STRLCPY/LIEF

Early work on Mach-O Signature
Romain Thomas committed with rthomas 5 years ago

39f21119

1 parent e563d682

■ ■ ■ ■ ■ ■

examples/cpp/macho_reader.cpp

		skipped 12 lines
13	13		* See the License for the specific language governing permissions and
14	14		* limitations under the License.
15	15		*/
	16	+
	17	+	#include <LIEF/logging.hpp>
16	18		#include <LIEF/MachO.hpp>
17	19		#include <LIEF/logging.hpp>
18	20
		skipped 76 lines
95	97		}
96	98
97	99		int main(int argc, char **argv) {
98		-	LIEF::Logger::set_level(LIEF::LOGGING_LEVEL::LOG_DEBUG);
	100	+	LIEF::Logger::set_level(LIEF::LOGGING_LEVEL::LOG_INFO);
99	101		std::cout << "MachO Reader" << std::endl;
100	102		if (argc != 2) {
101	103		std::cerr << "Usage: " << argv[0] << " <MachO binary>" << std::endl;
		skipped 1 lines
103	105		}
104	106		std::unique_ptr<FatBinary> binaries{Parser::parse(argv[1])};
105	107		for (const Binary& binary : *binaries) {
106		-	print_binary(binary);
107		-	std::cout << std::endl;
	108	+	//print_binary(binary);
	109	+	//std::cout << std::endl;
108	110		}
109	111
110	112		return 0;
		skipped 3 lines

■ ■ ■ ■ ■ ■

include/LIEF/MachO/CodeDirectory.hpp

1	+	/* Copyright 2017 R. Thomas
2	+	* Copyright 2017 Quarkslab
3	+	*
4	+	* Licensed under the Apache License, Version 2.0 (the "License");
5	+	* you may not use this file except in compliance with the License.
6	+	* You may obtain a copy of the License at
7	+	*
8	+	* http://www.apache.org/licenses/LICENSE-2.0
9	+	*
10	+	* Unless required by applicable law or agreed to in writing, software
11	+	* distributed under the License is distributed on an "AS IS" BASIS,
12	+	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13	+	* See the License for the specific language governing permissions and
14	+	* limitations under the License.
15	+	*/
16	+	#ifndef LIEF_MACHO_CODE_DIRECTORY_H_
17	+	#define LIEF_MACHO_CODE_DIRECTORY_H_
18	+	#include "LIEF/Object.hpp"
19	+
20	+	#include "LIEF/visibility.h"
21	+	#include "LIEF/types.hpp"
22	+
23	+
24	+	namespace LIEF {
25	+	namespace MachO {
26	+
27	+	class BinaryParser;
28	+
29	+	class LIEF_API CodeDirectory : public Object {
30	+	friend class BinaryParser;
31	+	public:
32	+	// TODO: Expose API
33	+
34	+	//bool operator==(const SubFramework& rhs) const;
35	+	//bool operator!=(const SubFramework& rhs) const;
36	+
37	+	//virtual void accept(Visitor& visitor) const override;
38	+
39	+	//virtual std::ostream& print(std::ostream& os) const override;
40	+
41	+	private:
42	+	uint32_t version_;
43	+	uint32_t flags_;
44	+	uint32_t hash_offset_;
45	+	uint32_t ident_offset_;
46	+	uint32_t nb_special_slots_;
47	+	uint32_t nb_code_slots_;
48	+	uint32_t code_limit_;
49	+
50	+	uint8_t hash_size_;
51	+	uint8_t hash_type_;
52	+	uint8_t reserved1_;
53	+	uint8_t page_size_;
54	+	uint32_t reserverd2_;
55	+	uint32_t scatter_offset_;
56	+
57	+	};
58	+
59	+	}
60	+	}
61	+	#endif
62	+

■ ■ ■ ■ ■ ■

include/LIEF/MachO/enums.inc

		skipped 586 lines
587	587		_LIEF_EI(CPU_SUBTYPE_MC98601) = 1, //CPU_SUBTYPE_POWERPC_601
588	588		};
589	589
	590	+	enum _LIEF_EN(SIGNATURE_OPCODES) {
	591	+	_LIEF_EI(SIGNATURE_OPCODE_FALSE) = 0,
	592	+	_LIEF_EI(SIGNATURE_OPCODE_TRUE) = 1,
	593	+	_LIEF_EI(SIGNATURE_OPCODE_IDENT) = 2,
	594	+	_LIEF_EI(SIGNATURE_OPCODE_APPLE_ANCHOR) = 3,
	595	+	_LIEF_EI(SIGNATURE_OPCODE_ANCHOR_HASH) = 4,
	596	+	_LIEF_EI(SIGNATURE_OPCODE_INFO_KEY_VALUE) = 5,
	597	+	_LIEF_EI(SIGNATURE_OPCODE_AND) = 6,
	598	+	_LIEF_EI(SIGNATURE_OPCODE_OR) = 7,
	599	+	_LIEF_EI(SIGNATURE_OPCODE_CDHASH) = 8,
	600	+	_LIEF_EI(SIGNATURE_OPCODE_NOT) = 9,
	601	+	_LIEF_EI(SIGNATURE_OPCODE_INFO_KEY_FIELD) = 10,
	602	+	_LIEF_EI(SIGNATURE_OPCODE_CERT_FIELD) = 11,
	603	+	_LIEF_EI(SIGNATURE_OPCODE_TRUSTED_CERT) = 12,
	604	+	_LIEF_EI(SIGNATURE_OPCODE_TRUSTED_CERTS) = 13,
	605	+	_LIEF_EI(SIGNATURE_OPCODE_CERT_GENERIC) = 14,
	606	+	_LIEF_EI(SIGNATURE_OPCODE_APPLE_GENERIC_ANCHOR) = 15,
	607	+	_LIEF_EI(SIGNATURE_OPCODE_ENTITLEMENT_FIELD) = 16,
	608	+	_LIEF_EI(SIGNATURE_OPCODE_CERT_POLICY) = 17,
	609	+	_LIEF_EI(SIGNATURE_OPCODE_NAMED_ANCHOR) = 18,
	610	+	_LIEF_EI(SIGNATURE_OPCODE_NAMED_CODE) = 19,
	611	+	};
590	612
	613	+	enum _LIEF_EN(MATCH_OPERATIONS) {
	614	+	_LIEF_EI(MOP_EXISTS) = 0,
	615	+	_LIEF_EI(MOP_EQUAL) = 1,
	616	+	_LIEF_EI(MOP_CONTAINS) = 2,
	617	+	_LIEF_EI(MOP_BEGINS_WITH) = 3,
	618	+	_LIEF_EI(MOP_ENDS_WITH) = 4,
	619	+	_LIEF_EI(MOP_LESS_THAN) = 5,
	620	+	_LIEF_EI(MOP_GREATHER_THAN) = 6,
	621	+	_LIEF_EI(MOP_LESS_EQUAL) = 7,
	622	+	_LIEF_EI(MOP_GREATHER_EQUAL) = 8,
	623	+	};
591	624

■ ■ ■ ■ ■ ■

include/LIEF/MachO/structures.inc

		skipped 536 lines
537	537		};
538	538
539	539		struct code_directory {
	540	+	uint32_t magic;
	541	+	uint32_t length;
540	542		uint32_t version;
541	543		uint32_t flags;
542	544		uint32_t hash_offset;
		skipped 7 lines
550	552		uint8_t page_size;
551	553		uint32_t reserved2;
552	554		uint32_t scatter_offset;
	555	+	};
	556	+
	557	+	struct blob_index {
	558	+	uint32_t type;
	559	+	uint32_t offset;
	560	+	};
	561	+
	562	+	struct super_blob {
	563	+	uint32_t magic;
	564	+	uint32_t length;
	565	+	uint32_t count;
	566	+	//blob_index index[];
553	567		};
554	568
555	569
		skipped 57 lines

■ ■ ■ ■ ■ ■

src/MachO/BinaryParser.tcc

		skipped 426 lines
427	427		sig->raw_signature_ = {content, content + sig->data_size()};
428	428		}
429	429
	430	+	VectorStream sig_stream{std::vector<uint8_t>{content, content + sig->data_size()}};
	431	+
	432	+	sig_stream.set_endian_swap(true);
	433	+
	434	+	const super_blob& sb = sig_stream.read_conv<super_blob>();
	435	+	std::cout << "magic: " << std::hex << sb.magic << std::endl;
	436	+	std::cout << "count: " << std::hex << sb.count << std::endl;
	437	+	std::cout << "length: " << std::hex << sb.length << std::endl;
	438	+
	439	+	for (size_t i = 0; i < sb.count; ++i) {
	440	+	const blob_index& idx = sig_stream.read_conv<blob_index>();
	441	+
	442	+	uint32_t magic = sig_stream.peek_conv<uint32_t>(idx.offset);
	443	+	switch (magic) {
	444	+
	445	+	// Code Directory
	446	+	// See: lib/cscdefs.h
	447	+	case 0xfade0c02:
	448	+	{
	449	+	size_t saved_offset = sig_stream.pos();
	450	+	sig_stream.setpos(idx.offset);
	451	+	{
	452	+	const code_directory& cd = sig_stream.read_conv<code_directory>();
	453	+
	454	+	std::cout << std::endl << std::endl;
	455	+	std::cout << "Code Directory Version: " << std::hex << cd.version << std::endl;
	456	+	std::cout << "Code Directory Flags: " << std::hex << cd.flags << std::endl;
	457	+	std::cout << "Code Directory hash_offset: " << std::hex << cd.hash_offset << std::endl;
	458	+	std::cout << "Code Directory ident_offset: " << std::hex << cd.ident_offset << std::endl;
	459	+	std::string ident = sig_stream.peek_string_at(idx.offset + cd.ident_offset);
	460	+	std::cout << ident << std::endl;
	461	+
	462	+	// Standard slot
	463	+	for (size_t i = 0; i < cd.nb_code_slots; ++i) {
	464	+	const size_t hash_offset = idx.offset + cd.hash_offset + i * cd.hash_size;
	465	+	uint8_t msb = sig_stream.peek<uint8_t>(hash_offset);
	466	+	// std::cout << std::hex << static_cast<uint32_t>(msb) << std::endl;
	467	+	}
	468	+
	469	+	// Special slots
	470	+	for (size_t i = 1; i < (cd.nb_special_slots + 1); ++i) {
	471	+	const size_t hash_offset = idx.offset + cd.hash_offset - i * cd.hash_size;
	472	+	uint8_t msb = sig_stream.peek<uint8_t>(hash_offset);
	473	+	//std::cout << std::hex << static_cast<uint32_t>(msb) << std::endl;
	474	+	}
	475	+	}
	476	+	sig_stream.setpos(saved_offset);
	477	+	break;
	478	+	}
	479	+	case 0xfade7171: // Entitlement
	480	+	{
	481	+	size_t saved_offset = sig_stream.pos();
	482	+	sig_stream.setpos(idx.offset);
	483	+	{
	484	+	uint32_t magic_number = sig_stream.read_conv<uint32_t>();
	485	+	uint32_t size = sig_stream.read_conv<uint32_t>();
	486	+
	487	+	std::cout << std::endl << std::endl;
	488	+	std::cout << "Entitlement magic: " << std::hex << std::showbase << magic_number << std::endl;
	489	+	std::cout << "Entitlement size: " << std::hex << std::showbase << size << std::endl;
	490	+	std::string entitlement = sig_stream.read_string(size);
	491	+	std::cout << entitlement << std::endl;
	492	+	}
	493	+
	494	+	sig_stream.setpos(saved_offset);
	495	+	break;
	496	+	}
	497	+
	498	+	case 0xfade0c01: // Requirement set
	499	+	{
	500	+	size_t saved_offset = sig_stream.pos();
	501	+	sig_stream.setpos(idx.offset);
	502	+	{
	503	+	super_blob requirement_sblob = sig_stream.read_conv<super_blob>();
	504	+	std::cout << std::endl << std::endl;
	505	+	std::cout << "Offset: " << std::hex << std::showbase << idx.offset << std::endl;
	506	+	std::cout << "Requirement magic: " << std::hex << std::showbase << requirement_sblob.magic << std::endl;
	507	+	std::cout << "Requirement length: " << std::hex << std::showbase << requirement_sblob.length << std::endl;
	508	+	std::cout << "Requirement count: " << std::hex << std::showbase << requirement_sblob.count << std::endl;
	509	+
	510	+	for (size_t j = 0; j < requirement_sblob.count; ++j) {
	511	+	const blob_index& blob_idx = sig_stream.read_conv<blob_index>();
	512	+	std::cout << "Type: " << blob_idx.type << std::endl;
	513	+	std::cout << "Offset: " << blob_idx.offset << std::endl;
	514	+
	515	+	size_t saved_offset_req = sig_stream.pos();
	516	+	sig_stream.setpos(idx.offset + blob_idx.offset);
	517	+	{
	518	+	SIGNATURE_OPCODES op = static_cast<SIGNATURE_OPCODES>(sig_stream.read_conv<uint32_t>());
	519	+	std::cout << "OP: " << std::hex << static_cast<uint32_t>(op) << std::endl;
	520	+	std::cout << "OP: " << std::hex << sig_stream.read_conv<uint32_t>() << std::endl;
	521	+	std::cout << "OP: " << std::hex << sig_stream.read_conv<uint32_t>() << std::endl;
	522	+	std::cout << "OP: " << std::hex << sig_stream.read_conv<uint32_t>() << std::endl;
	523	+	std::cout << "OP: " << std::hex << sig_stream.read_conv<uint32_t>() << std::endl;
	524	+	std::cout << "OP: " << std::hex << sig_stream.read_conv<uint32_t>() << std::endl;
	525	+	std::cout << "OP: " << std::hex << sig_stream.read_conv<uint32_t>() << std::endl;
	526	+	//switch (op) {
	527	+	// case SIGNATURE_OPCODES::SIGNATURE_OPCODE_FALSE:
	528	+
	529	+	//}
	530	+	//std::cout << "Kind: " << std::hex << kind << std::endl;
	531	+
	532	+	}
	533	+	sig_stream.setpos(saved_offset_req);
	534	+	}
	535	+	}
	536	+
	537	+	sig_stream.setpos(saved_offset);
	538	+	break;
	539	+	}
	540	+
	541	+	default:
	542	+	{
	543	+	LOG(INFO) << "Unsupported type: " << std::dec << idx.type << "@" << std::hex << std::showbase << idx.offset << "(" << magic << ")";
	544	+	}
	545	+	}
	546	+
	547	+	}
	548	+
	549	+
430	550		break;
431	551		}
432	552
		skipped 1084 lines

■ ■ ■ ■ ■ ■

src/MachO/CMakeLists.txt

		skipped 56 lines
57	57		"${CMAKE_CURRENT_LIST_DIR}/EncryptionInfo.cpp"
58	58		"${CMAKE_CURRENT_LIST_DIR}/TrieNode.cpp"
59	59		"${CMAKE_CURRENT_LIST_DIR}/BuildVersion.cpp"
	60	+	"${CMAKE_CURRENT_LIST_DIR}/Convert.cpp"
60	61		)
61	62
62	63		set(LIEF_MACHO_INCLUDE_FILES
		skipped 62 lines

■ ■ ■ ■ ■ ■

src/MachO/Convert.cpp

1	+	#include "LIEF/BinaryStream/Convert.hpp"
2	+	#include "LIEF/BinaryStream/BinaryStream.hpp"
3	+	#include "LIEF/MachO/Structures.hpp"
4	+
5	+	/* In place conversions for BinaryStream/VectorStream data */
6	+
7	+	namespace LIEF {
8	+	namespace Convert {
9	+
10	+	template<>
11	+	void swap_endian<LIEF::MachO::super_blob>(LIEF::MachO::super_blob* sb) {
12	+	sb->magic = BinaryStream::swap_endian(sb->magic);
13	+	sb->length = BinaryStream::swap_endian(sb->length);
14	+	sb->count = BinaryStream::swap_endian(sb->count);
15	+	}
16	+
17	+	template<>
18	+	void swap_endian<LIEF::MachO::blob_index>(LIEF::MachO::blob_index* bi) {
19	+	bi->type = BinaryStream::swap_endian(bi->type);
20	+	bi->offset = BinaryStream::swap_endian(bi->offset);
21	+	}
22	+
23	+	template<>
24	+	void swap_endian<LIEF::MachO::code_directory>(LIEF::MachO::code_directory* cd) {
25	+	cd->magic = BinaryStream::swap_endian(cd->magic);
26	+	cd->length = BinaryStream::swap_endian(cd->length);
27	+	cd->version = BinaryStream::swap_endian(cd->version);
28	+	cd->flags = BinaryStream::swap_endian(cd->flags);
29	+	cd->hash_offset = BinaryStream::swap_endian(cd->hash_offset);
30	+	cd->ident_offset = BinaryStream::swap_endian(cd->ident_offset);
31	+	cd->nb_special_slots = BinaryStream::swap_endian(cd->nb_special_slots);
32	+	cd->nb_code_slots = BinaryStream::swap_endian(cd->nb_code_slots);
33	+	cd->code_limit = BinaryStream::swap_endian(cd->code_limit);
34	+	cd->hash_size = BinaryStream::swap_endian(cd->hash_size);
35	+	cd->hash_type = BinaryStream::swap_endian(cd->hash_type);
36	+	cd->reserved = BinaryStream::swap_endian(cd->reserved);
37	+	cd->page_size = BinaryStream::swap_endian(cd->page_size);
38	+	cd->reserved2 = BinaryStream::swap_endian(cd->reserved2);
39	+	cd->scatter_offset = BinaryStream::swap_endian(cd->scatter_offset);
40	+	}
41	+
42	+
43	+	}
44	+	}
45	+

Early work on Mach-O Signature