Beispiel #1
0
    def __init__(self, fh, offset, size):
        self.MH_MAGIC = MH_MAGIC_64
        self.mach_header = mach_header_64
        self.endian = '<'

        self.offset = offset
        self.size = size
        self.prelink_offset = 0
        self.kernel_header = None
        self.fh = fileview(fh, offset, size)
Beispiel #2
0
    def write(self, fileobj):
        fileobj = fileview(fileobj, self.offset, self.size)
        fileobj.seek(0)

        # serialize all the mach-o commands
        self.synchronize_size()

        self.header.to_fileobj(fileobj)
        for lc, cmd, data in self.commands:
            lc.to_fileobj(fileobj)
            cmd.to_fileobj(fileobj)

            if sys.version_info[0] == 2:
                if isinstance(data, unicode):
                    fileobj.write(data.encode(sys.getfilesystemencoding()))

                elif isinstance(data, (bytes, str)):
                    fileobj.write(data)
                else:
                    # segments..
                    for obj in data:
                        obj.to_fileobj(fileobj)
            else:
                if isinstance(data, str):
                    fileobj.write(data.encode(sys.getfilesystemencoding()))

                elif isinstance(data, bytes):
                    fileobj.write(data)

                else:
                    # segments..
                    for obj in data:
                        obj.to_fileobj(fileobj)

        # zero out the unused space, doubt this is strictly necessary
        # and is generally probably already the case
        fileobj.write(b'\x00' * (self.low_offset - fileobj.tell()))
Beispiel #3
0
    def load(self, fh):
        fh = fileview(fh, self.offset, self.size)
        fh.seek(0)

        self.sizediff = 0
        kw = {'_endian_': self.endian}
        header = self.mach_header.from_fileobj(fh, **kw)
        self.header = header
        #print(hex(header.magic)
        #if header.magic != self.MH_MAGIC:
        #    raise ValueError("header has magic %08x, expecting %08x" % (
        #        header.magic, self.MH_MAGIC))

        self.cmd = self.commands = []
        self.filetype = self.get_filetype_shortname(header.filetype)
        read_bytes = 0
        low_offset = sys.maxsize
        for i in range(header.ncmds):
            # read the load command
            cmd_load = load_command.from_fileobj(fh, **kw)
            # read the specific command

            klass = LC_REGISTRY.get(cmd_load.cmd, None)
            # print(klass.__name__
            if klass is None:
                raise ValueError("Unknown load command: %d" % (cmd_load.cmd, ))
            cmd_cmd = klass.from_fileobj(fh, **kw)

            #print(LC_NAMES[cmd_load.cmd]
            if cmd_load.cmd == LC_ID_DYLIB:
                # remember where this command was
                if self.id_cmd is not None:
                    raise ValueError("This dylib already has an id")
                self.id_cmd = i

            if cmd_load.cmd in (LC_SEGMENT, LC_SEGMENT_64):
                # for segment commands, read the list of segments
                segs = []
                # assert that the size makes sense
                if cmd_load.cmd == LC_SEGMENT:
                    section_cls = section
                else:  # LC_SEGMENT_64
                    section_cls = section_64

                expected_size = (sizeof(klass) + sizeof(load_command) +
                                 (sizeof(section_cls) * cmd_cmd.nsects))
                if cmd_load.cmdsize != expected_size:
                    raise ValueError("Segment size mismatch")
                # this is a zero block or something
                # so the beginning is wherever the fileoff of this command is
                if cmd_cmd.nsects == 0:
                    if cmd_cmd.filesize != 0:
                        self.other_segment_details[cmd_cmd.describe()["segname"]] =\
                            {"offset":cmd_cmd.describe()["fileoff"], "size":cmd_cmd.describe()["vmsize"]}
                        low_offset = min(low_offset, cmd_cmd.fileoff)
                else:
                    # this one has multiple segments
                    for j in range(cmd_cmd.nsects):
                        # read the segment
                        seg = section_cls.from_fileobj(fh, **kw)
                        self.section_details[seg.describe()["segname"] + "," + seg.describe()["sectname"]] =\
                            {"offset":seg.describe()["offset"], "size":seg.describe()["size"],
                             "addr":seg.describe()["addr"]}
                        # if the segment has a size and is not zero filled
                        # then its beginning is the offset of this segment
                        not_zerofill = ((seg.flags & S_ZEROFILL) != S_ZEROFILL)
                        if seg.offset > 0 and seg.size > 0 and not_zerofill:
                            low_offset = min(low_offset, seg.offset)
                        if not_zerofill:
                            c = fh.tell()
                            fh.seek(seg.offset)
                            sd = fh.read(seg.size)
                            seg.add_section_data(sd)
                            fh.seek(c)
                        segs.append(seg)
                # data is a list of segments
                cmd_data = segs
            else:
                # data is a raw str
                #self.other_segment_details[LC_NAMES[cmd_load.cmd]] =
                #print(klass
                data_size = (cmd_load.cmdsize - sizeof(klass) -
                             sizeof(load_command))
                cmd_data = fh.read(data_size)
            self.cmd.append((cmd_load, cmd_cmd, cmd_data))

            read_bytes += cmd_load.cmdsize

        # make sure the header made sense
        if read_bytes != header.sizeofcmds:
            raise ValueError("Read %d bytes, header reports %d bytes" %
                             (read_bytes, header.sizeofcmds))
        self.total_size = sizeof(self.mach_header) + read_bytes
        self.low_offset = low_offset