From ff55f2bff386121d9a735caa289f3ec97b5e7fd1 Mon Sep 17 00:00:00 2001 From: Perfare Date: Mon, 15 Jul 2019 10:44:22 +0800 Subject: [PATCH] =?UTF-8?q?Elf64=20dump=E6=A8=A1=E5=BC=8F=20=E4=BC=98?= =?UTF-8?q?=E5=8C=96dump=20so=E7=9A=84=E5=A4=84=E7=90=86=E6=96=B9=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Il2CppDumper/Elf.cs | 40 +++++++++++--------------------------- Il2CppDumper/Elf64.cs | 29 +++++++++++++++++++++++---- Il2CppDumper/PlusSearch.cs | 17 ---------------- 3 files changed, 36 insertions(+), 50 deletions(-) diff --git a/Il2CppDumper/Elf.cs b/Il2CppDumper/Elf.cs index 2a71a90..ffcb736 100644 --- a/Il2CppDumper/Elf.cs +++ b/Il2CppDumper/Elf.cs @@ -13,8 +13,7 @@ namespace Il2CppDumper private Elf32_Dyn[] dynamic_table; private Elf32_Sym[] dynamic_symbol_table; private Dictionary sectionWithName = new Dictionary(); - private bool isDump; - private uint dumpAddr; + private bool isDumped; //默认编译器 /* @@ -64,19 +63,22 @@ namespace Il2CppDumper if (!GetSectionWithName()) { Console.WriteLine("Detected this may be a dump file. If not, it must be protected."); - isDump = true; + isDumped = true; Console.WriteLine("Input dump address:"); - dumpAddr = Convert.ToUInt32(Console.ReadLine(), 16); + var dumpAddr = Convert.ToUInt32(Console.ReadLine(), 16); foreach (var phdr in program_table) { phdr.p_offset = phdr.p_vaddr; phdr.p_filesz = phdr.p_memsz; + phdr.p_vaddr += dumpAddr; } - Console.WriteLine("Note that in this state, the Offset of the output is actually RVA."); } var pt_dynamic = program_table.First(x => x.p_type == 2u); dynamic_table = ReadClassArray(pt_dynamic.p_offset, pt_dynamic.p_filesz / 8u); - RelocationProcessing(); + if (!isDumped) + { + RelocationProcessing(); + } } private bool GetSectionWithName() @@ -101,11 +103,6 @@ namespace Il2CppDumper public override dynamic MapVATR(dynamic uiAddr) { - if (isDump && uiAddr > dumpAddr) - { - uiAddr -= dumpAddr; - return uiAddr; - } var program_header_table = program_table.First(x => uiAddr >= x.p_vaddr && uiAddr <= (x.p_vaddr + x.p_memsz)); return uiAddr - (program_header_table.p_vaddr - program_header_table.p_offset); } @@ -167,7 +164,7 @@ namespace Il2CppDumper public override bool PlusSearch(int methodCount, int typeDefinitionsCount) { - if (!isDump && (!sectionWithName.ContainsKey(".data.rel.ro") || !sectionWithName.ContainsKey(".text") || !sectionWithName.ContainsKey(".bss"))) + if (!isDumped && (!sectionWithName.ContainsKey(".data.rel.ro") || !sectionWithName.ContainsKey(".text") || !sectionWithName.ContainsKey(".bss"))) { Console.WriteLine("ERROR: This file has been protected."); } @@ -198,24 +195,9 @@ namespace Il2CppDumper var exec = execList.ToArray(); plusSearch.SetSearch(data); plusSearch.SetPointerRangeFirst(data); - if (isDump) - { - plusSearch.SetPointerRangeSecond(dumpAddr, exec); - } - else - { - plusSearch.SetPointerRangeSecond(exec); - } + plusSearch.SetPointerRangeSecond(exec); var codeRegistration = plusSearch.FindCodeRegistration(); - if (isDump) - { - plusSearch.SetPointerRangeSecond(dumpAddr, data); - } - else - { - plusSearch.SetPointerRangeSecond(data); - } - + plusSearch.SetPointerRangeSecond(data); var metadataRegistration = plusSearch.FindMetadataRegistration(); return AutoInit(codeRegistration, metadataRegistration); } diff --git a/Il2CppDumper/Elf64.cs b/Il2CppDumper/Elf64.cs index 48bc8b5..b350728 100644 --- a/Il2CppDumper/Elf64.cs +++ b/Il2CppDumper/Elf64.cs @@ -13,6 +13,7 @@ namespace Il2CppDumper private Elf64_Dyn[] dynamic_table; private Elf64_Sym[] dynamic_symbol_table; private Dictionary sectionWithName = new Dictionary(); + private bool isDumped; public Elf64(Stream stream, float version, long maxMetadataUsages) : base(stream, version, maxMetadataUsages) { @@ -38,13 +39,28 @@ namespace Il2CppDumper elf_header.e_shnum = ReadUInt16(); elf_header.e_shtrndx = ReadUInt16(); program_table = ReadClassArray(elf_header.e_phoff, elf_header.e_phnum); - GetSectionWithName(); + if (!GetSectionWithName()) + { + Console.WriteLine("Detected this may be a dump file. If not, it must be protected."); + isDumped = true; + Console.WriteLine("Input dump address:"); + var dumpAddr = Convert.ToUInt64(Console.ReadLine(), 16); + foreach (var phdr in program_table) + { + phdr.p_offset = phdr.p_vaddr; + phdr.p_filesz = phdr.p_memsz; + phdr.p_vaddr += dumpAddr; + } + } var pt_dynamic = program_table.First(x => x.p_type == 2u); dynamic_table = ReadClassArray(pt_dynamic.p_offset, (long)pt_dynamic.p_filesz / 16L); - RelocationProcessing(); + if (!isDumped) + { + RelocationProcessing(); + } } - private void GetSectionWithName() + private bool GetSectionWithName() { try { @@ -59,8 +75,9 @@ namespace Il2CppDumper } catch { - Console.WriteLine("WARNING: Unable to get section."); + return false; } + return true; } public override dynamic MapVATR(dynamic uiAddr) @@ -76,6 +93,10 @@ namespace Il2CppDumper public override bool PlusSearch(int methodCount, int typeDefinitionsCount) { + if (!isDumped && (!sectionWithName.ContainsKey(".data.rel.ro") || !sectionWithName.ContainsKey(".text") || !sectionWithName.ContainsKey(".bss"))) + { + Console.WriteLine("ERROR: This file has been protected."); + } var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages); var dataList = new List(); var execList = new List(); diff --git a/Il2CppDumper/PlusSearch.cs b/Il2CppDumper/PlusSearch.cs index 668960b..780d1de 100644 --- a/Il2CppDumper/PlusSearch.cs +++ b/Il2CppDumper/PlusSearch.cs @@ -271,23 +271,6 @@ namespace Il2CppDumper } } - public void SetPointerRangeSecond(uint dumpAddr, params Elf32_Phdr[] sections) - { - pointerRange2.Clear(); - foreach (var section in sections) - { - if (section != null) - { - pointerRange2.Add(new Section - { - start = section.p_vaddr + dumpAddr, - end = section.p_vaddr + dumpAddr + section.p_memsz, - address = section.p_vaddr - }); - } - } - } - public void SetPointerRangeSecond(params Elf64_Phdr[] sections) { pointerRange2.Clear();