public static string DissasembleIl2CppMethod(MethodInfo method, UnitorModel module)
{
StringBuilder output = new StringBuilder();
if (!method.VirtualAddress.HasValue)
{
return("");
}
X86DisassembleMode mode = module.AppModel.Image.Arch == "x64" ? X86DisassembleMode.Bit64 : X86DisassembleMode.Bit32;
CapstoneX86Disassembler disassembler = CapstoneDisassembler.CreateX86Disassembler(mode);
disassembler.EnableInstructionDetails = true;
var asm = disassembler.Disassemble(method.GetMethodBody(), (long)method.VirtualAddress.Value.Start);
foreach (X86Instruction ins in asm)
{
if (ShouldCheckInstruction(ins.Id))
{
output.AppendLine(ins.Mnemonic + " " + ins.Operand + " " + GetTooltipFromInstruction(method, ins, module));
}
else
{
output.AppendLine(ins.Mnemonic + " " + ins.Operand);
}
}
disassembler.Dispose();
return(output.ToString());
}
public static UnitorMethod GetMethodFromInstruction(X86Instruction ins, UnitorModel model)
{
if (!ins.HasDetails)
{
return(null);
}
X86Operand[] operands = ins.Details.Operands;
if (operands.Length == 0)
{
return(null);
}
ulong address = GetAdressFromOperand(ins, operands[0]);
if (address == 0x0)
{
return(null);
}
if (model.AppModel.GetAddressMap().TryGetValue(address, out object content))
{
if (content is AppMethod appMethod)
{
if (model.Il2CppTypeMatches.TryGetValue(appMethod.Method.DeclaringType, out UnitorType type))
{
if (type.Methods == null)
{
return(null);
}
return(model.Il2CppTypeMatches[appMethod.Method.DeclaringType].Methods.FirstOrDefault(m => m.Name == appMethod.Method.Name));
}
}
}
return(null);
}
public StringTable(UnitorModel model, EventHandler <UnitorMethod> referenceCallback)
{
InitializeComponent();
Strings.ItemsSource = model.StringTable;
Model = model;
Callback = referenceCallback;
}
public static string DissasembleMethod(UnitorMethod method, UnitorModel module)
{
if (method.IsEmpty)
{
return("");
}
if (method.Il2CppMethod != null)
{
return(DissasembleIl2CppMethod(method.Il2CppMethod, module));
}
else
{
return(DissasembleMonoMethod(method.MonoMethod));
}
}
public static UnitorType GetTypeLoaded(X86Instruction ins, UnitorModel model)
{
if (!ins.HasDetails)
{
return(null);
}
X86Operand[] operands = ins.Details.Operands;
if (operands.Length != 2)
{
return(null);
}
X86Operand register = operands[0]; // Future use for register type/method storage
X86Operand operand = operands[1];
ulong address = GetAdressFromOperand(ins, operand);
if (address == 0x0)
{
return(null);
}
return(model.Types.FirstOrDefault(t => t.TypeClassAddress == address));
}
public static string GetTooltipFromInstruction(MethodInfo method, X86Instruction ins, UnitorModel model)
{
return(GetMethodFromInstruction(ins, model) +
GetStringFromInstruction(ins, model.StringTable).Item2 +
GetParameterInfo(ins, method) +
GetTypeLoaded(ins, model)
);
}
public ReferenceView(KeyValuePair <ulong, string> s, UnitorModel model, EventHandler <UnitorMethod> referenceCallback)
{
InitializeComponent();
References.ItemsSource = model.Types.SelectMany(t => t.Methods).Where(m => m.Strings.Contains(s));
Callback = referenceCallback;
}
