Giters

alt3ri / Il2CppMemoryDumper

Dump Il2Cpp unprotected executable ELF from Android process memory

Home Page:https://www.neko.ink/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Il2CppMemoryDumper

Dump Il2Cpp unprotected executable ELF from process memory

Features

  • Pure shell implementation
  • Supports detection of ELF file headers
  • Supports guessing which is the correct ELF based on memory location
  • Supports automatic memory region merging
  • Supports dumping global-metadata.dat from memory
  • Supports ELF file headers analysis

Usage

  • Android Shell (root):
Il2CppMemoryDumper.sh <package> [output=/sdcard/dump]
  • Output will be:
[output]/[startOffset]_[package]_[memoryName].[so/dump/dat]
[output]/[package]_maps.txt

To-Dos

  • Nothing to do

Workaround

What's the next step?

  • Fix dumped ELF using SoFixer
  • Dump Method and StringLiteral using Il2CppDumper, you can download standalone execueable for Linux (x64, arm, arm64), MacOS (x64, arm64), WoA (arm, arm64) in Il2CppDumper-Standalone

Credits

About

Dump Il2Cpp unprotected executable ELF from Android process memory

https://www.neko.ink/

Languages

Language:Shell 100.0%