所以我意识到我可以在IDA Pro中打开一个二进制文件,并确定分段的开始/停止位置。有可能在运行时在Cocoa中确定吗?

我假设有一些启用此功能的c级库函数,我在mach标头中戳了一下,但找不到很多:/

提前致谢!

最佳答案

可可不包含用于处理Mach-O文件的类。您需要使用系统提供的Mach-O功能。您正确地阅读了Mach-O标头。

我编写了一个小程序,接受一个Mach-O文件名作为输入,并转储有关其分段的信息。请注意,此程序仅处理x86_64体系结构的精简文件(即非胖文件/通用文件)。

请注意,我也不会检查所有操作,也不检查文件是否是格式正确的Mach-O文件。做适当的检查留给读者练习。

#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <mach-o/loader.h>
#include <sys/mman.h>
#include <sys/stat.h>

int main(int argc, char *argv[]) {
    int fd;
    struct stat stat_buf;
    size_t size;

    char *addr = NULL;
    struct mach_header_64 *mh;
    struct load_command *lc;
    struct segment_command_64 *sc;

    // Open the file and get its size
    fd = open(argv[1], O_RDONLY);
    fstat(fd, &stat_buf);
    size = stat_buf.st_size;

    // Map the file to memory
    addr = mmap(0, size, PROT_READ | PROT_WRITE, MAP_FILE | MAP_PRIVATE, fd, 0);

    // The first bytes of a Mach-O file comprise its header
    mh = (struct mach_header_64 *)addr;

    // Load commands follow the header
    addr += sizeof(struct mach_header_64);

    printf("There are %d load commands\n", mh->ncmds);

    for (int i = 0; i < mh->ncmds; i++) {
        lc = (struct load_command *)addr;

        if (lc->cmdsize == 0) continue;

        // If the load command is a (64-bit) segment,
        // print information about the segment
        if (lc->cmd == LC_SEGMENT_64) {
            sc = (struct segment_command_64 *)addr;
            printf("Segment %s\n\t"
                "vmaddr 0x%llx\n\t"
                "vmsize 0x%llx\n\t"
                "fileoff %llu\n\t"
                "filesize %llu\n",
                sc->segname,
                sc->vmaddr,
                sc->vmsize,
                sc->fileoff,
                sc->filesize);
        }

        // Advance to the next load command
        addr += lc->cmdsize;
    }

    printf("\nDone.\n");

    munmap(addr, size);
    close(fd);

    return 0;
}


您只需要针对x86_64位编译该程序,然后针对x86_64 Mach-O二进制文件运行它。例如,假设您已将该程序另存为test.c:

$ clang test.c -arch x86_64 -o test
$ ./test ./test
There are 11 load commands
Segment __PAGEZERO
    vmaddr 0x0
    vmsize 0x100000000
    fileoff 0
    filesize 0
Segment __TEXT
    vmaddr 0x100000000
    vmsize 0x1000
    fileoff 0
    filesize 4096
Segment __DATA
    vmaddr 0x100001000
    vmsize 0x1000
    fileoff 4096
    filesize 4096
Segment __LINKEDIT
    vmaddr 0x100002000
    vmsize 0x1000
    fileoff 8192
    filesize 624

Done.


如果您想获得更多有关如何读取Mach-O文件的示例,cctools on Apple’s Open Source Web site可能是最好的选择。您还需要阅读Mac OS X ABI Mach-O File Format Reference

10-06 05:21
查看更多