private ulong FindCodeRegistration2019() { var featureBytes = il2Cpp.Version >= 27 ? featureBytes2020dot2 : featureBytes2019; var secs = data; if (il2Cpp is ElfBase) { secs = exec; } foreach (var sec in secs) { il2Cpp.Position = sec.offset; var buff = il2Cpp.ReadBytes((int)(sec.offsetEnd - sec.offset)); foreach (var index in buff.Search(featureBytes)) { var va = (ulong)index + sec.address; foreach (var dataSec in data) { il2Cpp.Position = dataSec.offset; while (il2Cpp.Position < dataSec.offsetEnd) { var offset = il2Cpp.Position; if (il2Cpp.ReadUIntPtr() == va) { var va2 = offset - dataSec.offset + dataSec.address; foreach (var dataSec2 in data) { il2Cpp.Position = dataSec2.offset; while (il2Cpp.Position < dataSec2.offsetEnd) { var offset2 = il2Cpp.Position; if (il2Cpp.ReadUIntPtr() == va2) { var va3 = offset2 - dataSec2.offset + dataSec2.address; foreach (var dataSec3 in data) { il2Cpp.Position = dataSec3.offset; while (il2Cpp.Position < dataSec3.offsetEnd) { var offset3 = il2Cpp.Position; if (il2Cpp.ReadUIntPtr() == va3) { var offset4 = offset3 - dataSec3.offset + dataSec3.address; return(offset4 - il2Cpp.PointerSize * 13); } } } } il2Cpp.Position = offset2 + il2Cpp.PointerSize; } } } il2Cpp.Position = offset + il2Cpp.PointerSize; } } } } return(0ul); }
private ulong FindCodeRegistration32Bit2019() { var secs = il2Cpp is Elf ? exec : data; foreach (var sec in secs) { il2Cpp.Position = sec.offset; var buff = il2Cpp.ReadBytes((int)(sec.offsetEnd - sec.offset)); foreach (var index in buff.Search(featureBytes2019)) { var va = (ulong)index + sec.address; foreach (var dataSec in data) { il2Cpp.Position = dataSec.offset; while (il2Cpp.Position < dataSec.offsetEnd) { var offset = il2Cpp.Position; if (il2Cpp.ReadUInt32() == va) { var va2 = offset - dataSec.offset + dataSec.address; foreach (var dataSec2 in data) { il2Cpp.Position = dataSec2.offset; while (il2Cpp.Position < dataSec2.offsetEnd) { var offset2 = il2Cpp.Position; if (il2Cpp.ReadUInt32() == va2) { var va3 = offset2 - dataSec2.offset + dataSec2.address; foreach (var dataSec3 in data) { il2Cpp.Position = dataSec3.offset; while (il2Cpp.Position < dataSec3.offsetEnd) { var offset3 = il2Cpp.Position; if (il2Cpp.ReadUInt32() == va3) { var offset4 = offset3 - dataSec3.offset + dataSec3.address; if (il2Cpp.Version > 24.2f) { return(offset4 - 60ul); } return(offset4 - 52ul); } } } } il2Cpp.Position = offset2 + 4; } } } il2Cpp.Position = offset + 4; } } } } return(0ul); }
private static readonly byte[] featureBytes = { 0x6D, 0x73, 0x63, 0x6F, 0x72, 0x6C, 0x69, 0x62, 0x2E, 0x64, 0x6C, 0x6C, 0x00 }; //mscorlib.dll private ulong FindCodeRegistration2019() { var secs = data; if (il2Cpp is ElfBase) { secs = exec; } foreach (var sec in secs) { il2Cpp.Position = sec.offset; var buff = il2Cpp.ReadBytes((int)(sec.offsetEnd - sec.offset)); foreach (var index in buff.Search(featureBytes)) { var va = (ulong)index + sec.address; va = FindReference(va); if (va != 0ul) { va = FindReference(va); if (va != 0ul) { for (int i = 0; i < imageCount; i++) { var va2 = FindReference(va - (ulong)i * il2Cpp.PointerSize); if (va2 != 0ul) { return(va2 - il2Cpp.PointerSize * 13); } } } } } } return(0ul); }