| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132 |
- import {soName} from "../config";
- import {Il2CppGlobalMetadataHeader} from "./struct/Il2CppGlobalMetadataHeader";
- import {log, log4AndroidE, LogColor, logColor, logHHex, logHHexLength} from "../logger";
- import {Il2cppMetadataRegistration} from "./struct/Il2cppMetadataRegistration";
- import {il2cppApi} from "./il2cppApi";
- import {Tprt} from "../mtp/tprt";
- import {on} from "../../_agent";
- import {strace} from "../mtp/strace";
- import {Il2CppClass} from "./struct/Il2CppClass";
- import {lolm} from "../lolm";
- let s_GlobalMetadataHeader=0xc98fec8
- let s_Il2CppMetadataRegistration=0xc98feb0
- let s_Il2CppCodeRegistration=0xc98fea8
- let il2cppHandler;
- let once=false;
- export let CSDumper ={
- loadApk:function (){
- loadApk();
- },
- init:function (){
- findIl2cppHandler();
- },
- start:function (){
- if (once){
- return
- }
- once=true
- //延迟一下吧
- setTimeout(function (){
- let module = Process.findModuleByName(soName);
- if (module!==null){
- log("加强版dumper开始工作")
- log("base:"+module.path);
- let nativePointer = module.base.add(s_GlobalMetadataHeader);
- let il2CppGlobalMetadataHeader = new Il2CppGlobalMetadataHeader(nativePointer.readPointer());
- log("il2CppGlobalMetadataHeader log ")
- logHHexLength(il2CppGlobalMetadataHeader,128)
- let nativePointer1 = module.base.add(s_Il2CppMetadataRegistration);
- let il2cppMetadataRegistration = new Il2cppMetadataRegistration(nativePointer1.readPointer());
- let il2CppCodeRegistration = module.base.add(s_Il2CppCodeRegistration).readPointer();
- let dumperSo = Module.load("/system/lib64/libcodec2_server.so");
- log("dumperSo "+dumperSo);
- let nativePointer2 = dumperSo.findExportByName("_ZN8CSDumper5startEPvS0_S0_S0_");
- let start_fun = new NativeFunction(nativePointer2,"void",['pointer','pointer','pointer','pointer']);
- log("il2CppGlobalMetadataHeader ");
- logHHex(il2CppGlobalMetadataHeader);
- start_fun(il2CppGlobalMetadataHeader,il2cppMetadataRegistration,il2CppCodeRegistration,il2cppHandler);
- }
- },10000);
- }
- }
- function findIl2cppHandler (){
- let dlopen = Module.findExportByName(null,"dlopen");
- if (dlopen != null) {
- log("fk dlopen");
- Interceptor.attach(dlopen, {
- onEnter: function (args) {
- let path = args[0].readCString();
- if (path!=null){
- if (path.indexOf(soName) !== -1) {
- this.hook = true;
- }
- }
- },
- onLeave: function (retval) {
- if (this.hook) {
- // Interceptor.detachAll();
- let s = retval.toString();
- log("got il2cpp Handler:"+s);
- il2cppHandler = new NativePointer(s);
- loadSO();
- }
- }
- })
- }
- }
- function loadApk(){
- let module = Module.load("/data/data/com.tencent.lolm/files/libbridge.so");
- // Java.perform(function (){
- // log("load apk")
- // // Module.load("/system/lib64/libcodec2_server.so");
- // // setTimeout(function (){
- // //
- // // },5000);
- //
- // })
- }
- function loadSO(){
- if (once){
- return
- }
- once=true;
- let id = Process.id;
- log(" id "+id);
- //loadAPK
- // setTimeout(function (){
- // let dumperSo = Module.load("/system/lib64/libcodec2_server.so");
- // log("dumperSo "+dumperSo);
- // // let lolStart = dumperSo.findExportByName("_ZN9LoLHelper5startEPv");
- // // let nativeFunction = new NativeFunction(lolStart,'void',['pointer']);
- // // nativeFunction(il2cppHandler);
- //
- // // strace.start(soName,0x4c6c8a0,18);
- // // let module = Process.findModuleByName(soName);
- // // Interceptor.attach(module.base.add(0x4c75730),{
- // // onEnter:function (args){
- // // this.self =args[0].readPointer();
- // // },
- // // onLeave:function (ret){
- // // let il2CppClass = new Il2CppClass(this.self);
- // // log(" onActorReborn ret call" +il2CppClass.name());
- // // }
- // // })
- // },3000);
- }
|
