Add dump command to cli

Author: vfsfitvnm

README.md

@@ -39,6 +39,53 @@ or
 npm exec frida-il2cpp-bridge -- --help
 ```
 
+### Dumping
+
+Use the `dump` subcommand to dump an application:
+
+```
+$ npm exec frida-il2cpp-bridge -- dump --help
+usage: frida-il2cpp-bridge [options] dump [-h] [--out-dir OUT_DIR] [--cs-output {none,stdout,flat,tree}] [--no-namespaces] [--flatten-nested-classes] [--keep-implicit-base-classes]
+                                          [--enums-as-structs] [--no-type-keywords] [--actual-constructor-names] [--indentation-size INDENTATION_SIZE]
+
+options:
+  -h, --help            show this help message and exit
+  --out-dir OUT_DIR     where to save the dump (defaults to current working dir)
+  --cs-output {none,stdout,flat,tree}
+                        style of C# output (defaults to tree)
+                        -   none: do nothing;
+                        - stdout: print to console;
+                        -   flat: one single file (dump.cs);
+                        -   tree: directory structure having one file per assembly.
+  --no-namespaces       do not emit namespace blocks, and prepend namespace name in class declarations
+  --flatten-nested-classes
+                        write nested classes at the same level of their inclosing classes, and prepend enclosing class name in their declarations
+  --keep-implicit-base-classes
+                        write implicit base classes (class -> System.Object, struct -> System.ValueType, enum -> System.Enum) in class declarations
+  --enums-as-structs    write enum class declarations as structs
+  --no-type-keywords    use fully qualified names for builtin types instead of their keywords (e.g. use 'System.Int32' instead of 'int', or 'System.Object' instead of 'object')
+  --actual-constructor-names
+                        write actual constructors names (e.g. '.ctor' and '.cctor')
+  --indentation-size INDENTATION_SIZE
+                        indentation size (defaults to 4)
+```
+
+Example:
+
+```sh
+npm exec frida-il2cpp-bridge -- -f com.example.application dump --out-dir dumps
+```
+
+Output:
+
+```
+Spawning `com.example.application`...
+IL2CPP module loaded in 1.13s (id=com.example.application, version=1.12.8, unity version=2019.3.0f1)
+Dumping mscorlib: 2872 of 2872 classes
+Dumping GameAssembly: 32 of 32 classes
+Collected 2904 classes in 4.76s
+Dump saved to dumps/com.example.application/1.12.8
+```
 
 ## Testing
 

cli/main.py

@@ -1,10 +1,11 @@
 #!/usr/bin/env python3
 
 from src.app import FridaIl2CppBridgeApplication
+from src.dump.command import DumpCommand
 
 
 if __name__ == "__main__":
     try:
-        FridaIl2CppBridgeApplication(commands=[]).run()
+        FridaIl2CppBridgeApplication(commands=[DumpCommand]).run()
     except KeyboardInterrupt:
         pass

cli/src/dump/__init__.py

@@ -0,0 +1,53 @@
+/// <reference path="../../../lib/index.ts">/>
+const t0 = new Date();
+setTimeout(() => {
+    Il2Cpp.perform(() => {
+        send({ action: "init", elapsed_ms: new Date() - t0, application: Il2Cpp.application, unityVersion: Il2Cpp.unityVersion });
+        const t1 = new Date();
+        Il2Cpp.domain.assemblies.forEach(assembly => {
+            send({
+                type: "assembly",
+                handle: assembly.handle,
+                name: assembly.name,
+                class_count: assembly.image.classCount
+            });
+            assembly.image.classes.forEach((klass, i) =>
+                send({
+                    type: "class",
+                    nth: i + 1,
+                    assembly_handle: assembly.handle,
+                    handle: klass.handle,
+                    namespace: klass.namespace,
+                    name: klass.name,
+                    declaring_class_handle: klass.declaringClass?.handle,
+                    kind: klass.isEnum ? `enum` : klass.isStruct ? `struct` : klass.isInterface ? `interface` : `class`,
+                    generics_type_names: klass.generics.map(_ => _.type.name),
+                    parent_type_name: klass.parent?.type.name,
+                    interfaces_type_names: klass.interfaces.map(_ => _.type.name),
+                    fields: klass.fields.map(field => ({
+                        name: field.name,
+                        type_name: field.type.name,
+                        is_thread_static: field.isThreadStatic,
+                        is_static: field.isStatic,
+                        is_literal: field.isLiteral,
+                        value: field.isLiteral ? (field.type.class.isEnum ? field.value.field("value__").value : field.value)?.toString() : undefined,
+                        offset: field.isThreadStatic || field.isLiteral ? undefined : field.offset
+                    })),
+                    methods: klass.methods.map(method => ({
+                        is_static: method.isStatic,
+                        name: method.name,
+                        return_type_name: method.returnType.name,
+                        generics_type_names: method.generics.map(_ => _.type.name),
+                        parameters: method.parameters.map(parameter => ({
+                            position: parameter.position,
+                            name: parameter.name,
+                            type_name: parameter.type.name
+                        })),
+                        offset: method.virtualAddress.isNull() ? undefined : method.relativeVirtualAddress
+                    }))
+                })
+            );
+        });
+        return new Date() - t1;
+    }).then(_ => send({ action: "exit", elapsed_ms: _ }));
+});

cli/src/dump/agent.js

@@ -0,0 +1,153 @@
+from typing import override
+
+import argparse
+from pathlib import Path
+
+import colorama
+
+from ..app import FridaIl2CppBridgeCommand
+from .dumper import Dumper
+from .models import AssemblyHandle, ClassHandle, AssemblyDump, ClassDump
+
+
+class DumpCommand(FridaIl2CppBridgeCommand[AssemblyDump | ClassDump, dict]):
+    NAME = "dump"
+
+    def __init__(self, *args, **kwargs):
+        self._assemblies_dump: dict[AssemblyHandle, AssemblyDump] = {}
+        self._classes_dump: dict[ClassHandle, ClassDump] = {}
+        super().__init__(*args, **kwargs)
+
+    @property
+    def agent_src(self) -> str:
+        with open(
+            Path(__file__).parent / "agent.js", mode="r", encoding="utf-8"
+        ) as file:
+            return file.read()
+
+    @property
+    def parser(self) -> dict:
+        return dict(
+            help="performs a dump of the target application",
+            formatter_class=argparse.RawTextHelpFormatter,
+        )
+
+    @override
+    def add_arguments(self, parser: argparse.ArgumentParser) -> None:
+        parser.add_argument(
+            "--out-dir",
+            type=Path,
+            default=Path.cwd(),
+            help="where to save the dump (defaults to current working dir)",
+        )
+        parser.add_argument(
+            "--cs-output",
+            choices=["none", "stdout", "flat", "tree"],
+            default="tree",
+            help=(
+                "style of C# output (defaults to tree)\n"
+                "-   none: do nothing;\n"
+                "- stdout: print to console;\n"
+                "-   flat: one single file (dump.cs);\n"
+                "-   tree: directory structure having one file per assembly."
+            ),
+        )
+        parser.add_argument(
+            "--no-namespaces",
+            action="store_true",
+            default=False,
+            help="do not emit namespace blocks, and prepend namespace name in class declarations",
+        )
+        parser.add_argument(
+            "--flatten-nested-classes",
+            action="store_true",
+            default=False,
+            help="write nested classes at the same level of their inclosing classes, and prepend enclosing class name in their declarations",
+        )
+        parser.add_argument(
+            "--keep-implicit-base-classes",
+            action="store_true",
+            default=False,
+            help="write implicit base classes (class -> System.Object, struct -> System.ValueType, enum -> System.Enum) in class declarations",
+        )
+        parser.add_argument(
+            "--enums-as-structs",
+            action="store_true",
+            default=False,
+            help="write enum class declarations as structs",
+        )
+        parser.add_argument(
+            "--no-type-keywords",
+            action="store_true",
+            default=False,
+            help="use fully qualified names for builtin types instead of their keywords (e.g. use 'System.Int32' instead of 'int', or 'System.Object' instead of 'object')",
+        )
+        parser.add_argument(
+            "--actual-constructor-names",
+            action="store_true",
+            default=False,
+            help="write actual constructors names (e.g. '.ctor' and '.cctor')",
+        )
+        parser.add_argument(
+            "--indentation-size",
+            type=int,
+            default=4,
+            help="indentation size (defaults to 4)",
+        )
+
+    @override
+    def on_send(self, payload: AssemblyDump | ClassDump):
+        if payload["type"] == "assembly":
+            self._assemblies_dump[payload["handle"]] = payload
+            assembly = self._assemblies_dump[payload["handle"]]
+            self.app.next_status()
+        elif payload["type"] == "class":
+            self._classes_dump[payload["handle"]] = payload
+            assembly = self._assemblies_dump[payload["assembly_handle"]]
+        else:
+            raise ValueError(f"Unknow dump type {payload}")
+
+        self.app.update_status(
+            f"Dumping {colorama.Fore.BLUE}{assembly['name']}{colorama.Fore.RESET}: {payload.get('nth', 1)} of {assembly['class_count']} classes"
+        )
+
+    @override
+    def on_exit(self, payload: dict):
+        self.app.print(
+            f"Collected {colorama.Style.BRIGHT}{colorama.Fore.GREEN}{len(self._classes_dump)}{colorama.Style.RESET_ALL} classes in {payload['elapsed_ms'] / 1000:.2f}s"
+        )
+
+        if self.app.options.cs_output != "none":
+            if self.app.options.cs_output != "stdout":
+                self.app.update_status("Saving dump...")
+
+            dumper = Dumper(
+                assemblies_dump=self._assemblies_dump,
+                classes_dump=self._classes_dump,
+                output_base_path=self._output_base_path,
+                config=Dumper.Config(
+                    one_file_per_assembly=self.app.options.cs_output == "tree",
+                    emit_namespaces=not self.app.options.no_namespaces,
+                    flatten_nested_classes=self.app.options.flatten_nested_classes,
+                    keep_implicit_base_classes=self.app.options.keep_implicit_base_classes,
+                    enums_as_structs=self.app.options.enums_as_structs,
+                    use_type_keywords=not self.app.options.no_type_keywords,
+                    use_actual_constructor_names=self.app.options.actual_constructor_names,
+                    indentation_size=self.app.options.indentation_size,
+                ),
+            )
+            dumper.dump()
+
+            if self.app.options.cs_output != "stdout":
+                self.app.update_status(f"Dump saved to {dumper.output_base_path}")
+
+    @property
+    def _output_base_path(self) -> Path | None:
+        if self.app.options.cs_output != "stdout":
+            return (
+                self.app.options.out_dir.resolve().absolute()
+                / self.app.target["identifier"]
+                / self.app.target["version"]
+            )
+        else:
+            return None