Package ghidra.app.util.opinion

Class MachoPrelinkUtils

java.lang.Object
ghidra.app.util.opinion.MachoPrelinkUtils
public class MachoPrelinkUtils extends Object
Utilities methods for working with Mach-O PRELINK binaries.

  • Constructor Details

    • MachoPrelinkUtils

      public MachoPrelinkUtils()

  • Method Details

    • isMachoPrelink

      public static boolean isMachoPrelink(ByteProvider provider, TaskMonitor monitor)
      Check to see if the given ByteProvider is a Mach-O PRELINK binary.

      NOTE: This method will return false if the binary is a Mach-O file set.

      Parameters:
      provider - The ByteProvider to check
      monitor - A monitor
      Returns:
      True if the given ByteProvider is a Mach-O PRELINK binary; otherwise, false

    • isMachoFileset

      public static boolean isMachoFileset(ByteProvider provider)
      Check to see if the given ByteProvider is a Mach-O file set
      Parameters:
      provider - The ByteProvider to check
      Returns:
      True if the given ByteProvider is a Mach-O file set; otherwise, false

    • parsePrelinkXml

      public static List<MachoPrelinkMap> parsePrelinkXml(ByteProvider provider, TaskMonitor monitor) throws IOException, org.jdom.JDOMException
      Parses the provider looking for PRELINK XML.
      Parameters:
      provider - The provider to parse.
      monitor - A monitor.
      Returns:
      A list of discovered MachoPrelinkMaps. An empty list indicates that the provider did not represent valid Mach-O PRELINK binary.
      Throws:
      IOException - if there was an IO-related issue.
      org.jdom.JDOMException - if there was a issue parsing the PRELINK XML.

    • findPrelinkMachoHeaderOffsets

      public static List<Long> findPrelinkMachoHeaderOffsets(ByteProvider provider, TaskMonitor monitor) throws IOException
      Scans the provider looking for PRELINK Mach-O headers.

      NOTE: The "System" Mach-O at offset 0 is not considered a PRELINK Mach-O.

      NOTE: We used to scan on 0x1000, and then 0x10 byte boundaries. Now iOS 12 seems to put them on 0x8-byte boundaries.

      Parameters:
      provider - The provider to scan.
      monitor - A monitor.
      Returns:
      A list of provider offsets where PRELINK Mach-O headers start (not including the "System" Mach-O at offset 0).
      Throws:
      IOException - If there was an IO-related issue searching for PRELINK Mach-O headers.

    • matchPrelinkToMachoHeaderOffsets

      public static org.apache.commons.collections4.BidiMap<MachoPrelinkMap,Long> matchPrelinkToMachoHeaderOffsets(ByteProvider provider, List<MachoPrelinkMap> prelinkList, List<Long> machoHeaderOffsets, TaskMonitor monitor) throws MachException, IOException
      Forms a bidirectional mapping of PRELINK XML to Mach-O header offset in the given provider.
      Parameters:
      provider - The PRELINK Mach-O provider.
      prelinkList - A list of MachoPrelinkMaps.
      machoHeaderOffsets - A list of provider offsets where PRELINK Mach-O headers start (not including the "System" Mach-O at offset 0).
      monitor - A monitor
      Returns:
      A bidirectional mapping of PRELINK XML to Mach-O header offset in the given provider.
      Throws:
      MachException - If there was a problem parsing a Mach-O header.
      IOException - If there was an IO-related issue mapping PRELINK XML to Mach-O headers.

    • getPrelinkStartAddr

      public static long getPrelinkStartAddr(MachHeader header)
      Gets the start address of the PRELINK Mach-O's in memory.

      NOTE: This method only works for pre iOS 12 binaries. If called on an iOS 12 binary, it will fail and return 0 because the __PRELINK_TEXT segment has a size of 0. In this case, some other means of computing the start address of the PRELINK Mach-O's must be used.

      Parameters:
      header - The Mach-O header.
      Returns:
      The start address of the PRELINK Mach-O's in memory, or 0 if it could not be found.