mirror of
https://github.com/Perfare/Il2CppDumper.git
synced 2025-01-25 02:03:02 -03:00
Perfare
GitHub
commit
1de56f63fc
2 changed files with 126 additions and 35 deletions
109
README.md
109
README.md
|
|
@ -1,52 +1,91 @@
|
|||
# Il2CppDumper
|
||||
[](https://ci.appveyor.com/project/Perfare/il2cppdumper/branch/master/artifacts)
|
||||
从il2cpp中获取types, methods, fields等等数据
|
||||
基础逻辑代码来源于[Il2CppDumper](https://github.com/Jumboperson/Il2CppDumper)
|
||||
|
||||
## 功能
|
||||
* 支持ELF(arm, x86), Mach-O(32bit, 64bit)
|
||||
* 支持Metadata版本16, 20, 21, 22, 23, 24
|
||||
* 导出包括types, fields, properties, methods, attributes
|
||||
* 自动生成IDA脚本(重命名methodName,添加stringLiteral注释和MakeFunction)
|
||||
* 生成DummyDll
|
||||
[](https://ci.appveyor.com/project/Perfare/il2cppdumper/branch/master/artifacts)
|
||||
|
||||
## 使用说明
|
||||
运行Il2CppDumper.exe并依次选择il2cpp的可执行文件(ELF或者Mach-O文件)和global-metadata.dat文件,然后选择运行的模式,将生成dump.cs文件和script.py脚本
|
||||
Extract .NET metadata from il2cpp binaries. (types, methods, fields, etc.)
|
||||
|
||||
Extraction code is based on [Il2CppDumper](https://github.com/Jumboperson/Il2CppDumper)
|
||||
|
||||
(For Chinese version of this document please click [here](README_zh.md))
|
||||
|
||||
## Features
|
||||
|
||||
* Supports il2cpp binaries in ELF(arm, x86) and Mach-O(32bit, 64bit) format
|
||||
* Supports global-metadata version 16 and 20-24
|
||||
* Extracts .NET metadata including types, fields, properties, methods and attributes
|
||||
* Supports automated IDA script generation
|
||||
* name and tag methods
|
||||
* store dynamic string literals in comments
|
||||
* Generates dummy DLLs that can be viewed in .NET decompilers
|
||||
|
||||
## Usage
|
||||
|
||||
Run `Il2CppDumper.exe` and choose the main il2cpp executable (in ELF or Mach-O format) and `global-metadata.dat` file, then select the extraction mode. The program will then generate all the output files in current working directory.
|
||||
|
||||
### Extraction Modes
|
||||
|
||||
### 关于模式
|
||||
#### Manual
|
||||
你需要手动输入`CodeRegistration`和`MetadataRegistration`的指针地址,一般需要依靠反汇编工具来获取地址
|
||||
|
||||
The parameters (`CodeRegistration` and `MetadataRegistration`) that are passed to `il2cpp::vm::MetadataCache::Register()` needs to be manually reverse engineered and passed to the program.
|
||||
|
||||
#### Auto
|
||||
原理是通过函数的特征字节找到`il2cpp_codegen_register`函数并获取传入`il2cpp::vm::MetadataCache::Register`中的参数1(`CodeRegistration`)和参数2(`MetadataRegistration`)。不过由于不同编译器编译出来的结果有差异,很多情况下无法正常工作。
|
||||
|
||||
Automatically finds the `il2cpp_codegen_register()` function by signature matching and read out the first (`CodeRegistration`) and second (`MetadataRegistration`) parameter passed to the `il2cpp::vm::MetadataCache::Register()` method that will be invoked in the registration function. May not work well due to compiler optimizations.
|
||||
|
||||
#### Auto(Advanced)
|
||||
支持Metadata 20及以后的版本,在16版本下只能获取到`CodeRegistration`地址,利用指针特征进行搜索,通用性比Auto强。
|
||||
#### Auto(Plus) - **Recommend**
|
||||
支持Metadata 20及以后的版本,在16版本下只能获取到`CodeRegistration`地址,以metadata的数据作为依据,指针特征作为判读条件进行搜索,对于某些文件处理的比Auto(Advanced)好。
|
||||
|
||||
Matches possible pointers in the data section. Generally works better than `Auto` mode.
|
||||
|
||||
Supports metadata version 20 and later (only `CodeRegistration` address can be found on metadata version 16).
|
||||
|
||||
#### Auto(Plus) - **Recommended**
|
||||
|
||||
Matches possible pointers in the data section with some guidance from global-metadata. Works better than `Auto(Advanced)` mode on certain binaries.
|
||||
|
||||
Supports metadata version 20 and later (only `CodeRegistration` address can be found on metadata version 16).
|
||||
|
||||
#### Auto(Symbol)
|
||||
只支持安卓,使用自带的符号进行处理。
|
||||
|
||||
### 关于dump.cs
|
||||
文本文件,推荐使用有c#语法高亮的编辑器打开
|
||||
Uses symbols in the il2cpp binary to locate `CodeRegistration` and `MetadataRegistration`.
|
||||
|
||||
### 关于script.py
|
||||
需要安装IDA所需的python。在IDA中File-Script file选择script.py运行即可,会重命名methodName,添加stringLiteral注释和MakeFunction
|
||||
Only supports certain Android ELF files.
|
||||
|
||||
### 关于DummyDll
|
||||
利用Mono.Cecil生成的仿制Dll,使用反编译工具进行查看
|
||||
### Output files
|
||||
|
||||
### 关于config.json
|
||||
`DumpMethod`,`DumpField`,`DumpProperty`,`DumpAttribute`,`DumpFieldOffset`
|
||||
控制程序是否在dump.cs输出相应的内容
|
||||
#### dump.cs
|
||||
|
||||
`DummyDll`
|
||||
控制程序是否生成DummyDll
|
||||
C# pseudocode. Can be viewed in text editors (syntax highlighting recommended)
|
||||
|
||||
`ForceIl2CppVersion`,`ForceVersion`
|
||||
当ForceIl2CppVersion为true时,程序将根据ForceVersion指定的版本读取il2cpp的可执行文件(Metadata仍然使用header里的版本),这在部分低版本的il2cpp中将会有用(比如安卓20版本下,你可能需要设置ForceVersion为16程序才能正常工作)
|
||||
#### script.py
|
||||
|
||||
Requires IDA and IDAPython. Can be loaded in IDA via `File -> Script file`.
|
||||
|
||||
#### DummyDll
|
||||
|
||||
DLLs generated by Mono.Cecil which contain the .NET metadata extracted from the binary (no code included). Can be viewed in .NET decompilers.
|
||||
|
||||
### Configuration
|
||||
|
||||
All the configuration options are located in `config.json`
|
||||
Available options:
|
||||
|
||||
* `DumpMethod`, `DumpField`, `DumpProperty`, `DumpAttribute`, `DumpFieldOffset`
|
||||
* Whether or not the program should extract these information
|
||||
|
||||
* `DummyDll`
|
||||
* Whether or not the program should generate dummy DLLs
|
||||
|
||||
* `ForceIl2CppVersion`, `ForceVersion`
|
||||
* If `ForceIl2CppVersion` is `true`, the program will use the version number specified in `ForceVersion` to choose parser for il2cpp binaries (does not affect the choice of metadata parser). This may be useful on some older il2cpp version (e.g. the program may need to use v16 parser on ilcpp v20 (Android) binaries in order to work properly)
|
||||
|
||||
## Common errors
|
||||
|
||||
## 常见问题
|
||||
#### `ERROR: Metadata file supplied is not valid metadata file.`
|
||||
正如它所显示的,你选择的global-metadata.dat不是一个有效的metadata文件,通常是因为游戏加密了global-metadata.dat文件。关于解密的问题最好去破解论坛寻求帮助,请不要在issues提问!
|
||||
|
||||
#### `ERROR: Can't use this mode to process file, try another mode.`
|
||||
当所有自动模式都无法工作时,你可以打开一个新的issue,并上传文件,我会尝试解决
|
||||
The specified `global-metadata.dat` is invalid and the program cannot recognize it. Make sure you choose the correct file. Sometimes games may obfuscate this file for content protection purposes and so on. Deobfuscating of such files is beyond the scope of this program, so please **DO NOT** file an issue regarding to deobfuscating.
|
||||
|
||||
#### `ERROR: Can't use this mode to process file, try another mode.`
|
||||
|
||||
Try other extraction modes.
|
||||
|
||||
If all automated extraction modes failed with this error and you are sure that the files you supplied are not corrupted/obfuscated, please file an issue with the logs and sample files.
|
||||
|
|
|
|||
52
README_zh.md
Normal file
52
README_zh.md
Normal file
|
|
@ -0,0 +1,52 @@
|
|||
# Il2CppDumper
|
||||
[](https://ci.appveyor.com/project/Perfare/il2cppdumper/branch/master/artifacts)
|
||||
从il2cpp中获取types, methods, fields等等数据
|
||||
基础逻辑代码来源于[Il2CppDumper](https://github.com/Jumboperson/Il2CppDumper)
|
||||
|
||||
## 功能
|
||||
* 支持ELF(arm, x86), Mach-O(32bit, 64bit)
|
||||
* 支持Metadata版本16, 20, 21, 22, 23, 24
|
||||
* 导出包括types, fields, properties, methods, attributes
|
||||
* 自动生成IDA脚本(重命名methodName,添加stringLiteral注释和MakeFunction)
|
||||
* 生成DummyDll
|
||||
|
||||
## 使用说明
|
||||
运行Il2CppDumper.exe并依次选择il2cpp的可执行文件(ELF或者Mach-O文件)和global-metadata.dat文件,然后选择运行的模式,将生成dump.cs文件和script.py脚本
|
||||
|
||||
### 关于模式
|
||||
#### Manual
|
||||
你需要手动输入`CodeRegistration`和`MetadataRegistration`的指针地址,一般需要依靠反汇编工具来获取地址
|
||||
#### Auto
|
||||
原理是通过函数的特征字节找到`il2cpp_codegen_register`函数并获取传入`il2cpp::vm::MetadataCache::Register`中的参数1(`CodeRegistration`)和参数2(`MetadataRegistration`)。不过由于不同编译器编译出来的结果有差异,很多情况下无法正常工作。
|
||||
#### Auto(Advanced)
|
||||
支持Metadata 20及以后的版本,在16版本下只能获取到`CodeRegistration`地址,利用指针特征进行搜索,通用性比Auto强。
|
||||
#### Auto(Plus) - **Recommend**
|
||||
支持Metadata 20及以后的版本,在16版本下只能获取到`CodeRegistration`地址,以metadata的数据作为依据,指针特征作为判读条件进行搜索,对于某些文件处理的比Auto(Advanced)好。
|
||||
#### Auto(Symbol)
|
||||
只支持安卓,使用自带的符号进行处理。
|
||||
|
||||
### 关于dump.cs
|
||||
文本文件,推荐使用有c#语法高亮的编辑器打开
|
||||
|
||||
### 关于script.py
|
||||
需要安装IDA所需的python。在IDA中File-Script file选择script.py运行即可,会重命名methodName,添加stringLiteral注释和MakeFunction
|
||||
|
||||
### 关于DummyDll
|
||||
利用Mono.Cecil生成的仿制Dll,使用反编译工具进行查看
|
||||
|
||||
### 关于config.json
|
||||
`DumpMethod`,`DumpField`,`DumpProperty`,`DumpAttribute`,`DumpFieldOffset`
|
||||
控制程序是否在dump.cs输出相应的内容
|
||||
|
||||
`DummyDll`
|
||||
控制程序是否生成DummyDll
|
||||
|
||||
`ForceIl2CppVersion`,`ForceVersion`
|
||||
当ForceIl2CppVersion为true时,程序将根据ForceVersion指定的版本读取il2cpp的可执行文件(Metadata仍然使用header里的版本),这在部分低版本的il2cpp中将会有用(比如安卓20版本下,你可能需要设置ForceVersion为16程序才能正常工作)
|
||||
|
||||
## 常见问题
|
||||
#### `ERROR: Metadata file supplied is not valid metadata file.`
|
||||
正如它所显示的,你选择的global-metadata.dat不是一个有效的metadata文件,通常是因为游戏加密了global-metadata.dat文件。关于解密的问题最好去破解论坛寻求帮助,请不要在issues提问!
|
||||
|
||||
#### `ERROR: Can't use this mode to process file, try another mode.`
|
||||
当所有自动模式都无法工作时,你可以打开一个新的issue,并上传文件,我会尝试解决
|
||||
Loading…
Add table
Reference in a new issue