From 633f76140fe0ad20955cc5d67f7e0cc55091704b Mon Sep 17 00:00:00 2001 From: Perfare Date: Mon, 8 Jan 2018 04:42:29 +0800 Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0v24=E7=9A=84=E7=AC=A6?= =?UTF-8?q?=E5=8F=B7=E6=A3=80=E6=B5=8B=E6=A8=A1=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Il2CppDumper/Elf.cs | 66 ++++++++++++++++++++++++++++++++--------- Il2CppDumper/Program.cs | 19 ++++++++++-- 2 files changed, 69 insertions(+), 16 deletions(-) diff --git a/Il2CppDumper/Elf.cs b/Il2CppDumper/Elf.cs index 16bf2bc..ef98910 100644 --- a/Il2CppDumper/Elf.cs +++ b/Il2CppDumper/Elf.cs @@ -14,6 +14,9 @@ namespace Il2CppDumper private static byte[] X86FeatureBytes1 = { 0x8D, 0x83 };//lea eax, X private static byte[] X86FeatureBytes2 = { 0x89, 0x44, 0x24, 0x04, 0x8D, 0x83 };//mov [esp+4], eax and lea eax, X private Dictionary sectionWithName = new Dictionary(); + private List sectionLists = new List(); + private uint codeRegistration; + private uint metadataRegistration; public Elf(Stream stream, int version, long maxmetadataUsages) : base(stream) { @@ -70,6 +73,7 @@ namespace Il2CppDumper { var section = ReadClass((int)elf_header.e_shoff + (elf_header.e_shentsize * i)); sectionWithName.Add(ReadStringToNull(section_name_block_off + section.sh_name), section); + sectionLists.Add(section); } } catch @@ -138,12 +142,12 @@ namespace Il2CppDumper Position = i + 0x2c; var subaddr = ReadUInt32() + _GLOBAL_OFFSET_TABLE_; Position = subaddr + 0x28; - var codeRegistration = ReadUInt32() + _GLOBAL_OFFSET_TABLE_; + codeRegistration = ReadUInt32() + _GLOBAL_OFFSET_TABLE_; Console.WriteLine("CodeRegistration : {0:x}", codeRegistration); Position = subaddr + 0x2C; var ptr = ReadUInt32() + _GLOBAL_OFFSET_TABLE_; Position = MapVATR(ptr); - var metadataRegistration = ReadUInt32(); + metadataRegistration = ReadUInt32(); Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration); Init(codeRegistration, metadataRegistration); return true; @@ -162,11 +166,11 @@ namespace Il2CppDumper Position = i + 0x18; var subaddr = ReadUInt32() + _GLOBAL_OFFSET_TABLE_; Position = subaddr + 0x2C; - var codeRegistration = ReadUInt32() + _GLOBAL_OFFSET_TABLE_; + codeRegistration = ReadUInt32() + _GLOBAL_OFFSET_TABLE_; Console.WriteLine("CodeRegistration : {0:x}", codeRegistration); Position = subaddr + 0x20; var temp = ReadUInt16(); - var metadataRegistration = ReadUInt32() + _GLOBAL_OFFSET_TABLE_; + metadataRegistration = ReadUInt32() + _GLOBAL_OFFSET_TABLE_; if (temp == 0x838B)//mov { Position = MapVATR(metadataRegistration); @@ -202,8 +206,6 @@ namespace Il2CppDumper Elf32_Shdr datarelrolocal = null; if (sectionWithName.ContainsKey(".data.rel.ro.local")) datarelrolocal = sectionWithName[".data.rel.ro.local"]; - uint codeRegistration = 0; - uint metadataRegistration = 0; var pmethodPointers = FindPointersAsc(methodCount, datarelro, text); if (pmethodPointers == 0 && datarelrolocal != null) pmethodPointers = FindPointersAsc(methodCount, datarelrolocal, text); @@ -325,6 +327,7 @@ namespace Il2CppDumper { Console.WriteLine("Applying relocations..."); var dynsym = sectionWithName[".dynsym"]; + var symbol_name_block_off = sectionLists[(int)dynsym.sh_link].sh_offset; var rel_dyn = sectionWithName[".rel.dyn"]; var dynamic_symbol_table = ReadClassArray(dynsym.sh_offset, dynsym.sh_size / 16); var rel_dynend = rel_dyn.sh_offset + rel_dyn.sh_size; @@ -335,13 +338,34 @@ namespace Il2CppDumper var offset = ReadUInt32(); var type = ReadByte(); var index = ReadByte() | (ReadByte() << 8) | (ReadByte() << 16); - if (type == 2) + switch (type) { - var dynamic_symbol = dynamic_symbol_table[index]; - var position = Position; - writer.BaseStream.Position = offset; - writer.Write(dynamic_symbol.sym_value); - Position = position; + case 2: + { + var position = Position; + var dynamic_symbol = dynamic_symbol_table[index]; + writer.BaseStream.Position = offset; + writer.Write(dynamic_symbol.sym_value); + Position = position; + break; + } + case 21: + { + var position = Position; + var dynamic_symbol = dynamic_symbol_table[index]; + var name = ReadStringToNull(symbol_name_block_off + dynamic_symbol.sym_name); + switch (name) + { + case "g_CodeRegistration": + codeRegistration = dynamic_symbol.sym_value; + break; + case "g_MetadataRegistration": + metadataRegistration = dynamic_symbol.sym_value; + break; + } + Position = position; + break; + } } } } @@ -357,12 +381,12 @@ namespace Il2CppDumper Elf32_Shdr datarelrolocal = null; if (sectionWithName.ContainsKey(".data.rel.ro.local")) datarelrolocal = sectionWithName[".data.rel.ro.local"]; - var codeRegistration = FindCodeRegistration(methodCount, datarelro, datarelrolocal, text); + codeRegistration = FindCodeRegistration(methodCount, datarelro, datarelrolocal, text); if (codeRegistration == 0 && datarelrolocal != null) { codeRegistration = FindCodeRegistration(methodCount, datarelrolocal, datarelrolocal, text); } - var metadataRegistration = FindMetadataRegistration(typeDefinitionsCount, datarelro, datarelrolocal, bss); + metadataRegistration = FindMetadataRegistration(typeDefinitionsCount, datarelro, datarelrolocal, bss); if (metadataRegistration == 0 && datarelrolocal != null) { metadataRegistration = FindMetadataRegistration(typeDefinitionsCount, datarelrolocal, datarelrolocal, bss); @@ -472,5 +496,19 @@ namespace Il2CppDumper } return 0; } + + public bool DetectedSymbol() + { + if (codeRegistration > 0 && metadataRegistration > 0) + { + Console.WriteLine("Detected Symbol !"); + Console.WriteLine("CodeRegistration : {0:x}", codeRegistration); + Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration); + Init(codeRegistration, metadataRegistration); + return true; + } + Console.WriteLine("ERROR: No symbol is detected"); + return false; + } } } \ No newline at end of file diff --git a/Il2CppDumper/Program.cs b/Il2CppDumper/Program.cs index 1d92c1b..e43024a 100644 --- a/Il2CppDumper/Program.cs +++ b/Il2CppDumper/Program.cs @@ -66,7 +66,12 @@ namespace Il2CppDumper is64bit = true; goto case 0xFEEDFACE; case 0xFEEDFACE:// 32-bit mach object file - Console.WriteLine("Select Mode: 1.Manual 2.Auto 3.Auto(Advanced) 4.Auto(Plus)"); + Console.Write("Select Mode: 1.Manual 2.Auto 3.Auto(Advanced) 4.Auto(Plus)"); + if (isElf) + { + Console.Write(" 5.Auto(Symbol)"); + } + Console.WriteLine(); key = Console.ReadKey(true); var version = config.forceil2cppversion ? config.forceversion : metadata.version; switch (key.KeyChar) @@ -74,6 +79,7 @@ namespace Il2CppDumper case '2': case '3': case '4': + case '5': Console.WriteLine("Initializing il2cpp file..."); if (isElf) il2cpp = new Elf(new MemoryStream(il2cppfile), version, metadata.maxmetadataUsages); @@ -83,6 +89,15 @@ namespace Il2CppDumper il2cpp = new Macho(new MemoryStream(il2cppfile), version, metadata.maxmetadataUsages); try { + if (key.KeyChar == '5') + { + var elf = (Elf)il2cpp; + if (!elf.DetectedSymbol()) + { + throw new Exception(); + } + break; + } Console.WriteLine("Searching..."); if (key.KeyChar == '2' ? !il2cpp.Search() : @@ -95,7 +110,7 @@ namespace Il2CppDumper } catch { - throw new Exception("ERROR: Unable to process file automatically, try to use other mode."); + throw new Exception("ERROR: Can't use this mode to process file, try another mode."); } break; case '1':