htmachohd.cc

功能较全面的反汇编器：反汇编器ht-2.0.15.tar.gz

	{"eax",			STATICTAG_EDIT_DWORD_VE("00000000")},
	{"ebx",			STATICTAG_EDIT_DWORD_VE("00000004")},
	{"ecx",			STATICTAG_EDIT_DWORD_VE("00000008")},
	{"edx",			STATICTAG_EDIT_DWORD_VE("0000000c")},
	{"edi",			STATICTAG_EDIT_DWORD_VE("00000010")},
	{"esi",			STATICTAG_EDIT_DWORD_VE("00000014")},
	{"ebp",			STATICTAG_EDIT_DWORD_VE("00000018")},
	{"esp",			STATICTAG_EDIT_DWORD_VE("0000001c")},
	{"ss",			STATICTAG_EDIT_DWORD_VE("00000020")},
	{"eflags",		STATICTAG_EDIT_DWORD_VE("00000024")},
	{"eip",			STATICTAG_EDIT_DWORD_VE("00000028")},
	{"cs",			STATICTAG_EDIT_DWORD_VE("0000002c")},
	{"ds",			STATICTAG_EDIT_DWORD_VE("00000030")},
	{"es",			STATICTAG_EDIT_DWORD_VE("00000034")},
	{"fs",			STATICTAG_EDIT_DWORD_VE("00000038")},
	{"gs",			STATICTAG_EDIT_DWORD_VE("0000003c")},
	{0, 0}
};

static ht_view *htmachoheader_init(Bounds *b, File *file, ht_format_group *group)
{
	ht_macho_shared_data *macho_shared=(ht_macho_shared_data *)group->get_shared_data();
	
	ht_uformat_viewer *v=new ht_uformat_viewer();
	v->init(b, DESC_MACHO_HEADER, VC_EDIT, file, group);
	ht_mask_sub *m = new ht_mask_sub();
	m->init(file, 0);
	char info[128];
	ht_snprintf(info, sizeof info, "* Mach-O header at offset %08qx", macho_shared->header_ofs);

	bool isbigendian;
	switch (macho_shared->image_endianess) {
	case little_endian: isbigendian = false; break;
	case big_endian: isbigendian = true; break;
	}

	m->add_mask(info);
	m->add_staticmask_ptable(machoheader, macho_shared->header_ofs, isbigendian);

	FileOfs ofs = macho_shared->header_ofs;
	if (macho_shared->_64) {
		ofs += 8*4;
	} else {
		ofs += 7*4;
	}
	for (uint i=0; i<macho_shared->cmds.count; i++) {
		switch (macho_shared->cmds.cmds[i]->cmd.cmd) {
			case LC_SEGMENT: {
				MACHO_SEGMENT_COMMAND *c = (MACHO_SEGMENT_COMMAND *)macho_shared->cmds.cmds[i];
			    	char info[128];
				ht_snprintf(info, sizeof info, "** segment %s", c->segname);
				m->add_mask(info);
				m->add_staticmask_ptable(macho_segment_header, ofs, isbigendian);
				FileOfs sofs = sizeof (MACHO_SEGMENT_COMMAND);
				for (uint j=0; j < c->nsects; j++) {
					ht_snprintf(info, sizeof info, "**** section %d ****", j);
					m->add_mask(info);
					m->add_staticmask_ptable(macho_section_header, ofs+sofs, isbigendian);
					sofs += 9*4+16+16;
				}
				break;
			}
			case LC_SEGMENT_64: {
				MACHO_SEGMENT_64_COMMAND *c = (MACHO_SEGMENT_64_COMMAND *)macho_shared->cmds.cmds[i];
			    	char info[128];
				ht_snprintf(info, sizeof info, "** segment64 %s", c->segname);
				m->add_mask(info);
				m->add_staticmask_ptable(macho_segment_64_header, ofs, isbigendian);
				FileOfs sofs = sizeof (MACHO_SEGMENT_64_COMMAND);
				for (uint j=0; j < c->nsects; j++) {
					ht_snprintf(info, sizeof info, "**** section %d ****", j);
					m->add_mask(info);
					m->add_staticmask_ptable(macho_section_64_header, ofs+sofs, isbigendian);
					sofs += 2*8+8*4+16+16;
				}
				break;
			}
			case LC_SYMTAB: {
			    	char info[128];
				ht_snprintf(info, sizeof info, "** SYMTAB cmdsize %08x", macho_shared->cmds.cmds[i]->cmd.cmdsize);
				m->add_mask(info);
				break;
			}
			case LC_SYMSEG: {
			    	char info[128];
				ht_snprintf(info, sizeof info, "** SYMSEG cmdsize %08x", macho_shared->cmds.cmds[i]->cmd.cmdsize);
				m->add_mask(info);
				break;
			}
			case LC_UNIXTHREAD:
			case LC_THREAD: {
				MACHO_THREAD_COMMAND *c = &macho_shared->cmds.cmds[i]->thread;
			    	char info[128];
				ht_snprintf(info, sizeof info, "** %s", (macho_shared->cmds.cmds[i]->cmd.cmd == LC_UNIXTHREAD) ? "UNIXTHREAD" : "THREAD");
				m->add_mask(info);
				m->add_staticmask_ptable(macho_thread_header, ofs, isbigendian);
				switch (macho_shared->header.cputype) {
				case MACHO_CPU_TYPE_I386:
					switch (c->flavor) {
					case -1:
						m->add_staticmask_ptable(macho_i386_thread_state, ofs+4*4/*4 32bit words in thread_header*/, isbigendian);
						break;
					}
					break;
				case MACHO_CPU_TYPE_POWERPC:
					switch (c->flavor) {
					case FLAVOR_PPC_THREAD_STATE:
						m->add_staticmask_ptable(macho_ppc_thread_state, ofs+4*4/*4 32bit words in thread_header*/, isbigendian);
						break;
					}
					break;
				}
				break;
			}
/*			case LC_THREAD: {
			    	char info[128];
				ht_snprintf(info, sizeof info, "** THREAD cmdsize %08x", macho_shared->cmds[i]->cmdsize);
				m->add_mask(info);
				break;
			}
			case LC_UNIXTHREAD: {
			    	char info[128];
				ht_snprintf(info, sizeof info, "** UNIXTHREAD cmdsize %08x", macho_shared->cmds[i]->cmdsize);
				m->add_mask(info);
				break;
			}*/
			case LC_LOADFVMLIB: {
			    	char info[128];
				ht_snprintf(info, sizeof info, "** LOADFVMLIB cmdsize %08x", macho_shared->cmds.cmds[i]->cmd.cmdsize);
				m->add_mask(info);
				break;
			}
			case LC_IDFVMLIB: {
			    	char info[128];
				ht_snprintf(info, sizeof info, "** IDFVMLIB cmdsize %08x", macho_shared->cmds.cmds[i]->cmd.cmdsize);
				m->add_mask(info);
				break;
			}
			case LC_IDENT: {
			    	char info[128];
				ht_snprintf(info, sizeof info, "** IDENT (obsolete) cmdsize %08x", macho_shared->cmds.cmds[i]->cmd.cmdsize);
				m->add_mask(info);
				break;
			}
			case LC_FVMFILE: {
			    	char info[128];
				ht_snprintf(info, sizeof info, "** FVMFILE cmdsize %08x", macho_shared->cmds.cmds[i]->cmd.cmdsize);
				m->add_mask(info);
				break;
			}
			case LC_PREPAGE: {
			    	char info[128];
				ht_snprintf(info, sizeof info, "** PREPAGE cmdsize %08x", macho_shared->cmds.cmds[i]->cmd.cmdsize);
				m->add_mask(info);
				break;
			}
			case LC_DYSYMTAB: {
			    	char info[128];
				ht_snprintf(info, sizeof info, "** DYSYMTAB cmdsize %08x", macho_shared->cmds.cmds[i]->cmd.cmdsize);
				m->add_mask(info);
				break;
			}
			case LC_LOAD_DYLIB: {
			    	char info[128];
				ht_snprintf(info, sizeof info, "** LOAD_DYLIB cmdsize %08x", macho_shared->cmds.cmds[i]->cmd.cmdsize);
				m->add_mask(info);
				break;
			}
			case LC_ID_DYLIB: {
			    	char info[128];
				ht_snprintf(info, sizeof info, "** ID_DYLIB cmdsize %08x", macho_shared->cmds.cmds[i]->cmd.cmdsize);
				m->add_mask(info);
				break;
			}
			case LC_LOAD_DYLINKER: {
			    	char info[128];
				ht_snprintf(info, sizeof info, "** LOAD_DYLINKER cmdsize %08x", macho_shared->cmds.cmds[i]->cmd.cmdsize);
				m->add_mask(info);
				break;
			}
			case LC_ID_DYLINKER: {
			    	char info[128];
				ht_snprintf(info, sizeof info, "** ID_DYLINKER cmdsize %08x", macho_shared->cmds.cmds[i]->cmd.cmdsize);
				m->add_mask(info);
				break;
			}
			case LC_PREBOUND_DYLIB: {
			    	char info[128];
				ht_snprintf(info, sizeof info, "** PREBOUND_DYLIB cmdsize %08x", macho_shared->cmds.cmds[i]->cmd.cmdsize);
				m->add_mask(info);
				break;
			}
			case LC_UUID: {
			    	char info[128];
				ht_snprintf(info, sizeof info, "** UUID cmdsize %08x", macho_shared->cmds.cmds[i]->cmd.cmdsize);
				m->add_mask(info);
				break;
			}
			default: {
			    	char info[128];
				ht_snprintf(info, sizeof info, "** unsupported load command %08x, size %08x", macho_shared->cmds.cmds[i]->cmd.cmd, macho_shared->cmds.cmds[i]->cmd.cmdsize);
				m->add_mask(info);
			}
		}
		ofs += macho_shared->cmds.cmds[i]->cmd.cmdsize;
	}
	v->insertsub(m);
	return v;
}

format_viewer_if htmachoheader_if = {
	htmachoheader_init,
	0
};