def __init__(self): vstruct.VStruct.__init__(self) self.cmd = vs_prim.v_uint32() # LC_ROUTINES_64 self.cmdsize = vs_prim.v_uint32() # total size of this command self.init_address = vs_prim.v_uint64() # address of initialization routine self.init_module = vs_prim.v_uint64() # index into the module table that self.reserved1 = vs_prim.vs_prim.v_uint64() self.reserved2 = vs_prim.vs_prim.v_uint64() self.reserved3 = vs_prim.vs_prim.v_uint64() self.reserved4 = vs_prim.vs_prim.v_uint64() self.reserved5 = vs_prim.vs_prim.v_uint64() self.reserved6 = vs_prim.vs_prim.v_uint64()
def __init__(self): vstruct.VStruct.__init__(self) self.cmd = vs_prim.v_uint32() # LC_SEGMENT_64 self.cmdsize = vs_prim.v_uint32() # includes sizeof section_64 structs self.segname[16] = vs_prim.v_uint8() # segment name self.vmaddr = vs_prim.v_uint64() # memory address of this segment self.vmsize = vs_prim.v_uint64() # memory size of this segment self.fileoff = vs_prim.v_uint64() # file offset of this segment self.filesize = vs_prim.v_uint64() # amount to map from the file self.maxprot = vm_prot_t() # maximum VM protection self.initprot = vm_prot_t() # initial VM protection self.nsects = vs_prim.v_uint32() # number of sections in segment self.flags = vs_prim.v_uint32() # flags
def __init__(self): vstruct.VStruct.__init__(self) self.sectname[16] = vs_prim.v_uint8() # name of this section self.segname[16] = vs_prim.v_uint8() # segment this section goes in self.addr = vs_prim.v_uint64() # memory address of this section self.size = vs_prim.v_uint64() # size in bytes of this section self.offset = vs_prim.v_uint32() # file offset of this section self.align = vs_prim.v_uint32() # section alignment (power of 2) self.reloff = vs_prim.v_uint32() # file offset of relocation entries self.nreloc = vs_prim.v_uint32() # number of relocation entries self.flags = vs_prim.v_uint32() # flags (section type and attributes) self.reserved1 = vs_prim.v_uint32() # reserved (for offset or index) self.reserved2 = vs_prim.v_uint32() # reserved (for count or sizeof) self.reserved3 = vs_prim.v_uint32() # reserved
def __init__(self): vstruct.VStruct.__init__(self) # list of offsets to section headers. # order should line up with the SECTIONS definition (see below). self.offsets = [] # list of checksums of sections. # order should line up with the SECTIONS definition. self.checksums = [] self.signature = v_bytes(size=0x4) # IDA1 | IDA2 self.unk04 = v_uint16() self.offset1 = v_uint64() self.offset2 = v_uint64() self.unk16 = v_uint32() self.sig2 = v_uint32() # | DD CC BB AA | self.version = v_uint16() self.offset3 = v_uint64() self.offset4 = v_uint64() self.offset5 = v_uint64() self.checksum1 = v_uint32() self.checksum2 = v_uint32() self.checksum3 = v_uint32() self.checksum4 = v_uint32() self.checksum5 = v_uint32() self.offset6 = v_uint64() self.checksum6 = v_uint32()
def __init__(self, wordsize): vstruct.VStruct.__init__(self) # sizeof() == 0xB (fixed) # possible values: 0x0 - 0xC. top bit has some meaning. self.type = v_uint8() self.unk01 = v_uint16() # this might be the segment index + 1? if wordsize == 4: self.offset = v_uint32() self.unk07 = v_uint32() elif wordsize == 8: self.unk03 = v_uint32() self.unk07 = v_uint16() self.offset = v_uint64() else: raise ValueError('unexpected wordsize')
def __init__(self): vstruct.VStruct.__init__(self) self.module_name = vs_prim.v_uint32() # the module name (index into string table) self.iextdefsym = vs_prim.v_uint32() # index into externally defined symbols self.nextdefsym = vs_prim.v_uint32() # number of externally defined symbols self.irefsym = vs_prim.v_uint32() # index into reference symbol table self.nrefsym = vs_prim.v_uint32() # number of reference symbol table entries self.ilocalsym = vs_prim.v_uint32() # index into symbols for local symbols self.nlocalsym = vs_prim.v_uint32() # number of local symbols self.iextrel = vs_prim.v_uint32() # index into external relocation entries self.nextrel = vs_prim.v_uint32() # number of external relocation entries self.iinit_iterm = vs_prim.v_uint32() # low 16 bits are the index into the init section, high 16 bits are the index into the term section self.ninit_nterm = vs_prim.v_uint32() # low 16 bits are the number of init section entries, high 16 bits are the number of term section entries self.objc_module_info_size = vs_prim.v_uint32() # the (__OBJC,__module_info) section self.objc_module_info_addr = vs_prim.v_uint64() # the (__OBJC,__module_info) section
def __init__(self): vstruct.VStruct.__init__(self) self.is_compressed = v_uint8() self.length = v_uint64()
def __init__(self): vstruct.VStruct.__init__(self) self.alpha = p.v_uint64() self.beta = vstruct.VStruct()
def __init__(self): vstruct.VStruct.__init__(self) self.compression_method = v_uint8() self.length = v_uint64() self.is_compressed = False