def initName(self,f,curclassOff): f.seek(curclassOff+0x10) if self.is64bit: f.read(0x10) dataVMaddr = readVMData(f.tell(),f,self.is64bit)#vm_addr dataOffset = self.extracttool.macho_utility.getFileOffFromVmAddr(dataVMaddr) #in __DATA.__objc_const f.seek(dataOffset+0x10)#0x10 in 32bit 0x18 in 64bit if self.is64bit: f.read(0x8) nameVMaddr = readVMData(f.tell(),f,self.is64bit) cursor = f.tell() nameOffset = self.extracttool.macho_utility.getFileOffFromVmAddr(nameVMaddr) name = readStringFromOffsetOfFile(nameOffset,f) self.methods = self.initMethods(f,cursor) return name
def getIMP(self,f,offset): if self.is64bit: offset = offset + 0x10 else: offset = offset + 0x8 methodIMPVM = readVMData(typeoffset,f,self.is64bit) #name offset 0x8 byte in method struct methodIMPOffset = self.extracttool.macho_utility.getFileOffFromVmAddr(methodTypeVM) methodIMP = readStringFromOffsetOfFile(methodTypeOffset,f) return methodIMP
def extractclasses(self): results=[] sec = self.macho_utility.findSegandSecInFile("__DATA","__objc_classlist") secOffset = sec.fileoff while secOffset < sec.fileoff+sec.vmsize: with open(self.path,'rb') as f: f.seek(secOffset) curclassVM = readVMData(f.tell(),f,self.is64bit) #vm_addr curclassOff = self.macho_utility.getFileOffFromVmAddr(curclassVM) #in __DATA.__objc_data curObjc_class = Objc_Class(self,f,curclassOff,self.is64bit) results.append(curObjc_class) secOffset = secOffset + 0x4 #every 4 bytes a class in 32bit if self.is64bit: secOffset = secOffset + 0x4 #every 8 bytes a class in 64bit return results
def initMethods(self,f,methodsTableOffset): results = [] f.seek(methodsTableOffset) curMethodVM = readVMData(f.tell(),f,self.is64bit) curMethodOffset = self.extracttool.macho_utility.getFileOffFromVmAddr(curMethodVM) f.seek(curMethodOffset) entsize = int(struct.unpack('<L',f.read(4))[0]) methodCount = int(struct.unpack('<L',f.read(4))[0]) indexOfMethods = 0 cursor = f.tell() while indexOfMethods < methodCount: #pdb.set_trace() curMethod = Method(self.extracttool,f,cursor,self.is64bit) results.append(curMethod) indexOfMethods = indexOfMethods + 1 if self.is64bit: cursor = cursor + 0x8*3 else: cursor = cursor + 0x4*3 return results
def getName(self,f,offset): methodnameVM = readVMData(offset,f,self.is64bit) #name offset 0x8 byte in method struct methodnameOffset = self.extracttool.macho_utility.getFileOffFromVmAddr(methodnameVM) methodname = readStringFromOffsetOfFile(methodnameOffset,f) return methodname