private void CreateCustomAttribute(Il2CppImageDefinition imageDef, int customAttributeIndex, uint token, ModuleDefinition moduleDefinition, Collection <CustomAttribute> customAttributes)
{
if (il2cpp.version > 20)
{
var attributeIndex = metadata.GetCustomAttributeIndex(imageDef, customAttributeIndex, token);
if (attributeIndex >= 0)
{
var attributeTypeRange = metadata.attributeTypeRanges[attributeIndex];
for (int j = 0; j < attributeTypeRange.count; j++)
{
var attributeTypeIndex = metadata.attributeTypes[attributeTypeRange.start + j];
var attributeType = il2cpp.types[attributeTypeIndex];
var attributeName = GetTypeName(attributeType);
if (attributeName == "CompilerGeneratedAttribute" ||
attributeName == "DebuggerBrowsableAttribute" ||
attributeName == "SerializeField")
{
continue;
}
var methodPointer = il2cpp.customAttributeGenerators[attributeIndex];
var fixedMethodPointer = il2cpp.FixPointer(methodPointer);
var customAttribute = new CustomAttribute(moduleDefinition.ImportReference(attributeAttribute));
var name = new CustomAttributeNamedArgument("Name", new CustomAttributeArgument(stringType, attributeName));
var rva = new CustomAttributeNamedArgument("RVA", new CustomAttributeArgument(stringType, $"0x{fixedMethodPointer:X}"));
var offset = new CustomAttributeNamedArgument("Offset", new CustomAttributeArgument(stringType, $"0x{il2cpp.MapVATR(methodPointer):X}"));
customAttribute.Fields.Add(name);
customAttribute.Fields.Add(rva);
customAttribute.Fields.Add(offset);
customAttributes.Add(customAttribute);
}
}
}
}
private void CreateCustomAttribute(Il2CppImageDefinition imageDef, int customAttributeIndex, uint token, ModuleDefinition moduleDefinition, Collection <CustomAttribute> customAttributes)
{
var attributeIndex = metadata.GetCustomAttributeIndex(imageDef, customAttributeIndex, token);
if (attributeIndex >= 0)
{
var attributeTypeRange = metadata.attributeTypeRanges[attributeIndex];
for (int i = 0; i < attributeTypeRange.count; i++)
{
var attributeTypeIndex = metadata.attributeTypes[attributeTypeRange.start + i];
var attributeType = il2Cpp.types[attributeTypeIndex];
var typeDefinition = typeDefinitionDic[attributeType.data.klassIndex];
if (knownAttributes.TryGetValue(typeDefinition.FullName, out var methodDefinition))
{
var customAttribute = new CustomAttribute(moduleDefinition.ImportReference(methodDefinition));
customAttributes.Add(customAttribute);
}
else
{
var methodPointer = il2Cpp.customAttributeGenerators[attributeIndex];
var fixedMethodPointer = il2Cpp.FixPointer(methodPointer);
var customAttribute = new CustomAttribute(moduleDefinition.ImportReference(attributeAttribute));
var name = new CustomAttributeNamedArgument("Name", new CustomAttributeArgument(stringType, typeDefinition.Name));
var rva = new CustomAttributeNamedArgument("RVA", new CustomAttributeArgument(stringType, $"0x{fixedMethodPointer:X}"));
var offset = new CustomAttributeNamedArgument("Offset", new CustomAttributeArgument(stringType, $"0x{il2Cpp.MapVATR(methodPointer):X}"));
customAttribute.Fields.Add(name);
customAttribute.Fields.Add(rva);
customAttribute.Fields.Add(offset);
customAttributes.Add(customAttribute);
}
}
}
}
public void WriteScript(Config config)
{
var writer = new StreamWriter(new FileStream("ida.py", FileMode.Create), new UTF8Encoding(false));
writer.WriteLine("# -*- coding: utf-8 -*-");
writer.WriteLine("import idaapi");
writer.WriteLine();
writer.WriteLine("def SetString(addr, comm):");
writer.WriteLine("\tglobal index");
writer.WriteLine("\tname = \"StringLiteral_\" + str(index)");
writer.WriteLine("\tret = idc.set_name(addr, name, SN_NOWARN)");
writer.WriteLine("\tidc.set_cmt(addr, comm, 1)");
writer.WriteLine("\tindex += 1");
writer.WriteLine();
writer.WriteLine("def SetName(addr, name):");
writer.WriteLine("\tret = idc.set_name(addr, name, SN_NOWARN | SN_NOCHECK)");
writer.WriteLine("\tif ret == 0:");
writer.WriteLine("\t\tnew_name = name + '_' + str(addr)");
writer.WriteLine("\t\tret = idc.set_name(addr, new_name, SN_NOWARN | SN_NOCHECK)");
writer.WriteLine();
writer.WriteLine("def MakeFunction(start, end):");
writer.WriteLine("\tnext_func = idc.get_next_func(start)");
writer.WriteLine("\tif next_func < end:");
writer.WriteLine("\t\tend = next_func");
writer.WriteLine("\tif idc.get_func_attr(start, FUNCATTR_START) == start:");
writer.WriteLine("\t\tida_funcs.del_func(start)");
writer.WriteLine("\tida_funcs.add_func(start, end)");
writer.WriteLine();
writer.WriteLine("index = 1");
writer.WriteLine("print('Making method name...')");
for (var imageIndex = 0; imageIndex < metadata.imageDefs.Length; imageIndex++)
{
var imageDef = metadata.imageDefs[imageIndex];
var typeEnd = imageDef.typeStart + imageDef.typeCount;
for (int typeIndex = imageDef.typeStart; typeIndex < typeEnd; typeIndex++)
{
var typeDef = metadata.typeDefs[typeIndex];
var typeName = GetTypeDefName(typeDef);
typeDefImageIndices.Add(typeDef, imageIndex);
var methodEnd = typeDef.methodStart + typeDef.method_count;
for (var i = typeDef.methodStart; i < methodEnd; ++i)
{
var methodDef = metadata.methodDefs[i];
var methodName = metadata.GetStringFromIndex(methodDef.nameIndex);
var methodPointer = il2Cpp.GetMethodPointer(methodDef.methodIndex, i, imageIndex, methodDef.token);
if (methodPointer > 0)
{
var fixedMethodPointer = il2Cpp.FixPointer(methodPointer);
if (il2Cpp is PE)
{
writer.WriteLine($"SetName(0x{methodPointer:X}, '{typeName + "$$" + methodName}')");
}
else
{
writer.WriteLine($"SetName(0x{fixedMethodPointer:X}, '{typeName + "$$" + methodName}')");
}
}
}
}
}
writer.WriteLine("print('Make method name done')");
if (il2Cpp.version > 16)
{
writer.WriteLine("print('Setting MetadataUsage...')");
foreach (var i in metadata.metadataUsageDic[1]) //kIl2CppMetadataUsageTypeInfo
{
var type = il2Cpp.types[i.Value];
var typeName = GetTypeName(type, true);
writer.WriteLine($"SetName(0x{il2Cpp.metadataUsages[i.Key]:X}, '{"Class$" + typeName}')");
writer.WriteLine($"idc.set_cmt(0x{il2Cpp.metadataUsages[i.Key]:X}, r'{typeName}', 1)");
}
foreach (var i in metadata.metadataUsageDic[2]) //kIl2CppMetadataUsageIl2CppType
{
var type = il2Cpp.types[i.Value];
var typeName = GetTypeName(type, true);
writer.WriteLine($"SetName(0x{il2Cpp.metadataUsages[i.Key]:X}, '{"Class$" + typeName}')");
writer.WriteLine($"idc.set_cmt(0x{il2Cpp.metadataUsages[i.Key]:X}, r'{typeName}', 1)");
}
foreach (var i in metadata.metadataUsageDic[3]) //kIl2CppMetadataUsageMethodDef
{
var methodDef = metadata.methodDefs[i.Value];
var typeDef = metadata.typeDefs[methodDef.declaringType];
var typeName = GetTypeDefName(typeDef);
var methodName = typeName + "." + metadata.GetStringFromIndex(methodDef.nameIndex) + "()";
writer.WriteLine($"SetName(0x{il2Cpp.metadataUsages[i.Key]:X}, '{"Method$" + methodName}')");
writer.WriteLine($"idc.set_cmt(0x{il2Cpp.metadataUsages[i.Key]:X}, '{"Method$" + methodName}', 1)");
var imageIndex = typeDefImageIndices[typeDef];
var methodPointer = il2Cpp.GetMethodPointer(methodDef.methodIndex, (int)i.Value, imageIndex, methodDef.token);
writer.WriteLine($"idc.set_cmt(0x{il2Cpp.metadataUsages[i.Key]:X}, '0x{methodPointer:X}', 0)");
}
foreach (var i in metadata.metadataUsageDic[4]) //kIl2CppMetadataUsageFieldInfo
{
var fieldRef = metadata.fieldRefs[i.Value];
var type = il2Cpp.types[fieldRef.typeIndex];
var typeDef = metadata.typeDefs[type.data.klassIndex];
var fieldDef = metadata.fieldDefs[typeDef.fieldStart + fieldRef.fieldIndex];
var fieldName = GetTypeName(type, true) + "." + metadata.GetStringFromIndex(fieldDef.nameIndex);
writer.WriteLine($"SetName(0x{il2Cpp.metadataUsages[i.Key]:X}, '{"Field$" + fieldName}')");
writer.WriteLine($"idc.set_cmt(0x{il2Cpp.metadataUsages[i.Key]:X}, r'{fieldName}', 1)");
}
var stringLiterals = metadata.metadataUsageDic[5].Select(x => new //kIl2CppMetadataUsageStringLiteral
{
value = metadata.GetStringLiteralFromIndex(x.Value),
address = $"0x{il2Cpp.metadataUsages[x.Key]:X}"
}).ToArray();
File.WriteAllText("stringliteral.json", JsonConvert.SerializeObject(stringLiterals, Formatting.Indented), new UTF8Encoding(false)); //TODO
foreach (var stringLiteral in stringLiterals)
{
writer.WriteLine($"SetString({stringLiteral.address}, r'{stringLiteral.value.ToEscapedString()}')");
}
foreach (var i in metadata.metadataUsageDic[6]) //kIl2CppMetadataUsageMethodRef
{
var methodSpec = il2Cpp.methodSpecs[i.Value];
var methodDef = metadata.methodDefs[methodSpec.methodDefinitionIndex];
var typeDef = metadata.typeDefs[methodDef.declaringType];
var typeName = GetTypeDefName(typeDef, false);
if (methodSpec.classIndexIndex != -1)
{
var classInst = il2Cpp.genericInsts[methodSpec.classIndexIndex];
typeName += GetGenericTypeParams(classInst);
}
var methodName = typeName + "." + metadata.GetStringFromIndex(methodDef.nameIndex);
if (methodSpec.methodIndexIndex != -1)
{
var methodInst = il2Cpp.genericInsts[methodSpec.methodIndexIndex];
methodName += GetGenericTypeParams(methodInst);
}
methodName += "()";
writer.WriteLine($"SetName(0x{il2Cpp.metadataUsages[i.Key]:X}, '{"Method$" + methodName}')");
writer.WriteLine($"idc.set_cmt(0x{il2Cpp.metadataUsages[i.Key]:X}, '{"Method$" + methodName}', 1)");
var imageIndex = typeDefImageIndices[typeDef];
var methodPointer = il2Cpp.GetMethodPointer(methodDef.methodIndex, methodSpec.methodDefinitionIndex, imageIndex, methodDef.token);
writer.WriteLine($"idc.set_cmt(0x{il2Cpp.metadataUsages[i.Key]:X}, '0x{methodPointer:X}', 0)");
}
writer.WriteLine("print('Set MetadataUsage done')");
}
if (config.MakeFunction)
{
List <ulong> orderedPointers;
if (il2Cpp.version >= 24.2f)
{
orderedPointers = new List <ulong>();
foreach (var methodPointers in il2Cpp.codeGenModuleMethodPointers)
{
orderedPointers.AddRange(methodPointers);
}
}
else
{
orderedPointers = il2Cpp.methodPointers.ToList();
}
orderedPointers.AddRange(il2Cpp.genericMethodPointers);
orderedPointers.AddRange(il2Cpp.invokerPointers);
orderedPointers.AddRange(il2Cpp.customAttributeGenerators);
if (il2Cpp.version >= 22)
{
orderedPointers.AddRange(il2Cpp.reversePInvokeWrappers);
orderedPointers.AddRange(il2Cpp.unresolvedVirtualCallPointers);
}
//TODO interopData内也包含函数
orderedPointers = orderedPointers.Distinct().OrderBy(x => x).ToList();
orderedPointers.Remove(0);
writer.WriteLine("print('Making function...')");
for (int i = 0; i < orderedPointers.Count - 1; i++)
{
writer.WriteLine($"MakeFunction(0x{orderedPointers[i]:X}, 0x{orderedPointers[i + 1]:X})");
}
writer.WriteLine("print('Make function done, please wait for IDA to complete the analysis')");
}
writer.WriteLine("print('Script finished!')");
writer.Close();
}
public void Decompile(Config config)
{
//dump image
for (var imageIndex = 0; imageIndex < metadata.imageDefs.Length; imageIndex++)
{
var imageDef = metadata.imageDefs[imageIndex];
writer.Write($"// Image {imageIndex}: {metadata.GetStringFromIndex(imageDef.nameIndex)} - {imageDef.typeStart}\n");
}
//dump type
for (var imageIndex = 0; imageIndex < metadata.imageDefs.Length; imageIndex++)
{
try
{
var imageDef = metadata.imageDefs[imageIndex];
var typeEnd = imageDef.typeStart + imageDef.typeCount;
for (int idx = imageDef.typeStart; idx < typeEnd; idx++)
{
var typeDef = metadata.typeDefs[idx];
var isStruct = false;
var isEnum = false;
var extends = new List <string>();
if (typeDef.parentIndex >= 0)
{
var parent = il2Cpp.types[typeDef.parentIndex];
var parentName = GetTypeName(parent);
if (parentName == "ValueType")
{
isStruct = true;
}
else if (parentName == "Enum")
{
isEnum = true;
}
else if (parentName != "object")
{
extends.Add(parentName);
}
}
if (typeDef.interfaces_count > 0)
{
for (int i = 0; i < typeDef.interfaces_count; i++)
{
var @interface = il2Cpp.types[metadata.interfaceIndices[typeDef.interfacesStart + i]];
extends.Add(GetTypeName(@interface));
}
}
writer.Write($"\n// Namespace: {metadata.GetStringFromIndex(typeDef.namespaceIndex)}\n");
if (config.DumpAttribute)
{
writer.Write(GetCustomAttribute(imageDef, typeDef.customAttributeIndex, typeDef.token));
}
if (config.DumpAttribute && (typeDef.flags & TYPE_ATTRIBUTE_SERIALIZABLE) != 0)
{
writer.Write("[Serializable]\n");
}
var visibility = typeDef.flags & TYPE_ATTRIBUTE_VISIBILITY_MASK;
switch (visibility)
{
case TYPE_ATTRIBUTE_PUBLIC:
case TYPE_ATTRIBUTE_NESTED_PUBLIC:
writer.Write("public ");
break;
case TYPE_ATTRIBUTE_NOT_PUBLIC:
case TYPE_ATTRIBUTE_NESTED_FAM_AND_ASSEM:
case TYPE_ATTRIBUTE_NESTED_ASSEMBLY:
writer.Write("internal ");
break;
case TYPE_ATTRIBUTE_NESTED_PRIVATE:
writer.Write("private ");
break;
case TYPE_ATTRIBUTE_NESTED_FAMILY:
writer.Write("protected ");
break;
case TYPE_ATTRIBUTE_NESTED_FAM_OR_ASSEM:
writer.Write("protected internal ");
break;
}
if ((typeDef.flags & TYPE_ATTRIBUTE_ABSTRACT) != 0 && (typeDef.flags & TYPE_ATTRIBUTE_SEALED) != 0)
{
writer.Write("static ");
}
else if ((typeDef.flags & TYPE_ATTRIBUTE_INTERFACE) == 0 && (typeDef.flags & TYPE_ATTRIBUTE_ABSTRACT) != 0)
{
writer.Write("abstract ");
}
else if (!isStruct && !isEnum && (typeDef.flags & TYPE_ATTRIBUTE_SEALED) != 0)
{
writer.Write("sealed ");
}
if ((typeDef.flags & TYPE_ATTRIBUTE_INTERFACE) != 0)
{
writer.Write("interface ");
}
else if (isStruct)
{
writer.Write("struct ");
}
else if (isEnum)
{
writer.Write("enum ");
}
else
{
writer.Write("class ");
}
var typeName = GetTypeDefName(typeDef);
writer.Write($"{typeName}");
if (extends.Count > 0)
{
writer.Write($" : {string.Join(", ", extends)}");
}
if (config.DumpTypeDefIndex)
{
writer.Write($" // TypeDefIndex: {idx}\n{{");
}
else
{
writer.Write("\n{");
}
//dump field
if (config.DumpField && typeDef.field_count > 0)
{
writer.Write("\n\t// Fields\n");
var fieldEnd = typeDef.fieldStart + typeDef.field_count;
for (var i = typeDef.fieldStart; i < fieldEnd; ++i)
{
var fieldDef = metadata.fieldDefs[i];
var fieldType = il2Cpp.types[fieldDef.typeIndex];
var fieldDefaultValue = metadata.GetFieldDefaultValueFromIndex(i);
if (config.DumpAttribute)
{
writer.Write(GetCustomAttribute(imageDef, fieldDef.customAttributeIndex, fieldDef.token, "\t"));
}
writer.Write("\t");
var access = fieldType.attrs & FIELD_ATTRIBUTE_FIELD_ACCESS_MASK;
switch (access)
{
case FIELD_ATTRIBUTE_PRIVATE:
writer.Write("private ");
break;
case FIELD_ATTRIBUTE_PUBLIC:
writer.Write("public ");
break;
case FIELD_ATTRIBUTE_FAMILY:
writer.Write("protected ");
break;
case FIELD_ATTRIBUTE_ASSEMBLY:
case FIELD_ATTRIBUTE_FAM_AND_ASSEM:
writer.Write("internal ");
break;
case FIELD_ATTRIBUTE_FAM_OR_ASSEM:
writer.Write("protected internal ");
break;
}
if ((fieldType.attrs & FIELD_ATTRIBUTE_LITERAL) != 0)
{
writer.Write("const ");
}
else
{
if ((fieldType.attrs & FIELD_ATTRIBUTE_STATIC) != 0)
{
writer.Write("static ");
}
if ((fieldType.attrs & FIELD_ATTRIBUTE_INIT_ONLY) != 0)
{
writer.Write("readonly ");
}
}
writer.Write($"{GetTypeName(fieldType)} {metadata.GetStringFromIndex(fieldDef.nameIndex)}");
if (fieldDefaultValue != null && fieldDefaultValue.dataIndex != -1)
{
if (TryGetDefaultValue(fieldDefaultValue.typeIndex, fieldDefaultValue.dataIndex, out var value))
{
writer.Write($" = ");
if (value is string str)
{
writer.Write($"\"{str.ToEscapedString()}\"");
}
else if (value is char c)
{
var v = (int)c;
writer.Write($"'\\x{v:x}'");
}
else if (value != null)
{
writer.Write($"{value}");
}
}
else
{
writer.Write($" /*Metadata offset 0x{value:X}*/");
}
}
if (config.DumpFieldOffset)
{
writer.Write("; // 0x{0:X}\n", il2Cpp.GetFieldOffsetFromIndex(idx, i - typeDef.fieldStart, i));
}
else
{
writer.Write(";\n");
}
}
}
//dump property
if (config.DumpProperty && typeDef.property_count > 0)
{
writer.Write("\n\t// Properties\n");
var propertyEnd = typeDef.propertyStart + typeDef.property_count;
for (var i = typeDef.propertyStart; i < propertyEnd; ++i)
{
var propertyDef = metadata.propertyDefs[i];
if (config.DumpAttribute)
{
writer.Write(GetCustomAttribute(imageDef, propertyDef.customAttributeIndex, propertyDef.token, "\t"));
}
writer.Write("\t");
if (propertyDef.get >= 0)
{
var methodDef = metadata.methodDefs[typeDef.methodStart + propertyDef.get];
writer.Write(GetModifiers(methodDef));
var propertyType = il2Cpp.types[methodDef.returnType];
writer.Write($"{GetTypeName(propertyType)} {metadata.GetStringFromIndex(propertyDef.nameIndex)} {{ ");
}
else if (propertyDef.set > 0)
{
var methodDef = metadata.methodDefs[typeDef.methodStart + propertyDef.set];
writer.Write(GetModifiers(methodDef));
var parameterDef = metadata.parameterDefs[methodDef.parameterStart];
var propertyType = il2Cpp.types[parameterDef.typeIndex];
writer.Write($"{GetTypeName(propertyType)} {metadata.GetStringFromIndex(propertyDef.nameIndex)} {{ ");
}
if (propertyDef.get >= 0)
{
writer.Write("get; ");
}
if (propertyDef.set >= 0)
{
writer.Write("set; ");
}
writer.Write("}");
writer.Write("\n");
}
}
//dump method
if (config.DumpMethod && typeDef.method_count > 0)
{
writer.Write("\n\t// Methods\n");
var methodEnd = typeDef.methodStart + typeDef.method_count;
for (var i = typeDef.methodStart; i < methodEnd; ++i)
{
var methodDef = metadata.methodDefs[i];
if (config.DumpAttribute)
{
writer.Write(GetCustomAttribute(imageDef, methodDef.customAttributeIndex, methodDef.token, "\t"));
}
writer.Write("\t");
writer.Write(GetModifiers(methodDef));
var methodReturnType = il2Cpp.types[methodDef.returnType];
var methodName = metadata.GetStringFromIndex(methodDef.nameIndex);
if (methodReturnType.byref == 1)
{
writer.Write("ref ");
}
writer.Write($"{GetTypeName(methodReturnType)} {methodName}(");
var parameterStrs = new List <string>();
for (var j = 0; j < methodDef.parameterCount; ++j)
{
var parameterStr = "";
var parameterDef = metadata.parameterDefs[methodDef.parameterStart + j];
var parameterName = metadata.GetStringFromIndex(parameterDef.nameIndex);
var parameterType = il2Cpp.types[parameterDef.typeIndex];
var parameterTypeName = GetTypeName(parameterType);
if (parameterType.byref == 1)
{
if ((parameterType.attrs & PARAM_ATTRIBUTE_OUT) != 0 && (parameterType.attrs & PARAM_ATTRIBUTE_IN) == 0)
{
parameterStr += "out ";
}
else if ((parameterType.attrs & PARAM_ATTRIBUTE_OUT) == 0 && (parameterType.attrs & PARAM_ATTRIBUTE_IN) != 0)
{
parameterStr += "in ";
}
else
{
parameterStr += "ref ";
}
}
else
{
if ((parameterType.attrs & PARAM_ATTRIBUTE_IN) != 0)
{
parameterStr += "[In] ";
}
if ((parameterType.attrs & PARAM_ATTRIBUTE_OUT) != 0)
{
parameterStr += "[Out] ";
}
}
parameterStr += $"{parameterTypeName} {parameterName}";
var parameterDefault = metadata.GetParameterDefaultValueFromIndex(methodDef.parameterStart + j);
if (parameterDefault != null && parameterDefault.dataIndex != -1)
{
if (TryGetDefaultValue(parameterDefault.typeIndex, parameterDefault.dataIndex, out var value))
{
parameterStr += " = ";
if (value is string str)
{
parameterStr += $"\"{str.ToEscapedString()}\"";
}
else if (value is char c)
{
var v = (int)c;
parameterStr += $"'\\x{v:x}'";
}
else if (value != null)
{
parameterStr += $"{value}";
}
}
else
{
parameterStr += $" /*Metadata offset 0x{value:X}*/";
}
}
parameterStrs.Add(parameterStr);
}
writer.Write(string.Join(", ", parameterStrs));
writer.Write(") { }");
if (config.DumpMethodOffset)
{
var methodPointer = il2Cpp.GetMethodPointer(methodDef.methodIndex, i, imageIndex, methodDef.token);
if (methodPointer > 0)
{
var fixedMethodPointer = il2Cpp.FixPointer(methodPointer);
writer.Write(" // RVA: 0x{0:X} Offset: 0x{1:X}\n", fixedMethodPointer, il2Cpp.MapVATR(methodPointer));
}
else
{
writer.Write(" // -1\n");
}
}
else
{
writer.Write("\n");
}
}
}
writer.Write("}\n");
}
}
catch (Exception e)
{
Console.WriteLine("ERROR: Some errors in dumping");
writer.Write("/*");
writer.Write(e);
writer.Write("*/\n}\n");
}
}
writer.Close();
}
private static void Dump()
{
var writer = new StreamWriter(new FileStream("dump.cs", FileMode.Create), new UTF8Encoding(false));
Console.WriteLine("Dumping...");
//Script
var scriptwriter = CreateScriptWriter();
//dump image
for (var imageIndex = 0; imageIndex < metadata.imageDefs.Length; imageIndex++)
{
var imageDef = metadata.imageDefs[imageIndex];
writer.Write($"// Image {imageIndex}: {metadata.GetStringFromIndex(imageDef.nameIndex)} - {imageDef.typeStart}\n");
}
//dump type
for (var imageIndex = 0; imageIndex < metadata.imageDefs.Length; imageIndex++)
{
try
{
var imageDef = metadata.imageDefs[imageIndex];
var typeEnd = imageDef.typeStart + imageDef.typeCount;
for (int idx = imageDef.typeStart; idx < typeEnd; idx++)
{
var typeDef = metadata.typeDefs[idx];
typeDefImageIndices.Add(typeDef, imageIndex);
var isStruct = false;
var isEnum = false;
var extends = new List <string>();
if (typeDef.parentIndex >= 0)
{
var parent = il2cpp.types[typeDef.parentIndex];
var parentName = GetTypeName(parent);
if (parentName == "ValueType")
{
isStruct = true;
}
else if (parentName == "Enum")
{
isEnum = true;
}
else if (parentName != "object")
{
extends.Add(parentName);
}
}
//implementedInterfaces
if (typeDef.interfaces_count > 0)
{
for (int i = 0; i < typeDef.interfaces_count; i++)
{
var @interface = il2cpp.types[metadata.interfaceIndices[typeDef.interfacesStart + i]];
extends.Add(GetTypeName(@interface));
}
}
writer.Write($"\n// Namespace: {metadata.GetStringFromIndex(typeDef.namespaceIndex)}\n");
writer.Write(GetCustomAttribute(imageDef, typeDef.customAttributeIndex, typeDef.token));
if (config.DumpAttribute && (typeDef.flags & TYPE_ATTRIBUTE_SERIALIZABLE) != 0)
{
writer.Write("[Serializable]\n");
}
var visibility = typeDef.flags & TYPE_ATTRIBUTE_VISIBILITY_MASK;
switch (visibility)
{
case TYPE_ATTRIBUTE_PUBLIC:
case TYPE_ATTRIBUTE_NESTED_PUBLIC:
writer.Write("public ");
break;
case TYPE_ATTRIBUTE_NOT_PUBLIC:
case TYPE_ATTRIBUTE_NESTED_FAM_AND_ASSEM:
case TYPE_ATTRIBUTE_NESTED_ASSEMBLY:
writer.Write("internal ");
break;
case TYPE_ATTRIBUTE_NESTED_PRIVATE:
writer.Write("private ");
break;
case TYPE_ATTRIBUTE_NESTED_FAMILY:
writer.Write("protected ");
break;
case TYPE_ATTRIBUTE_NESTED_FAM_OR_ASSEM:
writer.Write("protected internal ");
break;
}
if ((typeDef.flags & TYPE_ATTRIBUTE_ABSTRACT) != 0 && (typeDef.flags & TYPE_ATTRIBUTE_SEALED) != 0)
{
writer.Write("static ");
}
else if ((typeDef.flags & TYPE_ATTRIBUTE_INTERFACE) == 0 && (typeDef.flags & TYPE_ATTRIBUTE_ABSTRACT) != 0)
{
writer.Write("abstract ");
}
else if (!isStruct && !isEnum && (typeDef.flags & TYPE_ATTRIBUTE_SEALED) != 0)
{
writer.Write("sealed ");
}
if ((typeDef.flags & TYPE_ATTRIBUTE_INTERFACE) != 0)
{
writer.Write("interface ");
}
else if (isStruct)
{
writer.Write("struct ");
}
else if (isEnum)
{
writer.Write("enum ");
}
else
{
writer.Write("class ");
}
var typeName = GetTypeName(typeDef);
writer.Write($"{typeName}");
if (extends.Count > 0)
{
writer.Write($" : {string.Join(", ", extends)}");
}
if (config.DumpTypeDefIndex)
{
writer.Write($" // TypeDefIndex: {idx}\n{{");
}
else
{
writer.Write("\n{");
}
//dump field
if (config.DumpField && typeDef.field_count > 0)
{
writer.Write("\n\t// Fields\n");
var fieldEnd = typeDef.fieldStart + typeDef.field_count;
for (var i = typeDef.fieldStart; i < fieldEnd; ++i)
{
//dump_field(i, idx, i - typeDef.fieldStart);
var fieldDef = metadata.fieldDefs[i];
var fieldType = il2cpp.types[fieldDef.typeIndex];
var fieldDefaultValue = metadata.GetFieldDefaultValueFromIndex(i);
writer.Write(GetCustomAttribute(imageDef, fieldDef.customAttributeIndex, fieldDef.token, "\t"));
writer.Write("\t");
var access = fieldType.attrs & FIELD_ATTRIBUTE_FIELD_ACCESS_MASK;
switch (access)
{
case FIELD_ATTRIBUTE_PRIVATE:
writer.Write("private ");
break;
case FIELD_ATTRIBUTE_PUBLIC:
writer.Write("public ");
break;
case FIELD_ATTRIBUTE_FAMILY:
writer.Write("protected ");
break;
case FIELD_ATTRIBUTE_ASSEMBLY:
case FIELD_ATTRIBUTE_FAM_AND_ASSEM:
writer.Write("internal ");
break;
case FIELD_ATTRIBUTE_FAM_OR_ASSEM:
writer.Write("protected internal ");
break;
}
if ((fieldType.attrs & FIELD_ATTRIBUTE_LITERAL) != 0)
{
writer.Write("const ");
}
else
{
if ((fieldType.attrs & FIELD_ATTRIBUTE_STATIC) != 0)
{
writer.Write("static ");
}
if ((fieldType.attrs & FIELD_ATTRIBUTE_INIT_ONLY) != 0)
{
writer.Write("readonly ");
}
}
writer.Write($"{GetTypeName(fieldType)} {metadata.GetStringFromIndex(fieldDef.nameIndex)}");
if (fieldDefaultValue != null && fieldDefaultValue.dataIndex != -1)
{
var pointer = metadata.GetDefaultValueFromIndex(fieldDefaultValue.dataIndex);
if (pointer > 0)
{
var fieldDefaultValueType = il2cpp.types[fieldDefaultValue.typeIndex];
metadata.Position = pointer;
object val = null;
switch (fieldDefaultValueType.type)
{
case Il2CppTypeEnum.IL2CPP_TYPE_BOOLEAN:
val = metadata.ReadBoolean();
break;
case Il2CppTypeEnum.IL2CPP_TYPE_U1:
val = metadata.ReadByte();
break;
case Il2CppTypeEnum.IL2CPP_TYPE_I1:
val = metadata.ReadSByte();
break;
case Il2CppTypeEnum.IL2CPP_TYPE_CHAR:
val = BitConverter.ToChar(metadata.ReadBytes(2), 0);
break;
case Il2CppTypeEnum.IL2CPP_TYPE_U2:
val = metadata.ReadUInt16();
break;
case Il2CppTypeEnum.IL2CPP_TYPE_I2:
val = metadata.ReadInt16();
break;
case Il2CppTypeEnum.IL2CPP_TYPE_U4:
val = metadata.ReadUInt32();
break;
case Il2CppTypeEnum.IL2CPP_TYPE_I4:
val = metadata.ReadInt32();
break;
case Il2CppTypeEnum.IL2CPP_TYPE_U8:
val = metadata.ReadUInt64();
break;
case Il2CppTypeEnum.IL2CPP_TYPE_I8:
val = metadata.ReadInt64();
break;
case Il2CppTypeEnum.IL2CPP_TYPE_R4:
val = metadata.ReadSingle();
break;
case Il2CppTypeEnum.IL2CPP_TYPE_R8:
val = metadata.ReadDouble();
break;
case Il2CppTypeEnum.IL2CPP_TYPE_STRING:
var len = metadata.ReadInt32();
val = Encoding.UTF8.GetString(metadata.ReadBytes(len));
break;
//case Il2CppTypeEnum.IL2CPP_TYPE_VALUETYPE:
default:
writer.Write($" /*Default value offset 0x{pointer:X}*/");
break;
}
if (val is string str)
{
writer.Write($" = \"{ToEscapedString(str)}\"");
}
else if (val is char c)
{
var v = (int)c;
writer.Write($" = '\\x{v:x}'");
}
else if (val != null)
{
writer.Write($" = {val}");
}
}
}
if (config.DumpFieldOffset)
{
writer.Write("; // 0x{0:X}\n", il2cpp.GetFieldOffsetFromIndex(idx, i - typeDef.fieldStart, i));
}
else
{
writer.Write(";\n");
}
}
}
//dump property
if (config.DumpProperty && typeDef.property_count > 0)
{
writer.Write("\n\t// Properties\n");
var propertyEnd = typeDef.propertyStart + typeDef.property_count;
for (var i = typeDef.propertyStart; i < propertyEnd; ++i)
{
var propertyDef = metadata.propertyDefs[i];
writer.Write(GetCustomAttribute(imageDef, propertyDef.customAttributeIndex, propertyDef.token, "\t"));
writer.Write("\t");
if (propertyDef.get >= 0)
{
var methodDef = metadata.methodDefs[typeDef.methodStart + propertyDef.get];
writer.Write(GetModifiers(methodDef));
var propertyType = il2cpp.types[methodDef.returnType];
writer.Write($"{GetTypeName(propertyType)} {metadata.GetStringFromIndex(propertyDef.nameIndex)} {{ ");
}
else if (propertyDef.set > 0)
{
var methodDef = metadata.methodDefs[typeDef.methodStart + propertyDef.set];
writer.Write(GetModifiers(methodDef));
var parameterDef = metadata.parameterDefs[methodDef.parameterStart];
var propertyType = il2cpp.types[parameterDef.typeIndex];
writer.Write($"{GetTypeName(propertyType)} {metadata.GetStringFromIndex(propertyDef.nameIndex)} {{ ");
}
if (propertyDef.get >= 0)
{
writer.Write("get; ");
}
if (propertyDef.set >= 0)
{
writer.Write("set; ");
}
writer.Write("}");
writer.Write("\n");
}
}
//dump method
if (config.DumpMethod && typeDef.method_count > 0)
{
writer.Write("\n\t// Methods\n");
var methodEnd = typeDef.methodStart + typeDef.method_count;
for (var i = typeDef.methodStart; i < methodEnd; ++i)
{
var methodDef = metadata.methodDefs[i];
writer.Write(GetCustomAttribute(imageDef, methodDef.customAttributeIndex, methodDef.token, "\t"));
writer.Write("\t");
writer.Write(GetModifiers(methodDef));
var methodReturnType = il2cpp.types[methodDef.returnType];
var methodName = metadata.GetStringFromIndex(methodDef.nameIndex);
writer.Write($"{GetTypeName(methodReturnType)} {methodName}(");
var parameterStrs = new List <string>();
for (var j = 0; j < methodDef.parameterCount; ++j)
{
var parameterStr = "";
var parameterDef = metadata.parameterDefs[methodDef.parameterStart + j];
var parameterName = metadata.GetStringFromIndex(parameterDef.nameIndex);
var parameterType = il2cpp.types[parameterDef.typeIndex];
var parameterTypeName = GetTypeName(parameterType);
if ((parameterType.attrs & PARAM_ATTRIBUTE_OPTIONAL) != 0)
{
parameterStr += "optional ";
}
if ((parameterType.attrs & PARAM_ATTRIBUTE_OUT) != 0)
{
parameterStr += "out ";
}
parameterStr += $"{parameterTypeName} {parameterName}";
parameterStrs.Add(parameterStr);
}
writer.Write(string.Join(", ", parameterStrs));
if (config.DumpMethodOffset)
{
var methodPointer = il2cpp.GetMethodPointer(methodDef.methodIndex, i, imageIndex, methodDef.token);
if (methodPointer > 0)
{
var fixedMethodPointer = il2cpp.FixPointer(methodPointer);
writer.Write("); // RVA: 0x{0:X} Offset: 0x{1:X}\n", fixedMethodPointer, il2cpp.MapVATR(methodPointer));
//Script - methodPointer
if (il2cpp is PE)
{
scriptwriter.WriteLine($"SetName(0x{methodPointer:X}, '{typeName + "$$" + methodName}')");
}
else
{
scriptwriter.WriteLine($"SetName(0x{fixedMethodPointer:X}, '{typeName + "$$" + methodName}')");
}
}
else
{
writer.Write("); // -1\n");
}
}
else
{
writer.Write("); \n");
}
}
}
writer.Write("}\n");
}
}
catch (Exception e)
{
Console.WriteLine("ERROR: Some errors in dumping");
writer.Write("/*");
writer.Write(e);
writer.Write("*/\n}\n");
}
}
scriptwriter.WriteLine("print('Make method name done')");
//Script - MetadataUsage
if (il2cpp.version > 16)
{
scriptwriter.WriteLine("print('Setting MetadataUsage...')");
foreach (var i in metadata.metadataUsageDic[1]) //kIl2CppMetadataUsageTypeInfo
{
var type = il2cpp.types[i.Value];
var typeName = GetTypeName(type, true);
scriptwriter.WriteLine($"SetName(0x{il2cpp.metadataUsages[i.Key]:X}, '{"Class$" + typeName}')");
scriptwriter.WriteLine($"idc.set_cmt(0x{il2cpp.metadataUsages[i.Key]:X}, r'{typeName}', 1)");
}
foreach (var i in metadata.metadataUsageDic[2]) //kIl2CppMetadataUsageIl2CppType
{
var type = il2cpp.types[i.Value];
var typeName = GetTypeName(type, true);
scriptwriter.WriteLine($"SetName(0x{il2cpp.metadataUsages[i.Key]:X}, '{"Class$" + typeName}')");
scriptwriter.WriteLine($"idc.set_cmt(0x{il2cpp.metadataUsages[i.Key]:X}, r'{typeName}', 1)");
}
foreach (var i in metadata.metadataUsageDic[3]) //kIl2CppMetadataUsageMethodDef
{
var methodDef = metadata.methodDefs[i.Value];
var typeDef = metadata.typeDefs[methodDef.declaringType];
var typeName = GetTypeName(typeDef);
var methodName = typeName + "." + metadata.GetStringFromIndex(methodDef.nameIndex) + "()";
scriptwriter.WriteLine($"SetName(0x{il2cpp.metadataUsages[i.Key]:X}, '{"Method$" + methodName}')");
scriptwriter.WriteLine($"idc.set_cmt(0x{il2cpp.metadataUsages[i.Key]:X}, '{"Method$" + methodName}', 1)");
var imageIndex = typeDefImageIndices[typeDef];
var methodPointer = il2cpp.GetMethodPointer(methodDef.methodIndex, (int)i.Value, imageIndex, methodDef.token);
scriptwriter.WriteLine($"idc.set_cmt(0x{il2cpp.metadataUsages[i.Key]:X}, '0x{methodPointer:X}', 0)");
}
foreach (var i in metadata.metadataUsageDic[4]) //kIl2CppMetadataUsageFieldInfo
{
var fieldRef = metadata.fieldRefs[i.Value];
var type = il2cpp.types[fieldRef.typeIndex];
var typeDef = metadata.typeDefs[type.data.klassIndex];
var fieldDef = metadata.fieldDefs[typeDef.fieldStart + fieldRef.fieldIndex];
var fieldName = GetTypeName(type, true) + "." + metadata.GetStringFromIndex(fieldDef.nameIndex);
scriptwriter.WriteLine($"SetName(0x{il2cpp.metadataUsages[i.Key]:X}, '{"Field$" + fieldName}')");
scriptwriter.WriteLine($"idc.set_cmt(0x{il2cpp.metadataUsages[i.Key]:X}, r'{fieldName}', 1)");
}
var stringLiterals = metadata.metadataUsageDic[5].Select(x => new //kIl2CppMetadataUsageStringLiteral
{
value = metadata.GetStringLiteralFromIndex(x.Value),
address = $"0x{il2cpp.metadataUsages[x.Key]:X}"
}).ToArray();
File.WriteAllText("stringliteral.json", JsonConvert.SerializeObject(stringLiterals, Formatting.Indented), new UTF8Encoding(false));
foreach (var stringLiteral in stringLiterals)
{
scriptwriter.WriteLine($"SetString({stringLiteral.address}, r'{ToEscapedString(stringLiteral.value)}')");
}
foreach (var i in metadata.metadataUsageDic[6]) //kIl2CppMetadataUsageMethodRef
{
var methodSpec = il2cpp.methodSpecs[i.Value];
var methodDef = metadata.methodDefs[methodSpec.methodDefinitionIndex];
var typeDef = metadata.typeDefs[methodDef.declaringType];
var typeName = GetTypeName(typeDef);
// Class of the method is generic
if (methodSpec.classIndexIndex != -1)
{
var classInst = il2cpp.genericInsts[methodSpec.classIndexIndex];
typeName += GetGenericTypeParams(classInst);
}
var methodName = typeName + "." + metadata.GetStringFromIndex(methodDef.nameIndex) + "()";
// Method itself is generic
if (methodSpec.methodIndexIndex != -1)
{
var methodInst = il2cpp.genericInsts[methodSpec.methodIndexIndex];
methodName += GetGenericTypeParams(methodInst);
}
scriptwriter.WriteLine($"SetName(0x{il2cpp.metadataUsages[i.Key]:X}, '{"Method$" + methodName}')");
scriptwriter.WriteLine($"idc.set_cmt(0x{il2cpp.metadataUsages[i.Key]:X}, '{"Method$" + methodName}', 1)");
var imageIndex = typeDefImageIndices[typeDef];
var methodPointer = il2cpp.GetMethodPointer(methodDef.methodIndex, methodSpec.methodDefinitionIndex, imageIndex, methodDef.token);
scriptwriter.WriteLine($"idc.set_cmt(0x{il2cpp.metadataUsages[i.Key]:X}, '0x{methodPointer:X}', 0)");
}
scriptwriter.WriteLine("print('Set MetadataUsage done')");
}
//Script - MakeFunction
if (config.MakeFunction)
{
List <ulong> orderedPointers;
if (il2cpp.version >= 24.2f)
{
orderedPointers = new List <ulong>();
foreach (var methodPointers in il2cpp.codeGenModuleMethodPointers)
{
orderedPointers.AddRange(methodPointers);
}
}
else
{
orderedPointers = il2cpp.methodPointers.ToList();
}
orderedPointers.AddRange(il2cpp.genericMethodPointers);
orderedPointers.AddRange(il2cpp.invokerPointers);
orderedPointers.AddRange(il2cpp.customAttributeGenerators);
if (il2cpp.version >= 22)
{
orderedPointers.AddRange(il2cpp.reversePInvokeWrappers);
orderedPointers.AddRange(il2cpp.unresolvedVirtualCallPointers);
}
//TODO interopData内也包含函数
orderedPointers = orderedPointers.Distinct().OrderBy(x => x).ToList();
orderedPointers.Remove(0);
scriptwriter.WriteLine("print('Making function...')");
for (int i = 0; i < orderedPointers.Count - 1; i++)
{
scriptwriter.WriteLine($"MakeFunction(0x{orderedPointers[i]:X}, 0x{orderedPointers[i + 1]:X})");
}
scriptwriter.WriteLine("print('Make function done, please wait for IDA to complete the analysis')");
}
scriptwriter.WriteLine("print('Script finish !')");
//writer close
writer.Close();
scriptwriter.Close();
Console.WriteLine("Done !");
//DummyDll
if (config.DummyDll)
{
Console.WriteLine("Create DummyDll...");
if (Directory.Exists("DummyDll"))
{
Directory.Delete("DummyDll", true);
}
Directory.CreateDirectory("DummyDll");
Directory.SetCurrentDirectory("DummyDll");
var dummy = new DummyAssemblyCreator(metadata, il2cpp);
foreach (var assembly in dummy.Assemblies)
{
var stream = new MemoryStream();
assembly.Write(stream);
File.WriteAllBytes(assembly.MainModule.Name, stream.ToArray());
}
Console.WriteLine("Done !");
}
}
public DummyAssemblyCreator(Metadata metadata, Il2Cpp il2cpp)
{
this.metadata = metadata;
this.il2cpp = il2cpp;
//Il2CppDummyDll
var il2CppDummyDll = Il2CppDummyDll.Create();
Assemblies.Add(il2CppDummyDll);
var addressAttribute = il2CppDummyDll.MainModule.Types.First(x => x.Name == "AddressAttribute").Methods[0];
var fieldOffsetAttribute = il2CppDummyDll.MainModule.Types.First(x => x.Name == "FieldOffsetAttribute").Methods[0];
attributeAttribute = il2CppDummyDll.MainModule.Types.First(x => x.Name == "AttributeAttribute").Methods[0];
stringType = il2CppDummyDll.MainModule.TypeSystem.String;
var resolver = new MyAssemblyResolver();
var moduleParameters = new ModuleParameters
{
Kind = ModuleKind.Dll,
AssemblyResolver = resolver
};
resolver.Register(il2CppDummyDll);
//创建程序集,同时创建所有类
foreach (var imageDef in metadata.imageDefs)
{
var imageName = metadata.GetStringFromIndex(imageDef.nameIndex);
var assemblyName = new AssemblyNameDefinition(imageName.Replace(".dll", ""), new Version("3.7.1.6"));
var assemblyDefinition = AssemblyDefinition.CreateAssembly(assemblyName, imageName, moduleParameters);
resolver.Register(assemblyDefinition);
Assemblies.Add(assemblyDefinition);
var moduleDefinition = assemblyDefinition.MainModule;
moduleDefinition.Types.Clear();//清除自动创建的<Module>类
var typeEnd = imageDef.typeStart + imageDef.typeCount;
for (var index = imageDef.typeStart; index < typeEnd; ++index)
{
var typeDef = metadata.typeDefs[index];
var namespaceName = metadata.GetStringFromIndex(typeDef.namespaceIndex);
var typeName = metadata.GetStringFromIndex(typeDef.nameIndex);
TypeDefinition typeDefinition;
if (typeDef.declaringTypeIndex != -1)//nested types
{
typeDefinition = typeDefinitionDic[index];
}
else
{
typeDefinition = new TypeDefinition(namespaceName, typeName, (TypeAttributes)typeDef.flags);
moduleDefinition.Types.Add(typeDefinition);
typeDefinitionDic.Add(index, typeDefinition);
}
//nestedtype
for (int i = 0; i < typeDef.nested_type_count; i++)
{
var nestedIndex = metadata.nestedTypeIndices[typeDef.nestedTypesStart + i];
var nestedTypeDef = metadata.typeDefs[nestedIndex];
var nestedTypeDefinition = new TypeDefinition(metadata.GetStringFromIndex(nestedTypeDef.namespaceIndex), metadata.GetStringFromIndex(nestedTypeDef.nameIndex), (TypeAttributes)nestedTypeDef.flags);
typeDefinition.NestedTypes.Add(nestedTypeDefinition);
typeDefinitionDic.Add(nestedIndex, nestedTypeDefinition);
}
}
}
//先单独处理,因为不知道会不会有问题
for (var index = 0; index < metadata.typeDefs.Length; ++index)
{
var typeDef = metadata.typeDefs[index];
var typeDefinition = typeDefinitionDic[index];
//parent
if (typeDef.parentIndex >= 0)
{
var parentType = il2cpp.types[typeDef.parentIndex];
var parentTypeRef = GetTypeReference(typeDefinition, parentType);
typeDefinition.BaseType = parentTypeRef;
}
//interfaces
for (int i = 0; i < typeDef.interfaces_count; i++)
{
var interfaceType = il2cpp.types[metadata.interfaceIndices[typeDef.interfacesStart + i]];
var interfaceTypeRef = GetTypeReference(typeDefinition, interfaceType);
typeDefinition.Interfaces.Add(new InterfaceImplementation(interfaceTypeRef));
}
}
//处理field, method, property等等
for (var imageIndex = 0; imageIndex < metadata.imageDefs.Length; imageIndex++)
{
var imageDef = metadata.imageDefs[imageIndex];
var typeEnd = imageDef.typeStart + imageDef.typeCount;
for (int index = imageDef.typeStart; index < typeEnd; index++)
{
var typeDef = metadata.typeDefs[index];
var typeDefinition = typeDefinitionDic[index];
//typeAttribute
CreateCustomAttribute(imageDef, typeDef.customAttributeIndex, typeDef.token, typeDefinition.Module, typeDefinition.CustomAttributes);
//field
var fieldEnd = typeDef.fieldStart + typeDef.field_count;
for (var i = typeDef.fieldStart; i < fieldEnd; ++i)
{
var fieldDef = metadata.fieldDefs[i];
var fieldType = il2cpp.types[fieldDef.typeIndex];
var fieldName = metadata.GetStringFromIndex(fieldDef.nameIndex);
var fieldTypeRef = GetTypeReference(typeDefinition, fieldType);
var fieldDefinition = new FieldDefinition(fieldName, (FieldAttributes)fieldType.attrs, fieldTypeRef);
typeDefinition.Fields.Add(fieldDefinition);
//fieldDefault
if (fieldDefinition.HasDefault)
{
var fieldDefault = metadata.GetFieldDefaultValueFromIndex(i);
if (fieldDefault != null && fieldDefault.dataIndex != -1)
{
fieldDefinition.Constant = GetDefaultValue(fieldDefault.dataIndex, fieldDefault.typeIndex);
}
}
//fieldOffset
var fieldOffset = il2cpp.GetFieldOffsetFromIndex(index, i - typeDef.fieldStart, i);
if (fieldOffset > 0)
{
var customAttribute = new CustomAttribute(typeDefinition.Module.ImportReference(fieldOffsetAttribute));
var offset = new CustomAttributeNamedArgument("Offset", new CustomAttributeArgument(stringType, $"0x{fieldOffset:X}"));
customAttribute.Fields.Add(offset);
fieldDefinition.CustomAttributes.Add(customAttribute);
}
//fieldAttribute
CreateCustomAttribute(imageDef, fieldDef.customAttributeIndex, fieldDef.token, typeDefinition.Module, fieldDefinition.CustomAttributes);
}
//method
var methodEnd = typeDef.methodStart + typeDef.method_count;
for (var i = typeDef.methodStart; i < methodEnd; ++i)
{
var methodDef = metadata.methodDefs[i];
var methodReturnType = il2cpp.types[methodDef.returnType];
var methodName = metadata.GetStringFromIndex(methodDef.nameIndex);
var methodDefinition = new MethodDefinition(methodName, (MethodAttributes)methodDef.flags, typeDefinition.Module.ImportReference(typeof(void)));
typeDefinition.Methods.Add(methodDefinition);
methodDefinition.ReturnType = GetTypeReference(methodDefinition, methodReturnType);
if (methodDefinition.HasBody && typeDefinition.BaseType?.FullName != "System.MulticastDelegate")
{
var ilprocessor = methodDefinition.Body.GetILProcessor();
ilprocessor.Append(ilprocessor.Create(OpCodes.Nop));
}
methodDefinitionDic.Add(i, methodDefinition);
//method parameter
for (var j = 0; j < methodDef.parameterCount; ++j)
{
var parameterDef = metadata.parameterDefs[methodDef.parameterStart + j];
var parameterName = metadata.GetStringFromIndex(parameterDef.nameIndex);
var parameterType = il2cpp.types[parameterDef.typeIndex];
var parameterTypeRef = GetTypeReference(methodDefinition, parameterType);
var parameterDefinition = new ParameterDefinition(parameterName, (ParameterAttributes)parameterType.attrs, parameterTypeRef);
methodDefinition.Parameters.Add(parameterDefinition);
//ParameterDefault
if (parameterDefinition.HasDefault)
{
var parameterDefault = metadata.GetParameterDefaultValueFromIndex(methodDef.parameterStart + j);
if (parameterDefault != null && parameterDefault.dataIndex != -1)
{
parameterDefinition.Constant = GetDefaultValue(parameterDefault.dataIndex, parameterDefault.typeIndex);
}
}
}
//补充泛型参数
if (methodDef.genericContainerIndex >= 0)
{
var genericContainer = metadata.genericContainers[methodDef.genericContainerIndex];
if (genericContainer.type_argc > methodDefinition.GenericParameters.Count)
{
for (int j = 0; j < genericContainer.type_argc; j++)
{
var genericParameterIndex = genericContainer.genericParameterStart + j;
var param = metadata.genericParameters[genericParameterIndex];
var genericName = metadata.GetStringFromIndex(param.nameIndex);
if (!genericParameterDic.TryGetValue(genericParameterIndex, out var genericParameter))
{
genericParameter = new GenericParameter(genericName, methodDefinition);
methodDefinition.GenericParameters.Add(genericParameter);
genericParameterDic.Add(genericParameterIndex, genericParameter);
}
else
{
if (!methodDefinition.GenericParameters.Contains(genericParameter))
{
methodDefinition.GenericParameters.Add(genericParameter);
}
}
}
}
}
//methodAddress
var methodPointer = il2cpp.GetMethodPointer(methodDef.methodIndex, i, imageIndex, methodDef.token);
if (methodPointer > 0)
{
var customAttribute = new CustomAttribute(typeDefinition.Module.ImportReference(addressAttribute));
var fixedMethodPointer = il2cpp.FixPointer(methodPointer);
var rva = new CustomAttributeNamedArgument("RVA", new CustomAttributeArgument(stringType, $"0x{fixedMethodPointer:X}"));
var offset = new CustomAttributeNamedArgument("Offset", new CustomAttributeArgument(stringType, $"0x{il2cpp.MapVATR(methodPointer):X}"));
customAttribute.Fields.Add(rva);
customAttribute.Fields.Add(offset);
methodDefinition.CustomAttributes.Add(customAttribute);
}
//methodAttribute
CreateCustomAttribute(imageDef, methodDef.customAttributeIndex, methodDef.token, typeDefinition.Module, methodDefinition.CustomAttributes);
}
//property
var propertyEnd = typeDef.propertyStart + typeDef.property_count;
for (var i = typeDef.propertyStart; i < propertyEnd; ++i)
{
var propertyDef = metadata.propertyDefs[i];
var propertyName = metadata.GetStringFromIndex(propertyDef.nameIndex);
TypeReference propertyType = null;
MethodDefinition GetMethod = null;
MethodDefinition SetMethod = null;
if (propertyDef.get >= 0)
{
GetMethod = methodDefinitionDic[typeDef.methodStart + propertyDef.get];
propertyType = GetMethod.ReturnType;
}
if (propertyDef.set >= 0)
{
SetMethod = methodDefinitionDic[typeDef.methodStart + propertyDef.set];
if (propertyType == null)
{
propertyType = SetMethod.Parameters[0].ParameterType;
}
}
var propertyDefinition = new PropertyDefinition(propertyName, (PropertyAttributes)propertyDef.attrs, propertyType)
{
GetMethod = GetMethod,
SetMethod = SetMethod
};
typeDefinition.Properties.Add(propertyDefinition);
//propertyAttribute
CreateCustomAttribute(imageDef, propertyDef.customAttributeIndex, propertyDef.token, typeDefinition.Module, propertyDefinition.CustomAttributes);
}
//event
var eventEnd = typeDef.eventStart + typeDef.event_count;
for (var i = typeDef.eventStart; i < eventEnd; ++i)
{
var eventDef = metadata.eventDefs[i];
var eventName = metadata.GetStringFromIndex(eventDef.nameIndex);
var eventType = il2cpp.types[eventDef.typeIndex];
var eventTypeRef = GetTypeReference(typeDefinition, eventType);
var eventDefinition = new EventDefinition(eventName, (EventAttributes)eventType.attrs, eventTypeRef);
if (eventDef.add >= 0)
{
eventDefinition.AddMethod = methodDefinitionDic[typeDef.methodStart + eventDef.add];
}
if (eventDef.remove >= 0)
{
eventDefinition.RemoveMethod = methodDefinitionDic[typeDef.methodStart + eventDef.remove];
}
if (eventDef.raise >= 0)
{
eventDefinition.InvokeMethod = methodDefinitionDic[typeDef.methodStart + eventDef.raise];
}
typeDefinition.Events.Add(eventDefinition);
//eventAttribute
CreateCustomAttribute(imageDef, eventDef.customAttributeIndex, eventDef.token, typeDefinition.Module, eventDefinition.CustomAttributes);
}
//补充泛型参数
if (typeDef.genericContainerIndex >= 0)
{
var genericContainer = metadata.genericContainers[typeDef.genericContainerIndex];
if (genericContainer.type_argc > typeDefinition.GenericParameters.Count)
{
for (int i = 0; i < genericContainer.type_argc; i++)
{
var genericParameterIndex = genericContainer.genericParameterStart + i;
var param = metadata.genericParameters[genericParameterIndex];
var genericName = metadata.GetStringFromIndex(param.nameIndex);
if (!genericParameterDic.TryGetValue(genericParameterIndex, out var genericParameter))
{
genericParameter = new GenericParameter(genericName, typeDefinition);
typeDefinition.GenericParameters.Add(genericParameter);
genericParameterDic.Add(genericParameterIndex, genericParameter);
}
else
{
if (!typeDefinition.GenericParameters.Contains(genericParameter))
{
typeDefinition.GenericParameters.Add(genericParameter);
}
}
}
}
}
}
}
//第三遍,添加SerializeField用于MonoBehaviour的反序列化
if (il2cpp.version > 20)
{
var engine = Assemblies.Find(x => x.MainModule.Types.Any(t => t.Namespace == "UnityEngine" && t.Name == "SerializeField"));
if (engine != null)
{
var serializeField = engine.MainModule.Types.First(x => x.Name == "SerializeField").Methods.First();
foreach (var imageDef in metadata.imageDefs)
{
var typeEnd = imageDef.typeStart + imageDef.typeCount;
for (int index = imageDef.typeStart; index < typeEnd; index++)
{
var typeDef = metadata.typeDefs[index];
var typeDefinition = typeDefinitionDic[index];
//field
var fieldEnd = typeDef.fieldStart + typeDef.field_count;
for (var i = typeDef.fieldStart; i < fieldEnd; ++i)
{
var fieldDef = metadata.fieldDefs[i];
var fieldName = metadata.GetStringFromIndex(fieldDef.nameIndex);
var fieldDefinition = typeDefinition.Fields.First(x => x.Name == fieldName);
//fieldAttribute
var attributeIndex = metadata.GetCustomAttributeIndex(imageDef, fieldDef.customAttributeIndex, fieldDef.token);
if (attributeIndex >= 0)
{
var attributeTypeRange = metadata.attributeTypeRanges[attributeIndex];
for (int j = 0; j < attributeTypeRange.count; j++)
{
var attributeTypeIndex = metadata.attributeTypes[attributeTypeRange.start + j];
var attributeType = il2cpp.types[attributeTypeIndex];
if (attributeType.type == Il2CppTypeEnum.IL2CPP_TYPE_CLASS)
{
var klass = metadata.typeDefs[attributeType.data.klassIndex];
var attributeName = metadata.GetStringFromIndex(klass.nameIndex);
if (attributeName == "SerializeField")
{
var customAttribute = new CustomAttribute(typeDefinition.Module.ImportReference(serializeField));
fieldDefinition.CustomAttributes.Add(customAttribute);
}
}
}
}
}
}
}
}
}
}
public void WriteScript(StreamWriter writer, Config config)
{
writer.WriteLine("#include <idc.idc>");
writer.WriteLine();
writer.WriteLine("static MySetString(addr, comm) {");
writer.WriteLine("\textern index;");
writer.WriteLine("\tauto name = sprintf(\"StringLiteral_%d\", index);");
writer.WriteLine("\tcreate_data(addr, FF_QWORD, 8, BADADDR);");
writer.WriteLine("\tset_name(addr, name, SN_NOWARN);");
writer.WriteLine("\tset_cmt(addr, comm, 1);");
writer.WriteLine("\tindex = index + 1;");
writer.WriteLine("}");
writer.WriteLine();
writer.WriteLine("static MySetName(addr, name) {");
writer.WriteLine("\tauto ret = set_name(addr, name, SN_NOWARN | SN_NOCHECK);");
writer.WriteLine("\tif (ret == 0) {");
writer.WriteLine("\t\tauto new_name = sprintf(\"%s_%x\", name, addr);");
writer.WriteLine("\t\tset_name(addr, new_name, SN_NOWARN | SN_NOCHECK);");
writer.WriteLine("\t}");
writer.WriteLine("}");
writer.WriteLine();
writer.WriteLine("static MyMakeFunction(start, end) {");
writer.WriteLine("\tauto next_func = get_next_func(start);");
writer.WriteLine("\tif (next_func < end)");
writer.WriteLine("\t\tend = next_func;");
writer.WriteLine("\tif (get_func_attr(start, FUNCATTR_START) == start)");
writer.WriteLine("\t\tdel_func(start);");
writer.WriteLine("\tadd_func(start, end);");
writer.WriteLine("}");
writer.WriteLine();
writer.WriteLine("static main(void) {");
writer.WriteLine("extern index;");
writer.WriteLine("index = 1;");
writer.WriteLine("msg(\"Making method name...\\n\");");
for (var imageIndex = 0; imageIndex < metadata.imageDefs.Length; imageIndex++)
{
var imageDef = metadata.imageDefs[imageIndex];
var typeEnd = imageDef.typeStart + imageDef.typeCount;
for (int typeIndex = imageDef.typeStart; typeIndex < typeEnd; typeIndex++)
{
var typeDef = metadata.typeDefs[typeIndex];
var typeName = GetTypeName(typeDef);
typeDefImageIndices.Add(typeDef, imageIndex);
var methodEnd = typeDef.methodStart + typeDef.method_count;
for (var i = typeDef.methodStart; i < methodEnd; ++i)
{
var methodDef = metadata.methodDefs[i];
var methodName = metadata.GetStringFromIndex(methodDef.nameIndex);
var methodPointer = il2Cpp.GetMethodPointer(methodDef.methodIndex, i, imageIndex, methodDef.token);
if (methodPointer > 0)
{
var fixedMethodPointer = il2Cpp.FixPointer(methodPointer);
if (il2Cpp is PE)
{
writer.WriteLine($"MySetName(0x{methodPointer:X}, \"{typeName + "$$" + methodName}\");");
}
else
{
writer.WriteLine($"MySetName(0x{fixedMethodPointer:X}, \"{typeName + "$$" + methodName}\");");
}
}
}
}
}
writer.WriteLine("msg(\"Make method name done\\n\");");
if (il2Cpp.version > 16)
{
writer.WriteLine("msg(\"Setting MetadataUsage...\\n\");");
foreach (var i in metadata.metadataUsageDic[1]) //kIl2CppMetadataUsageTypeInfo
{
var type = il2Cpp.types[i.Value];
var typeName = GetTypeName(type, true);
writer.WriteLine($"MySetName(0x{il2Cpp.metadataUsages[i.Key]:X}, \"{"Class$" + typeName}\");");
writer.WriteLine($"set_cmt(0x{il2Cpp.metadataUsages[i.Key]:X}, \"{typeName}\", 1);");
}
foreach (var i in metadata.metadataUsageDic[2]) //kIl2CppMetadataUsageIl2CppType
{
var type = il2Cpp.types[i.Value];
var typeName = GetTypeName(type, true);
writer.WriteLine($"MySetName(0x{il2Cpp.metadataUsages[i.Key]:X}, \"{"Class$" + typeName}\");");
writer.WriteLine($"set_cmt(0x{il2Cpp.metadataUsages[i.Key]:X}, \"{typeName}\", 1);");
}
foreach (var i in metadata.metadataUsageDic[3]) //kIl2CppMetadataUsageMethodDef
{
var methodDef = metadata.methodDefs[i.Value];
var typeDef = metadata.typeDefs[methodDef.declaringType];
var typeName = GetTypeName(typeDef);
var methodName = typeName + "." + metadata.GetStringFromIndex(methodDef.nameIndex) + "()";
writer.WriteLine($"MySetName(0x{il2Cpp.metadataUsages[i.Key]:X}, \"{"Method$" + methodName}\");");
writer.WriteLine($"set_cmt(0x{il2Cpp.metadataUsages[i.Key]:X}, \"{"Method$" + methodName}\", 1);");
var imageIndex = typeDefImageIndices[typeDef];
var methodPointer = il2Cpp.GetMethodPointer(methodDef.methodIndex, (int)i.Value, imageIndex, methodDef.token);
writer.WriteLine($"set_cmt(0x{il2Cpp.metadataUsages[i.Key]:X}, \"0x{methodPointer:X}\", 0);");
}
foreach (var i in metadata.metadataUsageDic[4]) //kIl2CppMetadataUsageFieldInfo
{
var fieldRef = metadata.fieldRefs[i.Value];
var type = il2Cpp.types[fieldRef.typeIndex];
var typeDef = metadata.typeDefs[type.data.klassIndex];
var fieldDef = metadata.fieldDefs[typeDef.fieldStart + fieldRef.fieldIndex];
var fieldName = GetTypeName(type, true) + "." + metadata.GetStringFromIndex(fieldDef.nameIndex);
writer.WriteLine($"MySetName(0x{il2Cpp.metadataUsages[i.Key]:X}, \"{"Field$" + fieldName}\");");
writer.WriteLine($"set_cmt(0x{il2Cpp.metadataUsages[i.Key]:X}, \"{fieldName}\", 1);");
}
var stringLiterals = metadata.metadataUsageDic[5].Select(x => new //kIl2CppMetadataUsageStringLiteral
{
value = metadata.GetStringLiteralFromIndex(x.Value),
address = $"0x{il2Cpp.metadataUsages[x.Key]:X}"
}).ToArray();
File.WriteAllText("stringliteral.json", JsonConvert.SerializeObject(stringLiterals, Formatting.Indented), new UTF8Encoding(false)); //TODO
foreach (var stringLiteral in stringLiterals)
{
writer.WriteLine($"MySetString({stringLiteral.address}, \"{stringLiteral.value.ToEscapedString()}\");");
}
foreach (var i in metadata.metadataUsageDic[6]) //kIl2CppMetadataUsageMethodRef
{
var methodSpec = il2Cpp.methodSpecs[i.Value];
var methodDef = metadata.methodDefs[methodSpec.methodDefinitionIndex];
var typeDef = metadata.typeDefs[methodDef.declaringType];
var typeName = GetTypeName(typeDef);
if (methodSpec.classIndexIndex != -1)
{
var classInst = il2Cpp.genericInsts[methodSpec.classIndexIndex];
typeName += GetGenericTypeParams(classInst);
}
var methodName = typeName + "." + metadata.GetStringFromIndex(methodDef.nameIndex) + "()";
if (methodSpec.methodIndexIndex != -1)
{
var methodInst = il2Cpp.genericInsts[methodSpec.methodIndexIndex];
methodName += GetGenericTypeParams(methodInst);
}
writer.WriteLine($"MySetName(0x{il2Cpp.metadataUsages[i.Key]:X}, \"{"Method$" + methodName}\");");
writer.WriteLine($"set_cmt(0x{il2Cpp.metadataUsages[i.Key]:X}, \"{"Method$" + methodName}\", 1);");
var imageIndex = typeDefImageIndices[typeDef];
var methodPointer = il2Cpp.GetMethodPointer(methodDef.methodIndex, methodSpec.methodDefinitionIndex, imageIndex, methodDef.token);
writer.WriteLine($"set_cmt(0x{il2Cpp.metadataUsages[i.Key]:X}, \"0x{methodPointer:X}\", 0);");
}
writer.WriteLine("msg(\"Set MetadataUsage done\\n\");");
}
if (config.MakeFunction)
{
List <ulong> orderedPointers;
if (il2Cpp.version >= 24.2f)
{
orderedPointers = new List <ulong>();
foreach (var methodPointers in il2Cpp.codeGenModuleMethodPointers)
{
orderedPointers.AddRange(methodPointers);
}
}
else
{
orderedPointers = il2Cpp.methodPointers.ToList();
}
orderedPointers.AddRange(il2Cpp.genericMethodPointers);
orderedPointers.AddRange(il2Cpp.invokerPointers);
orderedPointers.AddRange(il2Cpp.customAttributeGenerators);
if (il2Cpp.version >= 22)
{
orderedPointers.AddRange(il2Cpp.reversePInvokeWrappers);
orderedPointers.AddRange(il2Cpp.unresolvedVirtualCallPointers);
}
//TODO interopData内也包含函数
orderedPointers = orderedPointers.Distinct().OrderBy(x => x).ToList();
orderedPointers.Remove(0);
writer.WriteLine("msg(\"Making function...\\n\");");
for (int i = 0; i < orderedPointers.Count - 1; i++)
{
writer.WriteLine($"MyMakeFunction(0x{orderedPointers[i]:X}, 0x{orderedPointers[i + 1]:X});");
}
writer.WriteLine("msg(\"Make function done, please wait for IDA to complete the analysis\\n\");");
}
writer.WriteLine("msg(\"Script finished!\\n\");");
writer.WriteLine("}");
writer.Close();
}
