Tutorial How to use il2cpp.h, script.json & stringliteral.json files from Il2CppDumper

To fix the issue where the ".py" is absent in script file and the console output says
"LoadLibrary(C:\Program Files\IDA\plugins\idcpython_64.dll) error: The specified module could not be found.
C:\Program Files\IDA\plugins\idcpython_64.dll: can't load file"

Currently works with IDA Pro 7.5+

Requirements:
Python 3.9.2 from here
Python 3.9 support for IDA 7.5 from here

Fix:
1. Make sure IDA is fully closed.
2. Goto IDA Pro directory and extract the contents within ida75sp3_python39_xxx.zip into IDA dir.
3. Install Python 3.9.2 with the "Add to PATH" enabled.
 
for anyone following along the ghidra tutorial there has been some changes since this was made so heres how to fix the errors

To start ghidra with pyghidra you should find the pyghidraeun batch file in the /support folder of your ghidra installation

the ghidra.py script in il2cppdumper will return a few errors heres the fixes for them

for this error -> line 87
print 'Script finished!'
^^^^^^^^^^^^^^^^^^^^^^^^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print(...)?

you need to open ghidra.py with notepad++ and ho to the last line and put paranethesis right after print and at the end of script finished like this print( 'Script finished!' )

then you will likely get this error ->
line 14, in <module>
USER_DEFINED = ghidra.program.model.symbol.SourceType.USER_DEFINED
^^^^^^
NameError: name 'ghidra' is not defined

this is because the script is now executed within ghidra so the object oriented programming makes some of this written code redundant and breaks it.

to fix this error you need to add this at the top of your ghidra.py

from ghidra.program.model.symbol import SourceType

and then replace the USER_DEFINED line on line 14 with this

USER_DEFINED = SourceType.USER_DEFINED

FINALLY you will recieve one last error

->
line 40, in <module>
set_name(addr, name)
~~~~~~~~^^^^^^^^^^^^
File "C:\ReverseEngineer\ReverseAPK\Il2CppDumper.GUI.3.0.3\ghidra.py", line 22, in set_name
name = name.replace(' ', '-')
TypeError: a bytes-like object is required, not 'str'

to fix in line 22 of ghidra.py replace
name = name.replace(' ', '-')
with
name = name.replace(b' ', b'-')
or just add the lowercase b yourself
 
ive also just noticed there are issues with the struct script. this all basically stems from ghidra implementing pyghidra and using Python 3 making the il2cppdumper scripts outdated

heres an updated version of ghidra_with_struct.py

***NOTE ***
You Must Do THis Before Analyzing Your SO file
you must do the ghidra.py,
the il2cpp_header_to_ghidra.py
THEN
You have to parse the newly generated il2cpp_ghidra.h file by doing this in ghidra
In the top right hand corner Click File>Parse C Source
In the new window that pops up click parse configuration and choose "visualstudio22"
Above parse configuration there is a pencil eraser that clears the profile. Click That. and delete everything in included paths
Then add your il2cpp_ghidra.h in the "Files to parse" section using the green cross
Then click parse to program
Click Continue and Use Open Archives
Now you should be ready to use ghidra_with_struct.py through script manager

Finally, do analysis

I had to upload this as a txt you will have to change back to .py file extension
 

Attachments

You must log in or register to reply here.
Back
Top Bottom