学习工具收集记录 , 关键信息记录
工具:
1、https://github.com/Perfare/Il2CppDumper
2、https://github.com/dnSpy/dnSpy
操作:
打开工具 Il2CppDumper,依次选择:libil2cpp.so,global-metadata.dat
dnSpy 拖入反编译后的 /DummyDll/Assembly-CSharp.dll
Unity游戏与Java的通信是通过UnitySendMessage()之类的函数来实现的
Objection来完成Class批量断点
objection -g com.android.settings explore
参考地址:https://www.cnblogs.com/lxh2cwl/p/14842544.html
hook偏移地址方法
function start(){
//com.izyplay.defusethebomb.bazhang
var arrayAddr = [0x54728C,0x547310,0x54745C,0x547DF8,0x547484,0x548218,0x547F30,0x55DF40
,0x679798,0x6798B4,0x687428,0x687350];
var arrayName = ["AndroidDialog Create","AndroidDialog Create1","AndroidDialog init"
,"AndroidMessage Create","showDialog","CallStatic","showMessage","SetPressedState"
,"NativeDialog","NativeMessage","ToggleButton","OnClick"];
var soAddr = Module.findBaseAddress("libil2cpp.so");
console.error('\nsoAddr:' + soAddr + "\n");
for (var index = 0; index < arrayAddr.length; index++) {
console.log("-------------------------");
var currentAddr = soAddr.add(arrayAddr[index]);
console.log('currentAddr:' + currentAddr);
funcTmp(currentAddr,soAddr,index,arrayName);
console.log("\t\t---->"+index,arrayAddr[index]+" is prepared ");
}
console.log("\n")
}
function funcTmp(currentAddr,soAddr,index,arrayName){
Interceptor.attach(currentAddr, {
onEnter: function(args){
console.log("called : "+arrayName[index]+" ----- addr : " + currentAddr.sub(soAddr) +"\n");
},
onLeave: function(retval){
}
});
}
