chizui/Il2CppInspectorRedux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix some issues loading ELFs with invalid SHTs and broken symbol entries

Browse Source
This commit is contained in:
LukeFZ
2023-12-09 14:01:54 +01:00
parent ef56ebbd2f
commit 7b03b939a0
2 changed files with 312 additions and 302 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
Il2CppInspector.Common/FileFormatStreams/ElfReader.cs
View File

@@ -7,11 +7,8 @@
using System; using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.IO;
using System.Linq; using System.Linq;
using System.Reflection; using System.Reflection;
using System.Text;
using NoisyCowStudios.Bin2Object;
namespace Il2CppInspector namespace Il2CppInspector
{ {
@@ -156,7 +153,17 @@ namespace Il2CppInspector
// Get PHT and SHT // Get PHT and SHT
PHT = ReadArray<TPHdr>(conv.Long(ElfHeader.e_phoff), ElfHeader.e_phnum); PHT = ReadArray<TPHdr>(conv.Long(ElfHeader.e_phoff), ElfHeader.e_phnum);
try
{
SHT = ReadArray<elf_shdr<TWord>>(conv.Long(ElfHeader.e_shoff), ElfHeader.e_shnum); SHT = ReadArray<elf_shdr<TWord>>(conv.Long(ElfHeader.e_shoff), ElfHeader.e_shnum);
}
catch (Exception ex)
{
Console.WriteLine($"Got exception {ex} while parsing SHT - reverting to PHT");
preferPHT = true;
SHT = [];
}
// Determine if SHT is valid // Determine if SHT is valid
@@ -385,7 +392,7 @@ namespace Il2CppInspector
StatusUpdate("Processing symbols"); StatusUpdate("Processing symbols");
// Three possible symbol tables in ELF files // Three possible symbol tables in ELF files
var pTables = new List<(TWord offset, TWord count, TWord strings)>(); var pTables = new List<(TWord offset, TWord count, TWord strings, TWord stringsCount)>();
// String table (a sequence of null-terminated strings, total length in sh_size // String table (a sequence of null-terminated strings, total length in sh_size
var SHT_STRTAB = GetSection(Elf.SHT_STRTAB); var SHT_STRTAB = GetSection(Elf.SHT_STRTAB);
@@ -393,21 +400,21 @@ namespace Il2CppInspector
if (SHT_STRTAB != null) { if (SHT_STRTAB != null) {
// Section header shared object symbol table (.symtab) // Section header shared object symbol table (.symtab)
if (GetSection(Elf.SHT_SYMTAB) is elf_shdr<TWord> SHT_SYMTAB) if (GetSection(Elf.SHT_SYMTAB) is elf_shdr<TWord> SHT_SYMTAB)
pTables.Add((SHT_SYMTAB.sh_offset, conv.Div(SHT_SYMTAB.sh_size, SHT_SYMTAB.sh_entsize), SHT_STRTAB.sh_offset)); pTables.Add((SHT_SYMTAB.sh_offset, conv.Div(SHT_SYMTAB.sh_size, SHT_SYMTAB.sh_entsize), SHT_STRTAB.sh_offset, SHT_STRTAB.sh_size));
// Section header executable symbol table (.dynsym) // Section header executable symbol table (.dynsym)
if (GetSection(Elf.SHT_DYNSYM) is elf_shdr<TWord> SHT_DYNSYM) if (GetSection(Elf.SHT_DYNSYM) is elf_shdr<TWord> SHT_DYNSYM)
pTables.Add((SHT_DYNSYM.sh_offset, conv.Div(SHT_DYNSYM.sh_size, SHT_DYNSYM.sh_entsize), SHT_STRTAB.sh_offset)); pTables.Add((SHT_DYNSYM.sh_offset, conv.Div(SHT_DYNSYM.sh_size, SHT_DYNSYM.sh_entsize), SHT_STRTAB.sh_offset, SHT_STRTAB.sh_size));
} }
var maxStrtabAddr = conv.Add(SHT_STRTAB.sh_offset, SHT_STRTAB.sh_size);
// Symbol table in dynamic section (DT_SYMTAB) // Symbol table in dynamic section (DT_SYMTAB)
// Normally the same as .dynsym except that .dynsym may be removed in stripped binaries // Normally the same as .dynsym except that .dynsym may be removed in stripped binaries
// Dynamic string table // Dynamic string table
if (GetDynamicEntry(Elf.DT_STRTAB) is elf_dynamic<TWord> DT_STRTAB) { if (GetDynamicEntry(Elf.DT_STRTAB) is elf_dynamic<TWord> DT_STRTAB) {
if (GetDynamicEntry(Elf.DT_SYMTAB) is elf_dynamic<TWord> DT_SYMTAB) { if (GetDynamicEntry(Elf.DT_SYMTAB) is elf_dynamic<TWord> DT_SYMTAB) {
if (GetDynamicEntry(Elf.DT_STRSZ) is elf_dynamic<TWord> DT_STRSZ)
{
// Find the next pointer in the dynamic table to calculate the length of the symbol table // Find the next pointer in the dynamic table to calculate the length of the symbol table
var orderedTable = (from x in DynamicTable where conv.Gt(x.d_un, DT_SYMTAB.d_un) orderby x.d_un select x).ToList(); var orderedTable = (from x in DynamicTable where conv.Gt(x.d_un, DT_SYMTAB.d_un) orderby x.d_un select x).ToList();
if (orderedTable.Count != 0) if (orderedTable.Count != 0)
@@ -417,11 +424,13 @@ namespace Il2CppInspector
pTables.Add(( pTables.Add((
conv.FromUInt(MapVATR(conv.ULong(DT_SYMTAB.d_un))), conv.FromUInt(MapVATR(conv.ULong(DT_SYMTAB.d_un))),
conv.Div(conv.Sub(end, DT_SYMTAB.d_un), Sizeof(typeof(TSym))), conv.Div(conv.Sub(end, DT_SYMTAB.d_un), Sizeof(typeof(TSym))),
DT_STRTAB.d_un DT_STRTAB.d_un,
DT_STRSZ.d_un
)); ));
} }
} }
} }
}
// Now iterate through all of the symbol and string tables we found to build a full list // Now iterate through all of the symbol and string tables we found to build a full list
symbolTable.Clear(); symbolTable.Clear();
@@ -432,7 +441,7 @@ namespace Il2CppInspector
foreach (var symbol in symbol_table) foreach (var symbol in symbol_table)
{ {
if (conv.Gt(conv.FromUInt(symbol.st_name), maxStrtabAddr)) if (conv.Gt(conv.FromUInt(symbol.st_name), pTab.stringsCount))
break; // Skip invalid symbol table indices, since we might read past it on obfuscated binaries break; // Skip invalid symbol table indices, since we might read past it on obfuscated binaries
string name = string.Empty; string name = string.Empty;

1
Il2CppInspector.Common/FileFormatStreams/FormatLayouts/Elf.cs
View File

@@ -74,6 +74,7 @@ namespace Il2CppInspector
DT_RELA = 7, DT_RELA = 7,
DT_RELASZ = 8, DT_RELASZ = 8,
DT_RELAENT = 9, DT_RELAENT = 9,
DT_STRSZ = 10,
DT_INIT = 12, DT_INIT = 12,
DT_FINI = 13, DT_FINI = 13,
DT_REL = 17, DT_REL = 17,