chizui/Il2CppInspectorRedux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

IL2CPP: Change metadata and binary to derive from BinaryObjectStream

Browse Source
This commit is contained in:
Katy Coe
2020-12-21 06:37:29 +01:00
parent 620d985b71
commit c00b474f33
31 changed files with 172 additions and 179 deletions
Download Patch File Download Diff File Expand all files Collapse all files

282
Il2CppInspector.Common/FileFormatStreams/FormatLayouts/Elf.cs Normal file
View File

@@ -0,0 +1,282 @@
/*
Copyright 2017 Perfare - https://github.com/Perfare/Il2CppDumper
Copyright 2017-2020 Katy Coe - http://www.djkaty.com - https://github.com/djkaty
All rights reserved.
*/
using System;
using NoisyCowStudios.Bin2Object;
namespace Il2CppInspector
{
[Flags]
public enum Elf : uint
{
// elf_header.m_dwFormat
ELFMAG = 0x464c457f, // "\177ELF"
// elf_header.e_machine
EM_386 = 0x03,
EM_ARM = 0x28,
EM_X86_64 = 0x3E,
EM_AARCH64 = 0xB7,
// elf_header.m_arch
ELFCLASS32 = 1,
ELFCLASS64 = 2,
// elf_header.e_Type
ET_EXEC = 2,
// PHTs
PT_LOAD = 1,
PT_DYNAMIC = 2,
PF_X = 1,
PF_W = 2,
PF_R = 4,
// SHTs
SHT_PROGBITS = 1,
SHT_SYMTAB = 2,
SHT_STRTAB = 3,
SHT_RELA = 4,
SHT_NOBITS = 8,
SHT_REL = 9,
SHT_DYNSYM = 11,
// SHNs
SHN_UNDEF = 0,
// STTs
STT_NOTYPE = 0,
STT_OBJECT = 1,
STT_FUNC = 2,
STT_SECTION = 3,
STT_FILE = 4,
STT_COMMON = 5,
STT_LOOS = 10,
STT_HIOS = 12,
STT_LOPROC = 13,
STT_SPARC_REGISTER = 13,
STT_HIPROC = 15,
// SHFs
SHF_ALLOC = 2,
SHF_EXECINSTR = 4,
// dynamic sections
DT_PLTGOT = 3,
DT_HASH = 4,
DT_STRTAB = 5,
DT_SYMTAB = 6,
DT_RELA = 7,
DT_RELASZ = 8,
DT_RELAENT = 9,
DT_INIT = 12,
DT_FINI = 13,
DT_REL = 17,
DT_RELSZ = 18,
DT_RELENT = 19,
DT_JMPREL = 23,
DT_INIT_ARRAY = 25,
DT_FINI_ARRAY = 26,
DT_INIT_ARRAYSZ = 27,
DT_PREINIT_ARRAY = 32,
DT_MOVETAB = 0x6ffffefe,
DT_VERDEF = 0x6ffffffc,
DT_VERNEED = 0x6ffffffe,
DT_SYMINFO = 0x6ffffeff,
// relocation types
R_ARM_ABS32 = 2,
R_ARM_REL32 = 3,
R_ARM_COPY = 20,
R_AARCH64_ABS64 = 0x101,
R_AARCH64_PREL64 = 0x104,
R_AARCH64_GLOB_DAT = 0x401,
R_AARCH64_JUMP_SLOT = 0x402,
R_AARCH64_RELATIVE = 0x403,
R_386_32 = 1,
R_386_PC32 = 2,
R_386_GLOB_DAT = 6,
R_386_JMP_SLOT = 7,
R_AMD64_64 = 1
}
#pragma warning disable CS0649
internal class elf_header<TWord> where TWord : struct
{
// 0x7f followed by ELF in ascii
public uint m_dwFormat;
// 1 - 32 bit
// 2 - 64 bit
public byte m_arch;
// 1 - little endian
// 2 - big endian
public byte m_endian;
// 1 is original elf format
public byte m_version;
// set based on OS, refer to OSABI enum
public byte m_osabi;
// refer to elf documentation
public byte m_osabi_ver;
// unused
[ArrayLength(FixedSize=7)]
public byte[] e_pad;//byte[7]
// 1 - relocatable
// 2 - executable
// 3 - shared
// 4 - core
public ushort e_type;
// refer to isa enum
public ushort e_machine;
public uint e_version;
public TWord e_entry;
public TWord e_phoff;
public TWord e_shoff;
public uint e_flags;
public ushort e_ehsize;
public ushort e_phentsize;
public ushort e_phnum;
public ushort e_shentsize;
public ushort e_shnum;
public ushort e_shtrndx;
}
internal interface Ielf_phdr<TWord> where TWord : struct
{
uint p_type { get; }
TWord p_offset { get; set; }
TWord p_filesz { get; set; }
TWord p_memsz { get; }
TWord p_vaddr { get; set; }
uint p_flags { get; }
}
internal class elf_32_phdr : Ielf_phdr<uint> {
public uint p_type => f_p_type;
public uint p_offset { get => f_p_offset; set => f_p_offset = value; }
public uint p_filesz { get => f_p_filesz; set => f_p_filesz = value; }
public uint p_vaddr { get => f_p_vaddr; set => f_p_vaddr = value; }
public uint p_flags => f_p_flags;
public uint p_memsz => f_p_memsz;
public uint f_p_type;
public uint f_p_offset;
public uint f_p_vaddr;
public uint p_paddr;
public uint f_p_filesz;
public uint f_p_memsz;
public uint f_p_flags;
public uint p_align;
}
internal class elf_64_phdr : Ielf_phdr<ulong>
{
public uint p_type => f_p_type;
public ulong p_offset { get => f_p_offset; set => f_p_offset = value; }
public ulong p_filesz { get => f_p_filesz; set => f_p_filesz = value; }
public ulong p_memsz => f_p_memsz;
public ulong p_vaddr { get => f_p_vaddr; set => f_p_vaddr = value; }
public uint p_flags => f_p_flags;
public uint f_p_type;
public uint f_p_flags;
public ulong f_p_offset;
public ulong f_p_vaddr;
public ulong p_paddr;
public ulong f_p_filesz;
public ulong f_p_memsz;
public ulong p_align;
}
internal class elf_shdr<TWord> where TWord : struct
{
public uint sh_name;
public uint sh_type;
public TWord sh_flags;
public TWord sh_addr;
public TWord sh_offset;
public TWord sh_size;
public uint sh_link;
public uint sh_info;
public TWord sh_addralign;
public TWord sh_entsize;
}
internal interface Ielf_sym<TWord> where TWord : struct
{
uint st_name { get; }
TWord st_value { get; }
ushort st_shndx { get; }
Elf st_info { get; }
Elf type { get; }
}
internal class elf_32_sym : Ielf_sym<uint>
{
public uint st_name => f_st_name;
public uint st_value => f_st_value;
public ushort st_shndx => f_st_shndx;
public Elf st_info => (Elf) f_st_info;
public Elf type => (Elf) (f_st_info & 0xf);
public uint f_st_name;
public uint f_st_value;
public uint st_size;
public byte f_st_info;
public byte st_other;
public ushort f_st_shndx;
}
internal class elf_64_sym : Ielf_sym<ulong>
{
public uint st_name => f_st_name;
public ulong st_value => f_st_value;
public ushort st_shndx => f_st_shndx;
public Elf st_info => (Elf) f_st_info;
public Elf type => (Elf) (f_st_info & 0xf);
public uint f_st_name;
public byte f_st_info;
public byte st_other;
public ushort f_st_shndx;
public ulong f_st_value;
public ulong st_size;
}
internal class elf_dynamic<TWord> where TWord : struct
{
public TWord d_tag;
public TWord d_un;
}
internal class elf_rel<TWord> where TWord : struct
{
public TWord r_offset;
public TWord r_info;
}
internal class elf_rela<TWord> where TWord : struct
{
public TWord r_offset;
public TWord r_info;
public TWord r_addend;
}
#pragma warning restore CS0649
}

175
Il2CppInspector.Common/FileFormatStreams/FormatLayouts/MachO.cs Normal file
View File

@@ -0,0 +1,175 @@
/*
Copyright 2017-2020 Katy Coe - http://www.djkaty.com - https://github.com/djkaty
All rights reserved.
*/
using System;
using NoisyCowStudios.Bin2Object;
namespace Il2CppInspector
{
#pragma warning disable CS0649
// Structures and enums: https://opensource.apple.com/source/cctools/cctools-870/include/mach-o/loader.h
public enum MachO : uint
{
MH_MAGIC = 0xfeedface,
MH_CIGAM = 0xcefaedfe,
MH_MAGIC_64 = 0xfeedfacf,
MH_CIGAM_64 = 0xcffaedfe,
MH_MIN_FILETYPE = 0x1,
MH_MAX_FILETYPE = 0xB,
LC_SEGMENT = 0x1,
LC_SYMTAB = 0x2,
LC_DYSYMTAB = 0xb,
LC_SEGMENT_64 = 0x19,
LC_ENCRYPTION_INFO = 0x21,
LC_DYLD_INFO = 0x22,
LC_DYLD_INFO_ONLY = 0x80000022,
LC_FUNCTION_STARTS = 0x26,
LC_ENCRYPTION_INFO_64 = 0x2C,
CPU_TYPE_X86 = 7,
CPU_TYPE_X86_64 = 0x01000000 + CPU_TYPE_X86,
CPU_TYPE_ARM = 12,
CPU_TYPE_ARM64 = 0x01000000 + CPU_TYPE_ARM,
}
[Flags]
public enum MachO_NType : byte
{
// n_type masks
N_STAB = 0xe0,
N_PEXT = 0x10,
N_TYPE = 0x0e,
N_EXT = 0x01,
// n_stab bits
N_UNDF = 0x00,
N_ABS = 0x02,
N_SECT = 0x0e,
N_PBUD = 0x0c,
N_INDR = 0x0a,
// n_type bits when N_STAB has some bits set
N_GSYM = 0x20,
N_FNAME = 0x22,
N_FUN = 0x24,
N_STSYM = 0x26,
N_BNSYM = 0x2E,
N_ENSYM = 0x4E,
N_SO = 0x64,
N_OSO = 0x66,
}
internal class MachOHeader<TWord> where TWord : struct
{
public uint Magic;
public uint CPUType;
public uint CPUSubType;
public uint FileType;
public uint NumCommands;
public uint SizeOfCommands;
public TWord Flags;
}
internal class MachOLoadCommand
{
public uint Command;
public uint Size;
}
internal class MachOSegmentCommand<TWord> where TWord : struct
{
// MachOLoadCommand
[String(FixedSize = 16)]
public string Name;
public TWord VirtualAddress;
public TWord VirtualSize;
public TWord ImageOffset;
public TWord ImageSize;
public uint VMMaxProt;
public uint VMInitProt;
public uint NumSections;
public uint Flags;
}
internal class MachOSection<TWord> where TWord : struct
{
[String(FixedSize = 16)]
public string Name;
[String(FixedSize = 16)]
public string SegmentName;
public TWord Address;
public TWord Size;
public uint ImageOffset;
public uint Align;
public uint ImageRelocOffset;
public int NumRelocEntries;
public uint Flags;
public uint Reserved1;
public TWord Reserved2;
}
internal class MachOLinkEditDataCommand
{
// MachOLoadCommand
public uint Offset;
public uint Size;
}
internal class MachODyldInfoCommand
{
public uint RebaseOffset;
public uint RebaseSize;
public uint BindOffset;
public uint BindSize;
public uint WeakBindOffset;
public uint WeakBindSize;
public uint LazyBindOffset;
public uint LazyBindSize;
public uint ExportOffset;
public uint ExportSize;
}
internal class MachOSymtabCommand
{
public uint SymOffset;
public uint NumSyms;
public uint StrOffset;
public uint StrSize;
}
internal class MachOEncryptionInfo
{
// MachOLoadCommand
public uint CryptOffset;
public uint CryptSize;
public uint CryptID;
}
internal class MachO_nlist<TWord> where TWord : struct
{
public MachO_NType n_type => (MachO_NType) f_n_type;
public uint n_strx;
public byte f_n_type;
public byte n_sect;
public ushort n_desc;
public TWord n_value;
}
internal class MachO_relocation_info
{
public int r_address;
public uint r_data;
public uint r_symbolnum => r_data & 0x00ffffff;
public bool r_pcrel => ((r_data >> 24) & 1) == 1;
public uint r_length => (r_data >> 25) & 3;
public bool r_extern => ((r_data >> 27) & 1) == 1;
public uint r_type => r_data >> 28;
}
}

173
Il2CppInspector.Common/FileFormatStreams/FormatLayouts/PE.cs Normal file
View File

@@ -0,0 +1,173 @@
/*
Copyright 2017-2020 Katy Coe - http://www.djkaty.com - https://github.com/djkaty
All rights reserved.
*/
using NoisyCowStudios.Bin2Object;
namespace Il2CppInspector
{
// Source: https://github.com/dotnet/llilc/blob/master/include/clr/ntimage.h
public enum PE : uint
{
IMAGE_NT_OPTIONAL_HDR32_MAGIC = 0x10b,
IMAGE_NT_OPTIONAL_HDR64_MAGIC = 0x20b,
IMAGE_SCN_CNT_CODE = 0x00000020,
IMAGE_SCN_CNT_INITIALIZED_DATA = 0x00000040,
IMAGE_SCN_CNT_UNINITIALIZED_DATA = 0x00000080,
IMAGE_SCN_MEM_EXECUTE = 0x20000000,
IMAGE_SCN_MEM_READ = 0x40000000,
IMAGE_SCN_MEM_WRITE = 0x80000000
}
#pragma warning disable CS0649
// _IMAGE_FILE_HEADER
internal class COFFHeader
{
public ushort Machine;
public ushort NumberOfSections;
public uint TimeDateStamp;
public uint PointerToSymbolTable;
public uint NumberOfSymbols;
public ushort SizeOfOptionalHeader;
public ushort Characteristics;
}
// _IMAGE_OPTIONAL_HEADER
internal interface IPEOptHeader
{
PE ExpectedMagic { get; }
ushort Magic { get; }
ulong ImageBase { get; set; }
uint BaseOfCode { get; }
RvaEntry[] DataDirectory { get; }
}
internal class PEOptHeader32 : IPEOptHeader
{
public PE ExpectedMagic => PE.IMAGE_NT_OPTIONAL_HDR32_MAGIC;
public ushort Magic => f_Magic;
public ulong ImageBase { get => f_ImageBase; set => f_ImageBase = (uint) value; }
public uint BaseOfCode => f_BaseOfCode;
public RvaEntry[] DataDirectory => f_DataDirectory;
public ushort f_Magic;
public byte MajorLinkerVersion;
public byte MinorLinkerVersion;
public uint SizeOfCode;
public uint SizeOfInitializedData;
public uint SizeOfUninitializedData;
public uint AddressOfEntryPoint;
public uint f_BaseOfCode;
public uint BaseOfData;
public uint f_ImageBase;
public uint SectionAlignment;
public uint FileAlignment;
public ushort MajorOSVersion;
public ushort MinorOSVersion;
public ushort MajorImageVersion;
public ushort MinorImageVersion;
public ushort MajorSubsystemVersion;
public ushort MinorSubsystemVersion;
public uint Win32VersionValue;
public uint SizeOfImage;
public uint SizeOfHeaders;
public uint Checksum;
public ushort Subsystem;
public ushort DLLCharacteristics;
public uint SizeOfStackReserve;
public uint SizeOfStackCommit;
public uint SizeOfHeapReserve;
public uint SizeOfHeapCommit;
public uint LoaderFlags;
public uint NumberOfRvaAndSizes;
[ArrayLength(FieldName = "NumberOfRvaAndSizes")]
public RvaEntry[] f_DataDirectory;
}
// _IMAGE_OPTIONAL_HEADER64
internal class PEOptHeader64 : IPEOptHeader
{
public PE ExpectedMagic => PE.IMAGE_NT_OPTIONAL_HDR64_MAGIC;
public ushort Magic => f_Magic;
public ulong ImageBase { get => f_ImageBase; set => f_ImageBase = value; }
public uint BaseOfCode => f_BaseOfCode;
public RvaEntry[] DataDirectory => f_DataDirectory;
public ushort f_Magic;
public byte MajorLinkerVersion;
public byte MinorLinkerVersion;
public uint SizeOfCode;
public uint SizeOfInitializedData;
public uint SizeOfUninitializedData;
public uint AddressOfEntryPoint;
public uint f_BaseOfCode;
public ulong f_ImageBase;
public uint SectionAlignment;
public uint FileAlignment;
public ushort MajorOSVersion;
public ushort MinorOSVersion;
public ushort MajorImageVersion;
public ushort MinorImageVersion;
public ushort MajorSubsystemVersion;
public ushort MinorSubsystemVersion;
public uint Win32VersionValue;
public uint SizeOfImage;
public uint SizeOfHeaders;
public uint Checksum;
public ushort Subsystem;
public ushort DLLCharacteristics;
public ulong SizeOfStackReserve;
public ulong SizeOfStackCommit;
public ulong SizeOfHeapReserve;
public ulong SizeOfHeapCommit;
public uint LoaderFlags;
public uint NumberOfRvaAndSizes;
[ArrayLength(FieldName = "NumberOfRvaAndSizes")]
public RvaEntry[] f_DataDirectory;
}
internal class RvaEntry
{
public uint VirtualAddress;
public uint Size;
}
// _IMAGE_SECTION_HEADER
internal class PESection
{
public PE Characteristics => (PE) f_Characteristics;
[String(FixedSize=8)]
public string Name;
public uint VirtualSize; // Size in memory
public uint VirtualAddress; // Base address in memory (RVA)
public uint SizeOfRawData; // Size in file
public uint PointerToRawData; // Base address in file
public uint PointerToRelocations;
public uint PointerToLinenumbers;
public ushort NumberOfRelocations;
public ushort NumberOfLinenumbers;
public uint f_Characteristics;
}
// _IMAGE_EXPORT_DIRECTORY
internal class PEExportDirectory
{
public uint Characteristics;
public uint TimeDateStamp;
public ushort MajorVersion;
public ushort MinorVersion;
public uint Name;
public uint Base;
public uint NumberOfFunctions;
public uint NumberOfNames;
public uint AddressOfFunctions;
public uint AddressOfNames;
public uint AddressOfNameOrdinals;
}
#pragma warning restore CS0649
}

117
Il2CppInspector.Common/FileFormatStreams/FormatLayouts/SElf.cs Normal file
View File

@@ -0,0 +1,117 @@
/*
Copyright 2020 Katy Coe - http://www.hearthcode.org - http://www.djkaty.com
All rights reserved.
*/
using System;
using NoisyCowStudios.Bin2Object;
namespace Il2CppInspector
{
internal enum SElfConsts : uint
{
Magic = 0x1D3D154F
}
[Flags]
internal enum SElfEntryFlags : ulong
{
Ordered = 0x1,
Encrypted = 0x2,
Signed = 0x4,
Deflated = 0x8,
WindowMask = 0x700,
Blocks = 0x800,
BlockSizeMask = 0xF000,
Digests = 0x10000,
Extents = 0x20000,
SegmentIndexMask = 0x_000F_FFF0_0000
}
// SCE-specific definitions for e_type
internal enum SElfETypes : ushort
{
ET_SCE_EXEC = 0xFE00,
ET_SCE_RELEXEC = 0xFE04,
ET_SCE_STUBLIB = 0xFE0C,
ET_SCE_DYNEXEC = 0xFE10, // SCE EXEC_ASLR (PS4 Executable with ASLR)
ET_SCE_DYNAMIC = 0xFE18,
ET_SCE_IOPRELEXEC = 0xFF80,
ET_SCE_IOPRELEXEC2 = 0xFF81,
ET_SCE_EERELEXEC = 0xFF90,
ET_SCE_EERELEXEC2 = 0xFF91,
ET_SCE_PSPRELEXEC = 0xFFA0,
ET_SCE_PPURELEXEC = 0xFFA4,
ET_SCE_ARMRELEXEC = 0xFFA5,
ET_SCE_PSPOVERLAY = 0xFFA8
}
// SCE-specific definitions for program header type
internal enum SElfPTypes : uint
{
PT_SCE_RELA = 0x60000000,
PT_SCE_DYNLIBDATA = 0x61000000,
PT_SCE_PROCPARAM = 0x61000001,
PT_SCE_MODULE_PARAM = 0x61000002,
PT_SCE_RELRO = 0x61000010,
PT_SCE_COMMENT = 0x6FFFFF00,
PT_SCE_VERSION = 0x6FFFFF01
}
// Extended info types
internal enum SElfExInfoTypes
{
PTYPE_FAKE = 0x1,
PTYPE_NPDRM_EXEC = 0x4,
PTYPE_NPDRM_DYNLIB = 0x5,
PTYPE_SYSTEM_EXEC = 0x8,
PTYPE_SYSTEM_DYNLIB = 0x9,
PTYPE_HOST_KERNEL = 0xC,
PTYPE_SECURE_MODULE = 0xE,
PTYPE_SECURE_KERNEL = 0xF
}
#pragma warning disable CS0649
internal class SElfHeader
{
public uint Magic;
public byte Version;
public byte Mode;
public byte Endian;
public byte Attributes;
public uint KeyType;
public ushort HeaderSize;
public ushort MetadataSize;
public ulong FileSize;
public ushort NumberOfEntries;
public ushort Flags;
public uint Padding;
}
internal class SElfEntry
{
public ulong Flags;
public ulong FileOffset;
public ulong EncryptedCompressedSize;
public ulong MemorySize;
public bool IsEncrypted => (Flags & (ulong) SElfEntryFlags.Encrypted) != 0;
public bool IsDeflated => (Flags & (ulong) SElfEntryFlags.Deflated) != 0;
public bool HasBlocks => (Flags & (ulong) SElfEntryFlags.Blocks) != 0;
public ushort SegmentIndex => (ushort) ((Flags & (ulong) SElfEntryFlags.SegmentIndexMask) >> 20);
}
internal class SElfSCEData
{
public ulong ProductAuthID;
public ulong ProductType;
public ulong AppVersion;
public ulong FirmwareVersion;
[ArrayLength(FixedSize = 0x20)]
public byte[] ContentID; // Only if NPDRM
[ArrayLength(FixedSize = 0x20)]
public byte[] SHA256Digest;
}
#pragma warning restore CS0649
}

33
Il2CppInspector.Common/FileFormatStreams/FormatLayouts/UB.cs Normal file
View File

@@ -0,0 +1,33 @@
/*
Copyright 2017 Katy Coe - http://www.hearthcode.org - http://www.djkaty.com
All rights reserved.
*/
namespace Il2CppInspector
{
#pragma warning disable CS0649
// Structures and enums: https://cocoaintheshell.whine.fr/2009/07/universal-binary-mach-o-format/
public enum UB : uint
{
FAT_MAGIC = 0xcafebabe
}
// Big-endian
internal class FatHeader
{
public uint Magic;
public uint NumArch;
}
// Big-endian
internal class FatArch
{
public uint CPUType;
public uint CPUSubType;
public uint Offset;
public uint Size;
public uint Align;
}
}