Jump to content
  • 0

il2cpp dumper func address in process memory


Question

Posted (edited)

How do I find the address of the function in the process memory if I have the address of the function in the file libil2cpp.so received through the il2cpp dumper?

Edited by DimoNULL
Chrome translator

2 answers to this question

Recommended Posts

  • 0
Posted

Hi @DimoNULL, you need to get the libil2cpp.so address first, then do calculate offset by simply adding the RVA address of the function. Here's what it looks like using the script:

so = gg.getRangesList('libanogs.so')[1].start
gg.alert(tostring(so + "0x129fc4"))

-- "0x129fc4" is your function address
-- The function will be located at libil2cpp.so + function address.

 

  • 0
Posted (edited)

The index is not always the same so to avoid some runtime error you can make it dynamic
 

local function getBaseAddr(lib)
    local rangeList = gg.getRangesList(lib)
    for _, v in ipairs(rangeList) do
        if v.state == "Xa" then
            return v.start
        end
    end
end

local libanogs = getBaseAddr("libanogs.so")

gg.alert(tostring(libanogs + 0x129fc4))

-- "0x129fc4" is your function address
-- The function will be located at libil2cpp.so + function address.

 

Edited by MAARS

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.