using System;
using System.Linq;
using System.Reflection;
using System.Reflection.Emit;
using System.Runtime.InteropServices;
using BepInEx.Logging;
using HarmonyLib;
using HarmonyLib.Public.Patching;
using MonoMod.Cil;
using MonoMod.RuntimeDetour;
using MonoMod.Utils;
using UnhollowerBaseLib;
using UnhollowerBaseLib.Runtime;
namespace BepInEx.IL2CPP.Hook
{
public unsafe class IL2CPPDetourMethodPatcher : MethodPatcher
{
private static readonly MethodInfo IL2CPPToManagedStringMethodInfo
= AccessTools.Method(typeof(UnhollowerBaseLib.IL2CPP), nameof(UnhollowerBaseLib.IL2CPP.Il2CppStringToManaged));
private static readonly MethodInfo ManagedToIL2CPPStringMethodInfo
= AccessTools.Method(typeof(UnhollowerBaseLib.IL2CPP), nameof(UnhollowerBaseLib.IL2CPP.ManagedStringToIl2Cpp));
private static readonly MethodInfo ObjectBaseToPtrMethodInfo
= AccessTools.Method(typeof(UnhollowerBaseLib.IL2CPP), nameof(UnhollowerBaseLib.IL2CPP.Il2CppObjectBaseToPtr));
private static readonly MethodInfo ReportExceptionMethodInfo
= AccessTools.Method(typeof(IL2CPPDetourMethodPatcher), nameof(ReportException));
private static readonly ManualLogSource DetourLogger = Logger.CreateLogSource("Detour");
private FastNativeDetour nativeDetour;
private Il2CppMethodInfo* originalNativeMethodInfo;
private Il2CppMethodInfo* modifiedNativeMethodInfo;
///
/// Constructs a new instance of method patcher.
///
///
public IL2CPPDetourMethodPatcher(MethodBase original) : base(original)
{
Init();
}
private void Init()
{
// Get the native MethodInfo struct for the target method
originalNativeMethodInfo = (Il2CppMethodInfo*)
(IntPtr)UnhollowerUtils.GetIl2CppMethodInfoPointerFieldForGeneratedMethod(Original).GetValue(null);
// Create a trampoline from the original target method
var trampolinePtr = DetourGenerator.CreateTrampolineFromFunction(originalNativeMethodInfo->methodPointer, out _, out _);
// Create a modified native MethodInfo struct to point towards the trampoline
modifiedNativeMethodInfo = (Il2CppMethodInfo*)Marshal.AllocHGlobal(Marshal.SizeOf());
Marshal.StructureToPtr(*originalNativeMethodInfo, (IntPtr)modifiedNativeMethodInfo, false);
modifiedNativeMethodInfo->methodPointer = trampolinePtr;
}
///
public override DynamicMethodDefinition PrepareOriginal()
{
return null;
}
///
public override MethodBase DetourTo(MethodBase replacement)
{
// Unpatch an existing detour if it exists
nativeDetour?.Dispose();
// Generate a new DMD of the modified unhollowed method, and apply harmony patches to it
var copiedDmd = CopyOriginal();
HarmonyManipulator.Manipulate(copiedDmd.OriginalMethod, copiedDmd.OriginalMethod.GetPatchInfo(), new ILContext(copiedDmd.Definition));
// Generate the MethodInfo instances
var managedHookedMethod = copiedDmd.Generate();
var unmanagedTrampolineMethod = GenerateNativeToManagedTrampoline(managedHookedMethod).Generate();
// Apply a detour from the unmanaged implementation to the patched harmony method
var unmanagedDelegateType = DelegateTypeFactory.instance.CreateDelegateType(unmanagedTrampolineMethod,
CallingConvention.Cdecl);
var detourPtr = Marshal.GetFunctionPointerForDelegate(unmanagedTrampolineMethod.CreateDelegate(unmanagedDelegateType));
nativeDetour = new FastNativeDetour(originalNativeMethodInfo->methodPointer, detourPtr);
nativeDetour.Apply();
// TODO: Add an ILHook for the original unhollowed method to go directly to managedHookedMethod
// Right now it goes through three times as much interop conversion as it needs to, when being called from managed side
return managedHookedMethod;
}
///
public override DynamicMethodDefinition CopyOriginal()
{
var dmd = new DynamicMethodDefinition(Original);
dmd.Definition.Name = "UnhollowedWrapper_" + dmd.Definition.Name;
var cursor = new ILCursor(new ILContext(dmd.Definition));
// Remove il2cpp_object_get_virtual_method
if (cursor.TryGotoNext(x => x.MatchLdarg(0),
x => x.MatchCall(typeof(UnhollowerBaseLib.IL2CPP), nameof(UnhollowerBaseLib.IL2CPP.Il2CppObjectBaseToPtr)),
x => x.MatchLdsfld(out _),
x => x.MatchCall(typeof(UnhollowerBaseLib.IL2CPP), nameof(UnhollowerBaseLib.IL2CPP.il2cpp_object_get_virtual_method))))
{
cursor.RemoveRange(4);
}
else
{
cursor.Goto(0)
.GotoNext(x => x.MatchLdsfld(UnhollowerUtils.GetIl2CppMethodInfoPointerFieldForGeneratedMethod(Original)))
.Remove();
}
// Replace original IL2CPPMethodInfo pointer with a modified one that points to the trampoline
cursor
.Emit(Mono.Cecil.Cil.OpCodes.Ldc_I8, ((IntPtr)modifiedNativeMethodInfo).ToInt64())
.Emit(Mono.Cecil.Cil.OpCodes.Conv_I);
return dmd;
}
///
/// A handler for that checks if a method doesn't have a body
/// (e.g. it's icall or marked with ) and thus can be patched with
/// .
///
/// Not used
/// Patch resolver arguments
///
public static void TryResolve(object sender, PatchManager.PatcherResolverEventArgs args)
{
if (args.Original.DeclaringType?.IsSubclassOf(typeof(Il2CppObjectBase)) == true)
args.MethodPatcher = new IL2CPPDetourMethodPatcher(args.Original);
}
private DynamicMethodDefinition GenerateNativeToManagedTrampoline(MethodInfo targetManagedMethodInfo)
{
// managedParams are the unhollower types used on the managed side
// unmanagedParams are IntPtr references that are used by IL2CPP compiled assembly
var managedParams = Original.GetParameters().Select(x => x.ParameterType).ToArray();
var unmanagedParams = new Type[managedParams.Length + 2]; // +1 for thisptr at the start, +1 for methodInfo at the end
// TODO: Check if this breaks for static IL2CPP methods
unmanagedParams[0] = typeof(IntPtr);
unmanagedParams[unmanagedParams.Length - 1] = typeof(Il2CppMethodInfo*);
Array.Copy(managedParams.Select(ConvertManagedTypeToIL2CPPType).ToArray(), 0,
unmanagedParams, 1, managedParams.Length);
var managedReturnType = AccessTools.GetReturnedType(Original);
var unmanagedReturnType = ConvertManagedTypeToIL2CPPType(managedReturnType);
var dmd = new DynamicMethodDefinition("(il2cpp -> managed) " + Original.Name,
unmanagedReturnType,
unmanagedParams
);
var il = dmd.GetILGenerator();
il.BeginExceptionBlock();
// Declare a list of variables to dereference back to the original pointers.
// This is required due to the needed unhollower type conversions, so we can't directly pass some addresses as byref types
LocalBuilder[] indirectVariables = new LocalBuilder[managedParams.Length];
if (!Original.IsStatic)
{
// Load thisptr as arg0
il.Emit(OpCodes.Ldarg_0);
EmitConvertArgumentToManaged(il, Original.DeclaringType, out _);
}
for (int i = 0; i < managedParams.Length; ++i)
{
il.Emit(OpCodes.Ldarg_S, i + 1);
EmitConvertArgumentToManaged(il, managedParams[i], out indirectVariables[i]);
}
// Run the managed method
il.Emit(OpCodes.Call, targetManagedMethodInfo);
// Store the managed return type temporarily (if there was one)
LocalBuilder managedReturnVariable = null;
if (managedReturnType != typeof(void))
{
managedReturnVariable = il.DeclareLocal(managedReturnType);
il.Emit(OpCodes.Stloc, managedReturnVariable);
}
// Convert any managed byref values into their relevant IL2CPP types, and then store the values into their relevant dereferenced pointers
for (int i = 0; i < managedParams.Length; ++i)
{
if (indirectVariables[i] == null)
continue;
il.Emit(OpCodes.Ldarg_S, i + 1);
il.Emit(OpCodes.Ldloc, indirectVariables[i]);
EmitConvertManagedTypeToIL2CPP(il, managedParams[i].GetElementType());
il.Emit(OpCodes.Stind_I);
}
// Handle any lingering exceptions
il.BeginCatchBlock(typeof(Exception));
il.Emit(OpCodes.Call, ReportExceptionMethodInfo);
il.EndExceptionBlock();
// Convert the return value back to an IL2CPP friendly type (if there was a return value), and then return
if (managedReturnVariable != null)
{
il.Emit(OpCodes.Ldloc, managedReturnVariable);
EmitConvertManagedTypeToIL2CPP(il, managedReturnType);
}
il.Emit(OpCodes.Ret);
return dmd;
}
private static void ReportException(Exception ex)
{
DetourLogger.LogError(ex.ToString());
}
private static Type ConvertManagedTypeToIL2CPPType(Type managedType)
{
if (managedType.IsByRef)
{
Type directType = managedType.GetElementType();
if (directType == typeof(string) || directType.IsSubclassOf(typeof(Il2CppObjectBase)))
{
return typeof(IntPtr*);
}
}
else if (managedType == typeof(string) || managedType.IsSubclassOf(typeof(Il2CppObjectBase)))
{
return typeof(IntPtr);
}
return managedType;
}
private static void EmitConvertManagedTypeToIL2CPP(ILGenerator il, Type returnType)
{
if (returnType == typeof(string))
{
il.Emit(OpCodes.Call, ManagedToIL2CPPStringMethodInfo);
}
else if (!returnType.IsValueType && returnType.IsSubclassOf(typeof(Il2CppObjectBase)))
{
il.Emit(OpCodes.Call, ObjectBaseToPtrMethodInfo);
}
}
private static void EmitConvertArgumentToManaged(ILGenerator il, Type managedParamType, out LocalBuilder variable)
{
variable = null;
if (managedParamType.IsValueType) // don't need to convert blittable types
return;
void EmitCreateIl2CppObject()
{
Label endLabel = il.DefineLabel();
Label notNullLabel = il.DefineLabel();
il.Emit(OpCodes.Dup);
il.Emit(OpCodes.Brtrue_S, notNullLabel);
il.Emit(OpCodes.Pop);
il.Emit(OpCodes.Ldnull);
il.Emit(OpCodes.Br_S, endLabel);
il.MarkLabel(notNullLabel);
il.Emit(OpCodes.Newobj, AccessTools.DeclaredConstructor(managedParamType, new[] { typeof(IntPtr) }));
il.MarkLabel(endLabel);
}
void HandleTypeConversion(Type originalType)
{
if (originalType == typeof(string))
{
il.Emit(OpCodes.Call, IL2CPPToManagedStringMethodInfo);
}
else if (originalType.IsSubclassOf(typeof(Il2CppObjectBase)))
{
EmitCreateIl2CppObject();
}
}
if (managedParamType.IsByRef)
{
Type directType = managedParamType.GetElementType();
variable = il.DeclareLocal(directType);
il.Emit(OpCodes.Ldind_I);
HandleTypeConversion(directType);
il.Emit(OpCodes.Stloc, variable);
il.Emit(OpCodes.Ldloca, variable);
}
else
{
HandleTypeConversion(managedParamType);
}
}
}
}