downloadpizza/SandTools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ghidra: symbol-inject workflow (Il2CppDumper script.json) instead of full auto-analysis

Browse Source 
- Full auto-analysis of the 137MB IL2CPP GameAssembly.dll is the wrong default:
  Decompiler Parameter ID is ~single-threaded, ran 5h+ with no checkpoint/ETA
  and saves only at the end. It rediscovers what Il2CppDumper already knows.
- Add ghidra/scripts/apply_il2cpp_symbols.py: headless-adapted port of
  yoten/ghidra.py (askFile -> script arg) that imports the dumper's script.json
  symbol table (function boundaries + names + string/metadata labels) onto a
  -noanalysis import. Names-only/light path; struct+signature path documented.
- docs/GHIDRA.md: full workflow, address convention (base.add(Address), no -0x1000),
  the _JAVA_OPTIONS=-Xmx4g heap-cap gotcha, targeted decomp/disasm commands.
This commit is contained in:
DownloadPizza
2026-06-16 15:51:00 +02:00
parent f049db6921
commit e390461a53
2 changed files with 89 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CLAUDE.md
View File

@@ -25,6 +25,8 @@ The four data sources, and which tools own them:
- **Don't hammer the live server.** It is a real playtest backend. Warn the operator *before* any
action that makes repeated/abnormal connections. BattlEye is active in the game — all scraping is
done **outside** the game process (replayed protocol / captures / REST), never via injection.
- **A `/connect` scrape kicks the live player** (single session per account, newest wins — verified
2026-06-16, see `docs/MASTER_SERVER.md`). Don't open `/connect` while the operator is in-game.
## Environment & how to run
@@ -155,6 +157,7 @@ All use UnityPy with an IL2CPP TypeTreeGenerator (`GameAssembly.dll` + `global-m
- **`TASK.md`** — `.wbt` format cracked (BSON-verified) summary.
- **`PRODUCTION_LINES.md`**, **`SALES_VALUE.md`**, **`WEAPON_DAMAGE.md`** — static-data location maps (track across updates).
- **`SCRAPE_RUNBOOK.md`** — read-only live-scrape steps for when a playtest is online.
- **`GHIDRA.md`** — headless Ghidra on `GameAssembly.dll`: **inject Il2CppDumper symbols, don't full-analyze** (`ghidra/scripts/apply_il2cpp_symbols.py`); targeted decompile/disasm; the `_JAVA_OPTIONS` heap gotcha.
- **`BUNDLES.md`** (repo root) — inventory of the 35 asset bundles.
Operator memory lives in `~/.claude/projects/-home-downloadpizza-sand-tools/memory/` (loaded each session).