metasploit-framework/lib/rex/machparsey/machbase.rb

#!/usr/bin/env ruby

require 'rex/struct2'

module Rex
module MachParsey

require 'rex/machparsey/exceptions'
require 'rex/struct2'

class GenericStruct
	attr_accessor :struct
	def initialize(_struct)
		self.struct = _struct
	end

	# Access a value
	def v
		struct.v
	end
		
	# Access a value by array 
	def [](*args)
		struct[*args]
	end
	
	# Obtain an array of all fields
	def keys
		struct.keys
	end
	
	def method_missing(meth, *args)
		v[meth.to_s] || (raise NoMethodError.new, meth)
	end
end

class GenericHeader < GenericStruct
end

BITS_32 	= 0
BITS_64 	= 1
ENDIAN_LSB 	= 0
ENDIAN_MSB 	= 1		

class MachBase

	MH_MAGIC 		= 0xfeedface
	MH_MAGIC_64 		= 0xfeedfacf
	MH_CIGAM 		= 0xcefaedfe
	MH_CIGAM_64 		= 0xcffaedfe
	MACH_HEADER_SIZE 	= 28
	MACH_HEADER_SIZE_64 	= 32

	
	MACH_HEADER_LSB = Rex::Struct2::CStructTemplate.new(
		['uint32v', 'magic',	 0],
		['uint32v', 'cputype',   0],
		['uint32v', 'cpusubtype',0],
		['uint32v', 'filetype',	 0],
		['uint32v', 'ncmds',	 0],
		['uint32v', 'sizeofcmds',0],
		['uint32v', 'flags',	 0]
	)

	MACH_HEADER_MSB = Rex::Struct2::CStructTemplate.new(
		['uint32n', 'magic',	 0],
		['uint32n', 'cputype',   0],
		['uint32n', 'cpusubtype',0],
		['uint32n', 'filetype',	 0],
		['uint32n', 'ncmds',	 0],
		['uint32n', 'sizeofcmds',0],
		['uint32n', 'flags',	 0]
	)

	
	MACH_HEADER_64_LSB = Rex::Struct2::CStructTemplate.new(
		['uint32v', 'magic',	 0],
		['uint32v', 'cputype',   0],
		['uint32v', 'cpusubtype',0],
		['uint32v', 'filetype',	 0],
		['uint32v', 'ncmds',	 0],
		['uint32v', 'sizeofcmds',0],
		['uint32v', 'flags',	 0],
		['uint32v', 'reserved',	 0]
	)

	MACH_HEADER_64_MSB = Rex::Struct2::CStructTemplate.new(
		['uint32n', 'magic',	 0],
		['uint32n', 'cputype',   0],
		['uint32n', 'cpusubtype',0],
		['uint32n', 'filetype',	 0],
		['uint32n', 'ncmds',	 0],
		['uint32n', 'sizeofcmds',0],
		['uint32n', 'flags',	 0],
		['uint32n', 'reserved',	 0]
	)

	#cpu types for Mach-O binaries
	CPU_TYPE_I386		= 0x7
	CPU_TYPE_X86_64		= 0x01000007
	CPU_TYPE_ARM 		= 0xC
	CPU_TYPE_POWERPC	= 0x12
	CPU_TYPE_POWERPC64	= 0x01000012

	CPU_SUBTYPE_LITTLE_ENDIAN 	= 0
	CPU_SUBTYPE_BIG_ENDIAN		= 1      
	
	LC_SEGMENT	= 0x1     #/* segment of this file to be mapped */
	LC_SYMTAB	= 0x2     #/* link-edit stab symbol table info */
	LC_SYMSEG	= 0x3     #/* link-edit gdb symbol table info (obsolete) */
	LC_THREAD	= 0x4     #/* thread */
	LC_UNIXTHREAD   = 0x5     #/* unix thread (includes a stack) */
	LC_LOADFVMLIB   = 0x6     #/* load a specified fixed VM shared library */
	LC_IDFVMLIB     = 0x7     #/* fixed VM shared library identification */
	LC_IDENT        = 0x8     #/* object identification info (obsolete) */
	LC_FVMFILE      = 0x9     #/* fixed VM file inclusion (internal use) */
	LC_PREPAGE      = 0xa     #/* prepage command (internal use) */
	LC_DYSYMTAB     = 0xb     #/* dynamic link-edit symbol table info */
	LC_LOAD_DYLIB   = 0xc     #/* load a dynamicly linked shared library */
	LC_ID_DYLIB     = 0xd     #/* dynamicly linked shared lib identification */
	LC_LOAD_DYLINKER = 0xe    #/* load a dynamic linker */
	LC_ID_DYLINKER   = 0xf     #/* dynamic linker identification */
	LC_PREBOUND_DYLIB = 0x10  #/* modules prebound for a dynamicly */
	LC_SEGMENT_64	= 0x19    #/* segment of this file to be mapped */



	  
	class MachHeader < GenericHeader
		attr_accessor :bits, :endian

		def initialize(rawdata)
			mach_header = MACH_HEADER_LSB.make_struct
			if !mach_header.from_s(rawdata)
				raise MachHeaderError, "Could't access Mach-O Magic", caller
			end

			if mach_header.v['magic'] == MH_MAGIC
				endian = ENDIAN_LSB
				bits = BITS_32
				mach_header = MACH_HEADER_LSB.make_struct
			elsif mach_header.v['magic'] == MH_CIGAM
				bits = BITS_32
				endian = ENDIAN_MSB
				mach_header = MACH_HEADER_MSB.make_struct
			elsif mach_header.v['magic'] == MH_MAGIC_64
				endian = ENDIAN_LSB
				bits = BITS_64
				mach_header = MACH_HEADER_LSB.make_struct
			elsif mach_header.v['magic'] == MH_CIGAM_64
				endian = ENDIAN_MSB
				bits = BITS_64
				mach_header = MACH_HEADER_MSB.make_struct
			else
				raise MachHeaderError, "Couldn't find Mach Magic", caller
			end
			
			if !mach_header.from_s(rawdata)
				raise MachHeaderError, "Could't process Mach-O Header", caller
			end

			self.struct = mach_header
			self.endian = endian
			self.bits = bits
		end
	end

	LOAD_COMMAND_SIZE = 8

	LOAD_COMMAND_LSB = Rex::Struct2::CStructTemplate.new(
		['uint32v','cmd',0],
		['uint32v','cmdsize',0]
	)

	LOAD_COMMAND_MSB = Rex::Struct2::CStructTemplate.new(
		['uint32n','cmd',0],
		['uint32n','cmdsize',0]
	)

	class LoadCommand < GenericHeader
		def initialize(rawdata, endian)

			if endian == ENDIAN_MSB
				load_command = LOAD_COMMAND_MSB.make_struct
			else
				load_command = LOAD_COMMAND_LSB.make_struct
			end
	     
			if !load_command.from_s(rawdata)
				raise MachParseError, "Couldn't parse load command"
			end
	     
			self.struct = load_command
	
		end
	end

	SEGMENT_COMMAND_SIZE = 56

	SEGMENT_COMMAND_LSB = Rex::Struct2::CStructTemplate.new(
		['uint32v', 'cmd',  0],
		['uint32v', 'cmdsize',  0],
		['string',  'segname',  16, ''],
		['uint32v', 'vmaddr', 0],
		['uint32v', 'vmsize', 0],
		['uint32v', 'fileoff',  0],
		['uint32v', 'filesize', 0],
		['uint32v', 'maxprot',  0],
		['uint32v', 'initprot', 0],
		['uint32v', 'nsects', 0],
		['uint32v', 'flags',  0]
	)

	SEGMENT_COMMAND_MSB = Rex::Struct2::CStructTemplate.new(
		['uint32n', 'cmd',  0],
		['uint32n', 'cmdsize',  0],
		['string',  'segname',  16, ''],
		['uint32n', 'vmaddr', 0],
		['uint32n', 'vmsize', 0],
		['uint32n', 'fileoff',  0],
		['uint32n', 'filesize', 0],
		['uint32n', 'maxprot',  0],
		['uint32n', 'initprot', 0],
		['uint32n', 'nsects', 0],
		['uint32n', 'flags',  0]
	)
	
	SEGMENT_COMMAND_SIZE_64 = 72	

	SEGMENT_COMMAND_64_LSB = Rex::Struct2::CStructTemplate.new(
		['uint32v', 'cmd',  0],
		['uint32v', 'cmdsize',  0],
		['string',  'segname',  16, ''],
		['uint64v', 'vmaddr', 0],
		['uint64v', 'vmsize', 0],
		['uint64v', 'fileoff',  0],
		['uint64v', 'filesize', 0],
		['uint32v', 'maxprot',  0],
		['uint32v', 'initprot', 0],
		['uint32v', 'nsects', 0],
		['uint32v', 'flags',  0]
	)

	SEGMENT_COMMAND_64_MSB = Rex::Struct2::CStructTemplate.new(
		['uint32n', 'cmd',  0],
		['uint32n', 'cmdsize',  0],
		['string',  'segname',  16, ''],
		['uint64n', 'vmaddr', 0],
		['uint64n', 'vmsize', 0],
		['uint64n', 'fileoff',  0],
		['uint64n', 'filesize', 0],
		['uint32n', 'maxprot',  0],
		['uint32n', 'initprot', 0],
		['uint32n', 'nsects', 0],
		['uint32n', 'flags',  0]
	)

	class Segment < GenericHeader
		attr_accessor :_bits, :_endian

		def initialize(rawdata, bits, endian)
			self._bits = bits

			if bits == BITS_64
				if endian == ENDIAN_MSB
					segment_command = SEGMENT_COMMAND_64_MSB.make_struct
				else
					segment_command = SEGMENT_COMMAND_64_LSB.make_struct
				end
			else
				if endian == ENDIAN_MSB
					segment_command = SEGMENT_COMMAND_MSB.make_struct
				else
					segment_command = SEGMENT_COMMAND_LSB.make_struct
				end
			end
			if !segment_command.from_s(rawdata)
				raise MachParseError, "Couldn't parse segment command"
			end

			self.struct = segment_command
		end

		def Segname
			v['segname']
		end
	
		def Vmaddr
			v['vmaddr']
		end
	
		def Vmsize
			v['vmsize']
		end

		def FileOff
			v['fileoff']
		end
	
		def FileSize
			v['filesize']
		end
	end

	class Thread < GenericHeader
		def initialize(rawdata)
		end
	end
end

	FAT_MAGIC = 0xcafebabe
	FAT_CIGAM = 0xbebafeca
	FAT_HEADER_SIZE = 8

	FAT_HEADER_LSB = Rex::Struct2::CStructTemplate.new(
		['uint32v', 'magic',	0],
		['uint32v', 'nfat_arch',0]
	)

	FAT_HEADER_MSB = Rex::Struct2::CStructTemplate.new(
		['uint32n', 'magic',	0],
		['uint32n', 'nfat_arch',0]
	)


	FAT_ARCH_SIZE = 20

	FAT_ARCH_LSB = Rex::Struct2::CStructTemplate.new(
		['uint32v', 'cpu_type',   0],
		['uint32v', 'cpu_subtype',0],
		['uint32v', 'offset',   0],
		['uint32v', 'size',   0],
		['uint32v', 'align',    0]
	)

	FAT_ARCH_MSB = Rex::Struct2::CStructTemplate.new(
		['uint32n', 'cpu_type',   0],
		['uint32n', 'cpu_subtype',0],
		['uint32n', 'offset',   0],
		['uint32n', 'size',   0],
		['uint32n', 'align',    0]
	)


class FatBase

	class FatHeader < GenericHeader
		attr_accessor :nfat_arch, :endian, :exists
	
		def initialize(rawdata)
			fat_header = FAT_HEADER_LSB.make_struct
			if !fat_header.from_s(rawdata)
				#raise something
			end

			magic = fat_header.v['magic']
			if magic == FAT_MAGIC
				endian = ENDIAN_LSB	
			elsif magic == FAT_CIGAM
				endian = ENDIAN_MSB	
				fat_header = FAT_HEADER_MSB.make_struct
				if !fat_header.from_s(rawdata)
					raise FatHeaderError, "Could not parse FAT header"
				end
			else
				self.exists = 0
				return
			end

			self.nfat_arch = fat_header.v['nfat_arch']
			self.struct = fat_header
			self.endian = endian
		end
	end

	class FatArch < GenericHeader
		attr_accessor :cpu_type, :cpu_subtype, :offset, :size
	
		def initialize(rawdata, endian)
			if endian == ENDIAN_LSB
				fat_arch = FAT_ARCH_LSB.make_struct
			else	
				fat_arch = FAT_ARCH_MSB.make_struct
			end
	
			if !fat_arch.from_s(rawdata)
				raise FatHeaderError, "Could not parse arch from FAT header"
			end

			self.cpu_type = fat_arch.v['cpu_type']
			self.cpu_subtype = fat_arch.v['cpu_subtype']
			self.offset = fat_arch.v['offset']
			self.size = fat_arch.v['size']
			self.struct = fat_arch
		end

	end

	class Thread < GenericHeader
		def initialize(rawdata)
		end
	end


end

end
end