Open ishitatsuyuki opened 8 months ago
I was assuming that usual applications will have everything in .text, but it seems this is not the case for Unity IL2CPP. It creates another executable section like the following:
File: GameAssembly.dll Format: COFF-x86-64 Arch: x86_64 AddressSize: 64bit Sections [ Section { Number: 1 Name: .text (2E 74 65 78 74 00 00 00) VirtualSize: 0x3E0594 VirtualAddress: 0x1000 RawDataSize: 4064768 PointerToRawData: 0x400 PointerToRelocations: 0x0 PointerToLineNumbers: 0x0 RelocationCount: 0 LineNumberCount: 0 Characteristics [ (0x60000020) IMAGE_SCN_CNT_CODE (0x20) IMAGE_SCN_MEM_EXECUTE (0x20000000) IMAGE_SCN_MEM_READ (0x40000000) ] } Section { Number: 2 Name: il2cpp (69 6C 32 63 70 70 00 00) VirtualSize: 0x3BCD546 VirtualAddress: 0x3E2000 RawDataSize: 62707200 PointerToRawData: 0x3E0A00 PointerToRelocations: 0x0 PointerToLineNumbers: 0x0 RelocationCount: 0 LineNumberCount: 0 Characteristics [ (0x60000020) IMAGE_SCN_CNT_CODE (0x20) IMAGE_SCN_MEM_EXECUTE (0x20000000) IMAGE_SCN_MEM_READ (0x40000000) ] } ... ]
Perhaps we should allow passing in an array of executable sections, instead of just .text, to perform instruction analysis.
I was assuming that usual applications will have everything in .text, but it seems this is not the case for Unity IL2CPP. It creates another executable section like the following:
Perhaps we should allow passing in an array of executable sections, instead of just .text, to perform instruction analysis.