Potentially handle multiple executable sections for instruction analysis #24
Description
I was assuming that usual applications will have everything in .text, but it seems this is not the case for Unity IL2CPP. It creates another executable section like the following:
File: GameAssembly.dll
Format: COFF-x86-64
Arch: x86_64
AddressSize: 64bit
Sections [
Section {
Number: 1
Name: .text (2E 74 65 78 74 00 00 00)
VirtualSize: 0x3E0594
VirtualAddress: 0x1000
RawDataSize: 4064768
PointerToRawData: 0x400
PointerToRelocations: 0x0
PointerToLineNumbers: 0x0
RelocationCount: 0
LineNumberCount: 0
Characteristics [ (0x60000020)
IMAGE_SCN_CNT_CODE (0x20)
IMAGE_SCN_MEM_EXECUTE (0x20000000)
IMAGE_SCN_MEM_READ (0x40000000)
]
}
Section {
Number: 2
Name: il2cpp (69 6C 32 63 70 70 00 00)
VirtualSize: 0x3BCD546
VirtualAddress: 0x3E2000
RawDataSize: 62707200
PointerToRawData: 0x3E0A00
PointerToRelocations: 0x0
PointerToLineNumbers: 0x0
RelocationCount: 0
LineNumberCount: 0
Characteristics [ (0x60000020)
IMAGE_SCN_CNT_CODE (0x20)
IMAGE_SCN_MEM_EXECUTE (0x20000000)
IMAGE_SCN_MEM_READ (0x40000000)
]
}
...
]
Perhaps we should allow passing in an array of executable sections, instead of just .text, to perform instruction analysis.