You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
codm/dumper/README.md

2.6 KiB

Dumping libil2cpp.so

In order to use il2cppdumper we need to first dump the libil2cpp.so shared object out of memory using game guardian. Simply install game guardian and run it.

After starting game guardian go into the game and open game guardian menu. Then go to the following tab and click the following button:

After that click on the following button (do not change any values!)

Now that we dumped all of the games memory to disk, we are going to transfer those files to your computer! if you are using LDPlayer copy the dump folder into your Pictures folder.

After the dump folder has been moved to the Pictures folder simply click the following button to view the files on your pc:

Now that we have the dump files we are going to need to cut the desired shared object file out of the .bin memory range that contains our shared object.

As you can see the dump generates a text file that gives you all of the memory ranges + lib names.

Now find the .bin that contains your ENTIRE .so memory range. Not just one of them. For this dump the range is: 92154000 - 98495000. In the dump folder we can see a .bin that contains this memory range.

Open the .bin in hxd and search for "ELF" if you scroll down to the bottom you will see an ELF header! This is the header for the il2cpp.so! now calculate the size of the .so by taking the end address and subtracting it with the start address. (0x98495000 - 0x92154000 = 0x6341000).

Now that we have the memory selected, click file->new then paste, save as il2cpp.so.

using il2cppdumper

Take the dumped il2cpp.so and global-metadata.dat file, put together in a new folder + make a folder inside of that new folder called output.

now that we have the dumped il2cpp.so, global-metadata.dat we can run il2cppdumper.exe and this will generate a few files for us inside of output folder.

you will be asked to provide the base address of the dump. Simply add the base address of the dump.bin and the offset into the dump file itself, this will give you the address in memory of where the .so was when we dumped it! (this is called a linear virtual address).