public static AbstractBlob CreateFromStream(ReadingContext SR) { // Read the magic and length (common to all blobs) UInt32 Magic = SR.ReadUInt32(); UInt32 Length = SR.ReadUInt32(); AbstractBlob Result; switch (Magic) { case CSMAGIC_CODEDIRECTORY: Result = new CodeDirectoryBlob(); break; case CSMAGIC_CODEDIR_SIGNATURE: Result = new CodeDirectorySignatureBlob(); break; case CSMAGIC_ENTITLEMENTS: Result = new EntitlementsBlob(); break; case CSMAGIC_REQUIREMENTS_TABLE: Result = new RequirementsBlob(); break; case CSMAGIC_EMBEDDED_SIGNATURE: Result = new CodeSigningTableBlob(); break; case CSMAGIC_REQUIREMENT: default: Result = new OpaqueBlob(); break; } Result.MyMagic = Magic; Result.UnpackageData(SR, Length); if (Config.bCodeSignVerbose) { Console.WriteLine("[Read blob with magic 0x{0:X} and length={1}]\n{2}", Magic, Length, Result.ToString()); } return Result; }
static public ExpressionOp ReadOperand(ReadingContext SR) { UInt32 OpVal = SR.ReadUInt32(); ExpressionOp Op = null; switch (OpVal) { case kOpAnd: Op = new AndOp(); break; case kOpIdent: Op = new IdentOp(); break; case kOpGenericAnchor: Op = new ExpressionOp(OpVal); break; case kOpCertField: Op = new CertFieldOp(); break; case kOpCertGeneric: Op = new CertGenericOp(); break; case kOpAnchorHash: Op = new AnchorHashOp(); break; default: throw new Exception("Unknown Expression Operand: " + OpVal.ToString()); } Op.ReadData(SR); return Op; }
protected override void UnpackageData(ReadingContext SR, int CommandSize) { // Read the segment SegmentName = SR.ReadFixedASCII(16); VirtualAddress = SR.ReadUInt(AddressSize); VirtualSize = SR.ReadUInt(AddressSize); FileOffset = SR.ReadUInt(AddressSize); FileSize = SR.ReadUInt(AddressSize); MaxProt = SR.ReadUInt32(); InitProt = SR.ReadUInt32(); UInt32 SectionCount = SR.ReadUInt32(); Flags = SR.ReadUInt32(); // Read the segment data //SR.PushPositionAndJump(FileOffset); //FileData = SR.ReadBytes(FileSize); //SR.PopPosition(); // Read the sections belonging to the segment for (int SectionIndex = 0; SectionIndex < SectionCount; ++SectionIndex) { MachSection Section = new MachSection(AddressSize); Section.Read(SR); Sections.Add(Section); } }
protected override void UnpackageData(ReadingContext SR, int CommandSize) { int DataSize = (int)CommandSize - (2 * sizeof(UInt32)); Debug.Assert(DataSize >= 0); MyCommandData = SR.ReadBytes(DataSize); }
protected abstract void UnpackageData(ReadingContext SR, int CommandSize);
public void LoadFromBytes(byte[] Data) { MemoryStream Stream = new MemoryStream(Data, false); BinaryReader SR = new BinaryReader(Stream); ReadingContext Context = new ReadingContext(SR); Read(Context); SR.Close(); }
public const UInt32 FAT_CIGAM = 0xBEBAFECA; // For little Endian. protected void Read(ReadingContext SR) { // Read the header to see if it is a FAT Binary or not. SR.bStreamLittleEndian = false; Magic = SR.ReadUInt32(); bIsFatBinary = (Magic == FAT_MAGIC); if (bIsFatBinary) { Archs = new List<FatBinaryArch>(); NumArchs = SR.ReadUInt32(); for (int ArchIdx = 0; ArchIdx < NumArchs; ArchIdx++) { SR.bStreamLittleEndian = false; FatBinaryArch Arch = new FatBinaryArch(); Arch.CpuType = SR.ReadUInt32(); Arch.CpuSubType = SR.ReadUInt32(); Arch.Offset = SR.ReadUInt32(); Arch.Size = SR.ReadUInt32(); Arch.Align = SR.ReadUInt32(); Archs.Add(Arch); MachObjectFile Exe = new MachObjectFile(); SR.bStreamLittleEndian = true; SR.OpenFatArchiveAt(Arch.Offset); Exe.Read(SR); SR.CloseFatArchive(); MachObjectFiles.Add(Exe); } SR.bStreamLittleEndian = true; } else { SR.bStreamLittleEndian = true; MachObjectFile Exe = new MachObjectFile(); SR.Position = 0; Exe.Read(SR); MachObjectFiles.Add(Exe); } }
protected override void UnpackageData(ReadingContext SR, UInt32 Length) { long StartOfBlob = SR.Position - sizeof(UInt32) * 2; Version = SR.ReadUInt32(); Flags = SR.ReadUInt32(); UInt32 HashOffset = SR.ReadUInt32(); UInt32 IdentifierStringOffset = SR.ReadUInt32(); SpecialSlotCount = SR.ReadUInt32(); CodeSlotCount = SR.ReadUInt32(); MainImageSignatureLimit = SR.ReadUInt32(); BytesPerHash = SR.ReadByte(); HashType = SR.ReadByte(); Spare1 = SR.ReadByte(); LogPageSize = SR.ReadByte(); Spare2 = SR.ReadUInt32(); ScatterCount = SR.ReadUInt32(); // Read the identifier string SR.PushPositionAndJump(StartOfBlob + IdentifierStringOffset); Identifier = SR.ReadASCIIZ(); SR.PopPosition(); // Read the hashes long TotalNumHashes = SpecialSlotCount + CodeSlotCount; Hashes = new byte[TotalNumHashes * BytesPerHash]; SR.PushPositionAndJump(StartOfBlob + HashOffset - BytesPerHash * SpecialSlotCount); for (long i = 0; i < TotalNumHashes; ++i) { byte[] Hash = SR.ReadBytes(BytesPerHash); Array.Copy(Hash, 0, Hashes, i * BytesPerHash, BytesPerHash); } SR.PopPosition(); if (Config.bCodeSignVerbose) { PrintHash("Info:", cdSlotMax - cdInfoSlot); PrintHash("Requirements:", cdSlotMax - cdRequirementsSlot); PrintHash("ResourceDir:", cdSlotMax - cdResourceDirSlot); PrintHash("Application:", cdSlotMax - cdApplicationSlot); PrintHash("Entitlements:", cdSlotMax - cdEntitlementSlot); } }
protected override void UnpackageData(ReadingContext SR, UInt32 Length) { if (Length > 0) { UInt32 ExpressionVal = SR.ReadUInt32(); if (ExpressionVal == kReqExpression) { Expression = ExpressionOp.ReadOperand(SR); } } }
public override void ReadData(ReadingContext SR) { CertificateIndex = (int)SR.ReadUInt32(); UInt32 Count = SR.ReadUInt32(); Hash = SR.ReadBytes((int)Count); Count = 4 - Count % 4; if (Count > 0 && Count < 4) SR.ReadBytes(Count); }
public override void ReadData(ReadingContext SR) { OIDIndex = (int)SR.ReadUInt32(); // index of the OID value (always 1) UInt32 Count = SR.ReadUInt32(); OID = SR.ReadBytes((int)Count); Count = 4 - Count % 4; if (Count > 0 && Count < 4) SR.ReadBytes(Count); MatchOp.MatchOp = SR.ReadUInt32(); // OID must exist }
public override void ReadData(ReadingContext SR) { CertificateIndex = (int)SR.ReadUInt32(); // index in the mobile provision certificate list (always 0 for now) UInt32 Count = SR.ReadUInt32(); FieldName = SR.ReadFixedASCII((int)Count); Count = 4 - Count % 4; if (Count > 0 && Count < 4) SR.ReadBytes(Count); MatchOp = new MatchSuffix(); MatchOp.MatchOp = SR.ReadUInt32(); // must equal Count = SR.ReadUInt32(); MatchOp.CertificateName = SR.ReadFixedASCII((int)Count); Count = 4 - Count % 4; if (Count > 0 && Count < 4) SR.ReadBytes(Count); }
public override void ReadData(ReadingContext SR) { UInt32 Count = SR.ReadUInt32(); BundleIdentifier = SR.ReadFixedASCII((int)Count); Count = 4 - Count % 4; if (Count > 0 && Count < 4) SR.ReadBytes(Count); }
public override void ReadData(ReadingContext SR) { Op1 = ExpressionOp.ReadOperand(SR); Op2 = ExpressionOp.ReadOperand(SR); }
/// <summary> /// Reads in a data blob, preserving the stream read pointer (Offset is relative to the start of the underlying stream) /// </summary> AbstractBlob ReadBlob(ReadingContext SR, long Offset) { SR.PushPositionAndJump(Offset); AbstractBlob Result = AbstractBlob.CreateFromStream(SR); SR.PopPosition(); return Result; }
public void Read(ReadingContext SR) { long BaseOffset = SR.Position - (2 * sizeof(UInt32)); UInt32 SlotCount = SR.ReadUInt32(); for (UInt32 i = 0; i < SlotCount; ++i) { // Read a slot UInt32 Key = SR.ReadUInt32(); UInt32 Offset = SR.ReadUInt32(); // Read it's associated blob AbstractBlob Blob = ReadBlob(SR, BaseOffset + Offset); // Add it to the slot table Slots.Add(new KeyValuePair<UInt32, AbstractBlob>(Key, Blob)); } }
protected override void UnpackageData(ReadingContext SR, int CommandSize) { EncryptedFileOffset = SR.ReadUInt32(); EncryptedFileSize = SR.ReadUInt32(); EncryptionMode = SR.ReadUInt32(); }
protected override void UnpackageData(ReadingContext SR, int CommandSize) { base.UnpackageData(SR, CommandSize); SR.PushPositionAndJump(BlobFileOffset); SR.bStreamLittleEndian = false; long SavedPosition = SR.Position; // Parse the blob Payload = AbstractBlob.CreateFromStream(SR) as CodeSigningTableBlob; if (Config.bCodeSignVerbose) { Console.WriteLine(Payload.ToString()); } //SR.VerifyStreamPosition(SavedPosition, BlobFileSize); SR.PopPosition(); SR.bStreamLittleEndian = true; }
protected override void UnpackageData(ReadingContext SR, int CommandSize) { for (int i = 0; i < Payload.Length; ++i) { Payload[i] = SR.ReadUInt32(); } }
public void LoadFromFile(string Filename) { BinaryReader SR = new BinaryReader(File.OpenRead(Filename)); ReadingContext Context = new ReadingContext(SR); Read(Context); SR.Close(); }
public void Read(ReadingContext SR) { long ExpectedStreamPosition = 0; int NumInt = 7; // Read the header Magic = SR.ReadUInt32(); CpuType = SR.ReadUInt32(); CpuSubType = SR.ReadUInt32(); FileType = SR.ReadUInt32(); UInt32 NumCommands = SR.ReadUInt32(); UInt32 SizeOfCommands = SR.ReadUInt32(); Flags = SR.ReadUInt32(); if (Magic == MH_MAGIC_64) { Reserved64 = SR.ReadUInt32(); NumInt++; } SR.VerifyStreamPosition(ref ExpectedStreamPosition, NumInt * sizeof(UInt32)); // Read the commands Commands.Clear(); for (int LoadCommandIndex = 0; LoadCommandIndex < NumCommands; ++LoadCommandIndex) { MachLoadCommand Command = MachLoadCommand.CreateFromStream(SR); Commands.Add(Command); if (Config.bCodeSignVerbose) { Console.WriteLine(" Read command: {0}", Command.ToString()); } } SR.VerifyStreamPosition(ref ExpectedStreamPosition, SizeOfCommands); }
public void Read(ReadingContext SR) { SectionName = SR.ReadFixedASCII(16); SegmentName = SR.ReadFixedASCII(16); Addr = SR.ReadUInt(AddressSize); Size = SR.ReadUInt(AddressSize); UInt32 FileOffset = SR.ReadUInt32(); LogAlignment = SR.ReadUInt32(); RelocationOffset = SR.ReadUInt32(); NumRelocations = SR.ReadUInt32(); Flags = (int)SR.ReadUInt32(); Reserved1 = SR.ReadUInt32(); Reserved2 = SR.ReadUInt32(); if (AddressSize == Bits.Num._64) Reserved3 = SR.ReadUInt32(); if ((SectionType == S_ZEROFILL) || (SectionType == S_GB_ZEROFILL)) { Debug.Assert(FileOffset == 0); SectionData = null; } else { SR.PushPositionAndJump((long)FileOffset); SectionData = SR.ReadBytes((int)Size); SR.PopPosition(); } if (Config.bCodeSignVerbose) { Console.WriteLine(" v Read Section '{0}' in segment '{1}' with size {2} and offset 0x{3:X} and align {4} and flags {5:X}", SectionName, SegmentName, Size, FileOffset, 1 << (byte)LogAlignment, Flags); } }
protected abstract void UnpackageData(ReadingContext SR, UInt32 Length);
public static MachLoadCommand CreateFromStream(ReadingContext SR) { long StartingStreamPosition = SR.Position; // Read the code and size (common to all commands) UInt32 CommandCode = SR.ReadUInt32(); UInt32 CommandSize = SR.ReadUInt32(); UInt32 EffectiveCommand = CommandCode & ~(1 << 31); MachLoadCommand Result; switch (EffectiveCommand) { case LC_SEGMENT: Result = new MachLoadCommandSegment(Bits.Num._32); break; case LC_SEGMENT_64: Result = new MachLoadCommandSegment(Bits.Num._64); break; case LC_SYMTAB: Result = new MachLoadCommandSymbolTable(); break; case LC_THREAD: case LC_UNIXTHREAD: Result = new MachLoadCommandMainThreadInfo(); break; case LC_DYSYMTAB: Result = new MachLoadCommandDynamicSymbolTable(); break; case LC_LOAD_DYLIB: case LC_LOAD_WEAK_DYLIB: case LC_ID_DYLIB: Result = new MachLoadCommandDylib(); break; case LC_LOAD_DYLINKER: case LC_ID_DYLINKER: Result = new MachLoadCommandDynamicLinkerName(); break; case LC_UUID: Result = new MachLoadCommandUUID(); break; case LC_CODE_SIGNATURE: Result = new MachLoadCommandCodeSignature(); break; case LC_ENCRYPTION_INFO: Result = new MachLoadCommandEncryptedSegmentInfo(); break; case LC_DYLD_INFO: Result = new MachLoadCommandDynamicLoaderInfo(); break; default: Result = new MachLoadCommandOpaque(); break; } // MSB of CommandCode is LC_REQ_DYLD or 0, indicating if the command can (theoretically) be ignored // or is critical to loading Result.StartingLoadOffset = StartingStreamPosition; Result.Command = EffectiveCommand; Result.RequiredForDynamicLoad = (CommandCode >> 31) != 0; Result.UnpackageData(SR, (int)CommandSize); SR.VerifyStreamPosition(StartingStreamPosition, CommandSize); return Result; }
protected override void UnpackageData(ReadingContext SR, UInt32 Length) { MyData = SR.ReadBytes(Length - (2 * sizeof(UInt32))); }
protected override void UnpackageData(ReadingContext SR, int CommandSize) { BlobFileOffset = SR.ReadUInt32(); BlobFileSize = SR.ReadUInt32(); }
protected override void UnpackageData(ReadingContext SR, uint Length) { Table.Read(SR); }
protected override void UnpackageData(ReadingContext SR, int CommandSize) { SymbolTableOffset = SR.ReadUInt32(); SymbolCount = SR.ReadUInt32(); StringTableOffset = SR.ReadUInt32(); StringTableSize = SR.ReadUInt32(); }
public virtual void ReadData(ReadingContext SR) { }