Il2CppDumper GUI Tool updated to 1.0.8
1.0.8 (2019-03-29)
- Updated Il2CppDumper to 4.2.5-beta, with support of NSO file (Nintendo Switch)
- Can drag and drop DLL (GameAssembly.dll of PC game) and NSO file (Nintendo Switch)
Extract .NET metadata from il2cpp
binaries. (types, methods, fields, etc.)
Extraction code is based on Il2CppDumper
Requirements:
- Net Framework 4
- Windows 7 and above
Features:
- Supports il2cpp binaries in ELF(arm, x86) and Mach-O(32bit, 64bit)
format
- Supports global-metadata version 16 and 19-24
- Extracts .NET metadata including types, fields, properties, methods
and attributes
- Supports automated IDA script
generation
- name and tag methods
- store dynamic string literals in comments
o
makefunction
to improve ida analysis
- Generates dummy DLLs that can be viewed in .NET decompilers
GUI Features:
·
Select
files
·
Rename
files
·
Set
output directory.
·
Set
mode.
·
Set
registration offsets
·
Auto
fill up offset registrations after dump
·
Drag
and drop support
·
Remember
everything except registrations
·
Logs
saves on exit. It saves on your documents if tool is located in C drive.
·
Support
open APK with Il2CppDumper to start dump automation
Download:
How to use:
This works as same as original
Il2CppDumper but with GUI.
For Android: Simply drop APK to
start dump automation or extract libil2cpp.so file from ARM or x86 folder
(Android). Extract global-metadata.dat from \Data\Managed\Metadata\
For iOS: Open IPA as 7-zip or Winrar
and extract binary file that does not have a file extension and open as binary
file. Extract global-metadata.dat from \Data\Managed\Metadata\
For PC: Open GameAssembly.dll as
binary file and open global-metadata.dat from [Game name]\il2cpp_data\Metadata
Nintendo Switch: Open NSO file as
binary file i guess? sorry, I'm not familar with it.
Set your output directory
Rename the files if you want
Select your mode. If manual set, you
need to imput offsets you found in the binary file.
Press START when you are ready
Extraction
Modes
Manual
The
parameters (CodeRegistration and MetadataRegistration) that are
passed to il2cpp::vm::MetadataCache::Register()needs to be manually
reverse engineered and passed to the program.
Auto
Automatically
finds the il2cpp_codegen_register() function by signature matching
and read out the first (CodeRegistration) and second (MetadataRegistration)
parameter passed to the il2cpp::vm::MetadataCache::Register()method that
will be invoked in the registration function. May not work well due to compiler
optimizations.
Auto(Advanced)
Matches
possible pointers in the data section. Generally works better than Auto mode.
Supports
metadata version 20 and later (only CodeRegistration address can be
found on metadata version 16).
Auto(Plus)
- Recommended
Matches
possible pointers in the data section with some guidance from global-metadata.
Works better than Auto(Advanced)mode on certain binaries.
Supports
metadata version 20 and later (only CodeRegistration address can be
found on metadata version 16).
Auto(Symbol)
Uses symbols
in the il2cpp binary to locate CodeRegistration and MetadataRegistration.
Only
supports certain Android ELF files.
Output
files
dump.cs
C# pseudocode. Can be viewed in text
editors (syntax highlighting recommended)
script.py
Requires IDA and IDAPython. Can be
loaded in IDA via File -> Script file.
DummyDll
DLLs generated by Mono.Cecil which
contain the .NET metadata extracted from the binary (no code included). Can be
viewed in .NET decompilers.
Configuration
All the configuration options are
located in config.json Available options:
- DumpMethod, DumpField, DumpProperty, DumpAttribute, DumpFieldOffset
- Whether or not the program should extract
these information
- DummyDll
- Whether or not the program should
generate dummy DLLs
- ForceIl2CppVersion, ForceVersion
- If ForceIl2CppVersion is true,
the program will use the version number specified
in ForceVersion to choose parser for il2cpp binaries (does not
affect the choice of metadata parser). This may be useful on some older
il2cpp version (e.g. the program may need to use v16 parser on ilcpp v20
(Android) binaries in order to work properly)
Common
errors
ERROR: Metadata file supplied is not
valid metadata file.
The
specified global-metadata.dat is invalid and the program cannot
recognize it. Make sure you choose the correct file. Sometimes games may
obfuscate this file for content protection purposes and so on. Deobfuscating of
such files is beyond the scope of this program, so please DO NOT file
an issue regarding to deobfuscating.
ERROR: Can't use this mode to
process file, try another mode.
Try other extraction modes.
WARNING:
Version 16 can only get CodeRegistration
Use the
CodeRegistration information to get the MetadataRegistration, then use the
manual mode to process the file.
If all automated extraction modes
failed with this error and you are sure that the files you supplied are not
corrupted/obfuscated, please file an issue with the logs and sample files.
Credits:
AndnixSH
(GUI)
Kommentarer
Tilføj en kommentar