librex 0.0.68 → 0.0.70

data/lib/rex/machparsey.rb

@@ -1,4 +1,3 @@
-#!/usr/bin/env ruby
 # -*- coding: binary -*-
 
 module Rex

data/lib/rex/machparsey/exceptions.rb

@@ -1,4 +1,3 @@
-#!/usr/bin/env ruby
 # -*- coding: binary -*-
 
 module Rex

data/lib/rex/machparsey/mach.rb

@@ -1,4 +1,3 @@
-#!/usr/bin/env ruby
 # -*- coding: binary -*-
 
 require 'rex/machparsey/machbase'
@@ -10,198 +9,198 @@ module MachParsey
 
 
 class Mach < MachBase
-	attr_accessor :mach_header, :segments, :isource, :bits, :endian, :arch, :fat_offset
-
-	def initialize(isource, offset = 0, fat = false)
-		_parse_mach_header(isource, offset)
-		if fat == true
-			self.fat_offset = offset
-		else
-			self.fat_offset = 0
-		end
-
-		self.isource = isource
-	end
-
-	def _parse_mach_header(isource, offset)
-		self.mach_header = MachHeader.new(isource.read(offset, MACH_HEADER_SIZE_64))
-		bits = mach_header.bits
-		endian = mach_header.endian
-		ncmds = mach_header.ncmds
-
-		if bits == BITS_32
-			offset += MACH_HEADER_SIZE
-		else
-			offset += MACH_HEADER_SIZE_64
-		end
-
-
-		segments = []
-		ncmds.times do
-			load_command = LoadCommand.new(isource.read(offset, LOAD_COMMAND_SIZE), endian)
-
-			case load_command.cmd
-				when LC_SEGMENT
-					segments << Segment.new(isource.read(offset, SEGMENT_COMMAND_SIZE), bits, endian)
-				when LC_SEGMENT_64
-					segments << Segment.new(isource.read(offset, SEGMENT_COMMAND_SIZE_64), bits, endian)
-			end
-
-			offset += load_command.cmdsize
-		end
-
-		self.mach_header = mach_header
-		self.segments = segments
-		self.isource = isource
-		self.bits = bits
-		self.endian = endian
-
-		return segments
-	end
-
-	def self.new_from_file(filename, disk_backed = false)
-
-		file = ::File.open(filename, "rb")
-
-		if disk_backed
-			return self.new(ImageSource::Disk.new(file))
-		else
-			obj = new_from_string(file.read)
-			file.close
-			return obj
-		end
-	end
-
-	def self.new_from_string(data)
-		return self.new(ImageSource::Memory.new(data))
-	end
-
-	def ptr_64?
-		mach_header.bits == BITS_64
-	end
-
-	def ptr_32?
-		ptr_64? == false
-	end
-
-	def ptr_s(vaddr)
-		(ptr_32?) ? ("0x%.8x" % vaddr) : ("0x%.16x" % vaddr)
-	end
-
-	def read(offset, len)
-		isource.read(fat_offset + offset, len)
-	end
-
-	def index(*args)
-		isource.index(*args)
-	end
-
-	def close
-		isource.close
-	end
+  attr_accessor :mach_header, :segments, :isource, :bits, :endian, :arch, :fat_offset
+
+  def initialize(isource, offset = 0, fat = false)
+    _parse_mach_header(isource, offset)
+    if fat == true
+      self.fat_offset = offset
+    else
+      self.fat_offset = 0
+    end
+
+    self.isource = isource
+  end
+
+  def _parse_mach_header(isource, offset)
+    self.mach_header = MachHeader.new(isource.read(offset, MACH_HEADER_SIZE_64))
+    bits = mach_header.bits
+    endian = mach_header.endian
+    ncmds = mach_header.ncmds
+
+    if bits == BITS_32
+      offset += MACH_HEADER_SIZE
+    else
+      offset += MACH_HEADER_SIZE_64
+    end
+
+
+    segments = []
+    ncmds.times do
+      load_command = LoadCommand.new(isource.read(offset, LOAD_COMMAND_SIZE), endian)
+
+      case load_command.cmd
+        when LC_SEGMENT
+          segments << Segment.new(isource.read(offset, SEGMENT_COMMAND_SIZE), bits, endian)
+        when LC_SEGMENT_64
+          segments << Segment.new(isource.read(offset, SEGMENT_COMMAND_SIZE_64), bits, endian)
+      end
+
+      offset += load_command.cmdsize
+    end
+
+    self.mach_header = mach_header
+    self.segments = segments
+    self.isource = isource
+    self.bits = bits
+    self.endian = endian
+
+    return segments
+  end
+
+  def self.new_from_file(filename, disk_backed = false)
+
+    file = ::File.open(filename, "rb")
+
+    if disk_backed
+      return self.new(ImageSource::Disk.new(file))
+    else
+      obj = new_from_string(file.read)
+      file.close
+      return obj
+    end
+  end
+
+  def self.new_from_string(data)
+    return self.new(ImageSource::Memory.new(data))
+  end
+
+  def ptr_64?
+    mach_header.bits == BITS_64
+  end
+
+  def ptr_32?
+    ptr_64? == false
+  end
+
+  def ptr_s(vaddr)
+    (ptr_32?) ? ("0x%.8x" % vaddr) : ("0x%.16x" % vaddr)
+  end
+
+  def read(offset, len)
+    isource.read(fat_offset + offset, len)
+  end
+
+  def index(*args)
+    isource.index(*args)
+  end
+
+  def close
+    isource.close
+  end
 
 end
 
 class Fat < FatBase
-	attr_accessor :fat_header, :fat_archs, :machos, :isource
+  attr_accessor :fat_header, :fat_archs, :machos, :isource
 
-	def initialize(isource, offset = 0)
-		self.fat_archs = []
-		self.machos = []
-		self.isource = isource
-		self.fat_header = FatHeader.new(isource.read(offset, FAT_HEADER_SIZE))
+  def initialize(isource, offset = 0)
+    self.fat_archs = []
+    self.machos = []
+    self.isource = isource
+    self.fat_header = FatHeader.new(isource.read(offset, FAT_HEADER_SIZE))
 
-		if !self.fat_header
-			raise FatHeaderError, "Could not parse FAT header"
-		end
+    if !self.fat_header
+      raise FatHeaderError, "Could not parse FAT header"
+    end
 
-		print "Detected " +  self.fat_header.nfat_arch.to_s +  " archs in binary.\n"
+    print "Detected " +  self.fat_header.nfat_arch.to_s +  " archs in binary.\n"
 
-		offset += FAT_HEADER_SIZE
+    offset += FAT_HEADER_SIZE
 
-		self.fat_header.nfat_arch.times do
-			fat_arch = FatArch.new(isource.read(offset, FAT_ARCH_SIZE), self.fat_header.endian)
-			self.fat_archs << fat_arch
-			self.machos << Mach.new(isource, fat_arch.offset, true)
-			offset += FAT_ARCH_SIZE
-		end
+    self.fat_header.nfat_arch.times do
+      fat_arch = FatArch.new(isource.read(offset, FAT_ARCH_SIZE), self.fat_header.endian)
+      self.fat_archs << fat_arch
+      self.machos << Mach.new(isource, fat_arch.offset, true)
+      offset += FAT_ARCH_SIZE
+    end
 
 
-	end
+  end
 
-	#this is useful for debugging but we don't use it for anything.
-	def _parse_fat_header(isource, offset)
-		archs = []
-		nfat_arch = self.fat_header.nfat_arch
+  #this is useful for debugging but we don't use it for anything.
+  def _parse_fat_header(isource, offset)
+    archs = []
+    nfat_arch = self.fat_header.nfat_arch
 
-		print "Number of archs in binary: " + nfat_arch.to_s + "\n"
+    print "Number of archs in binary: " + nfat_arch.to_s + "\n"
 
-		nfat_arch.times do
-			arch = FatArch.new(isource.read(offset, FAT_ARCH_SIZE), self.endian)
+    nfat_arch.times do
+      arch = FatArch.new(isource.read(offset, FAT_ARCH_SIZE), self.endian)
 
-			case arch.cpu_type
+      case arch.cpu_type
 
-			when CPU_TYPE_I386
-				print "i386\n"
+      when CPU_TYPE_I386
+        print "i386\n"
 
-			when CPU_TYPE_X86_64
-				print "x86_64\n"
+      when CPU_TYPE_X86_64
+        print "x86_64\n"
 
-			when CPU_TYPE_ARM
-				print "Arm\n"
+      when CPU_TYPE_ARM
+        print "Arm\n"
 
-			when CPU_TYPE_POWERPC
-				print "Power PC\n"
+      when CPU_TYPE_POWERPC
+        print "Power PC\n"
 
-			when CPU_TYPE_POWERPC64
-				print "Power PC 64\n"
-			end
+      when CPU_TYPE_POWERPC64
+        print "Power PC 64\n"
+      end
 
-			offset += FAT_ARCH_SIZE
-		end
-	end
+      offset += FAT_ARCH_SIZE
+    end
+  end
 
-	def self.new_from_file(filename, disk_backed = false)
+  def self.new_from_file(filename, disk_backed = false)
 
-		file = ::File.open(filename, "rb")
+    file = ::File.open(filename, "rb")
 
-		if disk_backed
-			return self.new(ImageSource::Disk.new(file))
-		else
-			obj = new_from_string(file.read)
-			file.close
-			return obj
-		end
-	end
+    if disk_backed
+      return self.new(ImageSource::Disk.new(file))
+    else
+      obj = new_from_string(file.read)
+      file.close
+      return obj
+    end
+  end
 
 
-	def self.new_from_string(data)
-		return self.new(ImageSource::Memory.new(data))
-	end
+  def self.new_from_string(data)
+    return self.new(ImageSource::Memory.new(data))
+  end
 
-	def ptr_64?
-		mach_header.bits == BITS_64
-	end
+  def ptr_64?
+    mach_header.bits == BITS_64
+  end
 
-	def ptr_32?
-		ptr_64? == false
-	end
+  def ptr_32?
+    ptr_64? == false
+  end
 
-	def ptr_s(vaddr)
-		(ptr_32?) ? ("0x%.8x" % vaddr) : ("0x%.16x" % vaddr)
-	end
+  def ptr_s(vaddr)
+    (ptr_32?) ? ("0x%.8x" % vaddr) : ("0x%.16x" % vaddr)
+  end
 
-	def read(offset, len)
-		isource.read(offset, len)
-	end
+  def read(offset, len)
+    isource.read(offset, len)
+  end
 
-	def index(*args)
-		isource.index(*args)
-	end
+  def index(*args)
+    isource.index(*args)
+  end
 
-	def close
-		isource.close
-	end
+  def close
+    isource.close
+  end
 
 end
 

data/lib/rex/machparsey/machbase.rb

@@ -1,4 +1,3 @@
-#!/usr/bin/env ruby
 # -*- coding: binary -*-
 
 require 'rex/struct2'
@@ -10,29 +9,29 @@ require 'rex/machparsey/exceptions'
 require 'rex/struct2'
 
 class GenericStruct
-	attr_accessor :struct
-	def initialize(_struct)
-		self.struct = _struct
-	end
-
-	# Access a value
-	def v
-		struct.v
-	end
-
-	# Access a value by array
-	def [](*args)
-		struct[*args]
-	end
-
-	# Obtain an array of all fields
-	def keys
-		struct.keys
-	end
-
-	def method_missing(meth, *args)
-		v[meth.to_s] || (raise NoMethodError.new, meth)
-	end
+  attr_accessor :struct
+  def initialize(_struct)
+    self.struct = _struct
+  end
+
+  # Access a value
+  def v
+    struct.v
+  end
+
+  # Access a value by array
+  def [](*args)
+    struct[*args]
+  end
+
+  # Obtain an array of all fields
+  def keys
+    struct.keys
+  end
+
+  def method_missing(meth, *args)
+    v[meth.to_s] || (raise NoMethodError.new, meth)
+  end
 end
 
 class GenericHeader < GenericStruct
@@ -45,362 +44,362 @@ ENDIAN_MSB 	= 1
 
 class MachBase
 
-	MH_MAGIC 		= 0xfeedface
-	MH_MAGIC_64 		= 0xfeedfacf
-	MH_CIGAM 		= 0xcefaedfe
-	MH_CIGAM_64 		= 0xcffaedfe
-	MACH_HEADER_SIZE 	= 28
-	MACH_HEADER_SIZE_64 	= 32
-
-
-	MACH_HEADER_LSB = Rex::Struct2::CStructTemplate.new(
-		['uint32v', 'magic',	 0],
-		['uint32v', 'cputype',   0],
-		['uint32v', 'cpusubtype',0],
-		['uint32v', 'filetype',	 0],
-		['uint32v', 'ncmds',	 0],
-		['uint32v', 'sizeofcmds',0],
-		['uint32v', 'flags',	 0]
-	)
-
-	MACH_HEADER_MSB = Rex::Struct2::CStructTemplate.new(
-		['uint32n', 'magic',	 0],
-		['uint32n', 'cputype',   0],
-		['uint32n', 'cpusubtype',0],
-		['uint32n', 'filetype',	 0],
-		['uint32n', 'ncmds',	 0],
-		['uint32n', 'sizeofcmds',0],
-		['uint32n', 'flags',	 0]
-	)
-
-
-	MACH_HEADER_64_LSB = Rex::Struct2::CStructTemplate.new(
-		['uint32v', 'magic',	 0],
-		['uint32v', 'cputype',   0],
-		['uint32v', 'cpusubtype',0],
-		['uint32v', 'filetype',	 0],
-		['uint32v', 'ncmds',	 0],
-		['uint32v', 'sizeofcmds',0],
-		['uint32v', 'flags',	 0],
-		['uint32v', 'reserved',	 0]
-	)
-
-	MACH_HEADER_64_MSB = Rex::Struct2::CStructTemplate.new(
-		['uint32n', 'magic',	 0],
-		['uint32n', 'cputype',   0],
-		['uint32n', 'cpusubtype',0],
-		['uint32n', 'filetype',	 0],
-		['uint32n', 'ncmds',	 0],
-		['uint32n', 'sizeofcmds',0],
-		['uint32n', 'flags',	 0],
-		['uint32n', 'reserved',	 0]
-	)
-
-	#cpu types for Mach-O binaries
-	CPU_TYPE_I386		= 0x7
-	CPU_TYPE_X86_64		= 0x01000007
-	CPU_TYPE_ARM 		= 0xC
-	CPU_TYPE_POWERPC	= 0x12
-	CPU_TYPE_POWERPC64	= 0x01000012
-
-	CPU_SUBTYPE_LITTLE_ENDIAN 	= 0
-	CPU_SUBTYPE_BIG_ENDIAN		= 1
-
-	LC_SEGMENT	= 0x1     #/* segment of this file to be mapped */
-	LC_SYMTAB	= 0x2     #/* link-edit stab symbol table info */
-	LC_SYMSEG	= 0x3     #/* link-edit gdb symbol table info (obsolete) */
-	LC_THREAD	= 0x4     #/* thread */
-	LC_UNIXTHREAD   = 0x5     #/* unix thread (includes a stack) */
-	LC_LOADFVMLIB   = 0x6     #/* load a specified fixed VM shared library */
-	LC_IDFVMLIB     = 0x7     #/* fixed VM shared library identification */
-	LC_IDENT        = 0x8     #/* object identification info (obsolete) */
-	LC_FVMFILE      = 0x9     #/* fixed VM file inclusion (internal use) */
-	LC_PREPAGE      = 0xa     #/* prepage command (internal use) */
-	LC_DYSYMTAB     = 0xb     #/* dynamic link-edit symbol table info */
-	LC_LOAD_DYLIB   = 0xc     #/* load a dynamicly linked shared library */
-	LC_ID_DYLIB     = 0xd     #/* dynamicly linked shared lib identification */
-	LC_LOAD_DYLINKER = 0xe    #/* load a dynamic linker */
-	LC_ID_DYLINKER   = 0xf     #/* dynamic linker identification */
-	LC_PREBOUND_DYLIB = 0x10  #/* modules prebound for a dynamicly */
-	LC_SEGMENT_64	= 0x19    #/* segment of this file to be mapped */
-
-
-
-
-	class MachHeader < GenericHeader
-		attr_accessor :bits, :endian
-
-		def initialize(rawdata)
-			mach_header = MACH_HEADER_LSB.make_struct
-			if !mach_header.from_s(rawdata)
-				raise MachHeaderError, "Could't access Mach-O Magic", caller
-			end
-
-			if mach_header.v['magic'] == MH_MAGIC
-				endian = ENDIAN_LSB
-				bits = BITS_32
-				mach_header = MACH_HEADER_LSB.make_struct
-			elsif mach_header.v['magic'] == MH_CIGAM
-				bits = BITS_32
-				endian = ENDIAN_MSB
-				mach_header = MACH_HEADER_MSB.make_struct
-			elsif mach_header.v['magic'] == MH_MAGIC_64
-				endian = ENDIAN_LSB
-				bits = BITS_64
-				mach_header = MACH_HEADER_LSB.make_struct
-			elsif mach_header.v['magic'] == MH_CIGAM_64
-				endian = ENDIAN_MSB
-				bits = BITS_64
-				mach_header = MACH_HEADER_MSB.make_struct
-			else
-				raise MachHeaderError, "Couldn't find Mach Magic", caller
-			end
-
-			if !mach_header.from_s(rawdata)
-				raise MachHeaderError, "Could't process Mach-O Header", caller
-			end
-
-			self.struct = mach_header
-			self.endian = endian
-			self.bits = bits
-		end
-	end
-
-	LOAD_COMMAND_SIZE = 8
-
-	LOAD_COMMAND_LSB = Rex::Struct2::CStructTemplate.new(
-		['uint32v','cmd',0],
-		['uint32v','cmdsize',0]
-	)
-
-	LOAD_COMMAND_MSB = Rex::Struct2::CStructTemplate.new(
-		['uint32n','cmd',0],
-		['uint32n','cmdsize',0]
-	)
-
-	class LoadCommand < GenericHeader
-		def initialize(rawdata, endian)
-
-			if endian == ENDIAN_MSB
-				load_command = LOAD_COMMAND_MSB.make_struct
-			else
-				load_command = LOAD_COMMAND_LSB.make_struct
-			end
-
-			if !load_command.from_s(rawdata)
-				raise MachParseError, "Couldn't parse load command"
-			end
-
-			self.struct = load_command
-
-		end
-	end
-
-	SEGMENT_COMMAND_SIZE = 56
-
-	SEGMENT_COMMAND_LSB = Rex::Struct2::CStructTemplate.new(
-		['uint32v', 'cmd',  0],
-		['uint32v', 'cmdsize',  0],
-		['string',  'segname',  16, ''],
-		['uint32v', 'vmaddr', 0],
-		['uint32v', 'vmsize', 0],
-		['uint32v', 'fileoff',  0],
-		['uint32v', 'filesize', 0],
-		['uint32v', 'maxprot',  0],
-		['uint32v', 'initprot', 0],
-		['uint32v', 'nsects', 0],
-		['uint32v', 'flags',  0]
-	)
-
-	SEGMENT_COMMAND_MSB = Rex::Struct2::CStructTemplate.new(
-		['uint32n', 'cmd',  0],
-		['uint32n', 'cmdsize',  0],
-		['string',  'segname',  16, ''],
-		['uint32n', 'vmaddr', 0],
-		['uint32n', 'vmsize', 0],
-		['uint32n', 'fileoff',  0],
-		['uint32n', 'filesize', 0],
-		['uint32n', 'maxprot',  0],
-		['uint32n', 'initprot', 0],
-		['uint32n', 'nsects', 0],
-		['uint32n', 'flags',  0]
-	)
-
-	SEGMENT_COMMAND_SIZE_64 = 72
-
-	SEGMENT_COMMAND_64_LSB = Rex::Struct2::CStructTemplate.new(
-		['uint32v', 'cmd',  0],
-		['uint32v', 'cmdsize',  0],
-		['string',  'segname',  16, ''],
-		['uint64v', 'vmaddr', 0],
-		['uint64v', 'vmsize', 0],
-		['uint64v', 'fileoff',  0],
-		['uint64v', 'filesize', 0],
-		['uint32v', 'maxprot',  0],
-		['uint32v', 'initprot', 0],
-		['uint32v', 'nsects', 0],
-		['uint32v', 'flags',  0]
-	)
-
-	SEGMENT_COMMAND_64_MSB = Rex::Struct2::CStructTemplate.new(
-		['uint32n', 'cmd',  0],
-		['uint32n', 'cmdsize',  0],
-		['string',  'segname',  16, ''],
-		['uint64n', 'vmaddr', 0],
-		['uint64n', 'vmsize', 0],
-		['uint64n', 'fileoff',  0],
-		['uint64n', 'filesize', 0],
-		['uint32n', 'maxprot',  0],
-		['uint32n', 'initprot', 0],
-		['uint32n', 'nsects', 0],
-		['uint32n', 'flags',  0]
-	)
-
-	class Segment < GenericHeader
-		attr_accessor :_bits, :_endian
-
-		def initialize(rawdata, bits, endian)
-			self._bits = bits
-
-			if bits == BITS_64
-				if endian == ENDIAN_MSB
-					segment_command = SEGMENT_COMMAND_64_MSB.make_struct
-				else
-					segment_command = SEGMENT_COMMAND_64_LSB.make_struct
-				end
-			else
-				if endian == ENDIAN_MSB
-					segment_command = SEGMENT_COMMAND_MSB.make_struct
-				else
-					segment_command = SEGMENT_COMMAND_LSB.make_struct
-				end
-			end
-			if !segment_command.from_s(rawdata)
-				raise MachParseError, "Couldn't parse segment command"
-			end
-
-			self.struct = segment_command
-		end
-
-		def Segname
-			v['segname']
-		end
-
-		def Vmaddr
-			v['vmaddr']
-		end
-
-		def Vmsize
-			v['vmsize']
-		end
-
-		def FileOff
-			v['fileoff']
-		end
-
-		def FileSize
-			v['filesize']
-		end
-	end
-
-	class Thread < GenericHeader
-		def initialize(rawdata)
-		end
-	end
+  MH_MAGIC 		= 0xfeedface
+  MH_MAGIC_64 		= 0xfeedfacf
+  MH_CIGAM 		= 0xcefaedfe
+  MH_CIGAM_64 		= 0xcffaedfe
+  MACH_HEADER_SIZE 	= 28
+  MACH_HEADER_SIZE_64 	= 32
+
+
+  MACH_HEADER_LSB = Rex::Struct2::CStructTemplate.new(
+    ['uint32v', 'magic',	 0],
+    ['uint32v', 'cputype',   0],
+    ['uint32v', 'cpusubtype',0],
+    ['uint32v', 'filetype',	 0],
+    ['uint32v', 'ncmds',	 0],
+    ['uint32v', 'sizeofcmds',0],
+    ['uint32v', 'flags',	 0]
+  )
+
+  MACH_HEADER_MSB = Rex::Struct2::CStructTemplate.new(
+    ['uint32n', 'magic',	 0],
+    ['uint32n', 'cputype',   0],
+    ['uint32n', 'cpusubtype',0],
+    ['uint32n', 'filetype',	 0],
+    ['uint32n', 'ncmds',	 0],
+    ['uint32n', 'sizeofcmds',0],
+    ['uint32n', 'flags',	 0]
+  )
+
+
+  MACH_HEADER_64_LSB = Rex::Struct2::CStructTemplate.new(
+    ['uint32v', 'magic',	 0],
+    ['uint32v', 'cputype',   0],
+    ['uint32v', 'cpusubtype',0],
+    ['uint32v', 'filetype',	 0],
+    ['uint32v', 'ncmds',	 0],
+    ['uint32v', 'sizeofcmds',0],
+    ['uint32v', 'flags',	 0],
+    ['uint32v', 'reserved',	 0]
+  )
+
+  MACH_HEADER_64_MSB = Rex::Struct2::CStructTemplate.new(
+    ['uint32n', 'magic',	 0],
+    ['uint32n', 'cputype',   0],
+    ['uint32n', 'cpusubtype',0],
+    ['uint32n', 'filetype',	 0],
+    ['uint32n', 'ncmds',	 0],
+    ['uint32n', 'sizeofcmds',0],
+    ['uint32n', 'flags',	 0],
+    ['uint32n', 'reserved',	 0]
+  )
+
+  #cpu types for Mach-O binaries
+  CPU_TYPE_I386		= 0x7
+  CPU_TYPE_X86_64		= 0x01000007
+  CPU_TYPE_ARM 		= 0xC
+  CPU_TYPE_POWERPC	= 0x12
+  CPU_TYPE_POWERPC64	= 0x01000012
+
+  CPU_SUBTYPE_LITTLE_ENDIAN 	= 0
+  CPU_SUBTYPE_BIG_ENDIAN		= 1
+
+  LC_SEGMENT	= 0x1     #/* segment of this file to be mapped */
+  LC_SYMTAB	= 0x2     #/* link-edit stab symbol table info */
+  LC_SYMSEG	= 0x3     #/* link-edit gdb symbol table info (obsolete) */
+  LC_THREAD	= 0x4     #/* thread */
+  LC_UNIXTHREAD   = 0x5     #/* unix thread (includes a stack) */
+  LC_LOADFVMLIB   = 0x6     #/* load a specified fixed VM shared library */
+  LC_IDFVMLIB     = 0x7     #/* fixed VM shared library identification */
+  LC_IDENT        = 0x8     #/* object identification info (obsolete) */
+  LC_FVMFILE      = 0x9     #/* fixed VM file inclusion (internal use) */
+  LC_PREPAGE      = 0xa     #/* prepage command (internal use) */
+  LC_DYSYMTAB     = 0xb     #/* dynamic link-edit symbol table info */
+  LC_LOAD_DYLIB   = 0xc     #/* load a dynamicly linked shared library */
+  LC_ID_DYLIB     = 0xd     #/* dynamicly linked shared lib identification */
+  LC_LOAD_DYLINKER = 0xe    #/* load a dynamic linker */
+  LC_ID_DYLINKER   = 0xf     #/* dynamic linker identification */
+  LC_PREBOUND_DYLIB = 0x10  #/* modules prebound for a dynamicly */
+  LC_SEGMENT_64	= 0x19    #/* segment of this file to be mapped */
+
+
+
+
+  class MachHeader < GenericHeader
+    attr_accessor :bits, :endian
+
+    def initialize(rawdata)
+      mach_header = MACH_HEADER_LSB.make_struct
+      if !mach_header.from_s(rawdata)
+        raise MachHeaderError, "Could't access Mach-O Magic", caller
+      end
+
+      if mach_header.v['magic'] == MH_MAGIC
+        endian = ENDIAN_LSB
+        bits = BITS_32
+        mach_header = MACH_HEADER_LSB.make_struct
+      elsif mach_header.v['magic'] == MH_CIGAM
+        bits = BITS_32
+        endian = ENDIAN_MSB
+        mach_header = MACH_HEADER_MSB.make_struct
+      elsif mach_header.v['magic'] == MH_MAGIC_64
+        endian = ENDIAN_LSB
+        bits = BITS_64
+        mach_header = MACH_HEADER_LSB.make_struct
+      elsif mach_header.v['magic'] == MH_CIGAM_64
+        endian = ENDIAN_MSB
+        bits = BITS_64
+        mach_header = MACH_HEADER_MSB.make_struct
+      else
+        raise MachHeaderError, "Couldn't find Mach Magic", caller
+      end
+
+      if !mach_header.from_s(rawdata)
+        raise MachHeaderError, "Could't process Mach-O Header", caller
+      end
+
+      self.struct = mach_header
+      self.endian = endian
+      self.bits = bits
+    end
+  end
+
+  LOAD_COMMAND_SIZE = 8
+
+  LOAD_COMMAND_LSB = Rex::Struct2::CStructTemplate.new(
+    ['uint32v','cmd',0],
+    ['uint32v','cmdsize',0]
+  )
+
+  LOAD_COMMAND_MSB = Rex::Struct2::CStructTemplate.new(
+    ['uint32n','cmd',0],
+    ['uint32n','cmdsize',0]
+  )
+
+  class LoadCommand < GenericHeader
+    def initialize(rawdata, endian)
+
+      if endian == ENDIAN_MSB
+        load_command = LOAD_COMMAND_MSB.make_struct
+      else
+        load_command = LOAD_COMMAND_LSB.make_struct
+      end
+
+      if !load_command.from_s(rawdata)
+        raise MachParseError, "Couldn't parse load command"
+      end
+
+      self.struct = load_command
+
+    end
+  end
+
+  SEGMENT_COMMAND_SIZE = 56
+
+  SEGMENT_COMMAND_LSB = Rex::Struct2::CStructTemplate.new(
+    ['uint32v', 'cmd',  0],
+    ['uint32v', 'cmdsize',  0],
+    ['string',  'segname',  16, ''],
+    ['uint32v', 'vmaddr', 0],
+    ['uint32v', 'vmsize', 0],
+    ['uint32v', 'fileoff',  0],
+    ['uint32v', 'filesize', 0],
+    ['uint32v', 'maxprot',  0],
+    ['uint32v', 'initprot', 0],
+    ['uint32v', 'nsects', 0],
+    ['uint32v', 'flags',  0]
+  )
+
+  SEGMENT_COMMAND_MSB = Rex::Struct2::CStructTemplate.new(
+    ['uint32n', 'cmd',  0],
+    ['uint32n', 'cmdsize',  0],
+    ['string',  'segname',  16, ''],
+    ['uint32n', 'vmaddr', 0],
+    ['uint32n', 'vmsize', 0],
+    ['uint32n', 'fileoff',  0],
+    ['uint32n', 'filesize', 0],
+    ['uint32n', 'maxprot',  0],
+    ['uint32n', 'initprot', 0],
+    ['uint32n', 'nsects', 0],
+    ['uint32n', 'flags',  0]
+  )
+
+  SEGMENT_COMMAND_SIZE_64 = 72
+
+  SEGMENT_COMMAND_64_LSB = Rex::Struct2::CStructTemplate.new(
+    ['uint32v', 'cmd',  0],
+    ['uint32v', 'cmdsize',  0],
+    ['string',  'segname',  16, ''],
+    ['uint64v', 'vmaddr', 0],
+    ['uint64v', 'vmsize', 0],
+    ['uint64v', 'fileoff',  0],
+    ['uint64v', 'filesize', 0],
+    ['uint32v', 'maxprot',  0],
+    ['uint32v', 'initprot', 0],
+    ['uint32v', 'nsects', 0],
+    ['uint32v', 'flags',  0]
+  )
+
+  SEGMENT_COMMAND_64_MSB = Rex::Struct2::CStructTemplate.new(
+    ['uint32n', 'cmd',  0],
+    ['uint32n', 'cmdsize',  0],
+    ['string',  'segname',  16, ''],
+    ['uint64n', 'vmaddr', 0],
+    ['uint64n', 'vmsize', 0],
+    ['uint64n', 'fileoff',  0],
+    ['uint64n', 'filesize', 0],
+    ['uint32n', 'maxprot',  0],
+    ['uint32n', 'initprot', 0],
+    ['uint32n', 'nsects', 0],
+    ['uint32n', 'flags',  0]
+  )
+
+  class Segment < GenericHeader
+    attr_accessor :_bits, :_endian
+
+    def initialize(rawdata, bits, endian)
+      self._bits = bits
+
+      if bits == BITS_64
+        if endian == ENDIAN_MSB
+          segment_command = SEGMENT_COMMAND_64_MSB.make_struct
+        else
+          segment_command = SEGMENT_COMMAND_64_LSB.make_struct
+        end
+      else
+        if endian == ENDIAN_MSB
+          segment_command = SEGMENT_COMMAND_MSB.make_struct
+        else
+          segment_command = SEGMENT_COMMAND_LSB.make_struct
+        end
+      end
+      if !segment_command.from_s(rawdata)
+        raise MachParseError, "Couldn't parse segment command"
+      end
+
+      self.struct = segment_command
+    end
+
+    def Segname
+      v['segname']
+    end
+
+    def Vmaddr
+      v['vmaddr']
+    end
+
+    def Vmsize
+      v['vmsize']
+    end
+
+    def FileOff
+      v['fileoff']
+    end
+
+    def FileSize
+      v['filesize']
+    end
+  end
+
+  class Thread < GenericHeader
+    def initialize(rawdata)
+    end
+  end
 end
 
-	FAT_MAGIC = 0xcafebabe
-	FAT_CIGAM = 0xbebafeca
-	FAT_HEADER_SIZE = 8
+  FAT_MAGIC = 0xcafebabe
+  FAT_CIGAM = 0xbebafeca
+  FAT_HEADER_SIZE = 8
 
-	FAT_HEADER_LSB = Rex::Struct2::CStructTemplate.new(
-		['uint32v', 'magic',	0],
-		['uint32v', 'nfat_arch',0]
-	)
+  FAT_HEADER_LSB = Rex::Struct2::CStructTemplate.new(
+    ['uint32v', 'magic',	0],
+    ['uint32v', 'nfat_arch',0]
+  )
 
-	FAT_HEADER_MSB = Rex::Struct2::CStructTemplate.new(
-		['uint32n', 'magic',	0],
-		['uint32n', 'nfat_arch',0]
-	)
+  FAT_HEADER_MSB = Rex::Struct2::CStructTemplate.new(
+    ['uint32n', 'magic',	0],
+    ['uint32n', 'nfat_arch',0]
+  )
 
 
-	FAT_ARCH_SIZE = 20
+  FAT_ARCH_SIZE = 20
 
-	FAT_ARCH_LSB = Rex::Struct2::CStructTemplate.new(
-		['uint32v', 'cpu_type',   0],
-		['uint32v', 'cpu_subtype',0],
-		['uint32v', 'offset',   0],
-		['uint32v', 'size',   0],
-		['uint32v', 'align',    0]
-	)
+  FAT_ARCH_LSB = Rex::Struct2::CStructTemplate.new(
+    ['uint32v', 'cpu_type',   0],
+    ['uint32v', 'cpu_subtype',0],
+    ['uint32v', 'offset',   0],
+    ['uint32v', 'size',   0],
+    ['uint32v', 'align',    0]
+  )
 
-	FAT_ARCH_MSB = Rex::Struct2::CStructTemplate.new(
-		['uint32n', 'cpu_type',   0],
-		['uint32n', 'cpu_subtype',0],
-		['uint32n', 'offset',   0],
-		['uint32n', 'size',   0],
-		['uint32n', 'align',    0]
-	)
+  FAT_ARCH_MSB = Rex::Struct2::CStructTemplate.new(
+    ['uint32n', 'cpu_type',   0],
+    ['uint32n', 'cpu_subtype',0],
+    ['uint32n', 'offset',   0],
+    ['uint32n', 'size',   0],
+    ['uint32n', 'align',    0]
+  )
 
 
 class FatBase
 
-	class FatHeader < GenericHeader
-		attr_accessor :nfat_arch, :endian, :exists
-
-		def initialize(rawdata)
-			fat_header = FAT_HEADER_LSB.make_struct
-			if !fat_header.from_s(rawdata)
-				#raise something
-			end
-
-			magic = fat_header.v['magic']
-			if magic == FAT_MAGIC
-				endian = ENDIAN_LSB
-			elsif magic == FAT_CIGAM
-				endian = ENDIAN_MSB
-				fat_header = FAT_HEADER_MSB.make_struct
-				if !fat_header.from_s(rawdata)
-					raise FatHeaderError, "Could not parse FAT header"
-				end
-			else
-				self.exists = 0
-				return
-			end
-
-			self.nfat_arch = fat_header.v['nfat_arch']
-			self.struct = fat_header
-			self.endian = endian
-		end
-	end
-
-	class FatArch < GenericHeader
-		attr_accessor :cpu_type, :cpu_subtype, :offset, :size
-
-		def initialize(rawdata, endian)
-			if endian == ENDIAN_LSB
-				fat_arch = FAT_ARCH_LSB.make_struct
-			else
-				fat_arch = FAT_ARCH_MSB.make_struct
-			end
-
-			if !fat_arch.from_s(rawdata)
-				raise FatHeaderError, "Could not parse arch from FAT header"
-			end
-
-			self.cpu_type = fat_arch.v['cpu_type']
-			self.cpu_subtype = fat_arch.v['cpu_subtype']
-			self.offset = fat_arch.v['offset']
-			self.size = fat_arch.v['size']
-			self.struct = fat_arch
-		end
-
-	end
-
-	class Thread < GenericHeader
-		def initialize(rawdata)
-		end
-	end
+  class FatHeader < GenericHeader
+    attr_accessor :nfat_arch, :endian, :exists
+
+    def initialize(rawdata)
+      fat_header = FAT_HEADER_LSB.make_struct
+      if !fat_header.from_s(rawdata)
+        #raise something
+      end
+
+      magic = fat_header.v['magic']
+      if magic == FAT_MAGIC
+        endian = ENDIAN_LSB
+      elsif magic == FAT_CIGAM
+        endian = ENDIAN_MSB
+        fat_header = FAT_HEADER_MSB.make_struct
+        if !fat_header.from_s(rawdata)
+          raise FatHeaderError, "Could not parse FAT header"
+        end
+      else
+        self.exists = 0
+        return
+      end
+
+      self.nfat_arch = fat_header.v['nfat_arch']
+      self.struct = fat_header
+      self.endian = endian
+    end
+  end
+
+  class FatArch < GenericHeader
+    attr_accessor :cpu_type, :cpu_subtype, :offset, :size
+
+    def initialize(rawdata, endian)
+      if endian == ENDIAN_LSB
+        fat_arch = FAT_ARCH_LSB.make_struct
+      else
+        fat_arch = FAT_ARCH_MSB.make_struct
+      end
+
+      if !fat_arch.from_s(rawdata)
+        raise FatHeaderError, "Could not parse arch from FAT header"
+      end
+
+      self.cpu_type = fat_arch.v['cpu_type']
+      self.cpu_subtype = fat_arch.v['cpu_subtype']
+      self.offset = fat_arch.v['offset']
+      self.size = fat_arch.v['size']
+      self.struct = fat_arch
+    end
+
+  end
+
+  class Thread < GenericHeader
+    def initialize(rawdata)
+    end
+  end
 
 
 end