chizui/Il2CppInspectorRedux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add ELF64 support (load, relocations, symbol table, function table)

Browse Source
This commit is contained in:
Katy Coe
2019-10-26 00:42:08 +02:00
parent 729a4cc6a6
commit baf11e517a
3 changed files with 263 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

252
Il2CppInspector/FileFormatReaders/ElfReader.cs
View File

@@ -7,60 +7,142 @@
using System; using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.Data.Common;
using System.Diagnostics;
using System.IO; using System.IO;
using System.Linq; using System.Linq;
using System.Reflection;
namespace Il2CppInspector namespace Il2CppInspector
{ {
internal class ElfReader : FileFormatReader<ElfReader> internal class ElfReader32 : ElfReader<uint, elf_32_phdr, elf_32_sym, ElfReader32, ElfMath32>
{ {
public ElfReader32(Stream stream) : base(stream) {
ElfReloc.GetRelocType = info => (Elf) (info & 0xff);
ElfReloc.GetSymbolIndex = info => info >> 8;
}
public override int Bits => 32;
protected override Elf ArchClass => Elf.ELFCLASS32;
protected override void Write(BinaryWriter writer, uint value) => writer.Write(value);
}
internal class ElfReader64 : ElfReader<ulong, elf_64_phdr, elf_64_sym, ElfReader64, ElfMath64>
{
public ElfReader64(Stream stream) : base(stream) {
ElfReloc.GetRelocType = info => (Elf) (info & 0xffff_ffff);
ElfReloc.GetSymbolIndex = info => info >> 32;
}
public override int Bits => 64;
protected override Elf ArchClass => Elf.ELFCLASS64;
protected override void Write(BinaryWriter writer, ulong value) => writer.Write(value);
}
// NOTE: What we really should have done here is add a TWord type parameter to FileFormatReader<T>
// then we could probably avoid most of this
interface IElfMath<TWord> where TWord : struct
{
TWord Add(TWord a, TWord b);
TWord Sub(TWord a, TWord b);
TWord Div(TWord a, TWord b);
TWord Div(TWord a, int b);
int Int(TWord a);
long Long(TWord a);
ulong ULong(TWord a);
bool Gt(TWord a, TWord b);
uint[] UIntArray(TWord[] a);
}
internal class ElfMath32 : IElfMath<uint>
{
public uint Add(uint a, uint b) => a + b;
public uint Sub(uint a, uint b) => a - b;
public uint Div(uint a, uint b) => a / b;
public uint Div(uint a, int b) => a / (uint) b;
public int Int(uint a) => (int) a;
public long Long(uint a) => a;
public ulong ULong(uint a) => a;
public bool Gt(uint a, uint b) => a > b;
public uint[] UIntArray(uint[] a) => a;
}
internal class ElfMath64 : IElfMath<ulong>
{
public ulong Add(ulong a, ulong b) => a + b;
public ulong Sub(ulong a, ulong b) => a - b;
public ulong Div(ulong a, ulong b) => a / b;
public ulong Div(ulong a, int b) => a / (uint) b;
public int Int(ulong a) => (int) a;
public long Long(ulong a) => (long) a;
public ulong ULong(ulong a) => a;
public bool Gt(ulong a, ulong b) => a > b;
public uint[] UIntArray(ulong[] a) => Array.ConvertAll(a, x => (uint) x);
}
internal abstract class ElfReader<TWord, TPHdr, TSym, TReader, TMath> : FileFormatReader<TReader>
where TWord : struct
where TPHdr : Ielf_phdr<TWord>, new()
where TSym : Ielf_sym<TWord>, new()
where TMath : IElfMath<TWord>, new()
where TReader : FileFormatReader<TReader>
{
private readonly TMath math = new TMath();
// Internal relocation entry helper // Internal relocation entry helper
private struct ElfReloc protected class ElfReloc
{ {
public Elf Type; public Elf Type;
public uint Offset; public TWord Offset;
public uint? Addend; public TWord? Addend;
public uint SymbolTable; public TWord SymbolTable;
public uint SymbolIndex; public TWord SymbolIndex;
// Equality based on target address // Equality based on target address
public override bool Equals(object obj) => obj is ElfReloc reloc && Equals(reloc); public override bool Equals(object obj) => obj is ElfReloc reloc && Equals(reloc);
public bool Equals(ElfReloc other) { public bool Equals(ElfReloc other) {
return Offset == other.Offset; return Offset.Equals(other.Offset);
} }
public override int GetHashCode() { public override int GetHashCode() => Offset.GetHashCode();
unchecked {
var hashCode = (int)Type;
hashCode = (hashCode * 397) ^ (int)Offset;
hashCode = (hashCode * 397) ^ Addend.GetHashCode();
hashCode = (hashCode * 397) ^ (int)SymbolTable;
hashCode = (hashCode * 397) ^ (int)SymbolIndex;
return hashCode;
}
}
// Cast operators (makes the below code MUCH easier to read) // Cast operators (makes the below code MUCH easier to read)
public ElfReloc(elf_32_rel rel, uint symbolTable) { public ElfReloc(elf_rel<TWord> rel, TWord symbolTable) {
Type = (Elf) (rel.r_info & 0xff);
Offset = rel.r_offset; Offset = rel.r_offset;
Addend = null; Addend = null;
SymbolIndex = rel.r_info >> 8; // r_info >> 8 is an index into the symbol table Type = GetRelocType(rel.r_info);
SymbolIndex = GetSymbolIndex(rel.r_info);
SymbolTable = symbolTable; SymbolTable = symbolTable;
} }
public ElfReloc(elf_32_rela rela, uint symbolTable) public ElfReloc(elf_rela<TWord> rela, TWord symbolTable)
: this(new elf_32_rel { r_info = rela.r_info, r_offset = rela.r_offset }, symbolTable) => : this(new elf_rel<TWord> { r_info = rela.r_info, r_offset = rela.r_offset }, symbolTable) =>
Addend = rela.r_addend; Addend = rela.r_addend;
public static Func<TWord, Elf> GetRelocType;
public static Func<TWord, TWord> GetSymbolIndex;
} }
private elf_32_phdr[] program_header_table; // See also: https://docs.microsoft.com/en-us/dotnet/csharp/language-reference/operators/sizeof
private elf_32_shdr[] section_header_table; private int Sizeof(Type type) {
private elf_32_dynamic[] dynamic_table; int size = 0;
private elf_header elf_header; foreach (var i in type.GetTypeInfo().GetFields()) {
if (i.FieldType == typeof(byte) || i.FieldType == typeof(sbyte))
size += sizeof(byte);
if (i.FieldType == typeof(long) || i.FieldType == typeof(ulong))
size += sizeof(ulong);
if (i.FieldType == typeof(int) || i.FieldType == typeof(uint))
size += sizeof(uint);
if (i.FieldType == typeof(short) || i.FieldType == typeof(ushort))
size += sizeof(ushort);
}
return size;
}
private TPHdr[] program_header_table;
private elf_shdr<TWord>[] section_header_table;
private elf_dynamic<TWord>[] dynamic_table;
private elf_header<TWord> elf_header;
public ElfReader(Stream stream) : base(stream) { } public ElfReader(Stream stream) : base(stream) { }
@@ -76,35 +158,37 @@ namespace Il2CppInspector
public override int Bits => (elf_header.m_arch == (uint) Elf.ELFCLASS64) ? 64 : 32; public override int Bits => (elf_header.m_arch == (uint) Elf.ELFCLASS64) ? 64 : 32;
private elf_32_shdr getSection(Elf sectionIndex) => section_header_table.FirstOrDefault(x => x.sh_type == (uint) sectionIndex); private elf_shdr<TWord> getSection(Elf sectionIndex) => section_header_table.FirstOrDefault(x => x.sh_type == (uint) sectionIndex);
private IEnumerable<elf_32_shdr> getSections(Elf sectionIndex) => section_header_table.Where(x => x.sh_type == (uint)sectionIndex); private IEnumerable<elf_shdr<TWord>> getSections(Elf sectionIndex) => section_header_table.Where(x => x.sh_type == (uint) sectionIndex);
private elf_32_phdr getProgramHeader(Elf programIndex) => program_header_table.FirstOrDefault(x => x.p_type == (uint) programIndex); private TPHdr getProgramHeader(Elf programIndex) => program_header_table.FirstOrDefault(x => x.p_type == (uint) programIndex);
private elf_32_dynamic getDynamic(Elf dynamicIndex) => dynamic_table?.FirstOrDefault(x => x.d_tag == (uint) dynamicIndex); private elf_dynamic<TWord> getDynamic(Elf dynamicIndex) => dynamic_table?.FirstOrDefault(x => (Elf) math.ULong(x.d_tag) == dynamicIndex);
protected abstract Elf ArchClass { get; }
protected abstract void Write(BinaryWriter writer, TWord value);
protected override bool Init() { protected override bool Init() {
elf_header = ReadObject<elf_header>(); elf_header = ReadObject<elf_header<TWord>>();
// Check for magic bytes // Check for magic bytes
if (elf_header.m_dwFormat != (uint) Elf.ELFMAG) { if ((Elf) elf_header.m_dwFormat != Elf.ELFMAG)
return false; return false;
}
// 64-bit not supported // 64-bit not supported
if (elf_header.m_arch == (uint) Elf.ELFCLASS64) { if ((Elf) elf_header.m_arch != ArchClass)
return false; return false;
}
program_header_table = ReadArray<elf_32_phdr>(elf_header.e_phoff, elf_header.e_phnum); program_header_table = ReadArray<TPHdr>(math.Long(elf_header.e_phoff), elf_header.e_phnum);
section_header_table = ReadArray<elf_32_shdr>(elf_header.e_shoff, elf_header.e_shnum); section_header_table = ReadArray<elf_shdr<TWord>>(math.Long(elf_header.e_shoff), elf_header.e_shnum);
if (getProgramHeader(Elf.PT_DYNAMIC) is elf_32_phdr PT_DYNAMIC) if (getProgramHeader(Elf.PT_DYNAMIC) is TPHdr PT_DYNAMIC)
dynamic_table = ReadArray<elf_32_dynamic>(PT_DYNAMIC.p_offset, (int) PT_DYNAMIC.p_filesz / 8 /* sizeof(elf_32_dynamic) */); dynamic_table = ReadArray<elf_dynamic<TWord>>(math.Long(PT_DYNAMIC.p_offset), (int) (math.Long(PT_DYNAMIC.p_filesz) / Sizeof(typeof(elf_dynamic<TWord>))));
// Get global offset table // Get global offset table
var _GLOBAL_OFFSET_TABLE_ = getDynamic(Elf.DT_PLTGOT)?.d_un; var _GLOBAL_OFFSET_TABLE_ = getDynamic(Elf.DT_PLTGOT)?.d_un;
if (_GLOBAL_OFFSET_TABLE_ == null) if (_GLOBAL_OFFSET_TABLE_ == null)
throw new InvalidOperationException("Unable to get GLOBAL_OFFSET_TABLE from PT_DYNAMIC"); throw new InvalidOperationException("Unable to get GLOBAL_OFFSET_TABLE from PT_DYNAMIC");
GlobalOffset = (uint) _GLOBAL_OFFSET_TABLE_; GlobalOffset = math.ULong((TWord) _GLOBAL_OFFSET_TABLE_);
// Find all relocations; target address => (rela header (rels are converted to rela), symbol table base address, is rela?) // Find all relocations; target address => (rela header (rels are converted to rela), symbol table base address, is rela?)
var rels = new HashSet<ElfReloc>(); var rels = new HashSet<ElfReloc>();
@@ -112,25 +196,25 @@ namespace Il2CppInspector
// Two types: add value from offset in image, and add value from specified addend // Two types: add value from offset in image, and add value from specified addend
foreach (var relSection in getSections(Elf.SHT_REL)) foreach (var relSection in getSections(Elf.SHT_REL))
rels.UnionWith( rels.UnionWith(
from rel in ReadArray<elf_32_rel>(relSection.sh_offset, (int) (relSection.sh_size / relSection.sh_entsize)) from rel in ReadArray<elf_rel<TWord>>(math.Long(relSection.sh_offset), math.Int(math.Div(relSection.sh_size, relSection.sh_entsize)))
select new ElfReloc(rel, section_header_table[relSection.sh_link].sh_offset)); select new ElfReloc(rel, section_header_table[relSection.sh_link].sh_offset));
foreach (var relaSection in getSections(Elf.SHT_RELA)) foreach (var relaSection in getSections(Elf.SHT_RELA))
rels.UnionWith( rels.UnionWith(
from rela in ReadArray<elf_32_rela>(relaSection.sh_offset, (int)(relaSection.sh_size / relaSection.sh_entsize)) from rela in ReadArray<elf_rela<TWord>>(math.Long(relaSection.sh_offset), math.Int(math.Div(relaSection.sh_size, relaSection.sh_entsize)))
select new ElfReloc(rela, section_header_table[relaSection.sh_link].sh_offset)); select new ElfReloc(rela, section_header_table[relaSection.sh_link].sh_offset));
// Relocations in dynamic section // Relocations in dynamic section
if (getDynamic(Elf.DT_REL) is elf_32_dynamic dt_rel) { if (getDynamic(Elf.DT_REL) is elf_dynamic<TWord> dt_rel) {
var dt_rel_count = getDynamic(Elf.DT_RELSZ).d_un / getDynamic(Elf.DT_RELENT).d_un; var dt_rel_count = math.Div(getDynamic(Elf.DT_RELSZ).d_un, getDynamic(Elf.DT_RELENT).d_un);
var dt_rel_list = ReadArray<elf_32_rel>(MapVATR(dt_rel.d_un), (int) dt_rel_count); var dt_rel_list = ReadArray<elf_rel<TWord>>(MapVATR(math.ULong(dt_rel.d_un)), math.Int(dt_rel_count));
var dt_symtab = getDynamic(Elf.DT_SYMTAB).d_un; var dt_symtab = getDynamic(Elf.DT_SYMTAB).d_un;
rels.UnionWith(from rel in dt_rel_list select new ElfReloc(rel, dt_symtab)); rels.UnionWith(from rel in dt_rel_list select new ElfReloc(rel, dt_symtab));
} }
if (getDynamic(Elf.DT_RELA) is elf_32_dynamic dt_rela) { if (getDynamic(Elf.DT_RELA) is elf_dynamic<TWord> dt_rela) {
var dt_rela_count = getDynamic(Elf.DT_RELASZ).d_un / getDynamic(Elf.DT_RELAENT).d_un; var dt_rela_count = math.Div(getDynamic(Elf.DT_RELASZ).d_un, getDynamic(Elf.DT_RELAENT).d_un);
var dt_rela_list = ReadArray<elf_32_rela>(MapVATR(dt_rela.d_un), (int) dt_rela_count); var dt_rela_list = ReadArray<elf_rela<TWord>>(MapVATR(math.ULong(dt_rela.d_un)), math.Int(dt_rela_count));
var dt_symtab = getDynamic(Elf.DT_SYMTAB).d_un; var dt_symtab = getDynamic(Elf.DT_SYMTAB).d_un;
rels.UnionWith(from rela in dt_rela_list select new ElfReloc(rela, dt_symtab)); rels.UnionWith(from rela in dt_rela_list select new ElfReloc(rela, dt_symtab));
} }
@@ -141,35 +225,43 @@ namespace Il2CppInspector
throw new InvalidOperationException("Input stream to ElfReader is a file. Please supply a mutable stream source."); throw new InvalidOperationException("Input stream to ElfReader is a file. Please supply a mutable stream source.");
var writer = new BinaryWriter(BaseStream); var writer = new BinaryWriter(BaseStream);
var relsz = Sizeof(typeof(TSym));
foreach (var rel in rels) { foreach (var rel in rels) {
var symValue = ReadObject<elf_32_sym>(rel.SymbolTable + rel.SymbolIndex * 16 /* sizeof(elf_32_sym) */).st_value; // S var symValue = ReadObject<TSym>(math.Long(rel.SymbolTable) + math.Long(rel.SymbolIndex) * relsz).st_value; // S
// The addend is specified in the struct for rela, and comes from the target location for rel // The addend is specified in the struct for rela, and comes from the target location for rel
Position = MapVATR(rel.Offset); Position = MapVATR(math.ULong(rel.Offset));
var addend = rel.Addend ?? ReadUInt32(); // A var addend = rel.Addend ?? ReadObject<TWord>(); // A
// Only handle relocation types we understand, skip the rest // Only handle relocation types we understand, skip the rest
// Relocation types from https://docs.oracle.com/cd/E23824_01/html/819-0690/chapter6-54839.html#scrolltoc // Relocation types from https://docs.oracle.com/cd/E23824_01/html/819-0690/chapter6-54839.html#scrolltoc
// and https://studfiles.net/preview/429210/page:18/ // and https://studfiles.net/preview/429210/page:18/
(uint newValue, bool recognized) result = (rel.Type, (Elf) elf_header.e_machine) switch { // and http://infocenter.arm.com/help/topic/com.arm.doc.ihi0056b/IHI0056B_aaelf64.pdf (AArch64)
(Elf.R_ARM_ABS32, Elf.EM_ARM) => (symValue + addend, true), // S + A (TWord newValue, bool recognized) result = (rel.Type, (Elf) elf_header.e_machine) switch {
(Elf.R_ARM_REL32, Elf.EM_ARM) => (symValue - rel.Offset + addend, true), // S - P + A (Elf.R_ARM_ABS32, Elf.EM_ARM) => (math.Add(symValue, addend), true), // S + A
(Elf.R_ARM_REL32, Elf.EM_ARM) => (math.Add(math.Sub(symValue, rel.Offset), addend), true), // S - P + A
(Elf.R_ARM_COPY, Elf.EM_ARM) => (symValue, true), // S (Elf.R_ARM_COPY, Elf.EM_ARM) => (symValue, true), // S
(Elf.R_386_32, Elf.EM_386) => (symValue + addend, true), // S + A (Elf.R_AARCH64_ABS64, Elf.EM_AARCH64) => (math.Add(symValue, addend), true), // S + A
(Elf.R_386_PC32, Elf.EM_386) => (symValue + addend - rel.Offset, true), // S + A - P (Elf.R_AARCH64_PREL64, Elf.EM_AARCH64) => (math.Sub(math.Add(symValue, addend), rel.Offset), true), // S + A - P
(Elf.R_AARCH64_GLOB_DAT, Elf.EM_AARCH64) => (math.Add(symValue, addend), true), // S + A
(Elf.R_AARCH64_JUMP_SLOT, Elf.EM_AARCH64) => (math.Add(symValue, addend), true), // S + A
(Elf.R_AARCH64_RELATIVE, Elf.EM_AARCH64) => (math.Add(symValue, addend), true), // Delta(S) + A
(Elf.R_386_32, Elf.EM_386) => (math.Add(symValue, addend), true), // S + A
(Elf.R_386_PC32, Elf.EM_386) => (math.Sub(math.Add(symValue, addend), rel.Offset), true), // S + A - P
(Elf.R_386_GLOB_DAT, Elf.EM_386) => (symValue, true), // S (Elf.R_386_GLOB_DAT, Elf.EM_386) => (symValue, true), // S
(Elf.R_386_JMP_SLOT, Elf.EM_386) => (symValue, true), // S (Elf.R_386_JMP_SLOT, Elf.EM_386) => (symValue, true), // S
(Elf.R_AMD64_64, Elf.EM_AARCH64) => (symValue + addend, true), // S + A (Elf.R_AMD64_64, Elf.EM_AARCH64) => (math.Add(symValue, addend), true), // S + A
_ => (0, false) _ => (default(TWord), false)
}; };
if (result.recognized) { if (result.recognized) {
Position = MapVATR(rel.Offset); Position = MapVATR(math.ULong(rel.Offset));
writer.Write(result.newValue); Write(writer, result.newValue);
} }
} }
Console.WriteLine($"Processed {rels.Count} relocations"); Console.WriteLine($"Processed {rels.Count} relocations");
@@ -179,32 +271,32 @@ namespace Il2CppInspector
public override Dictionary<string, ulong> GetSymbolTable() { public override Dictionary<string, ulong> GetSymbolTable() {
// Three possible symbol tables in ELF files // Three possible symbol tables in ELF files
var pTables = new List<(uint offset, uint count, uint strings)>(); var pTables = new List<(TWord offset, TWord count, TWord strings)>();
// String table (a sequence of null-terminated strings, total length in sh_size // String table (a sequence of null-terminated strings, total length in sh_size
var SHT_STRTAB = getSection(Elf.SHT_STRTAB); var SHT_STRTAB = getSection(Elf.SHT_STRTAB);
if (SHT_STRTAB != null) { if (SHT_STRTAB != null) {
// Section header shared object symbol table (.symtab) // Section header shared object symbol table (.symtab)
if (getSection(Elf.SHT_SYMTAB) is elf_32_shdr SHT_SYMTAB) if (getSection(Elf.SHT_SYMTAB) is elf_shdr<TWord> SHT_SYMTAB)
pTables.Add((SHT_SYMTAB.sh_offset, SHT_SYMTAB.sh_size / SHT_SYMTAB.sh_entsize, SHT_STRTAB.sh_offset)); pTables.Add((SHT_SYMTAB.sh_offset, math.Div(SHT_SYMTAB.sh_size, SHT_SYMTAB.sh_entsize), SHT_STRTAB.sh_offset));
// Section header executable symbol table (.dynsym) // Section header executable symbol table (.dynsym)
if (getSection(Elf.SHT_DYNSYM) is elf_32_shdr SHT_DYNSYM) if (getSection(Elf.SHT_DYNSYM) is elf_shdr<TWord> SHT_DYNSYM)
pTables.Add((SHT_DYNSYM.sh_offset, SHT_DYNSYM.sh_size / SHT_DYNSYM.sh_entsize, SHT_STRTAB.sh_offset)); pTables.Add((SHT_DYNSYM.sh_offset, math.Div(SHT_DYNSYM.sh_size, SHT_DYNSYM.sh_entsize), SHT_STRTAB.sh_offset));
} }
// Symbol table in dynamic section (DT_SYMTAB) // Symbol table in dynamic section (DT_SYMTAB)
// Normally the same as .dynsym except that .dynsym may be removed in stripped binaries // Normally the same as .dynsym except that .dynsym may be removed in stripped binaries
// Dynamic string table // Dynamic string table
if (getDynamic(Elf.DT_STRTAB) is elf_32_dynamic DT_STRTAB) { if (getDynamic(Elf.DT_STRTAB) is elf_dynamic<TWord> DT_STRTAB) {
if (getDynamic(Elf.DT_SYMTAB) is elf_32_dynamic DT_SYMTAB) { if (getDynamic(Elf.DT_SYMTAB) is elf_dynamic<TWord> DT_SYMTAB) {
// Find the next pointer in the dynamic table to calculate the length of the symbol table // Find the next pointer in the dynamic table to calculate the length of the symbol table
var end = (from x in dynamic_table where x.d_un > DT_SYMTAB.d_un orderby x.d_un select x).First().d_un; var end = (from x in dynamic_table where math.Gt(x.d_un, DT_SYMTAB.d_un) orderby x.d_un select x).First().d_un;
// Dynamic symbol table // Dynamic symbol table
pTables.Add((DT_SYMTAB.d_un, (end - DT_SYMTAB.d_un) / 16 /* sizeof(elf_32_sym) */, DT_STRTAB.d_un)); pTables.Add((DT_SYMTAB.d_un, math.Div(math.Sub(end, DT_SYMTAB.d_un), Sizeof(typeof(TSym))), DT_STRTAB.d_un));
} }
} }
@@ -212,13 +304,13 @@ namespace Il2CppInspector
var symbolTable = new Dictionary<string, ulong>(); var symbolTable = new Dictionary<string, ulong>();
foreach (var pTab in pTables) { foreach (var pTab in pTables) {
var symbol_table = ReadArray<elf_32_sym>(pTab.offset, (int) pTab.count); var symbol_table = ReadArray<TSym>(math.Long(pTab.offset), math.Int(pTab.count));
foreach (var symbol in symbol_table) { foreach (var symbol in symbol_table) {
var name = ReadNullTerminatedString(pTab.strings + symbol.st_name); var name = ReadNullTerminatedString(math.Long(pTab.strings) + symbol.st_name);
// Avoid duplicates // Avoid duplicates
symbolTable.TryAdd(name, symbol.st_value); symbolTable.TryAdd(name, math.ULong(symbol.st_value));
} }
} }
@@ -229,19 +321,21 @@ namespace Il2CppInspector
// INIT_ARRAY contains a list of pointers to initialization functions (not all functions in the binary) // INIT_ARRAY contains a list of pointers to initialization functions (not all functions in the binary)
// INIT_ARRAYSZ contains the size of INIT_ARRAY // INIT_ARRAYSZ contains the size of INIT_ARRAY
var init = MapVATR(getDynamic(Elf.DT_INIT_ARRAY).d_un); var init = MapVATR(math.ULong(getDynamic(Elf.DT_INIT_ARRAY).d_un));
var size = getDynamic(Elf.DT_INIT_ARRAYSZ).d_un; var size = getDynamic(Elf.DT_INIT_ARRAYSZ).d_un;
return ReadArray<uint>(init, (int) size / 4); return math.UIntArray(ReadArray<TWord>(init, math.Int(size) / (Bits / 8)));
} }
// Map a virtual address to an offset into the image file. Throws an exception if the virtual address is not mapped into the file. // Map a virtual address to an offset into the image file. Throws an exception if the virtual address is not mapped into the file.
// Note if uiAddr is a valid segment but filesz < memsz and the adjusted uiAddr falls between the range of filesz and memsz, // Note if uiAddr is a valid segment but filesz < memsz and the adjusted uiAddr falls between the range of filesz and memsz,
// an exception will be thrown. This area of memory is assumed to contain all zeroes. // an exception will be thrown. This area of memory is assumed to contain all zeroes.
public override uint MapVATR(ulong uiAddr) { public override uint MapVATR(ulong uiAddr) {
var addr32 = (uint) uiAddr; // 32-bit implementation // Additions in the argument to MapVATR may cause an overflow which should be discarded for 32-bit files
var program_header_table = this.program_header_table.First(x => addr32 >= x.p_vaddr && addr32 <= (x.p_vaddr + x.p_filesz)); if (Bits == 32)
return addr32 - (program_header_table.p_vaddr - program_header_table.p_offset); uiAddr &= 0xffff_ffff;
var program_header_table = this.program_header_table.First(x => uiAddr >= math.ULong(x.p_vaddr) && uiAddr <= math.ULong(math.Add(x.p_vaddr, x.p_filesz)));
return (uint) (uiAddr - math.ULong(math.Sub(program_header_table.p_vaddr, program_header_table.p_offset)));
} }
} }
} }

117
Il2CppInspector/FileFormatReaders/FormatLayouts/Elf.cs
View File

@@ -52,6 +52,12 @@ namespace Il2CppInspector
R_ARM_REL32 = 3, R_ARM_REL32 = 3,
R_ARM_COPY = 20, R_ARM_COPY = 20,
R_AARCH64_ABS64 = 0x101,
R_AARCH64_PREL64 = 0x104,
R_AARCH64_GLOB_DAT = 0x401,
R_AARCH64_JUMP_SLOT = 0x402,
R_AARCH64_RELATIVE = 0x403,
R_386_32 = 1, R_386_32 = 1,
R_386_PC32 = 2, R_386_PC32 = 2,
R_386_GLOB_DAT = 6, R_386_GLOB_DAT = 6,
@@ -61,7 +67,7 @@ namespace Il2CppInspector
} }
#pragma warning disable CS0649 #pragma warning disable CS0649
internal class elf_header internal class elf_header<TWord> where TWord : struct
{ {
// 0x7f followed by ELF in ascii // 0x7f followed by ELF in ascii
public uint m_dwFormat; public uint m_dwFormat;
@@ -98,9 +104,9 @@ namespace Il2CppInspector
public uint e_version; public uint e_version;
public uint e_entry; public TWord e_entry;
public uint e_phoff; public TWord e_phoff;
public uint e_shoff; public TWord e_shoff;
public uint e_flags; public uint e_flags;
public ushort e_ehsize; public ushort e_ehsize;
public ushort e_phentsize; public ushort e_phentsize;
@@ -110,60 +116,111 @@ namespace Il2CppInspector
public ushort e_shtrndx; public ushort e_shtrndx;
} }
internal class elf_32_phdr internal interface Ielf_phdr<TWord> where TWord : struct
{ {
public uint p_type; uint p_type { get; }
public uint p_offset; TWord p_offset { get; }
public uint p_vaddr; TWord p_filesz { get; }
TWord p_vaddr { get; }
}
internal class elf_32_phdr : Ielf_phdr<uint>
{
public uint p_type => f_p_type;
public uint p_offset => f_p_offset;
public uint p_filesz => f_p_filesz;
public uint p_vaddr => f_p_vaddr;
public uint f_p_type;
public uint f_p_offset;
public uint f_p_vaddr;
public uint p_paddr; public uint p_paddr;
public uint p_filesz; public uint f_p_filesz;
public uint p_memsz; public uint p_memsz;
public uint p_flags; public uint p_flags;
public uint p_align; public uint p_align;
//public byte[] p_data;忽略
} }
internal class elf_32_shdr internal class elf_64_phdr : Ielf_phdr<ulong>
{
public uint p_type => f_p_type;
public ulong p_offset => f_p_offset;
public ulong p_filesz => f_p_filesz;
public ulong p_vaddr => f_p_vaddr;
public uint f_p_type;
public uint p_flags;
public ulong f_p_offset;
public ulong f_p_vaddr;
public ulong p_paddr;
public ulong f_p_filesz;
public ulong p_memsz;
public ulong p_align;
}
internal class elf_shdr<TWord> where TWord : struct
{ {
public uint sh_name; public uint sh_name;
public uint sh_type; public uint sh_type;
public uint sh_flags; public TWord sh_flags;
public uint sh_addr; public TWord sh_addr;
public uint sh_offset; public TWord sh_offset;
public uint sh_size; public TWord sh_size;
public uint sh_link; public uint sh_link;
public uint sh_info; public uint sh_info;
public uint sh_addralign; public TWord sh_addralign;
public uint sh_entsize; public TWord sh_entsize;
} }
internal class elf_32_sym internal interface Ielf_sym<TWord> where TWord : struct
{ {
public uint st_name; uint st_name { get; }
public uint st_value; TWord st_value { get; }
}
internal class elf_32_sym : Ielf_sym<uint>
{
public uint st_name => f_st_name;
public uint st_value => f_st_value;
public uint f_st_name;
public uint f_st_value;
public uint st_size; public uint st_size;
public byte st_info; public byte st_info;
public byte st_other; public byte st_other;
public ushort st_shndx; public ushort st_shndx;
} }
internal class elf_32_dynamic internal class elf_64_sym : Ielf_sym<ulong>
{ {
public uint d_tag; public uint st_name => f_st_name;
public uint d_un; public ulong st_value => f_st_value;
public uint f_st_name;
public byte st_info;
public byte st_other;
public ushort st_shndx;
public ulong f_st_value;
public ulong st_size;
} }
internal class elf_32_rel internal class elf_dynamic<TWord> where TWord : struct
{ {
public uint r_offset; public TWord d_tag;
public uint r_info; public TWord d_un;
} }
internal class elf_32_rela internal class elf_rel<TWord> where TWord : struct
{ {
public uint r_offset; public TWord r_offset;
public uint r_info; public TWord r_info;
public uint r_addend; }
internal class elf_rela<TWord> where TWord : struct
{
public TWord r_offset;
public TWord r_info;
public TWord r_addend;
} }
#pragma warning restore CS0649 #pragma warning restore CS0649
} }

6
README.md
View File

@@ -1,11 +1,11 @@
# Il2CppInspector # Il2CppInspector
Extract types, methods, properties and fields from Unity IL2CPP binaries. Extract types, methods, properties and fields from Unity IL2CPP binaries.
* **No manual reverse-engineering required; all data is calculated automatically!**
* Supports ELF (Android .so), PE (Windows .exe), Mach-O (Apple iOS/Mac) and Universal Binary (Fat Mach-O) file formats * Supports ELF (Android .so), PE (Windows .exe), Mach-O (Apple iOS/Mac) and Universal Binary (Fat Mach-O) file formats
* 64-bit support for Mach-O files * 32-bit support for all file formats; 64-bit support for ELF and Mach-O file formats
* Supports ARMv7, ARMv7 Thumb T1, ARMv8 (A64) and x86 architectures regardless of file format * Supports ARMv7, ARMv7 Thumb T1, ARMv8 (A64) and x86 architectures regardless of file format
* Supports metadata versions 21, 22, 23, 24, 24.1 (Unity 2018.3+) and 24.2 (Unity 2019+) * Supports metadata versions 21, 22, 23, 24, 24.1 (Unity 2018.3+) and 24.2 (Unity 2019+)
* No manual reverse-engineering required; all data is calculated automatically
* Support for classes, methods, fields, properties, enumerations, events, delegates, interfaces, structs and default field values * Support for classes, methods, fields, properties, enumerations, events, delegates, interfaces, structs and default field values
* Static symbol table scanning for ELF and Mach-O binaries if present * Static symbol table scanning for ELF and Mach-O binaries if present
* Dynamic symbol table scanning for ELF binaries if present * Dynamic symbol table scanning for ELF binaries if present
@@ -66,7 +66,7 @@ Thanks to the following individuals whose code and research helped me develop th
- nevermoe - https://github.com/nevermoe/unity_metadata_loader - nevermoe - https://github.com/nevermoe/unity_metadata_loader
- branw - https://github.com/branw/pogo-proto-dumper - branw - https://github.com/branw/pogo-proto-dumper
- fry - https://github.com/fry/d3 - fry - https://github.com/fry/d3
- ARMConvertor - http://armconverter.com - ARMConverter - http://armconverter.com
This tool uses Perfare's Il2CppDumper code as a base. This tool uses Perfare's Il2CppDumper code as a base.