强化搜索

支持x86_64重定向
This commit is contained in:
Perfare 2023-02-24 05:06:27 +08:00
parent d7ef4b3aad
commit ee6c71534c
4 changed files with 94 additions and 54 deletions

View file

@ -192,21 +192,20 @@ namespace Il2CppDumper
{ {
var type = rela.r_info & 0xffffffff; var type = rela.r_info & 0xffffffff;
var sym = rela.r_info >> 32; var sym = rela.r_info >> 32;
switch (type) (ulong value, bool recognized) result = (type, elfHeader.e_machine) switch
{ {
case R_AARCH64_ABS64: (R_AARCH64_ABS64, EM_AARCH64) => (symbolTable[sym].st_value + rela.r_addend, true),
{ (R_AARCH64_RELATIVE, EM_AARCH64) => (rela.r_addend, true),
var symbol = symbolTable[sym];
Position = MapVATR(rela.r_offset); (R_X86_64_64, EM_X86_64) => (symbolTable[sym].st_value + rela.r_addend, true),
Write(symbol.st_value + (ulong)rela.r_addend); (R_X86_64_RELATIVE, EM_X86_64) => (rela.r_addend, true),
break;
} _ => (0, false)
case R_AARCH64_RELATIVE: };
if (result.recognized)
{ {
Position = MapVATR(rela.r_offset); Position = MapVATR(rela.r_offset);
Write(rela.r_addend); Write(result.value);
break;
}
} }
} }
} }

View file

@ -144,19 +144,25 @@
{ {
public ulong r_offset; public ulong r_offset;
public ulong r_info; public ulong r_info;
public long r_addend; public ulong r_addend;
} }
public static class ElfConstants public static class ElfConstants
{ {
//e_machine
public const int EM_386 = 3; public const int EM_386 = 3;
public const int EM_ARM = 40; public const int EM_ARM = 40;
public const int EM_X86_64 = 62;
public const int EM_AARCH64 = 183;
//p_type
public const int PT_LOAD = 1; public const int PT_LOAD = 1;
public const int PT_DYNAMIC = 2; public const int PT_DYNAMIC = 2;
//p_flags
public const int PF_X = 1; public const int PF_X = 1;
//d_tag
public const int DT_PLTGOT = 3; public const int DT_PLTGOT = 3;
public const int DT_HASH = 4; public const int DT_HASH = 4;
public const int DT_STRTAB = 5; public const int DT_STRTAB = 5;
@ -172,13 +178,21 @@
public const int DT_FINI_ARRAY = 26; public const int DT_FINI_ARRAY = 26;
public const int DT_GNU_HASH = 0x6ffffef5; public const int DT_GNU_HASH = 0x6ffffef5;
//sh_type
public const uint SHT_LOUSER = 0x80000000; public const uint SHT_LOUSER = 0x80000000;
//ARM relocs
public const int R_ARM_ABS32 = 2; public const int R_ARM_ABS32 = 2;
//i386 relocs
public const int R_386_32 = 1; public const int R_386_32 = 1;
//AArch64 relocs
public const int R_AARCH64_ABS64 = 257; public const int R_AARCH64_ABS64 = 257;
public const int R_AARCH64_RELATIVE = 1027; public const int R_AARCH64_RELATIVE = 1027;
//AMD x86-64 relocations
public const int R_X86_64_64 = 1;
public const int R_X86_64_RELATIVE = 8;
} }
} }

View file

@ -266,7 +266,7 @@ namespace Il2CppDumper
if (il2Cpp.Version >= 27) if (il2Cpp.Version >= 27)
{ {
var sectionHelper = executor.GetSectionHelper(); var sectionHelper = executor.GetSectionHelper();
foreach (var sec in sectionHelper.data) foreach (var sec in sectionHelper.Data)
{ {
il2Cpp.Position = sec.offset; il2Cpp.Position = sec.offset;
var end = Math.Min(sec.offsetEnd, il2Cpp.Length) - il2Cpp.PointerSize; var end = Math.Min(sec.offsetEnd, il2Cpp.Length) - il2Cpp.PointerSize;

View file

@ -6,14 +6,19 @@ namespace Il2CppDumper
{ {
public class SectionHelper public class SectionHelper
{ {
private List<SearchSection> exec;
private List<SearchSection> data;
private List<SearchSection> bss;
private Il2Cpp il2Cpp; private Il2Cpp il2Cpp;
private int methodCount; private int methodCount;
private int typeDefinitionsCount; private int typeDefinitionsCount;
private long metadataUsagesCount; private long metadataUsagesCount;
private int imageCount; private int imageCount;
public List<SearchSection> exec; private bool pointerInExec;
public List<SearchSection> data;
public List<SearchSection> bss; public List<SearchSection> Exec => exec;
public List<SearchSection> Data => data;
public List<SearchSection> Bss => bss;
public SectionHelper(Il2Cpp il2Cpp, int methodCount, int typeDefinitionsCount, long metadataUsagesCount, int imageCount) public SectionHelper(Il2Cpp il2Cpp, int methodCount, int typeDefinitionsCount, long metadataUsagesCount, int imageCount)
{ {
@ -163,7 +168,29 @@ namespace Il2CppDumper
{ {
if (il2Cpp.Version >= 24.2) if (il2Cpp.Version >= 24.2)
{ {
return FindCodeRegistration2019(); ulong codeRegistration;
if (il2Cpp is ElfBase)
{
codeRegistration = FindCodeRegistrationExec();
if (codeRegistration == 0)
{
codeRegistration = FindCodeRegistrationData();
}
else
{
pointerInExec = true;
}
}
else
{
codeRegistration = FindCodeRegistrationData();
if (codeRegistration == 0)
{
codeRegistration = FindCodeRegistrationExec();
pointerInExec = true;
}
}
return codeRegistration;
} }
return FindCodeRegistrationOld(); return FindCodeRegistrationOld();
} }
@ -271,22 +298,21 @@ namespace Il2CppDumper
if (CheckPointerRangeDataRa(pointer)) if (CheckPointerRangeDataRa(pointer))
{ {
var pointers = il2Cpp.ReadClassArray<ulong>(pointer, typeDefinitionsCount); var pointers = il2Cpp.ReadClassArray<ulong>(pointer, typeDefinitionsCount);
if (il2Cpp is ElfBase) bool flag;
if (pointerInExec)
{ {
if (CheckPointerRangeExecVa(pointers)) flag = CheckPointerRangeExecVa(pointers);
{
return addr - il2Cpp.PointerSize * 10 - section.offset + section.address;
}
} }
else else
{ {
if (CheckPointerRangeDataVa(pointers)) flag = CheckPointerRangeDataVa(pointers);
}
if (flag)
{ {
return addr - il2Cpp.PointerSize * 10 - section.offset + section.address; return addr - il2Cpp.PointerSize * 10 - section.offset + section.address;
} }
} }
} }
}
catch catch
{ {
// ignored // ignored
@ -322,41 +348,43 @@ namespace Il2CppDumper
private static readonly byte[] featureBytes = { 0x6D, 0x73, 0x63, 0x6F, 0x72, 0x6C, 0x69, 0x62, 0x2E, 0x64, 0x6C, 0x6C, 0x00 }; //mscorlib.dll private static readonly byte[] featureBytes = { 0x6D, 0x73, 0x63, 0x6F, 0x72, 0x6C, 0x69, 0x62, 0x2E, 0x64, 0x6C, 0x6C, 0x00 }; //mscorlib.dll
private ulong FindCodeRegistration2019() private ulong FindCodeRegistrationData()
{ {
var secs = data; return FindCodeRegistration2019(data);
if (il2Cpp is ElfBase)
{
secs = exec;
} }
private ulong FindCodeRegistrationExec()
{
return FindCodeRegistration2019(exec);
}
private ulong FindCodeRegistration2019(List<SearchSection> secs)
{
foreach (var sec in secs) foreach (var sec in secs)
{ {
il2Cpp.Position = sec.offset; il2Cpp.Position = sec.offset;
var buff = il2Cpp.ReadBytes((int)(sec.offsetEnd - sec.offset)); var buff = il2Cpp.ReadBytes((int)(sec.offsetEnd - sec.offset));
foreach (var index in buff.Search(featureBytes)) foreach (var index in buff.Search(featureBytes))
{ {
var va = (ulong)index + sec.address; var dllva = (ulong)index + sec.address;
va = FindReference(va); foreach (var refva in FindReference(dllva))
if (va != 0ul)
{ {
va = FindReference(va); foreach (var refva2 in FindReference(refva))
if (va != 0ul)
{ {
if (il2Cpp.Version >= 27) if (il2Cpp.Version >= 27)
{ {
for (int i = imageCount - 1; i >= 0; i--) for (int i = imageCount - 1; i >= 0; i--)
{ {
var va2 = FindReference(va - (ulong)i * il2Cpp.PointerSize); foreach (var refva3 in FindReference(refva2 - (ulong)i * il2Cpp.PointerSize))
if (va2 != 0ul)
{ {
il2Cpp.Position = il2Cpp.MapVATR(va2 - il2Cpp.PointerSize); il2Cpp.Position = il2Cpp.MapVATR(refva3 - il2Cpp.PointerSize);
if (il2Cpp.ReadIntPtr() == imageCount) if (il2Cpp.ReadIntPtr() == imageCount)
{ {
if (il2Cpp.Version >= 29) if (il2Cpp.Version >= 29)
{ {
return va2 - il2Cpp.PointerSize * 14; return refva3 - il2Cpp.PointerSize * 14;
} }
return va2 - il2Cpp.PointerSize * 13; return refva3 - il2Cpp.PointerSize * 13;
} }
} }
} }
@ -365,10 +393,9 @@ namespace Il2CppDumper
{ {
for (int i = 0; i < imageCount; i++) for (int i = 0; i < imageCount; i++)
{ {
var va2 = FindReference(va - (ulong)i * il2Cpp.PointerSize); foreach (var refva3 in FindReference(refva2 - (ulong)i * il2Cpp.PointerSize))
if (va2 != 0ul)
{ {
return va2 - il2Cpp.PointerSize * 13; return refva3 - il2Cpp.PointerSize * 13;
} }
} }
} }
@ -379,22 +406,22 @@ namespace Il2CppDumper
return 0ul; return 0ul;
} }
private ulong FindReference(ulong addr) private IEnumerable<ulong> FindReference(ulong addr)
{ {
foreach (var dataSec in data) foreach (var dataSec in data)
{ {
il2Cpp.Position = dataSec.offset; var position = dataSec.offset;
var end = Math.Min(dataSec.offsetEnd, il2Cpp.Length) - il2Cpp.PointerSize; var end = Math.Min(dataSec.offsetEnd, il2Cpp.Length) - il2Cpp.PointerSize;
while (il2Cpp.Position < end) while (position < end)
{ {
var offset = il2Cpp.Position; il2Cpp.Position = position;
if (il2Cpp.ReadUIntPtr() == addr) if (il2Cpp.ReadUIntPtr() == addr)
{ {
return offset - dataSec.offset + dataSec.address; yield return position - dataSec.offset + dataSec.address;
}
position += il2Cpp.PointerSize;
} }
} }
} }
return 0ul;
}
} }
} }