dot/macho
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

clean code and add comment

Browse Source
This commit is contained in:
nganhkhoa
2024-01-04 06:34:07 +07:00
parent 7a6a41b4d8
commit 263596b1a1
2 changed files with 97 additions and 96 deletions
Download Patch File Download Diff File Expand all files Collapse all files

89
macho-go/pkg/ios/macho/edit.go
View File

@ -472,7 +472,8 @@ func (mc *MachoContext) ReworkForObjc() {
main_offset := int(mc.entryoff)
var shellcode_offset int
if (mc.header.cputype & 0xff) == 12 {
isArm := (mc.header.cputype & 0xff) == 12
if isArm {
shellcode = []uint32{
0x10000008,
0, // x9 = (offset end of __DATA) - (offset shellcode)
@ -513,37 +514,11 @@ func (mc *MachoContext) ReworkForObjc() {
// fmt.Printf("// movz_data_end_offset=%x\n", movz_data_end_offset)
fmt.Printf("// lc_main_offset=%x\n", lc_main_offset)
} else {
// TODO: fix to work with offset larger than 0xffff
// shellcode = []uint32{
// 0x00058d4c,
// 0x66000000,
// 0, // offset
// 0x57c8014d,
// 0x41515256,
// 0x088b4d50,
// 0x41d1ff41,
// 0x5e5a5958,
// 0x488b4d5f,
// 0xe1ff4108,
// }
shellcode_x := []uint8{
shellcode_start := []uint8{
0x4c, 0x8d, 0x05, 0x00, 0x00, 0x00, 0x00,
0x49, 0xC7, 0xC1,
}
offset := []uint8{0x00, 0x00, 0x00, 0x00} // offset
shellcode_offset = text_start - 44
encode_movz := func(v int) {
for i := 0; i < 4; i++ {
offset[i] = uint8(v >> (i * 8))
}
}
// 7 is shellcode size to get RIP
encode_movz((data_end - text_start) + (44 - 7))
shellcode_end := []uint8{
0x4d, 0x01, 0xc8,
0x57,
@ -560,33 +535,59 @@ func (mc *MachoContext) ReworkForObjc() {
0x5e,
0x5f, 0x4d, 0x8b, 0x48, 0x08,
0x41, 0xff, 0xe1,
// pad to %4
0x00, 0x00,
}
shellcode_x = append(shellcode_x, offset...)
shellcode_x = append(shellcode_x, shellcode_end...)
offset := []uint8{0x00, 0x00, 0x00, 0x00} // offset
shellcode_size := len(shellcode_start) + len(offset) + len(shellcode_end)
for i := 0; i < len(shellcode_x)-2; i += 4 {
// could use buffer encoding, but for correctness,
// we do this by hand
encode_movz := func(v int) {
for i := 0; i < 4; i++ {
offset[i] = uint8(v >> (i * 8))
}
}
// ┌─────────────────┐
// │ │
// shellcode starts ────┼─────────────────┼───── │ │instruction
// │ │ │ │fetch RIP size
// RIP returns ────┼─────────────────┼───── ▲ │ │
// │ │ │ │
// │ │ │ │ shellcode length
// shellcode ends │ │ │ offset │
// __text ────┼─────────────────┼───── │ range │
// │ │ │ │ __DATA ends - __text
// │ │ │ │
// __DATA ends ────┼─────────────────┼───── ▼ │
// │ │
// │ │
// │ │
// │ │
// │ │
// └─────────────────┘
encode_movz((data_end - text_start) + (shellcode_size - len(shellcode_start)))
shellcode_offset = text_start - shellcode_size
shellcode_bytes := append(shellcode_start, offset...)
shellcode_bytes = append(shellcode_bytes, shellcode_end...)
for i := 0; i < len(shellcode_bytes); i += 4 {
val := 0
// little endian
val |= int(shellcode_x[i+0]) << 0
val |= int(shellcode_x[i+1]) << 8
val |= int(shellcode_x[i+2]) << 16
val |= int(shellcode_x[i+3]) << 24
val |= int(shellcode_bytes[i+0]) << 0
val |= int(shellcode_bytes[i+1]) << 8
val |= int(shellcode_bytes[i+2]) << 16
val |= int(shellcode_bytes[i+3]) << 24
shellcode = append(shellcode, uint32(val))
}
shellcode = append(shellcode, 0x0000e1ff)
// shellcode[10] = movz_data_end_offset
// shellcode[19] = movz_main_offset
fmt.Printf("// shellcode_offset=%x\n", shellcode_offset)
fmt.Printf("// main_offset=%x\n", main_offset)
fmt.Printf("// data_end=%x\n", data_end)
// fmt.Printf("// movz_calculate_offset=%x\n", movz_calculate_offset)
// fmt.Printf("// movz_shellcode_offset=%x\n", movz_shellcode_offset)
// fmt.Printf("// movz_main_offset=%x\n", movz_main_offset)
// fmt.Printf("// movz_data_end_offset=%x\n", movz_data_end_offset)
fmt.Printf("// lc_main_offset=%x\n", lc_main_offset)
}