From 2fd3624288d13751cdc9b98c496b0cef93792132 Mon Sep 17 00:00:00 2001 From: Perfare Date: Wed, 19 Aug 2020 13:40:38 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0ida=E8=84=9A=E6=9C=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Il2CppDumper/Il2CppDumper.csproj | 6 ++ Il2CppDumper/Outputs/ScriptGenerator.cs | 6 +- Il2CppDumper/ida.py | 14 ++-- Il2CppDumper/ida_py3.py | 78 ++++++++++++++++++++++ Il2CppDumper/ida_with_struct.py | 14 ++-- Il2CppDumper/ida_with_struct_py3.py | 87 +++++++++++++++++++++++++ 6 files changed, 189 insertions(+), 16 deletions(-) create mode 100644 Il2CppDumper/ida_py3.py create mode 100644 Il2CppDumper/ida_with_struct_py3.py diff --git a/Il2CppDumper/Il2CppDumper.csproj b/Il2CppDumper/Il2CppDumper.csproj index fa3d03b..652cf97 100644 --- a/Il2CppDumper/Il2CppDumper.csproj +++ b/Il2CppDumper/Il2CppDumper.csproj @@ -28,9 +28,15 @@ PreserveNewest + + PreserveNewest + PreserveNewest + + PreserveNewest + diff --git a/Il2CppDumper/Outputs/ScriptGenerator.cs b/Il2CppDumper/Outputs/ScriptGenerator.cs index 5a4d1ab..9eab554 100644 --- a/Il2CppDumper/Outputs/ScriptGenerator.cs +++ b/Il2CppDumper/Outputs/ScriptGenerator.cs @@ -738,8 +738,10 @@ namespace Il2CppDumper { var parentStructName = info.Parent + "_o"; pre.Append(RecursionStructInfo(structInfoWithStructName[parentStructName])); - sb.Append($"struct {info.TypeName}_Fields {{\n"); - sb.Append($"\t{info.Parent}_Fields _;\n"); + sb.Append($"struct {info.TypeName}_Fields : {info.Parent}_Fields {{\n"); + // C style + //sb.Append($"struct {info.TypeName}_Fields {{\n"); + //sb.Append($"\t{info.Parent}_Fields _;\n"); } else { diff --git a/Il2CppDumper/ida.py b/Il2CppDumper/ida.py index 2a0667a..e5f55e1 100644 --- a/Il2CppDumper/ida.py +++ b/Il2CppDumper/ida.py @@ -31,6 +31,13 @@ def make_function(start, end): path = idaapi.ask_file(False, '*.json', 'script.json from Il2cppdumper') data = json.loads(open(path, 'rb').read().decode('utf-8')) +if "Addresses" in data and "Addresses" in processFields: + addresses = data["Addresses"] + for index in range(len(addresses) - 1): + start = get_addr(addresses[index]) + end = get_addr(addresses[index + 1]) + make_function(start, end) + if "ScriptMethod" in data and "ScriptMethod" in processFields: scriptMethods = data["ScriptMethod"] for scriptMethod in scriptMethods: @@ -67,12 +74,5 @@ if "ScriptMetadataMethod" in data and "ScriptMetadataMethod" in processFields: idc.set_cmt(addr, name, 1) idc.set_cmt(addr, '{0:X}'.format(methodAddr), 0) -if "Addresses" in data and "Addresses" in processFields: - addresses = data["Addresses"] - for index in range(len(addresses) - 1): - start = get_addr(addresses[index]) - end = get_addr(addresses[index + 1]) - make_function(start, end) - print 'Script finished!' diff --git a/Il2CppDumper/ida_py3.py b/Il2CppDumper/ida_py3.py new file mode 100644 index 0000000..642c50a --- /dev/null +++ b/Il2CppDumper/ida_py3.py @@ -0,0 +1,78 @@ +# -*- coding: utf-8 -*- +import json + +processFields = [ + "ScriptMethod", + "ScriptString", + "ScriptMetadata", + "ScriptMetadataMethod", + "Addresses", +] + +imageBase = idaapi.get_imagebase() + +def get_addr(addr): + return imageBase + addr + +def set_name(addr, name): + ret = idc.set_name(addr, name, SN_NOWARN | SN_NOCHECK) + if ret == 0: + new_name = name + '_' + str(addr) + ret = idc.set_name(addr, new_name, SN_NOWARN | SN_NOCHECK) + +def make_function(start, end): + next_func = idc.get_next_func(start) + if next_func < end: + end = next_func + if idc.get_func_attr(start, FUNCATTR_START) == start: + ida_funcs.del_func(start) + ida_funcs.add_func(start, end) + +path = idaapi.ask_file(False, '*.json', 'script.json from Il2cppdumper') +data = json.loads(open(path, 'rb').read().decode('utf-8')) + +if "Addresses" in data and "Addresses" in processFields: + addresses = data["Addresses"] + for index in range(len(addresses) - 1): + start = get_addr(addresses[index]) + end = get_addr(addresses[index + 1]) + make_function(start, end) + +if "ScriptMethod" in data and "ScriptMethod" in processFields: + scriptMethods = data["ScriptMethod"] + for scriptMethod in scriptMethods: + addr = get_addr(scriptMethod["Address"]) + name = scriptMethod["Name"] + set_name(addr, name) + +if "ScriptString" in data and "ScriptString" in processFields: + index = 1 + scriptStrings = data["ScriptString"] + for scriptString in scriptStrings: + addr = get_addr(scriptString["Address"]) + value = scriptString["Value"] + name = "StringLiteral_" + str(index) + idc.set_name(addr, name, SN_NOWARN) + idc.set_cmt(addr, value, 1) + index += 1 + +if "ScriptMetadata" in data and "ScriptMetadata" in processFields: + scriptMetadatas = data["ScriptMetadata"] + for scriptMetadata in scriptMetadatas: + addr = get_addr(scriptMetadata["Address"]) + name = scriptMetadata["Name"] + set_name(addr, name) + idc.set_cmt(addr, name, 1) + +if "ScriptMetadataMethod" in data and "ScriptMetadataMethod" in processFields: + scriptMetadataMethods = data["ScriptMetadataMethod"] + for scriptMetadataMethod in scriptMetadataMethods: + addr = get_addr(scriptMetadataMethod["Address"]) + name = scriptMetadataMethod["Name"] + methodAddr = get_addr(scriptMetadataMethod["MethodAddress"]) + set_name(addr, name) + idc.set_cmt(addr, name, 1) + idc.set_cmt(addr, '{0:X}'.format(methodAddr), 0) + +print('Script finished!') + diff --git a/Il2CppDumper/ida_with_struct.py b/Il2CppDumper/ida_with_struct.py index 0d6f37e..f007a3b 100644 --- a/Il2CppDumper/ida_with_struct.py +++ b/Il2CppDumper/ida_with_struct.py @@ -33,6 +33,13 @@ hpath = idaapi.ask_file(False, '*.h', 'il2cpp.h from Il2cppdumper') parse_decls(open(hpath, 'rb').read(), 0) data = json.loads(open(path, 'rb').read().decode('utf-8')) +if "Addresses" in data and "Addresses" in processFields: + addresses = data["Addresses"] + for index in range(len(addresses) - 1): + start = get_addr(addresses[index]) + end = get_addr(addresses[index + 1]) + make_function(start, end) + if "ScriptMethod" in data and "ScriptMethod" in processFields: scriptMethods = data["ScriptMethod"] for scriptMethod in scriptMethods: @@ -76,12 +83,5 @@ if "ScriptMetadataMethod" in data and "ScriptMetadataMethod" in processFields: idc.set_cmt(addr, name, 1) idc.set_cmt(addr, '{0:X}'.format(methodAddr), 0) -if "Addresses" in data and "Addresses" in processFields: - addresses = data["Addresses"] - for index in range(len(addresses) - 1): - start = get_addr(addresses[index]) - end = get_addr(addresses[index + 1]) - make_function(start, end) - print 'Script finished!' diff --git a/Il2CppDumper/ida_with_struct_py3.py b/Il2CppDumper/ida_with_struct_py3.py new file mode 100644 index 0000000..ac23f89 --- /dev/null +++ b/Il2CppDumper/ida_with_struct_py3.py @@ -0,0 +1,87 @@ +# -*- coding: utf-8 -*- +import json + +processFields = [ + "ScriptMethod", + "ScriptString", + "ScriptMetadata", + "ScriptMetadataMethod", + "Addresses", +] + +imageBase = idaapi.get_imagebase() + +def get_addr(addr): + return imageBase + addr + +def set_name(addr, name): + ret = idc.set_name(addr, name, SN_NOWARN | SN_NOCHECK) + if ret == 0: + new_name = name + '_' + str(addr) + ret = idc.set_name(addr, new_name, SN_NOWARN | SN_NOCHECK) + +def make_function(start, end): + next_func = idc.get_next_func(start) + if next_func < end: + end = next_func + if idc.get_func_attr(start, FUNCATTR_START) == start: + ida_funcs.del_func(start) + ida_funcs.add_func(start, end) + +path = idaapi.ask_file(False, '*.json', 'script.json from Il2cppdumper') +hpath = idaapi.ask_file(False, '*.h', 'il2cpp.h from Il2cppdumper') +parse_decls(open(hpath, 'r').read(), 0) +data = json.loads(open(path, 'rb').read().decode('utf-8')) + +if "Addresses" in data and "Addresses" in processFields: + addresses = data["Addresses"] + for index in range(len(addresses) - 1): + start = get_addr(addresses[index]) + end = get_addr(addresses[index + 1]) + make_function(start, end) + +if "ScriptMethod" in data and "ScriptMethod" in processFields: + scriptMethods = data["ScriptMethod"] + for scriptMethod in scriptMethods: + addr = get_addr(scriptMethod["Address"]) + name = scriptMethod["Name"] + set_name(addr, name) + signature = scriptMethod["Signature"] + if apply_type(addr, parse_decl(signature, 0), 1) == False: + print("apply_type failed:", hex(addr), signature) + +if "ScriptString" in data and "ScriptString" in processFields: + index = 1 + scriptStrings = data["ScriptString"] + for scriptString in scriptStrings: + addr = get_addr(scriptString["Address"]) + value = scriptString["Value"] + name = "StringLiteral_" + str(index) + idc.set_name(addr, name, SN_NOWARN) + idc.set_cmt(addr, value, 1) + index += 1 + +if "ScriptMetadata" in data and "ScriptMetadata" in processFields: + scriptMetadatas = data["ScriptMetadata"] + for scriptMetadata in scriptMetadatas: + addr = get_addr(scriptMetadata["Address"]) + name = scriptMetadata["Name"] + set_name(addr, name) + idc.set_cmt(addr, name, 1) + if scriptMetadata["Signature"] is not None: + signature = scriptMetadata["Signature"] + if apply_type(addr, parse_decl(signature, 0), 1) == False: + print("apply_type failed:", hex(addr), signature) + +if "ScriptMetadataMethod" in data and "ScriptMetadataMethod" in processFields: + scriptMetadataMethods = data["ScriptMetadataMethod"] + for scriptMetadataMethod in scriptMetadataMethods: + addr = get_addr(scriptMetadataMethod["Address"]) + name = scriptMetadataMethod["Name"] + methodAddr = get_addr(scriptMetadataMethod["MethodAddress"]) + set_name(addr, name) + idc.set_cmt(addr, name, 1) + idc.set_cmt(addr, '{0:X}'.format(methodAddr), 0) + +print('Script finished!') +