def getCFAddress(addr):
outputStr = ''
section = addr.section
target = ds.getTarget()
fileAddr = addr.file_addr
executablePath = addr.module.file.fullpath
dataSection = ds.getSection(module=executablePath,
name='__DATA.__cfstring')
if dataSection is None:
return ''
size = dataSection.size
charPointerType = target.GetBasicType(lldb.eBasicTypeChar).GetPointerType()
dataArray = dataSection.data.uint64s # TODO implement 32 bit
for i, x in enumerate(dataArray):
if i % 4 != 2:
continue
if x == fileAddr:
offset = (i - 2) * 8 # TODO implement 32 bit
# size = dataArray[i + 1]
# lldb.SBData
loadAddress = dataSection.addr.GetLoadAddress(target) + offset
startAddr = target.ResolveLoadAddress(loadAddress)
straddr = target.ResolveLoadAddress(
dataSection.addr.GetLoadAddress(target) + (i * 8))
summary = target.CreateValueFromAddress('somename', straddr,
charPointerType).summary
outputStr += '[{}] {}\n'.format(
hex(startAddr.GetLoadAddress(target)), summary)
return outputStr
def generate_cstring_dict(target, command, options):
if options.module:
module_name = options.module
module = target.FindModule(lldb.SBFileSpec(module_name))
if not module.IsValid():
result.SetError(
"Unable to open module name '{}', to see list of images use 'image list -b'"
.format(module_name))
return
modules = [module]
else:
modules = target.modules
return_string = ''
error = lldb.SBError()
prog = re.compile(command)
for m in modules:
section = ds.getSection(m, '__TEXT.__cstring')
if section is None:
continue
data = section.data
dataArray = section.data.sint8s
sectionAddress = section.addr.GetLoadAddress(target)
moduleString = ''
indices = [
i for i, x in enumerate(dataArray)
if x > 1 and dataArray[i - 1] == 0 and x != 0
]
returnDict = {}
for i in indices:
cString = data.GetString(error, i)
if prog.search(cString):
returnDict[hex(sectionAddress + i)] = cString
if len(returnDict) == 0:
continue
if options.module_summary:
return_string += '{} hits in: {}\n'.format(str(len(returnDict)),
m.file.basename)
else:
moduleString = '\n' + ds.attrStr(
'****************************************************',
'cyan') + '\n{} hits in: {}'.format(
str(len(returnDict)),
ds.attrStr(m.file.basename, 'red')) + '\n' + ds.attrStr(
'****************************************************',
'cyan') + '\n'
for k, v in returnDict.iteritems():
if options.load_address:
moduleString += ds.attrStr('[' + k + ']', 'yellow') + ' '
moduleString += ds.attrStr(v, 'cyan') + '\n'
return_string += moduleString
return return_string
def handle_command(debugger, command, exe_ctx, result, internal_dict):
'''
Documentation for how to use section goes here
'''
command_args = shlex.split(command, posix=False)
parser = generate_option_parser()
try:
(options, args) = parser.parse_args(command_args)
except:
result.SetError(parser.usage)
return
# Uncomment if you are expecting at least one argument
# clean_command = shlex.split(args[0])[0]
target = exe_ctx.target
if len(args) == 0:
options.summary = True
sections = [i for i in ds.getSection()]
elif len(args) == 1:
module = args[0] if target.module[args[0]] else None
segment = args[0] if not module else None
if segment and '.' in segment:
if module:
sections = ds.getSection(module=args[0], name=None)
else:
sections = [ds.getSection(module=None, name=args[0])]
else:
# module = args[0] if target.module[args[0]] else None
options.summary = True
if module:
sections = ds.getSection(module=args[0], name=None)
elif args[0] == '__PAGEZERO' or args[0] == '__LINKEDIT':
sections = ds.getSection(module=None, name=args[0])
else:
sections = [
i for i in ds.getSection(module=None, name=args[0])
]
elif len(args) == 2:
if '.' in args[1]:
sections = [ds.getSection(args[0], args[1])]
else:
options.summary = True
sections = [i for i in ds.getSection(args[0], args[1])]
if isinstance(sections,
lldb.SBSection) and sections.GetNumSubSections() == 0:
output = str(sections)
else:
output = parseSection(sections, options, target)
result.AppendMessage(output)
def getObjcMethNameAddress(addr, target):
outputStr = ''
section = addr.section
fileAddr = addr.file_addr
executablePath = addr.module.file.fullpath
dataSection = ds.getSection(module=executablePath, name='__DATA.__objc_selrefs')
charPointerType = target.GetBasicType(lldb.eBasicTypeChar).GetPointerType()
dataArray = dataSection.data.uint64s # TODO implement 32 bit
for i, x in enumerate(dataArray):
if x != fileAddr:
continue
offset = i * 8 # TODO implement 32 bit
loadAddress = dataSection.addr.GetLoadAddress(target) + offset
startAddr = target.ResolveLoadAddress(loadAddress)
straddr = target.ResolveLoadAddress(dataSection.addr.GetLoadAddress(target) + (i * 8))
summary = target.CreateValueFromAddress('somename', straddr, charPointerType).summary
outputStr += '[{}] {}\n'.format(hex(startAddr.GetLoadAddress(target)), summary)
return outputStr
def handle_command(debugger, command, result, internal_dict):
'''
Documentation for how to use section goes here
'''
command_args = shlex.split(command, posix=False)
parser = generate_option_parser()
try:
(options, args) = parser.parse_args(command_args)
except:
result.SetError(parser.usage)
return
# Uncomment if you are expecting at least one argument
# clean_command = shlex.split(args[0])[0]
if len(args) == 0:
options.summary = True
sections = [i for i in ds.getSection()]
elif len(args) == 1:
module = args[0] if ds.getTarget().module[args[0]] else None
segment = args[0] if not module else None
if segment and '.' in segment:
if module:
sections = ds.getSection(module=args[0], name=None)
else:
sections = [ds.getSection(module=None, name=args[0])]
else:
module = args[0] if ds.getTarget().module[args[0]] else None
options.summary = True
if module:
sections = ds.getSection(module=args[0], name=None)
else:
sections = [i for i in ds.getSection(module=None, name=args[0])]
elif len(args) == 2:
if '.' in args[1]:
sections = [ds.getSection(args[0], args[1])]
else:
options.summary = True
sections = [i for i in ds.getSection(args[0], args[1])]
output = parseSection(sections, options)
result.AppendMessage(output)
def handle_command(debugger, command, result, internal_dict):
'''
Documentation for how to use xref goes here
'''
command_args = shlex.split(command, posix=False)
parser = generate_option_parser()
try:
(options, args) = parser.parse_args(command_args)
except:
result.SetError(parser.usage)
return
try:
addr = int(args[0], 16)
except:
addr = int(args[0])
target = ds.getTarget()
sbaddress = target.ResolveLoadAddress(addr)
if len(args) == 2:
module = target.module[args[1]]
else:
module = sbaddress.module
section = sbaddress.section
resolvedAddresses = []
outputStr = ''
if section.name == '__cstring':
outputStr += getCFAddress(sbaddress)
if section.name == '__objc_methname':
outputStr += getObjcMethNameAddress(sbaddress)
executablePath = module.file.fullpath
pagesizesection = ds.getSection(module.file.basename, name="__PAGEZERO")
pagesize = pagesizesection.size if pagesizesection else 0
loadOffset = ds.getSection(
module=executablePath,
name="__TEXT").addr.GetLoadAddress(target) - pagesize
searchAddr = addr - loadOffset
otoolCommand = '/usr/bin/otool -tv "{}"'.format(executablePath)
output = subprocess.Popen(otoolCommand,
stdin=subprocess.PIPE,
stderr=subprocess.PIPE,
stdout=subprocess.PIPE,
shell=True).communicate()[0]
matches = re.findall(".*rip.*\n\w+", output)
regex = re.compile(
'(?P<initial>\w+)?\t\w+\w.*[^\*](?P<offset>\-?0x\w+).*\n(?P<addr>\w+)')
for i, m in enumerate(matches):
res = regex.match(m)
if not res or not res.group('addr') or not res.group('offset'):
continue
# result.AppendMessage(m)
# result.AppendMessage(res.group('addr') + '\n')
try:
address = int(res.group('addr'), 16)
offset = int(res.group('offset'), 16)
except:
outputStr += 'error: at {} {}'.format(res.group('addr'),
res.group('offset'))
continue
potential = address + offset
if searchAddr == potential:
if res.group('initial'):
resolved = int(res.group('initial'), 16) + loadOffset
else:
resolved = int(regex.match(matches[i - 1]).group('addr'),
16) + loadOffset
a = target.ResolveLoadAddress(resolved)
resolvedAddresses.append(a)
# print("match at {}".format(hex(resolved)))
outputStr += generateAddressInfo(resolvedAddresses, options)
result.AppendMessage(outputStr)
