s_TypeInfoTable = (Il2CppClass**)IL2CPP_CALLOC(s_Il2CppMetadataRegistration->typesCount, sizeof(Il2CppClass*)); s_TypeInfoDefinitionTable = (Il2CppClass**)IL2CPP_CALLOC(s_GlobalMetadataHeader->typeDefinitionsCount / sizeof(Il2CppTypeDefinition), sizeof(Il2CppClass*));...
DO_API(int, il2cpp_init, (const char* domain_name)); DO_API(const Il2CppImage*, il2cpp_get_corlib, ()); DO_API(void, il2cpp_add_internal_call, (const char* name, Il2CppMethodPointer method)); DO_API(Il2CppMethodPointer, il2cpp_resolve_icall, (const char* name)); // assembly...
让Il2CppDumperTool 脱离 Il2CppDumper 以及python脚本更易用。 搞一些通用的API Hook,比如: * UnityEngine.GameObject.SetActive(Boolean) *UnityEngine.Object.GetName(UnityEngine:Object):String *UnityEngine.Application.get_identifier():String *UnityEngine.PlayerPrefs.GetInt(...
Yes, my case is a almost il2cpp exports are merge all in one export "il2cpp_get_api_table", how to find out those exports inside this thing? Or how to call this in frida? I haven't seen a case like that, but googling that export quoted results in two URLs, one of which is th...
*/ # endif struct roots _static_roots[MAX_ROOT_SETS]; struct exclusion _excl_table[MAX_EXCLUSIONS]; /* Block header index; see gc_headers.h */ bottom_index * _top_index[TOP_SZ]; };GC的全局管理类,_top_index存放所有的bottom_index指针。TOP_SZ默认值1<<11=2048...
Runtime/ScriptingBackend/Mono/ScriptingApi_Mono.cpp Runtime/Mono/MonoFunctions.h Runtime/ScriptingBackend/ScriptingApi.h 内存分配的记录到这里就完成了。 【gc dump修改】 boehm gc代码在调试时是提供了gc dump的功能的,不过不是输出到文件而是输出到标准输出。这里我们可以采取重定向标准输出的方式写到文件里,...
搞一些通用的API Hook,比如: * UnityEngine.GameObject.SetActive(Boolean) *UnityEngine.Object.GetName(UnityEngine:Object):String *UnityEngine.Application.get_identifier:String *UnityEngine.PlayerPrefs.GetInt(String,Int32):Int32 ... 以上展示只是一个简单的分析,其实就上述这样东西还是非常不好用,上述的...
这里的s_ImagesTable是一个指向一个 Il2CppImage 列表的开头, sizeof(Il2CppImage) = 52,可以去头文件查看 这一步我们关注的只有 const char *nameNoExt 以及当前位置的指针位置由此写出 运行一下就可以拿到一下内容 这些玩意其实就是我们用Il2CppDumper拿到的哪些dll ...
位置:D:\Program Files\Unity\Editor\Data\il2cpp\libil2cpp\il2cpp-api.cpp il2cpp_class_get_method_from_name il2cpp_class_from_name这里为了能截图在一张中移动了函数位置 ↓(ps:这里做的事情其实,就是和做数学一样,把未知量用已知函数去代替,带入到我们能解决即可 ) 由此可以写出以下代码进行主动调用 ...
API function export processing for PE, ELF, Mach-O and SELF (PRX) binaries Symbol table processing and name demangling for ELF and Mach-O binaries Relocation processing for ELF binaries Automatically defeats certain basic obfuscation methods