77 lines
2.9 KiB
JavaScript
77 lines
2.9 KiB
JavaScript
|
// entry point
|
||
|
function main(stage, parameters) {
|
||
|
if (!parameters.redirectHost) {
|
||
|
console.log("redirectHost parameter not specified!\nEdit your gadget.config and specify redirectHost in \"parameters\" section.");
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
const SystemDll = Il2cppApiWrap.GetImageByName("System.dll");
|
||
|
|
||
|
const SystemUriClass = Il2cppApiWrap.GetClassByName(SystemDll, "System", "Uri");
|
||
|
const SystemUriCtor = Il2cppApiWrap.GetClassMethodByName(SystemUriClass, ".ctor", 1);
|
||
|
|
||
|
console.log("Found System.Uri.ctor(System.String) at " + SystemUriCtor.readPointer());
|
||
|
|
||
|
Interceptor.attach(SystemUriCtor.readPointer(), {
|
||
|
onEnter(args) {
|
||
|
var requestUrl = args[1].readCSharpString();
|
||
|
if (requestUrl.startsWith("http://") || requestUrl.startsWith("https://")) {
|
||
|
var prefix = requestUrl.split('/', 3).join('/');
|
||
|
args[1] = Il2cppApiWrap.AllocateString(requestUrl.replace(prefix, parameters.redirectHost));
|
||
|
|
||
|
console.log("redirected: " + args[1].readCSharpString());
|
||
|
}
|
||
|
}
|
||
|
});
|
||
|
|
||
|
console.log("Attached successfully, will redirect all requests to: " + parameters.redirectHost);
|
||
|
}
|
||
|
|
||
|
const Il2cppApiWrap = {
|
||
|
AllocateString(value) {
|
||
|
const pValue = Memory.allocUtf16String(value);
|
||
|
|
||
|
return this.CallApiFunction('il2cpp_string_new_utf16', 'pointer', ['pointer', 'int'], [pValue, value.length]);
|
||
|
},
|
||
|
GetClassMethodByName(il2cppClass, name, argsCount) {
|
||
|
const pName = Memory.allocUtf8String(name);
|
||
|
|
||
|
return this.CallApiFunction('il2cpp_class_get_method_from_name', 'pointer', ['pointer', 'pointer', 'int'], [il2cppClass, pName, argsCount]);
|
||
|
},
|
||
|
GetClassByName(il2cppImage, namespace, name) {
|
||
|
const pNamespace = Memory.allocUtf8String(namespace);
|
||
|
const pName = Memory.allocUtf8String(name);
|
||
|
|
||
|
return this.CallApiFunction('il2cpp_class_from_name', 'pointer', ['pointer', 'pointer', 'pointer'], [il2cppImage, pNamespace, pName]);
|
||
|
},
|
||
|
GetImageByName(name) {
|
||
|
const domain = this.CallApiFunction('il2cpp_domain_get', 'pointer', [], []);
|
||
|
|
||
|
const sizeOut = Memory.alloc(8);
|
||
|
const assemblies = this.CallApiFunction('il2cpp_domain_get_assemblies', 'pointer', ['pointer', 'pointer'], [domain, sizeOut]);
|
||
|
|
||
|
const size = sizeOut.readU64();
|
||
|
for (var i = 0; i < size; i++) {
|
||
|
const assembly = assemblies.add(i * 8).readPointer();
|
||
|
const il2cppImage = this.CallApiFunction('il2cpp_assembly_get_image', 'pointer', ['pointer'], [assembly]);
|
||
|
|
||
|
const imageName = this.CallApiFunction('il2cpp_image_get_name', 'pointer', ['pointer'], [il2cppImage]);
|
||
|
if (imageName.readUtf8String() == name) {
|
||
|
return il2cppImage;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return null;
|
||
|
},
|
||
|
CallApiFunction(name, rettype, argTypes, args) {
|
||
|
const nativeFunction = new NativeFunction(Module.findExportByName(null, name), rettype, argTypes);
|
||
|
return nativeFunction.apply(nativeFunction, args);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
NativePointer.prototype.readCSharpString = function() {
|
||
|
var length = this.add(16).readInt();
|
||
|
return this.add(20).readUtf16String(length);
|
||
|
}
|
||
|
|
||
|
rpc.exports.init = main;
|