IL2Cpp/Il2CppDumper
1
0
Fork 0
mirror of https://github.com/Perfare/Il2CppDumper.git synced 2025-01-09 11:17:35 -03:00
Code Issues Projects Releases Packages Wiki Activity

强化搜索

Browse source 
支持x86_64重定向
This commit is contained in:
Perfare 2023-02-24 05:06:27 +08:00
parent d7ef4b3aad
commit ee6c71534c
4 changed files with 94 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
Il2CppDumper/ExecutableFormats/Elf64.cs
View file

@ -192,21 +192,20 @@ namespace Il2CppDumper
{
var type = rela.r_info & 0xffffffff;
var sym = rela.r_info >> 32;
switch (type)
(ulong value, bool recognized) result = (type, elfHeader.e_machine) switch
{
case R_AARCH64_ABS64:
{
var symbol = symbolTable[sym];
Position = MapVATR(rela.r_offset);
Write(symbol.st_value + (ulong)rela.r_addend);
break;
}
case R_AARCH64_RELATIVE:
{
Position = MapVATR(rela.r_offset);
Write(rela.r_addend);
break;
}
(R_AARCH64_ABS64, EM_AARCH64) => (symbolTable[sym].st_value + rela.r_addend, true),
(R_AARCH64_RELATIVE, EM_AARCH64) => (rela.r_addend, true),
(R_X86_64_64, EM_X86_64) => (symbolTable[sym].st_value + rela.r_addend, true),
(R_X86_64_RELATIVE, EM_X86_64) => (rela.r_addend, true),
_ => (0, false)
};
if (result.recognized)
{
Position = MapVATR(rela.r_offset);
Write(result.value);
}
}
}

16
Il2CppDumper/ExecutableFormats/ElfClass.cs
View file

@ -144,19 +144,25 @@
{
public ulong r_offset;
public ulong r_info;
public long r_addend;
public ulong r_addend;
}
public static class ElfConstants
{
//e_machine
public const int EM_386 = 3;
public const int EM_ARM = 40;
public const int EM_X86_64 = 62;
public const int EM_AARCH64 = 183;
//p_type
public const int PT_LOAD = 1;
public const int PT_DYNAMIC = 2;
//p_flags
public const int PF_X = 1;
//d_tag
public const int DT_PLTGOT = 3;
public const int DT_HASH = 4;
public const int DT_STRTAB = 5;
@ -172,13 +178,21 @@
public const int DT_FINI_ARRAY = 26;
public const int DT_GNU_HASH = 0x6ffffef5;
//sh_type
public const uint SHT_LOUSER = 0x80000000;
//ARM relocs
public const int R_ARM_ABS32 = 2;
//i386 relocs
public const int R_386_32 = 1;
//AArch64 relocs
public const int R_AARCH64_ABS64 = 257;
public const int R_AARCH64_RELATIVE = 1027;
//AMD x86-64 relocations
public const int R_X86_64_64 = 1;
public const int R_X86_64_RELATIVE = 8;
}
}

2
Il2CppDumper/Outputs/StructGenerator.cs
View file

@ -266,7 +266,7 @@ namespace Il2CppDumper
if (il2Cpp.Version >= 27)
{
var sectionHelper = executor.GetSectionHelper();
foreach (var sec in sectionHelper.data)
foreach (var sec in sectionHelper.Data)
{
il2Cpp.Position = sec.offset;
var end = Math.Min(sec.offsetEnd, il2Cpp.Length) - il2Cpp.PointerSize;

103
Il2CppDumper/Utils/SectionHelper.cs
View file

@ -6,14 +6,19 @@ namespace Il2CppDumper
{
public class SectionHelper
{
private List<SearchSection> exec;
private List<SearchSection> data;
private List<SearchSection> bss;
private Il2Cpp il2Cpp;
private int methodCount;
private int typeDefinitionsCount;
private long metadataUsagesCount;
private int imageCount;
public List<SearchSection> exec;
public List<SearchSection> data;
public List<SearchSection> bss;
private bool pointerInExec;
public List<SearchSection> Exec => exec;
public List<SearchSection> Data => data;
public List<SearchSection> Bss => bss;
public SectionHelper(Il2Cpp il2Cpp, int methodCount, int typeDefinitionsCount, long metadataUsagesCount, int imageCount)
{
@ -163,7 +168,29 @@ namespace Il2CppDumper
{
if (il2Cpp.Version >= 24.2)
{
return FindCodeRegistration2019();
ulong codeRegistration;
if (il2Cpp is ElfBase)
{
codeRegistration = FindCodeRegistrationExec();
if (codeRegistration == 0)
{
codeRegistration = FindCodeRegistrationData();
}
else
{
pointerInExec = true;
}
}
else
{
codeRegistration = FindCodeRegistrationData();
if (codeRegistration == 0)
{
codeRegistration = FindCodeRegistrationExec();
pointerInExec = true;
}
}
return codeRegistration;
}
return FindCodeRegistrationOld();
}
@ -271,19 +298,18 @@ namespace Il2CppDumper
if (CheckPointerRangeDataRa(pointer))
{
var pointers = il2Cpp.ReadClassArray<ulong>(pointer, typeDefinitionsCount);
if (il2Cpp is ElfBase)
bool flag;
if (pointerInExec)
{
if (CheckPointerRangeExecVa(pointers))
{
return addr - il2Cpp.PointerSize * 10 - section.offset + section.address;
}
flag = CheckPointerRangeExecVa(pointers);
}
else
{
if (CheckPointerRangeDataVa(pointers))
{
return addr - il2Cpp.PointerSize * 10 - section.offset + section.address;
}
flag = CheckPointerRangeDataVa(pointers);
}
if (flag)
{
return addr - il2Cpp.PointerSize * 10 - section.offset + section.address;
}
}
}
@ -322,41 +348,43 @@ namespace Il2CppDumper
private static readonly byte[] featureBytes = { 0x6D, 0x73, 0x63, 0x6F, 0x72, 0x6C, 0x69, 0x62, 0x2E, 0x64, 0x6C, 0x6C, 0x00 }; //mscorlib.dll
private ulong FindCodeRegistration2019()
private ulong FindCodeRegistrationData()
{
return FindCodeRegistration2019(data);
}
private ulong FindCodeRegistrationExec()
{
return FindCodeRegistration2019(exec);
}
private ulong FindCodeRegistration2019(List<SearchSection> secs)
{
var secs = data;
if (il2Cpp is ElfBase)
{
secs = exec;
}
foreach (var sec in secs)
{
il2Cpp.Position = sec.offset;
var buff = il2Cpp.ReadBytes((int)(sec.offsetEnd - sec.offset));
foreach (var index in buff.Search(featureBytes))
{
var va = (ulong)index + sec.address;
va = FindReference(va);
if (va != 0ul)
var dllva = (ulong)index + sec.address;
foreach (var refva in FindReference(dllva))
{
va = FindReference(va);
if (va != 0ul)
foreach (var refva2 in FindReference(refva))
{
if (il2Cpp.Version >= 27)
{
for (int i = imageCount - 1; i >= 0; i--)
{
var va2 = FindReference(va - (ulong)i * il2Cpp.PointerSize);
if (va2 != 0ul)
foreach (var refva3 in FindReference(refva2 - (ulong)i * il2Cpp.PointerSize))
{
il2Cpp.Position = il2Cpp.MapVATR(va2 - il2Cpp.PointerSize);
il2Cpp.Position = il2Cpp.MapVATR(refva3 - il2Cpp.PointerSize);
if (il2Cpp.ReadIntPtr() == imageCount)
{
if (il2Cpp.Version >= 29)
{
return va2 - il2Cpp.PointerSize * 14;
return refva3 - il2Cpp.PointerSize * 14;
}
return va2 - il2Cpp.PointerSize * 13;
return refva3 - il2Cpp.PointerSize * 13;
}
}
}
@ -365,10 +393,9 @@ namespace Il2CppDumper
{
for (int i = 0; i < imageCount; i++)
{
var va2 = FindReference(va - (ulong)i * il2Cpp.PointerSize);
if (va2 != 0ul)
foreach (var refva3 in FindReference(refva2 - (ulong)i * il2Cpp.PointerSize))
{
return va2 - il2Cpp.PointerSize * 13;
return refva3 - il2Cpp.PointerSize * 13;
}
}
}
@ -379,22 +406,22 @@ namespace Il2CppDumper
return 0ul;
}
private ulong FindReference(ulong addr)
private IEnumerable<ulong> FindReference(ulong addr)
{
foreach (var dataSec in data)
{
il2Cpp.Position = dataSec.offset;
var position = dataSec.offset;
var end = Math.Min(dataSec.offsetEnd, il2Cpp.Length) - il2Cpp.PointerSize;
while (il2Cpp.Position < end)
while (position < end)
{
var offset = il2Cpp.Position;
il2Cpp.Position = position;
if (il2Cpp.ReadUIntPtr() == addr)
{
return offset - dataSec.offset + dataSec.address;
yield return position - dataSec.offset + dataSec.address;
}
position += il2Cpp.PointerSize;
}
}
return 0ul;
}
}
}