Package ghidra.app.util.opinion

Class MachoPrelinkUtils

java.lang.Object

ghidra.app.util.opinion.MachoPrelinkUtils

public class MachoPrelinkUtils
extends java.lang.Object

Utilities methods for working with Mach-O PRELINK binaries.

Constructor Summary

Constructors

Constructor	Description
MachoPrelinkUtils()

Method Summary

Modifier and Type	Method	Description
static java.util.List<java.lang.Long>	findPrelinkMachoHeaderOffsets(ByteProvider provider, TaskMonitor monitor)	Scans the provider looking for PRELINK Mach-O headers.
static long	getPrelinkStartAddr(MachHeader header)	Gets the start address of the PRELINK Mach-O's in memory.
static boolean	hasChainedLoadCommand(ByteProvider provider, TaskMonitor monitor)	Check if the Macho has a DYLD_CHAINED_FIXUPS_COMMAND
static org.apache.commons.collections4.BidiMap<PrelinkMap,java.lang.Long>	matchPrelinkToMachoHeaderOffsets(ByteProvider provider, java.util.List<PrelinkMap> prelinkList, java.util.List<java.lang.Long> machoHeaderOffsets, TaskMonitor monitor)	Forms a bidirectional mapping of PRELINK XML to Mach-O header offset in the given provider.
static java.util.List<PrelinkMap>	parsePrelinkXml(ByteProvider provider, TaskMonitor monitor)	Parses the provider looking for PRELINK XML.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

MachoPrelinkUtils

public MachoPrelinkUtils()

Method Detail

parsePrelinkXml

public static java.util.List<PrelinkMap> parsePrelinkXml(ByteProvider provider,
                                                         TaskMonitor monitor)
                                                  throws java.io.IOException,
                                                         org.jdom.JDOMException

Parses the provider looking for PRELINK XML.

Parameters:

provider - The provider to parse.

monitor - A monitor.

Returns:

A list of discovered PrelinkMaps. An empty list indicates that the provider did not represent valid Mach-O PRELINK binary.

Throws:

java.io.IOException - if there was an IO-related issue.

org.jdom.JDOMException - if there was a issue parsing the PRELINK XML.

hasChainedLoadCommand

public static boolean hasChainedLoadCommand(ByteProvider provider,
                                            TaskMonitor monitor)
                                     throws java.io.IOException,
                                            org.jdom.JDOMException

Check if the Macho has a DYLD_CHAINED_FIXUPS_COMMAND

Parameters:

provider - The provider to parse.

monitor - A monitor.

Returns:

A list of discovered PrelinkMaps. An empty list indicates that the provider did not represent valid Mach-O PRELINK binary.

Throws:

java.io.IOException - if there was an IO-related issue.

org.jdom.JDOMException - if there was a issue parsing the PRELINK XML.

findPrelinkMachoHeaderOffsets

public static java.util.List<java.lang.Long> findPrelinkMachoHeaderOffsets(ByteProvider provider,
                                                                           TaskMonitor monitor)
                                                                    throws java.io.IOException

Scans the provider looking for PRELINK Mach-O headers.

NOTE: The "System" Mach-O at offset 0 is not considered a PRELINK Mach-O.

NOTE: We used to scan on 0x1000, and then 0x10 byte boundaries. Now iOS 12 seems to put them on 0x8-byte boundaries.

Parameters:

provider - The provider to scan.

monitor - A monitor.

Returns:

A list of provider offsets where PRELINK Mach-O headers start (not including the "System" Mach-O at offset 0).

Throws:

java.io.IOException - If there was an IO-related issue searching for PRELINK Mach-O headers.

matchPrelinkToMachoHeaderOffsets

public static org.apache.commons.collections4.BidiMap<PrelinkMap,java.lang.Long> matchPrelinkToMachoHeaderOffsets(ByteProvider provider,
                                                                                                                        java.util.List<PrelinkMap> prelinkList,
                                                                                                                        java.util.List<java.lang.Long> machoHeaderOffsets,
                                                                                                                        TaskMonitor monitor)
                                                                                                                 throws MachException,
                                                                                                                        java.io.IOException

Forms a bidirectional mapping of PRELINK XML to Mach-O header offset in the given provider.

Parameters:

provider - The PRELINK Mach-O provider.

prelinkList - A list of PrelinkMaps.

machoHeaderOffsets - A list of provider offsets where PRELINK Mach-O headers start (not including the "System" Mach-O at offset 0).

monitor - A monitor

Returns:

A bidirectional mapping of PRELINK XML to Mach-O header offset in the given provider.

Throws:

MachException - If there was a problem parsing a Mach-O header.

java.io.IOException - If there was an IO-related issue mapping PRELINK XML to Mach-O headers.

getPrelinkStartAddr

public static long getPrelinkStartAddr(MachHeader header)

Gets the start address of the PRELINK Mach-O's in memory.

NOTE: This method only works for pre iOS 12 binaries. If called on an iOS 12 binary, it will fail and return 0 because the __PRELINK_TEXT segment has a size of 0. In this case, some other means of computing the start address of the PRELINK Mach-O's must be used.

Parameters:

header - The Mach-O header.

Returns:

The start address of the PRELINK Mach-O's in memory, or 0 if it could not be found.