+/*
+ * Copyright (c) 2017 Apple Inc. All rights reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+
+
+#include <stdint.h>
+#include <string.h>
+#include <assert.h>
+#include <uuid/uuid.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <unistd.h>
+#include <sys/uio.h>
+#include <sys/param.h>
+#include <sys/sysctl.h>
+#include <sys/resource.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/mman.h>
+#include <rootless.h>
+#include <dirent.h>
+#include <mach/mach.h>
+#include <mach/machine.h>
+#include <mach-o/loader.h>
+#include <mach-o/nlist.h>
+#include <mach-o/fat.h>
+#include <mach-o/reloc.h>
+#include <mach-o/dyld_priv.h>
+#include <CommonCrypto/CommonDigest.h>
+
+#if !DYLD_IN_PROCESS
+#include <dlfcn.h>
+#endif
+
+#include "MachOParser.h"
+#include "Logging.h"
+#include "CodeSigningTypes.h"
+#include "DyldSharedCache.h"
+#include "Trie.hpp"
+
+#if DYLD_IN_PROCESS
+ #include "APIs.h"
+#else
+ #include "StringUtils.h"
+#endif
+
+
+
+#ifndef EXPORT_SYMBOL_FLAGS_KIND_ABSOLUTE
+ #define EXPORT_SYMBOL_FLAGS_KIND_ABSOLUTE 0x02
+#endif
+
+#ifndef CPU_SUBTYPE_ARM64_E
+ #define CPU_SUBTYPE_ARM64_E 2
+#endif
+
+#ifndef LC_BUILD_VERSION
+ #define LC_BUILD_VERSION 0x32 /* build for platform min OS version */
+
+ /*
+ * The build_version_command contains the min OS version on which this
+ * binary was built to run for its platform. The list of known platforms and
+ * tool values following it.
+ */
+ struct build_version_command {
+ uint32_t cmd; /* LC_BUILD_VERSION */
+ uint32_t cmdsize; /* sizeof(struct build_version_command) plus */
+ /* ntools * sizeof(struct build_tool_version) */
+ uint32_t platform; /* platform */
+ uint32_t minos; /* X.Y.Z is encoded in nibbles xxxx.yy.zz */
+ uint32_t sdk; /* X.Y.Z is encoded in nibbles xxxx.yy.zz */
+ uint32_t ntools; /* number of tool entries following this */
+ };
+
+ struct build_tool_version {
+ uint32_t tool; /* enum for the tool */
+ uint32_t version; /* version number of the tool */
+ };
+
+ /* Known values for the platform field above. */
+ #define PLATFORM_MACOS 1
+ #define PLATFORM_IOS 2
+ #define PLATFORM_TVOS 3
+ #define PLATFORM_WATCHOS 4
+ #define PLATFORM_BRIDGEOS 5
+
+ /* Known values for the tool field above. */
+ #define TOOL_CLANG 1
+ #define TOOL_SWIFT 2
+ #define TOOL_LD 3
+#endif
+
+
+namespace dyld3 {
+
+
+bool FatUtil::isFatFile(const void* fileStart)
+{
+ const fat_header* fileStartAsFat = (fat_header*)fileStart;
+ return ( fileStartAsFat->magic == OSSwapBigToHostInt32(FAT_MAGIC) );
+}
+
+/// Returns true if (addLHS + addRHS) > b, or if the add overflowed
+template<typename T>
+static bool greaterThanAddOrOverflow(uint32_t addLHS, uint32_t addRHS, T b) {
+ return (addLHS > b) || (addRHS > (b-addLHS));
+}
+
+/// Returns true if (addLHS + addRHS) > b, or if the add overflowed
+template<typename T>
+static bool greaterThanAddOrOverflow(uint64_t addLHS, uint64_t addRHS, T b) {
+ return (addLHS > b) || (addRHS > (b-addLHS));
+}
+
+void FatUtil::forEachSlice(Diagnostics& diag, const void* fileContent, size_t fileLen, void (^callback)(uint32_t sliceCpuType, uint32_t sliceCpuSubType, const void* sliceStart, size_t sliceSize, bool& stop))
+{
+ const fat_header* fh = (fat_header*)fileContent;
+ if ( fh->magic != OSSwapBigToHostInt32(FAT_MAGIC) ) {
+ diag.error("not a fat file");
+ return;
+ }
+
+ if ( OSSwapBigToHostInt32(fh->nfat_arch) > ((4096 - sizeof(fat_header)) / sizeof(fat_arch)) ) {
+ diag.error("fat header too large: %u entries", OSSwapBigToHostInt32(fh->nfat_arch));
+ }
+ const fat_arch* const archs = (fat_arch*)(((char*)fh)+sizeof(fat_header));
+ bool stop = false;
+ for (uint32_t i=0; i < OSSwapBigToHostInt32(fh->nfat_arch); ++i) {
+ uint32_t cpuType = OSSwapBigToHostInt32(archs[i].cputype);
+ uint32_t cpuSubType = OSSwapBigToHostInt32(archs[i].cpusubtype);
+ uint32_t offset = OSSwapBigToHostInt32(archs[i].offset);
+ uint32_t len = OSSwapBigToHostInt32(archs[i].size);
+ if (greaterThanAddOrOverflow(offset, len, fileLen)) {
+ diag.error("slice %d extends beyond end of file", i);
+ return;
+ }
+ callback(cpuType, cpuSubType, (uint8_t*)fileContent+offset, len, stop);
+ if ( stop )
+ break;
+ }
+}
+
+#if !DYLD_IN_PROCESS
+bool FatUtil::isFatFileWithSlice(Diagnostics& diag, const void* fileContent, size_t fileLen, const std::string& archName, size_t& sliceOffset, size_t& sliceLen, bool& missingSlice)
+{
+ missingSlice = false;
+ if ( !isFatFile(fileContent) )
+ return false;
+
+ __block bool found = false;
+ forEachSlice(diag, fileContent, fileLen, ^(uint32_t sliceCpuType, uint32_t sliceCpuSubType, const void* sliceStart, size_t sliceSize, bool& stop) {
+ std::string sliceArchName = MachOParser::archName(sliceCpuType, sliceCpuSubType);
+ if ( sliceArchName == archName ) {
+ sliceOffset = (char*)sliceStart - (char*)fileContent;
+ sliceLen = sliceSize;
+ found = true;
+ stop = true;
+ }
+ });
+ if ( diag.hasError() )
+ return false;
+
+ if ( !found )
+ missingSlice = true;
+
+ // when looking for x86_64h fallback to x86_64
+ if ( !found && (archName == "x86_64h") )
+ return isFatFileWithSlice(diag, fileContent, fileLen, "x86_64", sliceOffset, sliceLen, missingSlice);
+
+ return found;
+}
+
+#endif
+
+MachOParser::MachOParser(const mach_header* mh, bool dyldCacheIsRaw)
+{
+#if DYLD_IN_PROCESS
+ // assume all in-process mach_headers are real loaded images
+ _data = (long)mh;
+#else
+ if (mh == nullptr)
+ return;
+ _data = (long)mh;
+ if ( (mh->flags & 0x80000000) == 0 ) {
+ // asssume out-of-process mach_header not in a dyld cache are raw mapped files
+ _data |= 1;
+ }
+ else {
+ // out-of-process mach_header in a dyld cache are not raw, but cache may be raw
+ if ( dyldCacheIsRaw )
+ _data |= 2;
+ }
+#endif
+}
+
+const mach_header* MachOParser::header() const
+{
+ return (mach_header*)(_data & -4);
+}
+
+// "raw" means the whole mach-o file was mapped as one contiguous region
+// not-raw means the the mach-o file was mapped like dyld does - with zero fill expansion
+bool MachOParser::isRaw() const
+{
+ return (_data & 1);
+}
+
+// A raw dyld cache is when the whole dyld cache file is mapped in one contiguous region
+// not-raw manes the dyld cache was mapped as it is at runtime with padding between regions
+bool MachOParser::inRawCache() const
+{
+ return (_data & 2);
+}
+
+uint32_t MachOParser::fileType() const
+{
+ return header()->filetype;
+}
+
+bool MachOParser::inDyldCache() const
+{
+ return (header()->flags & 0x80000000);
+}
+
+bool MachOParser::hasThreadLocalVariables() const
+{
+ return (header()->flags & MH_HAS_TLV_DESCRIPTORS);
+}
+
+Platform MachOParser::platform() const
+{
+ Platform platform;
+ uint32_t minOS;
+ uint32_t sdk;
+ if ( getPlatformAndVersion(&platform, &minOS, &sdk) )
+ return platform;
+
+ // old binary with no explict load command to mark platform, look at arch
+ switch ( header()->cputype ) {
+ case CPU_TYPE_X86_64:
+ case CPU_TYPE_I386:
+ return Platform::macOS;
+ case CPU_TYPE_ARM64:
+ case CPU_TYPE_ARM:
+ return Platform::iOS;
+ }
+ return Platform::macOS;
+}
+
+
+#if !DYLD_IN_PROCESS
+
+const MachOParser::ArchInfo MachOParser::_s_archInfos[] = {
+ { "x86_64", CPU_TYPE_X86_64, CPU_SUBTYPE_X86_64_ALL },
+ { "x86_64h", CPU_TYPE_X86_64, CPU_SUBTYPE_X86_64_H },
+ { "i386", CPU_TYPE_I386, CPU_SUBTYPE_I386_ALL },
+ { "arm64", CPU_TYPE_ARM64, CPU_SUBTYPE_ARM64_ALL },
+ { "arm64e", CPU_TYPE_ARM64, CPU_SUBTYPE_ARM64_E },
+ { "armv7k", CPU_TYPE_ARM, CPU_SUBTYPE_ARM_V7K },
+ { "armv7s", CPU_TYPE_ARM, CPU_SUBTYPE_ARM_V7S },
+ { "armv7", CPU_TYPE_ARM, CPU_SUBTYPE_ARM_V7 }
+};
+
+bool MachOParser::isValidMachO(Diagnostics& diag, const std::string& archName, Platform platform, const void* fileContent, size_t fileLength, const std::string& pathOpened, bool ignoreMainExecutables)
+{
+ // must start with mach-o magic value
+ const mach_header* mh = (const mach_header*)fileContent;
+ if ( (mh->magic != MH_MAGIC) && (mh->magic != MH_MAGIC_64) ) {
+ diag.warning("could not use '%s' because it is not a mach-o file", pathOpened.c_str());
+ return false;
+ }
+
+ // must match requested architecture if specified
+ if (!archName.empty() && !isArch(mh, archName)) {
+ // except when looking for x86_64h, fallback to x86_64
+ if ( (archName != "x86_64h") || !isArch(mh, "x86_64") ) {
+ diag.warning("could not use '%s' because it does not contain required architecture %s", pathOpened.c_str(), archName.c_str());
+ return false;
+ }
+ }
+
+ // must be a filetype dyld can load
+ switch ( mh->filetype ) {
+ case MH_EXECUTE:
+ if ( ignoreMainExecutables )
+ return false;
+ break;
+ case MH_DYLIB:
+ case MH_BUNDLE:
+ break;
+ default:
+ diag.warning("could not use '%s' because it is not a dylib, bundle, or executable", pathOpened.c_str());
+ return false;
+ }
+
+ // must be from a file - not in the dyld shared cache
+ if ( mh->flags & 0x80000000 ) {
+ diag.warning("could not use '%s' because the high bit of mach_header flags is reserved for images in dyld cache", pathOpened.c_str());
+ return false;
+ }
+
+ // validate load commands structure
+ MachOParser parser(mh);
+ if ( !parser.validLoadCommands(diag, fileLength) )
+ return false;
+
+ // must match requested platform
+ if ( parser.platform() != platform ) {
+ diag.warning("could not use '%s' because it was built for a different platform", pathOpened.c_str());
+ return false;
+ }
+
+ // cannot be a static executable
+ if ( (mh->filetype == MH_EXECUTE) && !parser.isDynamicExecutable() ) {
+ diag.warning("could not use '%s' because it is a static executable", pathOpened.c_str());
+ return false;
+ }
+
+ // validate dylib loads
+ if ( !parser.validEmbeddedPaths(diag) )
+ return false;
+
+ // validate segments
+ if ( !parser.validSegments(diag, fileLength) )
+ return false;
+
+ // validate LINKEDIT layout
+ if ( !parser.validLinkeditLayout(diag) )
+ return false;
+
+ return true;
+}
+
+
+bool MachOParser::validLoadCommands(Diagnostics& diag, size_t fileLen)
+{
+ // check load command don't exceed file length
+ if ( header()->sizeofcmds + sizeof(mach_header_64) > fileLen ) {
+ diag.warning("load commands exceed length of file");
+ return false;
+ }
+ // walk all load commands and sanity check them
+ Diagnostics walkDiag;
+ LinkEditInfo lePointers;
+ getLinkEditLoadCommands(walkDiag, lePointers);
+ if ( walkDiag.hasError() ) {
+ diag.warning("%s", walkDiag.errorMessage().c_str());
+ return false;
+ }
+
+ // check load commands fit in TEXT segment
+ __block bool overflowText = false;
+ forEachSegment(^(const char* segName, uint32_t segFileOffset, uint32_t segFileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, bool& stop) {
+ if ( strcmp(segName, "__TEXT") == 0 ) {
+ if ( header()->sizeofcmds + sizeof(mach_header_64) > segFileSize ) {
+ diag.warning("load commands exceed length of __TEXT segment");
+ overflowText = true;
+ }
+ stop = true;
+ }
+ });
+ if ( overflowText )
+ return false;
+
+ return true;
+}
+
+bool MachOParser::validEmbeddedPaths(Diagnostics& diag)
+{
+ __block int index = 1;
+ __block bool allGood = true;
+ __block bool foundInstallName = false;
+ forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
+ const dylib_command* dylibCmd;
+ const rpath_command* rpathCmd;
+ switch ( cmd->cmd ) {
+ case LC_ID_DYLIB:
+ foundInstallName = true;
+ // fall through
+ case LC_LOAD_DYLIB:
+ case LC_LOAD_WEAK_DYLIB:
+ case LC_REEXPORT_DYLIB:
+ case LC_LOAD_UPWARD_DYLIB:
+ dylibCmd = (dylib_command*)cmd;
+ if ( dylibCmd->dylib.name.offset > cmd->cmdsize ) {
+ diag.warning("load command #%d name offset (%u) outside its size (%u)", index, dylibCmd->dylib.name.offset, cmd->cmdsize);
+ stop = true;
+ allGood = false;
+ }
+ else {
+ bool foundEnd = false;
+ const char* start = (char*)dylibCmd + dylibCmd->dylib.name.offset;
+ const char* end = (char*)dylibCmd + cmd->cmdsize;
+ for (const char* s=start; s < end; ++s) {
+ if ( *s == '\0' ) {
+ foundEnd = true;
+ break;
+ }
+ }
+ if ( !foundEnd ) {
+ diag.warning("load command #%d string extends beyond end of load command", index);
+ stop = true;
+ allGood = false;
+ }
+ }
+ break;
+ case LC_RPATH:
+ rpathCmd = (rpath_command*)cmd;
+ if ( rpathCmd->path.offset > cmd->cmdsize ) {
+ diag.warning("load command #%d path offset (%u) outside its size (%u)", index, rpathCmd->path.offset, cmd->cmdsize);
+ stop = true;
+ allGood = false;
+ }
+ else {
+ bool foundEnd = false;
+ const char* start = (char*)rpathCmd + rpathCmd->path.offset;
+ const char* end = (char*)rpathCmd + cmd->cmdsize;
+ for (const char* s=start; s < end; ++s) {
+ if ( *s == '\0' ) {
+ foundEnd = true;
+ break;
+ }
+ }
+ if ( !foundEnd ) {
+ diag.warning("load command #%d string extends beyond end of load command", index);
+ stop = true;
+ allGood = false;
+ }
+ }
+ break;
+ }
+ ++index;
+ });
+
+ if ( header()->filetype == MH_DYLIB ) {
+ if ( !foundInstallName ) {
+ diag.warning("MH_DYLIB is missing LC_ID_DYLIB");
+ allGood = false;
+ }
+ }
+ else {
+ if ( foundInstallName ) {
+ diag.warning("LC_ID_DYLIB found in non-MH_DYLIB");
+ allGood = false;
+ }
+ }
+
+ return allGood;
+}
+
+bool MachOParser::validSegments(Diagnostics& diag, size_t fileLen)
+{
+ // check segment load command size
+ __block bool badSegmentLoadCommand = false;
+ forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
+ if ( cmd->cmd == LC_SEGMENT_64 ) {
+ const segment_command_64* seg = (segment_command_64*)cmd;
+ int32_t sectionsSpace = cmd->cmdsize - sizeof(segment_command_64);
+ if ( sectionsSpace < 0 ) {
+ diag.warning("load command size too small for LC_SEGMENT_64");
+ badSegmentLoadCommand = true;
+ stop = true;
+ }
+ else if ( (sectionsSpace % sizeof(section_64)) != 0 ) {
+ diag.warning("segment load command size 0x%X will not fit whole number of sections", cmd->cmdsize);
+ badSegmentLoadCommand = true;
+ stop = true;
+ }
+ else if ( sectionsSpace != (seg->nsects * sizeof(section_64)) ) {
+ diag.warning("load command size 0x%X does not match nsects %d", cmd->cmdsize, seg->nsects);
+ badSegmentLoadCommand = true;
+ stop = true;
+ } else if (greaterThanAddOrOverflow(seg->fileoff, seg->filesize, fileLen)) {
+ diag.warning("segment load command content extends beyond end of file");
+ badSegmentLoadCommand = true;
+ stop = true;
+ } else if ( (seg->filesize > seg->vmsize) && ((seg->vmsize != 0) || ((seg->flags & SG_NORELOC) == 0)) ) {
+ // <rdar://problem/19986776> dyld should support non-allocatable __LLVM segment
+ diag.warning("segment filesize exceeds vmsize");
+ badSegmentLoadCommand = true;
+ stop = true;
+ }
+ }
+ else if ( cmd->cmd == LC_SEGMENT ) {
+ const segment_command* seg = (segment_command*)cmd;
+ int32_t sectionsSpace = cmd->cmdsize - sizeof(segment_command);
+ if ( sectionsSpace < 0 ) {
+ diag.warning("load command size too small for LC_SEGMENT");
+ badSegmentLoadCommand = true;
+ stop = true;
+ }
+ else if ( (sectionsSpace % sizeof(section)) != 0 ) {
+ diag.warning("segment load command size 0x%X will not fit whole number of sections", cmd->cmdsize);
+ badSegmentLoadCommand = true;
+ stop = true;
+ }
+ else if ( sectionsSpace != (seg->nsects * sizeof(section)) ) {
+ diag.warning("load command size 0x%X does not match nsects %d", cmd->cmdsize, seg->nsects);
+ badSegmentLoadCommand = true;
+ stop = true;
+ } else if ( (seg->filesize > seg->vmsize) && ((seg->vmsize != 0) || ((seg->flags & SG_NORELOC) == 0)) ) {
+ // <rdar://problem/19986776> dyld should support non-allocatable __LLVM segment
+ diag.warning("segment filesize exceeds vmsize");
+ badSegmentLoadCommand = true;
+ stop = true;
+ }
+ }
+ });
+ if ( badSegmentLoadCommand )
+ return false;
+
+ // check mapping permissions of segments
+ __block bool badPermissions = false;
+ __block bool badSize = false;
+ __block bool hasTEXT = false;
+ __block bool hasLINKEDIT = false;
+ forEachSegment(^(const char* segName, uint32_t segFileOffset, uint32_t segFileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, bool& stop) {
+ if ( strcmp(segName, "__TEXT") == 0 ) {
+ if ( protections != (VM_PROT_READ|VM_PROT_EXECUTE) ) {
+ diag.warning("__TEXT segment permissions is not 'r-x'");
+ badPermissions = true;
+ stop = true;
+ }
+ hasTEXT = true;
+ }
+ else if ( strcmp(segName, "__LINKEDIT") == 0 ) {
+ if ( protections != VM_PROT_READ ) {
+ diag.warning("__LINKEDIT segment permissions is not 'r--'");
+ badPermissions = true;
+ stop = true;
+ }
+ hasLINKEDIT = true;
+ }
+ else if ( (protections & 0xFFFFFFF8) != 0 ) {
+ diag.warning("%s segment permissions has invalid bits set", segName);
+ badPermissions = true;
+ stop = true;
+ }
+ if (greaterThanAddOrOverflow(segFileOffset, segFileSize, fileLen)) {
+ diag.warning("%s segment content extends beyond end of file", segName);
+ badSize = true;
+ stop = true;
+ }
+ if ( is64() ) {
+ if ( vmAddr+vmSize < vmAddr ) {
+ diag.warning("%s segment vm range wraps", segName);
+ badSize = true;
+ stop = true;
+ }
+ }
+ else {
+ if ( (uint32_t)(vmAddr+vmSize) < (uint32_t)(vmAddr) ) {
+ diag.warning("%s segment vm range wraps", segName);
+ badSize = true;
+ stop = true;
+ }
+ }
+ });
+ if ( badPermissions || badSize )
+ return false;
+ if ( !hasTEXT ) {
+ diag.warning("missing __TEXT segment");
+ return false;
+ }
+ if ( !hasLINKEDIT ) {
+ diag.warning("missing __LINKEDIT segment");
+ return false;
+ }
+
+ // check for overlapping segments
+ __block bool badSegments = false;
+ forEachSegment(^(const char* seg1Name, uint32_t seg1FileOffset, uint32_t seg1FileSize, uint64_t seg1vmAddr, uint64_t seg1vmSize, uint8_t seg1Protections, uint32_t seg1Index, uint64_t seg1SizeOfSections, uint8_t seg1Align, bool& stop1) {
+ uint64_t seg1vmEnd = seg1vmAddr + seg1vmSize;
+ uint32_t seg1FileEnd = seg1FileOffset + seg1FileSize;
+ forEachSegment(^(const char* seg2Name, uint32_t seg2FileOffset, uint32_t seg2FileSize, uint64_t seg2vmAddr, uint64_t seg2vmSize, uint8_t seg2Protections, uint32_t seg2Index, uint64_t seg2SizeOfSections, uint8_t seg2Align, bool& stop2) {
+ if ( seg1Index == seg2Index )
+ return;
+ uint64_t seg2vmEnd = seg2vmAddr + seg2vmSize;
+ uint32_t seg2FileEnd = seg2FileOffset + seg2FileSize;
+ if ( ((seg2vmAddr <= seg1vmAddr) && (seg2vmEnd > seg1vmAddr) && (seg1vmEnd > seg1vmAddr)) || ((seg2vmAddr >= seg1vmAddr) && (seg2vmAddr < seg1vmEnd) && (seg2vmEnd > seg2vmAddr)) ) {
+ diag.warning("segment %s vm range overlaps segment %s", seg1Name, seg2Name);
+ badSegments = true;
+ stop1 = true;
+ stop2 = true;
+ }
+ if ( ((seg2FileOffset <= seg1FileOffset) && (seg2FileEnd > seg1FileOffset) && (seg1FileEnd > seg1FileOffset)) || ((seg2FileOffset >= seg1FileOffset) && (seg2FileOffset < seg1FileEnd) && (seg2FileEnd > seg2FileOffset)) ) {
+ diag.warning("segment %s file content overlaps segment %s", seg1Name, seg2Name);
+ badSegments = true;
+ stop1 = true;
+ stop2 = true;
+ }
+ // check for out of order segments
+ if ( (seg1Index < seg2Index) && !stop1 ) {
+ if ( (seg1vmAddr > seg2vmAddr) || ((seg1FileOffset > seg2FileOffset) && (seg1FileOffset != 0) && (seg2FileOffset != 0)) ){
+ diag.warning("segment load commands out of order with respect to layout for %s and %s", seg1Name, seg2Name);
+ badSegments = true;
+ stop1 = true;
+ stop2 = true;
+ }
+ }
+ });
+ });
+ if ( badSegments )
+ return false;
+
+ // check sections are within segment
+ __block bool badSections = false;
+ forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
+ if ( cmd->cmd == LC_SEGMENT_64 ) {
+ const segment_command_64* seg = (segment_command_64*)cmd;
+ const section_64* const sectionsStart = (section_64*)((char*)seg + sizeof(struct segment_command_64));
+ const section_64* const sectionsEnd = §ionsStart[seg->nsects];
+ for (const section_64* sect=sectionsStart; (sect < sectionsEnd); ++sect) {
+ if ( (int64_t)(sect->size) < 0 ) {
+ diag.warning("section %s size too large 0x%llX", sect->sectname, sect->size);
+ badSections = true;
+ }
+ else if ( sect->addr < seg->vmaddr ) {
+ diag.warning("section %s start address 0x%llX is before containing segment's address 0x%0llX", sect->sectname, sect->addr, seg->vmaddr);
+ badSections = true;
+ }
+ else if ( sect->addr+sect->size > seg->vmaddr+seg->vmsize ) {
+ diag.warning("section %s end address 0x%llX is beyond containing segment's end address 0x%0llX", sect->sectname, sect->addr+sect->size, seg->vmaddr+seg->vmsize);
+ badSections = true;
+ }
+ }
+ }
+ else if ( cmd->cmd == LC_SEGMENT ) {
+ const segment_command* seg = (segment_command*)cmd;
+ const section* const sectionsStart = (section*)((char*)seg + sizeof(struct segment_command));
+ const section* const sectionsEnd = §ionsStart[seg->nsects];
+ for (const section* sect=sectionsStart; !stop && (sect < sectionsEnd); ++sect) {
+ if ( (int64_t)(sect->size) < 0 ) {
+ diag.warning("section %s size too large 0x%X", sect->sectname, sect->size);
+ badSections = true;
+ }
+ else if ( sect->addr < seg->vmaddr ) {
+ diag.warning("section %s start address 0x%X is before containing segment's address 0x%0X", sect->sectname, sect->addr, seg->vmaddr);
+ badSections = true;
+ }
+ else if ( sect->addr+sect->size > seg->vmaddr+seg->vmsize ) {
+ diag.warning("section %s end address 0x%X is beyond containing segment's end address 0x%0X", sect->sectname, sect->addr+sect->size, seg->vmaddr+seg->vmsize);
+ badSections = true;
+ }
+ }
+ }
+ });
+
+ return !badSections;
+}
+
+struct LinkEditContent
+{
+ const char* name;
+ uint32_t stdOrder;
+ uint32_t fileOffsetStart;
+ uint32_t size;
+};
+
+
+
+bool MachOParser::validLinkeditLayout(Diagnostics& diag)
+{
+ LinkEditInfo leInfo;
+ getLinkEditPointers(diag, leInfo);
+ if ( diag.hasError() )
+ return false;
+ const bool is64Bit = is64();
+ const uint32_t pointerSize = (is64Bit ? 8 : 4);
+
+ // build vector of all blobs in LINKEDIT
+ std::vector<LinkEditContent> blobs;
+ if ( leInfo.dyldInfo != nullptr ) {
+ if ( leInfo.dyldInfo->rebase_size != 0 )
+ blobs.push_back({"rebase opcodes", 1, leInfo.dyldInfo->rebase_off, leInfo.dyldInfo->rebase_size});
+ if ( leInfo.dyldInfo->bind_size != 0 )
+ blobs.push_back({"bind opcodes", 2, leInfo.dyldInfo->bind_off, leInfo.dyldInfo->bind_size});
+ if ( leInfo.dyldInfo->weak_bind_size != 0 )
+ blobs.push_back({"weak bind opcodes", 3, leInfo.dyldInfo->weak_bind_off, leInfo.dyldInfo->weak_bind_size});
+ if ( leInfo.dyldInfo->lazy_bind_size != 0 )
+ blobs.push_back({"lazy bind opcodes", 4, leInfo.dyldInfo->lazy_bind_off, leInfo.dyldInfo->lazy_bind_size});
+ if ( leInfo.dyldInfo->export_size!= 0 )
+ blobs.push_back({"exports trie", 5, leInfo.dyldInfo->export_off, leInfo.dyldInfo->export_size});
+ }
+ if ( leInfo.dynSymTab != nullptr ) {
+ if ( leInfo.dynSymTab->nlocrel != 0 )
+ blobs.push_back({"local relocations", 6, leInfo.dynSymTab->locreloff, static_cast<uint32_t>(leInfo.dynSymTab->nlocrel*sizeof(relocation_info))});
+ if ( leInfo.dynSymTab->nextrel != 0 )
+ blobs.push_back({"external relocations", 11, leInfo.dynSymTab->extreloff, static_cast<uint32_t>(leInfo.dynSymTab->nextrel*sizeof(relocation_info))});
+ if ( leInfo.dynSymTab->nindirectsyms != 0 )
+ blobs.push_back({"indirect symbol table", 12, leInfo.dynSymTab->indirectsymoff, leInfo.dynSymTab->nindirectsyms*4});
+ }
+ if ( leInfo.splitSegInfo != nullptr ) {
+ if ( leInfo.splitSegInfo->datasize != 0 )
+ blobs.push_back({"shared cache info", 6, leInfo.splitSegInfo->dataoff, leInfo.splitSegInfo->datasize});
+ }
+ if ( leInfo.functionStarts != nullptr ) {
+ if ( leInfo.functionStarts->datasize != 0 )
+ blobs.push_back({"function starts", 7, leInfo.functionStarts->dataoff, leInfo.functionStarts->datasize});
+ }
+ if ( leInfo.dataInCode != nullptr ) {
+ if ( leInfo.dataInCode->datasize != 0 )
+ blobs.push_back({"data in code", 8, leInfo.dataInCode->dataoff, leInfo.dataInCode->datasize});
+ }
+ if ( leInfo.symTab != nullptr ) {
+ if ( leInfo.symTab->nsyms != 0 )
+ blobs.push_back({"symbol table", 10, leInfo.symTab->symoff, static_cast<uint32_t>(leInfo.symTab->nsyms*(is64Bit ? sizeof(nlist_64) : sizeof(struct nlist)))});
+ if ( leInfo.symTab->strsize != 0 )
+ blobs.push_back({"symbol table strings", 20, leInfo.symTab->stroff, leInfo.symTab->strsize});
+ }
+ if ( leInfo.codeSig != nullptr ) {
+ if ( leInfo.codeSig->datasize != 0 )
+ blobs.push_back({"code signature", 21, leInfo.codeSig->dataoff, leInfo.codeSig->datasize});
+ }
+
+ // check for bad combinations
+ if ( (leInfo.dyldInfo != nullptr) && (leInfo.dyldInfo->cmd == LC_DYLD_INFO_ONLY) && (leInfo.dynSymTab != nullptr) ) {
+ if ( leInfo.dynSymTab->nlocrel != 0 ) {
+ diag.error("malformed mach-o contains LC_DYLD_INFO_ONLY and local relocations");
+ return false;
+ }
+ if ( leInfo.dynSymTab->nextrel != 0 ) {
+ diag.error("malformed mach-o contains LC_DYLD_INFO_ONLY and external relocations");
+ return false;
+ }
+ }
+ if ( (leInfo.dyldInfo == nullptr) && (leInfo.dynSymTab == nullptr) ) {
+ diag.error("malformed mach-o misssing LC_DYLD_INFO and LC_DYSYMTAB");
+ return false;
+ }
+ if ( blobs.empty() ) {
+ diag.error("malformed mach-o misssing LINKEDIT");
+ return false;
+ }
+
+ // sort vector by file offset and error on overlaps
+ std::sort(blobs.begin(), blobs.end(), [&](const LinkEditContent& a, const LinkEditContent& b) {
+ return a.fileOffsetStart < b.fileOffsetStart;
+ });
+ uint32_t prevEnd = (uint32_t)(leInfo.layout.segments[leInfo.layout.linkeditSegIndex].fileOffset);
+ const char* prevName = "start of LINKEDIT";
+ for (const LinkEditContent& blob : blobs) {
+ if ( blob.fileOffsetStart < prevEnd ) {
+ diag.error("LINKEDIT overlap of %s and %s", prevName, blob.name);
+ return false;
+ }
+ prevEnd = blob.fileOffsetStart + blob.size;
+ prevName = blob.name;
+ }
+ const LinkEditContent& lastBlob = blobs.back();
+ uint32_t linkeditFileEnd = (uint32_t)(leInfo.layout.segments[leInfo.layout.linkeditSegIndex].fileOffset + leInfo.layout.segments[leInfo.layout.linkeditSegIndex].fileSize);
+ if (greaterThanAddOrOverflow(lastBlob.fileOffsetStart, lastBlob.size, linkeditFileEnd)) {
+ diag.error("LINKEDIT content '%s' extends beyond end of segment", lastBlob.name);
+ return false;
+ }
+
+ // sort vector by order and warn on non standard order or mis-alignment
+ std::sort(blobs.begin(), blobs.end(), [&](const LinkEditContent& a, const LinkEditContent& b) {
+ return a.stdOrder < b.stdOrder;
+ });
+ prevEnd = (uint32_t)(leInfo.layout.segments[leInfo.layout.linkeditSegIndex].fileOffset);
+ prevName = "start of LINKEDIT";
+ for (const LinkEditContent& blob : blobs) {
+ if ( ((blob.fileOffsetStart & (pointerSize-1)) != 0) && (blob.stdOrder != 20) ) // ok for "symbol table strings" to be mis-aligned
+ diag.warning("mis-aligned LINKEDIT content '%s'", blob.name);
+ if ( blob.fileOffsetStart < prevEnd ) {
+ diag.warning("LINKEDIT out of order %s", blob.name);
+ }
+ prevEnd = blob.fileOffsetStart;
+ prevName = blob.name;
+ }
+
+ // Check for invalid symbol table sizes
+ if ( leInfo.symTab != nullptr ) {
+ if ( leInfo.symTab->nsyms > 0x10000000 ) {
+ diag.error("malformed mach-o image: symbol table too large");
+ return false;
+ }
+ if ( leInfo.dynSymTab != nullptr ) {
+ // validate indirect symbol table
+ if ( leInfo.dynSymTab->nindirectsyms != 0 ) {
+ if ( leInfo.dynSymTab->nindirectsyms > 0x10000000 ) {
+ diag.error("malformed mach-o image: indirect symbol table too large");
+ return false;
+ }
+ }
+ if ( (leInfo.dynSymTab->nlocalsym > leInfo.symTab->nsyms) || (leInfo.dynSymTab->ilocalsym > leInfo.symTab->nsyms) ) {
+ diag.error("malformed mach-o image: indirect symbol table local symbol count exceeds total symbols");
+ return false;
+ }
+ if ( leInfo.dynSymTab->ilocalsym + leInfo.dynSymTab->nlocalsym < leInfo.dynSymTab->ilocalsym ) {
+ diag.error("malformed mach-o image: indirect symbol table local symbol count wraps");
+ return false;
+ }
+ if ( (leInfo.dynSymTab->nextdefsym > leInfo.symTab->nsyms) || (leInfo.dynSymTab->iextdefsym > leInfo.symTab->nsyms) ) {
+ diag.error("malformed mach-o image: indirect symbol table extern symbol count exceeds total symbols");
+ return false;
+ }
+ if ( leInfo.dynSymTab->iextdefsym + leInfo.dynSymTab->nextdefsym < leInfo.dynSymTab->iextdefsym ) {
+ diag.error("malformed mach-o image: indirect symbol table extern symbol count wraps");
+ return false;
+ }
+ if ( (leInfo.dynSymTab->nundefsym > leInfo.symTab->nsyms) || (leInfo.dynSymTab->iundefsym > leInfo.symTab->nsyms) ) {
+ diag.error("malformed mach-o image: indirect symbol table undefined symbol count exceeds total symbols");
+ return false;
+ }
+ if ( leInfo.dynSymTab->iundefsym + leInfo.dynSymTab->nundefsym < leInfo.dynSymTab->iundefsym ) {
+ diag.error("malformed mach-o image: indirect symbol table undefined symbol count wraps");
+ return false;
+ }
+ }
+ }
+
+ return true;
+}
+
+bool MachOParser::isArch(const mach_header* mh, const std::string& archName)
+{
+ for (const ArchInfo& info : _s_archInfos) {
+ if ( archName == info.name ) {
+ return ( (mh->cputype == info.cputype) && ((mh->cpusubtype & ~CPU_SUBTYPE_MASK) == info.cpusubtype) );
+ }
+ }
+ return false;
+}
+
+
+std::string MachOParser::archName(uint32_t cputype, uint32_t cpusubtype)
+{
+ for (const ArchInfo& info : _s_archInfos) {
+ if ( (cputype == info.cputype) && ((cpusubtype & ~CPU_SUBTYPE_MASK) == info.cpusubtype) ) {
+ return info.name;
+ }
+ }
+ return "unknown";
+}
+
+uint32_t MachOParser::cpuTypeFromArchName(const std::string& archName)
+{
+ for (const ArchInfo& info : _s_archInfos) {
+ if ( archName == info.name ) {
+ return info.cputype;
+ }
+ }
+ return 0;
+}
+
+uint32_t MachOParser::cpuSubtypeFromArchName(const std::string& archName)
+{
+ for (const ArchInfo& info : _s_archInfos) {
+ if ( archName == info.name ) {
+ return info.cpusubtype;
+ }
+ }
+ return 0;
+}
+
+std::string MachOParser::archName() const
+{
+ return archName(header()->cputype, header()->cpusubtype);
+}
+
+std::string MachOParser::platformName(Platform platform)
+{
+ switch ( platform ) {
+ case Platform::unknown:
+ return "unknown";
+ case Platform::macOS:
+ return "macOS";
+ case Platform::iOS:
+ return "iOS";
+ case Platform::tvOS:
+ return "tvOS";
+ case Platform::watchOS:
+ return "watchOS";
+ case Platform::bridgeOS:
+ return "bridgeOS";
+ }
+ return "unknown platform";
+}
+
+std::string MachOParser::versionString(uint32_t packedVersion)
+{
+ char buff[64];
+ sprintf(buff, "%d.%d.%d", (packedVersion >> 16), ((packedVersion >> 8) & 0xFF), (packedVersion & 0xFF));
+ return buff;
+}
+
+#else
+
+bool MachOParser::isMachO(Diagnostics& diag, const void* fileContent, size_t mappedLength)
+{
+ // sanity check length
+ if ( mappedLength < 4096 ) {
+ diag.error("file too short");
+ return false;
+ }
+
+ // must start with mach-o magic value
+ const mach_header* mh = (const mach_header*)fileContent;
+#if __LP64__
+ const uint32_t requiredMagic = MH_MAGIC_64;
+#else
+ const uint32_t requiredMagic = MH_MAGIC;
+#endif
+ if ( mh->magic != requiredMagic ) {
+ diag.error("not a mach-o file");
+ return false;
+ }
+
+#if __x86_64__
+ const uint32_t requiredCPU = CPU_TYPE_X86_64;
+#elif __i386__
+ const uint32_t requiredCPU = CPU_TYPE_I386;
+#elif __arm__
+ const uint32_t requiredCPU = CPU_TYPE_ARM;
+#elif __arm64__
+ const uint32_t requiredCPU = CPU_TYPE_ARM64;
+#else
+ #error unsupported architecture
+#endif
+ if ( mh->cputype != requiredCPU ) {
+ diag.error("wrong cpu type");
+ return false;
+ }
+
+ return true;
+}
+
+bool MachOParser::wellFormedMachHeaderAndLoadCommands(const mach_header* mh)
+{
+ const load_command* startCmds = nullptr;
+ if ( mh->magic == MH_MAGIC_64 )
+ startCmds = (load_command*)((char *)mh + sizeof(mach_header_64));
+ else if ( mh->magic == MH_MAGIC )
+ startCmds = (load_command*)((char *)mh + sizeof(mach_header));
+ else
+ return false; // not a mach-o file, or wrong endianness
+
+ const load_command* const cmdsEnd = (load_command*)((char*)startCmds + mh->sizeofcmds);
+ const load_command* cmd = startCmds;
+ for(uint32_t i = 0; i < mh->ncmds; ++i) {
+ const load_command* nextCmd = (load_command*)((char *)cmd + cmd->cmdsize);
+ if ( (cmd->cmdsize < 8) || (nextCmd > cmdsEnd) || (nextCmd < startCmds)) {
+ return false;
+ }
+ cmd = nextCmd;
+ }
+ return true;
+}
+
+#endif
+
+Platform MachOParser::currentPlatform()
+{
+#if TARGET_OS_BRIDGE
+ return Platform::bridgeOS;
+#elif TARGET_OS_WATCH
+ return Platform::watchOS;
+#elif TARGET_OS_TV
+ return Platform::tvOS;
+#elif TARGET_OS_IOS
+ return Platform::iOS;
+#elif TARGET_OS_MAC
+ return Platform::macOS;
+#else
+ #error unknown platform
+#endif
+}
+
+
+bool MachOParser::valid(Diagnostics& diag)
+{
+#if DYLD_IN_PROCESS
+ // only images loaded by dyld to be parsed
+ const mach_header* inImage = dyld3::dyld_image_header_containing_address(header());
+ if ( inImage != header() ) {
+ diag.error("only dyld loaded images can be parsed by MachOParser");
+ return false;
+ }
+#else
+
+#endif
+ return true;
+}
+
+
+void MachOParser::forEachLoadCommand(Diagnostics& diag, void (^callback)(const load_command* cmd, bool& stop)) const
+{
+ bool stop = false;
+ const load_command* startCmds = nullptr;
+ if ( header()->magic == MH_MAGIC_64 )
+ startCmds = (load_command*)((char *)header() + sizeof(mach_header_64));
+ else if ( header()->magic == MH_MAGIC )
+ startCmds = (load_command*)((char *)header() + sizeof(mach_header));
+ else {
+ diag.error("file does not start with MH_MAGIC[_64]");
+ return; // not a mach-o file, or wrong endianness
+ }
+ const load_command* const cmdsEnd = (load_command*)((char*)startCmds + header()->sizeofcmds);
+ const load_command* cmd = startCmds;
+ for(uint32_t i = 0; i < header()->ncmds; ++i) {
+ const load_command* nextCmd = (load_command*)((char *)cmd + cmd->cmdsize);
+ if ( cmd->cmdsize < 8 ) {
+ diag.error("malformed load command #%d, size too small %d", i, cmd->cmdsize);
+ return;
+ }
+ if ( (nextCmd > cmdsEnd) || (nextCmd < startCmds) ) {
+ diag.error("malformed load command #%d, size too large 0x%X", i, cmd->cmdsize);
+ return;
+ }
+ callback(cmd, stop);
+ if ( stop )
+ return;
+ cmd = nextCmd;
+ }
+}
+
+UUID MachOParser::uuid() const
+{
+ uuid_t uuid;
+ getUuid(uuid);
+ return uuid;
+}
+
+bool MachOParser::getUuid(uuid_t uuid) const
+{
+ Diagnostics diag;
+ __block bool found = false;
+ forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
+ if ( cmd->cmd == LC_UUID ) {
+ const uuid_command* uc = (const uuid_command*)cmd;
+ memcpy(uuid, uc->uuid, sizeof(uuid_t));
+ found = true;
+ stop = true;
+ }
+ });
+ diag.assertNoError(); // any malformations in the file should have been caught by earlier validate() call
+ if ( !found )
+ bzero(uuid, sizeof(uuid_t));
+ return found;
+}
+
+uint64_t MachOParser::preferredLoadAddress() const
+{
+ __block uint64_t result = 0;
+ forEachSegment(^(const char* segName, uint32_t fileOffset, uint32_t fileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, bool& stop) {
+ if ( strcmp(segName, "__TEXT") == 0 ) {
+ result = vmAddr;
+ stop = true;
+ }
+ });
+ return result;
+}
+
+bool MachOParser::getPlatformAndVersion(Platform* platform, uint32_t* minOS, uint32_t* sdk) const
+{
+ Diagnostics diag;
+ __block bool found = false;
+ forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
+ const version_min_command* versCmd;
+ switch ( cmd->cmd ) {
+ case LC_VERSION_MIN_IPHONEOS:
+ versCmd = (version_min_command*)cmd;
+ *platform = Platform::iOS;
+ *minOS = versCmd->version;
+ *sdk = versCmd->sdk;
+ found = true;
+ stop = true;
+ break;
+ case LC_VERSION_MIN_MACOSX:
+ versCmd = (version_min_command*)cmd;
+ *platform = Platform::macOS;
+ *minOS = versCmd->version;
+ *sdk = versCmd->sdk;
+ found = true;
+ stop = true;
+ break;
+ case LC_VERSION_MIN_TVOS:
+ versCmd = (version_min_command*)cmd;
+ *platform = Platform::tvOS;
+ *minOS = versCmd->version;
+ *sdk = versCmd->sdk;
+ found = true;
+ stop = true;
+ break;
+ case LC_VERSION_MIN_WATCHOS:
+ versCmd = (version_min_command*)cmd;
+ *platform = Platform::watchOS;
+ *minOS = versCmd->version;
+ *sdk = versCmd->sdk;
+ found = true;
+ stop = true;
+ break;
+ case LC_BUILD_VERSION: {
+ const build_version_command* buildCmd = (build_version_command *)cmd;
+ *minOS = buildCmd->minos;
+ *sdk = buildCmd->sdk;
+
+ switch(buildCmd->platform) {
+ /* Known values for the platform field above. */
+ case PLATFORM_MACOS:
+ *platform = Platform::macOS;
+ break;
+ case PLATFORM_IOS:
+ *platform = Platform::iOS;
+ break;
+ case PLATFORM_TVOS:
+ *platform = Platform::tvOS;
+ break;
+ case PLATFORM_WATCHOS:
+ *platform = Platform::watchOS;
+ break;
+ case PLATFORM_BRIDGEOS:
+ *platform = Platform::bridgeOS;
+ break;
+ }
+ found = true;
+ stop = true;
+ } break;
+ }
+ });
+ diag.assertNoError(); // any malformations in the file should have been caught by earlier validate() call
+ return found;
+}
+
+
+bool MachOParser::isSimulatorBinary() const
+{
+ Platform platform;
+ uint32_t minOS;
+ uint32_t sdk;
+ switch ( header()->cputype ) {
+ case CPU_TYPE_I386:
+ case CPU_TYPE_X86_64:
+ if ( getPlatformAndVersion(&platform, &minOS, &sdk) ) {
+ return (platform != Platform::macOS);
+ }
+ break;
+ }
+ return false;
+}
+
+
+bool MachOParser::getDylibInstallName(const char** installName, uint32_t* compatVersion, uint32_t* currentVersion) const
+{
+ Diagnostics diag;
+ __block bool found = false;
+ forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
+ if ( cmd->cmd == LC_ID_DYLIB ) {
+ const dylib_command* dylibCmd = (dylib_command*)cmd;
+ *compatVersion = dylibCmd->dylib.compatibility_version;
+ *currentVersion = dylibCmd->dylib.current_version;
+ *installName = (char*)dylibCmd + dylibCmd->dylib.name.offset;
+ found = true;
+ stop = true;
+ }
+ });
+ diag.assertNoError(); // any malformations in the file should have been caught by earlier validate() call
+ return found;
+}
+
+const char* MachOParser::installName() const
+{
+ assert(header()->filetype == MH_DYLIB);
+ const char* result;
+ uint32_t ignoreVersion;
+ assert(getDylibInstallName(&result, &ignoreVersion, &ignoreVersion));
+ return result;
+}
+
+
+uint32_t MachOParser::dependentDylibCount() const
+{
+ __block uint32_t count = 0;
+ forEachDependentDylib(^(const char* loadPath, bool isWeak, bool isReExport, bool isUpward, uint32_t compatVersion, uint32_t curVersion, bool& stop) {
+ ++count;
+ });
+ return count;
+}
+
+const char* MachOParser::dependentDylibLoadPath(uint32_t depIndex) const
+{
+ __block const char* foundLoadPath = nullptr;
+ __block uint32_t curDepIndex = 0;
+ forEachDependentDylib(^(const char* loadPath, bool isWeak, bool isReExport, bool isUpward, uint32_t compatVersion, uint32_t curVersion, bool& stop) {
+ if ( curDepIndex == depIndex ) {
+ foundLoadPath = loadPath;
+ stop = true;
+ }
+ ++curDepIndex;
+ });
+ return foundLoadPath;
+}
+
+
+void MachOParser::forEachDependentDylib(void (^callback)(const char* loadPath, bool isWeak, bool isReExport, bool isUpward, uint32_t compatVersion, uint32_t curVersion, bool& stop)) const
+{
+ Diagnostics diag;
+ forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
+ switch ( cmd->cmd ) {
+ case LC_LOAD_DYLIB:
+ case LC_LOAD_WEAK_DYLIB:
+ case LC_REEXPORT_DYLIB:
+ case LC_LOAD_UPWARD_DYLIB: {
+ const dylib_command* dylibCmd = (dylib_command*)cmd;
+ assert(dylibCmd->dylib.name.offset < cmd->cmdsize);
+ const char* loadPath = (char*)dylibCmd + dylibCmd->dylib.name.offset;
+ callback(loadPath, (cmd->cmd == LC_LOAD_WEAK_DYLIB), (cmd->cmd == LC_REEXPORT_DYLIB), (cmd->cmd == LC_LOAD_UPWARD_DYLIB),
+ dylibCmd->dylib.compatibility_version, dylibCmd->dylib.current_version, stop);
+ }
+ break;
+ }
+ });
+ diag.assertNoError(); // any malformations in the file should have been caught by earlier validate() call
+}
+
+void MachOParser::forEachRPath(void (^callback)(const char* rPath, bool& stop)) const
+{
+ Diagnostics diag;
+ forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
+ if ( cmd->cmd == LC_RPATH ) {
+ const char* rpath = (char*)cmd + ((struct rpath_command*)cmd)->path.offset;
+ callback(rpath, stop);
+ }
+ });
+ diag.assertNoError(); // any malformations in the file should have been caught by earlier validate() call
+}
+
+/*
+ struct LayoutInfo {
+#if DYLD_IN_PROCESS
+ uintptr_t slide;
+ uintptr_t textUnslidVMAddr;
+ uintptr_t linkeditUnslidVMAddr;
+ uint32_t linkeditFileOffset;
+#else
+ uint32_t segmentCount;
+ uint32_t linkeditSegIndex;
+ struct {
+ uint64_t mappingOffset;
+ uint64_t fileOffset;
+ uint64_t segUnslidAddress;
+ uint64_t segSize;
+ } segments[16];
+#endif
+ };
+*/
+
+#if !DYLD_IN_PROCESS
+const uint8_t* MachOParser::getContentForVMAddr(const LayoutInfo& info, uint64_t addr) const
+{
+ for (uint32_t i=0; i < info.segmentCount; ++i) {
+ if ( (addr >= info.segments[i].segUnslidAddress) && (addr < (info.segments[i].segUnslidAddress+info.segments[i].segSize)) )
+ return (uint8_t*)header() + info.segments[i].mappingOffset + (addr - info.segments[i].segUnslidAddress);
+ }
+ // value is outside this image. could be pointer into another image
+ if ( inDyldCache() ) {
+ return (uint8_t*)header() + info.segments[0].mappingOffset + (addr - info.segments[0].segUnslidAddress);
+ }
+ assert(0 && "address not found in segment");
+ return nullptr;
+}
+#endif
+
+const uint8_t* MachOParser::getLinkEditContent(const LayoutInfo& info, uint32_t fileOffset) const
+{
+#if DYLD_IN_PROCESS
+ uint32_t offsetInLinkedit = fileOffset - info.linkeditFileOffset;
+ uintptr_t linkeditStartAddr = info.linkeditUnslidVMAddr + info.slide;
+ return (uint8_t*)(linkeditStartAddr + offsetInLinkedit);
+#else
+ uint32_t offsetInLinkedit = fileOffset - (uint32_t)(info.segments[info.linkeditSegIndex].fileOffset);
+ const uint8_t* linkeditStart = (uint8_t*)header() + info.segments[info.linkeditSegIndex].mappingOffset;
+ return linkeditStart + offsetInLinkedit;
+#endif
+}
+
+
+void MachOParser::getLayoutInfo(LayoutInfo& result) const
+{
+#if DYLD_IN_PROCESS
+ // image loaded by dyld, just record the addr and file offset of TEXT and LINKEDIT segments
+ result.slide = getSlide();
+ forEachSegment(^(const char* segName, uint32_t fileOffset, uint32_t fileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, bool& stop) {
+ if ( strcmp(segName, "__TEXT") == 0 ) {
+ result.textUnslidVMAddr = (uintptr_t)vmAddr;
+ }
+ else if ( strcmp(segName, "__LINKEDIT") == 0 ) {
+ result.linkeditUnslidVMAddr = (uintptr_t)vmAddr;
+ result.linkeditFileOffset = fileOffset;
+ }
+ });
+#else
+ bool inCache = inDyldCache();
+ bool intel32 = (header()->cputype == CPU_TYPE_I386);
+ result.segmentCount = 0;
+ result.linkeditSegIndex = 0xFFFFFFFF;
+ __block uint64_t textSegAddr = 0;
+ __block uint64_t textSegFileOffset = 0;
+ forEachSegment(^(const char* segName, uint32_t fileOffset, uint32_t fileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, bool& stop) {
+ auto& segInfo = result.segments[result.segmentCount];
+ if ( strcmp(segName, "__TEXT") == 0 ) {
+ textSegAddr = vmAddr;
+ textSegFileOffset = fileOffset;
+ }
+ __block bool textRelocsAllowed = false;
+ if ( intel32 ) {
+ forEachSection(^(const char* curSegName, uint32_t segIndex, uint64_t segVMAddr, const char* sectionName, uint32_t sectFlags,
+ uint64_t sectAddr, uint64_t size, uint32_t alignP2, uint32_t reserved1, uint32_t reserved2, bool illegalSectionSize, bool& sectStop) {
+ if ( strcmp(curSegName, segName) == 0 ) {
+ if ( sectFlags & (S_ATTR_EXT_RELOC|S_ATTR_LOC_RELOC) ) {
+ textRelocsAllowed = true;
+ sectStop = true;
+ }
+ }
+ });
+ }
+ if ( inCache ) {
+ if ( inRawCache() ) {
+ // whole cache file mapped somewhere (padding not expanded)
+ // vmaddrs are useless. only file offset make sense
+ segInfo.mappingOffset = fileOffset - textSegFileOffset;
+ }
+ else {
+ // cache file was loaded by dyld into shared region
+ // vmaddrs of segments are correct except for ASLR slide
+ segInfo.mappingOffset = vmAddr - textSegAddr;
+ }
+ }
+ else {
+ // individual mach-o file mapped in one region, so mappingOffset == fileOffset
+ segInfo.mappingOffset = fileOffset;
+ }
+ segInfo.fileOffset = fileOffset;
+ segInfo.fileSize = fileSize;
+ segInfo.segUnslidAddress = vmAddr;
+ segInfo.segSize = vmSize;
+ segInfo.writable = ((protections & VM_PROT_WRITE) == VM_PROT_WRITE);
+ segInfo.executable = ((protections & VM_PROT_EXECUTE) == VM_PROT_EXECUTE);
+ segInfo.textRelocsAllowed = textRelocsAllowed;
+ if ( strcmp(segName, "__LINKEDIT") == 0 ) {
+ result.linkeditSegIndex = result.segmentCount;
+ }
+ ++result.segmentCount;
+ if ( result.segmentCount > 127 )
+ stop = true;
+ });
+#endif
+}
+
+
+void MachOParser::forEachSection(void (^callback)(const char* segName, const char* sectionName, uint32_t flags,
+ const void* content, size_t size, bool illegalSectionSize, bool& stop)) const
+{
+ forEachSection(^(const char* segName, const char* sectionName, uint32_t flags, uint64_t addr,
+ const void* content, uint64_t size, uint32_t alignP2, uint32_t reserved1, uint32_t reserved2, bool illegalSectionSize, bool& stop) {
+ callback(segName, sectionName, flags, content, (size_t)size, illegalSectionSize, stop);
+ });
+}
+
+void MachOParser::forEachSection(void (^callback)(const char* segName, const char* sectionName, uint32_t flags, uint64_t addr,
+ const void* content, uint64_t size, uint32_t alignP2, uint32_t reserved1, uint32_t reserved2,
+ bool illegalSectionSize, bool& stop)) const
+{
+ Diagnostics diag;
+ //fprintf(stderr, "forEachSection() mh=%p\n", header());
+ LayoutInfo layout;
+ getLayoutInfo(layout);
+ forEachSection(^(const char* segName, uint32_t segIndex, uint64_t segVMAddr, const char* sectionName, uint32_t sectFlags,
+ uint64_t sectAddr, uint64_t sectSize, uint32_t alignP2, uint32_t reserved1, uint32_t reserved2, bool illegalSectionSize, bool& stop) {
+ #if DYLD_IN_PROCESS
+ const uint8_t* segContentStart = (uint8_t*)(segVMAddr + layout.slide);
+ #else
+ const uint8_t* segContentStart = (uint8_t*)header() + layout.segments[segIndex].mappingOffset;
+ #endif
+ const void* contentAddr = segContentStart + (sectAddr - segVMAddr);
+ callback(segName, sectionName, sectFlags, sectAddr, contentAddr, sectSize, alignP2, reserved1, reserved2, illegalSectionSize, stop);
+ });
+
+}
+
+// this iterator just walks the segment/section array. It does interpret addresses
+void MachOParser::forEachSection(void (^callback)(const char* segName, uint32_t segIndex, uint64_t segVMAddr, const char* sectionName, uint32_t sectFlags,
+ uint64_t sectAddr, uint64_t size, uint32_t alignP2, uint32_t reserved1, uint32_t reserved2, bool illegalSectionSize, bool& stop)) const
+{
+ Diagnostics diag;
+ //fprintf(stderr, "forEachSection() mh=%p\n", header());
+ __block uint32_t segIndex = 0;
+ forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
+ if ( cmd->cmd == LC_SEGMENT_64 ) {
+ const segment_command_64* seg = (segment_command_64*)cmd;
+ const section_64* const sectionsStart = (section_64*)((char*)seg + sizeof(struct segment_command_64));
+ const section_64* const sectionsEnd = §ionsStart[seg->nsects];
+ for (const section_64* sect=sectionsStart; !stop && (sect < sectionsEnd); ++sect) {
+ const char* sectName = sect->sectname;
+ char sectNameCopy[20];
+ if ( sectName[15] != '\0' ) {
+ strlcpy(sectNameCopy, sectName, 17);
+ sectName = sectNameCopy;
+ }
+ bool illegalSectionSize = (sect->addr < seg->vmaddr) || greaterThanAddOrOverflow(sect->addr, sect->size, seg->vmaddr + seg->filesize);
+ callback(seg->segname, segIndex, seg->vmaddr, sectName, sect->flags, sect->addr, sect->size, sect->align, sect->reserved1, sect->reserved2, illegalSectionSize, stop);
+ }
+ ++segIndex;
+ }
+ else if ( cmd->cmd == LC_SEGMENT ) {
+ const segment_command* seg = (segment_command*)cmd;
+ const section* const sectionsStart = (section*)((char*)seg + sizeof(struct segment_command));
+ const section* const sectionsEnd = §ionsStart[seg->nsects];
+ for (const section* sect=sectionsStart; !stop && (sect < sectionsEnd); ++sect) {
+ const char* sectName = sect->sectname;
+ char sectNameCopy[20];
+ if ( sectName[15] != '\0' ) {
+ strlcpy(sectNameCopy, sectName, 17);
+ sectName = sectNameCopy;
+ }
+ bool illegalSectionSize = (sect->addr < seg->vmaddr) || greaterThanAddOrOverflow(sect->addr, sect->size, seg->vmaddr + seg->filesize);
+ callback(seg->segname, segIndex, seg->vmaddr, sectName, sect->flags, sect->addr, sect->size, sect->align, sect->reserved1, sect->reserved2, illegalSectionSize, stop);
+ }
+ ++segIndex;
+ }
+ });
+ diag.assertNoError(); // any malformations in the file should have been caught by earlier validate() call
+}
+
+void MachOParser::forEachGlobalSymbol(Diagnostics& diag, void (^callback)(const char* symbolName, uint64_t n_value, uint8_t n_type, uint8_t n_sect, uint16_t n_desc, bool& stop)) const
+{
+ LinkEditInfo leInfo;
+ getLinkEditPointers(diag, leInfo);
+ if ( diag.hasError() )
+ return;
+
+ const bool is64Bit = is64();
+ if ( leInfo.symTab != nullptr ) {
+ uint32_t globalsStartIndex = 0;
+ uint32_t globalsCount = leInfo.symTab->nsyms;
+ if ( leInfo.dynSymTab != nullptr ) {
+ globalsStartIndex = leInfo.dynSymTab->iextdefsym;
+ globalsCount = leInfo.dynSymTab->nextdefsym;
+ }
+ uint32_t maxStringOffset = leInfo.symTab->strsize;
+ const char* stringPool = (char*)getLinkEditContent(leInfo.layout, leInfo.symTab->stroff);
+ const struct nlist* symbols = (struct nlist*) (getLinkEditContent(leInfo.layout, leInfo.symTab->symoff));
+ const struct nlist_64* symbols64 = (struct nlist_64*)(getLinkEditContent(leInfo.layout, leInfo.symTab->symoff));
+ bool stop = false;
+ for (uint32_t i=0; (i < globalsCount) && !stop; ++i) {
+ if ( is64Bit ) {
+ const struct nlist_64& sym = symbols64[globalsStartIndex+i];
+ if ( sym.n_un.n_strx > maxStringOffset )
+ continue;
+ if ( (sym.n_type & N_EXT) && ((sym.n_type & N_TYPE) == N_SECT) && ((sym.n_type & N_STAB) == 0) )
+ callback(&stringPool[sym.n_un.n_strx], sym.n_value, sym.n_type, sym.n_sect, sym.n_desc, stop);
+ }
+ else {
+ const struct nlist& sym = symbols[globalsStartIndex+i];
+ if ( sym.n_un.n_strx > maxStringOffset )
+ continue;
+ if ( (sym.n_type & N_EXT) && ((sym.n_type & N_TYPE) == N_SECT) && ((sym.n_type & N_STAB) == 0) )
+ callback(&stringPool[sym.n_un.n_strx], sym.n_value, sym.n_type, sym.n_sect, sym.n_desc, stop);
+ }
+ }
+ }
+}
+
+void MachOParser::forEachLocalSymbol(Diagnostics& diag, void (^callback)(const char* symbolName, uint64_t n_value, uint8_t n_type, uint8_t n_sect, uint16_t n_desc, bool& stop)) const
+{
+ LinkEditInfo leInfo;
+ getLinkEditPointers(diag, leInfo);
+ if ( diag.hasError() )
+ return;
+
+ const bool is64Bit = is64();
+ if ( leInfo.symTab != nullptr ) {
+ uint32_t localsStartIndex = 0;
+ uint32_t localsCount = leInfo.symTab->nsyms;
+ if ( leInfo.dynSymTab != nullptr ) {
+ localsStartIndex = leInfo.dynSymTab->ilocalsym;
+ localsCount = leInfo.dynSymTab->nlocalsym;
+ }
+ uint32_t maxStringOffset = leInfo.symTab->strsize;
+ const char* stringPool = (char*)getLinkEditContent(leInfo.layout, leInfo.symTab->stroff);
+ const struct nlist* symbols = (struct nlist*) (getLinkEditContent(leInfo.layout, leInfo.symTab->symoff));
+ const struct nlist_64* symbols64 = (struct nlist_64*)(getLinkEditContent(leInfo.layout, leInfo.symTab->symoff));
+ bool stop = false;
+ for (uint32_t i=0; (i < localsCount) && !stop; ++i) {
+ if ( is64Bit ) {
+ const struct nlist_64& sym = symbols64[localsStartIndex+i];
+ if ( sym.n_un.n_strx > maxStringOffset )
+ continue;
+ if ( ((sym.n_type & N_EXT) == 0) && ((sym.n_type & N_TYPE) == N_SECT) && ((sym.n_type & N_STAB) == 0) )
+ callback(&stringPool[sym.n_un.n_strx], sym.n_value, sym.n_type, sym.n_sect, sym.n_desc, stop);
+ }
+ else {
+ const struct nlist& sym = symbols[localsStartIndex+i];
+ if ( sym.n_un.n_strx > maxStringOffset )
+ continue;
+ if ( ((sym.n_type & N_EXT) == 0) && ((sym.n_type & N_TYPE) == N_SECT) && ((sym.n_type & N_STAB) == 0) )
+ callback(&stringPool[sym.n_un.n_strx], sym.n_value, sym.n_type, sym.n_sect, sym.n_desc, stop);
+ }
+ }
+ }
+}
+
+
+bool MachOParser::findExportedSymbol(Diagnostics& diag, const char* symbolName, void* extra, FoundSymbol& foundInfo, DependentFinder findDependent) const
+{
+ LinkEditInfo leInfo;
+ getLinkEditPointers(diag, leInfo);
+ if ( diag.hasError() )
+ return false;
+ if ( leInfo.dyldInfo != nullptr ) {
+ const uint8_t* trieStart = getLinkEditContent(leInfo.layout, leInfo.dyldInfo->export_off);
+ const uint8_t* trieEnd = trieStart + leInfo.dyldInfo->export_size;
+ const uint8_t* node = trieWalk(diag, trieStart, trieEnd, symbolName);
+ if ( node == nullptr ) {
+ // symbol not exported from this image. Seach any re-exported dylibs
+ __block unsigned depIndex = 0;
+ __block bool foundInReExportedDylib = false;
+ forEachDependentDylib(^(const char* loadPath, bool isWeak, bool isReExport, bool isUpward, uint32_t compatVersion, uint32_t curVersion, bool& stop) {
+ if ( isReExport && findDependent ) {
+ const mach_header* depMH;
+ void* depExtra;
+ if ( findDependent(depIndex, loadPath, extra, &depMH, &depExtra) ) {
+ bool depInRawCache = inRawCache() && (depMH->flags & 0x80000000);
+ MachOParser dep(depMH, depInRawCache);
+ if ( dep.findExportedSymbol(diag, symbolName, depExtra, foundInfo, findDependent) ) {
+ stop = true;
+ foundInReExportedDylib = true;
+ }
+ }
+ else {
+ fprintf(stderr, "could not find re-exported dylib %s\n", loadPath);
+ }
+ }
+ ++depIndex;
+ });
+ return foundInReExportedDylib;
+ }
+ const uint8_t* p = node;
+ const uint64_t flags = read_uleb128(diag, p, trieEnd);
+ if ( flags & EXPORT_SYMBOL_FLAGS_REEXPORT ) {
+ if ( !findDependent )
+ return false;
+ // re-export from another dylib, lookup there
+ const uint64_t ordinal = read_uleb128(diag, p, trieEnd);
+ const char* importedName = (char*)p;
+ if ( importedName[0] == '\0' )
+ importedName = symbolName;
+ assert(ordinal >= 1);
+ if (ordinal > dependentDylibCount()) {
+ diag.error("ordinal %lld out of range for %s", ordinal, symbolName);
+ return false;
+ }
+ uint32_t depIndex = (uint32_t)(ordinal-1);
+ const mach_header* depMH;
+ void* depExtra;
+ if ( findDependent(depIndex, dependentDylibLoadPath(depIndex), extra, &depMH, &depExtra) ) {
+ bool depInRawCache = inRawCache() && (depMH->flags & 0x80000000);
+ MachOParser depParser(depMH, depInRawCache);
+ return depParser.findExportedSymbol(diag, importedName, depExtra, foundInfo, findDependent);
+ }
+ else {
+ diag.error("dependent dylib %lld not found for re-exported symbol %s", ordinal, symbolName);
+ return false;
+ }
+ }
+ foundInfo.kind = FoundSymbol::Kind::headerOffset;
+ foundInfo.isThreadLocal = false;
+ foundInfo.foundInDylib = header();
+ foundInfo.foundExtra = extra;
+ foundInfo.value = read_uleb128(diag, p, trieEnd);
+ foundInfo.resolverFuncOffset = 0;
+ foundInfo.foundSymbolName = symbolName;
+ if ( diag.hasError() )
+ return false;
+ switch ( flags & EXPORT_SYMBOL_FLAGS_KIND_MASK ) {
+ case EXPORT_SYMBOL_FLAGS_KIND_REGULAR:
+ if ( flags & EXPORT_SYMBOL_FLAGS_STUB_AND_RESOLVER ) {
+ foundInfo.kind = FoundSymbol::Kind::headerOffset;
+ foundInfo.resolverFuncOffset = (uint32_t)read_uleb128(diag, p, trieEnd);
+ }
+ else {
+ foundInfo.kind = FoundSymbol::Kind::headerOffset;
+ }
+ break;
+ case EXPORT_SYMBOL_FLAGS_KIND_THREAD_LOCAL:
+ foundInfo.isThreadLocal = true;
+ break;
+ case EXPORT_SYMBOL_FLAGS_KIND_ABSOLUTE:
+ foundInfo.kind = FoundSymbol::Kind::absolute;
+ break;
+ default:
+ diag.error("unsupported exported symbol kind. flags=%llu at node offset=0x%0lX", flags, (long)(node-trieStart));
+ return false;
+ }
+ return true;
+ }
+ else {
+ // this is an old binary (before macOS 10.6), scan the symbol table
+ foundInfo.foundInDylib = nullptr;
+ uint64_t baseAddress = preferredLoadAddress();
+ forEachGlobalSymbol(diag, ^(const char* aSymbolName, uint64_t n_value, uint8_t n_type, uint8_t n_sect, uint16_t n_desc, bool& stop) {
+ if ( strcmp(aSymbolName, symbolName) == 0 ) {
+ foundInfo.kind = FoundSymbol::Kind::headerOffset;
+ foundInfo.isThreadLocal = false;
+ foundInfo.foundInDylib = header();
+ foundInfo.foundExtra = extra;
+ foundInfo.value = n_value - baseAddress;
+ foundInfo.resolverFuncOffset = 0;
+ foundInfo.foundSymbolName = symbolName;
+ stop = true;
+ }
+ });
+ return (foundInfo.foundInDylib != nullptr);
+ }
+}
+
+
+void MachOParser::getLinkEditLoadCommands(Diagnostics& diag, LinkEditInfo& result) const
+{
+ result.dyldInfo = nullptr;
+ result.symTab = nullptr;
+ result.dynSymTab = nullptr;
+ result.splitSegInfo = nullptr;
+ result.functionStarts = nullptr;
+ result.dataInCode = nullptr;
+ result.codeSig = nullptr;
+ __block bool hasUUID = false;
+ __block bool hasVersion = false;
+ __block bool hasEncrypt = false;
+ forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
+ switch ( cmd->cmd ) {
+ case LC_DYLD_INFO:
+ case LC_DYLD_INFO_ONLY:
+ if ( cmd->cmdsize != sizeof(dyld_info_command) )
+ diag.error("LC_DYLD_INFO load command size wrong");
+ else if ( result.dyldInfo != nullptr )
+ diag.error("multiple LC_DYLD_INFO load commands");
+ result.dyldInfo = (dyld_info_command*)cmd;
+ break;
+ case LC_SYMTAB:
+ if ( cmd->cmdsize != sizeof(symtab_command) )
+ diag.error("LC_SYMTAB load command size wrong");
+ else if ( result.symTab != nullptr )
+ diag.error("multiple LC_SYMTAB load commands");
+ result.symTab = (symtab_command*)cmd;
+ break;
+ case LC_DYSYMTAB:
+ if ( cmd->cmdsize != sizeof(dysymtab_command) )
+ diag.error("LC_DYSYMTAB load command size wrong");
+ else if ( result.dynSymTab != nullptr )
+ diag.error("multiple LC_DYSYMTAB load commands");
+ result.dynSymTab = (dysymtab_command*)cmd;
+ break;
+ case LC_SEGMENT_SPLIT_INFO:
+ if ( cmd->cmdsize != sizeof(linkedit_data_command) )
+ diag.error("LC_SEGMENT_SPLIT_INFO load command size wrong");
+ else if ( result.splitSegInfo != nullptr )
+ diag.error("multiple LC_SEGMENT_SPLIT_INFO load commands");
+ result.splitSegInfo = (linkedit_data_command*)cmd;
+ break;
+ case LC_FUNCTION_STARTS:
+ if ( cmd->cmdsize != sizeof(linkedit_data_command) )
+ diag.error("LC_FUNCTION_STARTS load command size wrong");
+ else if ( result.functionStarts != nullptr )
+ diag.error("multiple LC_FUNCTION_STARTS load commands");
+ result.functionStarts = (linkedit_data_command*)cmd;
+ break;
+ case LC_DATA_IN_CODE:
+ if ( cmd->cmdsize != sizeof(linkedit_data_command) )
+ diag.error("LC_DATA_IN_CODE load command size wrong");
+ else if ( result.dataInCode != nullptr )
+ diag.error("multiple LC_DATA_IN_CODE load commands");
+ result.dataInCode = (linkedit_data_command*)cmd;
+ break;
+ case LC_CODE_SIGNATURE:
+ if ( cmd->cmdsize != sizeof(linkedit_data_command) )
+ diag.error("LC_CODE_SIGNATURE load command size wrong");
+ else if ( result.codeSig != nullptr )
+ diag.error("multiple LC_CODE_SIGNATURE load commands");
+ result.codeSig = (linkedit_data_command*)cmd;
+ break;
+ case LC_UUID:
+ if ( cmd->cmdsize != sizeof(uuid_command) )
+ diag.error("LC_UUID load command size wrong");
+ else if ( hasUUID )
+ diag.error("multiple LC_UUID load commands");
+ hasUUID = true;
+ break;
+ case LC_VERSION_MIN_IPHONEOS:
+ case LC_VERSION_MIN_MACOSX:
+ case LC_VERSION_MIN_TVOS:
+ case LC_VERSION_MIN_WATCHOS:
+ if ( cmd->cmdsize != sizeof(version_min_command) )
+ diag.error("LC_VERSION_* load command size wrong");
+ else if ( hasVersion )
+ diag.error("multiple LC_VERSION_MIN_* load commands");
+ hasVersion = true;
+ break;
+ case LC_BUILD_VERSION:
+ if ( cmd->cmdsize != (sizeof(build_version_command) + ((build_version_command*)cmd)->ntools * sizeof(build_tool_version)) )
+ diag.error("LC_BUILD_VERSION load command size wrong");
+ else if ( hasVersion )
+ diag.error("multiple LC_BUILD_VERSION load commands");
+ hasVersion = true;
+ break;
+ case LC_ENCRYPTION_INFO:
+ if ( cmd->cmdsize != sizeof(encryption_info_command) )
+ diag.error("LC_ENCRYPTION_INFO load command size wrong");
+ else if ( hasEncrypt )
+ diag.error("multiple LC_ENCRYPTION_INFO load commands");
+ else if ( is64() )
+ diag.error("LC_ENCRYPTION_INFO found in 64-bit mach-o");
+ hasEncrypt = true;
+ break;
+ case LC_ENCRYPTION_INFO_64:
+ if ( cmd->cmdsize != sizeof(encryption_info_command_64) )
+ diag.error("LC_ENCRYPTION_INFO_64 load command size wrong");
+ else if ( hasEncrypt )
+ diag.error("multiple LC_ENCRYPTION_INFO_64 load commands");
+ else if ( !is64() )
+ diag.error("LC_ENCRYPTION_INFO_64 found in 32-bit mach-o");
+ hasEncrypt = true;
+ break;
+ }
+ });
+ if ( diag.noError() && (result.dynSymTab != nullptr) && (result.symTab == nullptr) )
+ diag.error("LC_DYSYMTAB but no LC_SYMTAB load command");
+
+}
+
+void MachOParser::getLinkEditPointers(Diagnostics& diag, LinkEditInfo& result) const
+{
+ getLinkEditLoadCommands(diag, result);
+ if ( diag.noError() )
+ getLayoutInfo(result.layout);
+}
+
+void MachOParser::forEachSegment(void (^callback)(const char* segName, uint32_t fileOffset, uint32_t fileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, bool& stop)) const
+{
+ Diagnostics diag;
+ forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
+ if ( cmd->cmd == LC_SEGMENT_64 ) {
+ const segment_command_64* seg = (segment_command_64*)cmd;
+ callback(seg->segname, (uint32_t)seg->fileoff, (uint32_t)seg->filesize, seg->vmaddr, seg->vmsize, seg->initprot, stop);
+ }
+ else if ( cmd->cmd == LC_SEGMENT ) {
+ const segment_command* seg = (segment_command*)cmd;
+ callback(seg->segname, seg->fileoff, seg->filesize, seg->vmaddr, seg->vmsize, seg->initprot, stop);
+ }
+ });
+ diag.assertNoError(); // any malformations in the file should have been caught by earlier validate() call
+}
+
+const uint8_t* MachOParser::trieWalk(Diagnostics& diag, const uint8_t* start, const uint8_t* end, const char* symbol)
+{
+ uint32_t visitedNodeOffsets[128];
+ int visitedNodeOffsetCount = 0;
+ visitedNodeOffsets[visitedNodeOffsetCount++] = 0;
+ const uint8_t* p = start;
+ while ( p < end ) {
+ uint64_t terminalSize = *p++;
+ if ( terminalSize > 127 ) {
+ // except for re-export-with-rename, all terminal sizes fit in one byte
+ --p;
+ terminalSize = read_uleb128(diag, p, end);
+ if ( diag.hasError() )
+ return nullptr;
+ }
+ if ( (*symbol == '\0') && (terminalSize != 0) ) {
+ return p;
+ }
+ const uint8_t* children = p + terminalSize;
+ if ( children > end ) {
+ diag.error("malformed trie node, terminalSize=0x%llX extends past end of trie\n", terminalSize);
+ return nullptr;
+ }
+ uint8_t childrenRemaining = *children++;
+ p = children;
+ uint64_t nodeOffset = 0;
+ for (; childrenRemaining > 0; --childrenRemaining) {
+ const char* ss = symbol;
+ bool wrongEdge = false;
+ // scan whole edge to get to next edge
+ // if edge is longer than target symbol name, don't read past end of symbol name
+ char c = *p;
+ while ( c != '\0' ) {
+ if ( !wrongEdge ) {
+ if ( c != *ss )
+ wrongEdge = true;
+ ++ss;
+ }
+ ++p;
+ c = *p;
+ }
+ if ( wrongEdge ) {
+ // advance to next child
+ ++p; // skip over zero terminator
+ // skip over uleb128 until last byte is found
+ while ( (*p & 0x80) != 0 )
+ ++p;
+ ++p; // skip over last byte of uleb128
+ if ( p > end ) {
+ diag.error("malformed trie node, child node extends past end of trie\n");
+ return nullptr;
+ }
+ }
+ else {
+ // the symbol so far matches this edge (child)
+ // so advance to the child's node
+ ++p;
+ nodeOffset = read_uleb128(diag, p, end);
+ if ( diag.hasError() )
+ return nullptr;
+ if ( (nodeOffset == 0) || ( &start[nodeOffset] > end) ) {
+ diag.error("malformed trie child, nodeOffset=0x%llX out of range\n", nodeOffset);
+ return nullptr;
+ }
+ symbol = ss;
+ break;
+ }
+ }
+ if ( nodeOffset != 0 ) {
+ if ( nodeOffset > (end-start) ) {
+ diag.error("malformed trie child, nodeOffset=0x%llX out of range\n", nodeOffset);
+ return nullptr;
+ }
+ for (int i=0; i < visitedNodeOffsetCount; ++i) {
+ if ( visitedNodeOffsets[i] == nodeOffset ) {
+ diag.error("malformed trie child, cycle to nodeOffset=0x%llX\n", nodeOffset);
+ return nullptr;
+ }
+ }
+ visitedNodeOffsets[visitedNodeOffsetCount++] = (uint32_t)nodeOffset;
+ if ( visitedNodeOffsetCount >= 128 ) {
+ diag.error("malformed trie too deep\n");
+ return nullptr;
+ }
+ p = &start[nodeOffset];
+ }
+ else
+ p = end;
+ }
+ return nullptr;
+}
+
+
+uint64_t MachOParser::read_uleb128(Diagnostics& diag, const uint8_t*& p, const uint8_t* end)
+{
+ uint64_t result = 0;
+ int bit = 0;
+ do {
+ if ( p == end ) {
+ diag.error("malformed uleb128");
+ break;
+ }
+ uint64_t slice = *p & 0x7f;
+
+ if ( bit > 63 ) {
+ diag.error("uleb128 too big for uint64");
+ break;
+ }
+ else {
+ result |= (slice << bit);
+ bit += 7;
+ }
+ }
+ while (*p++ & 0x80);
+ return result;
+}
+
+
+int64_t MachOParser::read_sleb128(Diagnostics& diag, const uint8_t*& p, const uint8_t* end)
+{
+ int64_t result = 0;
+ int bit = 0;
+ uint8_t byte = 0;
+ do {
+ if ( p == end ) {
+ diag.error("malformed sleb128");
+ break;
+ }
+ byte = *p++;
+ result |= (((int64_t)(byte & 0x7f)) << bit);
+ bit += 7;
+ } while (byte & 0x80);
+ // sign extend negative numbers
+ if ( (byte & 0x40) != 0 )
+ result |= (-1LL) << bit;
+ return result;
+}
+
+bool MachOParser::is64() const
+{
+#if DYLD_IN_PROCESS
+ return (sizeof(void*) == 8);
+#else
+ return (header()->magic == MH_MAGIC_64);
+#endif
+}
+
+
+
+
+bool MachOParser::findClosestSymbol(uint64_t targetUnslidAddress, const char** symbolName, uint64_t* symbolUnslidAddr) const
+{
+ Diagnostics diag;
+ __block uint64_t closestNValueSoFar = 0;
+ __block const char* closestNameSoFar = nullptr;
+ forEachGlobalSymbol(diag, ^(const char* aSymbolName, uint64_t n_value, uint8_t n_type, uint8_t n_sect, uint16_t n_desc, bool& stop) {
+ if ( n_value <= targetUnslidAddress ) {
+ if ( (closestNameSoFar == nullptr) || (closestNValueSoFar < n_value) ) {
+ closestNValueSoFar = n_value;
+ closestNameSoFar = aSymbolName;
+ }
+ }
+ });
+ forEachLocalSymbol(diag, ^(const char* aSymbolName, uint64_t n_value, uint8_t n_type, uint8_t n_sect, uint16_t n_desc, bool& stop) {
+ if ( n_value <= targetUnslidAddress ) {
+ if ( (closestNameSoFar == nullptr) || (closestNValueSoFar < n_value) ) {
+ closestNValueSoFar = n_value;
+ closestNameSoFar = aSymbolName;
+ }
+ }
+ });
+ if ( closestNameSoFar == nullptr ) {
+ return false;
+ }
+
+ *symbolName = closestNameSoFar;
+ *symbolUnslidAddr = closestNValueSoFar;
+ return true;
+}
+
+
+#if DYLD_IN_PROCESS
+
+bool MachOParser::findClosestSymbol(const void* addr, const char** symbolName, const void** symbolAddress) const
+{
+ uint64_t slide = getSlide();
+ uint64_t symbolUnslidAddr;
+ if ( findClosestSymbol((uint64_t)addr - slide, symbolName, &symbolUnslidAddr) ) {
+ *symbolAddress = (const void*)(long)(symbolUnslidAddr + slide);
+ return true;
+ }
+ return false;
+}
+
+intptr_t MachOParser::getSlide() const
+{
+ Diagnostics diag;
+ __block intptr_t slide = 0;
+ forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
+#if __LP64__
+ if ( cmd->cmd == LC_SEGMENT_64 ) {
+ const segment_command_64* seg = (segment_command_64*)cmd;
+ if ( strcmp(seg->segname, "__TEXT") == 0 ) {
+ slide = ((uint64_t)header()) - seg->vmaddr;
+ stop = true;
+ }
+ }
+#else
+ if ( cmd->cmd == LC_SEGMENT ) {
+ const segment_command* seg = (segment_command*)cmd;
+ if ( strcmp(seg->segname, "__TEXT") == 0 ) {
+ slide = ((uint32_t)header()) - seg->vmaddr;
+ stop = true;
+ }
+ }
+#endif
+ });
+ diag.assertNoError(); // any malformations in the file should have been caught by earlier validate() call
+ return slide;
+}
+
+// this is only used by dlsym() at runtime. All other binding is done when the closure is built.
+bool MachOParser::hasExportedSymbol(const char* symbolName, DependentFinder finder, void** result) const
+{
+ typedef void* (*ResolverFunc)(void);
+ ResolverFunc resolver;
+ Diagnostics diag;
+ FoundSymbol foundInfo;
+ if ( findExportedSymbol(diag, symbolName, (void*)header(), foundInfo, finder) ) {
+ switch ( foundInfo.kind ) {
+ case FoundSymbol::Kind::headerOffset:
+ *result = (uint8_t*)foundInfo.foundInDylib + foundInfo.value;
+ break;
+ case FoundSymbol::Kind::absolute:
+ *result = (void*)(long)foundInfo.value;
+ break;
+ case FoundSymbol::Kind::resolverOffset:
+ // foundInfo.value contains "stub".
+ // in dlsym() we want to call resolver function to get final function address
+ resolver = (ResolverFunc)((uint8_t*)foundInfo.foundInDylib + foundInfo.resolverFuncOffset);
+ *result = (*resolver)();
+ break;
+ }
+ return true;
+ }
+ return false;
+}
+
+const char* MachOParser::segmentName(uint32_t targetSegIndex) const
+{
+ __block const char* result = nullptr;
+ __block uint32_t segIndex = 0;
+ forEachSegment(^(const char* segName, uint32_t fileOffset, uint32_t fileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, bool& stop) {
+ if ( segIndex == targetSegIndex ) {
+ result = segName;
+ stop = true;
+ }
+ ++segIndex;
+ });
+ return result;
+}
+
+#else
+
+
+bool MachOParser::uses16KPages() const
+{
+ return (header()->cputype == CPU_TYPE_ARM64);
+}
+
+
+bool MachOParser::isEncrypted() const
+{
+ __block bool result = false;
+ Diagnostics diag;
+ forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
+ if ( cmd->cmd == LC_SEGMENT_64 ) {
+ const segment_command_64* segCmd = (segment_command_64*)cmd;
+ if ( segCmd->flags & SG_PROTECTED_VERSION_1 ) {
+ result = true;
+ stop = true;
+ }
+ }
+ else if ( cmd->cmd == LC_SEGMENT ) {
+ const segment_command* segCmd = (segment_command*)cmd;
+ if ( segCmd->flags & SG_PROTECTED_VERSION_1 ) {
+ result = true;
+ stop = true;
+ }
+ }
+ else if ( (cmd->cmd == LC_ENCRYPTION_INFO) || (cmd->cmd == LC_ENCRYPTION_INFO_64) ) {
+ const encryption_info_command* encCmd = (encryption_info_command*)cmd;
+ if ( encCmd->cryptid != 0 ) {
+ result = true;
+ stop = true;
+ }
+ }
+ });
+ return result;
+}
+
+bool MachOParser::hasWeakDefs() const
+{
+ return (header()->flags & (MH_WEAK_DEFINES|MH_BINDS_TO_WEAK));
+}
+
+bool MachOParser::hasObjC() const
+{
+ __block bool result = false;
+ forEachSection(^(const char* segmentName, const char* sectionName, uint32_t flags, const void* content, size_t size, bool illegalSectionSize, bool& stop) {
+ if ( (strncmp(sectionName, "__objc_imageinfo", 16) == 0) && (strncmp(segmentName, "__DATA", 6) == 0) ) {
+ result = true;
+ stop = true;
+ }
+ if ( (header()->cputype == CPU_TYPE_I386) && (strcmp(sectionName, "__image_info") == 0) && (strcmp(segmentName, "__OBJC") == 0) ) {
+ result = true;
+ stop = true;
+ }
+ });
+ return result;
+}
+
+bool MachOParser::hasPlusLoadMethod(Diagnostics& diag) const
+{
+#if 1
+ __block bool result = false;
+ forEachSection(^(const char* segmentName, const char* sectionName, uint32_t flags, uint64_t addr, const void* content, uint64_t size, uint32_t alignP2, uint32_t reserved1, uint32_t reserved2, bool illegalSectionSize, bool& stop) {
+ if ( ( (flags & SECTION_TYPE) == S_CSTRING_LITERALS ) ) {
+ if (illegalSectionSize) {
+ diag.error("cstring section %s/%s extends beyond the end of the segment", segmentName, sectionName);
+ return;
+ }
+ const char* s = (char*)content;
+ const char* end = s + size;
+ while ( s < end ) {
+ if ( strcmp(s, "load") == 0 ) {
+ result = true;
+ stop = true;
+ return;
+ }
+ while (*s != '\0' )
+ ++s;
+ ++s;
+ }
+ }
+ });
+ return result;
+#else
+ LayoutInfo layout;
+ getLayoutInfo(layout);
+
+ __block bool hasSwift = false;
+ __block const void* classList = nullptr;
+ __block size_t classListSize = 0;
+ __block const void* objcData = nullptr;
+ __block size_t objcDataSize = 0;
+ __block const void* objcConstData = nullptr;
+ __block size_t objcConstDataSize = 0;
+ forEachSection(^(const char* segmentName, const char* sectionName, uint32_t flags, uint64_t addr, const void* content, uint64_t size, uint32_t alignP2, uint32_t reserved1, uint32_t reserved2, bool& stop) {
+ if ( (strcmp(sectionName, "__objc_classlist") == 0) && (strncmp(segmentName, "__DATA", 6) == 0) ) {
+ classList = content;
+ classListSize = size;
+ }
+ if ( (strcmp(sectionName, "__objc_imageinfo") == 0) && (strncmp(segmentName, "__DATA", 6) == 0) ) {
+ const uint32_t* info = (uint32_t*)content;
+ uint8_t swiftVersion = (info[1] >> 8) & 0xFF;
+ if ( swiftVersion != 0 )
+ hasSwift = true;
+ }
+ });
+ if ( classList == nullptr )
+ return false;
+ // FIXME: might be objc and swift intermixed
+ if ( hasSwift )
+ return true;
+ const bool p64 = is64();
+ const uint32_t pointerSize = (p64 ? 8 : 4);
+ const uint64_t* classArray64 = (uint64_t*)classList;
+ const uint32_t* classArray32 = (uint32_t*)classList;
+ const uint32_t classListCount = (uint32_t)(classListSize/pointerSize);
+ for (uint32_t i=0; i < classListCount; ++i) {
+ if ( p64 ) {
+ uint64_t classObjAddr = classArray64[i];
+ const uint64_t* classObjContent = (uint64_t*)getContentForVMAddr(layout, classObjAddr);
+ uint64_t classROAddr = classObjContent[4];
+ uint64_t metaClassObjAddr = classObjContent[0];
+ const uint64_t* metaClassObjContent = (uint64_t*)getContentForVMAddr(layout, metaClassObjAddr);
+ uint64_t metaClassROObjAddr = metaClassObjContent[4];
+ const uint64_t* metaClassROObjContent = (uint64_t*)getContentForVMAddr(layout, metaClassROObjAddr);
+ uint64_t metaClassMethodListAddr = metaClassROObjContent[4];
+ if ( metaClassMethodListAddr != 0 ) {
+ const uint64_t* metaClassMethodListContent = (uint64_t*)getContentForVMAddr(layout, metaClassMethodListAddr);
+ const uint32_t methodListCount = ((uint32_t*)metaClassMethodListContent)[1];
+ for (uint32_t m=0; m < methodListCount; ++m) {
+ uint64_t methodNameAddr = metaClassMethodListContent[m*3+1];
+ const char* methodNameContent = (char*)getContentForVMAddr(layout, methodNameAddr);
+ if ( strcmp(methodNameContent, "load") == 0 ) {
+ return true;
+ }
+ }
+ }
+ }
+ else {
+
+ }
+ }
+
+ return false;
+#endif
+}
+
+bool MachOParser::getCDHash(uint8_t cdHash[20])
+{
+ Diagnostics diag;
+ LinkEditInfo leInfo;
+ getLinkEditPointers(diag, leInfo);
+ if ( diag.hasError() || (leInfo.codeSig == nullptr) )
+ return false;
+
+ return cdHashOfCodeSignature(getLinkEditContent(leInfo.layout, leInfo.codeSig->dataoff), leInfo.codeSig->datasize, cdHash);
+ }
+
+bool MachOParser::usesLibraryValidation() const
+{
+ Diagnostics diag;
+ LinkEditInfo leInfo;
+ getLinkEditPointers(diag, leInfo);
+ if ( diag.hasError() || (leInfo.codeSig == nullptr) )
+ return false;
+
+ const CS_CodeDirectory* cd = (const CS_CodeDirectory*)findCodeDirectoryBlob(getLinkEditContent(leInfo.layout, leInfo.codeSig->dataoff), leInfo.codeSig->datasize);
+ if ( cd == nullptr )
+ return false;
+
+ // check for CS_REQUIRE_LV in CS_CodeDirectory.flags
+ return (htonl(cd->flags) & CS_REQUIRE_LV);
+ }
+
+
+bool MachOParser::isRestricted() const
+{
+ __block bool result = false;
+ forEachSection(^(const char* segName, const char* sectionName, uint32_t flags, const void* content, size_t size, bool illegalSectionSize, bool& stop) {
+ if ( (strcmp(segName, "__RESTRICT") == 0) && (strcmp(sectionName, "__restrict") == 0) ) {
+ result = true;
+ stop = true;
+ }
+
+ });
+ return result;
+}
+
+bool MachOParser::hasCodeSignature(uint32_t& fileOffset, uint32_t& size)
+{
+ fileOffset = 0;
+ size = 0;
+
+ // <rdar://problem/13622786> ignore code signatures in macOS binaries built with pre-10.9 tools
+ Platform platform;
+ uint32_t minOS;
+ uint32_t sdk;
+ if ( getPlatformAndVersion(&platform, &minOS, &sdk) ) {
+ // if have LC_VERSION_MIN_MACOSX and it says SDK < 10.9, so ignore code signature
+ if ( (platform == Platform::macOS) && (sdk < 0x000A0900) )
+ return false;
+ }
+ else {
+ switch ( header()->cputype ) {
+ case CPU_TYPE_I386:
+ case CPU_TYPE_X86_64:
+ // old binary with no LC_VERSION_*, assume intel binaries are old macOS binaries (ignore code signature)
+ return false;
+ }
+ }
+
+ Diagnostics diag;
+ forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
+ if ( cmd->cmd == LC_CODE_SIGNATURE ) {
+ const linkedit_data_command* sigCmd = (linkedit_data_command*)cmd;
+ fileOffset = sigCmd->dataoff;
+ size = sigCmd->datasize;
+ stop = true;
+ }
+ });
+ diag.assertNoError(); // any malformations in the file should have been caught by earlier validate() call
+ return (fileOffset != 0);
+}
+
+bool MachOParser::getEntry(uint32_t& offset, bool& usesCRT)
+{
+ Diagnostics diag;
+ offset = 0;
+ forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
+ if ( cmd->cmd == LC_MAIN ) {
+ entry_point_command* mainCmd = (entry_point_command*)cmd;
+ usesCRT = false;
+ offset = (uint32_t)mainCmd->entryoff;
+ stop = true;
+ }
+ else if ( cmd->cmd == LC_UNIXTHREAD ) {
+ stop = true;
+ usesCRT = true;
+ const uint32_t* regs32 = (uint32_t*)(((char*)cmd) + 16);
+ const uint64_t* regs64 = (uint64_t*)(((char*)cmd) + 16);
+ uint64_t startAddress = 0;
+ switch ( header()->cputype ) {
+ case CPU_TYPE_I386:
+ startAddress = regs32[10]; // i386_thread_state_t.eip
+ break;
+ case CPU_TYPE_X86_64:
+ startAddress = regs64[16]; // x86_thread_state64_t.rip
+ break;
+ case CPU_TYPE_ARM:
+ startAddress = regs32[15]; // arm_thread_state_t.__pc
+ break;
+ case CPU_TYPE_ARM64:
+ startAddress = regs64[32]; // arm_thread_state64_t.__pc
+ break;
+ }
+ offset = (uint32_t)(startAddress - preferredLoadAddress());
+ }
+ });
+ diag.assertNoError(); // any malformations in the file should have been caught by earlier validate() call
+ // FIXME: validate offset is into executable segment
+ return (offset != 0);
+}
+
+bool MachOParser::canBePlacedInDyldCache(const std::string& path) const {
+ std::set<std::string> reasons;
+ return canBePlacedInDyldCache(path, reasons);
+}
+
+bool MachOParser::canBePlacedInDyldCache(const std::string& path, std::set<std::string>& reasons) const
+{
+ bool retval = true;
+ // only dylibs can go in cache
+ if ( fileType() != MH_DYLIB ) {
+ reasons.insert("Not MH_DYLIB");
+ return false; // cannot continue, installName() will assert() if not a dylib
+ }
+
+ // only dylibs built for /usr/lib or /System/Library can go in cache
+ const char* dylibName = installName();
+ if ( (strncmp(dylibName, "/usr/lib/", 9) != 0) && (strncmp(dylibName, "/System/Library/", 16) != 0) ) {
+ retval = false;
+ reasons.insert("Not in '/usr/lib/' or '/System/Library/'");
+ }
+
+ // flat namespace files cannot go in cache
+ if ( (header()->flags & MH_TWOLEVEL) == 0 ) {
+ retval = false;
+ reasons.insert("Not built with two level namespaces");
+ }
+
+ // don't put debug variants into dyld cache
+ if ( endsWith(path, "_profile.dylib") || endsWith(path, "_debug.dylib") || endsWith(path, "_profile") || endsWith(path, "_debug") || endsWith(path, "/CoreADI") ) {
+ retval = false;
+ reasons.insert("Variant image");
+ }
+
+ // dylib must have extra info for moving DATA and TEXT segments apart
+ __block bool hasExtraInfo = false;
+ __block bool hasDyldInfo = false;
+ Diagnostics diag;
+ forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
+ if ( cmd->cmd == LC_SEGMENT_SPLIT_INFO )
+ hasExtraInfo = true;
+ if ( cmd->cmd == LC_DYLD_INFO_ONLY )
+ hasDyldInfo = true;
+ });
+ if ( !hasExtraInfo ) {
+ retval = false;
+ reasons.insert("Missing split seg info");
+ }
+ if ( !hasDyldInfo ) {
+ retval = false;
+ reasons.insert("Old binary, missing dyld info");
+ }
+
+ // dylib can only depend on other dylibs in the shared cache
+ __block bool allDepPathsAreGood = true;
+ forEachDependentDylib(^(const char* loadPath, bool isWeak, bool isReExport, bool isUpward, uint32_t compatVersion, uint32_t curVersion, bool& stop) {
+ if ( (strncmp(loadPath, "/usr/lib/", 9) != 0) && (strncmp(loadPath, "/System/Library/", 16) != 0) ) {
+ allDepPathsAreGood = false;
+ stop = true;
+ }
+ });
+ if ( !allDepPathsAreGood ) {
+ retval = false;
+ reasons.insert("Depends on cache inelegible dylibs");
+ }
+
+ // dylibs with interposing info cannot be in cache
+ __block bool hasInterposing = false;
+ forEachInterposingTuple(diag, ^(uint32_t segIndex, uint64_t replacementSegOffset, uint64_t replaceeSegOffset, uint64_t replacementContent, bool& stop) {
+ hasInterposing = true;
+ });
+ if ( hasInterposing ) {
+ retval = false;
+ reasons.insert("Has interposing tuples");
+ }
+
+ return retval;
+}
+
+bool MachOParser::isDynamicExecutable() const
+{
+ if ( fileType() != MH_EXECUTE )
+ return false;
+
+ // static executables do not have dyld load command
+ __block bool hasDyldLoad = false;
+ Diagnostics diag;
+ forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
+ if ( cmd->cmd == LC_LOAD_DYLINKER ) {
+ hasDyldLoad = true;
+ stop = true;
+ }
+ });
+ return hasDyldLoad;
+}
+
+
+bool MachOParser::isSlideable() const
+{
+ if ( header()->filetype == MH_DYLIB )
+ return true;
+ if ( header()->filetype == MH_BUNDLE )
+ return true;
+ if ( (header()->filetype == MH_EXECUTE) && (header()->flags & MH_PIE) )
+ return true;
+
+ return false;
+}
+
+
+
+bool MachOParser::hasInitializer(Diagnostics& diag) const
+{
+ __block bool result = false;
+ forEachInitializer(diag, ^(uint32_t offset) {
+ result = true;
+ });
+ return result;
+}
+
+void MachOParser::forEachInitializer(Diagnostics& diag, void (^callback)(uint32_t offset)) const
+{
+ __block uint64_t textSegAddrStart = 0;
+ __block uint64_t textSegAddrEnd = 0;
+
+ forEachSegment(^(const char* segName, uint32_t fileOffset, uint32_t fileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, bool& stop) {
+ if ( strcmp(segName, "__TEXT") == 0 ) {
+ textSegAddrStart = vmAddr;
+ textSegAddrEnd = vmAddr + vmSize;
+ stop = true;
+ }
+ });
+ if ( textSegAddrStart == textSegAddrEnd ) {
+ diag.error("no __TEXT segment");
+ return;
+ }
+
+ // if dylib linked with -init linker option, that initializer is first
+ forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
+ if ( cmd->cmd == LC_ROUTINES ) {
+ const routines_command* routines = (routines_command*)cmd;
+ uint64_t dashInit = routines->init_address;
+ if ( (textSegAddrStart < dashInit) && (dashInit < textSegAddrEnd) )
+ callback((uint32_t)(dashInit - textSegAddrStart));
+ else
+ diag.error("-init does not point within __TEXT segment");
+ }
+ else if ( cmd->cmd == LC_ROUTINES_64 ) {
+ const routines_command_64* routines = (routines_command_64*)cmd;
+ uint64_t dashInit = routines->init_address;
+ if ( (textSegAddrStart < dashInit) && (dashInit < textSegAddrEnd) )
+ callback((uint32_t)(dashInit - textSegAddrStart));
+ else
+ diag.error("-init does not point within __TEXT segment");
+ }
+ });
+
+ // next any function pointers in mod-init section
+ bool p64 = is64();
+ unsigned pointerSize = p64 ? 8 : 4;
+ forEachSection(^(const char* segmentName, const char* sectionName, uint32_t flags, const void* content, size_t size, bool illegalSectionSize, bool& stop) {
+ if ( (flags & SECTION_TYPE) == S_MOD_INIT_FUNC_POINTERS ) {
+ if ( (size % pointerSize) != 0 ) {
+ diag.error("initializer section %s/%s has bad size", segmentName, sectionName);
+ stop = true;
+ return;
+ }
+ if ( illegalSectionSize ) {
+ diag.error("initializer section %s/%s extends beyond the end of the segment", segmentName, sectionName);
+ stop = true;
+ return;
+ }
+ if ( ((long)content % pointerSize) != 0 ) {
+ diag.error("initializer section %s/%s is not pointer aligned", segmentName, sectionName);
+ stop = true;
+ return;
+ }
+ if ( p64 ) {
+ const uint64_t* initsStart = (uint64_t*)content;
+ const uint64_t* initsEnd = (uint64_t*)((uint8_t*)content + size);
+ for (const uint64_t* p=initsStart; p < initsEnd; ++p) {
+ uint64_t anInit = *p;
+ if ( (anInit <= textSegAddrStart) || (anInit > textSegAddrEnd) ) {
+ diag.error("initializer 0x%0llX does not point within __TEXT segment", anInit);
+ stop = true;
+ break;
+ }
+ callback((uint32_t)(anInit - textSegAddrStart));
+ }
+ }
+ else {
+ const uint32_t* initsStart = (uint32_t*)content;
+ const uint32_t* initsEnd = (uint32_t*)((uint8_t*)content + size);
+ for (const uint32_t* p=initsStart; p < initsEnd; ++p) {
+ uint32_t anInit = *p;
+ if ( (anInit <= textSegAddrStart) || (anInit > textSegAddrEnd) ) {
+ diag.error("initializer 0x%0X does not point within __TEXT segment", anInit);
+ stop = true;
+ break;
+ }
+ callback(anInit - (uint32_t)textSegAddrStart);
+ }
+ }
+ }
+ });
+}
+
+void MachOParser::forEachDOFSection(Diagnostics& diag, void (^callback)(uint32_t offset)) const
+{
+ forEachSection(^(const char* segmentName, const char* sectionName, uint32_t flags, const void* content, size_t size, bool illegalSectionSize, bool& stop) {
+ if ( ( (flags & SECTION_TYPE) == S_DTRACE_DOF ) && !illegalSectionSize ) {
+ callback((uint32_t)((uintptr_t)content - (uintptr_t)header()));
+ }
+ });
+}
+
+
+uint32_t MachOParser::segmentCount() const
+{
+ __block uint32_t count = 0;
+ forEachSegment(^(const char* segName, uint32_t fileOffset, uint32_t fileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, bool& stop) {
+ ++count;
+ });
+ return count;
+}
+
+void MachOParser::forEachSegment(void (^callback)(const char* segName, uint32_t fileOffset, uint32_t fileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, uint32_t segIndex, uint64_t sizeOfSections, uint8_t p2align, bool& stop)) const
+{
+ Diagnostics diag;
+ __block uint32_t segIndex = 0;
+ forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
+ if ( cmd->cmd == LC_SEGMENT_64 ) {
+ const segment_command_64* segCmd = (segment_command_64*)cmd;
+ uint64_t sizeOfSections = segCmd->vmsize;
+ uint8_t p2align = 0;
+ const section_64* const sectionsStart = (section_64*)((char*)segCmd + sizeof(struct segment_command_64));
+ const section_64* const sectionsEnd = §ionsStart[segCmd->nsects];
+ for (const section_64* sect=sectionsStart; sect < sectionsEnd; ++sect) {
+ sizeOfSections = sect->addr + sect->size - segCmd->vmaddr;
+ if ( sect->align > p2align )
+ p2align = sect->align;
+ }
+ callback(segCmd->segname, (uint32_t)segCmd->fileoff, (uint32_t)segCmd->filesize, segCmd->vmaddr, segCmd->vmsize, segCmd->initprot, segIndex, sizeOfSections, p2align, stop);
+ ++segIndex;
+ }
+ else if ( cmd->cmd == LC_SEGMENT ) {
+ const segment_command* segCmd = (segment_command*)cmd;
+ uint64_t sizeOfSections = segCmd->vmsize;
+ uint8_t p2align = 0;
+ const section* const sectionsStart = (section*)((char*)segCmd + sizeof(struct segment_command));
+ const section* const sectionsEnd = §ionsStart[segCmd->nsects];
+ for (const section* sect=sectionsStart; sect < sectionsEnd; ++sect) {
+ sizeOfSections = sect->addr + sect->size - segCmd->vmaddr;
+ if ( sect->align > p2align )
+ p2align = sect->align;
+ }
+ callback(segCmd->segname, (uint32_t)segCmd->fileoff, (uint32_t)segCmd->filesize, segCmd->vmaddr, segCmd->vmsize, segCmd->initprot, segIndex, sizeOfSections, p2align, stop);
+ ++segIndex;
+ }
+ });
+ diag.assertNoError(); // any malformations in the file should have been caught by earlier validate() call
+}
+
+void MachOParser::forEachExportedSymbol(Diagnostics diag, void (^handler)(const char* symbolName, uint64_t imageOffset, bool isReExport, bool& stop)) const
+{
+ LinkEditInfo leInfo;
+ getLinkEditPointers(diag, leInfo);
+ if ( diag.hasError() )
+ return;
+
+ if ( leInfo.dyldInfo != nullptr ) {
+ const uint8_t* trieStart = getLinkEditContent(leInfo.layout, leInfo.dyldInfo->export_off);
+ const uint8_t* trieEnd = trieStart + leInfo.dyldInfo->export_size;
+ std::vector<ExportInfoTrie::Entry> exports;
+ if ( !ExportInfoTrie::parseTrie(trieStart, trieEnd, exports) ) {
+ diag.error("malformed exports trie");
+ return;
+ }
+ bool stop = false;
+ for (const ExportInfoTrie::Entry& exp : exports) {
+ bool isReExport = (exp.info.flags & EXPORT_SYMBOL_FLAGS_REEXPORT);
+ handler(exp.name.c_str(), exp.info.address, isReExport, stop);
+ if ( stop )
+ break;
+ }
+ }
+}
+
+bool MachOParser::invalidRebaseState(Diagnostics& diag, const char* opcodeName, const MachOParser::LinkEditInfo& leInfo,
+ bool segIndexSet, uint32_t pointerSize, uint8_t segmentIndex, uint64_t segmentOffset, uint8_t type) const
+{
+ if ( !segIndexSet ) {
+ diag.error("%s missing preceding REBASE_OPCODE_SET_SEGMENT_AND_OFFSET_ULEB", opcodeName);
+ return true;
+ }
+ if ( segmentIndex >= leInfo.layout.segmentCount ) {
+ diag.error("%s segment index %d too large", opcodeName, segmentIndex);
+ return true;
+ }
+ if ( segmentOffset > (leInfo.layout.segments[segmentIndex].segSize-pointerSize) ) {
+ diag.error("%s current segment offset 0x%08llX beyond segment size (0x%08llX)", opcodeName, segmentOffset, leInfo.layout.segments[segmentIndex].segSize);
+ return true;
+ }
+ switch ( type ) {
+ case REBASE_TYPE_POINTER:
+ if ( !leInfo.layout.segments[segmentIndex].writable ) {
+ diag.error("%s pointer rebase is in non-writable segment", opcodeName);
+ return true;
+ }
+ if ( leInfo.layout.segments[segmentIndex].executable ) {
+ diag.error("%s pointer rebase is in executable segment", opcodeName);
+ return true;
+ }
+ break;
+ case REBASE_TYPE_TEXT_ABSOLUTE32:
+ case REBASE_TYPE_TEXT_PCREL32:
+ if ( !leInfo.layout.segments[segmentIndex].textRelocsAllowed ) {
+ diag.error("%s text rebase is in segment that does not support text relocations", opcodeName);
+ return true;
+ }
+ if ( leInfo.layout.segments[segmentIndex].writable ) {
+ diag.error("%s text rebase is in writable segment", opcodeName);
+ return true;
+ }
+ if ( !leInfo.layout.segments[segmentIndex].executable ) {
+ diag.error("%s pointer rebase is in non-executable segment", opcodeName);
+ return true;
+ }
+ break;
+ default:
+ diag.error("%s unknown rebase type %d", opcodeName, type);
+ return true;
+ }
+ return false;
+}
+
+void MachOParser::forEachRebase(Diagnostics& diag, void (^handler)(uint32_t segIndex, uint64_t segOffset, uint8_t type, bool& stop)) const
+{
+ LinkEditInfo leInfo;
+ getLinkEditPointers(diag, leInfo);
+ if ( diag.hasError() )
+ return;
+
+ if ( leInfo.dyldInfo != nullptr ) {
+ // work around linker bug that laid down rebase opcodes for lazy pointer section when -bind_at_load used
+ __block int lpSegIndex = 0;
+ __block uint64_t lpSegOffsetStart = 0;
+ __block uint64_t lpSegOffsetEnd = 0;
+ bool hasWeakBinds = (leInfo.dyldInfo->weak_bind_size != 0);
+ if ( leInfo.dyldInfo->lazy_bind_size == 0 ) {
+ __block uint64_t lpAddr = 0;
+ __block uint64_t lpSize = 0;
+ forEachSection(^(const char* segName, const char* sectionName, uint32_t flags, uint64_t addr, const void* content, uint64_t size, uint32_t alignP2, uint32_t reserved1, uint32_t reserved2, bool illegalSectionSize, bool& sectStop) {
+ if ( (flags & SECTION_TYPE) == S_LAZY_SYMBOL_POINTERS ) {
+ lpAddr = addr;
+ lpSize = size;
+ sectStop = true;
+ }
+ });
+ forEachSegment(^(const char* segName, uint32_t fileOffset, uint32_t fileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, bool& segStop) {
+ if ( (vmAddr <= lpAddr) && (vmAddr+vmSize >= lpAddr+lpSize) ) {
+ lpSegOffsetStart = lpAddr - vmAddr;
+ lpSegOffsetEnd = lpSegOffsetStart + lpSize;
+ segStop = true;
+ return;
+ }
+ ++lpSegIndex;
+ });
+ }
+ // don't remove rebase if there is a weak-bind at pointer location
+ bool (^weakBindAt)(uint64_t segOffset) = ^(uint64_t segOffset) {
+ if ( !hasWeakBinds )
+ return false;
+ __block bool result = false;
+ Diagnostics weakDiag;
+ forEachWeakDef(weakDiag, ^(bool strongDef, uint32_t dataSegIndex, uint64_t dataSegOffset, uint64_t addend, const char* symbolName, bool& weakStop) {
+ if ( segOffset == dataSegOffset ) {
+ result = true;
+ weakStop = true;
+ }
+ });
+ return result;
+ };
+
+
+ const uint8_t* p = getLinkEditContent(leInfo.layout, leInfo.dyldInfo->rebase_off);
+ const uint8_t* end = p + leInfo.dyldInfo->rebase_size;
+ const uint32_t pointerSize = (is64() ? 8 : 4);
+ uint8_t type = 0;
+ int segIndex = 0;
+ uint64_t segOffset = 0;
+ uint64_t count;
+ uint64_t skip;
+ bool segIndexSet = false;
+ bool stop = false;
+ while ( !stop && diag.noError() && (p < end) ) {
+ uint8_t immediate = *p & REBASE_IMMEDIATE_MASK;
+ uint8_t opcode = *p & REBASE_OPCODE_MASK;
+ ++p;
+ switch (opcode) {
+ case REBASE_OPCODE_DONE:
+ stop = true;
+ break;
+ case REBASE_OPCODE_SET_TYPE_IMM:
+ type = immediate;
+ break;
+ case REBASE_OPCODE_SET_SEGMENT_AND_OFFSET_ULEB:
+ segIndex = immediate;
+ segOffset = read_uleb128(diag, p, end);
+ segIndexSet = true;
+ break;
+ case REBASE_OPCODE_ADD_ADDR_ULEB:
+ segOffset += read_uleb128(diag, p, end);
+ break;
+ case REBASE_OPCODE_ADD_ADDR_IMM_SCALED:
+ segOffset += immediate*pointerSize;
+ break;
+ case REBASE_OPCODE_DO_REBASE_IMM_TIMES:
+ for (int i=0; i < immediate; ++i) {
+ if ( invalidRebaseState(diag, "REBASE_OPCODE_DO_REBASE_IMM_TIMES", leInfo, segIndexSet, pointerSize, segIndex, segOffset, type) )
+ return;
+ if ( (segIndex != lpSegIndex) || (segOffset > lpSegOffsetEnd) || (segOffset < lpSegOffsetStart) || weakBindAt(segOffset) )
+ handler(segIndex, segOffset, type, stop);
+ segOffset += pointerSize;
+ }
+ break;
+ case REBASE_OPCODE_DO_REBASE_ULEB_TIMES:
+ count = read_uleb128(diag, p, end);
+ for (uint32_t i=0; i < count; ++i) {
+ if ( invalidRebaseState(diag, "REBASE_OPCODE_DO_REBASE_ADD_ADDR_ULEB", leInfo, segIndexSet, pointerSize, segIndex, segOffset, type) )
+ return;
+ if ( (segIndex != lpSegIndex) || (segOffset > lpSegOffsetEnd) || (segOffset < lpSegOffsetStart) || weakBindAt(segOffset) )
+ handler(segIndex, segOffset, type, stop);
+ segOffset += pointerSize;
+ }
+ break;
+ case REBASE_OPCODE_DO_REBASE_ADD_ADDR_ULEB:
+ if ( invalidRebaseState(diag, "REBASE_OPCODE_DO_REBASE_ADD_ADDR_ULEB", leInfo, segIndexSet, pointerSize, segIndex, segOffset, type) )
+ return;
+ handler(segIndex, segOffset, type, stop);
+ segOffset += read_uleb128(diag, p, end) + pointerSize;
+ break;
+ case REBASE_OPCODE_DO_REBASE_ULEB_TIMES_SKIPPING_ULEB:
+ count = read_uleb128(diag, p, end);
+ if ( diag.hasError() )
+ break;
+ skip = read_uleb128(diag, p, end);
+ for (uint32_t i=0; i < count; ++i) {
+ if ( invalidRebaseState(diag, "REBASE_OPCODE_DO_REBASE_ULEB_TIMES_SKIPPING_ULEB", leInfo, segIndexSet, pointerSize, segIndex, segOffset, type) )
+ return;
+ handler(segIndex, segOffset, type, stop);
+ segOffset += skip + pointerSize;
+ }
+ break;
+ default:
+ diag.error("unknown rebase opcode 0x%02X", opcode);
+ }
+ }
+ }
+ else {
+ // old binary
+ const relocation_info* const relocsStart = (relocation_info*)getLinkEditContent(leInfo.layout, leInfo.dynSymTab->locreloff);
+ const relocation_info* const relocsEnd = &relocsStart[leInfo.dynSymTab->nlocrel];
+ bool stop = false;
+ const uint8_t relocSize = (is64() ? 3 : 2);
+ for (const relocation_info* reloc=relocsStart; (reloc < relocsEnd) && !stop; ++reloc) {
+ if ( reloc->r_length != relocSize ) {
+ diag.error("local relocation has wrong r_length");
+ break;
+ }
+ if ( reloc->r_type != 0 ) { // 0 == X86_64_RELOC_UNSIGNED == GENERIC_RELOC_VANILLA == ARM64_RELOC_UNSIGNED
+ diag.error("local relocation has wrong r_type");
+ break;
+ }
+ doLocalReloc(diag, reloc->r_address, stop, handler);
+ }
+ // then process indirect symbols
+ forEachIndirectPointer(diag, ^(uint32_t segIndex, uint64_t segOffset, bool bind, int bindLibOrdinal,
+ const char* bindSymbolName, bool bindWeakImport, bool bindLazy, bool selfModifyingStub, bool& indStop) {
+ if ( !bind && !bindLazy )
+ handler(segIndex, segOffset, REBASE_TYPE_POINTER, indStop);
+ });
+ }
+}
+
+bool MachOParser::doLocalReloc(Diagnostics& diag, uint32_t r_address, bool& stop, void (^handler)(uint32_t segIndex, uint64_t segOffset, uint8_t type, bool& stop)) const
+{
+ bool firstWritable = (header()->cputype == CPU_TYPE_X86_64);
+ __block uint64_t relocBaseAddress = 0;
+ __block bool baseFound = false;
+ __block uint32_t segIndex = 0;
+ forEachSegment(^(const char* segName, uint32_t fileOffset, uint32_t fileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, bool &stopSeg) {
+ if ( !baseFound ) {
+ if ( !firstWritable || (protections & VM_PROT_WRITE) ) {
+ baseFound = true;
+ relocBaseAddress = vmAddr;
+ }
+ }
+ if ( baseFound && (vmAddr < relocBaseAddress+r_address) && (relocBaseAddress+r_address < vmAddr+vmSize) ) {
+ uint8_t type = REBASE_TYPE_POINTER;
+ uint64_t segOffset = relocBaseAddress + r_address - vmAddr;
+ handler(segIndex, segOffset, type, stop);
+ stopSeg = true;
+ }
+ ++segIndex;
+ });
+
+ return false;
+}
+
+int MachOParser::libOrdinalFromDesc(uint16_t n_desc) const
+{
+ // -flat_namespace is always flat lookup
+ if ( (header()->flags & MH_TWOLEVEL) == 0 )
+ return BIND_SPECIAL_DYLIB_FLAT_LOOKUP;
+
+ // extract byte from undefined symbol entry
+ int libIndex = GET_LIBRARY_ORDINAL(n_desc);
+ switch ( libIndex ) {
+ case SELF_LIBRARY_ORDINAL:
+ return BIND_SPECIAL_DYLIB_SELF;
+
+ case DYNAMIC_LOOKUP_ORDINAL:
+ return BIND_SPECIAL_DYLIB_FLAT_LOOKUP;
+
+ case EXECUTABLE_ORDINAL:
+ return BIND_SPECIAL_DYLIB_MAIN_EXECUTABLE;
+ }
+
+ return libIndex;
+}
+
+bool MachOParser::doExternalReloc(Diagnostics& diag, uint32_t r_address, uint32_t r_symbolnum, LinkEditInfo& leInfo, bool& stop,
+ void (^handler)(uint32_t dataSegIndex, uint64_t dataSegOffset, uint8_t type, int libOrdinal,
+ uint64_t addend, const char* symbolName, bool weakImport, bool lazy, bool& stop)) const
+{
+ const bool firstWritable = (header()->cputype == CPU_TYPE_X86_64);
+ const bool is64Bit = is64();
+ __block uint64_t relocBaseAddress = 0;
+ __block bool baseFound = false;
+ __block uint32_t segIndex = 0;
+ forEachSegment(^(const char* segName, uint32_t fileOffset, uint32_t fileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, bool &stopSeg) {
+ if ( !baseFound ) {
+ if ( !firstWritable || (protections & VM_PROT_WRITE) ) {
+ baseFound = true;
+ relocBaseAddress = vmAddr;
+ }
+ }
+ if ( baseFound && (vmAddr < relocBaseAddress+r_address) && (relocBaseAddress+r_address < vmAddr+vmSize) ) {
+ uint8_t type = BIND_TYPE_POINTER;
+ uint64_t segOffset = relocBaseAddress + r_address - vmAddr;
+ const void* symbolTable = getLinkEditContent(leInfo.layout, leInfo.symTab->symoff);
+ const struct nlist_64* symbols64 = (nlist_64*)symbolTable;
+ const struct nlist* symbols32 = (struct nlist*)symbolTable;
+ const char* stringPool = (char*)getLinkEditContent(leInfo.layout, leInfo.symTab->stroff);
+ uint32_t symCount = leInfo.symTab->nsyms;
+ uint32_t poolSize = leInfo.symTab->strsize;
+ if ( r_symbolnum < symCount ) {
+ uint16_t n_desc = is64Bit ? symbols64[r_symbolnum].n_desc : symbols32[r_symbolnum].n_desc;
+ uint32_t libOrdinal = libOrdinalFromDesc(n_desc);
+ uint32_t strOffset = is64Bit ? symbols64[r_symbolnum].n_un.n_strx : symbols32[r_symbolnum].n_un.n_strx;
+ if ( strOffset < poolSize ) {
+ const char* symbolName = stringPool + strOffset;
+ bool weakImport = (n_desc & N_WEAK_REF);
+ bool lazy = false;
+ uint64_t addend = is64Bit ? (*((uint64_t*)((char*)header()+fileOffset+segOffset))) : (*((uint32_t*)((char*)header()+fileOffset+segOffset)));
+ handler(segIndex, segOffset, type, libOrdinal, addend, symbolName, weakImport, lazy, stop);
+ stopSeg = true;
+ }
+ }
+ }
+ ++segIndex;
+ });
+
+ return false;
+}
+
+bool MachOParser::invalidBindState(Diagnostics& diag, const char* opcodeName, const LinkEditInfo& leInfo, bool segIndexSet, bool libraryOrdinalSet,
+ uint32_t dylibCount, int libOrdinal, uint32_t pointerSize, uint8_t segmentIndex, uint64_t segmentOffset, uint8_t type, const char* symbolName) const
+{
+ if ( !segIndexSet ) {
+ diag.error("%s missing preceding BIND_OPCODE_SET_SEGMENT_AND_OFFSET_ULEB", opcodeName);
+ return true;
+ }
+ if ( segmentIndex >= leInfo.layout.segmentCount ) {
+ diag.error("%s segment index %d too large", opcodeName, segmentIndex);
+ return true;
+ }
+ if ( segmentOffset > (leInfo.layout.segments[segmentIndex].segSize-pointerSize) ) {
+ diag.error("%s current segment offset 0x%08llX beyond segment size (0x%08llX)", opcodeName, segmentOffset, leInfo.layout.segments[segmentIndex].segSize);
+ return true;
+ }
+ if ( symbolName == NULL ) {
+ diag.error("%s missing preceding BIND_OPCODE_SET_SYMBOL_TRAILING_FLAGS_IMM", opcodeName);
+ return true;
+ }
+ if ( !libraryOrdinalSet ) {
+ diag.error("%s missing preceding BIND_OPCODE_SET_DYLIB_ORDINAL", opcodeName);
+ return true;
+ }
+ if ( libOrdinal > (int)dylibCount ) {
+ diag.error("%s has library ordinal too large (%d) max (%d)", opcodeName, libOrdinal, dylibCount);
+ return true;
+ }
+ if ( libOrdinal < -2 ) {
+ diag.error("%s has unknown library special ordinal (%d)", opcodeName, libOrdinal);
+ return true;
+ }
+ switch ( type ) {
+ case BIND_TYPE_POINTER:
+ if ( !leInfo.layout.segments[segmentIndex].writable ) {
+ diag.error("%s pointer bind is in non-writable segment", opcodeName);
+ return true;
+ }
+ if ( leInfo.layout.segments[segmentIndex].executable ) {
+ diag.error("%s pointer bind is in executable segment", opcodeName);
+ return true;
+ }
+ break;
+ case BIND_TYPE_TEXT_ABSOLUTE32:
+ case BIND_TYPE_TEXT_PCREL32:
+ if ( !leInfo.layout.segments[segmentIndex].textRelocsAllowed ) {
+ diag.error("%s text bind is in segment that does not support text relocations", opcodeName);
+ return true;
+ }
+ if ( leInfo.layout.segments[segmentIndex].writable ) {
+ diag.error("%s text bind is in writable segment", opcodeName);
+ return true;
+ }
+ if ( !leInfo.layout.segments[segmentIndex].executable ) {
+ diag.error("%s pointer bind is in non-executable segment", opcodeName);
+ return true;
+ }
+ break;
+ default:
+ diag.error("%s unknown bind type %d", opcodeName, type);
+ return true;
+ }
+ return false;
+}
+
+void MachOParser::forEachBind(Diagnostics& diag, void (^handler)(uint32_t dataSegIndex, uint64_t dataSegOffset, uint8_t type,
+ int libOrdinal, uint64_t addend, const char* symbolName, bool weakImport, bool lazy, bool& stop)) const
+{
+ LinkEditInfo leInfo;
+ getLinkEditPointers(diag, leInfo);
+ if ( diag.hasError() )
+ return;
+ const uint32_t dylibCount = dependentDylibCount();
+
+ if ( leInfo.dyldInfo != nullptr ) {
+ // process bind opcodes
+ const uint8_t* p = getLinkEditContent(leInfo.layout, leInfo.dyldInfo->bind_off);
+ const uint8_t* end = p + leInfo.dyldInfo->bind_size;
+ const uint32_t pointerSize = (is64() ? 8 : 4);
+ uint8_t type = 0;
+ uint64_t segmentOffset = 0;
+ uint8_t segmentIndex = 0;
+ const char* symbolName = NULL;
+ int libraryOrdinal = 0;
+ bool segIndexSet = false;
+ bool libraryOrdinalSet = false;
+
+ int64_t addend = 0;
+ uint64_t count;
+ uint64_t skip;
+ bool weakImport = false;
+ bool done = false;
+ bool stop = false;
+ while ( !done && !stop && diag.noError() && (p < end) ) {
+ uint8_t immediate = *p & BIND_IMMEDIATE_MASK;
+ uint8_t opcode = *p & BIND_OPCODE_MASK;
+ ++p;
+ switch (opcode) {
+ case BIND_OPCODE_DONE:
+ done = true;
+ break;
+ case BIND_OPCODE_SET_DYLIB_ORDINAL_IMM:
+ libraryOrdinal = immediate;
+ libraryOrdinalSet = true;
+ break;
+ case BIND_OPCODE_SET_DYLIB_ORDINAL_ULEB:
+ libraryOrdinal = (int)read_uleb128(diag, p, end);
+ libraryOrdinalSet = true;
+ break;
+ case BIND_OPCODE_SET_DYLIB_SPECIAL_IMM:
+ // the special ordinals are negative numbers
+ if ( immediate == 0 )
+ libraryOrdinal = 0;
+ else {
+ int8_t signExtended = BIND_OPCODE_MASK | immediate;
+ libraryOrdinal = signExtended;
+ }
+ libraryOrdinalSet = true;
+ break;
+ case BIND_OPCODE_SET_SYMBOL_TRAILING_FLAGS_IMM:
+ weakImport = ( (immediate & BIND_SYMBOL_FLAGS_WEAK_IMPORT) != 0 );
+ symbolName = (char*)p;
+ while (*p != '\0')
+ ++p;
+ ++p;
+ break;
+ case BIND_OPCODE_SET_TYPE_IMM:
+ type = immediate;
+ break;
+ case BIND_OPCODE_SET_ADDEND_SLEB:
+ addend = read_sleb128(diag, p, end);
+ break;
+ case BIND_OPCODE_SET_SEGMENT_AND_OFFSET_ULEB:
+ segmentIndex = immediate;
+ segmentOffset = read_uleb128(diag, p, end);
+ segIndexSet = true;
+ break;
+ case BIND_OPCODE_ADD_ADDR_ULEB:
+ segmentOffset += read_uleb128(diag, p, end);
+ break;
+ case BIND_OPCODE_DO_BIND:
+ if ( invalidBindState(diag, "BIND_OPCODE_DO_BIND", leInfo, segIndexSet, libraryOrdinalSet, dylibCount, libraryOrdinal, pointerSize, segmentIndex, segmentOffset, type, symbolName) )
+ return;
+ handler(segmentIndex, segmentOffset, type, libraryOrdinal, addend, symbolName, weakImport, false, stop);
+ segmentOffset += pointerSize;
+ break;
+ case BIND_OPCODE_DO_BIND_ADD_ADDR_ULEB:
+ if ( invalidBindState(diag, "BIND_OPCODE_DO_BIND_ADD_ADDR_ULEB", leInfo, segIndexSet, libraryOrdinalSet, dylibCount, libraryOrdinal, pointerSize, segmentIndex, segmentOffset, type, symbolName) )
+ return;
+ handler(segmentIndex, segmentOffset, type, libraryOrdinal, addend, symbolName, weakImport, false, stop);
+ segmentOffset += read_uleb128(diag, p, end) + pointerSize;
+ break;
+ case BIND_OPCODE_DO_BIND_ADD_ADDR_IMM_SCALED:
+ if ( invalidBindState(diag, "BIND_OPCODE_DO_BIND_ADD_ADDR_IMM_SCALED", leInfo, segIndexSet, libraryOrdinalSet, dylibCount, libraryOrdinal, pointerSize, segmentIndex, segmentOffset, type, symbolName) )
+ return;
+ handler(segmentIndex, segmentOffset, type, libraryOrdinal, addend, symbolName, weakImport, false, stop);
+ segmentOffset += immediate*pointerSize + pointerSize;
+ break;
+ case BIND_OPCODE_DO_BIND_ULEB_TIMES_SKIPPING_ULEB:
+ count = read_uleb128(diag, p, end);
+ skip = read_uleb128(diag, p, end);
+ for (uint32_t i=0; i < count; ++i) {
+ if ( invalidBindState(diag, "BIND_OPCODE_DO_BIND_ULEB_TIMES_SKIPPING_ULEB", leInfo, segIndexSet, libraryOrdinalSet, dylibCount, libraryOrdinal, pointerSize, segmentIndex, segmentOffset, type, symbolName) )
+ return;
+ handler(segmentIndex, segmentOffset, type, libraryOrdinal, addend, symbolName, weakImport, false, stop);
+ segmentOffset += skip + pointerSize;
+ }
+ break;
+ default:
+ diag.error("bad bind opcode 0x%02X", *p);
+ }
+ }
+ if ( diag.hasError() || stop )
+ return;
+ // process lazy bind opcodes
+ if ( leInfo.dyldInfo->lazy_bind_size != 0 ) {
+ p = getLinkEditContent(leInfo.layout, leInfo.dyldInfo->lazy_bind_off);
+ end = p + leInfo.dyldInfo->lazy_bind_size;
+ type = BIND_TYPE_POINTER;
+ segmentOffset = 0;
+ segmentIndex = 0;
+ symbolName = NULL;
+ libraryOrdinal = 0;
+ segIndexSet = false;
+ libraryOrdinalSet= false;
+ addend = 0;
+ weakImport = false;
+ stop = false;
+ while ( !stop && diag.noError() && (p < end) ) {
+ uint8_t immediate = *p & BIND_IMMEDIATE_MASK;
+ uint8_t opcode = *p & BIND_OPCODE_MASK;
+ ++p;
+ switch (opcode) {
+ case BIND_OPCODE_DONE:
+ // this opcode marks the end of each lazy pointer binding
+ break;
+ case BIND_OPCODE_SET_DYLIB_ORDINAL_IMM:
+ libraryOrdinal = immediate;
+ libraryOrdinalSet = true;
+ break;
+ case BIND_OPCODE_SET_DYLIB_ORDINAL_ULEB:
+ libraryOrdinal = (int)read_uleb128(diag, p, end);
+ libraryOrdinalSet = true;
+ break;
+ case BIND_OPCODE_SET_DYLIB_SPECIAL_IMM:
+ // the special ordinals are negative numbers
+ if ( immediate == 0 )
+ libraryOrdinal = 0;
+ else {
+ int8_t signExtended = BIND_OPCODE_MASK | immediate;
+ libraryOrdinal = signExtended;
+ }
+ libraryOrdinalSet = true;
+ break;
+ case BIND_OPCODE_SET_SYMBOL_TRAILING_FLAGS_IMM:
+ weakImport = ( (immediate & BIND_SYMBOL_FLAGS_WEAK_IMPORT) != 0 );
+ symbolName = (char*)p;
+ while (*p != '\0')
+ ++p;
+ ++p;
+ break;
+ case BIND_OPCODE_SET_ADDEND_SLEB:
+ addend = read_sleb128(diag, p, end);
+ break;
+ case BIND_OPCODE_SET_SEGMENT_AND_OFFSET_ULEB:
+ segmentIndex = immediate;
+ segmentOffset = read_uleb128(diag, p, end);
+ segIndexSet = true;
+ break;
+ case BIND_OPCODE_DO_BIND:
+ if ( invalidBindState(diag, "BIND_OPCODE_DO_BIND", leInfo, segIndexSet, libraryOrdinalSet, dylibCount, libraryOrdinal, pointerSize, segmentIndex, segmentOffset, type, symbolName) )
+ return;
+ handler(segmentIndex, segmentOffset, type, libraryOrdinal, addend, symbolName, weakImport, true, stop);
+ segmentOffset += pointerSize;
+ break;
+ case BIND_OPCODE_SET_TYPE_IMM:
+ case BIND_OPCODE_ADD_ADDR_ULEB:
+ case BIND_OPCODE_DO_BIND_ADD_ADDR_ULEB:
+ case BIND_OPCODE_DO_BIND_ADD_ADDR_IMM_SCALED:
+ case BIND_OPCODE_DO_BIND_ULEB_TIMES_SKIPPING_ULEB:
+ default:
+ diag.error("bad lazy bind opcode 0x%02X", opcode);
+ break;
+ }
+ }
+ }
+ }
+ else {
+ // old binary, first process relocation
+ const relocation_info* const relocsStart = (relocation_info*)getLinkEditContent(leInfo.layout, leInfo.dynSymTab->extreloff);
+ const relocation_info* const relocsEnd = &relocsStart[leInfo.dynSymTab->nextrel];
+ bool stop = false;
+ const uint8_t relocSize = (is64() ? 3 : 2);
+ for (const relocation_info* reloc=relocsStart; (reloc < relocsEnd) && !stop; ++reloc) {
+ if ( reloc->r_length != relocSize ) {
+ diag.error("external relocation has wrong r_length");
+ break;
+ }
+ if ( reloc->r_type != 0 ) { // 0 == X86_64_RELOC_UNSIGNED == GENERIC_RELOC_VANILLA == ARM64_RELOC_UNSIGNED
+ diag.error("external relocation has wrong r_type");
+ break;
+ }
+ doExternalReloc(diag, reloc->r_address, reloc->r_symbolnum, leInfo, stop, handler);
+ }
+ // then process indirect symbols
+ forEachIndirectPointer(diag, ^(uint32_t segIndex, uint64_t segOffset, bool bind, int bindLibOrdinal,
+ const char* bindSymbolName, bool bindWeakImport, bool bindLazy, bool selfModifyingStub, bool& indStop) {
+ if ( bind )
+ handler(segIndex, segOffset, (selfModifyingStub ? BIND_TYPE_IMPORT_JMP_REL32 : BIND_TYPE_POINTER), bindLibOrdinal, 0, bindSymbolName, bindWeakImport, bindLazy, indStop);
+ });
+ }
+}
+
+
+void MachOParser::forEachWeakDef(Diagnostics& diag, void (^handler)(bool strongDef, uint32_t dataSegIndex, uint64_t dataSegOffset,
+ uint64_t addend, const char* symbolName, bool& stop)) const
+{
+ LinkEditInfo leInfo;
+ getLinkEditPointers(diag, leInfo);
+ if ( diag.hasError() )
+ return;
+
+ const uint32_t dylibCount = dependentDylibCount();
+ if ( leInfo.dyldInfo != nullptr ) {
+ // process weak bind opcodes
+ const uint8_t* p = getLinkEditContent(leInfo.layout, leInfo.dyldInfo->weak_bind_off);
+ const uint8_t* end = p + leInfo.dyldInfo->weak_bind_size;
+ const uint32_t pointerSize = (is64() ? 8 : 4);
+ uint8_t type = 0;
+ uint64_t segmentOffset = 0;
+ uint8_t segmentIndex = 0;
+ const char* symbolName = NULL;
+ int64_t addend = 0;
+ uint64_t count;
+ uint64_t skip;
+ bool segIndexSet = false;
+ bool done = false;
+ bool stop = false;
+ while ( !done && !stop && diag.noError() && (p < end) ) {
+ uint8_t immediate = *p & BIND_IMMEDIATE_MASK;
+ uint8_t opcode = *p & BIND_OPCODE_MASK;
+ ++p;
+ switch (opcode) {
+ case BIND_OPCODE_DONE:
+ done = true;
+ break;
+ case BIND_OPCODE_SET_DYLIB_ORDINAL_IMM:
+ case BIND_OPCODE_SET_DYLIB_ORDINAL_ULEB:
+ case BIND_OPCODE_SET_DYLIB_SPECIAL_IMM:
+ diag.error("unexpected dylib ordinal in weak binding info");
+ return;
+ case BIND_OPCODE_SET_SYMBOL_TRAILING_FLAGS_IMM:
+ symbolName = (char*)p;
+ while (*p != '\0')
+ ++p;
+ ++p;
+ if ( (immediate & BIND_SYMBOL_FLAGS_NON_WEAK_DEFINITION) != 0 )
+ handler(true, 0, 0, 0, symbolName, stop);
+ break;
+ case BIND_OPCODE_SET_TYPE_IMM:
+ type = immediate;
+ break;
+ case BIND_OPCODE_SET_ADDEND_SLEB:
+ addend = read_sleb128(diag, p, end);
+ break;
+ case BIND_OPCODE_SET_SEGMENT_AND_OFFSET_ULEB:
+ segmentIndex = immediate;
+ segmentOffset = read_uleb128(diag, p, end);
+ segIndexSet = true;
+ break;
+ case BIND_OPCODE_ADD_ADDR_ULEB:
+ segmentOffset += read_uleb128(diag, p, end);
+ break;
+ case BIND_OPCODE_DO_BIND:
+ if ( invalidBindState(diag, "BIND_OPCODE_DO_BIND", leInfo, segIndexSet, true, dylibCount, -2, pointerSize, segmentIndex, segmentOffset, type, symbolName) )
+ return;
+ handler(false, segmentIndex, segmentOffset, addend, symbolName, stop);
+ segmentOffset += pointerSize;
+ break;
+ case BIND_OPCODE_DO_BIND_ADD_ADDR_ULEB:
+ if ( invalidBindState(diag, "BIND_OPCODE_DO_BIND", leInfo, segIndexSet, true, dylibCount, -2, pointerSize, segmentIndex, segmentOffset, type, symbolName) )
+ return;
+ handler(false, segmentIndex, segmentOffset, addend, symbolName, stop);
+ segmentOffset += read_uleb128(diag, p, end) + pointerSize;
+ break;
+ case BIND_OPCODE_DO_BIND_ADD_ADDR_IMM_SCALED:
+ if ( invalidBindState(diag, "BIND_OPCODE_DO_BIND", leInfo, segIndexSet, true, dylibCount, -2, pointerSize, segmentIndex, segmentOffset, type, symbolName) )
+ return;
+ handler(false, segmentIndex, segmentOffset, addend, symbolName, stop);
+ segmentOffset += immediate*pointerSize + pointerSize;
+ break;
+ case BIND_OPCODE_DO_BIND_ULEB_TIMES_SKIPPING_ULEB:
+ count = read_uleb128(diag, p, end);
+ skip = read_uleb128(diag, p, end);
+ for (uint32_t i=0; i < count; ++i) {
+ if ( invalidBindState(diag, "BIND_OPCODE_DO_BIND", leInfo, segIndexSet, true, dylibCount, -2, pointerSize, segmentIndex, segmentOffset, type, symbolName) )
+ return;
+ handler(false, segmentIndex, segmentOffset, addend, symbolName, stop);
+ segmentOffset += skip + pointerSize;
+ }
+ break;
+ default:
+ diag.error("bad weak bind opcode 0x%02X", *p);
+ }
+ }
+ if ( diag.hasError() || stop )
+ return;
+ }
+ else {
+ // old binary
+ //assert(0 && "weak defs not supported for old binaries yet");
+ }
+}
+
+
+
+void MachOParser::forEachIndirectPointer(Diagnostics& diag, void (^handler)(uint32_t dataSegIndex, uint64_t dataSegOffset, bool bind, int bindLibOrdinal,
+ const char* bindSymbolName, bool bindWeakImport, bool bindLazy, bool selfModifyingStub, bool& stop)) const
+{
+ LinkEditInfo leInfo;
+ getLinkEditPointers(diag, leInfo);
+ if ( diag.hasError() )
+ return;
+
+ // find lazy and non-lazy pointer sections
+ const bool is64Bit = is64();
+ const uint32_t* const indirectSymbolTable = (uint32_t*)getLinkEditContent(leInfo.layout, leInfo.dynSymTab->indirectsymoff);
+ const uint32_t indirectSymbolTableCount = leInfo.dynSymTab->nindirectsyms;
+ const uint32_t pointerSize = is64Bit ? 8 : 4;
+ const void* symbolTable = getLinkEditContent(leInfo.layout, leInfo.symTab->symoff);
+ const struct nlist_64* symbols64 = (nlist_64*)symbolTable;
+ const struct nlist* symbols32 = (struct nlist*)symbolTable;
+ const char* stringPool = (char*)getLinkEditContent(leInfo.layout, leInfo.symTab->stroff);
+ uint32_t symCount = leInfo.symTab->nsyms;
+ uint32_t poolSize = leInfo.symTab->strsize;
+ __block bool stop = false;
+ forEachSection(^(const char* segName, const char* sectionName, uint32_t flags, uint64_t addr, const void* content,
+ uint64_t size, uint32_t alignP2, uint32_t reserved1, uint32_t reserved2, bool illegalSectionSize, bool& sectionStop) {
+ uint8_t sectionType = (flags & SECTION_TYPE);
+ if ( (sectionType != S_LAZY_SYMBOL_POINTERS) && (sectionType != S_NON_LAZY_SYMBOL_POINTERS) && (sectionType != S_SYMBOL_STUBS) )
+ return;
+ bool selfModifyingStub = (sectionType == S_SYMBOL_STUBS) && (flags & S_ATTR_SELF_MODIFYING_CODE) && (reserved2 == 5) && (header()->cputype == CPU_TYPE_I386);
+ if ( (flags & S_ATTR_SELF_MODIFYING_CODE) && !selfModifyingStub ) {
+ diag.error("S_ATTR_SELF_MODIFYING_CODE section type only valid in old i386 binaries");
+ sectionStop = true;
+ return;
+ }
+ uint32_t elementSize = selfModifyingStub ? reserved2 : pointerSize;
+ uint32_t elementCount = (uint32_t)(size/elementSize);
+ if (greaterThanAddOrOverflow(reserved1, elementCount, indirectSymbolTableCount)) {
+ diag.error("section %s overflows indirect symbol table", sectionName);
+ sectionStop = true;
+ return;
+ }
+ __block uint32_t index = 0;
+ __block uint32_t segIndex = 0;
+ __block uint64_t sectionSegOffset;
+ forEachSegment(^(const char* segmentName, uint32_t fileOffset, uint32_t fileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, bool &segStop) {
+ if ( (vmAddr <= addr) && (addr < vmAddr+vmSize) ) {
+ sectionSegOffset = addr - vmAddr;
+ segIndex = index;
+ segStop = true;
+ }
+ ++index;
+ });
+
+ for (int i=0; (i < elementCount) && !stop; ++i) {
+ uint32_t symNum = indirectSymbolTable[reserved1 + i];
+ if ( symNum == INDIRECT_SYMBOL_ABS )
+ continue;
+ uint64_t segOffset = sectionSegOffset+i*elementSize;
+ if ( symNum == INDIRECT_SYMBOL_LOCAL ) {
+ handler(segIndex, segOffset, false, 0, "", false, false, false, stop);
+ continue;
+ }
+ if ( symNum > symCount ) {
+ diag.error("indirect symbol[%d] = %d which is invalid symbol index", reserved1 + i, symNum);
+ sectionStop = true;
+ return;
+ }
+ uint16_t n_desc = is64Bit ? symbols64[symNum].n_desc : symbols32[symNum].n_desc;
+ uint32_t libOrdinal = libOrdinalFromDesc(n_desc);
+ uint32_t strOffset = is64Bit ? symbols64[symNum].n_un.n_strx : symbols32[symNum].n_un.n_strx;
+ if ( strOffset > poolSize ) {
+ diag.error("symbol[%d] string offset out of range", reserved1 + i);
+ sectionStop = true;
+ return;
+ }
+ const char* symbolName = stringPool + strOffset;
+ bool weakImport = (n_desc & N_WEAK_REF);
+ bool lazy = (sectionType == S_LAZY_SYMBOL_POINTERS);
+ handler(segIndex, segOffset, true, libOrdinal, symbolName, weakImport, lazy, selfModifyingStub, stop);
+ }
+ sectionStop = stop;
+ });
+}
+
+void MachOParser::forEachInterposingTuple(Diagnostics& diag, void (^handler)(uint32_t segIndex, uint64_t replacementSegOffset, uint64_t replaceeSegOffset, uint64_t replacementContent, bool& stop)) const
+{
+ const bool is64Bit = is64();
+ const unsigned entrySize = is64Bit ? 16 : 8;
+ const unsigned pointerSize = is64Bit ? 8 : 4;
+ forEachSection(^(const char* segmentName, const char* sectionName, uint32_t flags, uint64_t addr, const void* content, uint64_t size, uint32_t alignP2, uint32_t reserved1, uint32_t reserved2, bool illegalSectionSize, bool& secStop) {
+ if ( ((flags & SECTION_TYPE) == S_INTERPOSING) || ((strcmp(sectionName, "__interpose") == 0) && (strcmp(segmentName, "__DATA") == 0)) ) {
+ if ( (size % entrySize) != 0 ) {
+ diag.error("interposing section %s/%s has bad size", segmentName, sectionName);
+ secStop = true;
+ return;
+ }
+ if ( illegalSectionSize ) {
+ diag.error("interposing section %s/%s extends beyond the end of the segment", segmentName, sectionName);
+ secStop = true;
+ return;
+ }
+ if ( ((long)content % pointerSize) != 0 ) {
+ diag.error("interposing section %s/%s is not pointer aligned", segmentName, sectionName);
+ secStop = true;
+ return;
+ }
+ __block uint32_t sectionSegIndex = 0;
+ __block uint64_t sectionSegOffset = 0;
+ forEachSegment(^(const char* segName, uint32_t fileOffset, uint32_t fileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, uint32_t segIndex, uint64_t sizeOfSections, uint8_t p2align, bool& segStop) {
+ if ( (vmAddr <= addr) && (addr < vmAddr+vmSize) ) {
+ sectionSegIndex = segIndex;
+ sectionSegOffset = addr - vmAddr;
+ segStop = true;
+ }
+ });
+ if ( sectionSegIndex == 0 ) {
+ diag.error("interposing section %s/%s is not in a segment", segmentName, sectionName);
+ secStop = true;
+ return;
+ }
+ uint32_t offset = 0;
+ bool tupleStop = false;
+ for (int i=0; i < (size/entrySize); ++i) {
+ uint64_t replacementContent = is64Bit ? (*(uint64_t*)((char*)content + offset)) : (*(uint32_t*)((char*)content + offset));
+ handler(sectionSegIndex, sectionSegOffset+offset, sectionSegOffset+offset+pointerSize, replacementContent, tupleStop);
+ offset += entrySize;
+ if ( tupleStop )
+ break;
+ }
+ }
+ });
+}
+
+
+const void* MachOParser::content(uint64_t vmOffset)
+{
+ __block const void* result = nullptr;
+ __block uint32_t firstSegFileOffset = 0;
+ __block uint64_t firstSegVmAddr = 0;
+ if ( isRaw() ) {
+ forEachSegment(^(const char* segName, uint32_t fileOffset, uint32_t fileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, uint32_t segIndex, uint64_t sizeOfSections, uint8_t p2align, bool &stop) {
+ if ( firstSegFileOffset == 0) {
+ if ( fileSize == 0 )
+ return; // skip __PAGEZERO
+ firstSegFileOffset = fileOffset;
+ firstSegVmAddr = vmAddr;
+ }
+ uint64_t segVmOffset = vmAddr - firstSegVmAddr;
+ if ( (vmOffset >= segVmOffset) && (vmOffset < segVmOffset+vmSize) ) {
+ result = (char*)(header()) + (fileOffset - firstSegFileOffset) + (vmOffset - segVmOffset);
+ stop = true;
+ }
+ });
+ }
+ else if ( inRawCache() ) {
+ forEachSegment(^(const char* segName, uint32_t fileOffset, uint32_t fileSize, uint64_t vmAddr, uint64_t vmSize, uint8_t protections, uint32_t segIndex, uint64_t sizeOfSections, uint8_t p2align, bool &stop) {
+ if ( firstSegFileOffset == 0 ) {
+ firstSegFileOffset = fileOffset;
+ firstSegVmAddr = vmAddr;
+ }
+ uint64_t segVmOffset = vmAddr - firstSegVmAddr;
+ if ( (vmOffset >= segVmOffset) && (vmOffset < segVmOffset+vmSize) ) {
+ result = (char*)(header()) + (fileOffset - firstSegFileOffset) + (vmOffset - segVmOffset);
+ stop = true;
+ }
+ });
+ }
+ else {
+ // non-raw cache is easy
+ result = (char*)(header()) + vmOffset;
+ }
+ return result;
+}
+
+#endif // !DYLD_IN_PROCESS
+
+bool MachOParser::isFairPlayEncrypted(uint32_t& textOffset, uint32_t& size)
+{
+ textOffset = 0;
+ size = 0;
+ Diagnostics diag;
+ forEachLoadCommand(diag, ^(const load_command* cmd, bool& stop) {
+ if ( (cmd->cmd == LC_ENCRYPTION_INFO) || (cmd->cmd == LC_ENCRYPTION_INFO_64) ) {
+ const encryption_info_command* encCmd = (encryption_info_command*)cmd;
+ if ( encCmd->cryptid == 1 ) {
+ // Note: cryptid is 0 in just-built apps. The iTunes App Store sets cryptid to 1
+ textOffset = encCmd->cryptoff;
+ size = encCmd->cryptsize;
+ }
+ stop = true;
+ }
+ });
+ diag.assertNoError(); // any malformations in the file should have been caught by earlier validate() call
+ return (textOffset != 0);
+}
+
+bool MachOParser::cdHashOfCodeSignature(const void* codeSigStart, size_t codeSignLen, uint8_t cdHash[20])
+{
+ const CS_CodeDirectory* cd = (const CS_CodeDirectory*)findCodeDirectoryBlob(codeSigStart, codeSignLen);
+ if ( cd == nullptr )
+ return false;
+
+ uint32_t cdLength = htonl(cd->length);
+ if ( cd->hashType == CS_HASHTYPE_SHA256 ) {
+ uint8_t digest[CC_SHA256_DIGEST_LENGTH];
+ CC_SHA256(cd, cdLength, digest);
+ // cd-hash of sigs that use SHA256 is the first 20 bytes of the SHA256 of the code digest
+ memcpy(cdHash, digest, 20);
+ return true;
+ }
+ else if ( cd->hashType == CS_HASHTYPE_SHA1 ) {
+ // compute hash directly into return buffer
+ CC_SHA1(cd, cdLength, cdHash);
+ return true;
+ }
+
+ return false;
+}
+
+const void* MachOParser::findCodeDirectoryBlob(const void* codeSigStart, size_t codeSignLen)
+{
+ // verify min length of overall code signature
+ if ( codeSignLen < sizeof(CS_SuperBlob) )
+ return nullptr;
+
+ // verify magic at start
+ const CS_SuperBlob* codeSuperBlob = (CS_SuperBlob*)codeSigStart;
+ if ( codeSuperBlob->magic != htonl(CSMAGIC_EMBEDDED_SIGNATURE) )
+ return nullptr;
+
+ // verify count of sub-blobs not too large
+ uint32_t subBlobCount = htonl(codeSuperBlob->count);
+ if ( (codeSignLen-sizeof(CS_SuperBlob))/sizeof(CS_BlobIndex) < subBlobCount )
+ return nullptr;
+
+ // walk each sub blob, looking at ones with type CSSLOT_CODEDIRECTORY
+ for (uint32_t i=0; i < subBlobCount; ++i) {
+ if ( codeSuperBlob->index[i].type != htonl(CSSLOT_CODEDIRECTORY) )
+ continue;
+ uint32_t cdOffset = htonl(codeSuperBlob->index[i].offset);
+ // verify offset is not out of range
+ if ( cdOffset > (codeSignLen - sizeof(CS_CodeDirectory)) )
+ return nullptr;
+ const CS_CodeDirectory* cd = (CS_CodeDirectory*)((uint8_t*)codeSuperBlob + cdOffset);
+ uint32_t cdLength = htonl(cd->length);
+ // verify code directory length not out of range
+ if ( cdLength > (codeSignLen - cdOffset) )
+ return nullptr;
+ if ( cd->magic == htonl(CSMAGIC_CODEDIRECTORY) )
+ return cd;
+ }
+ return nullptr;
+}
+
+
+
+
+} // namespace dyld3
+
projects / apple / dyld.git / commitdiff
