修改bug与更新

Author: AndroidReverser-Test

README.md

@@ -3,10 +3,13 @@
 
 # 如何使用
 ~~先在目标手游的/data/data/packageName/files目录下创建test.txt文件，test.txt文件中的**每一行**均为要进行dump的程序集名称如Assembly-CSharp.dll,**注意这里创建以及写入test.txt文件务必在手机设备的环境上进行，否则可能会出现bug**。在创建/data/data/packageName/files/test.txt文件并写入要进行dump的程序集名称后即可~~
-通过任意ptrace注入器将该so模块注入至要dump的unity游戏进程中，主动调用dump将自动执行。可在logcat中使用Perfare进行过滤查看结果。如dump成功会在/data/data/packageName/files目录下生成dump.cs文件。
+通过任意ptrace注入器将该so模块注入至要dump的unity游戏进程中，主动调用dump将自动执行。**最好是在游戏的相应逻辑触发后再进行注入，因为如果需要的类还未加载就不会被dump**。可在logcat中使用Perfare进行过滤查看结果。如dump成功会在/data/data/packageName/files目录下生成test.cs以及test_method_info.txt文件。
 
 ~~目标unity手游的所有程序集名称均可在其apk包的assets\bin\Data\ScriptingAssemblies.json中找到。~~
-推荐使用的ptrace注入器为[Android-Ptrace-Injector](https://github.com/reveny/Android-Ptrace-Injector)
+推荐使用的ptrace注入器为[Android-Ptrace-Injector](https://github.com/reveny/Android-Ptrace-Injector)或[AndKittyInjector](https://github.com/MJx0/AndKittyInjector)。
+
+## 新增ida.py脚本
+使用ida加载libil2cpp.so后导入并执行ida.py脚本，再根据引导选择dump生成的test_method_info.txt文件即可重命名大部分函数。
 
 
 # 如何构建

app/src/main/cpp/hack.cpp

@@ -19,6 +19,8 @@
 #include <fstream>
 #include <sstream>
 
+char game_path[PATH_MAX];
+
 void hack_start(const char *game_data_dir) {
     bool load = false;
     for (int i = 0; i < 10; i++) {
@@ -218,10 +220,9 @@ void start_dump(){
     buffer << file.rdbuf(); // 读取文件内容到 stringstream
     file.close();
 
-    char path[PATH_MAX];
-    snprintf(path, PATH_MAX, "/data/data/%s",buffer.str().c_str());
-    LOGI("game dir:%s\n", path);
-    std::thread hack_thread(hack_start, path);
+    snprintf(game_path, PATH_MAX, "/data/data/%s",buffer.str().c_str());
+    LOGI("game dir:%s\n", game_path);
+    std::thread hack_thread(hack_start, game_path);
     hack_thread.detach();
 }
 __attribute__((section(".init_array"))) void (*test_dump)() = start_dump;

app/src/main/cpp/il2cpp_dump.cpp

@@ -25,6 +25,7 @@
 
 
 static uint64_t il2cpp_base = 0;
+std::stringstream method_info_outPut;
 
 void init_il2cpp_api(void *handle) {
 #define DO_API(r, n, p) {                      \
@@ -102,6 +103,7 @@ std::string dump_method(Il2CppClass *klass) {
         if (method->methodPointer) {
             outPut << "\t// RVA: 0x";
             outPut << std::hex << (uint64_t) method->methodPointer - il2cpp_base;
+            method_info_outPut << std::hex << (uint64_t) method->methodPointer - il2cpp_base;
             outPut << " VA: 0x";
             outPut << std::hex << (uint64_t) method->methodPointer;
         } else {
@@ -120,8 +122,12 @@ std::string dump_method(Il2CppClass *klass) {
             outPut << "ref ";
         }
         auto return_class = il2cpp_class_from_type(return_type);
-        outPut << il2cpp_class_get_name(return_class) << " " << il2cpp_method_get_name(method)
+        auto method_name = il2cpp_method_get_name(method);
+        outPut << il2cpp_class_get_name(return_class) << " " << method_name
                << "(";
+        if(method->methodPointer){
+            method_info_outPut << ":" << method_name << "\n";
+        }
         auto param_count = il2cpp_method_get_param_count(method);
         for (int i = 0; i < param_count; ++i) {
             auto param = il2cpp_method_get_param(method, i);
@@ -420,9 +426,7 @@ void il2cpp_api_init(void *handle) {
 
 void il2cpp_dump(const char *outDir) {
     LOGI("dumping...");
-    std::stringstream imageOutput;
     std::vector<std::string> outPuts;
-
     if (il2cpp_capture_memory_snapshot && il2cpp_free_captured_memory_snapshot) {
         auto memorySnapshot = il2cpp_capture_memory_snapshot();
         auto all_type_infos_count = memorySnapshot->metadata.typeCount;
@@ -447,18 +451,27 @@ void il2cpp_dump(const char *outDir) {
         LOGE("can not find il2cpp_capture_memory_snapshot!!!");
     }
 
-
-
     LOGI("write dump file");
-    auto outPath = std::string(outDir).append("/files/dump.cs");
+    auto outPath = std::string(outDir).append("/files/test.cs");
     std::ofstream outStream(outPath);
-    outStream << imageOutput.str();
-    auto count = outPuts.size();
-    for (int i = 0; i < count; ++i) {
-        outStream << outPuts[i];
-    }
+    auto outPath2 = std::string(outDir).append("/files/test_method_info.txt");
+    std::ofstream outStream2(outPath2);
 
+    if(outStream.is_open()){
+        auto count = outPuts.size();
+        for (int i = 0; i < count; ++i) {
+            outStream << outPuts[i];
+        }
+    } else
+        LOGE("can not open file:%s",outPath.c_str());
 
     outStream.close();
+    if (outStream2.is_open()){
+        outStream2 << method_info_outPut.str();
+    } else
+        LOGE("can not open file:%s",outPath2.c_str());
+    method_info_outPut.flush();
+    method_info_outPut.clear();
+    outStream2.close();
     LOGI("dump done!");
 }

ida.py

@@ -0,0 +1,48 @@
+# -*- coding: utf-8 -*-
+
+def set_name(addr, name):
+	new_name = name + '_' + hex(addr)
+	idc.set_name(addr, new_name, SN_NOWARN | SN_NOCHECK)
+
+def make_function(start, end):
+	next_func = idc.get_next_func(start)
+	if next_func < end:
+		end = next_func
+	if idc.get_func_attr(start, FUNCATTR_START) == start:
+		ida_funcs.del_func(start)
+	ida_funcs.add_func(start, end)
+
+addresses = []
+fun_infos = []
+path = idaapi.ask_file(False, '*.txt', 'test_method_info.txt from PtraceIl2cppDumper')
+
+
+with open(path,"r",encoding="utf-8") as name_f:
+    all_lines = name_f.readlines()
+
+for line in all_lines:
+	if line == "":
+		break
+	# 确保地址有效
+	item = line.split(":")
+	if item[0] == "":
+		continue 
+	fun_name = item[1].replace("\n","")
+	fun_addr = int(item[0],16)
+	addresses.append(fun_addr)
+	fun_infos.append((fun_addr,fun_name))
+
+addresses.sort()
+
+for index in range(len(addresses) - 1):
+	start = addresses[index]
+	end = addresses[index + 1]
+	make_function(start, end)
+
+for item in fun_infos:
+	set_name(item[0], item[1])
+
+
+
+print('Script finished!')
+