WHY TF IS THIS NOT INCLUDED
This commit is contained in:
parent
f29f966846
commit
75d5a7acf3
1 changed files with 119 additions and 0 deletions
119
ioperator/il2cpp.h
Normal file
119
ioperator/il2cpp.h
Normal file
|
|
@ -0,0 +1,119 @@
|
|||
// =================================================================
|
||||
// 0. IL2CPP Structs and Function Type Definitions
|
||||
// =================================================================
|
||||
|
||||
typedef void (*Il2CppMethodPointer)();
|
||||
struct Il2CppDomain;
|
||||
struct Il2CppAssembly;
|
||||
struct Il2CppThread;
|
||||
struct Il2CppClass;
|
||||
struct Il2CppMethod; // Forward declaration
|
||||
struct Il2CppImage;
|
||||
|
||||
using il2cpp_class_from_name_prot = Il2CppClass * (*)(const Il2CppImage*, const char*, const char*);
|
||||
using il2cpp_class_get_methods_prot = const Il2CppMethod* (*)(Il2CppClass*, void**);
|
||||
using il2cpp_method_get_name_prot = const char* (*)(const Il2CppMethod*);
|
||||
|
||||
// il2cpp patch
|
||||
// Helper: pattern scan with mask ('x' == match, '?' == wildcard)
|
||||
static uint8_t* find_pattern(uint8_t* base, SIZE_T size, const unsigned char* pattern, const char* mask, SIZE_T pattern_len)
|
||||
{
|
||||
if (!base || !pattern || !mask || pattern_len == 0) return nullptr;
|
||||
SIZE_T max_scan = (size > pattern_len) ? (size - pattern_len) : 0;
|
||||
for (SIZE_T i = 0; i <= max_scan; ++i)
|
||||
{
|
||||
bool matched = true;
|
||||
for (SIZE_T j = 0; j < pattern_len; ++j)
|
||||
{
|
||||
if (mask[j] == '?') continue;
|
||||
if (base[i + j] != pattern[j])
|
||||
{
|
||||
matched = false;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (matched)
|
||||
return base + i;
|
||||
}
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
// Find the real il2cpp_class_from_name implementation by scanning GameAssembly for an IDA-provided signature.
|
||||
// Returns the function pointer if found, otherwise nullptr.
|
||||
static il2cpp_class_from_name_prot find_il2cpp_class_from_name(HMODULE handle)
|
||||
{
|
||||
if (!handle) return nullptr;
|
||||
|
||||
// Get module size via PE headers
|
||||
PIMAGE_DOS_HEADER dos = (PIMAGE_DOS_HEADER)handle;
|
||||
if (dos->e_magic != IMAGE_DOS_SIGNATURE) return nullptr;
|
||||
PIMAGE_NT_HEADERS nt = (PIMAGE_NT_HEADERS)((uint8_t*)handle + dos->e_lfanew);
|
||||
if (nt->Signature != IMAGE_NT_SIGNATURE) return nullptr;
|
||||
SIZE_T module_size = nt->OptionalHeader.SizeOfImage;
|
||||
uint8_t* base = (uint8_t*)handle;
|
||||
|
||||
// IDA signature:
|
||||
// 4C 89 44 24 ? 48 89 54 24 ? 53 55 56 57 41 54 41 55 41 56 41 57 48 81 EC ?? ?? ?? ??
|
||||
// Build pattern and mask (use 0x00 as placeholder for wildcard bytes)
|
||||
const unsigned char pattern[] = {
|
||||
0x4C, 0x89, 0x44, 0x24, 0x00, // 4C 89 44 24 ?
|
||||
0x48, 0x89, 0x54, 0x24, 0x00, // 48 89 54 24 ?
|
||||
0x53, 0x55, 0x56, 0x57,
|
||||
0x41, 0x54, 0x41, 0x55, 0x41, 0x56, 0x41, 0x57,
|
||||
0x48, 0x81, 0xEC, 0x00, 0x00, 0x00, 0x00 // 48 81 EC ?? ?? ?? ??
|
||||
};
|
||||
// Mask: 'x' for fixed bytes, '?' for wildcard
|
||||
const char mask[] = "xxxx?xxxx?xxxxxxxxxxxx????";
|
||||
const SIZE_T pattern_len = sizeof(pattern);
|
||||
|
||||
uint8_t* found = find_pattern(base, module_size, pattern, mask, pattern_len);
|
||||
if (found)
|
||||
{
|
||||
// The found address should point to the real function entry. Return as function pointer.
|
||||
return (il2cpp_class_from_name_prot)found;
|
||||
}
|
||||
|
||||
// If not found with this signature, attempt a looser fallback:
|
||||
// Search for the common prologue bytes "53 55 56 57 41 54 41 55 41 56 41 57" (function push regs)
|
||||
const unsigned char fallback_pattern[] = {
|
||||
0x53, 0x55, 0x56, 0x57, 0x41, 0x54, 0x41, 0x55, 0x41, 0x56, 0x41, 0x57
|
||||
};
|
||||
const char fallback_mask[] = "xxxxxxxxxxxx";
|
||||
uint8_t* fallback_found = find_pattern(base, module_size, fallback_pattern, fallback_mask, sizeof(fallback_pattern));
|
||||
if (fallback_found)
|
||||
{
|
||||
// Walk backwards up to a small range to try to find the full expected prologue start (heuristic).
|
||||
// Limit to 32 bytes back to avoid scanning too far.
|
||||
for (int back = 0; back < 32; ++back)
|
||||
{
|
||||
uint8_t* candidate = fallback_found - back;
|
||||
// Check the bytes before candidate for the 0x4C 0x89 sequence which often starts the prologue we expect.
|
||||
if (candidate >= base && candidate[0] == 0x4C && candidate[1] == 0x89)
|
||||
{
|
||||
return (il2cpp_class_from_name_prot)candidate;
|
||||
}
|
||||
}
|
||||
// Otherwise return the fallback_found as best-effort.
|
||||
return (il2cpp_class_from_name_prot)fallback_found;
|
||||
}
|
||||
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
// Find the real il2cpp_class_get_methods.
|
||||
// Returns the function pointer if found, otherwise nullptr.
|
||||
static il2cpp_class_get_methods_prot find_il2cpp_class_get_methods(HMODULE handle)
|
||||
{
|
||||
|
||||
if (!handle) return nullptr;
|
||||
return (il2cpp_class_get_methods_prot)GetProcAddress(handle, "mono_class_get_methods");
|
||||
}
|
||||
|
||||
static il2cpp_method_get_name_prot find_il2cpp_method_get_name(HMODULE handle)
|
||||
{
|
||||
|
||||
if (!handle) return nullptr;
|
||||
return (il2cpp_method_get_name_prot)GetProcAddress(handle, "mono_property_get_set_method");
|
||||
}
|
||||
|
||||
// il2cpp patch end
|
||||
Loading…
Add table
Add a link
Reference in a new issue