2021-01-14 18:56:45 +00:00
|
|
|
# SPDX-License-Identifier: MIT
|
|
|
|
from construct import *
|
|
|
|
|
|
|
|
BootArgs = Struct(
|
2021-02-06 07:34:35 +00:00
|
|
|
"revision" / Hex(Int16ul),
|
2021-01-14 18:56:45 +00:00
|
|
|
"version" / Hex(Int16ul),
|
|
|
|
Padding(4),
|
|
|
|
"virt_base" / Hex(Int64ul),
|
|
|
|
"phys_base" / Hex(Int64ul),
|
|
|
|
"mem_size" / Hex(Int64ul),
|
|
|
|
"top_of_kernel_data" / Hex(Int64ul),
|
|
|
|
"video" / Struct(
|
|
|
|
"base" / Hex(Int64ul),
|
|
|
|
"display" / Hex(Int64ul),
|
|
|
|
"stride" / Hex(Int64ul),
|
|
|
|
"width" / Hex(Int64ul),
|
|
|
|
"height" / Hex(Int64ul),
|
|
|
|
"depth" / Hex(Int64ul),
|
|
|
|
),
|
|
|
|
"machine_type" / Hex(Int32ul),
|
|
|
|
Padding(4),
|
|
|
|
"devtree" / Hex(Int64ul),
|
|
|
|
"devtree_size" / Hex(Int32ul),
|
|
|
|
"cmdline" / PaddedString(608, "ascii"),
|
|
|
|
Padding(4),
|
|
|
|
"boot_flags" / Hex(Int64ul),
|
2021-02-06 07:34:35 +00:00
|
|
|
"mem_size_actual" / Hex(Int64ul),
|
|
|
|
)
|
|
|
|
|
2021-05-01 06:15:43 +00:00
|
|
|
MachOLoadCmdType = "LoadCmdType" / Enum(Int32ul,
|
2021-02-06 07:34:35 +00:00
|
|
|
UNIXTHREAD = 0x05,
|
|
|
|
SEGMENT_64 = 0x19,
|
|
|
|
UUID = 0x1b,
|
|
|
|
BUILD_VERSION = 0x32,
|
|
|
|
DYLD_CHAINED_FIXUPS = 0x80000034,
|
|
|
|
FILESET_ENTRY = 0x80000035,
|
|
|
|
)
|
|
|
|
|
2021-05-01 06:15:43 +00:00
|
|
|
MachOArmThreadStateFlavor = "ThreadStateFlavor" / Enum(Int32ul,
|
2021-02-06 07:34:35 +00:00
|
|
|
THREAD64 = 6,
|
|
|
|
)
|
|
|
|
|
2021-05-01 06:15:43 +00:00
|
|
|
MachOHeader = Struct(
|
2021-02-06 07:34:35 +00:00
|
|
|
"magic" / Hex(Int32ul),
|
|
|
|
"cputype" / Hex(Int32ul),
|
|
|
|
"cpusubtype" / Hex(Int32ul),
|
|
|
|
"filetype" / Hex(Int32ul),
|
|
|
|
"ncmds" / Hex(Int32ul),
|
|
|
|
"sizeofcmds" / Hex(Int32ul),
|
|
|
|
"flags" / Hex(Int32ul),
|
|
|
|
"reserved" / Hex(Int32ul),
|
|
|
|
)
|
|
|
|
|
2021-05-01 06:15:43 +00:00
|
|
|
MachOVmProt = FlagsEnum(Int32sl,
|
2021-02-06 07:34:35 +00:00
|
|
|
PROT_READ = 0x01,
|
|
|
|
PROT_WRITE = 0x02,
|
|
|
|
PROT_EXECUTE = 0x04,
|
|
|
|
)
|
|
|
|
|
2021-05-01 06:15:43 +00:00
|
|
|
MachOCmdUnixThread = GreedyRange(Struct(
|
|
|
|
"flavor" / MachOArmThreadStateFlavor,
|
2021-02-06 07:34:35 +00:00
|
|
|
"data" / Prefixed(ExprAdapter(Int32ul, obj_ * 4, obj_ / 4), Switch(this.flavor, {
|
2021-05-01 06:15:43 +00:00
|
|
|
MachOArmThreadStateFlavor.THREAD64: Struct(
|
2021-02-06 07:34:35 +00:00
|
|
|
"x" / Array(29, Hex(Int64ul)),
|
|
|
|
"fp" / Hex(Int64ul),
|
|
|
|
"lr" / Hex(Int64ul),
|
|
|
|
"sp" / Hex(Int64ul),
|
|
|
|
"pc" / Hex(Int64ul),
|
|
|
|
"cpsr" / Hex(Int32ul),
|
|
|
|
"flags" / Hex(Int32ul),
|
|
|
|
)
|
|
|
|
})),
|
|
|
|
))
|
|
|
|
|
|
|
|
|
2021-05-01 06:15:43 +00:00
|
|
|
MachOCmdSegment64 = Struct(
|
2021-02-06 07:34:35 +00:00
|
|
|
"segname" / PaddedString(16, "ascii"),
|
|
|
|
"vmaddr" / Hex(Int64ul),
|
|
|
|
"vmsize" / Hex(Int64ul),
|
|
|
|
"fileoff" / Hex(Int64ul),
|
|
|
|
"filesize" / Hex(Int64ul),
|
2021-05-01 06:15:43 +00:00
|
|
|
"maxprot" / MachOVmProt,
|
|
|
|
"initprot" / MachOVmProt,
|
2021-02-06 07:34:35 +00:00
|
|
|
"nsects" / Int32ul,
|
|
|
|
"flags" / Hex(Int32ul),
|
|
|
|
"sections" / GreedyRange(Struct(
|
|
|
|
"sectname" / PaddedString(16, "ascii"),
|
|
|
|
"segname" / PaddedString(16, "ascii"),
|
|
|
|
"addr" / Hex(Int64ul),
|
|
|
|
"size" / Hex(Int64ul),
|
|
|
|
"offset" / Hex(Int32ul),
|
|
|
|
"align" / Hex(Int32ul),
|
|
|
|
"reloff" / Hex(Int32ul),
|
|
|
|
"nreloc" / Hex(Int32ul),
|
|
|
|
"flags" / Hex(Int32ul),
|
|
|
|
"reserved1" / Hex(Int32ul),
|
|
|
|
"reserved2" / Hex(Int32ul),
|
|
|
|
"reserved3" / Hex(Int32ul),
|
|
|
|
)),
|
|
|
|
)
|
|
|
|
|
2021-05-01 06:15:43 +00:00
|
|
|
MachOCmd = Struct(
|
|
|
|
"cmd" / Hex(MachOLoadCmdType),
|
2021-02-06 07:34:35 +00:00
|
|
|
"args" / Prefixed(ExprAdapter(Int32ul, obj_ - 8, obj_ + 8), Switch(this.cmd, {
|
2021-05-01 06:15:43 +00:00
|
|
|
MachOLoadCmdType.UNIXTHREAD: MachOCmdUnixThread,
|
|
|
|
MachOLoadCmdType.SEGMENT_64: MachOCmdSegment64,
|
|
|
|
MachOLoadCmdType.UUID: Hex(Bytes(16)),
|
2021-02-06 07:34:35 +00:00
|
|
|
}, default=GreedyBytes)),
|
|
|
|
)
|
|
|
|
|
2021-05-01 06:15:43 +00:00
|
|
|
MachOFile = Struct(
|
|
|
|
"header" / MachOHeader,
|
|
|
|
"cmds" / Array(this.header.ncmds, MachOCmd),
|
2021-02-06 07:34:35 +00:00
|
|
|
"extradata" / GreedyBytes,
|
2021-01-14 18:56:45 +00:00
|
|
|
)
|