vfsfitvnm
commented
2 years ago Csn you elaborate?
Closed heqyoufree closed 1 year ago
vfsfitvnm
commented
2 years ago Csn you elaborate?
heqyoufree
commented
2 years ago Perfare's Il2CppDumper can dump from libil2cpp.so and recover the code. Then the code is write into one dll. Using dnSpy or something else can inspect more infomation.
vfsfitvnm
commented
2 years ago Thanks for clarifying. Unfortunately it's still unclear to me how it is done; however, what's the information frida-il2cpp-bridge is lacking of?
heqyoufree
commented
2 years ago Il2CppDumper can convert Cpp back to IL and generate a dll (DummyDLL). However, Il2CppDumper usually failed because of encrypted global-metadata.dat and libil2cpp.so and I believe it can be easier to be done using frida-il2cpp-bridge
vfsfitvnm
commented
2 years ago I don't think in-memory binary code can be converted to IL. I believe Il2CppDumper just crafts a .dll starting from the information it already has. That is, is creates a different dump format, so you can inspect it using a third party program. That's all - there is no extra information this step adds.
This feature is interesting, but I don't know how to do so - I'd have to learn how to write binary .dll code (and I don't want to).
I think outputting valid C# code is way more doable, but I doubt I will personally implement it.
heqyoufree
commented
2 years ago Yes, the .dll it created has no method body but it makes the relation between classes more clearer.
vfsfitvnm
commented
2 years ago Yeah. I agree the dump inspection experience should be improved. I personally use(d) klogg, a fast read-only text viewer - but a proper C# viewer (with goto, find references etc) is probably better. However I couldn't find any that could handle several MBs of source code.
I expect dll viewer tools do an excellent job at this, but as I stated before, I personally won't support such dump format - contributions are welcomed, of course.
Reference: Perfare/Il2CppDumper