djkaty / Il2CppInspector

Powerful automated tool for reverse engineering Unity IL2CPP binaries
http://www.djkaty.com
GNU Affero General Public License v3.0
2.62k stars 430 forks source link

Programatically getting a .pdb for UnityPlayer.dll #41

Closed DannyParker0001 closed 4 years ago

DannyParker0001 commented 4 years ago

I've purposely left the title vague because I'm not really sure if there are applications for it, just something I figured out you could do. It helps in x64dbg, not sure if you already have the info for IDA. If its redundant, just close the issue. The .pdb should contain the name and address of every function in UnityPlayer.dll, I'm not sure if there's any use for this, but just pointing it out.

Rough Implementation: This is assuming use of PeNet from #39

            var peHeader = new PeNet.PeFile("path/to/gameassembly.dll");

            var sigGuid = peHeader.ImageDebugDirectory[0].CvInfoPdb70.Signature;
            var sig = sigGuid.ToString();
        // Sig looked like 80546fa2-f339-4848-af3d-ea1a2e643307 for me
        // Convert to upper case and remove dashes, should look like
        // 80546FA2F3394848AF3DEA1A2E643307
            Console.WriteLine(nog);

           Regex reg = new Regex(@"[^\\]*(?=[.][\w]+$)", 
                RegexOptions.Compiled | RegexOptions.IgnoreCase);

            var matches = reg.Matches(peHeader.ImageDebugDirectory[0].CvInfoPdb70.PdbFileName);

            if(matches.Count < 1)
            {
                // Throw an error here
                return;
            }

            string DownloadUrl = 
                @"http://symbolserver.unity3d.com/" + matches[0] + ".pdb/" + 
                sig + "/" + matches[0] + ".pd_";
            // .pd_ is NOT a mistake, it is a .pdb compressed as a .cab 

            // Unity files are compressed into .cabs.
            string OutputCab = "/path/to/your/favored/directory" +
                "\\" + matches[0] + ".cab";

            // Downloading cab
            if (!File.Exists(OutputCab))
            {
                using (var client = new WebClient())
                {
                    client.DownloadFile(DownloadUrl, OutputCab);
                }
            }

            if (!File.Exists(OutputCab))
            {
                // Throw error
            }

            // Extracting the cab
            string OutputPdb = "/path/to/your/favored/directory";

            // Requires using Microsoft.Deployment.Compression.Cab;
            // Part of MSFTCompressionCab NuGet package
            CabInfo cab = new CabInfo(OutputCab);
            cab.Unpack(OutputPdb);

            // PDB now exists, ready to be consumed by user or further parse.

Disclaimer: Code is stitched together from a few places late at night, I might've stuffed up names & code probably wont compile.

djkaty commented 4 years ago

Pretty straightforward, though I guess if people want the symbol files they can just get hold of them themselves. I'll re-consider if it becomes an oft-requested feature. Thanks for the suggestion - as always I'll keep it in mind!