Closed heqyoufree closed 1 year ago
Csn you elaborate?
Perfare's Il2CppDumper can dump from libil2cpp.so and recover the code. Then the code is write into one dll. Using dnSpy or something else can inspect more infomation.
Thanks for clarifying. Unfortunately it's still unclear to me how it is done; however, what's the information frida-il2cpp-bridge
is lacking of?
Il2CppDumper can convert Cpp back to IL and generate a dll (DummyDLL). However, Il2CppDumper usually failed because of encrypted global-metadata.dat and libil2cpp.so and I believe it can be easier to be done using frida-il2cpp-bridge
I don't think in-memory binary code can be converted to IL. I believe Il2CppDumper just crafts a .dll
starting from the information it already has. That is, is creates a different dump format, so you can inspect it using a third party program. That's all - there is no extra information this step adds.
This feature is interesting, but I don't know how to do so - I'd have to learn how to write binary .dll
code (and I don't want to).
I think outputting valid C# code is way more doable, but I doubt I will personally implement it.
Yes, the .dll
it created has no method body but it makes the relation between classes more clearer.
Yeah. I agree the dump inspection experience should be improved. I personally use(d) klogg
, a fast read-only text viewer - but a proper C# viewer (with goto, find references etc) is probably better. However I couldn't find any that could handle several MBs of source code.
I expect dll
viewer tools do an excellent job at this, but as I stated before, I personally won't support such dump format - contributions are welcomed, of course.
Reference: Perfare/Il2CppDumper