def __init__(self): vstruct.VStruct.__init__(self, bigend=True) self.cputype = vs_prim.v_uint32() # cpu specifier (int) */ self.cpusubtype = vs_prim.v_uint32() # machine specifier (int) */ self.offset = vs_prim.v_uint32() # file offset to this object file */ self.size = vs_prim.v_uint32() # size of this object file */ self.align = vs_prim.v_uint32() # alignment as a power of 2 */
def __init__(self): vstruct.VStruct.__init__(self) self.cmd = vs_prim.v_uint32() # LC_ENCRYPTION_INFO self.cmdsize = vs_prim.v_uint32() # sizeof(struct encryption_info_command) self.cryptoff = vs_prim.v_uint32() # file offset of encrypted range self.cryptsize = vs_prim.v_uint32() # file size of encrypted range self.cryptid = vs_prim.v_uint32() # which enryption system, 0 means not-encrypted yet
def __init__(self): vstruct.VStruct.__init__(self) self.cmd = vs_prim.v_uint32() # LC_PREBOUND_DYLIB self.cmdsize = vs_prim.v_uint32() # includes strings self.name = lc_str() # library's path name self.nmodules = vs_prim.v_uint32() # number of modules in library self.linked_modules = lc_str() # bit vector of linked modules
def __init__(self): vstruct.VStruct.__init__(self) self.one = p.v_uint32() self.two = NestedStruct() self.three = p.v_uint32() self.four = p.v_bytes(size=100)
def __init__(self, wordsize, buf=None): vstruct.VStruct.__init__(self) self.wordsize = wordsize if wordsize == 4: self.v_word = v_uint32 self.word_fmt = "I" elif wordsize == 8: self.v_word = v_uint64 self.word_fmt = "Q" else: raise RuntimeError('unexpected wordsize') self.signature = v_bytes(size=0x04) self.unk04 = v_uint32() # 0x3 self.non_empty = v_uint32() # (0x1 non-empty) or (0x0 empty) self.unk0C = v_uint32() # 0x800 self.page_count = v_uint32() self.unk14 = self.v_word() # 0x0 # this appears to actually be the number of dwords used by the names. # so for an .i64, this is 2x the name count. self.dword_count = v_uint32() # set in `.pcb_dword_count` below. self.name_count = 0 self.padding = v_bytes(size=NAM.PAGE_SIZE - (6 * 4 + wordsize)) self.buffer = v_bytes()
def __init__(self): VStruct.__init__(self) self.a = v_uint8() self.b = v_uint16() self.c = v_uint32() self.d = v_uint8() self.e = VArray((v_uint32(), v_uint32(), v_uint32(), v_uint32()))
def __init__(self): vstruct.VStruct.__init__(self) self.streamno = vp.v_size_t() self.pTarget = vp.v_ptr() self.pad0 = vp.v_uint32() self.append = vp.v_uint32() self.redir_chr_ordinal = vp.v_size_t() self.pNext = vp.v_ptr()
def __init__(self): vstruct.VStruct.__init__(self) self.magic = vs_prim.v_uint32() # mach magic number identifier self.cputype = cpu_type_t() # cpu specifier self.cpusubtype = cpu_subtype_t() # machine specifier self.filetype = vs_prim.v_uint32() # type of file self.ncmds = vs_prim.v_uint32() # number of load commands self.sizeofcmds = vs_prim.v_uint32() # the size of all the load commands self.flags = vs_prim.v_uint32() # flags
def __init__(self): VStruct.__init__(self) self.opcode = v_uint32(enum=PATCH_ACTIONS) self.action_size = v_uint32() # size of entire structure self.pattern_size = v_uint32() # size of pattern field self.rva = v_uint32() self.unknown = v_uint32() self.module_name = v_wstr(size=MAX_MODULE) self.pattern = v_bytes(size=0)
def __init__(self): vstruct.VStruct.__init__(self) self.cmd = vs_prim.v_uint32() # LC_ROUTINES_64 self.cmdsize = vs_prim.v_uint32() # total size of this command self.init_address = vs_prim.v_uint64() # address of initialization routine self.init_module = vs_prim.v_uint64() # index into the module table that self.reserved1 = vs_prim.vs_prim.v_uint64() self.reserved2 = vs_prim.vs_prim.v_uint64() self.reserved3 = vs_prim.vs_prim.v_uint64() self.reserved4 = vs_prim.vs_prim.v_uint64() self.reserved5 = vs_prim.vs_prim.v_uint64() self.reserved6 = vs_prim.vs_prim.v_uint64()
def __init__(self): vstruct.VStruct.__init__(self) self.cmd = vs_prim.v_uint32() # LC_SEGMENT_64 self.cmdsize = vs_prim.v_uint32() # includes sizeof section_64 structs self.segname[16] = vs_prim.v_uint8() # segment name self.vmaddr = vs_prim.v_uint64() # memory address of this segment self.vmsize = vs_prim.v_uint64() # memory size of this segment self.fileoff = vs_prim.v_uint64() # file offset of this segment self.filesize = vs_prim.v_uint64() # amount to map from the file self.maxprot = vm_prot_t() # maximum VM protection self.initprot = vm_prot_t() # initial VM protection self.nsects = vs_prim.v_uint32() # number of sections in segment self.flags = vs_prim.v_uint32() # flags
def __init__(self): vstruct.VStruct.__init__(self) # list of offsets to section headers. # order should line up with the SECTIONS definition (see below). self.offsets = [] # list of checksums of sections. # order should line up with the SECTIONS definition. self.checksums = [] self.signature = v_bytes(size=0x4) # IDA1 | IDA2 self.unk04 = v_uint16() self.offset1 = v_uint64() self.offset2 = v_uint64() self.unk16 = v_uint32() self.sig2 = v_uint32() # | DD CC BB AA | self.version = v_uint16() self.offset3 = v_uint64() self.offset4 = v_uint64() self.offset5 = v_uint64() self.checksum1 = v_uint32() self.checksum2 = v_uint32() self.checksum3 = v_uint32() self.checksum4 = v_uint32() self.checksum5 = v_uint32() self.offset6 = v_uint64() self.checksum6 = v_uint32()
def __init__(self): vstruct.VStruct.__init__(self) self.foo = p.v_bytes(size=3) self.bar = p.v_uint32() self.baz = p.v_bytes(size=256) self.faz = NNestedStruct()
def __init__(self, page_size): vstruct.VStruct.__init__(self) self.ppointer = v_uint32() self.entry_count = v_uint16() self.contents = v_bytes(page_size) # ordered cache of entries, once loaded. self._entries = []
def __init__(self): vstruct.VStruct.__init__(self) self.sectname[16] = vs_prim.v_uint8() # name of this section self.segname[16] = vs_prim.v_uint8() # segment this section goes in self.addr = vs_prim.v_uint32() # memory address of this section self.size = vs_prim.v_uint32() # size in bytes of this section self.offset = vs_prim.v_uint32() # file offset of this section self.align = vs_prim.v_uint32() # section alignment (power of 2) self.reloff = vs_prim.v_uint32() # file offset of relocation entries self.nreloc = vs_prim.v_uint32() # number of relocation entries self.flags = vs_prim.v_uint32() # flags (section type and attributes) self.reserved1 = vs_prim.v_uint32() # reserved (for offset or index) self.reserved2 = vs_prim.v_uint32() # reserved (for count or sizeof)
def __init__(self): vstruct.VStruct.__init__(self) self.cmd = vs_prim.v_uint32() # LC_SYMTAB self.cmdsize = vs_prim.v_uint32() # sizeof(struct symtab_command) self.symoff = vs_prim.v_uint32() # symbol table offset self.nsyms = vs_prim.v_uint32() # number of symbol table entries self.stroff = vs_prim.v_uint32() # string table offset self.strsize = vs_prim.v_uint32() # string table size in bytes
def __init__(self): vstruct.VStruct.__init__(self) self.cmd = vs_prim.v_uint32() # LC_UUID self.cmdsize = vs_prim.v_uint32() # sizeof(struct uuid_command) self.uuid[16] = vs_prim.v_uint8() # the 128-bit uuid
def __init__(self): vstruct.VStruct.__init__(self) self.cmd = vs_prim.v_uint32() # LC_SUB_UMBRELLA self.cmdsize = vs_prim.v_uint32() # includes sub_umbrella string self.sub_umbrella = lc_str() # the sub_umbrella framework name
def __init__(self): vstruct.VStruct.__init__(self) self.cmd = vs_prim.v_uint32() # LC_FVMFILE self.cmdsize = vs_prim.v_uint32() # includes pathname string self.name = lc_str() # files pathname self.header_addr = vs_prim.v_uint32() # files virtual address
def __init__(self): vstruct.VStruct.__init__(self) self.cmd = vs_prim.v_uint32() # LC_IDENT self.cmdsize = vs_prim.v_uint32() # strings that follow this command
def __init__(self): vstruct.VStruct.__init__(self) self.cmd = vs_prim.v_uint32() # LC_SYMSEG self.cmdsize = vs_prim.v_uint32() # sizeof(struct symseg_command) self.offset = vs_prim.v_uint32() # symbol segment offset self.size = vs_prim.v_uint32() # symbol segment size in bytes
def __init__(self): vstruct.VStruct.__init__(self) self.cmd = vs_prim.v_uint32() # LC_SUB_LIBRARY self.cmdsize = vs_prim.v_uint32() # includes sub_library string self.sub_library = lc_str() # the sub_library name
def __init__(self): vstruct.VStruct.__init__(self) self.cmd = vs_prim.v_uint32() # LC_CODE_SIGNATURE or LC_SEGMENT_SPLIT_INFO self.cmdsize = vs_prim.v_uint32() # sizeof(struct linkedit_data_command) self.dataoff = vs_prim.v_uint32() # file offset of data in __LINKEDIT segment self.datasize = vs_prim.v_uint32() # file size of data in __LINKEDIT segment
def __init__(self): vstruct.VStruct.__init__(self) self.symbol_index = vs_prim.v_uint32() # the defined external symbol (index into the symbol table) self.module_index = vs_prim.v_uint32() # index into the module table this symbol is defined in
def __init__(self): vstruct.VStruct.__init__(self) self.cmd = vs_prim.v_uint32() # LC_DYSYMTAB self.cmdsize = vs_prim.v_uint32() # sizeof(struct dysymtab_command) self.ilocalsym = vs_prim.v_uint32() # index to local symbols self.nlocalsym = vs_prim.v_uint32() # number of local symbols self.iextdefsym = vs_prim.v_uint32() # index to externally defined symbols self.nextdefsym = vs_prim.v_uint32() # number of externally defined symbols self.iundefsym = vs_prim.v_uint32() # index to undefined symbols self.nundefsym = vs_prim.v_uint32() # number of undefined symbols self.tocoff = vs_prim.v_uint32() # file offset to table of contents self.ntoc = vs_prim.v_uint32() # number of entries in table of contents self.modtaboff = vs_prim.v_uint32() # file offset to module table self.nmodtab = vs_prim.v_uint32() # number of module table entries self.extrefsymoff = vs_prim.v_uint32() # offset to referenced symbol table self.nextrefsyms = vs_prim.v_uint32() # number of referenced symbol table entries self.indirectsymoff = vs_prim.v_uint32() # file offset to the indirect symbol table self.nindirectsyms = vs_prim.v_uint32() # number of indirect symbol table entries self.extreloff = vs_prim.v_uint32() # offset to external relocation entries self.nextrel = vs_prim.v_uint32() # number of external relocation entries self.locreloff = vs_prim.v_uint32() # offset to local relocation entries self.nlocrel = vs_prim.v_uint32() # number of local relocation entries
def __init__(self): vstruct.VStruct.__init__(self) self.cmd = vs_prim.v_uint32() # LC_PREBIND_CKSUM self.cmdsize = vs_prim.v_uint32() # sizeof(struct prebind_cksum_command) self.cksum = vs_prim.v_uint32() # the check sum or zero
def __init__(self): vstruct.VStruct.__init__(self) self.itoc = vs_prim.v_uint32() # index into the table of contents
def __init__(self): vstruct.VStruct.__init__(self) self.cmd = vs_prim.v_uint32() # LC_TWOLEVEL_HINTS self.cmdsize = vs_prim.v_uint32() # sizeof(struct twolevel_hints_command) self.offset = vs_prim.v_uint32() # offset to the hint table self.nhints = vs_prim.v_uint32() # number of hints in the hint table
def __init__(self): vstruct.VStruct.__init__(self) self.cmd = vs_prim.v_uint32() # LC_ID_DYLINKER or LC_LOAD_DYLINKER self.cmdsize = vs_prim.v_uint32() # includes pathname string self.name = lc_str() # dynamic linker's path name
def __init__(self): vstruct.VStruct.__init__(self) self.module_name = vs_prim.v_uint32() # the module name (index into string table) self.iextdefsym = vs_prim.v_uint32() # index into externally defined symbols self.nextdefsym = vs_prim.v_uint32() # number of externally defined symbols self.irefsym = vs_prim.v_uint32() # index into reference symbol table self.nrefsym = vs_prim.v_uint32() # number of reference symbol table entries self.ilocalsym = vs_prim.v_uint32() # index into symbols for local symbols self.nlocalsym = vs_prim.v_uint32() # number of local symbols self.iextrel = vs_prim.v_uint32() # index into external relocation entries self.nextrel = vs_prim.v_uint32() # number of external relocation entries self.iinit_iterm = vs_prim.v_uint32() # low 16 bits are the index into the init section, high 16 bits are the index into the term section self.ninit_nterm = vs_prim.v_uint32() # low 16 bits are the number of init section entries, high 16 bits are the number of term section entries self.objc_module_info_size = vs_prim.v_uint32() # the (__OBJC,__module_info) section self.objc_module_info_addr = vs_prim.v_uint64() # the (__OBJC,__module_info) section
def __init__(self): vstruct.VStruct.__init__(self) self.cmd = vs_prim.v_uint32() # type of load command self.cmdsize = vs_prim.v_uint32() # total size of command in bytes
def __init__(self): vstruct.VStruct.__init__(self) self.cmd = vs_prim.v_uint32() # LC_RPATH self.cmdsize = vs_prim.v_uint32() # includes string self.path = lc_str() # path to add to run path
def __init__(self): vstruct.VStruct.__init__(self) self.flags = vs_prim.v_uint32() # flags to indicate the type of reference
def __init__(self): vstruct.VStruct.__init__(self) self.cmd = vs_prim.v_uint32() # LC_THREAD or LC_UNIXTHREAD self.cmdsize = vs_prim.v_uint32() # total size of this command