private static readonly byte[] FeatureBytes2 = { 0x3, 0x0, 0x80, 0x52 }; //MOV W3, #0
public Macho64(Stream stream, float version, long maxMetadataUsages) : base(stream, version, maxMetadataUsages)
{
Position += 16; //skip magic, cputype, cpusubtype, filetype
var ncmds = ReadUInt32();
Position += 12; //skip sizeofcmds, flags, reserved
for (var i = 0; i < ncmds; i++)
{
var pos = Position;
var cmd = ReadUInt32();
var cmdsize = ReadUInt32();
if (cmd == 0x19) //LC_SEGMENT_64
{
Position += 56; //skip segname, vmaddr, vmsize, fileoff, filesize, maxprot, initprot
var nsects = ReadUInt32();
Position += 4; //skip flags
for (var j = 0; j < nsects; j++)
{
var section = new MachoSection64Bit();
sections.Add(section);
section.sectname = Encoding.UTF8.GetString(ReadBytes(16)).TrimEnd('\0');
Position += 16; //skip segname
section.addr = ReadUInt64();
section.size = ReadUInt64();
section.offset = ReadUInt32();
Position += 12; //skip align, reloff, nreloc
section.flags = ReadUInt32();
section.end = section.addr + section.size;
Position += 12; //skip reserved1, reserved2, reserved3
}
}
Position = pos + cmdsize;//skip
}
}
public Macho64(Stream stream) : base(stream)
{
Position += 16; //skip magic, cputype, cpusubtype, filetype
var ncmds = ReadUInt32();
Position += 12; //skip sizeofcmds, flags, reserved
for (var i = 0; i < ncmds; i++)
{
var pos = Position;
var cmd = ReadUInt32();
var cmdsize = ReadUInt32();
switch (cmd)
{
case 0x19: //LC_SEGMENT_64
var segname = Encoding.UTF8.GetString(ReadBytes(16)).TrimEnd('\0');
if (segname == "__TEXT") //__PAGEZERO
{
vmaddr = ReadUInt64();
}
else
{
Position += 8;
}
Position += 32; //skip vmsize, fileoff, filesize, maxprot, initprot
var nsects = ReadUInt32();
Position += 4; //skip flags
for (var j = 0; j < nsects; j++)
{
var section = new MachoSection64Bit();
sections.Add(section);
section.sectname = Encoding.UTF8.GetString(ReadBytes(16)).TrimEnd('\0');
Position += 16; //skip segname
section.addr = ReadUInt64();
section.size = ReadUInt64();
section.offset = ReadUInt32();
Position += 12; //skip align, reloff, nreloc
section.flags = ReadUInt32();
section.end = section.addr + section.size;
Position += 12; //skip reserved1, reserved2, reserved3
}
break;
case 0x2C: //LC_ENCRYPTION_INFO_64
Position += 8;
var cryptID = ReadUInt32();
if (cryptID != 0)
{
Console.WriteLine("ERROR: This Mach-O executable is encrypted and cannot be processed.");
}
break;
}
Position = pos + cmdsize;//skip
}
}
private ulong FindReference(ulong pointer, MachoSection64Bit search)
{
var searchend = search.offset + search.size;
Position = search.offset;
while ((ulong)Position < searchend)
{
if (ReadUInt64() == pointer)
{
return((ulong)Position - search.offset + search.addr); //VirtualAddress
}
}
return(0);
}
private ulong FindPointersDesc(long readCount, MachoSection64Bit search, MachoSection64Bit range)
{
var add = 0L;
var searchend = search.offset + search.size;
var rangeend = range.addr + range.size;
while (searchend + (ulong)add > search.offset)
{
var temp = ReadClassArray <ulong>((long)searchend + add - 8 * readCount, readCount);
var r = Array.FindIndex(temp, x => x <range.addr || x> rangeend);
if (r != -1)
{
add -= (readCount - r) * 8;
}
else
{
return(search.addr + search.size + (ulong)add - 8ul * (ulong)readCount); //VirtualAddress
}
}
return(0);
}
private ulong FindPointersAsc(long readCount, MachoSection64Bit search, MachoSection64Bit range)
{
var add = 0ul;
var searchend = search.offset + search.size;
var rangeend = range.addr + range.size;
while (search.offset + add < searchend)
{
var temp = ReadClassArray <ulong>(search.offset + add, readCount);
var r = Array.FindLastIndex(temp, x => x <range.addr || x> rangeend);
if (r != -1)
{
add += (ulong)(++r * 8);
}
else
{
return(search.addr + add); //VirtualAddress
}
}
return(0);
}
