Closed commonuserlol closed 5 days ago
What's your use case for native method detection?
Native Method Detection high memory usage
This is likely not restricted to native method detection, but instead to ISIL analysis, which native method detection uses. The call analyzer also uses ISIL.
What's your use case for native method detection?
I just enabled all processors for diffable cs 😅. Is there any description for them?
Actually I wanna view pseudocode like in Ghidra/IDA, can cpp2il produce it?
Actually I wanna view pseudocode like in Ghidra/IDA, can cpp2il produce it?
Currently, cpp2il cannot create pseudocode. This is because ISIL & armv8 → ISIL is not fully completed and that's not to mention ISIL → pseudocode. With the current implementation of ISIL, a potential pseudocode generator could at most do something like this Which is not enough to understand what the method does.
With the current implementation of ISIL, a potential pseudocode generator could at most do something like this
I'm not using windows nor dnspy.
Which is not enough to understand what the method does.
I see. Is there any maintained il2cpp reverse engineering tool like dumper/inspector (both probably died)
I've just pushed two changes. The first one aims to reduce the memory usage of call analysis and native method detection, especially on X86/X64 games, in all situations, without affecting performance. In my testing a game that previously took 12GB of RAM when running on my PC now takes < 6GB with this change.
The second change is a new command line option, --low-memory-mode
, which further constrains how much memory CPP2IL tries to use, but this one has a performance cost (e.g. call analysis execution time basically doubled) - but with it on, the same game took < 2GB for call analysis, and 4-5GB for native method detection (which does appear to be a lot more intensive).
Give it a try and let me know how it goes for you.
Nice, now RAM usage about 2 times less. Tho I didn't tried --low-memory-mode
since CPU already a potato.
I have only 8GB of RAM, without native method detection cpp2il uses only 3GB. But with, it uses >8GB. I don't know how on windows, but on linux there's ZRAM kernel module which creates compressed swap in RAM. So I used it and on next attempt cpp2il used >12G and system became unresponsive (but still working) :( Ghidra uses a way less memory to analyze this binary (33 MB). Is there formula to calculate needed RAM size using binary size or just recommended value?