Il2CppInspector
Il2CppInspector copied to clipboard
djkaty
Unable to load the DLL for unpacking
I ran into the following error when trying to unpack Uma Musume (DMM ver):
PS > .\Il2CppInspector-cli.exe -i .\GameAssembly.dll -m .\global-metadata.dat
Il2CppInspector Command-Line Edition
Version 2021.1
(c) 2017-2021 Katy Coe - www.djkaty.com - www.github.com/djkaty
Using plugin: IL2CPP API Discovery
Using plugin: Binary metadata field order deobfuscator
Using plugin: Metadata strings XOR decryptor
Using plugin: Binary file XOR decryptor
Detected metadata version 24.2
Container format: PE32+
Container endianness: Little
Architecture word size: 64-bit
Instruction set: x64
Global offset: 0x000000017E5A2000
No symbol table present in binary file
No matches via code heuristics
No matches via data heuristics
IL2CPP binary appears to be packed - attempting to unpack and retrying
Unable to load the DLL for unpacking: error code 1114
Analyze IL2CPP data: 6.05 sec
Here are the binary file and metadata: https://megafile.cc/d/qyl7/bin-n-metadata
I am sorry that I am not sure if this is actually an issue of IL2cppinspector or not, since I have tried to load the file directly into IDA and it also seemed to produce peculiar results. Thanks!
I had to google that error, it means the DLL's initialization routine failed to run when it's loaded.
Are you using a laptop with switchable AMD/nVidia graphics like Optimus for example? All of the pages I found reporting solutions for this error seem to reference that, for example:
https://windowsreport.com/loadlibrary-failed-error-1114/
Just to add I haven't tried to repro the issue on my PC yet but I will get to it :)
I also repro the the issue on my PC and laptop. The dll was protected, you can see this issue bypassing the protection at runtime:https://github.com/Perfare/Il2CppDumper/issues/433, but it seems to only support so in Android.
I had to google that error, it means the DLL's initialization routine failed to run when it's loaded.
Are you using a laptop with switchable AMD/nVidia graphics like Optimus for example? All of the pages I found reporting solutions for this error seem to reference that, for example:
https://windowsreport.com/loadlibrary-failed-error-1114/
Thank you so much for the prompting response! Yeah, I was using a laptop with a switchable graphics card so I asked my friend to test it out on his computer, it gave the same result.
I also repro the the issue on my PC and laptop. The dll was protected, you can see this issue bypassing the protection at runtime:Perfare/Il2CppDumper#433, but it seems to only support so in Android.
Thank you so much for linking me this!
yeah, I had to dump the metadata from the memory when dealing with uma Musume’s android edition. I was just curious if the windows addition really just left things out there for everyone to see.
Now I see what’s going on. XD
Yeah the Riru-Dumper is for Android and dumps the global-metadata.dat from the running process in memory as you discovered :) So that's not going to work on Windows without being ported, which is basically up to Perfare if he wants to do that.
I'm actually on hiatus until May but I'm going to leave this issue open and look into it properly when I get back. If it turns out not to be possible to load the DLL, a Windows metadata dumper from a running app is on the roadmap but it's quite far down the list.
Edit: Files downloaded if you want to delete them
@LorentzB is the global-metadata.dat in this zip file directly available in the PC game files or did you dump it somehow?
@djkaty The global-metadata.dat is directly available in the PC game files. For the android version, they left il2cpp.so untouched but hide the metadata file inside il2cpp.so file instead.
Thank you for getting back to me this fast. I really appreciate that you would spend time looking into this. For now, dumping things from the memory works perfectly. Please don't worry about it too much, take your time.
I hope everything goes well for you; stay safe.
@LorentzB Maybe you can try it to dump dll on windowsDyna-IL2CppDumper.
@bhhbazinga Thank you for the repo! However, I am having some trouble attaching CE to umamusume, and it won't run in test mode either. I will fiddle around with it a bit more later.
@bhhbazinga You are much better off using the API output to produce a global-metadata.dat rather than C# prototypes output, then it can be input into other tools. That's actually exactly what I'm planning to make the dynamic dumper in Il2CppInspector do, but I don't have time to implement it right now.
To Add Onto This Thread
Not only I'm able to reproduce the issue using the command line above and the GUI (picture below), I'm also able to provide some more insight using these two files which are just updated GameAssembly and global-metadata files (as of writing this comment).
Matching output to OP's error using the same 2 files:
Here's to provide some additional insight since your app is in parity with Il2CppDumper (as this error comes from v6.6.2):
.\Il2CppDumper.exe "..\GameAssembly.dll" "..\il2cpp_data\Metadata\global-metadata.dat" "..\Desktop"
Initializing metadata...
Metadata Version: 24.2
Initializing il2cpp file...
Il2Cpp Version: 24.2
Searching...
CodeRegistration : 0
MetadataRegistration : 0
Use custom PE loader
CodeRegistration : 0
MetadataRegistration : 0
ERROR: Can't use auto mode to process file, try manual mode.
Input CodeRegistration:
System.ArgumentOutOfRangeException: Index was out of range. Must be non-negative and less than the size of the collection.
Parameter name: startIndex
at System.ParseNumbers.StringToLong(String s, Int32 radix, Int32 flags, Int32* currPos)
at System.Convert.ToUInt64(String value, Int32 fromBase)
at Il2CppDumper.Program.Init(String il2cppPath, String metadataPath, Metadata& metadata, Il2Cpp& il2Cpp) in C:\projects\il2cppdumper\Il2CppDumper\Program.cs:line 220
ERROR: An error occurred while processing.
Additionally, I'm not sure if this is coincidence or not, but here is the GUI output using Il2CppInspector v2021.1 (fresh download and default settings), but I'm using the ウマ娘 プリティーダービー_v1.2.9_apkpure.com.xapk for the same game and this is the exact error as the PC (DMM) version the CLI displayed above:
TL;DR
Both XAPK and PC versions of this game are giving out the same errors when using both Il2CppInspector v2021.1 and Il2CppDumper v6.6.2.
If any of this needs to be documented into a separate issue, I wouldn't mind creating a new one 👍
You can use my modified ksDumper to dump that GameAssembly.dll It use power from kernel space so you can just bypass the protection https://github.com/GEEKiDoS/KsDumper/releases/tag/mod-1.1
To use just follow original steps but after selecting process just select a module in the module view then right click-dump
Note: if you have Hyper-V enabled, the capcom driver will cause a BOSD
You can use my modified ksDumper to dump that GameAssembly.dll It use power from kernel space so you can just bypass the protection https://github.com/GEEKiDoS/KsDumper/releases/tag/mod-1.1
To use just follow original steps but after selecting process just select a module in the module view then right click-dump
Note: if you have Hyper-V enabled, the capcom driver will cause a BOSD
I tried to use ksDumper. I was able to start it once, but after the second time, the process does not show anything when I start it. I am following the steps in the readme. What should I do?
