dot/macho
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

format code

Browse Source
This commit is contained in:
nganhkhoa 2023-05-31 16:31:52 +07:00
parent e3453ae127
commit 841a50f8e1
12 changed files with 201 additions and 196 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
macho-go/cmd/extract-section/main.go
View File

@ -1,12 +1,12 @@
package main package main
import ( import (
"ios-wrapper/pkg/ios/macho"
"github.com/alecthomas/kong" "github.com/alecthomas/kong"
"ios-wrapper/pkg/ios/macho"
"os"
"fmt"
"bytes" "bytes"
"fmt"
"os"
) )
type Argument struct { type Argument struct {
@ -33,7 +33,7 @@ func compare(one string, two string) {
s1 := mc1.FindSection("__text") s1 := mc1.FindSection("__text")
s2 := mc2.FindSection("__text") s2 := mc2.FindSection("__text")
if (s1.Size() == s2.Size()) { if s1.Size() == s2.Size() {
fmt.Println("Size is equal") fmt.Println("Size is equal")
} else { } else {
fmt.Printf("%x <> %x\n", s1.Size(), s2.Size()) fmt.Printf("%x <> %x\n", s1.Size(), s2.Size())
@ -41,7 +41,7 @@ func compare(one string, two string) {
data1 := mc1.Cut(uint64(s1.Offset()), s1.Size()) data1 := mc1.Cut(uint64(s1.Offset()), s1.Size())
data2 := mc1.Cut(uint64(s2.Offset()), s2.Size()) data2 := mc1.Cut(uint64(s2.Offset()), s2.Size())
if (bytes.Compare(data1, data2) == 0) { if bytes.Compare(data1, data2) == 0 {
fmt.Println("Data is equal") fmt.Println("Data is equal")
} }
} }

1
macho-go/internal/wrapper/info.go
View File

@ -34,7 +34,6 @@ func (printer *InfoPrinter) Print() {
fmt.Printf("Init functions at offset %s\n", &fun) fmt.Printf("Init functions at offset %s\n", &fun)
} }
symbols := mc.CollectLazyBindSymbols() symbols := mc.CollectLazyBindSymbols()
if len(symbols) > 0 { if len(symbols) > 0 {
fmt.Println("Lazy Symbols") fmt.Println("Lazy Symbols")

2
macho-go/pkg/ios/macho/dyld_info.go
View File

@ -57,7 +57,7 @@ func (mc *MachoContext) CollectLazyBindSymbols() []*ImportSymbol {
func (mc *MachoContext) CollectLazyBindSymbolsModern() []*ImportSymbol { func (mc *MachoContext) CollectLazyBindSymbolsModern() []*ImportSymbol {
var buf []byte var buf []byte
for _, cmd := range mc.Linkedits() { for _, cmd := range mc.Linkedits() {
if (cmd.Cmd() != LC_DYLD_CHAINED_FIXUPS) { if cmd.Cmd() != LC_DYLD_CHAINED_FIXUPS {
continue continue
} }

1
macho-go/pkg/ios/macho/edit.go
View File

@ -40,6 +40,7 @@ func rewriteLoadcommandsWithoutCodesignature(mc *MachoContext) {
// CODE_SIGNATURE load commands points to the codesign data offset and size. // CODE_SIGNATURE load commands points to the codesign data offset and size.
// __LINKEDIT section points to data offset and size. // __LINKEDIT section points to data offset and size.
// We have: // We have:
//
// linkedit = (section*) LC_SEGMENT.section[0] // name="__LINKEDIT" // linkedit = (section*) LC_SEGMENT.section[0] // name="__LINKEDIT"
// codesign = (linkedit_data_command*) LC_CODE_SIGNATURE // codesign = (linkedit_data_command*) LC_CODE_SIGNATURE
// BinarySize = { f.seek(0, SEEKEND); return f.tell() } // BinarySize = { f.seek(0, SEEKEND); return f.tell() }

2
macho-go/pkg/ios/macho/macho.go
View File

@ -71,10 +71,12 @@ func (mc *MachoContext) WriteBufferTo(w io.Writer) (int, error) {
// Parse the provided Mach-O binary from a file // Parse the provided Mach-O binary from a file
// The first 4 bytes of the file must be the MachO magic // The first 4 bytes of the file must be the MachO magic
// That is: // That is:
//
// file.Seek(0, io.SeekStart) // file.Seek(0, io.SeekStart)
// magic := make([]byte, 4) // magic := make([]byte, 4)
// file.Read(magic) // file.Read(magic)
// assert magic == []byte{macho magic bytes} // assert magic == []byte{macho magic bytes}
//
// or else, parsing error is panic // or else, parsing error is panic
func (mc *MachoContext) ParseFile(file *os.File, length int) error { func (mc *MachoContext) ParseFile(file *os.File, length int) error {
file.Seek(0, io.SeekStart) file.Seek(0, io.SeekStart)

2
macho-go/pkg/ios/macho/util.go
View File

@ -138,7 +138,7 @@ func (mc *MachoContext) FindSegment(name string) Segment {
} }
func (mc *MachoContext) Cut(offset uint64, size uint64) []byte { func (mc *MachoContext) Cut(offset uint64, size uint64) []byte {
return mc.buf[offset : offset + size]; return mc.buf[offset : offset+size]
} }
// INIT POINTER // INIT POINTER

23
research/custom_loader/b.c
View File

@ -1,7 +1,7 @@
#include <stdio.h>
#include <stdint.h>
#include <mach-o/dyld.h> #include <mach-o/dyld.h>
#include <mach/mach.h> #include <mach/mach.h>
#include <stdint.h>
#include <stdio.h>
const uint32_t magic64 = 0xfeedfacf; const uint32_t magic64 = 0xfeedfacf;
const uint32_t magic32 = 0xfeedface; const uint32_t magic32 = 0xfeedface;
@ -27,7 +27,8 @@ void decode_uleb128(char*& addr, uint32_t* ret) {
result |= (byte & 0x7f) << shift; result |= (byte & 0x7f) << shift;
shift += 7; shift += 7;
if (!(byte & 0x80)) break; if (!(byte & 0x80))
break;
} }
*ret = result; *ret = result;
@ -236,8 +237,9 @@ int hook_printf (const char * format, ... ) {
return status; return status;
} }
__attribute__((constructor)) __attribute__((constructor)) static void
static void bruh(int argc, const char* const argv[], const char* const envp[], const char* const apple[], const struct ProgramVars* vars) { bruh(int argc, const char *const argv[], const char *const envp[],
const char *const apple[], const struct ProgramVars *vars) {
// ProgramVars contains pointer to main executable (mapped) file // ProgramVars contains pointer to main executable (mapped) file
const void *main = (int *)(vars->mh); const void *main = (int *)(vars->mh);
// Find our lib (mapped) file // Find our lib (mapped) file
@ -291,7 +293,6 @@ static void bruh(int argc, const char* const argv[], const char* const envp[], c
// } // }
// printf("\n"); // printf("\n");
// printf("export dyld lib address %llx\n", (uint64_t)libdyld_export_trie); // printf("export dyld lib address %llx\n", (uint64_t)libdyld_export_trie);
// for (int i = 0; i < 0x11e0; i++) { // for (int i = 0; i < 0x11e0; i++) {
// if (i % 0x10 == 0) printf("\n"); // if (i % 0x10 == 0) printf("\n");
@ -318,8 +319,10 @@ static void bruh(int argc, const char* const argv[], const char* const envp[], c
struct test_find_export find_export_testcases[] = { struct test_find_export find_export_testcases[] = {
{"__Z11find_headerPv", thislib, thislib_export_trie, (void *)find_header}, {"__Z11find_headerPv", thislib, thislib_export_trie, (void *)find_header},
{"__dyld_get_image_name", libdyld, libdyld_export_trie, (void*)_dyld_get_image_name}, {"__dyld_get_image_name", libdyld, libdyld_export_trie,
{"__dyld_image_count", libdyld, libdyld_export_trie, (void*)_dyld_image_count}, (void *)_dyld_get_image_name},
{"__dyld_image_count", libdyld, libdyld_export_trie,
(void *)_dyld_image_count},
{"_printf", libc, libc_export_trie, (void *)printf}, {"_printf", libc, libc_export_trie, (void *)printf},
}; };
@ -336,9 +339,9 @@ static void bruh(int argc, const char* const argv[], const char* const envp[], c
uint64_t *got = (uint64_t *)((char *)main + 0x4000); uint64_t *got = (uint64_t *)((char *)main + 0x4000);
printf("BEFORE symbol bind code is %llx\n", *got); printf("BEFORE symbol bind code is %llx\n", *got);
vm_protect(mach_task_self(), (uint64_t)got, 0x4000, 0, VM_PROT_READ | VM_PROT_WRITE); vm_protect(mach_task_self(), (uint64_t)got, 0x4000, 0,
VM_PROT_READ | VM_PROT_WRITE);
// fix got table // fix got table
// *got = (uint64_t)find_in_export_trie(libc, libc_export_trie, "_printf"); // *got = (uint64_t)find_in_export_trie(libc, libc_export_trie, "_printf");