Help! Need Help with Il2Cpp Dumping – Invalid Metadata and IDA Can't Resolve RVAs

whoam1.101

whoam1.101

Platinian
Hey guys, I have a question. I'm trying to jump to function addresses in IDA, but it's not working, and I'm not sure why.

Here's what I did:

I dumped the game using the Zygisk-Il2Cpp module.

Then, I dumped liblogic.so using PMT Manager.

After that, I tried jumping to the function addresses (RVAs) in IDA, but it couldn't locate them.

Do I need to dump both liblogic.so and global-metadata.dat together? I tried that as well, but when I used Il2CppDumper, it said the metadata is not valid.

Does anyone know what I might be doing wrong or how to fix this? Any help would be appreciated!
 

Attachments

  • checkReputationUnlockSkin_093842.png
    checkReputationUnlockSkin_093842.png
    36.4 KB · Views: 33
  • checkReputationUnlockSkinJPIDA_093845.png
    checkReputationUnlockSkinJPIDA_093845.png
    38.7 KB · Views: 33
  • checkReputationUnlockSkinFailed_093845.png
    checkReputationUnlockSkinFailed_093845.png
    1.2 KB · Views: 32
Sort by date Sort by votes
You do realize. "liblogic.so" is not a il2cpp binary. It is a developer made binary and has its own functions and data. The reason why the metadata OR your Zygisk-Il2cpp module is not giving the right RVA aka Relative Virtual Address, OFFSETS is because YOU dumped the game that is not IL2CPP(IL2C++) causes your IDA to jump fail any operation or asks. DUMP the game using "libil2cpp.so" using "global-metadata.dat" as any "il2cpp" dumpers says on their titles.

If you want to look at another different Binary that is not IL2CPP, then load that custom Binary in IDA.
 
Upvote 0 Downvote

Numark said:
You do realize. "liblogic.so" is not a il2cpp binary. It is a developer made binary and has its own functions and data. The reason why the metadata OR your Zygisk-Il2cpp module is not giving the right RVA aka Relative Virtual Address, OFFSETS is because YOU dumped the game that is not IL2CPP(IL2C++) causes your IDA to jump fail any operation or asks. DUMP the game using "libil2cpp.so" using "global-metadata.dat" as any "il2cpp" dumpers says on their titles.

If you want to look at another different Binary that is not IL2CPP, then load that custom Binary in IDA.
Click to expand...
I see. I also tried dumping libil2cpp.so, but I'm still encountering an error indicating invalid or mismatched metadata. It's possible that the global-metadata.dat is obfuscated or protected. I did verify the magic bytes — it starts with AF 1B B1 FA, and I also noticed readable strings within the metadata, so the structure looks valid at first glance.
 
Upvote 0 Downvote
Numark said:
You do realize. "liblogic.so" is not a il2cpp binary. It is a developer made binary and has its own functions and data. The reason why the metadata OR your Zygisk-Il2cpp module is not giving the right RVA aka Relative Virtual Address, OFFSETS is because YOU dumped the game that is not IL2CPP(IL2C++) causes your IDA to jump fail any operation or asks. DUMP the game using "libil2cpp.so" using "global-metadata.dat" as any "il2cpp" dumpers says on their titles.

If you want to look at another different Binary that is not IL2CPP, then load that custom Binary in IDA.
Click to expand...
Also, I’ve updated Zygisk-Il2CppDumper to correctly resolve RVAs and display the loaded module’s base address. Here’s what I got:
 

Attachments

  • T9O06.png
    T9O06.png
    64 KB · Views: 15
Upvote 0 Downvote
You must log in or register to reply here.
Back
Top Bottom