Frida, and for this mod, I tried out I'll re-write the code below to remove the stuff specific to my Mod Manager.
I wrote the code the way I did because each time the "add cash" is called, it freezes the game, so, i made it collect all the times it is pressed and only execute it once per second to increase performance. I also played around with the order of starting and stopping the world, starting the world again after we've done the call to ---- Here's a rewrite that might be more useful: The thing is, this works fine, aside from the freezing, it's just that once every so often it will crash, it becomes much more obvious when using a GUI because it's really easy to keep clicking "Add Cash" Please let me know if you need any other details. |
|
The freezing probably happens because you are invoking Il2Cpp.perform(() => {
const AssemblyCSharp = Il2Cpp.Domain.assembly("Assembly-CSharp").image;
const AssetsScriptsSimulationSimulation = AssemblyCSharp.class("Assets.Scripts.Simulation.Simulation");
Il2Cpp.GC.stopWorld();
const instances = Il2Cpp.GC.choose(AssetsScriptsSimulationSimulation);
Il2Cpp.GC.startWorld();
Il2Cpp.attachedThreads[0].schedule(() => {
instances.forEach(instance => {
const currentCash = instance.method<number>("GetCash").invoke(cashIndex);
instance.method("SetCash").invoke(currentCash + amountOfCashToAdd, cashIndex);
});
});
}); |
|
I had a bit of a play around, I'm on Windows, it seems like I did some quick debugging via: I get numbers 1, 2, and 3, there is no 4, just the Is there something such as Discord I can message you directly on? |
|
Yeah, vfsfitvnm#7025 |
|
Thanks, I added you as a friend, I can't message you unless you accept.
…On Sat, Apr 15, 2023 at 9:04 PM vfsfitvnm ***@***.***> wrote:
Yeah, vfsfitvnm#7025
—
Reply to this email directly, view it on GitHub
<#265 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AA4UUDQ5HEK2HP7YFX6II4TXBJ6D7ANCNFSM6AAAAAAWDJJNCY>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
I suspect this might be some sort of anti frida tampering but I'm not smart enough to make that determination.
The newest version of https://apkcombo.com/beatstar/com.spaceapegames.beatstar/
Causes a crash with the following
I'm not smart enough to determine why this crashes. I've tried going to
0000000000a22d60in Ghidra but what's there doesn't match what Frida is telling me is at that address and I'm struggling to determine which function this even is.Is this some sort of anti frida code at work or a library issue?
The text was updated successfully, but these errors were encountered: