Macho加密判断

This commit is contained in:
Perfare 2020-06-19 01:22:21 +08:00
parent 6200b9e84a
commit 4dc37fa71e
2 changed files with 73 additions and 53 deletions

View file

@ -25,34 +25,44 @@ namespace Il2CppDumper
var pos = Position; var pos = Position;
var cmd = ReadUInt32(); var cmd = ReadUInt32();
var cmdsize = ReadUInt32(); var cmdsize = ReadUInt32();
if (cmd == 1) //LC_SEGMENT switch (cmd)
{ {
var segname = Encoding.UTF8.GetString(ReadBytes(16)).TrimEnd('\0'); case 1: //LC_SEGMENT
if (segname == "__TEXT") //__PAGEZERO var segname = Encoding.UTF8.GetString(ReadBytes(16)).TrimEnd('\0');
{ if (segname == "__TEXT") //__PAGEZERO
vmaddr = ReadUInt32(); {
} vmaddr = ReadUInt32();
else }
{ else
Position += 4; {
} Position += 4;
Position += 20; //skip vmsize, fileoff, filesize, maxprot, initprot }
var nsects = ReadUInt32(); Position += 20; //skip vmsize, fileoff, filesize, maxprot, initprot
Position += 4; //skip flags var nsects = ReadUInt32();
for (var j = 0; j < nsects; j++) Position += 4; //skip flags
{ for (var j = 0; j < nsects; j++)
var section = new MachoSection(); {
sections.Add(section); var section = new MachoSection();
section.sectname = Encoding.UTF8.GetString(ReadBytes(16)).TrimEnd('\0'); sections.Add(section);
Position += 16; //skip segname section.sectname = Encoding.UTF8.GetString(ReadBytes(16)).TrimEnd('\0');
section.addr = ReadUInt32(); Position += 16; //skip segname
section.size = ReadUInt32(); section.addr = ReadUInt32();
section.offset = ReadUInt32(); section.size = ReadUInt32();
Position += 12; //skip align, reloff, nreloc section.offset = ReadUInt32();
section.flags = ReadUInt32(); Position += 12; //skip align, reloff, nreloc
section.end = section.addr + section.size; section.flags = ReadUInt32();
Position += 8; //skip reserved1, reserved2 section.end = section.addr + section.size;
} Position += 8; //skip reserved1, reserved2
}
break;
case 0x21: //LC_ENCRYPTION_INFO
Position += 8;
var cryptID = ReadUInt32();
if (cryptID != 0)
{
Console.WriteLine("ERROR: This Mach-O executable is encrypted and cannot be processed.");
}
break;
} }
Position = pos + cmdsize;//next Position = pos + cmdsize;//next
} }

View file

@ -24,34 +24,44 @@ namespace Il2CppDumper
var pos = Position; var pos = Position;
var cmd = ReadUInt32(); var cmd = ReadUInt32();
var cmdsize = ReadUInt32(); var cmdsize = ReadUInt32();
if (cmd == 0x19) //LC_SEGMENT_64 switch (cmd)
{ {
var segname = Encoding.UTF8.GetString(ReadBytes(16)).TrimEnd('\0'); case 0x19: //LC_SEGMENT_64
if (segname == "__TEXT") //__PAGEZERO var segname = Encoding.UTF8.GetString(ReadBytes(16)).TrimEnd('\0');
{ if (segname == "__TEXT") //__PAGEZERO
vmaddr = ReadUInt64(); {
} vmaddr = ReadUInt64();
else }
{ else
{
Position += 8;
}
Position += 32; //skip vmsize, fileoff, filesize, maxprot, initprot
var nsects = ReadUInt32();
Position += 4; //skip flags
for (var j = 0; j < nsects; j++)
{
var section = new MachoSection64Bit();
sections.Add(section);
section.sectname = Encoding.UTF8.GetString(ReadBytes(16)).TrimEnd('\0');
Position += 16; //skip segname
section.addr = ReadUInt64();
section.size = ReadUInt64();
section.offset = ReadUInt32();
Position += 12; //skip align, reloff, nreloc
section.flags = ReadUInt32();
section.end = section.addr + section.size;
Position += 12; //skip reserved1, reserved2, reserved3
}
break;
case 0x2C: //LC_ENCRYPTION_INFO_64
Position += 8; Position += 8;
} var cryptID = ReadUInt32();
Position += 32; //skip vmsize, fileoff, filesize, maxprot, initprot if (cryptID != 0)
var nsects = ReadUInt32(); {
Position += 4; //skip flags Console.WriteLine("ERROR: This Mach-O executable is encrypted and cannot be processed.");
for (var j = 0; j < nsects; j++) }
{ break;
var section = new MachoSection64Bit();
sections.Add(section);
section.sectname = Encoding.UTF8.GetString(ReadBytes(16)).TrimEnd('\0');
Position += 16; //skip segname
section.addr = ReadUInt64();
section.size = ReadUInt64();
section.offset = ReadUInt32();
Position += 12; //skip align, reloff, nreloc
section.flags = ReadUInt32();
section.end = section.addr + section.size;
Position += 12; //skip reserved1, reserved2, reserved3
}
} }
Position = pos + cmdsize;//skip Position = pos + cmdsize;//skip
} }