def __init__(self):
vstruct.VStruct.__init__(self, bigend=True)
self.cputype = vs_prim.v_uint32() # cpu specifier (int) */
self.cpusubtype = vs_prim.v_uint32() # machine specifier (int) */
self.offset = vs_prim.v_uint32() # file offset to this object file */
self.size = vs_prim.v_uint32() # size of this object file */
self.align = vs_prim.v_uint32() # alignment as a power of 2 */
def __init__(self):
vstruct.VStruct.__init__(self)
self.cmd = vs_prim.v_uint32() # LC_ENCRYPTION_INFO
self.cmdsize = vs_prim.v_uint32() # sizeof(struct encryption_info_command)
self.cryptoff = vs_prim.v_uint32() # file offset of encrypted range
self.cryptsize = vs_prim.v_uint32() # file size of encrypted range
self.cryptid = vs_prim.v_uint32() # which enryption system, 0 means not-encrypted yet
def __init__(self):
vstruct.VStruct.__init__(self)
self.cmd = vs_prim.v_uint32() # LC_PREBOUND_DYLIB
self.cmdsize = vs_prim.v_uint32() # includes strings
self.name = lc_str() # library's path name
self.nmodules = vs_prim.v_uint32() # number of modules in library
self.linked_modules = lc_str() # bit vector of linked modules
def __init__(self):
vstruct.VStruct.__init__(self)
self.one = p.v_uint32()
self.two = NestedStruct()
self.three = p.v_uint32()
self.four = p.v_bytes(size=100)
def __init__(self):
vstruct.VStruct.__init__(self)
self.one = p.v_uint32()
self.two = NestedStruct()
self.three = p.v_uint32()
self.four = p.v_bytes(size=100)
def __init__(self, wordsize, buf=None):
vstruct.VStruct.__init__(self)
self.wordsize = wordsize
if wordsize == 4:
self.v_word = v_uint32
self.word_fmt = "I"
elif wordsize == 8:
self.v_word = v_uint64
self.word_fmt = "Q"
else:
raise RuntimeError('unexpected wordsize')
self.signature = v_bytes(size=0x04)
self.unk04 = v_uint32() # 0x3
self.non_empty = v_uint32() # (0x1 non-empty) or (0x0 empty)
self.unk0C = v_uint32() # 0x800
self.page_count = v_uint32()
self.unk14 = self.v_word() # 0x0
# this appears to actually be the number of dwords used by the names.
# so for an .i64, this is 2x the name count.
self.dword_count = v_uint32()
# set in `.pcb_dword_count` below.
self.name_count = 0
self.padding = v_bytes(size=NAM.PAGE_SIZE - (6 * 4 + wordsize))
self.buffer = v_bytes()
def __init__(self):
VStruct.__init__(self)
self.a = v_uint8()
self.b = v_uint16()
self.c = v_uint32()
self.d = v_uint8()
self.e = VArray((v_uint32(), v_uint32(), v_uint32(), v_uint32()))
def __init__(self):
vstruct.VStruct.__init__(self)
self.streamno = vp.v_size_t()
self.pTarget = vp.v_ptr()
self.pad0 = vp.v_uint32()
self.append = vp.v_uint32()
self.redir_chr_ordinal = vp.v_size_t()
self.pNext = vp.v_ptr()
def __init__(self):
vstruct.VStruct.__init__(self)
self.magic = vs_prim.v_uint32() # mach magic number identifier
self.cputype = cpu_type_t() # cpu specifier
self.cpusubtype = cpu_subtype_t() # machine specifier
self.filetype = vs_prim.v_uint32() # type of file
self.ncmds = vs_prim.v_uint32() # number of load commands
self.sizeofcmds = vs_prim.v_uint32() # the size of all the load commands
self.flags = vs_prim.v_uint32() # flags
def __init__(self):
VStruct.__init__(self)
self.opcode = v_uint32(enum=PATCH_ACTIONS)
self.action_size = v_uint32() # size of entire structure
self.pattern_size = v_uint32() # size of pattern field
self.rva = v_uint32()
self.unknown = v_uint32()
self.module_name = v_wstr(size=MAX_MODULE)
self.pattern = v_bytes(size=0)
def __init__(self):
vstruct.VStruct.__init__(self)
self.cmd = vs_prim.v_uint32() # LC_ROUTINES_64
self.cmdsize = vs_prim.v_uint32() # total size of this command
self.init_address = vs_prim.v_uint64() # address of initialization routine
self.init_module = vs_prim.v_uint64() # index into the module table that
self.reserved1 = vs_prim.vs_prim.v_uint64()
self.reserved2 = vs_prim.vs_prim.v_uint64()
self.reserved3 = vs_prim.vs_prim.v_uint64()
self.reserved4 = vs_prim.vs_prim.v_uint64()
self.reserved5 = vs_prim.vs_prim.v_uint64()
self.reserved6 = vs_prim.vs_prim.v_uint64()
def __init__(self):
vstruct.VStruct.__init__(self)
self.cmd = vs_prim.v_uint32() # LC_SEGMENT_64
self.cmdsize = vs_prim.v_uint32() # includes sizeof section_64 structs
self.segname[16] = vs_prim.v_uint8() # segment name
self.vmaddr = vs_prim.v_uint64() # memory address of this segment
self.vmsize = vs_prim.v_uint64() # memory size of this segment
self.fileoff = vs_prim.v_uint64() # file offset of this segment
self.filesize = vs_prim.v_uint64() # amount to map from the file
self.maxprot = vm_prot_t() # maximum VM protection
self.initprot = vm_prot_t() # initial VM protection
self.nsects = vs_prim.v_uint32() # number of sections in segment
self.flags = vs_prim.v_uint32() # flags
def __init__(self):
vstruct.VStruct.__init__(self)
# list of offsets to section headers.
# order should line up with the SECTIONS definition (see below).
self.offsets = []
# list of checksums of sections.
# order should line up with the SECTIONS definition.
self.checksums = []
self.signature = v_bytes(size=0x4) # IDA1 | IDA2
self.unk04 = v_uint16()
self.offset1 = v_uint64()
self.offset2 = v_uint64()
self.unk16 = v_uint32()
self.sig2 = v_uint32() # | DD CC BB AA |
self.version = v_uint16()
self.offset3 = v_uint64()
self.offset4 = v_uint64()
self.offset5 = v_uint64()
self.checksum1 = v_uint32()
self.checksum2 = v_uint32()
self.checksum3 = v_uint32()
self.checksum4 = v_uint32()
self.checksum5 = v_uint32()
self.offset6 = v_uint64()
self.checksum6 = v_uint32()
def __init__(self):
vstruct.VStruct.__init__(self)
self.foo = p.v_bytes(size=3)
self.bar = p.v_uint32()
self.baz = p.v_bytes(size=256)
self.faz = NNestedStruct()
def __init__(self, page_size):
vstruct.VStruct.__init__(self)
self.ppointer = v_uint32()
self.entry_count = v_uint16()
self.contents = v_bytes(page_size)
# ordered cache of entries, once loaded.
self._entries = []
def __init__(self):
vstruct.VStruct.__init__(self)
self.foo = p.v_bytes(size=3)
self.bar = p.v_uint32()
self.baz = p.v_bytes(size=256)
self.faz = NNestedStruct()
def __init__(self):
vstruct.VStruct.__init__(self)
self.sectname[16] = vs_prim.v_uint8() # name of this section
self.segname[16] = vs_prim.v_uint8() # segment this section goes in
self.addr = vs_prim.v_uint32() # memory address of this section
self.size = vs_prim.v_uint32() # size in bytes of this section
self.offset = vs_prim.v_uint32() # file offset of this section
self.align = vs_prim.v_uint32() # section alignment (power of 2)
self.reloff = vs_prim.v_uint32() # file offset of relocation entries
self.nreloc = vs_prim.v_uint32() # number of relocation entries
self.flags = vs_prim.v_uint32() # flags (section type and attributes)
self.reserved1 = vs_prim.v_uint32() # reserved (for offset or index)
self.reserved2 = vs_prim.v_uint32() # reserved (for count or sizeof)
def __init__(self):
vstruct.VStruct.__init__(self)
self.cmd = vs_prim.v_uint32() # LC_SYMTAB
self.cmdsize = vs_prim.v_uint32() # sizeof(struct symtab_command)
self.symoff = vs_prim.v_uint32() # symbol table offset
self.nsyms = vs_prim.v_uint32() # number of symbol table entries
self.stroff = vs_prim.v_uint32() # string table offset
self.strsize = vs_prim.v_uint32() # string table size in bytes
def __init__(self):
vstruct.VStruct.__init__(self)
self.cmd = vs_prim.v_uint32() # LC_UUID
self.cmdsize = vs_prim.v_uint32() # sizeof(struct uuid_command)
self.uuid[16] = vs_prim.v_uint8() # the 128-bit uuid
def __init__(self):
vstruct.VStruct.__init__(self)
self.cmd = vs_prim.v_uint32() # LC_SUB_UMBRELLA
self.cmdsize = vs_prim.v_uint32() # includes sub_umbrella string
self.sub_umbrella = lc_str() # the sub_umbrella framework name
def __init__(self):
vstruct.VStruct.__init__(self)
self.cmd = vs_prim.v_uint32() # LC_FVMFILE
self.cmdsize = vs_prim.v_uint32() # includes pathname string
self.name = lc_str() # files pathname
self.header_addr = vs_prim.v_uint32() # files virtual address
def __init__(self):
vstruct.VStruct.__init__(self)
self.cmd = vs_prim.v_uint32() # LC_IDENT
self.cmdsize = vs_prim.v_uint32() # strings that follow this command
def __init__(self):
vstruct.VStruct.__init__(self)
self.cmd = vs_prim.v_uint32() # LC_SYMSEG
self.cmdsize = vs_prim.v_uint32() # sizeof(struct symseg_command)
self.offset = vs_prim.v_uint32() # symbol segment offset
self.size = vs_prim.v_uint32() # symbol segment size in bytes
def __init__(self):
vstruct.VStruct.__init__(self)
self.cmd = vs_prim.v_uint32() # LC_SUB_LIBRARY
self.cmdsize = vs_prim.v_uint32() # includes sub_library string
self.sub_library = lc_str() # the sub_library name
def __init__(self):
vstruct.VStruct.__init__(self)
self.cmd = vs_prim.v_uint32() # LC_CODE_SIGNATURE or LC_SEGMENT_SPLIT_INFO
self.cmdsize = vs_prim.v_uint32() # sizeof(struct linkedit_data_command)
self.dataoff = vs_prim.v_uint32() # file offset of data in __LINKEDIT segment
self.datasize = vs_prim.v_uint32() # file size of data in __LINKEDIT segment
def __init__(self):
vstruct.VStruct.__init__(self)
self.symbol_index = vs_prim.v_uint32() # the defined external symbol (index into the symbol table)
self.module_index = vs_prim.v_uint32() # index into the module table this symbol is defined in
def __init__(self):
vstruct.VStruct.__init__(self)
self.cmd = vs_prim.v_uint32() # LC_DYSYMTAB
self.cmdsize = vs_prim.v_uint32() # sizeof(struct dysymtab_command)
self.ilocalsym = vs_prim.v_uint32() # index to local symbols
self.nlocalsym = vs_prim.v_uint32() # number of local symbols
self.iextdefsym = vs_prim.v_uint32() # index to externally defined symbols
self.nextdefsym = vs_prim.v_uint32() # number of externally defined symbols
self.iundefsym = vs_prim.v_uint32() # index to undefined symbols
self.nundefsym = vs_prim.v_uint32() # number of undefined symbols
self.tocoff = vs_prim.v_uint32() # file offset to table of contents
self.ntoc = vs_prim.v_uint32() # number of entries in table of contents
self.modtaboff = vs_prim.v_uint32() # file offset to module table
self.nmodtab = vs_prim.v_uint32() # number of module table entries
self.extrefsymoff = vs_prim.v_uint32() # offset to referenced symbol table
self.nextrefsyms = vs_prim.v_uint32() # number of referenced symbol table entries
self.indirectsymoff = vs_prim.v_uint32() # file offset to the indirect symbol table
self.nindirectsyms = vs_prim.v_uint32() # number of indirect symbol table entries
self.extreloff = vs_prim.v_uint32() # offset to external relocation entries
self.nextrel = vs_prim.v_uint32() # number of external relocation entries
self.locreloff = vs_prim.v_uint32() # offset to local relocation entries
self.nlocrel = vs_prim.v_uint32() # number of local relocation entries
def __init__(self):
vstruct.VStruct.__init__(self)
self.cmd = vs_prim.v_uint32() # LC_PREBIND_CKSUM
self.cmdsize = vs_prim.v_uint32() # sizeof(struct prebind_cksum_command)
self.cksum = vs_prim.v_uint32() # the check sum or zero
def __init__(self):
vstruct.VStruct.__init__(self)
self.itoc = vs_prim.v_uint32() # index into the table of contents
def __init__(self):
vstruct.VStruct.__init__(self)
self.cmd = vs_prim.v_uint32() # LC_TWOLEVEL_HINTS
self.cmdsize = vs_prim.v_uint32() # sizeof(struct twolevel_hints_command)
self.offset = vs_prim.v_uint32() # offset to the hint table
self.nhints = vs_prim.v_uint32() # number of hints in the hint table
def __init__(self):
vstruct.VStruct.__init__(self)
self.cmd = vs_prim.v_uint32() # LC_ID_DYLINKER or LC_LOAD_DYLINKER
self.cmdsize = vs_prim.v_uint32() # includes pathname string
self.name = lc_str() # dynamic linker's path name
def __init__(self):
vstruct.VStruct.__init__(self)
self.module_name = vs_prim.v_uint32() # the module name (index into string table)
self.iextdefsym = vs_prim.v_uint32() # index into externally defined symbols
self.nextdefsym = vs_prim.v_uint32() # number of externally defined symbols
self.irefsym = vs_prim.v_uint32() # index into reference symbol table
self.nrefsym = vs_prim.v_uint32() # number of reference symbol table entries
self.ilocalsym = vs_prim.v_uint32() # index into symbols for local symbols
self.nlocalsym = vs_prim.v_uint32() # number of local symbols
self.iextrel = vs_prim.v_uint32() # index into external relocation entries
self.nextrel = vs_prim.v_uint32() # number of external relocation entries
self.iinit_iterm = vs_prim.v_uint32() # low 16 bits are the index into the init section, high 16 bits are the index into the term section
self.ninit_nterm = vs_prim.v_uint32() # low 16 bits are the number of init section entries, high 16 bits are the number of term section entries
self.objc_module_info_size = vs_prim.v_uint32() # the (__OBJC,__module_info) section
self.objc_module_info_addr = vs_prim.v_uint64() # the (__OBJC,__module_info) section
def __init__(self):
vstruct.VStruct.__init__(self)
self.cmd = vs_prim.v_uint32() # type of load command
self.cmdsize = vs_prim.v_uint32() # total size of command in bytes
def __init__(self):
vstruct.VStruct.__init__(self)
self.cmd = vs_prim.v_uint32() # LC_RPATH
self.cmdsize = vs_prim.v_uint32() # includes string
self.path = lc_str() # path to add to run path
def __init__(self):
vstruct.VStruct.__init__(self)
self.flags = vs_prim.v_uint32() # flags to indicate the type of reference
def __init__(self):
vstruct.VStruct.__init__(self)
self.cmd = vs_prim.v_uint32() # LC_THREAD or LC_UNIXTHREAD
self.cmdsize = vs_prim.v_uint32() # total size of this command
