IL2Cpp/Il2CppDumper
1
0
Fork 0
mirror of https://github.com/Perfare/Il2CppDumper.git synced 2025-01-25 02:03:02 -03:00
Code Issues Projects Releases Packages Wiki Activity

修复dump文件和pe的rva

Browse source
This commit is contained in:
Perfare 2019-11-05 11:43:13 +08:00
parent 10c5ac5482
commit a9b1a49163
6 changed files with 49 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
Il2CppDumper/DummyAssemblyCreator.cs
View file

@ -195,7 +195,8 @@ namespace Il2CppDumper
if (methodPointer > 0)
{
var customAttribute = new CustomAttribute(typeDefinition.Module.Import(addressAttribute));
var rva = new CustomAttributeNamedArgument("RVA", new CustomAttributeArgument(stringType, $"0x{methodPointer:X}"));
var fixedMethodPointer = il2cpp.FixPointer(methodPointer);
var rva = new CustomAttributeNamedArgument("RVA", new CustomAttributeArgument(stringType, $"0x{fixedMethodPointer:X}"));
var offset = new CustomAttributeNamedArgument("Offset", new CustomAttributeArgument(stringType, $"0x{il2cpp.MapVATR(methodPointer):X}"));
customAttribute.Fields.Add(rva);
customAttribute.Fields.Add(offset);

19
Il2CppDumper/Elf.cs
View file

@ -14,6 +14,8 @@ namespace Il2CppDumper
private Elf32_Sym[] dynamic_symbol_table;
private Dictionary<string, Elf32_Shdr> sectionWithName = new Dictionary<string, Elf32_Shdr>();
private bool isDumped;
private uint dumpAddr;
//默认编译器
/*
@ -65,7 +67,7 @@ namespace Il2CppDumper
Console.WriteLine("Detected this may be a dump file. If not, it must be protected.");
isDumped = true;
Console.WriteLine("Input dump address:");
var dumpAddr = Convert.ToUInt32(Console.ReadLine(), 16);
dumpAddr = Convert.ToUInt32(Console.ReadLine(), 16);
foreach (var phdr in program_table)
{
phdr.p_offset = phdr.p_vaddr;
@ -168,10 +170,6 @@ namespace Il2CppDumper
public override bool PlusSearch(int methodCount, int typeDefinitionsCount)
{
if (!isDumped && (!sectionWithName.ContainsKey(".data.rel.ro") || !sectionWithName.ContainsKey(".text") || !sectionWithName.ContainsKey(".bss")))
{
Console.WriteLine("ERROR: This file has been protected.");
}
var dataList = new List<Elf32_Phdr>();
var execList = new List<Elf32_Phdr>();
foreach (var phdr in program_table.Where(x => x.p_type == 1u))
@ -278,7 +276,7 @@ namespace Il2CppDumper
{
//简单的加壳检测检测是否含有init function或者JNI_OnLoad
//.init_proc
if (dynamic_table.FirstOrDefault(x=>x.d_tag == DT_INIT) != null)
if (dynamic_table.FirstOrDefault(x => x.d_tag == DT_INIT) != null)
{
Console.WriteLine("WARNING: find .init_proc");
return true;
@ -297,5 +295,14 @@ namespace Il2CppDumper
}
return false;
}
public override ulong FixPointer(ulong pointer)
{
if (isDumped)
{
return pointer - dumpAddr;
}
return pointer;
}
}
}

16
Il2CppDumper/Elf64.cs
View file

@ -14,6 +14,7 @@ namespace Il2CppDumper
private Elf64_Sym[] dynamic_symbol_table;
private Dictionary<string, Elf64_Shdr> sectionWithName = new Dictionary<string, Elf64_Shdr>();
private bool isDumped;
private ulong dumpAddr;
public Elf64(Stream stream, float version, long maxMetadataUsages) : base(stream, version, maxMetadataUsages)
{
@ -44,7 +45,7 @@ namespace Il2CppDumper
Console.WriteLine("Detected this may be a dump file. If not, it must be protected.");
isDumped = true;
Console.WriteLine("Input dump address:");
var dumpAddr = Convert.ToUInt64(Console.ReadLine(), 16);
dumpAddr = Convert.ToUInt64(Console.ReadLine(), 16);
foreach (var phdr in program_table)
{
phdr.p_offset = phdr.p_vaddr;
@ -97,10 +98,6 @@ namespace Il2CppDumper
public override bool PlusSearch(int methodCount, int typeDefinitionsCount)
{
if (!isDumped && (!sectionWithName.ContainsKey(".data.rel.ro") || !sectionWithName.ContainsKey(".text") || !sectionWithName.ContainsKey(".bss")))
{
Console.WriteLine("ERROR: This file has been protected.");
}
var dataList = new List<Elf64_Phdr>();
var execList = new List<Elf64_Phdr>();
foreach (var phdr in program_table.Where(x => x.p_type == 1u))
@ -230,5 +227,14 @@ namespace Il2CppDumper
}
return false;
}
public override ulong FixPointer(ulong pointer)
{
if (isDumped)
{
return pointer - dumpAddr;
}
return pointer;
}
}
}

5
Il2CppDumper/Il2Cpp.cs
View file

@ -243,5 +243,10 @@ namespace Il2CppDumper
return methodPointer;
}
}
public virtual ulong FixPointer(ulong pointer)
{
return pointer;
}
}
}

5
Il2CppDumper/PE.cs
View file

@ -100,5 +100,10 @@ namespace Il2CppDumper
{
return false;
}
public override ulong FixPointer(ulong pointer)
{
return pointer - imageBase;
}
}
}

17
Il2CppDumper/Program.cs
View file

@ -531,9 +531,17 @@ namespace Il2CppDumper
var methodPointer = il2cpp.GetMethodPointer(methodDef.methodIndex, i, imageIndex, methodDef.token);
if (methodPointer > 0)
{
writer.Write("); // RVA: 0x{0:X} Offset: 0x{1:X}\n", methodPointer, il2cpp.MapVATR(methodPointer));
//Script - method
scriptwriter.WriteLine($"SetName(0x{methodPointer:X}, '{typeName + "$$" + methodName}')");
var fixedMethodPointer = il2cpp.FixPointer(methodPointer);
writer.Write("); // RVA: 0x{0:X} Offset: 0x{1:X}\n", fixedMethodPointer, il2cpp.MapVATR(methodPointer));
//Script - methodPointer
if (il2cpp is PE)
{
scriptwriter.WriteLine($"SetName(0x{methodPointer:X}, '{typeName + "$$" + methodName}')");
}
else
{
scriptwriter.WriteLine($"SetName(0x{fixedMethodPointer:X}, '{typeName + "$$" + methodName}')");
}
}
else
{
@ -780,7 +788,8 @@ namespace Il2CppDumper
{
var typeIndex = metadata.attributeTypes[attributeTypeRange.start + i];
var methodPointer = il2cpp.customAttributeGenerators[index];
sb.AppendFormat("{0}[{1}] // RVA: 0x{2:X} Offset: 0x{3:X}\n", padding, GetTypeName(il2cpp.types[typeIndex]), methodPointer, il2cpp.MapVATR(methodPointer));
var fixedMethodPointer = il2cpp.FixPointer(methodPointer);
sb.AppendFormat("{0}[{1}] // RVA: 0x{2:X} Offset: 0x{3:X}\n", padding, GetTypeName(il2cpp.types[typeIndex]), fixedMethodPointer, il2cpp.MapVATR(methodPointer));
}
return sb.ToString();
}