Source code

Revision control

Copy as Markdown

Other Tools

//! A header contains minimal architecture information, the binary kind, the number of load commands, as well as an endianness hint
use core::fmt;
use plain::Plain;
use scroll::ctx;
use scroll::ctx::SizeWith;
use scroll::{Pread, Pwrite, SizeWith};
use crate::container::{self, Container};
use crate::error;
use crate::mach::constants::cputype::{CpuSubType, CpuType, CPU_SUBTYPE_MASK};
// Constants for the flags field of the mach_header
/// the object file has no undefined references
pub const MH_NOUNDEFS: u32 = 0x1;
/// the object file is the output of an incremental link against a base file and can't be
/// link edited again
pub const MH_INCRLINK: u32 = 0x2;
/// the object file is input for the dynamic linker and can't be staticly link edited again
pub const MH_DYLDLINK: u32 = 0x4;
/// the object file's undefined references are bound by the dynamic linker when loaded.
pub const MH_BINDATLOAD: u32 = 0x8;
/// the file has its dynamic undefined references prebound.
pub const MH_PREBOUND: u32 = 0x10;
/// the file has its read-only and read-write segments split
pub const MH_SPLIT_SEGS: u32 = 0x20;
/// the shared library init routine is to be run lazily via catching memory faults to its writeable
/// segments (obsolete)
pub const MH_LAZY_INIT: u32 = 0x40;
/// the image is using two-level name space bindings
pub const MH_TWOLEVEL: u32 = 0x80;
/// the executable is forcing all images to use flat name space bindings
pub const MH_FORCE_FLAT: u32 = 0x100;
/// this umbrella guarantees no multiple defintions of symbols in its sub-images so the
/// two-level namespace hints can always be used.
pub const MH_NOMULTIDEFS: u32 = 0x200;
/// do not have dyld notify the prebinding agent about this executable
pub const MH_NOFIXPREBINDING: u32 = 0x400;
/// the binary is not prebound but can have its prebinding redone. only used when MH_PREBOUND is not set.
pub const MH_PREBINDABLE: u32 = 0x800;
/// indicates that this binary binds to all two-level namespace modules of its dependent libraries.
/// Only used when MH_PREBINDABLE and MH_TWOLEVEL are both set.
pub const MH_ALLMODSBOUND: u32 = 0x1000;
/// safe to divide up the sections into sub-sections via symbols for dead code stripping
pub const MH_SUBSECTIONS_VIA_SYMBOLS: u32 = 0x2000;
/// the binary has been canonicalized via the unprebind operation
pub const MH_CANONICAL: u32 = 0x4000;
/// the final linked image contains external weak symbols
pub const MH_WEAK_DEFINES: u32 = 0x8000;
/// the final linked image uses weak symbols
pub const MH_BINDS_TO_WEAK: u32 = 0x10000;
/// When this bit is set, all stacks in the task will be given stack execution privilege.
/// Only used in MH_EXECUTE filetypes.
pub const MH_ALLOW_STACK_EXECUTION: u32 = 0x20000;
/// When this bit is set, the binary declares it is safe for use in processes with uid zero
pub const MH_ROOT_SAFE: u32 = 0x40000;
/// When this bit is set, the binary declares it is safe for use in processes when issetugid() is true
pub const MH_SETUID_SAFE: u32 = 0x80000;
/// When this bit is set on a dylib, the static linker does not need to examine dependent dylibs to
/// see if any are re-exported
pub const MH_NO_REEXPORTED_DYLIBS: u32 = 0x0010_0000;
/// When this bit is set, the OS will load the main executable at a random address.
/// Only used in MH_EXECUTE filetypes.
pub const MH_PIE: u32 = 0x0020_0000;
/// Only for use on dylibs. When linking against a dylib that has this bit set, the static linker
/// will automatically not create a LC_LOAD_DYLIB load command to the dylib if no symbols are being
/// referenced from the dylib.
pub const MH_DEAD_STRIPPABLE_DYLIB: u32 = 0x0040_0000;
/// Contains a section of type S_THREAD_LOCAL_VARIABLES
pub const MH_HAS_TLV_DESCRIPTORS: u32 = 0x0080_0000;
/// When this bit is set, the OS will run the main executable with a non-executable heap even on
/// platforms (e.g. i386) that don't require it. Only used in MH_EXECUTE filetypes.
pub const MH_NO_HEAP_EXECUTION: u32 = 0x0100_0000;
// TODO: verify this number is correct, it was previously 0x02000000 which could indicate a typo/data entry error
/// The code was linked for use in an application extension.
pub const MH_APP_EXTENSION_SAFE: u32 = 0x0200_0000;
#[inline(always)]
pub fn flag_to_str(flag: u32) -> &'static str {
match flag {
MH_NOUNDEFS => "MH_NOUNDEFS",
MH_INCRLINK => "MH_INCRLINK",
MH_DYLDLINK => "MH_DYLDLINK",
MH_BINDATLOAD => "MH_BINDATLOAD",
MH_PREBOUND => "MH_PREBOUND",
MH_SPLIT_SEGS => "MH_SPLIT_SEGS",
MH_LAZY_INIT => "MH_LAZY_INIT",
MH_TWOLEVEL => "MH_TWOLEVEL",
MH_FORCE_FLAT => "MH_FORCE_FLAT",
MH_NOMULTIDEFS => "MH_NOMULTIDEFS",
MH_NOFIXPREBINDING => "MH_NOFIXPREBINDING",
MH_PREBINDABLE => "MH_PREBINDABLE ",
MH_ALLMODSBOUND => "MH_ALLMODSBOUND",
MH_SUBSECTIONS_VIA_SYMBOLS => "MH_SUBSECTIONS_VIA_SYMBOLS",
MH_CANONICAL => "MH_CANONICAL",
MH_WEAK_DEFINES => "MH_WEAK_DEFINES",
MH_BINDS_TO_WEAK => "MH_BINDS_TO_WEAK",
MH_ALLOW_STACK_EXECUTION => "MH_ALLOW_STACK_EXECUTION",
MH_ROOT_SAFE => "MH_ROOT_SAFE",
MH_SETUID_SAFE => "MH_SETUID_SAFE",
MH_NO_REEXPORTED_DYLIBS => "MH_NO_REEXPORTED_DYLIBS",
MH_PIE => "MH_PIE",
MH_DEAD_STRIPPABLE_DYLIB => "MH_DEAD_STRIPPABLE_DYLIB",
MH_HAS_TLV_DESCRIPTORS => "MH_HAS_TLV_DESCRIPTORS",
MH_NO_HEAP_EXECUTION => "MH_NO_HEAP_EXECUTION",
MH_APP_EXTENSION_SAFE => "MH_APP_EXTENSION_SAFE",
_ => "UNKNOWN FLAG",
}
}
/// Mach Header magic constant
pub const MH_MAGIC: u32 = 0xfeed_face;
pub const MH_CIGAM: u32 = 0xcefa_edfe;
/// Mach Header magic constant for 64-bit
pub const MH_MAGIC_64: u32 = 0xfeed_facf;
pub const MH_CIGAM_64: u32 = 0xcffa_edfe;
// Constants for the filetype field of the mach_header
/// relocatable object file
pub const MH_OBJECT: u32 = 0x1;
/// demand paged executable file
pub const MH_EXECUTE: u32 = 0x2;
/// fixed VM shared library file
pub const MH_FVMLIB: u32 = 0x3;
/// core file
pub const MH_CORE: u32 = 0x4;
/// preloaded executable file
pub const MH_PRELOAD: u32 = 0x5;
/// dynamically bound shared library
pub const MH_DYLIB: u32 = 0x6;
/// dynamic link editor
pub const MH_DYLINKER: u32 = 0x7;
/// dynamically bound bundle file
pub const MH_BUNDLE: u32 = 0x8;
/// shared library stub for static linking only, no section contents
pub const MH_DYLIB_STUB: u32 = 0x9;
/// companion file with only debug sections
pub const MH_DSYM: u32 = 0xa;
/// x86_64 kexts
pub const MH_KEXT_BUNDLE: u32 = 0xb;
/// set of mach-o's
pub const MH_FILESET: u32 = 0xc;
pub fn filetype_to_str(filetype: u32) -> &'static str {
match filetype {
MH_OBJECT => "OBJECT",
MH_EXECUTE => "EXECUTE",
MH_FVMLIB => "FVMLIB",
MH_CORE => "CORE",
MH_PRELOAD => "PRELOAD",
MH_DYLIB => "DYLIB",
MH_DYLINKER => "DYLINKER",
MH_BUNDLE => "BUNDLE",
MH_DYLIB_STUB => "DYLIB_STUB",
MH_DSYM => "DSYM",
MH_KEXT_BUNDLE => "KEXT_BUNDLE",
MH_FILESET => "FILESET",
_ => "UNKNOWN FILETYPE",
}
}
#[repr(C)]
#[derive(Clone, Copy, Default, Debug, Pread, Pwrite, SizeWith)]
/// A 32-bit Mach-o header
pub struct Header32 {
/// mach magic number identifier
pub magic: u32,
/// cpu specifier
pub cputype: u32,
/// machine specifier
pub cpusubtype: u32,
/// type of file
pub filetype: u32,
/// number of load commands
pub ncmds: u32,
/// the size of all the load commands
pub sizeofcmds: u32,
/// flags
pub flags: u32,
}
pub const SIZEOF_HEADER_32: usize = 0x1c;
unsafe impl Plain for Header32 {}
impl Header32 {
/// Transmutes the given byte array into the corresponding 32-bit Mach-o header
pub fn from_bytes(bytes: &[u8; SIZEOF_HEADER_32]) -> &Self {
plain::from_bytes(bytes).unwrap()
}
pub fn size(&self) -> usize {
SIZEOF_HEADER_32
}
}
#[repr(C)]
#[derive(Clone, Copy, Default, Debug, Pread, Pwrite, SizeWith)]
/// A 64-bit Mach-o header
pub struct Header64 {
/// mach magic number identifier
pub magic: u32,
/// cpu specifier
pub cputype: u32,
/// machine specifier
pub cpusubtype: u32,
/// type of file
pub filetype: u32,
/// number of load commands
pub ncmds: u32,
/// the size of all the load commands
pub sizeofcmds: u32,
/// flags
pub flags: u32,
pub reserved: u32,
}
unsafe impl Plain for Header64 {}
pub const SIZEOF_HEADER_64: usize = 32;
impl Header64 {
/// Transmutes the given byte array into the corresponding 64-bit Mach-o header
pub fn from_bytes(bytes: &[u8; SIZEOF_HEADER_64]) -> &Self {
plain::from_bytes(bytes).unwrap()
}
pub fn size(&self) -> usize {
SIZEOF_HEADER_64
}
}
#[repr(C)]
#[derive(Clone, Copy, Default)]
/// Generic sized header
pub struct Header {
pub magic: u32,
pub cputype: u32,
pub cpusubtype: u32,
/// type of file
pub filetype: u32,
/// number of load commands
pub ncmds: usize,
/// the size of all the load commands
pub sizeofcmds: u32,
/// flags
pub flags: u32,
pub reserved: u32,
}
impl fmt::Debug for Header {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
f.debug_struct("Header")
.field("magic", &format_args!("0x{:x}", self.magic))
.field("cputype", &self.cputype())
.field("cpusubtype", &format_args!("0x{:x}", self.cpusubtype()))
.field("filetype", &filetype_to_str(self.filetype))
.field("ncmds", &self.ncmds)
.field("sizeofcmds", &self.sizeofcmds)
.field("flags", &format_args!("0x{:x}", self.flags))
.field("reserved", &format_args!("0x{:x}", self.reserved))
.finish()
}
}
impl From<Header32> for Header {
fn from(header: Header32) -> Self {
Header {
magic: header.magic,
cputype: header.cputype,
cpusubtype: header.cpusubtype,
filetype: header.filetype,
ncmds: header.ncmds as usize,
sizeofcmds: header.sizeofcmds,
flags: header.flags,
reserved: 0,
}
}
}
impl From<Header> for Header32 {
fn from(header: Header) -> Self {
Header32 {
magic: header.magic,
cputype: header.cputype,
cpusubtype: header.cpusubtype,
filetype: header.filetype,
ncmds: header.ncmds as u32,
sizeofcmds: header.sizeofcmds,
flags: header.flags,
}
}
}
impl From<Header64> for Header {
fn from(header: Header64) -> Self {
Header {
magic: header.magic,
cputype: header.cputype,
cpusubtype: header.cpusubtype,
filetype: header.filetype,
ncmds: header.ncmds as usize,
sizeofcmds: header.sizeofcmds,
flags: header.flags,
reserved: header.reserved,
}
}
}
impl From<Header> for Header64 {
fn from(header: Header) -> Self {
Header64 {
magic: header.magic,
cputype: header.cputype,
cpusubtype: header.cpusubtype,
filetype: header.filetype,
ncmds: header.ncmds as u32,
sizeofcmds: header.sizeofcmds,
flags: header.flags,
reserved: header.reserved,
}
}
}
impl Header {
pub fn new(ctx: container::Ctx) -> Self {
let mut header = Header::default();
header.magic = if ctx.is_big() { MH_MAGIC_64 } else { MH_MAGIC };
header
}
/// Returns the cpu type
pub fn cputype(&self) -> CpuType {
self.cputype
}
/// Returns the cpu subtype with the capabilities removed
pub fn cpusubtype(&self) -> CpuSubType {
self.cpusubtype & !CPU_SUBTYPE_MASK
}
/// Returns the capabilities of the CPU
pub fn cpu_caps(&self) -> u32 {
(self.cpusubtype & CPU_SUBTYPE_MASK) >> 24
}
}
impl ctx::SizeWith<container::Ctx> for Header {
fn size_with(container: &container::Ctx) -> usize {
match container.container {
Container::Little => SIZEOF_HEADER_32,
Container::Big => SIZEOF_HEADER_64,
}
}
}
impl ctx::SizeWith<Container> for Header {
fn size_with(container: &Container) -> usize {
match container {
Container::Little => SIZEOF_HEADER_32,
Container::Big => SIZEOF_HEADER_64,
}
}
}
impl<'a> ctx::TryFromCtx<'a, container::Ctx> for Header {
type Error = crate::error::Error;
fn try_from_ctx(
bytes: &'a [u8],
container::Ctx { le, container }: container::Ctx,
) -> error::Result<(Self, usize)> {
let size = bytes.len();
if size < SIZEOF_HEADER_32 || size < SIZEOF_HEADER_64 {
let error =
error::Error::Malformed("bytes size is smaller than a Mach-o header".into());
Err(error)
} else {
match container {
Container::Little => {
let header = bytes.pread_with::<Header32>(0, le)?;
Ok((Header::from(header), SIZEOF_HEADER_32))
}
Container::Big => {
let header = bytes.pread_with::<Header64>(0, le)?;
Ok((Header::from(header), SIZEOF_HEADER_64))
}
}
}
}
}
impl ctx::TryIntoCtx<container::Ctx> for Header {
type Error = crate::error::Error;
fn try_into_ctx(self, bytes: &mut [u8], ctx: container::Ctx) -> error::Result<usize> {
match ctx.container {
Container::Little => {
bytes.pwrite_with(Header32::from(self), 0, ctx.le)?;
}
Container::Big => {
bytes.pwrite_with(Header64::from(self), 0, ctx.le)?;
}
};
Ok(Header::size_with(&ctx))
}
}
impl ctx::IntoCtx<container::Ctx> for Header {
fn into_ctx(self, bytes: &mut [u8], ctx: container::Ctx) {
bytes.pwrite_with(self, 0, ctx).unwrap();
}
}
#[cfg(test)]
mod tests {
use super::*;
use std::mem::size_of;
#[test]
fn test_parse_armv7_header() {
use crate::mach::constants::cputype::CPU_TYPE_ARM;
const CPU_SUBTYPE_ARM_V7: u32 = 9;
use super::Header;
use crate::container::{Container, Ctx, Endian};
use scroll::Pread;
let bytes = b"\xce\xfa\xed\xfe\x0c\x00\x00\x00\t\x00\x00\x00\n\x00\x00\x00\x06\x00\x00\x00\x8c\r\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x18\x00\x00\x00\xe0\xf7B\xbb\x1c\xf50w\xa6\xf7u\xa3\xba(";
let header: Header = bytes
.pread_with(0, Ctx::new(Container::Little, Endian::Little))
.unwrap();
assert_eq!(header.cputype, CPU_TYPE_ARM);
assert_eq!(header.cpusubtype, CPU_SUBTYPE_ARM_V7);
}
#[test]
fn sizeof_header32() {
assert_eq!(SIZEOF_HEADER_32, size_of::<Header32>());
}
#[test]
fn sizeof_header64() {
assert_eq!(SIZEOF_HEADER_64, size_of::<Header64>());
}
}