public override bool PlusSearch(int methodCount, int typeDefinitionsCount) { var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages); plusSearch.SetSearch(header.DataSegment); plusSearch.SetPointerRangeFirst(header.DataSegment); plusSearch.SetPointerRangeSecond(header.TextSegment); var codeRegistration = plusSearch.FindCodeRegistration64Bit(); plusSearch.SetPointerRangeSecond(header.BssSegment); var metadataRegistration = plusSearch.FindMetadataRegistration64Bit(); return(AutoInit(codeRegistration, metadataRegistration)); }
public override bool PlusSearch(int methodCount, int typeDefinitionsCount) { var execList = new List <SectionHeader>(); var dataList = new List <SectionHeader>(); foreach (var section in sections) { switch (section.Characteristics) { case 0x60000020: execList.Add(section); break; case 0x40000040: case 0xC0000040: dataList.Add(section); break; } } ulong codeRegistration; ulong metadataRegistration; var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages); var data = dataList.ToArray(); var exec = execList.ToArray(); plusSearch.SetSearch(imageBase, data); plusSearch.SetPointerRangeFirst(imageBase, data); plusSearch.SetPointerRangeSecond(imageBase, exec); if (is32Bit) { codeRegistration = plusSearch.FindCodeRegistration(); plusSearch.SetPointerRangeSecond(imageBase, data); metadataRegistration = plusSearch.FindMetadataRegistration(); } else { codeRegistration = plusSearch.FindCodeRegistration64Bit(); plusSearch.SetPointerRangeSecond(imageBase, data); metadataRegistration = plusSearch.FindMetadataRegistration64Bit(); } if (codeRegistration != 0 && metadataRegistration != 0) { Console.WriteLine("CodeRegistration : {0:x}", codeRegistration); Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration); Init(codeRegistration, metadataRegistration); return(true); } return(false); }
public override bool PlusSearch(int methodCount, int typeDefinitionsCount) { var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages); var dataList = new List <Elf64_Phdr>(); var execList = new List <Elf64_Phdr>(); foreach (var phdr in program_table) { if (phdr.p_memsz != 0ul) { switch (phdr.p_flags) { case 1u: //PF_X case 3u: case 5u: case 7u: execList.Add(phdr); break; case 2u: //PF_W && PF_R case 4u: case 6u: dataList.Add(phdr); break; } } } var data = dataList.ToArray(); var exec = execList.ToArray(); plusSearch.SetSearch(data); plusSearch.SetPointerRangeFirst(data); plusSearch.SetPointerRangeSecond(exec); var codeRegistration = plusSearch.FindCodeRegistration64Bit(); plusSearch.SetPointerRangeSecond(data); var metadataRegistration = plusSearch.FindMetadataRegistration64Bit(); if (codeRegistration != 0 && metadataRegistration != 0) { Console.WriteLine("CodeRegistration : {0:x}", codeRegistration); Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration); Init(codeRegistration, metadataRegistration); return(true); } return(false); }
public override bool PlusSearch(int methodCount, int typeDefinitionsCount) { var data = sections.Where(x => x.sectname == "__const").ToArray(); var code = sections.Where(x => x.flags == 0x80000400).ToArray(); var bss = sections.Where(x => x.flags == 1u).ToArray(); var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages); plusSearch.SetSearch(data); plusSearch.SetPointerRangeFirst(data); plusSearch.SetPointerRangeSecond(code); var codeRegistration = plusSearch.FindCodeRegistration64Bit(); plusSearch.SetPointerRangeSecond(bss); var metadataRegistration = plusSearch.FindMetadataRegistration64Bit(); return(AutoInit(codeRegistration, metadataRegistration)); }
public override bool PlusSearch(int methodCount, int typeDefinitionsCount) { if (!isDumped && (!sectionWithName.ContainsKey(".data.rel.ro") || !sectionWithName.ContainsKey(".text") || !sectionWithName.ContainsKey(".bss"))) { Console.WriteLine("ERROR: This file has been protected."); } var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages); var dataList = new List <Elf64_Phdr>(); var execList = new List <Elf64_Phdr>(); foreach (var phdr in program_table.Where(x => x.p_type == 1u)) { if (phdr.p_memsz != 0ul) { switch (phdr.p_flags) { case 1u: //PF_X case 3u: case 5u: case 7u: execList.Add(phdr); break; case 2u: //PF_W && PF_R case 4u: case 6u: dataList.Add(phdr); break; } } } var data = dataList.ToArray(); var exec = execList.ToArray(); plusSearch.SetSearch(data); plusSearch.SetPointerRangeFirst(data); plusSearch.SetPointerRangeSecond(exec); var codeRegistration = plusSearch.FindCodeRegistration64Bit(); plusSearch.SetPointerRangeSecond(data); var metadataRegistration = plusSearch.FindMetadataRegistration64Bit(); return(AutoInit(codeRegistration, metadataRegistration)); }
public override bool PlusSearch(int methodCount, int typeDefinitionsCount) { var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages); plusSearch.SetSearch(header.DataSegment); plusSearch.SetPointerRangeFirst(header.DataSegment); plusSearch.SetPointerRangeSecond(header.TextSegment); var codeRegistration = plusSearch.FindCodeRegistration64Bit(); plusSearch.SetPointerRangeSecond(header.BssSegment); var metadataRegistration = plusSearch.FindMetadataRegistration64Bit(); if (codeRegistration != 0 && metadataRegistration != 0) { Console.WriteLine("CodeRegistration : {0:x}", codeRegistration); Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration); Init(codeRegistration, metadataRegistration); return(true); } return(false); }
public override bool PlusSearch(int methodCount, int typeDefinitionsCount) { if (sections.Any(x => x.Name == ".text") && sections.Any(x => x.Name == ".data") && sections.Any(x => x.Name == ".rdata")) { var text = sections.First(x => x.Name == ".text"); var data = sections.First(x => x.Name == ".data"); var rdata = sections.First(x => x.Name == ".rdata"); ulong codeRegistration; ulong metadataRegistration; var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages); plusSearch.SetSearch(imageBase, data, rdata); plusSearch.SetPointerRangeFirst(imageBase, data, rdata); plusSearch.SetPointerRangeSecond(imageBase, text); if (is32Bit) { codeRegistration = plusSearch.FindCodeRegistration(); plusSearch.SetPointerRangeSecond(imageBase, data, rdata); metadataRegistration = plusSearch.FindMetadataRegistration(); } else { codeRegistration = plusSearch.FindCodeRegistration64Bit(); plusSearch.SetPointerRangeSecond(imageBase, data, rdata); metadataRegistration = plusSearch.FindMetadataRegistration64Bit(); } if (codeRegistration != 0 && metadataRegistration != 0) { Console.WriteLine("CodeRegistration : {0:x}", codeRegistration); Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration); Init(codeRegistration, metadataRegistration); return(true); } } else { Console.WriteLine("ERROR: The necessary section is missing."); } return(false); }
public override bool PlusSearch(int methodCount, int typeDefinitionsCount) { var __consts = sections.Where(x => x.section_name == "__const").ToArray(); var __const = __consts[0]; var __const2 = __consts[1]; var __text = sections.First(x => x.section_name == "__text"); var __common = sections.First(x => x.section_name == "__common"); var __il2cpp = sections.FirstOrDefault(x => x.section_name == ".il2cpp"); var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages); plusSearch.SetSearch(__const, __const2); plusSearch.SetPointerRangeFirst(__const2, __const2); plusSearch.SetPointerRangeSecond(__text, __il2cpp); var codeRegistration = plusSearch.FindCodeRegistration64Bit(); if (version == 16) { Console.WriteLine("WARNING: Version 16 can only get CodeRegistration"); Console.WriteLine("CodeRegistration : {0:x}", codeRegistration); return(false); } plusSearch.SetPointerRangeSecond(__common); var metadataRegistration = plusSearch.FindMetadataRegistration64Bit(); if (codeRegistration != 0 && metadataRegistration != 0) { Console.WriteLine("CodeRegistration : {0:x}", codeRegistration); Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration); Init(codeRegistration, metadataRegistration); return(true); } return(false); }
public override bool PlusSearch(int methodCount, int typeDefinitionsCount) { if (sectionWithName.ContainsKey(".data") && sectionWithName.ContainsKey(".text") && sectionWithName.ContainsKey(".bss")) { var data = sectionWithName[".data"]; var text = sectionWithName[".text"]; var bss = sectionWithName[".bss"]; var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages); plusSearch.SetSearch(data); plusSearch.SetPointerRangeFirst(data); plusSearch.SetPointerRangeSecond(text); var codeRegistration = plusSearch.FindCodeRegistration64Bit(); plusSearch.SetPointerRangeSecond(bss); var metadataRegistration = plusSearch.FindMetadataRegistration64Bit(); if (codeRegistration != 0 && metadataRegistration != 0) { Console.WriteLine("CodeRegistration : {0:x}", codeRegistration); Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration); Init(codeRegistration, metadataRegistration); return(true); } } else { Console.WriteLine("ERROR: This file has been protected."); var plusSearch = new PlusSearch(this, methodCount, typeDefinitionsCount, maxMetadataUsages); var dataList = new List <Elf64_Phdr>(); var execList = new List <Elf64_Phdr>(); foreach (var phdr in program_table_element) { if (phdr.p_memsz != 0ul) { switch (phdr.p_flags) { case 1u: //PF_X case 3u: case 5u: case 7u: execList.Add(phdr); break; case 2u: //PF_W && PF_R case 4u: case 6u: dataList.Add(phdr); break; } } } var data = dataList.ToArray(); var exec = execList.ToArray(); plusSearch.SetSearch(data); plusSearch.SetPointerRangeFirst(data); plusSearch.SetPointerRangeSecond(exec); var codeRegistration = plusSearch.FindCodeRegistration64Bit(); plusSearch.SetPointerRangeSecond(data); var metadataRegistration = plusSearch.FindMetadataRegistration64Bit(); if (codeRegistration != 0 && metadataRegistration != 0) { Console.WriteLine("CodeRegistration : {0:x}", codeRegistration); Console.WriteLine("MetadataRegistration : {0:x}", metadataRegistration); Init(codeRegistration, metadataRegistration); return(true); } } return(false); }