private static readonly string X86FeatureBytes = "? 0x10 ? 0xE7 ? 0x00 ? 0xE0 ? 0x20 ? 0xE0"; //TODO
public Elf(Stream stream, float version, long maxMetadataUsages) : base(stream, version, maxMetadataUsages)
{
Is32Bit = true;
elfHeader = ReadClass <Elf32_Ehdr>();
programSegment = ReadClassArray <Elf32_Phdr>(elfHeader.e_phoff, elfHeader.e_phnum);
if (!CheckSection())
{
Console.WriteLine("Detected this may be a dump file. If not, it must be protected.");
isDumped = true;
Console.WriteLine("Input dump address:");
dumpAddr = Convert.ToUInt32(Console.ReadLine(), 16);
FixedProgramSegment();
}
pt_dynamic = programSegment.First(x => x.p_type == PT_DYNAMIC);
dynamicSection = ReadClassArray <Elf32_Dyn>(pt_dynamic.p_offset, pt_dynamic.p_filesz / 8u);
if (isDumped)
{
FixedDynamicSection();
}
ReadSymbol();
if (!isDumped)
{
RelocationProcessing();
if (CheckProtection())
{
Console.WriteLine("ERROR: This file may be protected.");
}
}
}
public Elf(Stream stream, int version, long maxMetadataUsages) : base(stream, version, maxMetadataUsages)
{
is32Bit = true;
elf_header = new Elf32_Ehdr();
elf_header.ei_mag = ReadUInt32();
elf_header.ei_class = ReadByte();
elf_header.ei_data = ReadByte();
elf_header.ei_version = ReadByte();
elf_header.ei_osabi = ReadByte();
elf_header.ei_abiversion = ReadByte();
elf_header.ei_pad = ReadBytes(7);
elf_header.e_type = ReadUInt16();
elf_header.e_machine = ReadUInt16();
if (elf_header.e_machine != 0x28 && elf_header.e_machine != 0x3)
{
throw new Exception("ERROR: Unsupported machines.");
}
elf_header.e_version = ReadUInt32();
elf_header.e_entry = ReadUInt32();
elf_header.e_phoff = ReadUInt32();
elf_header.e_shoff = ReadUInt32();
elf_header.e_flags = ReadUInt32();
elf_header.e_ehsize = ReadUInt16();
elf_header.e_phentsize = ReadUInt16();
elf_header.e_phnum = ReadUInt16();
elf_header.e_shentsize = ReadUInt16();
elf_header.e_shnum = ReadUInt16();
elf_header.e_shtrndx = ReadUInt16();
program_table_element = ReadClassArray <Elf32_Phdr>(elf_header.e_phoff, elf_header.e_phnum);
GetSectionWithName();
RelocationProcessing();
}
private static readonly string X86FeatureBytes = "? 0x10 ? 0xE7 ? 0x00 ? 0xE0 ? 0x20 ? 0xE0"; //TODO
public Elf(Stream stream) : base(stream)
{
Is32Bit = true;
elfHeader = ReadClass <Elf32_Ehdr>();
programSegment = ReadClassArray <Elf32_Phdr>(elfHeader.e_phoff, elfHeader.e_phnum);
if (!CheckSection())
{
Console.WriteLine("Detected this may be a dump file.");
Console.WriteLine("Input dump address or input 0 to force continue:");
dumpAddr = Convert.ToUInt32(Console.ReadLine(), 16);
if (dumpAddr != 0)
{
isDumped = true;
}
}
if (isDumped)
{
FixedProgramSegment();
}
pt_dynamic = programSegment.First(x => x.p_type == PT_DYNAMIC);
dynamicSection = ReadClassArray <Elf32_Dyn>(pt_dynamic.p_offset, pt_dynamic.p_filesz / 8u);
if (isDumped)
{
FixedDynamicSection();
}
ReadSymbol();
if (!isDumped)
{
RelocationProcessing();
if (CheckProtection())
{
Console.WriteLine("ERROR: This file may be protected.");
}
}
}
private static readonly string X86FeatureBytes = "? 0x10 ? 0xE7 ? 0x00 ? 0xE0 ? 0x20 ? 0xE0"; //TODO
public Elf(Stream stream) : base(stream)
{
Is32Bit = true;
elfHeader = ReadClass <Elf32_Ehdr>();
programSegment = ReadClassArray <Elf32_Phdr>(elfHeader.e_phoff, elfHeader.e_phnum);
if (!CheckSection())
{
GetDumpAddress();
}
if (IsDumped)
{
FixedProgramSegment();
}
pt_dynamic = programSegment.First(x => x.p_type == PT_DYNAMIC);
dynamicSection = ReadClassArray <Elf32_Dyn>(pt_dynamic.p_offset, pt_dynamic.p_filesz / 8u);
if (IsDumped)
{
FixedDynamicSection();
}
ReadSymbol();
if (!IsDumped)
{
RelocationProcessing();
if (CheckProtection())
{
Console.WriteLine("ERROR: This file may be protected.");
}
}
}
private static readonly string X86FeatureBytes = "? 0x10 ? 0xE7 ? 0x00 ? 0xE0 ? 0x20 ? 0xE0"; //TODO
public Elf(Stream stream, float version, long maxMetadataUsages) : base(stream, version, maxMetadataUsages)
{
is32Bit = true;
elfHeader = ReadClass <Elf32_Ehdr>();
programSegment = ReadClassArray <Elf32_Phdr>(elfHeader.e_phoff, elfHeader.e_phnum);
try
{
sectionTable = ReadClassArray <Elf32_Shdr>(elfHeader.e_shoff, elfHeader.e_shnum);
}
catch
{
Console.WriteLine("Detected this may be a dump file. If not, it must be protected.");
isDumped = true;
Console.WriteLine("Input dump address:");
dumpAddr = Convert.ToUInt32(Console.ReadLine(), 16);
foreach (var phdr in programSegment)
{
phdr.p_offset = phdr.p_vaddr;
phdr.p_filesz = phdr.p_memsz;
phdr.p_vaddr += dumpAddr;
}
}
var pt_dynamic = programSegment.First(x => x.p_type == PT_DYNAMIC);
dynamicSection = ReadClassArray <Elf32_Dyn>(pt_dynamic.p_offset, pt_dynamic.p_filesz / 8u);
ReadSymbol();
if (!isDumped)
{
RelocationProcessing();
if (CheckProtection())
{
Console.WriteLine("ERROR: This file may be protected.");
}
}
}
public Elf(Stream stream, float version, long maxMetadataUsages) : base(stream, version, maxMetadataUsages)
{
is32Bit = true;
elf_header = new Elf32_Ehdr();
elf_header.ei_mag = ReadUInt32();
elf_header.ei_class = ReadByte();
elf_header.ei_data = ReadByte();
elf_header.ei_version = ReadByte();
elf_header.ei_osabi = ReadByte();
elf_header.ei_abiversion = ReadByte();
elf_header.ei_pad = ReadBytes(7);
elf_header.e_type = ReadUInt16();
elf_header.e_machine = ReadUInt16();
if (elf_header.e_machine != 0x28 && elf_header.e_machine != 0x3)
{
throw new Exception("ERROR: Unsupported machines.");
}
elf_header.e_version = ReadUInt32();
elf_header.e_entry = ReadUInt32();
elf_header.e_phoff = ReadUInt32();
elf_header.e_shoff = ReadUInt32();
elf_header.e_flags = ReadUInt32();
elf_header.e_ehsize = ReadUInt16();
elf_header.e_phentsize = ReadUInt16();
elf_header.e_phnum = ReadUInt16();
elf_header.e_shentsize = ReadUInt16();
elf_header.e_shnum = ReadUInt16();
elf_header.e_shtrndx = ReadUInt16();
program_table = ReadClassArray <Elf32_Phdr>(elf_header.e_phoff, elf_header.e_phnum);
if (!GetSectionWithName())
{
Console.WriteLine("Detected this may be a dump file. If not, it must be protected.");
isDumped = true;
Console.WriteLine("Input dump address:");
var dumpAddr = Convert.ToUInt32(Console.ReadLine(), 16);
foreach (var phdr in program_table)
{
phdr.p_offset = phdr.p_vaddr;
phdr.p_filesz = phdr.p_memsz;
phdr.p_vaddr += dumpAddr;
}
}
var pt_dynamic = program_table.First(x => x.p_type == 2u);
dynamic_table = ReadClassArray <Elf32_Dyn>(pt_dynamic.p_offset, pt_dynamic.p_filesz / 8u);
if (!isDumped)
{
RelocationProcessing();
if (CheckProtection())
{
Console.WriteLine("ERROR: This file is protected.");
}
}
}
public Elf(Stream stream, int version, long maxmetadataUsages) : base(stream)
{
this.version = version;
this.maxmetadataUsages = maxmetadataUsages;
readAs32Bit = true;
if (version < 21)
{
Search = Searchv20;
}
else
{
Search = Searchv21;
}
elf_header = new Elf32_Ehdr();
elf_header.m_dwFormat = ReadUInt32();
elf_header.m_arch = ReadByte();
if (elf_header.m_arch == 2)//64
{
throw new Exception("ERROR: 64 bit not supported.");
}
elf_header.m_endian = ReadByte();
elf_header.m_version = ReadByte();
elf_header.m_osabi = ReadByte();
elf_header.m_osabi_ver = ReadByte();
elf_header.e_pad = ReadBytes(7);
elf_header.e_type = ReadUInt16();
elf_header.e_machine = ReadUInt16();
if (elf_header.e_machine != 0x28 && elf_header.e_machine != 0x3)
{
throw new Exception("ERROR: Unsupported machines.");
}
elf_header.e_version = ReadUInt32();
elf_header.e_entry = ReadUInt32();
elf_header.e_phoff = ReadUInt32();
elf_header.e_shoff = ReadUInt32();
elf_header.e_flags = ReadUInt32();
elf_header.e_ehsize = ReadUInt16();
elf_header.e_phentsize = ReadUInt16();
elf_header.e_phnum = ReadUInt16();
elf_header.e_shentsize = ReadUInt16();
elf_header.e_shnum = ReadUInt16();
elf_header.e_shtrndx = ReadUInt16();
program_table_element = ReadClassArray <Elf32_Phdr>(elf_header.e_phoff, elf_header.e_phnum);
//TODO 使用program table获取.dynsym(DT_SYMTAB), .dynstr(DT_STRTAB, DT_STRSZ), .rel.dyn(DT_REL, DT_RELSZ)
GetSectionWithName();
RelocationProcessing();
}
public Elf(Stream stream) : base(stream)
{
Is32Bit = true;
elfHeader = ReadClass <Elf32_Ehdr>();
programSegment = ReadClassArray <Elf32_Phdr>(elfHeader.e_phoff, elfHeader.e_phnum);
if (!CheckSection())
{
FormGUI.WriteLine("Detected this may be a dump file.");
FormDump form = new FormDump();
form.Message = 0;
if (form.ShowDialog() == DialogResult.OK)
{
dumpAddr = Convert.ToUInt32(form.ReturnedText, 16);
FormGUI.WriteLine("Inputted address: " + dumpAddr.ToString("X"));
}
if (dumpAddr != 0)
{
isDumped = true;
}
}
if (isDumped)
{
FixedProgramSegment();
}
pt_dynamic = programSegment.First(x => x.p_type == PT_DYNAMIC);
dynamicSection = ReadClassArray <Elf32_Dyn>(pt_dynamic.p_offset, pt_dynamic.p_filesz / 8u);
if (isDumped)
{
FixedDynamicSection();
}
ReadSymbol();
if (!isDumped)
{
RelocationProcessing();
if (CheckProtection())
{
FormGUI.WriteLine("ERROR: This file may be protected.");
}
}
}
protected override void Load()
{
elfHeader = ReadClass <Elf32_Ehdr>(0);
programSegment = ReadClassArray <Elf32_Phdr>(elfHeader.e_phoff, elfHeader.e_phnum);
if (IsDumped)
{
FixedProgramSegment();
}
pt_dynamic = programSegment.First(x => x.p_type == PT_DYNAMIC);
dynamicSection = ReadClassArray <Elf32_Dyn>(pt_dynamic.p_offset, pt_dynamic.p_filesz / 8u);
if (IsDumped)
{
FixedDynamicSection();
}
ReadSymbol();
if (!IsDumped)
{
RelocationProcessing();
if (CheckProtection())
{
Console.WriteLine("ERROR: This file may be protected.");
}
}
}
public Elf(Stream stream, float version, long maxMetadataUsages) : base(stream, version, maxMetadataUsages)
{
is32Bit = true;
elf_header = new Elf32_Ehdr();
elf_header.ei_mag = ReadUInt32();
elf_header.ei_class = ReadByte();
elf_header.ei_data = ReadByte();
elf_header.ei_version = ReadByte();
elf_header.ei_osabi = ReadByte();
elf_header.ei_abiversion = ReadByte();
elf_header.ei_pad = ReadBytes(7);
elf_header.e_type = ReadUInt16();
elf_header.e_machine = ReadUInt16();
if (elf_header.e_machine != 0x28 && elf_header.e_machine != 0x3)
{
throw new Exception("ERROR: Unsupported machines.");
}
elf_header.e_version = ReadUInt32();
elf_header.e_entry = ReadUInt32();
elf_header.e_phoff = ReadUInt32();
elf_header.e_shoff = ReadUInt32();
elf_header.e_flags = ReadUInt32();
elf_header.e_ehsize = ReadUInt16();
elf_header.e_phentsize = ReadUInt16();
elf_header.e_phnum = ReadUInt16();
elf_header.e_shentsize = ReadUInt16();
elf_header.e_shnum = ReadUInt16();
elf_header.e_shtrndx = ReadUInt16();
program_table = ReadClassArray <Elf32_Phdr>(elf_header.e_phoff, elf_header.e_phnum);
if (!GetSectionWithName())
{
Console.WriteLine("Detected this may be a dump file. If not, it must be protected.");
isDumped = true;
Console.WriteLine("Input dump address:");
var dumpAddr = Convert.ToUInt32(Console.ReadLine(), 16);
foreach (var phdr in program_table)
{
phdr.p_offset = phdr.p_vaddr;
phdr.p_filesz = phdr.p_memsz;
phdr.p_vaddr += dumpAddr;
}
}
var pt_dynamic = program_table.First(x => x.p_type == 2u);
dynamic_table = ReadClassArray <Elf32_Dyn>(pt_dynamic.p_offset, pt_dynamic.p_filesz / 8u);
#region 判断并解密so
var s_text = sectionWithName[".text"];
var s_rodata = sectionWithName[".rodata"];
//统计 .text 段字节数
int[] bytecnt = new int[256];
Position = s_text.sh_offset;
byte[] text_bytes = ReadBytes((int)s_text.sh_size);
foreach (var b in text_bytes)
{
bytecnt[b]++;
}
byte xorbyte = (byte)Array.IndexOf(bytecnt, bytecnt.Max());
//解密
if (xorbyte != 0x00)
{
//解密text段
for (int i = 0; i < text_bytes.Length; i++)
{
text_bytes[i] ^= xorbyte;
}
Position = s_text.sh_offset;
BaseStream.Write(text_bytes, 0, text_bytes.Length);
//解密rodata段
Position = s_rodata.sh_offset;
byte[] rodata_bytes = ReadBytes((int)s_rodata.sh_size);
for (int i = 0; i < rodata_bytes.Length; i++)
{
rodata_bytes[i] ^= xorbyte;
}
Position = s_rodata.sh_offset;
BaseStream.Write(rodata_bytes, 0, rodata_bytes.Length);
//保存文件
FileStream fileStream = new FileStream("libil2cpp.fixed.so", FileMode.Create);
Position = 0;
BaseStream.CopyTo(fileStream);
fileStream.Close();
}
#endregion
if (!isDumped)
{
RelocationProcessing();
}
}