chizui/Il2CppInspectorRedux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Struct reading and disassembly script overhaul, various misc. loading fixes, bump to .NET 9 (#13)

Browse Source 
* Bump projects to .net 9 and update nugets

* add VersionedSerialization + source generator

* migrate versioning to StructVersion class, add handling/detection for 29.2/31.2

* add new struct definitions

* rename serialization methods and add BinaryObjectStreamReader for interop

* Rework metadata struct loading to use new struct versioning

* move 29/31.1/.2 to use tags (-2022,-2023) instead of minor versions

* fix metadata usage validity checks

* rework code registration offsetting a bit and add second 29/31.1 condition

* tweak .1 condition (again)

* 29/31.2 was a psyop

* also remove 29.2 from the readme

* remove loading of packed dlls - this was a very unsafe feature

* support auto-recovering type indices from type handles
fixes loading of memory-dumped v29+ libraries since those replacee their class indices on load with a pointer to the corresponding type

* support loading PEs without an export table

* also read UnresolvedVirtualCallCount on regular v31

* Disable plugin loading for now

* Overhaul disassembler script + add Binary Ninja target (#12)

* Overhaul diassembler scripts:
- No longer defines top level functions
- Split into three classes: StatusHandler (like before), DisassemblerInterface (for interfacing with the used program API), ScriptContext (for definiting general functions that use the disassembler interface)
- Add type annotations to all class methods and remove 2.7 compatibility stuff (Ghidra now supports Python 3 so this is unnecessary anymore)
- Disassembler backends are now responsible for launching metadata/script processing, to better support disassembler differences
- String handling is back in the base ScriptContext class, disassembler interfaces opt into the fake string segment creation and fall back to the old method if it isn't supported

* Add Binary Ninja disassembler script backend
This uses the new backend-controlled execution to launch metadata processing on a background thread to keep the ui responsive

* make binary ninja script use own _BINARYNINJA_ define and add define helpers to header

* Update README to account for new script and binary ninja backend

* implement fake string segment functions for binary ninja but don't advertise support

* also cache API function types in binary ninja backend

* fix ida script and disable folders again

* Fix metadata usage issues caused by it being a value type now

* make TryMapVATR overrideable and implement it for ELFs

* Make field offset reading use TryMapVATR to reduce exceptions

* Fix NRE in Assembly ctor on < v24.2

* Update actions workflow to produce cross-platform CLI binaries, update readme to reflect .net 9 changes

* workflow: only restore packages for projects that are being built

* workflow: tweak caching and fix gui compilation

* workflow: remove double .zip in CLI artifact name

* 29/31.2 don't actually exist, this logic is not needed
This commit is contained in:
Luke
2024-11-14 14:32:11 +01:00
committed by GitHub
parent 5b0476fcc5
commit b05c03964a
130 changed files with 5117 additions and 4371 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
README.md
View File

@@ -27,6 +27,7 @@ This is a continuation of [Il2CppInspector, by djkaty](https://github.com/djkaty
- Automatic unloading of conflicting type libraries
- Addition of custom fake string segment to show string literal contents in decompiler
- A fake xref between MethodInfo instances and their corresponding method to quickly get the correct function
* Binary Ninja script output, with all of the IDA-exclusive features
### Main features
@@ -36,7 +37,7 @@ This is a continuation of [Il2CppInspector, by djkaty](https://github.com/djkaty
* Create **[C++ scaffolding](#creating-c-scaffolding-or-a-dll-injection-project)** for all types, methods, function pointers and API functions in an IL2CPP application for use in x64dbg, Cydia Substrate etc.
* Create **[IDA](#adding-metadata-to-your-ida-workflow) and [Ghidra](#adding-metadata-to-your-ghidra-workflow) Python scripts** to populate symbol, function and type information; includes API hooks to [implement scripts for other targets](#extending-il2cppinspectors-python-output-to-support-other-targets)
* Create **[IDA](#adding-metadata-to-your-ida-workflow), [Ghidra](#adding-metadata-to-your-ghidra-workflow) or [Binary Ninja](#adding-metadata-to-your-binary-ninja-workflow) Python scripts** to populate symbol, function and type information; includes API hooks to [implement scripts for other targets](#extending-il2cppinspectors-python-output-to-support-other-targets)
* Create Visual Studio **[C++ DLL injection projects](#dll-injection-workflow)** directly from IL2CPP files
@@ -68,7 +69,6 @@ This is a continuation of [Il2CppInspector, by djkaty](https://github.com/djkaty
* Tested with [every release of IL2CPP](#version-support) since Unity 5.3.0
### Tutorials and Guides
You can read more about how IL2CPP works in my series IL2CPP Reverse Engineering:
@@ -124,7 +124,7 @@ Nice to have:
* Automatically defeats certain basic obfuscation methods
* Test chassis for automated integration testing of IL2CPP binaries
Class library targets .NET 8. Built with Visual Studio 2019.
Class library targets .NET 9. Built with Visual Studio 2022.
**NOTE**: Il2CppInspector is not a decompiler. It can provide you with the structure of an application and function addresses for every method so that you can easily jump straight to methods of interest in your disassembler. It does not attempt to recover the entire source code of the application.
@@ -132,7 +132,7 @@ Class library targets .NET 8. Built with Visual Studio 2019.
```
git clone --recursive https://github.com/LukeFZ/Il2CppInspectorRedux
cd Il2CppInspector
cd Il2CppInspectorRedux
```
##### Windows
@@ -181,9 +181,9 @@ Get all current plugins (optional):
For other operating systems supporting .NET Core, add `-r xxx` to the final command where `xxx` is a RID from https://docs.microsoft.com/en-us/dotnet/articles/core/rid-catalog
The output binary for command-line usage is placed in `Il2CppInspector/Il2CppInspector.CLI/bin/Release/net8.0/[win|osx|linux]-x64/publish/Il2CppInspector.exe`.
The output binary for command-line usage is placed in `Il2CppInspectorRedux/Il2CppInspector.CLI/bin/Release/net9.0/[win|osx|linux]-x64/publish/Il2CppInspector.exe`.
The output binary for Windows GUI is placed in `Il2CppInspector/Il2CppInspector.GUI/bin/Release/net8.0-windows/win-x64/publish/Il2CppInspector.exe`.
The output binary for Windows GUI is placed in `Il2CppInspectorRedux/Il2CppInspector.GUI/bin/Release/net9.0-windows/win-x64/publish/Il2CppInspector.exe`.
The `plugins` folder should be placed in the same folder as `Il2CppInspector.exe`.
@@ -389,6 +389,12 @@ Example Ghidra C++ decompilation after applying Il2CppInspector:
![Il2CppInspector annotated Ghidra project](docs/Ghidra_Preview.png)
### Adding metadata to your Binary Ninja workflow
Import your binary into Binary Ninja, and let the initial analysis complete.
Then run the generated *il2cpp.py* using the "File > Run script..." menu option.
You can view the current script progress in the bottom left corner, alongside the total elapsed time.
### Creating C++ scaffolding or a DLL injection project
Il2CppInspector generates a series of C++ source files which you can use in a variety of ways, for example:
@@ -706,23 +712,14 @@ You can find out more about plugins, and browse the source code of current plugi
### Extending Il2CppInspector's Python output to support other targets
The current version of Il2CppInspector can output Python scripts targeting the IDA and Ghidra disassemblers.
The current version of Il2CppInspector can output Python scripts targeting the IDA, Ghidra and Binary Ninja disassemblers.
When Il2CppInspector generates such a script, it generates a concatenation of a shared block of code (`Outputs/ScriptResources/shared-main.py`) which parses the JSON metadata and dispatches it to a set of implementation-specific functions to be processed, and a block of code specific to the target application which implements these functions (a file from `Outputs/ScriptResources/Targets`).
When Il2CppInspector generates such a script, it generates a concatenation of a shared block of code (`Outputs/ScriptResources/shared_base_.py`) which parses the JSON metadata and dispatches it to a set of implementation-specific functions to be processed, and a block of code specific to the target application which implements these functions (a file from `Outputs/ScriptResources/Targets`).
If you would like to add support for a new target application, create a new Python script in `Outputs/ScriptResources/Targets` with the nane `<target-name-without-whitespace>.py` and implement the following functions:
- `CustomInitializer()` - perform any custom initialization required for the target before applying the metadata
- `DefineCode(code)` - parse and apply the specified C++ declaration text (this is not required for Unity 5.3.2 and later; if you don't need to support earlier versions, just specify `pass` as the implementation)
- `GetScriptDirectory()` - retrieve the directory that the Python script is running in. This will normally be `os.path.dirname(os.path.realpath(__file__))`
- `MakeFunction(start, name=None)` - define address `start` as the start of a function, optionally with name `name`
- `SetComment(addr, text)` - place the comment `text` at address `addr`
- `SetFunctionType(addr, sig)` - parse the C++ function signature in `sig` and apply it to the function at address `addr`
- `SetHeaderComment(addr, text)` - place the header/plate/pre-item comment `text` at address `addr`
- `SetName(addr, name)` - set the symbol (or label or name) of address `addr` to `name`
- `SetType(addr, type)` - define address `addr` to be an item of the C++ type `type`
Refer to the source code of `IDA.py` and `Ghidra.py` for examples.
If you would like to add support for a new target application, create a new Python script in `Outputs/ScriptResources/Targets` with the nane `<target-name-without-whitespace>.py` and implement the *BaseDisassemblerInterface* class.
If you also want to have an updating status display, you also need to implement the *BaseStatusHandler* class.
Your target implementation also needs to dispatch analysis at the end, by constructing a *ScriptContext* instance with your disassembler and status implementations, then calling the `process` methon it.
For a simple version of this you can view the *IDA* and *Ghidra* targets, and the *BinaryNinja* one for a more specific analysis dispatch.
When you add a new target and re-compile Il2CppInspector:
@@ -756,7 +753,6 @@ Unity version | IL2CPP version | Support
2021.1.0-2021.1.x | 27.2 | Working
2021.2.0-2021.2.x | 29 | Working
2021.3.0+ | 29.1 | Working
2023.2.0a22 | 29.2 | Working
2022.3.33+ | 31(.1) | Working
Please refer to the companion repository https://github.com/nneonneo/Il2CppVersions if you would like to track the changes between each IL2CPP release version.
@@ -816,6 +812,7 @@ The following books and documents were also very helpful:
- [ARM Architecture Reference Manual ARMv8-A](https://developer.arm.com/docs/ddi0487/latest)
- [Intel 64 and IA-32 Architectures Software Developer's Manual](https://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-instruction-set-reference-manual-325383.pdf)
- [Ghidra API documentation](https://ghidra.re/ghidra_docs/api/)
- [Binary Ninja API documentation](https://docs.binary.ninja/dev)
Pizza spinner animation in the GUI made by Chris Gannon - https://gannon.tv/