public void GetDumpAddress()
{
FormGUI.Log("Detected this may be a dump file.");
FormDump form = new FormDump();
form.Message = 0;
if (form.ShowDialog() == DialogResult.OK)
{
DumpAddr = Convert.ToUInt64(form.ReturnedText, 16);
FormGUI.Log("Inputted address: " + DumpAddr.ToString("X"));
}
if (DumpAddr != 0)
{
IsDumped = true;
}
}
public Elf(Stream stream) : base(stream)
{
Is32Bit = true;
elfHeader = ReadClass <Elf32_Ehdr>();
programSegment = ReadClassArray <Elf32_Phdr>(elfHeader.e_phoff, elfHeader.e_phnum);
if (!CheckSection())
{
FormGUI.WriteLine("Detected this may be a dump file.");
FormDump form = new FormDump();
form.Message = 0;
if (form.ShowDialog() == DialogResult.OK)
{
dumpAddr = Convert.ToUInt32(form.ReturnedText, 16);
FormGUI.WriteLine("Inputted address: " + dumpAddr.ToString("X"));
}
if (dumpAddr != 0)
{
isDumped = true;
}
}
if (isDumped)
{
FixedProgramSegment();
}
pt_dynamic = programSegment.First(x => x.p_type == PT_DYNAMIC);
dynamicSection = ReadClassArray <Elf32_Dyn>(pt_dynamic.p_offset, pt_dynamic.p_filesz / 8u);
if (isDumped)
{
FixedDynamicSection();
}
ReadSymbol();
if (!isDumped)
{
RelocationProcessing();
if (CheckProtection())
{
FormGUI.WriteLine("ERROR: This file may be protected.");
}
}
}
private bool Init(string il2cppPath, string metadataPath, out Metadata metadata, out Il2Cpp il2Cpp)
{
string Mach_O = "2";
Invoke(new Action(delegate()
{
if (!use64bitMach_O)
{
Mach_O = "1";
}
}));
this.Log("Read config...");
if (File.Exists(realPath + "config.json"))
{
config = JsonConvert.DeserializeObject <Config>(File.ReadAllText(Application.StartupPath + Path.DirectorySeparatorChar + @"config.json"));
}
else
{
config = new Config();
Log("config.json file does not exist. Using defaults", Color.Yellow);
}
this.Log("Initializing metadata...");
var metadataBytes = File.ReadAllBytes(metadataPath);
metadata = new Metadata(new MemoryStream(metadataBytes));
this.Log($"Metadata Version: {metadata.Version}");
this.Log("Initializing il2cpp file...");
var il2cppBytes = File.ReadAllBytes(il2cppPath);
var il2cppMagic = BitConverter.ToUInt32(il2cppBytes, 0);
var il2CppMemory = new MemoryStream(il2cppBytes);
switch (il2cppMagic)
{
default:
throw new NotSupportedException("ERROR: il2cpp file not supported.");
case 0x6D736100:
var web = new WebAssembly(il2CppMemory);
il2Cpp = web.CreateMemory();
break;
case 0x304F534E:
var nso = new NSO(il2CppMemory);
il2Cpp = nso.UnCompress();
break;
case 0x905A4D: //PE
il2Cpp = new PE(il2CppMemory);
break;
case 0x464c457f: //ELF
if (il2cppBytes[4] == 2) //ELF64
{
il2Cpp = new Elf64(il2CppMemory);
}
else
{
il2Cpp = new Elf(il2CppMemory);
}
break;
case 0xCAFEBABE: //FAT Mach-O
case 0xBEBAFECA:
var machofat = new MachoFat(new MemoryStream(il2cppBytes));
for (var i = 0; i < machofat.fats.Length; i++)
{
var fat = machofat.fats[i];
//Console.Write(fat.magic == 0xFEEDFACF ? $"{i + 1}.64bit " : $"{i + 1}.32bit ");
}
var index = int.Parse(Mach_O) - 1;
var magic = machofat.fats[index % 2].magic;
il2cppBytes = machofat.GetMacho(index % 2);
il2CppMemory = new MemoryStream(il2cppBytes);
if (magic == 0xFEEDFACF)
{
goto case 0xFEEDFACF;
}
else
{
goto case 0xFEEDFACE;
}
case 0xFEEDFACF: // 64bit Mach-O
il2Cpp = new Macho64(il2CppMemory);
break;
case 0xFEEDFACE: // 32bit Mach-O
il2Cpp = new Macho(il2CppMemory);
break;
}
var version = config.ForceIl2CppVersion ? config.ForceVersion : metadata.Version;
il2Cpp.SetProperties(version, metadata.maxMetadataUsages);
this.Log($"Il2Cpp Version: {il2Cpp.Version}");
if (il2Cpp.Version >= 27 && il2Cpp is ElfBase elf && elf.IsDumped)
{
FormDump form = new FormDump();
form.dumpNoteLbl.Text = "Input global-metadata.dat dump address:";
form.Message = 0;
if (form.ShowDialog() == DialogResult.OK)
{
metadata.Address = Convert.ToUInt64(form.ReturnedText, 16);
this.Log("Inputted address: " + metadata.Address.ToString("X"));
}
}
this.Log("Searching...");
try
{
var flag = il2Cpp.PlusSearch(metadata.methodDefs.Count(x => x.methodIndex >= 0), metadata.typeDefs.Length, metadata.imageDefs.Length);
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
{
if (!flag && il2Cpp is PE)
{
this.Log("Use custom PE loader");
il2Cpp = PELoader.Load(il2cppPath);
il2Cpp.SetProperties(version, metadata.maxMetadataUsages);
flag = il2Cpp.PlusSearch(metadata.methodDefs.Count(x => x.methodIndex >= 0), metadata.typeDefs.Length, metadata.imageDefs.Length);
}
}
if (!flag)
{
flag = il2Cpp.Search();
}
if (!flag)
{
flag = il2Cpp.SymbolSearch();
}
if (!flag)
{
Log("ERROR: Can't use auto mode to process file, input offset pointers to try manual mode.", Color.Yellow);
var codeRegistration = Convert.ToUInt64(CodeRegistrationTxtBox.Text, 16);
var metadataRegistration = Convert.ToUInt64(metadataRegistrationTxtBox.Text, 16);
il2Cpp.Init(codeRegistration, metadataRegistration);
return(true);
}
}
catch (Exception ex)
{
Log("An error occurred while processing.", Color.Orange);
Log(ex.ToString(), Color.Orange);
return(false);
}
return(true);
}