]> git.saurik.com Git - apple/dyld.git/blob - dyld3/MachOLoaded.cpp
dyld-625.13.tar.gz
[apple/dyld.git] / dyld3 / MachOLoaded.cpp
1 /*
2 * Copyright (c) 2017 Apple Inc. All rights reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 #include <sys/types.h>
26 #include <sys/stat.h>
27 #include <sys/errno.h>
28 #include <sys/mman.h>
29 #include <mach/mach.h>
30 #include <fcntl.h>
31 #include <stdlib.h>
32 #include <unistd.h>
33 #include <assert.h>
34 #include <mach-o/reloc.h>
35 #include <mach-o/nlist.h>
36 #include <CommonCrypto/CommonDigest.h>
37
38 #include <stdio.h>
39
40 #include "MachOLoaded.h"
41 #include "MachOFile.h"
42 #include "MachOFile.h"
43 #include "CodeSigningTypes.h"
44
45
46 #ifndef LC_BUILD_VERSION
47 #define LC_BUILD_VERSION 0x32 /* build for platform min OS version */
48
49 /*
50 * The build_version_command contains the min OS version on which this
51 * binary was built to run for its platform. The list of known platforms and
52 * tool values following it.
53 */
54 struct build_version_command {
55 uint32_t cmd; /* LC_BUILD_VERSION */
56 uint32_t cmdsize; /* sizeof(struct build_version_command) plus */
57 /* ntools * sizeof(struct build_tool_version) */
58 uint32_t platform; /* platform */
59 uint32_t minos; /* X.Y.Z is encoded in nibbles xxxx.yy.zz */
60 uint32_t sdk; /* X.Y.Z is encoded in nibbles xxxx.yy.zz */
61 uint32_t ntools; /* number of tool entries following this */
62 };
63
64 struct build_tool_version {
65 uint32_t tool; /* enum for the tool */
66 uint32_t version; /* version number of the tool */
67 };
68
69 /* Known values for the platform field above. */
70 #define PLATFORM_MACOS 1
71 #define PLATFORM_IOS 2
72 #define PLATFORM_TVOS 3
73 #define PLATFORM_WATCHOS 4
74 #define PLATFORM_BRIDGEOS 5
75
76 /* Known values for the tool field above. */
77 #define TOOL_CLANG 1
78 #define TOOL_SWIFT 2
79 #define TOOL_LD 3
80 #endif
81
82
83
84 namespace dyld3 {
85
86
87 void MachOLoaded::getLinkEditLoadCommands(Diagnostics& diag, LinkEditInfo& result) const
88 {
89 result.dyldInfo = nullptr;
90 result.symTab = nullptr;
91 result.dynSymTab = nullptr;
92 result.splitSegInfo = nullptr;
93 result.functionStarts = nullptr;
94 result.dataInCode = nullptr;
95 result.codeSig = nullptr;
96 __block bool hasUUID = false;
97 __block bool hasMinVersion = false;
98 __block bool hasEncrypt = false;
99 forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
100 switch ( cmd->cmd ) {
101 case LC_DYLD_INFO:
102 case LC_DYLD_INFO_ONLY:
103 if ( cmd->cmdsize != sizeof(dyld_info_command) )
104 diag.error("LC_DYLD_INFO load command size wrong");
105 else if ( result.dyldInfo != nullptr )
106 diag.error("multiple LC_DYLD_INFO load commands");
107 result.dyldInfo = (dyld_info_command*)cmd;
108 break;
109 case LC_SYMTAB:
110 if ( cmd->cmdsize != sizeof(symtab_command) )
111 diag.error("LC_SYMTAB load command size wrong");
112 else if ( result.symTab != nullptr )
113 diag.error("multiple LC_SYMTAB load commands");
114 result.symTab = (symtab_command*)cmd;
115 break;
116 case LC_DYSYMTAB:
117 if ( cmd->cmdsize != sizeof(dysymtab_command) )
118 diag.error("LC_DYSYMTAB load command size wrong");
119 else if ( result.dynSymTab != nullptr )
120 diag.error("multiple LC_DYSYMTAB load commands");
121 result.dynSymTab = (dysymtab_command*)cmd;
122 break;
123 case LC_SEGMENT_SPLIT_INFO:
124 if ( cmd->cmdsize != sizeof(linkedit_data_command) )
125 diag.error("LC_SEGMENT_SPLIT_INFO load command size wrong");
126 else if ( result.splitSegInfo != nullptr )
127 diag.error("multiple LC_SEGMENT_SPLIT_INFO load commands");
128 result.splitSegInfo = (linkedit_data_command*)cmd;
129 break;
130 case LC_FUNCTION_STARTS:
131 if ( cmd->cmdsize != sizeof(linkedit_data_command) )
132 diag.error("LC_FUNCTION_STARTS load command size wrong");
133 else if ( result.functionStarts != nullptr )
134 diag.error("multiple LC_FUNCTION_STARTS load commands");
135 result.functionStarts = (linkedit_data_command*)cmd;
136 break;
137 case LC_DATA_IN_CODE:
138 if ( cmd->cmdsize != sizeof(linkedit_data_command) )
139 diag.error("LC_DATA_IN_CODE load command size wrong");
140 else if ( result.dataInCode != nullptr )
141 diag.error("multiple LC_DATA_IN_CODE load commands");
142 result.dataInCode = (linkedit_data_command*)cmd;
143 break;
144 case LC_CODE_SIGNATURE:
145 if ( cmd->cmdsize != sizeof(linkedit_data_command) )
146 diag.error("LC_CODE_SIGNATURE load command size wrong");
147 else if ( result.codeSig != nullptr )
148 diag.error("multiple LC_CODE_SIGNATURE load commands");
149 result.codeSig = (linkedit_data_command*)cmd;
150 break;
151 case LC_UUID:
152 if ( cmd->cmdsize != sizeof(uuid_command) )
153 diag.error("LC_UUID load command size wrong");
154 else if ( hasUUID )
155 diag.error("multiple LC_UUID load commands");
156 hasUUID = true;
157 break;
158 case LC_VERSION_MIN_IPHONEOS:
159 case LC_VERSION_MIN_MACOSX:
160 case LC_VERSION_MIN_TVOS:
161 case LC_VERSION_MIN_WATCHOS:
162 if ( cmd->cmdsize != sizeof(version_min_command) )
163 diag.error("LC_VERSION_* load command size wrong");
164 else if ( hasMinVersion )
165 diag.error("multiple LC_VERSION_MIN_* load commands");
166 hasMinVersion = true;
167 break;
168 case LC_BUILD_VERSION:
169 if ( cmd->cmdsize != (sizeof(build_version_command) + ((build_version_command*)cmd)->ntools * sizeof(build_tool_version)) )
170 diag.error("LC_BUILD_VERSION load command size wrong");
171 else if ( hasMinVersion )
172 diag.error("LC_BUILD_VERSION cannot coexist LC_VERSION_MIN_* with load commands");
173 break;
174 case LC_ENCRYPTION_INFO:
175 if ( cmd->cmdsize != sizeof(encryption_info_command) )
176 diag.error("LC_ENCRYPTION_INFO load command size wrong");
177 else if ( hasEncrypt )
178 diag.error("multiple LC_ENCRYPTION_INFO load commands");
179 else if ( is64() )
180 diag.error("LC_ENCRYPTION_INFO found in 64-bit mach-o");
181 hasEncrypt = true;
182 break;
183 case LC_ENCRYPTION_INFO_64:
184 if ( cmd->cmdsize != sizeof(encryption_info_command_64) )
185 diag.error("LC_ENCRYPTION_INFO_64 load command size wrong");
186 else if ( hasEncrypt )
187 diag.error("multiple LC_ENCRYPTION_INFO_64 load commands");
188 else if ( !is64() )
189 diag.error("LC_ENCRYPTION_INFO_64 found in 32-bit mach-o");
190 hasEncrypt = true;
191 break;
192 }
193 });
194 if ( diag.noError() && (result.dynSymTab != nullptr) && (result.symTab == nullptr) )
195 diag.error("LC_DYSYMTAB but no LC_SYMTAB load command");
196 }
197
198 void MachOLoaded::getLinkEditPointers(Diagnostics& diag, LinkEditInfo& result) const
199 {
200 getLinkEditLoadCommands(diag, result);
201 if ( diag.noError() )
202 getLayoutInfo(result.layout);
203 }
204
205 void MachOLoaded::getLayoutInfo(LayoutInfo& result) const
206 {
207 forEachSegment(^(const SegmentInfo& info, bool& stop) {
208 if ( strcmp(info.segName, "__TEXT") == 0 ) {
209 result.textUnslidVMAddr = (uintptr_t)info.vmAddr;
210 result.slide = (uintptr_t)(((uint64_t)this) - info.vmAddr);
211 }
212 else if ( strcmp(info.segName, "__LINKEDIT") == 0 ) {
213 result.linkeditUnslidVMAddr = (uintptr_t)info.vmAddr;
214 result.linkeditFileOffset = (uint32_t)info.fileOffset;
215 result.linkeditFileSize = (uint32_t)info.fileSize;
216 result.linkeditSegIndex = info.segIndex;
217 }
218 });
219 }
220
221 bool MachOLoaded::hasExportTrie(uint32_t& runtimeOffset, uint32_t& size) const
222 {
223 runtimeOffset = 0;
224 size = 0;
225 Diagnostics diag;
226 LinkEditInfo leInfo;
227 getLinkEditPointers(diag, leInfo);
228 diag.assertNoError(); // any malformations in the file should have been caught by earlier validate() call
229 if ( diag.hasError() )
230 return false;
231 if ( leInfo.dyldInfo != nullptr ) {
232 uint32_t offsetInLinkEdit = leInfo.dyldInfo->export_off - leInfo.layout.linkeditFileOffset;
233 runtimeOffset = offsetInLinkEdit + (uint32_t)(leInfo.layout.linkeditUnslidVMAddr - leInfo.layout.textUnslidVMAddr);
234 size = leInfo.dyldInfo->export_size;
235 return true;
236 }
237 return false;
238 }
239
240
241 #if BUILDING_LIBDYLD
242 // this is only used by dlsym() at runtime. All other binding is done when the closure is built.
243 bool MachOLoaded::hasExportedSymbol(const char* symbolName, DependentToMachOLoaded finder, void** result,
244 bool* resultPointsToInstructions) const
245 {
246 typedef void* (*ResolverFunc)(void);
247 ResolverFunc resolver;
248 Diagnostics diag;
249 FoundSymbol foundInfo;
250 if ( findExportedSymbol(diag, symbolName, foundInfo, finder) ) {
251 switch ( foundInfo.kind ) {
252 case FoundSymbol::Kind::headerOffset: {
253 *result = (uint8_t*)foundInfo.foundInDylib + foundInfo.value;
254 *resultPointsToInstructions = false;
255 int64_t slide = foundInfo.foundInDylib->getSlide();
256 foundInfo.foundInDylib->forEachSection(^(const SectionInfo& sectInfo, bool malformedSectionRange, bool& stop) {
257 uint64_t sectStartAddr = sectInfo.sectAddr + slide;
258 uint64_t sectEndAddr = sectStartAddr + sectInfo.sectSize;
259 if ( ((uint64_t)*result >= sectStartAddr) && ((uint64_t)*result < sectEndAddr) ) {
260 *resultPointsToInstructions = (sectInfo.sectFlags & S_ATTR_PURE_INSTRUCTIONS) || (sectInfo.sectFlags & S_ATTR_SOME_INSTRUCTIONS);
261 stop = true;
262 }
263 });
264 break;
265 }
266 case FoundSymbol::Kind::absolute:
267 *result = (void*)(long)foundInfo.value;
268 *resultPointsToInstructions = false;
269 break;
270 case FoundSymbol::Kind::resolverOffset:
271 // foundInfo.value contains "stub".
272 // in dlsym() we want to call resolver function to get final function address
273 resolver = (ResolverFunc)((uint8_t*)foundInfo.foundInDylib + foundInfo.resolverFuncOffset);
274 *result = (*resolver)();
275 // FIXME: Set this properly
276 *resultPointsToInstructions = true;
277 break;
278 }
279 return true;
280 }
281 return false;
282 }
283 #endif // BUILDING_LIBDYLD
284
285 bool MachOLoaded::findExportedSymbol(Diagnostics& diag, const char* symbolName, FoundSymbol& foundInfo, DependentToMachOLoaded findDependent) const
286 {
287 LinkEditInfo leInfo;
288 getLinkEditPointers(diag, leInfo);
289 if ( diag.hasError() )
290 return false;
291 if ( leInfo.dyldInfo != nullptr ) {
292 const uint8_t* trieStart = getLinkEditContent(leInfo.layout, leInfo.dyldInfo->export_off);
293 const uint8_t* trieEnd = trieStart + leInfo.dyldInfo->export_size;
294 const uint8_t* node = trieWalk(diag, trieStart, trieEnd, symbolName);
295 if ( node == nullptr ) {
296 // symbol not exported from this image. Seach any re-exported dylibs
297 __block unsigned depIndex = 0;
298 __block bool foundInReExportedDylib = false;
299 forEachDependentDylib(^(const char* loadPath, bool isWeak, bool isReExport, bool isUpward, uint32_t compatVersion, uint32_t curVersion, bool& stop) {
300 if ( isReExport && findDependent ) {
301 if ( const MachOLoaded* depMH = findDependent(this, depIndex) ) {
302 if ( depMH->findExportedSymbol(diag, symbolName, foundInfo, findDependent) ) {
303 stop = true;
304 foundInReExportedDylib = true;
305 }
306 }
307 }
308 ++depIndex;
309 });
310 return foundInReExportedDylib;
311 }
312 const uint8_t* p = node;
313 const uint64_t flags = read_uleb128(diag, p, trieEnd);
314 if ( flags & EXPORT_SYMBOL_FLAGS_REEXPORT ) {
315 if ( !findDependent )
316 return false;
317 // re-export from another dylib, lookup there
318 const uint64_t ordinal = read_uleb128(diag, p, trieEnd);
319 const char* importedName = (char*)p;
320 if ( importedName[0] == '\0' )
321 importedName = symbolName;
322 if ( (ordinal == 0) || (ordinal > dependentDylibCount()) ) {
323 diag.error("re-export ordinal %lld out of range for %s", ordinal, symbolName);
324 return false;
325 }
326 uint32_t depIndex = (uint32_t)(ordinal-1);
327 if ( const MachOLoaded* depMH = findDependent(this, depIndex) ) {
328 return depMH->findExportedSymbol(diag, importedName, foundInfo, findDependent);
329 }
330 else {
331 diag.error("dependent dylib %lld not found for re-exported symbol %s", ordinal, symbolName);
332 return false;
333 }
334 }
335 foundInfo.kind = FoundSymbol::Kind::headerOffset;
336 foundInfo.isThreadLocal = false;
337 foundInfo.isWeakDef = false;
338 foundInfo.foundInDylib = this;
339 foundInfo.value = read_uleb128(diag, p, trieEnd);
340 foundInfo.resolverFuncOffset = 0;
341 foundInfo.foundSymbolName = symbolName;
342 if ( diag.hasError() )
343 return false;
344 switch ( flags & EXPORT_SYMBOL_FLAGS_KIND_MASK ) {
345 case EXPORT_SYMBOL_FLAGS_KIND_REGULAR:
346 if ( flags & EXPORT_SYMBOL_FLAGS_STUB_AND_RESOLVER ) {
347 foundInfo.kind = FoundSymbol::Kind::headerOffset;
348 foundInfo.resolverFuncOffset = (uint32_t)read_uleb128(diag, p, trieEnd);
349 }
350 else {
351 foundInfo.kind = FoundSymbol::Kind::headerOffset;
352 }
353 if ( flags & EXPORT_SYMBOL_FLAGS_WEAK_DEFINITION )
354 foundInfo.isWeakDef = true;
355 break;
356 case EXPORT_SYMBOL_FLAGS_KIND_THREAD_LOCAL:
357 foundInfo.isThreadLocal = true;
358 break;
359 case EXPORT_SYMBOL_FLAGS_KIND_ABSOLUTE:
360 foundInfo.kind = FoundSymbol::Kind::absolute;
361 break;
362 default:
363 diag.error("unsupported exported symbol kind. flags=%llu at node offset=0x%0lX", flags, (long)(node-trieStart));
364 return false;
365 }
366 return true;
367 }
368 else {
369 // this is an old binary (before macOS 10.6), scan the symbol table
370 foundInfo.foundInDylib = nullptr;
371 forEachGlobalSymbol(diag, ^(const char* aSymbolName, uint64_t n_value, uint8_t n_type, uint8_t n_sect, uint16_t n_desc, bool& stop) {
372 if ( strcmp(aSymbolName, symbolName) == 0 ) {
373 foundInfo.kind = FoundSymbol::Kind::headerOffset;
374 foundInfo.isThreadLocal = false;
375 foundInfo.foundInDylib = this;
376 foundInfo.value = n_value - leInfo.layout.textUnslidVMAddr;
377 foundInfo.resolverFuncOffset = 0;
378 foundInfo.foundSymbolName = symbolName;
379 stop = true;
380 }
381 });
382 if ( foundInfo.foundInDylib == nullptr ) {
383 // symbol not exported from this image. Search any re-exported dylibs
384 __block unsigned depIndex = 0;
385 forEachDependentDylib(^(const char* loadPath, bool isWeak, bool isReExport, bool isUpward, uint32_t compatVersion, uint32_t curVersion, bool& stop) {
386 if ( isReExport && findDependent ) {
387 if ( const MachOLoaded* depMH = findDependent(this, depIndex) ) {
388 if ( depMH->findExportedSymbol(diag, symbolName, foundInfo, findDependent) ) {
389 stop = true;
390 }
391 }
392 }
393 ++depIndex;
394 });
395 }
396 return (foundInfo.foundInDylib != nullptr);
397 }
398 }
399
400 intptr_t MachOLoaded::getSlide() const
401 {
402 Diagnostics diag;
403 __block intptr_t slide = 0;
404 forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
405 if ( cmd->cmd == LC_SEGMENT_64 ) {
406 const segment_command_64* seg = (segment_command_64*)cmd;
407 if ( strcmp(seg->segname, "__TEXT") == 0 ) {
408 slide = (uintptr_t)(((uint64_t)this) - seg->vmaddr);
409 stop = true;
410 }
411 }
412 else if ( cmd->cmd == LC_SEGMENT ) {
413 const segment_command* seg = (segment_command*)cmd;
414 if ( strcmp(seg->segname, "__TEXT") == 0 ) {
415 slide = (uintptr_t)(((uint64_t)this) - seg->vmaddr);
416 stop = true;
417 }
418 }
419 });
420 diag.assertNoError(); // any malformations in the file should have been caught by earlier validate() call
421 return slide;
422 }
423
424 const uint8_t* MachOLoaded::getLinkEditContent(const LayoutInfo& info, uint32_t fileOffset) const
425 {
426 uint32_t offsetInLinkedit = fileOffset - info.linkeditFileOffset;
427 uintptr_t linkeditStartAddr = info.linkeditUnslidVMAddr + info.slide;
428 return (uint8_t*)(linkeditStartAddr + offsetInLinkedit);
429 }
430
431
432 void MachOLoaded::forEachGlobalSymbol(Diagnostics& diag, void (^callback)(const char* symbolName, uint64_t n_value, uint8_t n_type, uint8_t n_sect, uint16_t n_desc, bool& stop)) const
433 {
434 LinkEditInfo leInfo;
435 getLinkEditPointers(diag, leInfo);
436 if ( diag.hasError() )
437 return;
438
439 const bool is64Bit = is64();
440 if ( leInfo.symTab != nullptr ) {
441 uint32_t globalsStartIndex = 0;
442 uint32_t globalsCount = leInfo.symTab->nsyms;
443 if ( leInfo.dynSymTab != nullptr ) {
444 globalsStartIndex = leInfo.dynSymTab->iextdefsym;
445 globalsCount = leInfo.dynSymTab->nextdefsym;
446 }
447 uint32_t maxStringOffset = leInfo.symTab->strsize;
448 const char* stringPool = (char*)getLinkEditContent(leInfo.layout, leInfo.symTab->stroff);
449 const struct nlist* symbols = (struct nlist*) (getLinkEditContent(leInfo.layout, leInfo.symTab->symoff));
450 const struct nlist_64* symbols64 = (struct nlist_64*)symbols;
451 bool stop = false;
452 for (uint32_t i=0; (i < globalsCount) && !stop; ++i) {
453 if ( is64Bit ) {
454 const struct nlist_64& sym = symbols64[globalsStartIndex+i];
455 if ( sym.n_un.n_strx > maxStringOffset )
456 continue;
457 if ( (sym.n_type & N_EXT) && ((sym.n_type & N_TYPE) == N_SECT) && ((sym.n_type & N_STAB) == 0) )
458 callback(&stringPool[sym.n_un.n_strx], sym.n_value, sym.n_type, sym.n_sect, sym.n_desc, stop);
459 }
460 else {
461 const struct nlist& sym = symbols[globalsStartIndex+i];
462 if ( sym.n_un.n_strx > maxStringOffset )
463 continue;
464 if ( (sym.n_type & N_EXT) && ((sym.n_type & N_TYPE) == N_SECT) && ((sym.n_type & N_STAB) == 0) )
465 callback(&stringPool[sym.n_un.n_strx], sym.n_value, sym.n_type, sym.n_sect, sym.n_desc, stop);
466 }
467 }
468 }
469 }
470
471 void MachOLoaded::forEachLocalSymbol(Diagnostics& diag, void (^callback)(const char* symbolName, uint64_t n_value, uint8_t n_type, uint8_t n_sect, uint16_t n_desc, bool& stop)) const
472 {
473 LinkEditInfo leInfo;
474 getLinkEditPointers(diag, leInfo);
475 if ( diag.hasError() )
476 return;
477
478 const bool is64Bit = is64();
479 if ( leInfo.symTab != nullptr ) {
480 uint32_t localsStartIndex = 0;
481 uint32_t localsCount = leInfo.symTab->nsyms;
482 if ( leInfo.dynSymTab != nullptr ) {
483 localsStartIndex = leInfo.dynSymTab->ilocalsym;
484 localsCount = leInfo.dynSymTab->nlocalsym;
485 }
486 uint32_t maxStringOffset = leInfo.symTab->strsize;
487 const char* stringPool = (char*)getLinkEditContent(leInfo.layout, leInfo.symTab->stroff);
488 const struct nlist* symbols = (struct nlist*) (getLinkEditContent(leInfo.layout, leInfo.symTab->symoff));
489 const struct nlist_64* symbols64 = (struct nlist_64*)(getLinkEditContent(leInfo.layout, leInfo.symTab->symoff));
490 bool stop = false;
491 for (uint32_t i=0; (i < localsCount) && !stop; ++i) {
492 if ( is64Bit ) {
493 const struct nlist_64& sym = symbols64[localsStartIndex+i];
494 if ( sym.n_un.n_strx > maxStringOffset )
495 continue;
496 if ( ((sym.n_type & N_EXT) == 0) && ((sym.n_type & N_TYPE) == N_SECT) && ((sym.n_type & N_STAB) == 0) )
497 callback(&stringPool[sym.n_un.n_strx], sym.n_value, sym.n_type, sym.n_sect, sym.n_desc, stop);
498 }
499 else {
500 const struct nlist& sym = symbols[localsStartIndex+i];
501 if ( sym.n_un.n_strx > maxStringOffset )
502 continue;
503 if ( ((sym.n_type & N_EXT) == 0) && ((sym.n_type & N_TYPE) == N_SECT) && ((sym.n_type & N_STAB) == 0) )
504 callback(&stringPool[sym.n_un.n_strx], sym.n_value, sym.n_type, sym.n_sect, sym.n_desc, stop);
505 }
506 }
507 }
508 }
509
510 uint32_t MachOLoaded::dependentDylibCount() const
511 {
512 __block uint32_t count = 0;
513 forEachDependentDylib(^(const char* loadPath, bool isWeak, bool isReExport, bool isUpward, uint32_t compatVersion, uint32_t curVersion, bool& stop) {
514 ++count;
515 });
516 return count;
517 }
518
519 const char* MachOLoaded::dependentDylibLoadPath(uint32_t depIndex) const
520 {
521 __block const char* foundLoadPath = nullptr;
522 __block uint32_t curDepIndex = 0;
523 forEachDependentDylib(^(const char* loadPath, bool isWeak, bool isReExport, bool isUpward, uint32_t compatVersion, uint32_t curVersion, bool& stop) {
524 if ( curDepIndex == depIndex ) {
525 foundLoadPath = loadPath;
526 stop = true;
527 }
528 ++curDepIndex;
529 });
530 return foundLoadPath;
531 }
532
533 const char* MachOLoaded::segmentName(uint32_t targetSegIndex) const
534 {
535 __block const char* result = nullptr;
536 forEachSegment(^(const SegmentInfo& info, bool& stop) {
537 if ( targetSegIndex == info.segIndex ) {
538 result = info.segName;
539 stop = true;
540 }
541 });
542 return result;
543 }
544
545 bool MachOLoaded::findClosestFunctionStart(uint64_t address, uint64_t* functionStartAddress) const
546 {
547 Diagnostics diag;
548 LinkEditInfo leInfo;
549 getLinkEditPointers(diag, leInfo);
550 if ( diag.hasError() )
551 return false;
552 if ( leInfo.functionStarts == nullptr )
553 return false;
554
555 const uint8_t* starts = getLinkEditContent(leInfo.layout, leInfo.functionStarts->dataoff);
556 const uint8_t* startsEnd = starts + leInfo.functionStarts->datasize;
557
558 uint64_t lastAddr = (uint64_t)(long)this;
559 uint64_t runningAddr = lastAddr;
560 while (diag.noError()) {
561 uint64_t value = read_uleb128(diag, starts, startsEnd);
562 if ( value == 0 )
563 break;
564 lastAddr = runningAddr;
565 runningAddr += value;
566 //fprintf(stderr, " addr=0x%08llX\n", runningAddr);
567 if ( runningAddr > address ) {
568 *functionStartAddress = lastAddr;
569 return true;
570 }
571 };
572
573 return false;
574 }
575
576 bool MachOLoaded::findClosestSymbol(uint64_t address, const char** symbolName, uint64_t* symbolAddr) const
577 {
578 Diagnostics diag;
579 LinkEditInfo leInfo;
580 getLinkEditPointers(diag, leInfo);
581 if ( diag.hasError() )
582 return false;
583 if ( (leInfo.symTab == nullptr) || (leInfo.dynSymTab == nullptr) )
584 return false;
585 uint64_t targetUnslidAddress = address - leInfo.layout.slide;
586
587 uint32_t maxStringOffset = leInfo.symTab->strsize;
588 const char* stringPool = (char*)getLinkEditContent(leInfo.layout, leInfo.symTab->stroff);
589 const struct nlist* symbols = (struct nlist*) (getLinkEditContent(leInfo.layout, leInfo.symTab->symoff));
590 if ( is64() ) {
591 const struct nlist_64* symbols64 = (struct nlist_64*)symbols;
592 const struct nlist_64* bestSymbol = nullptr;
593 // first walk all global symbols
594 const struct nlist_64* const globalsStart = &symbols64[leInfo.dynSymTab->iextdefsym];
595 const struct nlist_64* const globalsEnd = &globalsStart[leInfo.dynSymTab->nextdefsym];
596 for (const struct nlist_64* s = globalsStart; s < globalsEnd; ++s) {
597 if ( (s->n_type & N_TYPE) == N_SECT ) {
598 if ( bestSymbol == nullptr ) {
599 if ( s->n_value <= targetUnslidAddress )
600 bestSymbol = s;
601 }
602 else if ( (s->n_value <= targetUnslidAddress) && (bestSymbol->n_value < s->n_value) ) {
603 bestSymbol = s;
604 }
605 }
606 }
607 // next walk all local symbols
608 const struct nlist_64* const localsStart = &symbols64[leInfo.dynSymTab->ilocalsym];
609 const struct nlist_64* const localsEnd = &localsStart[leInfo.dynSymTab->nlocalsym];
610 for (const struct nlist_64* s = localsStart; s < localsEnd; ++s) {
611 if ( ((s->n_type & N_TYPE) == N_SECT) && ((s->n_type & N_STAB) == 0) ) {
612 if ( bestSymbol == nullptr ) {
613 if ( s->n_value <= targetUnslidAddress )
614 bestSymbol = s;
615 }
616 else if ( (s->n_value <= targetUnslidAddress) && (bestSymbol->n_value < s->n_value) ) {
617 bestSymbol = s;
618 }
619 }
620 }
621 if ( bestSymbol != NULL ) {
622 *symbolAddr = bestSymbol->n_value + leInfo.layout.slide;
623 if ( bestSymbol->n_un.n_strx < maxStringOffset )
624 *symbolName = &stringPool[bestSymbol->n_un.n_strx];
625 return true;
626 }
627 }
628 else {
629 const struct nlist* bestSymbol = nullptr;
630 // first walk all global symbols
631 const struct nlist* const globalsStart = &symbols[leInfo.dynSymTab->iextdefsym];
632 const struct nlist* const globalsEnd = &globalsStart[leInfo.dynSymTab->nextdefsym];
633 for (const struct nlist* s = globalsStart; s < globalsEnd; ++s) {
634 if ( (s->n_type & N_TYPE) == N_SECT ) {
635 if ( bestSymbol == nullptr ) {
636 if ( s->n_value <= targetUnslidAddress )
637 bestSymbol = s;
638 }
639 else if ( (s->n_value <= targetUnslidAddress) && (bestSymbol->n_value < s->n_value) ) {
640 bestSymbol = s;
641 }
642 }
643 }
644 // next walk all local symbols
645 const struct nlist* const localsStart = &symbols[leInfo.dynSymTab->ilocalsym];
646 const struct nlist* const localsEnd = &localsStart[leInfo.dynSymTab->nlocalsym];
647 for (const struct nlist* s = localsStart; s < localsEnd; ++s) {
648 if ( ((s->n_type & N_TYPE) == N_SECT) && ((s->n_type & N_STAB) == 0) ) {
649 if ( bestSymbol == nullptr ) {
650 if ( s->n_value <= targetUnslidAddress )
651 bestSymbol = s;
652 }
653 else if ( (s->n_value <= targetUnslidAddress) && (bestSymbol->n_value < s->n_value) ) {
654 bestSymbol = s;
655 }
656 }
657 }
658 if ( bestSymbol != nullptr ) {
659 #if __arm__
660 if ( bestSymbol->n_desc & N_ARM_THUMB_DEF )
661 *symbolAddr = (bestSymbol->n_value | 1) + leInfo.layout.slide;
662 else
663 *symbolAddr = bestSymbol->n_value + leInfo.layout.slide;
664 #else
665 *symbolAddr = bestSymbol->n_value + leInfo.layout.slide;
666 #endif
667 if ( bestSymbol->n_un.n_strx < maxStringOffset )
668 *symbolName = &stringPool[bestSymbol->n_un.n_strx];
669 return true;
670 }
671 }
672
673 return false;
674 }
675
676 const void* MachOLoaded::findSectionContent(const char* segName, const char* sectName, uint64_t& size) const
677 {
678 __block const void* result = nullptr;
679 forEachSection(^(const SectionInfo& sectInfo, bool malformedSectionRange, bool& stop) {
680 if ( (strcmp(sectInfo.sectName, sectName) == 0) && (strcmp(sectInfo.segInfo.segName, segName) == 0) ) {
681 size = sectInfo.sectSize;
682 result = (void*)(sectInfo.sectAddr + getSlide());
683 }
684 });
685 return result;
686 }
687
688
689 bool MachOLoaded::intersectsRange(uintptr_t start, uintptr_t length) const
690 {
691 __block bool result = false;
692 uintptr_t slide = getSlide();
693 forEachSegment(^(const SegmentInfo& info, bool& stop) {
694 if ( (info.vmAddr+info.vmSize+slide >= start) && (info.vmAddr+slide < start+length) )
695 result = true;
696 });
697 return result;
698 }
699
700 const uint8_t* MachOLoaded::trieWalk(Diagnostics& diag, const uint8_t* start, const uint8_t* end, const char* symbol)
701 {
702 uint32_t visitedNodeOffsets[128];
703 int visitedNodeOffsetCount = 0;
704 visitedNodeOffsets[visitedNodeOffsetCount++] = 0;
705 const uint8_t* p = start;
706 while ( p < end ) {
707 uint64_t terminalSize = *p++;
708 if ( terminalSize > 127 ) {
709 // except for re-export-with-rename, all terminal sizes fit in one byte
710 --p;
711 terminalSize = read_uleb128(diag, p, end);
712 if ( diag.hasError() )
713 return nullptr;
714 }
715 if ( (*symbol == '\0') && (terminalSize != 0) ) {
716 return p;
717 }
718 const uint8_t* children = p + terminalSize;
719 if ( children > end ) {
720 //diag.error("malformed trie node, terminalSize=0x%llX extends past end of trie\n", terminalSize);
721 return nullptr;
722 }
723 uint8_t childrenRemaining = *children++;
724 p = children;
725 uint64_t nodeOffset = 0;
726 for (; childrenRemaining > 0; --childrenRemaining) {
727 const char* ss = symbol;
728 bool wrongEdge = false;
729 // scan whole edge to get to next edge
730 // if edge is longer than target symbol name, don't read past end of symbol name
731 char c = *p;
732 while ( c != '\0' ) {
733 if ( !wrongEdge ) {
734 if ( c != *ss )
735 wrongEdge = true;
736 ++ss;
737 }
738 ++p;
739 c = *p;
740 }
741 if ( wrongEdge ) {
742 // advance to next child
743 ++p; // skip over zero terminator
744 // skip over uleb128 until last byte is found
745 while ( (*p & 0x80) != 0 )
746 ++p;
747 ++p; // skip over last byte of uleb128
748 if ( p > end ) {
749 diag.error("malformed trie node, child node extends past end of trie\n");
750 return nullptr;
751 }
752 }
753 else {
754 // the symbol so far matches this edge (child)
755 // so advance to the child's node
756 ++p;
757 nodeOffset = read_uleb128(diag, p, end);
758 if ( diag.hasError() )
759 return nullptr;
760 if ( (nodeOffset == 0) || ( &start[nodeOffset] > end) ) {
761 diag.error("malformed trie child, nodeOffset=0x%llX out of range\n", nodeOffset);
762 return nullptr;
763 }
764 symbol = ss;
765 break;
766 }
767 }
768 if ( nodeOffset != 0 ) {
769 if ( nodeOffset > (uint64_t)(end-start) ) {
770 diag.error("malformed trie child, nodeOffset=0x%llX out of range\n", nodeOffset);
771 return nullptr;
772 }
773 for (int i=0; i < visitedNodeOffsetCount; ++i) {
774 if ( visitedNodeOffsets[i] == nodeOffset ) {
775 diag.error("malformed trie child, cycle to nodeOffset=0x%llX\n", nodeOffset);
776 return nullptr;
777 }
778 }
779 visitedNodeOffsets[visitedNodeOffsetCount++] = (uint32_t)nodeOffset;
780 if ( visitedNodeOffsetCount >= 128 ) {
781 diag.error("malformed trie too deep\n");
782 return nullptr;
783 }
784 p = &start[nodeOffset];
785 }
786 else
787 p = end;
788 }
789 return nullptr;
790 }
791
792 bool MachOLoaded::cdHashOfCodeSignature(const void* codeSigStart, size_t codeSignLen, uint8_t cdHash[20]) const
793 {
794 const CS_CodeDirectory* cd = (const CS_CodeDirectory*)findCodeDirectoryBlob(codeSigStart, codeSignLen);
795 if ( cd == nullptr )
796 return false;
797
798 uint32_t cdLength = htonl(cd->length);
799 if ( cd->hashType == CS_HASHTYPE_SHA384 ) {
800 uint8_t digest[CC_SHA384_DIGEST_LENGTH];
801 CC_SHA384(cd, cdLength, digest);
802 // cd-hash of sigs that use SHA384 is the first 20 bytes of the SHA384 of the code digest
803 memcpy(cdHash, digest, 20);
804 return true;
805 }
806 else if ( (cd->hashType == CS_HASHTYPE_SHA256) || (cd->hashType == CS_HASHTYPE_SHA256_TRUNCATED) ) {
807 uint8_t digest[CC_SHA256_DIGEST_LENGTH];
808 CC_SHA256(cd, cdLength, digest);
809 // cd-hash of sigs that use SHA256 is the first 20 bytes of the SHA256 of the code digest
810 memcpy(cdHash, digest, 20);
811 return true;
812 }
813 else if ( cd->hashType == CS_HASHTYPE_SHA1 ) {
814 // compute hash directly into return buffer
815 CC_SHA1(cd, cdLength, cdHash);
816 return true;
817 }
818
819 return false;
820 }
821
822
823 // Note, this has to match the kernel
824 static const uint32_t hashPriorities[] = {
825 CS_HASHTYPE_SHA1,
826 CS_HASHTYPE_SHA256_TRUNCATED,
827 CS_HASHTYPE_SHA256,
828 CS_HASHTYPE_SHA384,
829 };
830
831 static unsigned int hash_rank(const CS_CodeDirectory *cd)
832 {
833 uint32_t type = cd->hashType;
834 for (uint32_t n = 0; n < sizeof(hashPriorities) / sizeof(hashPriorities[0]); ++n) {
835 if (hashPriorities[n] == type)
836 return n + 1;
837 }
838
839 /* not supported */
840 return 0;
841 }
842
843
844 // Note, this has to match the kernel
845 static const uint32_t hashPriorities_watchOS[] = {
846 CS_HASHTYPE_SHA1
847 };
848
849 static unsigned int hash_rank_watchOS(const CS_CodeDirectory *cd)
850 {
851 uint32_t type = cd->hashType;
852 for (uint32_t n = 0; n < sizeof(hashPriorities_watchOS) / sizeof(hashPriorities_watchOS[0]); ++n) {
853 if (hashPriorities_watchOS[n] == type)
854 return n + 1;
855 }
856
857 /* not supported */
858 return 0;
859 }
860
861 const void* MachOLoaded::findCodeDirectoryBlob(const void* codeSigStart, size_t codeSignLen) const
862 {
863 // verify min length of overall code signature
864 if ( codeSignLen < sizeof(CS_SuperBlob) )
865 return nullptr;
866
867 // verify magic at start
868 const CS_SuperBlob* codeSuperBlob = (CS_SuperBlob*)codeSigStart;
869 if ( codeSuperBlob->magic != htonl(CSMAGIC_EMBEDDED_SIGNATURE) )
870 return nullptr;
871
872 // verify count of sub-blobs not too large
873 uint32_t subBlobCount = htonl(codeSuperBlob->count);
874 if ( (codeSignLen-sizeof(CS_SuperBlob))/sizeof(CS_BlobIndex) < subBlobCount )
875 return nullptr;
876
877 // Note: The kernel currently always uses sha1 for watchOS, even if other hashes are available.
878 const bool isWatchOS = this->supportsPlatform(Platform::watchOS);
879 auto hashRankFn = isWatchOS ? &hash_rank_watchOS : &hash_rank;
880
881 // walk each sub blob, looking at ones with type CSSLOT_CODEDIRECTORY
882 const CS_CodeDirectory* bestCd = nullptr;
883 for (uint32_t i=0; i < subBlobCount; ++i) {
884 if ( codeSuperBlob->index[i].type == htonl(CSSLOT_CODEDIRECTORY) ) {
885 // Ok, this is the regular code directory
886 } else if ( codeSuperBlob->index[i].type >= htonl(CSSLOT_ALTERNATE_CODEDIRECTORIES) && codeSuperBlob->index[i].type <= htonl(CSSLOT_ALTERNATE_CODEDIRECTORY_LIMIT)) {
887 // Ok, this is the alternative code directory
888 } else {
889 continue;
890 }
891 uint32_t cdOffset = htonl(codeSuperBlob->index[i].offset);
892 // verify offset is not out of range
893 if ( cdOffset > (codeSignLen - sizeof(CS_CodeDirectory)) )
894 continue;
895 const CS_CodeDirectory* cd = (CS_CodeDirectory*)((uint8_t*)codeSuperBlob + cdOffset);
896 uint32_t cdLength = htonl(cd->length);
897 // verify code directory length not out of range
898 if ( cdLength > (codeSignLen - cdOffset) )
899 continue;
900 if ( cd->magic == htonl(CSMAGIC_CODEDIRECTORY) ) {
901 if ( !bestCd || (hashRankFn(cd) > hashRankFn(bestCd)) )
902 bestCd = cd;
903 }
904 }
905 return bestCd;
906 }
907
908
909 // Regular pointer which needs to fit in 51-bits of value.
910 // C++ RTTI uses the top bit, so we'll allow the whole top-byte
911 // and the signed-extended bottom 43-bits to be fit in to 51-bits.
912 uint64_t MachOLoaded::ChainedFixupPointerOnDisk::signExtend51(uint64_t value51)
913 {
914 uint64_t top8Bits = value51 & 0x007F80000000000ULL;
915 uint64_t bottom43Bits = value51 & 0x000007FFFFFFFFFFULL;
916 uint64_t newValue = (top8Bits << 13) | (((intptr_t)(bottom43Bits << 21) >> 21) & 0x00FFFFFFFFFFFFFF);
917 return newValue;
918 }
919
920 uint64_t MachOLoaded::ChainedFixupPointerOnDisk::PlainRebase::signExtendedTarget() const
921 {
922 return signExtend51(this->target);
923 }
924
925 uint64_t MachOLoaded::ChainedFixupPointerOnDisk::PlainBind::signExtendedAddend() const
926 {
927 uint64_t addend19 = this->addend;
928 if ( addend19 & 0x40000 )
929 return addend19 | 0xFFFFFFFFFFFC0000ULL;
930 else
931 return addend19;
932 }
933
934 const char* MachOLoaded::ChainedFixupPointerOnDisk::keyName(uint8_t keyBits)
935 {
936 static const char* names[] = {
937 "IA", "IB", "DA", "DB"
938 };
939 assert(keyBits < 4);
940 return names[keyBits];
941 }
942
943 const char* MachOLoaded::ChainedFixupPointerOnDisk::AuthRebase::keyName() const
944 {
945 return ChainedFixupPointerOnDisk::keyName(this->key);
946 }
947
948 const char* MachOLoaded::ChainedFixupPointerOnDisk::AuthBind::keyName() const
949 {
950 return ChainedFixupPointerOnDisk::keyName(this->key);
951 }
952
953
954 uint64_t MachOLoaded::ChainedFixupPointerOnDisk::signPointer(void* loc, uint64_t target) const
955 {
956 #if __has_feature(ptrauth_calls)
957 uint64_t discriminator = authBind.diversity;
958 if ( authBind.addrDiv )
959 discriminator = __builtin_ptrauth_blend_discriminator(loc, discriminator);
960 switch ( authBind.key ) {
961 case 0: // IA
962 return (uint64_t)__builtin_ptrauth_sign_unauthenticated((void*)target, 0, discriminator);
963 case 1: // IB
964 return (uint64_t)__builtin_ptrauth_sign_unauthenticated((void*)target, 1, discriminator);
965 case 2: // DA
966 return (uint64_t)__builtin_ptrauth_sign_unauthenticated((void*)target, 2, discriminator);
967 case 3: // DB
968 return (uint64_t)__builtin_ptrauth_sign_unauthenticated((void*)target, 3, discriminator);
969 }
970 #endif
971 return target;
972 }
973
974
975
976 } // namespace dyld3
977