Il2CppDumper: il2cpp.h is not compatible with Ghidra

Though Il2CppDumper has the ability to label methods and parameters in Ghidra via the ghidra_with_struct.py script, this does not work if the types from il2cpp.h are not first imported, and that does not currently work. Relevant notes are in:

  • #287: il2cpp.h does not include necessary primitive types, includes Ghidra-unsupported C+±style inheritance
  • #366: ghidra_with_struct.py doesn’t work without il2cpp.h types defined prior to running
  • #371: PR (with discussion) for these issues modified il2cpp.h generation rather than ghidra scripts, potentially negatively impacting IDA compatibility (and ruining inheritance). See comment by @Perfare.

Current (non-working) workflows:

  1. Import il2cpp executable into ghidra (analysis is not needed)
  2. Run script ghidra_with_struct.py without having imported il2cpp.h: this results in many errors of the type
    Could not identify type Il2CppType*(parsed as 'Il2CppType *')
    and
    Warning: Unable to parse
void Blur__OnDisable (Blur_o* __this, const MethodInfo* method)
Attempting to modify...
Warning: also unable to parse
void Blur__OnDisable (Blur_o* __thisext, const MethodInfo* method)
Skipping.

Or:

  1. Import il2cpp executable into ghidra (analysis is not needed)
  2. File->Parse C Source…, then Clear (pencil eraser), Save As->il2cpp.h.prf, then add il2cpp.h and “Parse to Program”: this results in an error similar to:
    2021-03-30 17:11:08 INFO  (CParserTask$3) Parse Errors: C Parser:  Encountered errors during parse. 
     in /[redacted]/il2cpp.h near line -1
     near token: null
     Last Valid Datatype: Il2CppClass * *
     Check around CParserPlugin.out around line: 62
    (and at least in the case of the program I’m testing this on, line 62 is the first declaration of type uint32_t)

Unfortunately, then, at this time ghidra_with_struct.py doesn’t appear to be adding any information more than ghidra.py.

I’m hoping these two issues (missing primitives and inheritance) can be worked around with a ghidra scripting solution, probably with edits to ghidra_with_struct.py.

Question for @Perfare: Is this still worthwhile if it means losing obvious inheritance (in ghidra only)? Since ghidra is only supporting C types, I don’t imagine we’d be losing anything meaningful, but am happy to discuss.

I’ll begin working on a scripted solution for ghidra and add a PR when there’s something usable.

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 17 (7 by maintainers)

Most upvoted comments

Got it, see the above linked issues. The one from the ghidra repo explains how to get the base types, and the first one linked at the top of this thread includes a shell script that will convert il2cpp.h to a C-style header that can be imported.

On Apr 15, 2021, at 14:01, Kein @.***> wrote:

Sorry, what kind of update are you looking for?

Any kind of workaround

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.

+1
therealchjones on Apr 15, 2021
Read more comments on GitHub
← percy-storybook: broken after @percy/cli v1.0.1 upgrade
validates_url: I18n problem: doesn't find error messages →