v27以上dump文件不再需要输入Metadata地址

支持dumped的pe文件
This commit is contained in:
Perfare 2022-04-21 20:04:11 +08:00
parent daeff2734c
commit 63c5af8d12
13 changed files with 135 additions and 89 deletions

View file

@ -26,12 +26,13 @@ namespace Il2CppDumper
public Elf(Stream stream) : base(stream) public Elf(Stream stream) : base(stream)
{ {
Is32Bit = true; Is32Bit = true;
elfHeader = ReadClass<Elf32_Ehdr>(); Load();
programSegment = ReadClassArray<Elf32_Phdr>(elfHeader.e_phoff, elfHeader.e_phnum);
if (!CheckSection())
{
GetDumpAddress();
} }
protected override void Load()
{
elfHeader = ReadClass<Elf32_Ehdr>(0);
programSegment = ReadClassArray<Elf32_Phdr>(elfHeader.e_phoff, elfHeader.e_phnum);
if (IsDumped) if (IsDumped)
{ {
FixedProgramSegment(); FixedProgramSegment();
@ -53,7 +54,7 @@ namespace Il2CppDumper
} }
} }
public bool CheckSection() protected override bool CheckSection()
{ {
try try
{ {
@ -133,10 +134,10 @@ namespace Il2CppDumper
if (elfHeader.e_machine == EM_ARM) if (elfHeader.e_machine == EM_ARM)
{ {
Position = result + 0x14; Position = result + 0x14;
codeRegistration = ReadUInt32() + result + 0xcu + (uint)DumpAddr; codeRegistration = ReadUInt32() + result + 0xcu + (uint)ImageBase;
Position = result + 0x10; Position = result + 0x10;
var ptr = ReadUInt32() + result + 0x8; var ptr = ReadUInt32() + result + 0x8;
Position = MapVATR(ptr + DumpAddr); Position = MapVATR(ptr + ImageBase);
metadataRegistration = ReadUInt32(); metadataRegistration = ReadUInt32();
} }
} }
@ -272,6 +273,8 @@ namespace Il2CppDumper
} }
private bool CheckProtection() private bool CheckProtection()
{
try
{ {
//.init_proc //.init_proc
if (dynamicSection.Any(x => x.d_tag == DT_INIT)) if (dynamicSection.Any(x => x.d_tag == DT_INIT))
@ -296,6 +299,11 @@ namespace Il2CppDumper
Console.WriteLine("WARNING: find SHT_LOUSER section"); Console.WriteLine("WARNING: find SHT_LOUSER section");
return true; return true;
} }
}
catch
{
// ignored
}
return false; return false;
} }
@ -303,7 +311,7 @@ namespace Il2CppDumper
{ {
if (IsDumped) if (IsDumped)
{ {
return pointer - DumpAddr; return pointer - ImageBase;
} }
return pointer; return pointer;
} }
@ -316,7 +324,7 @@ namespace Il2CppDumper
var phdr = programSegment[i]; var phdr = programSegment[i];
phdr.p_offset = phdr.p_vaddr; phdr.p_offset = phdr.p_vaddr;
Write(phdr.p_offset); Write(phdr.p_offset);
phdr.p_vaddr += (uint)DumpAddr; phdr.p_vaddr += (uint)ImageBase;
Write(phdr.p_vaddr); Write(phdr.p_vaddr);
Position += 4; Position += 4;
phdr.p_filesz = phdr.p_memsz; phdr.p_filesz = phdr.p_memsz;
@ -343,7 +351,7 @@ namespace Il2CppDumper
case DT_JMPREL: case DT_JMPREL:
case DT_INIT_ARRAY: case DT_INIT_ARRAY:
case DT_FINI_ARRAY: case DT_FINI_ARRAY:
dyn.d_un += (uint)DumpAddr; dyn.d_un += (uint)ImageBase;
Write(dyn.d_un); Write(dyn.d_un);
break; break;
} }

View file

@ -17,12 +17,13 @@ namespace Il2CppDumper
public Elf64(Stream stream) : base(stream) public Elf64(Stream stream) : base(stream)
{ {
elfHeader = ReadClass<Elf64_Ehdr>(); Load();
programSegment = ReadClassArray<Elf64_Phdr>(elfHeader.e_phoff, elfHeader.e_phnum);
if (!CheckSection())
{
GetDumpAddress();
} }
protected override void Load()
{
elfHeader = ReadClass<Elf64_Ehdr>(0);
programSegment = ReadClassArray<Elf64_Phdr>(elfHeader.e_phoff, elfHeader.e_phnum);
if (IsDumped) if (IsDumped)
{ {
FixedProgramSegment(); FixedProgramSegment();
@ -44,7 +45,7 @@ namespace Il2CppDumper
} }
} }
public bool CheckSection() protected override bool CheckSection()
{ {
try try
{ {
@ -216,6 +217,8 @@ namespace Il2CppDumper
} }
private bool CheckProtection() private bool CheckProtection()
{
try
{ {
//.init_proc //.init_proc
if (dynamicSection.Any(x => x.d_tag == DT_INIT)) if (dynamicSection.Any(x => x.d_tag == DT_INIT))
@ -240,6 +243,11 @@ namespace Il2CppDumper
Console.WriteLine("WARNING: find SHT_LOUSER section"); Console.WriteLine("WARNING: find SHT_LOUSER section");
return true; return true;
} }
}
catch
{
// ignored
}
return false; return false;
} }
@ -247,7 +255,7 @@ namespace Il2CppDumper
{ {
if (IsDumped) if (IsDumped)
{ {
return pointer - DumpAddr; return pointer - ImageBase;
} }
return pointer; return pointer;
} }
@ -260,7 +268,7 @@ namespace Il2CppDumper
var phdr = programSegment[i]; var phdr = programSegment[i];
phdr.p_offset = phdr.p_vaddr; phdr.p_offset = phdr.p_vaddr;
Write(phdr.p_offset); Write(phdr.p_offset);
phdr.p_vaddr += DumpAddr; phdr.p_vaddr += ImageBase;
Write(phdr.p_vaddr); Write(phdr.p_vaddr);
Position += 8; Position += 8;
phdr.p_filesz = phdr.p_memsz; phdr.p_filesz = phdr.p_memsz;
@ -287,7 +295,7 @@ namespace Il2CppDumper
case DT_JMPREL: case DT_JMPREL:
case DT_INIT_ARRAY: case DT_INIT_ARRAY:
case DT_FINI_ARRAY: case DT_FINI_ARRAY:
dyn.d_un += DumpAddr; dyn.d_un += ImageBase;
Write(dyn.d_un); Write(dyn.d_un);
break; break;
} }

View file

@ -1,24 +1,15 @@
using System; using System.IO;
using System.IO;
namespace Il2CppDumper namespace Il2CppDumper
{ {
public abstract class ElfBase : Il2Cpp public abstract class ElfBase : Il2Cpp
{ {
public bool IsDumped;
public ulong DumpAddr;
protected ElfBase(Stream stream) : base(stream) { } protected ElfBase(Stream stream) : base(stream) { }
protected abstract void Load();
protected abstract bool CheckSection();
public void GetDumpAddress() public override bool CheckDump() => !CheckSection();
{
Console.WriteLine("Detected this may be a dump file."); public void Reload() => Load();
Console.WriteLine("Input il2cpp dump address or input 0 to force continue:");
DumpAddr = Convert.ToUInt64(Console.ReadLine(), 16);
if (DumpAddr != 0)
{
IsDumped = true;
}
}
} }
} }

View file

@ -203,5 +203,7 @@ namespace Il2CppDumper
sectionHelper.SetSection(SearchSectionType.Bss, bss); sectionHelper.SetSection(SearchSectionType.Bss, bss);
return sectionHelper; return sectionHelper;
} }
public override bool CheckDump() => false;
} }
} }

View file

@ -265,5 +265,7 @@ namespace Il2CppDumper
sectionHelper.SetSection(SearchSectionType.Bss, bss); sectionHelper.SetSection(SearchSectionType.Bss, bss);
return sectionHelper; return sectionHelper;
} }
public override bool CheckDump() => false;
} }
} }

View file

@ -328,5 +328,7 @@ namespace Il2CppDumper
sectionHelper.SetSection(SearchSectionType.Bss, header.BssSegment); sectionHelper.SetSection(SearchSectionType.Bss, header.BssSegment);
return sectionHelper; return sectionHelper;
} }
public override bool CheckDump() => false;
} }
} }

View file

@ -9,7 +9,6 @@ namespace Il2CppDumper
public sealed class PE : Il2Cpp public sealed class PE : Il2Cpp
{ {
private SectionHeader[] sections; private SectionHeader[] sections;
private ulong imageBase;
public PE(Stream stream) : base(stream) public PE(Stream stream) : base(stream)
{ {
@ -31,12 +30,12 @@ namespace Il2CppDumper
{ {
Is32Bit = true; Is32Bit = true;
var optionalHeader = ReadClass<OptionalHeader>(); var optionalHeader = ReadClass<OptionalHeader>();
imageBase = optionalHeader.ImageBase; ImageBase = optionalHeader.ImageBase;
} }
else if (magic == 0x20b) else if (magic == 0x20b)
{ {
var optionalHeader = ReadClass<OptionalHeader64>(); var optionalHeader = ReadClass<OptionalHeader64>();
imageBase = optionalHeader.ImageBase; ImageBase = optionalHeader.ImageBase;
} }
else else
{ {
@ -48,7 +47,7 @@ namespace Il2CppDumper
public void LoadFromMemory(ulong addr) public void LoadFromMemory(ulong addr)
{ {
imageBase = addr; ImageBase = addr;
foreach (var section in sections) foreach (var section in sections)
{ {
section.PointerToRawData = section.VirtualAddress; section.PointerToRawData = section.VirtualAddress;
@ -58,7 +57,7 @@ namespace Il2CppDumper
public override ulong MapVATR(ulong absAddr) public override ulong MapVATR(ulong absAddr)
{ {
var addr = absAddr - imageBase; var addr = absAddr - ImageBase;
var section = sections.FirstOrDefault(x => addr >= x.VirtualAddress && addr <= x.VirtualAddress + x.VirtualSize); var section = sections.FirstOrDefault(x => addr >= x.VirtualAddress && addr <= x.VirtualAddress + x.VirtualSize);
if (section == null) if (section == null)
{ {
@ -74,7 +73,7 @@ namespace Il2CppDumper
{ {
return 0ul; return 0ul;
} }
return addr - section.PointerToRawData + section.VirtualAddress + imageBase; return addr - section.PointerToRawData + section.VirtualAddress + ImageBase;
} }
public override bool Search() public override bool Search()
@ -97,7 +96,7 @@ namespace Il2CppDumper
public override ulong GetRVA(ulong pointer) public override ulong GetRVA(ulong pointer)
{ {
return pointer - imageBase; return pointer - ImageBase;
} }
public override SectionHelper GetSectionHelper(int methodCount, int typeDefinitionsCount, int imageCount) public override SectionHelper GetSectionHelper(int methodCount, int typeDefinitionsCount, int imageCount)
@ -120,10 +119,22 @@ namespace Il2CppDumper
var sectionHelper = new SectionHelper(this, methodCount, typeDefinitionsCount, maxMetadataUsages, imageCount); var sectionHelper = new SectionHelper(this, methodCount, typeDefinitionsCount, maxMetadataUsages, imageCount);
var data = dataList.ToArray(); var data = dataList.ToArray();
var exec = execList.ToArray(); var exec = execList.ToArray();
sectionHelper.SetSection(SearchSectionType.Exec, imageBase, exec); sectionHelper.SetSection(SearchSectionType.Exec, ImageBase, exec);
sectionHelper.SetSection(SearchSectionType.Data, imageBase, data); sectionHelper.SetSection(SearchSectionType.Data, ImageBase, data);
sectionHelper.SetSection(SearchSectionType.Bss, imageBase, data); sectionHelper.SetSection(SearchSectionType.Bss, ImageBase, data);
return sectionHelper; return sectionHelper;
} }
public override bool CheckDump()
{
if (Is32Bit)
{
return ImageBase != 0x10000000;
}
else
{
return ImageBase != 0x180000000;
}
}
} }
} }

View file

@ -66,5 +66,7 @@ namespace Il2CppDumper
sectionHelper.SetSection(SearchSectionType.Bss, bss); sectionHelper.SetSection(SearchSectionType.Bss, bss);
return sectionHelper; return sectionHelper;
} }
public override bool CheckDump() => false;
} }
} }

View file

@ -11,6 +11,7 @@ namespace Il2CppDumper
{ {
public double Version; public double Version;
public bool Is32Bit; public bool Is32Bit;
public ulong ImageBase;
private Stream stream; private Stream stream;
private BinaryReader reader; private BinaryReader reader;
private BinaryWriter writer; private BinaryWriter writer;

View file

@ -30,6 +30,7 @@ namespace Il2CppDumper
public Dictionary<string, Il2CppCodeGenModule> codeGenModules; public Dictionary<string, Il2CppCodeGenModule> codeGenModules;
public Dictionary<string, ulong[]> codeGenModuleMethodPointers; public Dictionary<string, ulong[]> codeGenModuleMethodPointers;
public Dictionary<string, Dictionary<uint, Il2CppRGCTXDefinition[]>> rgctxsDictionary; public Dictionary<string, Dictionary<uint, Il2CppRGCTXDefinition[]>> rgctxsDictionary;
public bool IsDumped;
public abstract ulong MapVATR(ulong addr); public abstract ulong MapVATR(ulong addr);
public abstract ulong MapRTVA(ulong addr); public abstract ulong MapRTVA(ulong addr);
@ -37,6 +38,7 @@ namespace Il2CppDumper
public abstract bool PlusSearch(int methodCount, int typeDefinitionsCount, int imageCount); public abstract bool PlusSearch(int methodCount, int typeDefinitionsCount, int imageCount);
public abstract bool SymbolSearch(); public abstract bool SymbolSearch();
public abstract SectionHelper GetSectionHelper(int methodCount, int typeDefinitionsCount, int imageCount); public abstract SectionHelper GetSectionHelper(int methodCount, int typeDefinitionsCount, int imageCount);
public abstract bool CheckDump();
protected Il2Cpp(Stream stream) : base(stream) { } protected Il2Cpp(Stream stream) : base(stream) { }

View file

@ -39,7 +39,6 @@ namespace Il2CppDumper
public Il2CppRGCTXDefinition[] rgctxEntries; public Il2CppRGCTXDefinition[] rgctxEntries;
private Dictionary<uint, string> stringCache = new Dictionary<uint, string>(); private Dictionary<uint, string> stringCache = new Dictionary<uint, string>();
public ulong Address;
public Metadata(Stream stream) : base(stream) public Metadata(Stream stream) : base(stream)
{ {

View file

@ -184,12 +184,25 @@ namespace Il2CppDumper
var version = config.ForceIl2CppVersion ? config.ForceVersion : metadata.Version; var version = config.ForceIl2CppVersion ? config.ForceVersion : metadata.Version;
il2Cpp.SetProperties(version, metadata.maxMetadataUsages); il2Cpp.SetProperties(version, metadata.maxMetadataUsages);
Console.WriteLine($"Il2Cpp Version: {il2Cpp.Version}"); Console.WriteLine($"Il2Cpp Version: {il2Cpp.Version}");
if (il2Cpp.Version >= 27 && il2Cpp is ElfBase elf && elf.IsDumped) if (il2Cpp.CheckDump())
{ {
Console.WriteLine("Input global-metadata.dat dump address:"); if (il2Cpp is ElfBase elf)
metadata.Address = Convert.ToUInt64(Console.ReadLine(), 16); {
Console.WriteLine("Detected this may be a dump file.");
Console.WriteLine("Input il2cpp dump address or input 0 to force continue:");
var DumpAddr = Convert.ToUInt64(Console.ReadLine(), 16);
if (DumpAddr != 0)
{
il2Cpp.ImageBase = DumpAddr;
il2Cpp.IsDumped = true;
elf.Reload();
}
}
else
{
il2Cpp.IsDumped = true;
}
} }
Console.WriteLine("Searching..."); Console.WriteLine("Searching...");
try try
@ -221,7 +234,12 @@ namespace Il2CppDumper
Console.Write("Input MetadataRegistration: "); Console.Write("Input MetadataRegistration: ");
var metadataRegistration = Convert.ToUInt64(Console.ReadLine(), 16); var metadataRegistration = Convert.ToUInt64(Console.ReadLine(), 16);
il2Cpp.Init(codeRegistration, metadataRegistration); il2Cpp.Init(codeRegistration, metadataRegistration);
return true; }
if (il2Cpp.Version >= 27 && il2Cpp.IsDumped)
{
var typeDef = metadata.typeDefs[0];
var il2CppType = il2Cpp.types[typeDef.byvalTypeIndex];
metadata.ImageBase = il2CppType.data.typeHandle - metadata.header.typeDefinitionsOffset;
} }
} }
catch (Exception e) catch (Exception e)

View file

@ -292,9 +292,9 @@ namespace Il2CppDumper
public Il2CppTypeDefinition GetTypeDefinitionFromIl2CppType(Il2CppType il2CppType) public Il2CppTypeDefinition GetTypeDefinitionFromIl2CppType(Il2CppType il2CppType)
{ {
if (il2Cpp.Version >= 27 && il2Cpp is ElfBase elf && elf.IsDumped) if (il2Cpp.Version >= 27 && il2Cpp.IsDumped)
{ {
var offset = il2CppType.data.typeHandle - metadata.Address - metadata.header.typeDefinitionsOffset; var offset = il2CppType.data.typeHandle - metadata.ImageBase - metadata.header.typeDefinitionsOffset;
var index = offset / (ulong)metadata.SizeOf(typeof(Il2CppTypeDefinition)); var index = offset / (ulong)metadata.SizeOf(typeof(Il2CppTypeDefinition));
return metadata.typeDefs[index]; return metadata.typeDefs[index];
} }
@ -306,9 +306,9 @@ namespace Il2CppDumper
public Il2CppGenericParameter GetGenericParameteFromIl2CppType(Il2CppType il2CppType) public Il2CppGenericParameter GetGenericParameteFromIl2CppType(Il2CppType il2CppType)
{ {
if (il2Cpp.Version >= 27 && il2Cpp is ElfBase elf && elf.IsDumped) if (il2Cpp.Version >= 27 && il2Cpp.IsDumped)
{ {
var offset = il2CppType.data.genericParameterHandle - metadata.Address - metadata.header.genericParametersOffset; var offset = il2CppType.data.genericParameterHandle - metadata.ImageBase - metadata.header.genericParametersOffset;
var index = offset / (ulong)metadata.SizeOf(typeof(Il2CppGenericParameter)); var index = offset / (ulong)metadata.SizeOf(typeof(Il2CppGenericParameter));
return metadata.genericParameters[index]; return metadata.genericParameters[index];
} }