import {soName} from "../config"; import {Il2CppGlobalMetadataHeader} from "./struct/Il2CppGlobalMetadataHeader"; import {log, log4AndroidE, LogColor, logColor, logHHex, logHHexLength} from "../logger"; import {Il2cppMetadataRegistration} from "./struct/Il2cppMetadataRegistration"; import {il2cppApi} from "./il2cppApi"; import {Tprt} from "../mtp/tprt"; import {on} from "../../_agent"; import {strace} from "../mtp/strace"; import {Il2CppClass} from "./struct/Il2CppClass"; import {lolm} from "../lolm"; let s_GlobalMetadataHeader=0xc98fec8 let s_Il2CppMetadataRegistration=0xc98feb0 let s_Il2CppCodeRegistration=0xc98fea8 let il2cppHandler; let once=false; export let CSDumper ={ loadApk:function (){ loadApk(); }, init:function (){ findIl2cppHandler(); }, start:function (){ if (once){ return } once=true //延迟一下吧 setTimeout(function (){ let module = Process.findModuleByName(soName); if (module!==null){ log("加强版dumper开始工作") log("base:"+module.path); let nativePointer = module.base.add(s_GlobalMetadataHeader); let il2CppGlobalMetadataHeader = new Il2CppGlobalMetadataHeader(nativePointer.readPointer()); log("il2CppGlobalMetadataHeader log ") logHHexLength(il2CppGlobalMetadataHeader,128) let nativePointer1 = module.base.add(s_Il2CppMetadataRegistration); let il2cppMetadataRegistration = new Il2cppMetadataRegistration(nativePointer1.readPointer()); let il2CppCodeRegistration = module.base.add(s_Il2CppCodeRegistration).readPointer(); let dumperSo = Module.load("/system/lib64/libcodec2_server.so"); log("dumperSo "+dumperSo); let nativePointer2 = dumperSo.findExportByName("_ZN8CSDumper5startEPvS0_S0_S0_"); let start_fun = new NativeFunction(nativePointer2,"void",['pointer','pointer','pointer','pointer']); log("il2CppGlobalMetadataHeader "); logHHex(il2CppGlobalMetadataHeader); start_fun(il2CppGlobalMetadataHeader,il2cppMetadataRegistration,il2CppCodeRegistration,il2cppHandler); } },10000); } } function findIl2cppHandler (){ let dlopen = Module.findExportByName(null,"dlopen"); if (dlopen != null) { log("fk dlopen"); Interceptor.attach(dlopen, { onEnter: function (args) { let path = args[0].readCString(); if (path!=null){ if (path.indexOf(soName) !== -1) { this.hook = true; } } }, onLeave: function (retval) { if (this.hook) { // Interceptor.detachAll(); let s = retval.toString(); log("got il2cpp Handler:"+s); il2cppHandler = new NativePointer(s); loadSO(); } } }) } } function loadApk(){ let module = Module.load("/data/data/com.tencent.lolm/files/libbridge.so"); // Java.perform(function (){ // log("load apk") // // Module.load("/system/lib64/libcodec2_server.so"); // // setTimeout(function (){ // // // // },5000); // // }) } function loadSO(){ if (once){ return } once=true; let id = Process.id; log(" id "+id); //loadAPK // setTimeout(function (){ // let dumperSo = Module.load("/system/lib64/libcodec2_server.so"); // log("dumperSo "+dumperSo); // // let lolStart = dumperSo.findExportByName("_ZN9LoLHelper5startEPv"); // // let nativeFunction = new NativeFunction(lolStart,'void',['pointer']); // // nativeFunction(il2cppHandler); // // // strace.start(soName,0x4c6c8a0,18); // // let module = Process.findModuleByName(soName); // // Interceptor.attach(module.base.add(0x4c75730),{ // // onEnter:function (args){ // // this.self =args[0].readPointer(); // // }, // // onLeave:function (ret){ // // let il2CppClass = new Il2CppClass(this.self); // // log(" onActorReborn ret call" +il2CppClass.name()); // // } // // }) // },3000); }