forked from horsicq/DIE-engine
-
Notifications
You must be signed in to change notification settings - Fork 0
/
machfile.h
185 lines (143 loc) · 6.46 KB
/
machfile.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
#ifndef MACHFILE_H
#define MACHFILE_H
#include "binary.h"
struct load_command_offset
{
uint32_t cmd; /* type of load command */
uint32_t cmdsize; /* total size of command in bytes */
uint32_t offset;
};
struct DYLIB_FULL
{
uint32_t timestamp;
uint32_t current_version;
uint32_t compatibility_version;
QString sVollName;
QString sShortName;
};
class MACHFile : public Binary
{
Q_OBJECT
public:
explicit MACHFile(QObject *parent = 0);
signals:
private slots:
public slots:
bool isValid();
bool isMACH64();
bool isReverse();
void entryPointLoad();
unsigned int getHeader_magic();
unsigned int getHeader_cputype();
unsigned int getHeader_cpusubtype();
unsigned int getHeader_filetype();
unsigned int getHeader_ncmds();
unsigned int getHeader_sizeofcmds();
unsigned int getHeader_flags();
unsigned int getHeader_reserved();
void setHeader_magic(unsigned int nValue);
void setHeader_cputype(unsigned int nValue);
void setHeader_cpusubtype(unsigned int nValue);
void setHeader_filetype(unsigned int nValue);
void setHeader_ncmds(unsigned int nValue);
void setHeader_sizeofcmds(unsigned int nValue);
void setHeader_flags(unsigned int nValue);
void setHeader_reserved(unsigned int nValue);
unsigned int getMachHeaderOffset();
unsigned int getMachHeaderSize();
unsigned int getLoadCommand_type(unsigned int nLoadCommand);
unsigned int getLoadCommand_size(unsigned int nLoadCommand);
unsigned int getLoadCommand_offset(unsigned int nLoadCommand);
bool isLoadCommandPresent(unsigned int nLoadCommand);
bool isSegmentPresent(unsigned int nSegment);
bool isSectionPresent(unsigned int nSection);
static QString loadCommandTypeToString(unsigned int nType);
unsigned int getNumberOfSegments();
unsigned int getSegmentHeaderOffset(unsigned int nSegment);
unsigned int getSegmentHeaderSize();
QString getSegment_segname32(unsigned int nSegment);
unsigned int getSegment_vmaddr32(unsigned int nSegment);
unsigned int getSegment_vmsize32(unsigned int nSegment);
unsigned int getSegment_fileoff32(unsigned int nSegment);
unsigned int getSegment_filesize32(unsigned int nSegment);
unsigned int getSegment_maxprot32(unsigned int nSegment);
unsigned int getSegment_initprot32(unsigned int nSegment);
unsigned int getSegment_nsects32(unsigned int nSegment);
unsigned int getSegment_flags32(unsigned int nSegment);
QString getSegment_segname64(unsigned int nSegment);
unsigned long long getSegment_vmaddr64(unsigned int nSegment);
unsigned long long getSegment_vmsize64(unsigned int nSegment);
unsigned long long getSegment_fileoff64(unsigned int nSegment);
unsigned long long getSegment_filesize64(unsigned int nSegment);
unsigned int getSegment_maxprot64(unsigned int nSegment);
unsigned int getSegment_initprot64(unsigned int nSegment);
unsigned int getSegment_nsects64(unsigned int nSegment);
unsigned int getSegment_flags64(unsigned int nSegment);
unsigned int getSegment_nsects(unsigned int nSegment);
unsigned int getNumberOfSections();
unsigned int getSectionHeaderOffset(unsigned int nSection);
unsigned int getSectionHeaderSize();
QString getSection_sectname32(unsigned int nSection);
QString getSection_segname32(unsigned int nSection);
unsigned int getSection_addr32(unsigned int nSection);
unsigned int getSection_size32(unsigned int nSection);
unsigned int getSection_offset32(unsigned int nSection);
unsigned int getSection_align32(unsigned int nSection);
unsigned int getSection_reloff32(unsigned int nSection);
unsigned int getSection_nreloc32(unsigned int nSection);
unsigned int getSection_flags32(unsigned int nSection);
QString getSection_sectname64(unsigned int nSection);
QString getSection_segname64(unsigned int nSection);
unsigned long long getSection_addr64(unsigned int nSection);
unsigned long long getSection_size64(unsigned int nSection);
unsigned int getSection_offset64(unsigned int nSection);
unsigned int getSection_align64(unsigned int nSection);
unsigned int getSection_reloff64(unsigned int nSection);
unsigned int getSection_nreloc64(unsigned int nSection);
unsigned int getSection_flags64(unsigned int nSection);
unsigned int RVAToOffset32(unsigned int nRVA);
unsigned int OffsetToRVA32(unsigned int nOffset);
unsigned long long OffsetToRVA64(unsigned long long nOffset);
unsigned long long RVAToOffset64(unsigned long long nRVA);
virtual unsigned long long OffsetToRVA(unsigned long long nOffset);
virtual unsigned long long RVAToOffset(unsigned long long nRVA);
unsigned int VAToOffset32(unsigned int nVA);
unsigned long long VAToOffset64(unsigned long long nVA);
virtual unsigned long long VAToOffset(unsigned long long nVA);
unsigned int OffsetToVA32(unsigned int nOffset);
unsigned long long OffsetToVA64(unsigned long long nOffset);
virtual unsigned long long OffsetToVA(unsigned long long nOffset);
unsigned long long getEntryPoint();
QList<load_command> getLoadCommands();
QList<load_command_offset> getLoadCommands_offset();
QList<segment_command> getSegmentsList32();
QList<segment_command_64> getSegmentsList64();
QList<section> getSectionsList32();
QList<section_64> getSectionsList64();
bool dumpSegment(QString sFileName,int nSegment);
bool dumpSection(QString sFileName,int nSection);
bool isSectionNamePresent(QString sSectionName);
unsigned int getSectionNumber(QString sSectionName);
bool isUUIDPresent();
QByteArray getUUID();
QString getUUIDAsString();
bool setUUID(QByteArray baUUID);
bool setUUIDFromString(QString baUUID);
QList<DYLIB_FULL> getLibs();
bool isLibraryPresent(QString sLibrary);
unsigned int getLibraryCurrentVersion(QString sLibrary);
unsigned int getSectionFileOffset(int nSection);
unsigned int getSectionFileSize(int nSection);
QString getSectionName(int nSection);
QString getSegmentName(int nSegment);
unsigned int getSegmentFileSize(int nSegment);
unsigned int getSegmentFileOffset(int nSegment);
bool compareEP(QString sSignature,unsigned int nOffset=0);
unsigned long long getEntryPointOffset();
unsigned int calculateRawSize();
unsigned int getOverlaySize();
unsigned int getOverlayOffset();
bool isOverlayPresent();
bool compareOverlay(QString sSignature,unsigned int nOffset=0);
};
#endif // MACHFILE_H