def __init__(self):
vstruct.VStruct.__init__(self)
self.cmd = vs_prim.v_uint32() # LC_ROUTINES_64
self.cmdsize = vs_prim.v_uint32() # total size of this command
self.init_address = vs_prim.v_uint64() # address of initialization routine
self.init_module = vs_prim.v_uint64() # index into the module table that
self.reserved1 = vs_prim.vs_prim.v_uint64()
self.reserved2 = vs_prim.vs_prim.v_uint64()
self.reserved3 = vs_prim.vs_prim.v_uint64()
self.reserved4 = vs_prim.vs_prim.v_uint64()
self.reserved5 = vs_prim.vs_prim.v_uint64()
self.reserved6 = vs_prim.vs_prim.v_uint64()
def __init__(self):
vstruct.VStruct.__init__(self)
self.cmd = vs_prim.v_uint32() # LC_SEGMENT_64
self.cmdsize = vs_prim.v_uint32() # includes sizeof section_64 structs
self.segname[16] = vs_prim.v_uint8() # segment name
self.vmaddr = vs_prim.v_uint64() # memory address of this segment
self.vmsize = vs_prim.v_uint64() # memory size of this segment
self.fileoff = vs_prim.v_uint64() # file offset of this segment
self.filesize = vs_prim.v_uint64() # amount to map from the file
self.maxprot = vm_prot_t() # maximum VM protection
self.initprot = vm_prot_t() # initial VM protection
self.nsects = vs_prim.v_uint32() # number of sections in segment
self.flags = vs_prim.v_uint32() # flags
def __init__(self):
vstruct.VStruct.__init__(self)
self.sectname[16] = vs_prim.v_uint8() # name of this section
self.segname[16] = vs_prim.v_uint8() # segment this section goes in
self.addr = vs_prim.v_uint64() # memory address of this section
self.size = vs_prim.v_uint64() # size in bytes of this section
self.offset = vs_prim.v_uint32() # file offset of this section
self.align = vs_prim.v_uint32() # section alignment (power of 2)
self.reloff = vs_prim.v_uint32() # file offset of relocation entries
self.nreloc = vs_prim.v_uint32() # number of relocation entries
self.flags = vs_prim.v_uint32() # flags (section type and attributes)
self.reserved1 = vs_prim.v_uint32() # reserved (for offset or index)
self.reserved2 = vs_prim.v_uint32() # reserved (for count or sizeof)
self.reserved3 = vs_prim.v_uint32() # reserved
def __init__(self):
vstruct.VStruct.__init__(self)
# list of offsets to section headers.
# order should line up with the SECTIONS definition (see below).
self.offsets = []
# list of checksums of sections.
# order should line up with the SECTIONS definition.
self.checksums = []
self.signature = v_bytes(size=0x4) # IDA1 | IDA2
self.unk04 = v_uint16()
self.offset1 = v_uint64()
self.offset2 = v_uint64()
self.unk16 = v_uint32()
self.sig2 = v_uint32() # | DD CC BB AA |
self.version = v_uint16()
self.offset3 = v_uint64()
self.offset4 = v_uint64()
self.offset5 = v_uint64()
self.checksum1 = v_uint32()
self.checksum2 = v_uint32()
self.checksum3 = v_uint32()
self.checksum4 = v_uint32()
self.checksum5 = v_uint32()
self.offset6 = v_uint64()
self.checksum6 = v_uint32()
def __init__(self, wordsize):
vstruct.VStruct.__init__(self)
# sizeof() == 0xB (fixed)
# possible values: 0x0 - 0xC. top bit has some meaning.
self.type = v_uint8()
self.unk01 = v_uint16() # this might be the segment index + 1?
if wordsize == 4:
self.offset = v_uint32()
self.unk07 = v_uint32()
elif wordsize == 8:
self.unk03 = v_uint32()
self.unk07 = v_uint16()
self.offset = v_uint64()
else:
raise ValueError('unexpected wordsize')
def __init__(self):
vstruct.VStruct.__init__(self)
self.module_name = vs_prim.v_uint32() # the module name (index into string table)
self.iextdefsym = vs_prim.v_uint32() # index into externally defined symbols
self.nextdefsym = vs_prim.v_uint32() # number of externally defined symbols
self.irefsym = vs_prim.v_uint32() # index into reference symbol table
self.nrefsym = vs_prim.v_uint32() # number of reference symbol table entries
self.ilocalsym = vs_prim.v_uint32() # index into symbols for local symbols
self.nlocalsym = vs_prim.v_uint32() # number of local symbols
self.iextrel = vs_prim.v_uint32() # index into external relocation entries
self.nextrel = vs_prim.v_uint32() # number of external relocation entries
self.iinit_iterm = vs_prim.v_uint32() # low 16 bits are the index into the init section, high 16 bits are the index into the term section
self.ninit_nterm = vs_prim.v_uint32() # low 16 bits are the number of init section entries, high 16 bits are the number of term section entries
self.objc_module_info_size = vs_prim.v_uint32() # the (__OBJC,__module_info) section
self.objc_module_info_addr = vs_prim.v_uint64() # the (__OBJC,__module_info) section
def __init__(self):
vstruct.VStruct.__init__(self)
self.is_compressed = v_uint8()
self.length = v_uint64()
def __init__(self):
vstruct.VStruct.__init__(self)
self.alpha = p.v_uint64()
self.beta = vstruct.VStruct()
def __init__(self):
vstruct.VStruct.__init__(self)
self.alpha = p.v_uint64()
self.beta = vstruct.VStruct()
def __init__(self):
vstruct.VStruct.__init__(self)
self.compression_method = v_uint8()
self.length = v_uint64()
self.is_compressed = False
