rex-bin_tools 0.1.0

data/lib/rex/machparsey.rb

@@ -0,0 +1,9 @@
+# -*- coding: binary -*-
+
+module Rex
+module MachParsey
+
+end
+end
+
+require 'rex/machparsey/mach'

data/lib/rex/machparsey/exceptions.rb

@@ -0,0 +1,31 @@
+# -*- coding: binary -*-
+
+module Rex
+module MachParsey
+
+class MachError < ::RuntimeError
+end
+
+class MachParseError < MachError
+end
+
+class MachHeaderError < MachParseError
+end
+
+class ProgramHeaderError < MachParseError
+end
+
+class BoundsError < MachError
+end
+
+class FatError < ::RuntimeError
+end
+
+class FatParseError < FatError
+end
+
+class FatHeaderError < FatParseError
+end
+
+end
+end

data/lib/rex/machparsey/mach.rb

@@ -0,0 +1,209 @@
+# -*- coding: binary -*-
+
+require 'rex/machparsey/machbase'
+require 'rex/machparsey/exceptions'
+require 'rex/image_source'
+
+module Rex
+module MachParsey
+
+
+class Mach < MachBase
+  attr_accessor :mach_header, :segments, :isource, :bits, :endian, :arch, :fat_offset
+
+  def initialize(isource, offset = 0, fat = false)
+    _parse_mach_header(isource, offset)
+    if fat == true
+      self.fat_offset = offset
+    else
+      self.fat_offset = 0
+    end
+
+    self.isource = isource
+  end
+
+  def _parse_mach_header(isource, offset)
+    self.mach_header = MachHeader.new(isource.read(offset, MACH_HEADER_SIZE_64))
+    bits = mach_header.bits
+    endian = mach_header.endian
+    ncmds = mach_header.ncmds
+
+    if bits == BITS_32
+      offset += MACH_HEADER_SIZE
+    else
+      offset += MACH_HEADER_SIZE_64
+    end
+
+
+    segments = []
+    ncmds.times do
+      load_command = LoadCommand.new(isource.read(offset, LOAD_COMMAND_SIZE), endian)
+
+      case load_command.cmd
+        when LC_SEGMENT
+          segments << Segment.new(isource.read(offset, SEGMENT_COMMAND_SIZE), bits, endian)
+        when LC_SEGMENT_64
+          segments << Segment.new(isource.read(offset, SEGMENT_COMMAND_SIZE_64), bits, endian)
+      end
+
+      offset += load_command.cmdsize
+    end
+
+    self.mach_header = mach_header
+    self.segments = segments
+    self.isource = isource
+    self.bits = bits
+    self.endian = endian
+
+    return segments
+  end
+
+  def self.new_from_file(filename, disk_backed = false)
+
+    file = ::File.open(filename, "rb")
+
+    if disk_backed
+      return self.new(ImageSource::Disk.new(file))
+    else
+      obj = new_from_string(file.read)
+      file.close
+      return obj
+    end
+  end
+
+  def self.new_from_string(data)
+    return self.new(ImageSource::Memory.new(data))
+  end
+
+  def ptr_64?
+    mach_header.bits == BITS_64
+  end
+
+  def ptr_32?
+    ptr_64? == false
+  end
+
+  def ptr_s(vaddr)
+    (ptr_32?) ? ("0x%.8x" % vaddr) : ("0x%.16x" % vaddr)
+  end
+
+  def read(offset, len)
+    isource.read(fat_offset + offset, len)
+  end
+
+  def index(*args)
+    isource.index(*args)
+  end
+
+  def close
+    isource.close
+  end
+
+end
+
+class Fat < FatBase
+  attr_accessor :fat_header, :fat_archs, :machos, :isource
+
+  def initialize(isource, offset = 0)
+    self.fat_archs = []
+    self.machos = []
+    self.isource = isource
+    self.fat_header = FatHeader.new(isource.read(offset, FAT_HEADER_SIZE))
+
+    if !self.fat_header
+      raise FatHeaderError, "Could not parse FAT header"
+    end
+
+    print "Detected " +  self.fat_header.nfat_arch.to_s +  " archs in binary.\n"
+
+    offset += FAT_HEADER_SIZE
+
+    self.fat_header.nfat_arch.times do
+      fat_arch = FatArch.new(isource.read(offset, FAT_ARCH_SIZE), self.fat_header.endian)
+      self.fat_archs << fat_arch
+      self.machos << Mach.new(isource, fat_arch.offset, true)
+      offset += FAT_ARCH_SIZE
+    end
+
+
+  end
+
+  #this is useful for debugging but we don't use it for anything.
+  def _parse_fat_header(isource, offset)
+    archs = []
+    nfat_arch = self.fat_header.nfat_arch
+
+    print "Number of archs in binary: " + nfat_arch.to_s + "\n"
+
+    nfat_arch.times do
+      arch = FatArch.new(isource.read(offset, FAT_ARCH_SIZE), self.endian)
+
+      case arch.cpu_type
+
+      when CPU_TYPE_I386
+        print "i386\n"
+
+      when CPU_TYPE_X86_64
+        print "x86_64\n"
+
+      when CPU_TYPE_ARM
+        print "Arm\n"
+
+      when CPU_TYPE_POWERPC
+        print "Power PC\n"
+
+      when CPU_TYPE_POWERPC64
+        print "Power PC 64\n"
+      end
+
+      offset += FAT_ARCH_SIZE
+    end
+  end
+
+  def self.new_from_file(filename, disk_backed = false)
+
+    file = ::File.open(filename, "rb")
+
+    if disk_backed
+      return self.new(ImageSource::Disk.new(file))
+    else
+      obj = new_from_string(file.read)
+      file.close
+      return obj
+    end
+  end
+
+
+  def self.new_from_string(data)
+    return self.new(ImageSource::Memory.new(data))
+  end
+
+  def ptr_64?
+    mach_header.bits == BITS_64
+  end
+
+  def ptr_32?
+    ptr_64? == false
+  end
+
+  def ptr_s(vaddr)
+    (ptr_32?) ? ("0x%.8x" % vaddr) : ("0x%.16x" % vaddr)
+  end
+
+  def read(offset, len)
+    isource.read(offset, len)
+  end
+
+  def index(*args)
+    isource.index(*args)
+  end
+
+  def close
+    isource.close
+  end
+
+end
+
+
+end
+end

data/lib/rex/machparsey/machbase.rb

@@ -0,0 +1,408 @@
+# -*- coding: binary -*-
+
+require 'rex/struct2'
+
+module Rex
+module MachParsey
+
+require 'rex/machparsey/exceptions'
+require 'rex/struct2'
+
+class GenericStruct
+  attr_accessor :struct
+  def initialize(_struct)
+    self.struct = _struct
+  end
+
+  # Access a value
+  def v
+    struct.v
+  end
+
+  # Access a value by array
+  def [](*args)
+    struct[*args]
+  end
+
+  # Obtain an array of all fields
+  def keys
+    struct.keys
+  end
+
+  def method_missing(meth, *args)
+    v[meth.to_s] || (raise NoMethodError.new, meth)
+  end
+end
+
+class GenericHeader < GenericStruct
+end
+
+BITS_32 	= 0
+BITS_64 	= 1
+ENDIAN_LSB 	= 0
+ENDIAN_MSB 	= 1
+
+class MachBase
+
+  MH_MAGIC 		= 0xfeedface
+  MH_MAGIC_64 		= 0xfeedfacf
+  MH_CIGAM 		= 0xcefaedfe
+  MH_CIGAM_64 		= 0xcffaedfe
+  MACH_HEADER_SIZE 	= 28
+  MACH_HEADER_SIZE_64 	= 32
+
+
+  MACH_HEADER_LSB = Rex::Struct2::CStructTemplate.new(
+    ['uint32v', 'magic',	 0],
+    ['uint32v', 'cputype',   0],
+    ['uint32v', 'cpusubtype',0],
+    ['uint32v', 'filetype',	 0],
+    ['uint32v', 'ncmds',	 0],
+    ['uint32v', 'sizeofcmds',0],
+    ['uint32v', 'flags',	 0]
+  )
+
+  MACH_HEADER_MSB = Rex::Struct2::CStructTemplate.new(
+    ['uint32n', 'magic',	 0],
+    ['uint32n', 'cputype',   0],
+    ['uint32n', 'cpusubtype',0],
+    ['uint32n', 'filetype',	 0],
+    ['uint32n', 'ncmds',	 0],
+    ['uint32n', 'sizeofcmds',0],
+    ['uint32n', 'flags',	 0]
+  )
+
+
+  MACH_HEADER_64_LSB = Rex::Struct2::CStructTemplate.new(
+    ['uint32v', 'magic',	 0],
+    ['uint32v', 'cputype',   0],
+    ['uint32v', 'cpusubtype',0],
+    ['uint32v', 'filetype',	 0],
+    ['uint32v', 'ncmds',	 0],
+    ['uint32v', 'sizeofcmds',0],
+    ['uint32v', 'flags',	 0],
+    ['uint32v', 'reserved',	 0]
+  )
+
+  MACH_HEADER_64_MSB = Rex::Struct2::CStructTemplate.new(
+    ['uint32n', 'magic',	 0],
+    ['uint32n', 'cputype',   0],
+    ['uint32n', 'cpusubtype',0],
+    ['uint32n', 'filetype',	 0],
+    ['uint32n', 'ncmds',	 0],
+    ['uint32n', 'sizeofcmds',0],
+    ['uint32n', 'flags',	 0],
+    ['uint32n', 'reserved',	 0]
+  )
+
+  #cpu types for Mach-O binaries
+  CPU_TYPE_I386		= 0x7
+  CPU_TYPE_X86_64		= 0x01000007
+  CPU_TYPE_ARM 		= 0xC
+  CPU_TYPE_POWERPC	= 0x12
+  CPU_TYPE_POWERPC64	= 0x01000012
+
+  CPU_SUBTYPE_LITTLE_ENDIAN 	= 0
+  CPU_SUBTYPE_BIG_ENDIAN		= 1
+
+  LC_SEGMENT	= 0x1     #/* segment of this file to be mapped */
+  LC_SYMTAB	= 0x2     #/* link-edit stab symbol table info */
+  LC_SYMSEG	= 0x3     #/* link-edit gdb symbol table info (obsolete) */
+  LC_THREAD	= 0x4     #/* thread */
+  LC_UNIXTHREAD   = 0x5     #/* unix thread (includes a stack) */
+  LC_LOADFVMLIB   = 0x6     #/* load a specified fixed VM shared library */
+  LC_IDFVMLIB     = 0x7     #/* fixed VM shared library identification */
+  LC_IDENT        = 0x8     #/* object identification info (obsolete) */
+  LC_FVMFILE      = 0x9     #/* fixed VM file inclusion (internal use) */
+  LC_PREPAGE      = 0xa     #/* prepage command (internal use) */
+  LC_DYSYMTAB     = 0xb     #/* dynamic link-edit symbol table info */
+  LC_LOAD_DYLIB   = 0xc     #/* load a dynamicly linked shared library */
+  LC_ID_DYLIB     = 0xd     #/* dynamicly linked shared lib identification */
+  LC_LOAD_DYLINKER = 0xe    #/* load a dynamic linker */
+  LC_ID_DYLINKER   = 0xf     #/* dynamic linker identification */
+  LC_PREBOUND_DYLIB = 0x10  #/* modules prebound for a dynamicly */
+  LC_SEGMENT_64	= 0x19    #/* segment of this file to be mapped */
+
+
+
+
+  class MachHeader < GenericHeader
+    attr_accessor :bits, :endian
+
+    def initialize(rawdata)
+      mach_header = MACH_HEADER_LSB.make_struct
+      if !mach_header.from_s(rawdata)
+        raise MachHeaderError, "Could't access Mach-O Magic", caller
+      end
+
+      if mach_header.v['magic'] == MH_MAGIC
+        endian = ENDIAN_LSB
+        bits = BITS_32
+        mach_header = MACH_HEADER_LSB.make_struct
+      elsif mach_header.v['magic'] == MH_CIGAM
+        bits = BITS_32
+        endian = ENDIAN_MSB
+        mach_header = MACH_HEADER_MSB.make_struct
+      elsif mach_header.v['magic'] == MH_MAGIC_64
+        endian = ENDIAN_LSB
+        bits = BITS_64
+        mach_header = MACH_HEADER_LSB.make_struct
+      elsif mach_header.v['magic'] == MH_CIGAM_64
+        endian = ENDIAN_MSB
+        bits = BITS_64
+        mach_header = MACH_HEADER_MSB.make_struct
+      else
+        raise MachHeaderError, "Couldn't find Mach Magic", caller
+      end
+
+      if !mach_header.from_s(rawdata)
+        raise MachHeaderError, "Could't process Mach-O Header", caller
+      end
+
+      self.struct = mach_header
+      self.endian = endian
+      self.bits = bits
+    end
+  end
+
+  LOAD_COMMAND_SIZE = 8
+
+  LOAD_COMMAND_LSB = Rex::Struct2::CStructTemplate.new(
+    ['uint32v','cmd',0],
+    ['uint32v','cmdsize',0]
+  )
+
+  LOAD_COMMAND_MSB = Rex::Struct2::CStructTemplate.new(
+    ['uint32n','cmd',0],
+    ['uint32n','cmdsize',0]
+  )
+
+  class LoadCommand < GenericHeader
+    def initialize(rawdata, endian)
+
+      if endian == ENDIAN_MSB
+        load_command = LOAD_COMMAND_MSB.make_struct
+      else
+        load_command = LOAD_COMMAND_LSB.make_struct
+      end
+
+      if !load_command.from_s(rawdata)
+        raise MachParseError, "Couldn't parse load command"
+      end
+
+      self.struct = load_command
+
+    end
+  end
+
+  SEGMENT_COMMAND_SIZE = 56
+
+  SEGMENT_COMMAND_LSB = Rex::Struct2::CStructTemplate.new(
+    ['uint32v', 'cmd',  0],
+    ['uint32v', 'cmdsize',  0],
+    ['string',  'segname',  16, ''],
+    ['uint32v', 'vmaddr', 0],
+    ['uint32v', 'vmsize', 0],
+    ['uint32v', 'fileoff',  0],
+    ['uint32v', 'filesize', 0],
+    ['uint32v', 'maxprot',  0],
+    ['uint32v', 'initprot', 0],
+    ['uint32v', 'nsects', 0],
+    ['uint32v', 'flags',  0]
+  )
+
+  SEGMENT_COMMAND_MSB = Rex::Struct2::CStructTemplate.new(
+    ['uint32n', 'cmd',  0],
+    ['uint32n', 'cmdsize',  0],
+    ['string',  'segname',  16, ''],
+    ['uint32n', 'vmaddr', 0],
+    ['uint32n', 'vmsize', 0],
+    ['uint32n', 'fileoff',  0],
+    ['uint32n', 'filesize', 0],
+    ['uint32n', 'maxprot',  0],
+    ['uint32n', 'initprot', 0],
+    ['uint32n', 'nsects', 0],
+    ['uint32n', 'flags',  0]
+  )
+
+  SEGMENT_COMMAND_SIZE_64 = 72
+
+  SEGMENT_COMMAND_64_LSB = Rex::Struct2::CStructTemplate.new(
+    ['uint32v', 'cmd',  0],
+    ['uint32v', 'cmdsize',  0],
+    ['string',  'segname',  16, ''],
+    ['uint64v', 'vmaddr', 0],
+    ['uint64v', 'vmsize', 0],
+    ['uint64v', 'fileoff',  0],
+    ['uint64v', 'filesize', 0],
+    ['uint32v', 'maxprot',  0],
+    ['uint32v', 'initprot', 0],
+    ['uint32v', 'nsects', 0],
+    ['uint32v', 'flags',  0]
+  )
+
+  SEGMENT_COMMAND_64_MSB = Rex::Struct2::CStructTemplate.new(
+    ['uint32n', 'cmd',  0],
+    ['uint32n', 'cmdsize',  0],
+    ['string',  'segname',  16, ''],
+    ['uint64n', 'vmaddr', 0],
+    ['uint64n', 'vmsize', 0],
+    ['uint64n', 'fileoff',  0],
+    ['uint64n', 'filesize', 0],
+    ['uint32n', 'maxprot',  0],
+    ['uint32n', 'initprot', 0],
+    ['uint32n', 'nsects', 0],
+    ['uint32n', 'flags',  0]
+  )
+
+  class Segment < GenericHeader
+    attr_accessor :_bits, :_endian
+
+    def initialize(rawdata, bits, endian)
+      self._bits = bits
+
+      if bits == BITS_64
+        if endian == ENDIAN_MSB
+          segment_command = SEGMENT_COMMAND_64_MSB.make_struct
+        else
+          segment_command = SEGMENT_COMMAND_64_LSB.make_struct
+        end
+      else
+        if endian == ENDIAN_MSB
+          segment_command = SEGMENT_COMMAND_MSB.make_struct
+        else
+          segment_command = SEGMENT_COMMAND_LSB.make_struct
+        end
+      end
+      if !segment_command.from_s(rawdata)
+        raise MachParseError, "Couldn't parse segment command"
+      end
+
+      self.struct = segment_command
+    end
+
+    def Segname
+      v['segname']
+    end
+
+    def Vmaddr
+      v['vmaddr']
+    end
+
+    def Vmsize
+      v['vmsize']
+    end
+
+    def FileOff
+      v['fileoff']
+    end
+
+    def FileSize
+      v['filesize']
+    end
+  end
+
+  class Thread < GenericHeader
+    def initialize(rawdata)
+    end
+  end
+end
+
+  FAT_MAGIC = 0xcafebabe
+  FAT_CIGAM = 0xbebafeca
+  FAT_HEADER_SIZE = 8
+
+  FAT_HEADER_LSB = Rex::Struct2::CStructTemplate.new(
+    ['uint32v', 'magic',	0],
+    ['uint32v', 'nfat_arch',0]
+  )
+
+  FAT_HEADER_MSB = Rex::Struct2::CStructTemplate.new(
+    ['uint32n', 'magic',	0],
+    ['uint32n', 'nfat_arch',0]
+  )
+
+
+  FAT_ARCH_SIZE = 20
+
+  FAT_ARCH_LSB = Rex::Struct2::CStructTemplate.new(
+    ['uint32v', 'cpu_type',   0],
+    ['uint32v', 'cpu_subtype',0],
+    ['uint32v', 'offset',   0],
+    ['uint32v', 'size',   0],
+    ['uint32v', 'align',    0]
+  )
+
+  FAT_ARCH_MSB = Rex::Struct2::CStructTemplate.new(
+    ['uint32n', 'cpu_type',   0],
+    ['uint32n', 'cpu_subtype',0],
+    ['uint32n', 'offset',   0],
+    ['uint32n', 'size',   0],
+    ['uint32n', 'align',    0]
+  )
+
+
+class FatBase
+
+  class FatHeader < GenericHeader
+    attr_accessor :nfat_arch, :endian, :exists
+
+    def initialize(rawdata)
+      fat_header = FAT_HEADER_LSB.make_struct
+      if !fat_header.from_s(rawdata)
+        #raise something
+      end
+
+      magic = fat_header.v['magic']
+      if magic == FAT_MAGIC
+        endian = ENDIAN_LSB
+      elsif magic == FAT_CIGAM
+        endian = ENDIAN_MSB
+        fat_header = FAT_HEADER_MSB.make_struct
+        if !fat_header.from_s(rawdata)
+          raise FatHeaderError, "Could not parse FAT header"
+        end
+      else
+        self.exists = 0
+        return
+      end
+
+      self.nfat_arch = fat_header.v['nfat_arch']
+      self.struct = fat_header
+      self.endian = endian
+    end
+  end
+
+  class FatArch < GenericHeader
+    attr_accessor :cpu_type, :cpu_subtype, :offset, :size
+
+    def initialize(rawdata, endian)
+      if endian == ENDIAN_LSB
+        fat_arch = FAT_ARCH_LSB.make_struct
+      else
+        fat_arch = FAT_ARCH_MSB.make_struct
+      end
+
+      if !fat_arch.from_s(rawdata)
+        raise FatHeaderError, "Could not parse arch from FAT header"
+      end
+
+      self.cpu_type = fat_arch.v['cpu_type']
+      self.cpu_subtype = fat_arch.v['cpu_subtype']
+      self.offset = fat_arch.v['offset']
+      self.size = fat_arch.v['size']
+      self.struct = fat_arch
+    end
+
+  end
+
+  class Thread < GenericHeader
+    def initialize(rawdata)
+    end
+  end
+
+
+end
+
+end
+end