2. 程式人生 > >mach-o文件頭和 cmd 解析

mach-o文件頭和 cmd 解析

阿新 發佈:2018-04-17
mach-o

// // main.cpp // mach-o // // Created by Allenboy on 2018/4/16. // Copyright ? 2018年 Allenboy. All rights reserved. // #include <stdio.h> #include <stdlib.h> #include <mach-o/loader.h> #include <mach-o/swap.h> #include <mach-o/fat.h> //解析segments //struct segment_command_64 { /* for 64-bit architectures */ // uint32_t cmd; /* LC_SEGMENT_64 */ // uint32_t cmdsize; /* includes sizeof section_64 structs */ // char segname[16]; /* segment name */ // uint64_t vmaddr; /* memory address of this segment */ // uint64_t vmsize; /* memory size of this segment */ // uint64_t fileoff; /* file offset of this segment */ // uint64_t filesize; /* amount to map from the file */ // vm_prot_t maxprot; /* maximum VM protection */ // vm_prot_t initprot; /* initial VM protection */ // uint32_t nsects; /* number of sections in segment */ // uint32_t flags; /* flags */ //}; void dump_segments(FILE *obj_file); //----------------------------------------------------------------------main------------------------------------------------------------------------------// int main(int argc, char *argv[]) { const char *filename ="/Applications/Notes.app/Contents/MacOS/Notes"; //打開一個 mach-o 文件 FILE *obj_file = fopen(filename, "rb"); //解析 dump_segments(obj_file); //關閉 fclose(obj_file); return 0; } //讀文件頭magic uint32_t read_magic(FILE *obj_file, int offset) { uint32_t magic; fseek(obj_file, offset, SEEK_SET); fread(&magic, sizeof(uint32_t), 1, obj_file); return magic; } //判斷是多少位 int is_magic_64(uint32_t magic) { return magic == MH_MAGIC_64 || magic == MH_CIGAM_64; } //要讓 Linux 系統訪問虛擬內存,則必須有一個交換分區,當內存(RAM)用完的時候,將硬盤中指定分區(即 Swap 分區)當做內存來使用。因此,當有足夠的系統內存(RAM)來滿足系統的所有的需求時,我們並不需要劃分交換分區。盡管如此,是否使用交換分區取決於管理員。 //判斷要用哪各格式去虛擬分區 int should_swap_bytes(uint32_t magic) { return magic == MH_CIGAM || magic == MH_CIGAM_64 || magic == FAT_CIGAM; } //判斷是胖二進制(fat)還是普通二進制 int is_fat(uint32_t magic) { return magic == FAT_MAGIC || magic == FAT_CIGAM; } //cpu 類型 struct _cpu_type_names { cpu_type_t cputype; const char *cpu_name; }; static struct _cpu_type_names cpu_type_names[] = { { CPU_TYPE_I386, "i386" }, { CPU_TYPE_X86_64, "x86_64" }, { CPU_TYPE_ARM, "arm" }, { CPU_TYPE_ARM64, "arm64" } }; //找出cpu 類型名稱 static const char *cpu_type_name(cpu_type_t cpu_type) { static int cpu_type_names_size = sizeof(cpu_type_names) / sizeof(struct _cpu_type_names); for (int i = 0; i < cpu_type_names_size; i++ ) { if (cpu_type == cpu_type_names[i].cputype) { return cpu_type_names[i].cpu_name; } } return "unknown"; } //根據結構體大小解析的 void *load_bytes(FILE *obj_file, int offset, int size) { //分配 1 塊size大小的內存 void *buf = calloc(1, size); fseek(obj_file, offset, SEEK_SET); fread(buf, size, 1, obj_file); return buf; } //解析segment_command void dump_segment_commands(FILE *obj_file, int offset, int is_swap, uint32_t ncmds) { int actual_offset = offset; //解析所有命令 printf("---------------------------------------segment_command_64-----------------------------------\n"); for (int i = 0; i < ncmds; i++) { struct load_command *cmd = load_bytes(obj_file, actual_offset, sizeof(struct load_command)); if (is_swap) { swap_load_command(cmd, 0); } //判斷是哪種命令 //#define LC_LOAD_WEAK_DYLIB (0x18 | LC_REQ_DYLD) // //#define LC_SEGMENT_64 0x19 /* 64-bit segment of this file to be //mapped */ //#define LC_ROUTINES_64 0x1a /* 64-bit image routines */ //#define LC_UUID 0x1b /* the uuid */ //#define LC_RPATH (0x1c | LC_REQ_DYLD) /* runpath additions */ //#define LC_CODE_SIGNATURE 0x1d /* local of code signature */ //#define LC_SEGMENT_SPLIT_INFO 0x1e /* local of info to split segments */ //#define LC_REEXPORT_DYLIB (0x1f | LC_REQ_DYLD) /* load and re-export dylib */ //#define LC_LAZY_LOAD_DYLIB 0x20 /* delay load of dylib until first use */ //#define LC_ENCRYPTION_INFO 0x21 /* encrypted segment information */ //#define LC_DYLD_INFO 0x22 /* compressed dyld information */ //#define LC_DYLD_INFO_ONLY (0x22|LC_REQ_DYLD) /* compressed dyld information only */ //#define LC_LOAD_UPWARD_DYLIB (0x23 | LC_REQ_DYLD) /* load upward dylib */ //#define LC_VERSION_MIN_MACOSX 0x24 /* build for MacOSX min OS version */ //#define LC_VERSION_MIN_IPHONEOS 0x25 /* build for iPhoneOS min OS version */ //#define LC_FUNCTION_STARTS 0x26 /* compressed table of function start addresses */ //#define LC_DYLD_ENVIRONMENT 0x27 /* string for dyld to treat //like environment variable */ //#define LC_MAIN (0x28|LC_REQ_DYLD) /* replacement for LC_UNIXTHREAD */ //#define LC_DATA_IN_CODE 0x29 /* table of non-instructions in __text */ //#define LC_SOURCE_VERSION 0x2A /* source version used to build binary */ //#define LC_DYLIB_CODE_SIGN_DRS 0x2B /* Code signing DRs copied from linked dylibs */ //#define LC_ENCRYPTION_INFO_64 0x2C /* 64-bit encrypted segment information */ //#define LC_LINKER_OPTION 0x2D /* linker options in MH_OBJECT files */ //#define LC_LINKER_OPTIMIZATION_HINT 0x2E /* optimization hints in MH_OBJECT files */ //#define LC_VERSION_MIN_TVOS 0x2F /* build for AppleTV min OS version */ //#define LC_VERSION_MIN_WATCHOS 0x30 /* build for Watch min OS version */ //#define LC_NOTE 0x31 /* arbitrary data included within a Mach-O file */ //#define LC_BUILD_VERSION 0x32 /* build for platform min OS version */ if (cmd->cmd == LC_SEGMENT_64) { struct segment_command_64 *segment = load_bytes(obj_file, actual_offset, sizeof(struct segment_command_64)); if (is_swap) { swap_segment_command_64(segment, 0); } // struct segment_command_64 { /* for 64-bit architectures */ // uint32_t cmd; /* LC_SEGMENT_64 */ // uint32_t cmdsize; /* includes sizeof section_64 structs */ // char segname[16]; /* segment name */ // uint64_t vmaddr; /* memory address of this segment */ // uint64_t vmsize; /* memory size of this segment */ // uint64_t fileoff; /* file offset of this segment */ // uint64_t filesize; /* amount to map from the file */ // vm_prot_t maxprot; /* maximum VM protection */ // vm_prot_t initprot; /* initial VM protection */ // uint32_t nsects; /* number of sections in segment */ // uint32_t flags; /* flags */ // }; //----------------------------------------------------------------------------------------------------------------------- printf("------------------------------------LC_SEGMENT_64-------------------------------------------\n"); printf("uint32_t cmd; %x\n",segment->cmd); printf("uint32_t cmdsize; %x\n",segment->cmdsize); printf("char segname[16]; %s\n",segment->segname); printf("uint64_t vmaddr; %llx\n",segment->vmaddr); printf("uint64_t vmsize; %llx\n",segment->vmsize); printf("uint64_t fileoff; %llx\n",segment->fileoff); printf("uint64_t filesize; %llx\n",segment->filesize); printf("vm_prot_t maxprot; %x\n",segment->maxprot); printf("vm_prot_t initprot; %x\n",segment->initprot); printf("uint32_t nsects; %x\n",segment->nsects); printf("uint32_t flags; %x\n",segment->flags); //------------------------------------------------------------------------------------------------------------------------ printf("segname: %s\n", segment->segname); for (int i=0; i<segment->nsects; i++) { // struct section_64 { /* for 64-bit architectures */ // char sectname[16]; /* name of this section */ // char segname[16]; /* segment this section goes in */ // uint64_t addr; /* memory address of this section */ // uint64_t size; /* size in bytes of this section */ // uint32_t offset; /* file offset of this section */ // uint32_t align; /* section alignment (power of 2) */ // uint32_t reloff; /* file offset of relocation entries */ // uint32_t nreloc; /* number of relocation entries */ // uint32_t flags; /* flags (section type and attributes)*/ // uint32_t reserved1; /* reserved (for offset or index) */ // uint32_t reserved2; /* reserved (for count or sizeof) */ // uint32_t reserved3; /* reserved */ // }; //當前的地址 // struct section_64 * mysection = load_bytes(obj_file, actual_offset, sizeof(struct section_64)); } free(segment); } else if (cmd->cmd == LC_SEGMENT) { struct segment_command *segment = load_bytes(obj_file, actual_offset, sizeof(struct segment_command)); if (is_swap) { swap_segment_command(segment, 0); } // struct segment_command { /* for 32-bit architectures */ // uint32_t cmd; /* LC_SEGMENT */ // uint32_t cmdsize; /* includes sizeof section structs */ // char segname[16]; /* segment name */ // uint32_t vmaddr; /* memory address of this segment */ // uint32_t vmsize; /* memory size of this segment */ // uint32_t fileoff; /* file offset of this segment */ // uint32_t filesize; /* amount to map from the file */ // vm_prot_t maxprot; /* maximum VM protection */ // vm_prot_t initprot; /* initial VM protection */ // uint32_t nsects; /* number of sections in segment */ // uint32_t flags; /* flags */ // }; //----------------------------------------------------------------------------------------------------------------------- printf("-------------------------------------LC_SEGMENT---------------------------------------------\n"); printf("uint32_t cmd; %x\n",segment->cmd); printf("uint32_t cmdsize; %x\n",segment->cmdsize); printf("char segname[16]; %s\n",segment->segname); printf("uint64_t vmaddr; %x\n",segment->vmaddr); printf("uint64_t vmsize; %x\n",segment->vmsize); printf("uint64_t fileoff; %x\n",segment->fileoff); printf("uint64_t filesize; %x\n",segment->filesize); printf("vm_prot_t maxprot; %x\n",segment->maxprot); printf("vm_prot_t initprot; %x\n",segment->initprot); printf("uint32_t nsects; %x\n",segment->nsects); printf("uint32_t flags; %x\n",segment->flags); //------------------------------------------------------------------------------------------------------------------------ printf("segname: %s\n", segment->segname); free(segment); } else if (cmd->cmd == LC_IDFVMLIB||cmd->cmd == LC_LOADFVMLIB) { struct fvmlib_command *segment = load_bytes(obj_file, actual_offset, sizeof(struct fvmlib_command)); if (is_swap) { swap_fvmlib_command(segment, 0); } // struct fvmlib_command { // uint32_t cmd; /* LC_IDFVMLIB or LC_LOADFVMLIB */ // uint32_t cmdsize; /* includes pathname string */ // struct fvmlib fvmlib; /* the library identification */ // }; //----------------------------------------------------------------------------------------------------------------------- printf("-------------------------------------LC_SEGMENT---------------------------------------------\n"); printf("uint32_t cmd; %x\n",segment->cmd); printf("uint32_t cmdsize; %x\n",segment->cmdsize); printf("struct fvmlib fvmlib; %x\n",segment->fvmlib); //------------------------------------------------------------------------------------------------------------------------ free(segment); } else if (cmd->cmd == LC_ID_DYLIB||cmd->cmd == LC_REEXPORT_DYLIB||cmd->cmd == LC_LOAD_UPWARD_DYLIB) { struct dylib_command *segment = load_bytes(obj_file, actual_offset, sizeof(struct dylib_command)); if (is_swap) { swap_dylib_command(segment, 0); } // struct dylib_command { // uint32_t cmd; /* LC_ID_DYLIB, LC_LOAD_{,WEAK_}DYLIB, // LC_REEXPORT_DYLIB */ // uint32_t cmdsize; /* includes pathname string */ // struct dylib dylib; /* the library identification */ // }; //----------------------------------------------------------------------------------------------------------------------- printf("-------------------------------------LC_ID_DYLIB---------------------------------------------\n"); printf("uint32_t cmd; %x\n",segment->cmd); printf("uint32_t cmdsize; %x\n",segment->cmdsize); printf("struct dylib dylib; %x\n",segment->dylib); //------------------------------------------------------------------------------------------------------------------------ free(segment); } //加上當前的cmdsize到就是下一個命令 actual_offset += cmd->cmdsize; free(cmd); } } //解析mach頭 void dump_mach_header(FILE *obj_file, int offset, int is_64, int is_swap) { uint32_t ncmds; //加載命令偏移 int load_commands_offset = offset; if (is_64) {//64 位 int header_size = sizeof(struct mach_header_64); struct mach_header_64 *header = load_bytes(obj_file, offset, header_size); if (is_swap) { swap_mach_header_64(header, 0); } // struct mach_header_64 { // uint32_t magic; /* mach magic number identifier */ // cpu_type_t cputype; /* cpu specifier */ // cpu_subtype_t cpusubtype; /* machine specifier */ // uint32_t filetype; /* type of file */ // uint32_t ncmds; /* number of load commands */ // uint32_t sizeofcmds; /* the size of all the load commands */ // uint32_t flags; /* flags */ // uint32_t reserved; /* reserved */ // }; //----------------------------------------------------------------------------------------------------------------------- printf("------------------------------------mach_header_64------------------------------------------\n"); printf("uint32_t magic; %x\n",header->magic); printf("cpu_type_t cputype; %x\n",header->cputype); printf("cpu_subtype_t cpusubtype; %x\n",header->cpusubtype); printf("uint32_t filetype; %x\n",header->filetype); printf("uint32_t ncmds; %x\n",header->ncmds); printf("uint32_t sizeofcmds; %x\n",header->sizeofcmds); printf("uint32_t flags; %x\n",header->flags); printf("uint32_t reserved; %x\n",header->reserved); //------------------------------------------------------------------------------------------------------------------------ //加載命令個數 ncmds = header->ncmds; //++ load_commands_offset += header_size; //打印 cpu 類型 printf("%s\n", cpu_type_name(header->cputype)); // free(header); } else {//32 位 int header_size = sizeof(struct mach_header); struct mach_header *header = load_bytes(obj_file, offset, header_size); if (is_swap) { swap_mach_header(header, 0); } // struct mach_header { // uint32_t magic; /* mach magic number identifier */ // cpu_type_t cputype; /* cpu specifier */ // cpu_subtype_t cpusubtype; /* machine specifier */ // uint32_t filetype; /* type of file */ // uint32_t ncmds; /* number of load commands */ // uint32_t sizeofcmds; /* the size of all the load commands */ // uint32_t flags; /* flags */ // }; //----------------------------------------------------------------------------------------------------------------------- printf("------------------------------------mach_header_32----------------------------------------------\n"); printf("uint32_t magic; %x\n",header->magic); printf("cpu_type_t cputype; %x\n",header->cputype); printf("cpu_subtype_t cpusubtype; %x\n",header->cpusubtype); printf("uint32_t filetype; %x\n",header->filetype); printf("uint32_t ncmds; %x\n",header->ncmds); printf("uint32_t sizeofcmds; %x\n",header->sizeofcmds); printf("uint32_t flags; %x\n",header->flags); //------------------------------------------------------------------------------------------------------------------------ ncmds = header->ncmds; load_commands_offset += header_size; printf("%s\n", cpu_type_name(header->cputype)); free(header); } //解析commands命令 dump_segment_commands(obj_file, load_commands_offset, is_swap, ncmds); } //struct fat_header { // uint32_t magic; /* FAT_MAGIC or FAT_MAGIC_64 */ // uint32_t nfat_arch; /* number of structs that follow */ //}; // //struct fat_arch { // cpu_type_t cputype; /* cpu specifier (int) */ // cpu_subtype_t cpusubtype; /* machine specifier (int) */ // uint32_t offset; /* file offset to this object file */ // uint32_t size; /* size of this object file */ // uint32_t align; /* alignment as a power of 2 */ //}; void dump_fat_header(FILE *obj_file, int is_swap) { //頭結構體大小 int header_size = sizeof(struct fat_header); //cpu 架構結構體大小 int arch_size = sizeof(struct fat_arch); //解析 fat 頭結構體 struct fat_header *header = load_bytes(obj_file, 0, header_size); //在傳進來的判斷是否合法 if (is_swap) { //虛擬分區 swap_fat_header(header, 0); } //arch架構偏移 int arch_offset = header_size; //遍歷所有架構 for (int i = 0; i < header->nfat_arch; i++) { //解析 struct fat_arch *arch = load_bytes(obj_file, arch_offset, arch_size); if (is_swap) { swap_fat_arch(arch, 1, 0); } // int mach_header_offset = arch->offset; free(arch); //下一個結構體 arch_offset += arch_size; //讀header magic uint32_t magic = read_magic(obj_file, mach_header_offset); //判斷 int is_64 = is_magic_64(magic); // int is_swap_mach = should_swap_bytes(magic); //解析頭 dump_mach_header(obj_file, mach_header_offset, is_64, is_swap_mach); } free(header); } //解析 void dump_segments(FILE *obj_file) { //先讀文件頭 uint32_t magic = read_magic(obj_file, 0); //判斷多少位 int is_64 = is_magic_64(magic); //判斷什麽格式虛擬分區(把磁盤虛擬成內存使用的作用) int is_swap = should_swap_bytes(magic); //判斷是胖二進制還是普通二進制 int fat = is_fat(magic); if (fat) { //解析 fat 頭 dump_fat_header(obj_file, is_swap); } else { //解析mach 頭 dump_mach_header(obj_file, 0, is_64, is_swap); } }

mach-o文件頭和 cmd 解析

相關推薦

mach-o cmd 解析

mach-o// // main.cpp // mach-o // // Created by Allenboy on 2018/4/16. // Copyright ? 2018年 Allenboy. All rights reserved. // #include <stdio.h>

Mach-O格式程序從載入到運行過程

height star 也會 linked trail dylib 建立 helper cmd > 之前深入了解過。過去了一年多的時間。如今花些時間好好總結下,畢竟好記性不如爛筆頭。其次另一個目的,對於mach-o文件結構。關於動態載入信息那個數

管道I/O用途

memcache telnetmknod pipe1 p與exec 8 pipe1指令合用,實現自動telnet功能mknod pipe1 p與exec 8 pipe1指令合用,實現自動telnet功能#vi autologin.shmknod pipe1 pexec 8<>pipe1 I/O文

php獲取ios或android通過(header)傳過來的坐標,通過百度接口獲取具體城市地址,並存入到session中。

word 請求 sse 百度 頭文件 reac session ray 位置 首先,在function.php方法文件中封裝一個獲取header頭文件的方法。 if (!function_exists(‘getallheaders‘)) {   function g

PHP 常用函數

opera tel 操作 鎖定 file ati 設置 blog ldb 文件鎖 bool flock ( int handle, int operation [, int &wouldblock] );flock() 操作的 handle 必須是一個已經打開的文件

linux 大小數量統計

linux 文件大小 數量統計因需要監控節點的文件狀態(時間 擁有者 大小 數目)開始監控文件數目用的 find ./ -type f |wc -l 監控文件大小 du -sk出現的問題: 1、同樣的文件在不同版本(centos6.5和centos5.8)的系統上大小不一致 c

系統本地存儲管理 2

linux 文件系統和存儲管理回顧: 壓縮、歸檔工具 gzip bzip2 xz zip/unzip tar cpio 機械式磁盤的工作原理,技術參數,常用術語 使用磁盤的步驟: 分區 fdisk gdisk parted 高級格式化 ext 超級塊(備份),GDT,metad

系統本地存儲管理 1

linux 文件系統和存儲管理Linux系統管理1.存儲管理 傳統的磁盤分區 RAID技術,軟RAID的實現 LVM 文件系統管理 ext,xfs,btrfs(了解)2.程序包管理 rpm、yum、dnf3.sed、gawk4.進程管理5.網絡管理 網絡基礎知識(Cisco CCNA+CCNP) 網絡屬性管

常見

bsp mpeg pdf quicktime post mat mdb html psd JPEG (jpg),文件頭:FFD8FFPNG (png),文件頭:89504E47 GIF (gif),文件頭:47494638TIFF

比較Apache Hadoop生態系統中不同的格式存儲引擎的性能

報告 indent 然而 microsoft 要花 ont 目錄 總結 千兆 這篇文章提出了在Apache Hadoop生態系統中對比一些當前流行的數據格式和可用的存儲引擎的性能:Apache Avro,Apache Parquet,Apache HBase和Apache

顏色目錄

配置文件 壓縮文件 執行文件 服務器 根目錄 文件顏色代表含義:藍色表示目錄;綠色表示可執行文件;紅色表示壓縮文件;淺藍色表示鏈接文件;白色表示其他文件;黃色是設備文件,包括block, char, fifo。常見目錄解釋Linux各種發行版的目錄結構基本一致,各個目錄簡單介紹如下: 目錄

10. 內部類、源規則

time 由於 源碼 width 互聯 leg important 例子 space html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,ad

Pycharm在創建py時,自動添加註釋

文件頭 images image nbsp 輸入 pycha -1 img .com 操作如上圖所示,一般輸入的註釋為: Pycharm在創建py文件時,自動添加文件頭註釋

MyBatis Mapper.xml中 $#的區別

優先 註入 sql註入 jdb 防止 自動 || myba 由於 1.優先使用#{paramName,jdbcType=VARCHAR} 寫法,除了可以防止sql註入以外,它還能在參數裏含有單引號的時候自動轉義, 而${paramName}由於是類似於拼接sql的寫法,不具

RH124-14 系統磁盤設備管理

文件系統和磁盤設備管理第十四章 文件系統和磁盤設備管理14.1 文件系統和磁盤設備的管理與使用磁盤設備 磁盤設備是支持隨機讀寫數據的設備.在物理機器上,設備文件默認都存放在/dev/目錄下,第一個硬盤是/dev/sda,第二個硬盤是/dev/sdb,如此類推.第一個硬盤的第一個分區是/dev/sda1,第二個

Python全棧開發之4、內置函數、操作遞歸

開發 hang mon alien yun alpha err fdm ax1 %E5%AD%97%E8%8A%82%E5%BA%8F%E8%BD%AC%E6%8D%A2%E4%B8%8E%E7%BB%93%E6%9E%84%E4%BD%93%E4%BD%8D%E5%9F%

XML詳解以及解析

不同 enume repl 添加 data 的人 中間 load 包含 一、xml基礎詳解: 1、概述: xml:即可擴展標記語言,xml是互聯網數據傳輸的重要工具,它可以跨越互聯網任何的平臺,不受編程語言和操作系統的限制,可以說它是一個擁有互聯網最高級別通行證的數

關於linux系統下批量修改後綴

linux 字符串 總會遇到遇到處理文件的問題,比如文件後綴修改,以前都是寫shell,後來發現有個更簡單的方法rename1,在centos 下是用c 寫的 rename用法: a.txt 修改為 a.cc rename txt cc *.txt

RootFramework框架實現讀取上傳以及使用JavaScript獲取fields中的值

roo 讀取 frame get .get 轉換 script 輸入 tor 1、項目中使用的相對路徑需要轉換成絕對路徑,(Python方法實現 os.path.abspath(‘path‘)) 2、choose file [locators,file_pat

docker mysql 掛載MySQL字符集設置

ria mes col value data etc password res code docker run -p 3306:3306 --name mysql -v /usr/local/mysql/my.cnf:/etc/mysql/my.cnf -v /usr/lo