VirtualBox

source: vbox/trunk/src/VBox/Runtime/common/ldr/ldrMachO.cpp@ 86103

Last change on this file since 86103 was 85678, checked in by vboxsync, 4 years ago

IPRT/ldrMachO.cpp: Fix SegInfo.cbMapping nil value and checking for unmapped segments to make tstLdr-4 happy. bugref:9801

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 234.6 KB
Line 
1/* $Id: ldrMachO.cpp 85678 2020-08-10 20:18:04Z vboxsync $ */
2/** @file
3 * kLdr - The Module Interpreter for the MACH-O format.
4 */
5
6/*
7 * Copyright (C) 2018-2020 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * The contents of this file may alternatively be used under the terms
18 * of the Common Development and Distribution License Version 1.0
19 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20 * VirtualBox OSE distribution, in which case the provisions of the
21 * CDDL are applicable instead of those of the GPL.
22 *
23 * You may elect to license modified versions of this file under the
24 * terms and conditions of either the GPL or the CDDL or both.
25 * --------------------------------------------------------------------
26 *
27 * This code is based on: kLdr/kLdrModMachO.c from kStuff r113.
28 *
29 * Copyright (c) 2006-2013 Knut St. Osmundsen <[email protected]>
30 *
31 * Permission is hereby granted, free of charge, to any person
32 * obtaining a copy of this software and associated documentation
33 * files (the "Software"), to deal in the Software without
34 * restriction, including without limitation the rights to use,
35 * copy, modify, merge, publish, distribute, sublicense, and/or sell
36 * copies of the Software, and to permit persons to whom the
37 * Software is furnished to do so, subject to the following
38 * conditions:
39 *
40 * The above copyright notice and this permission notice shall be
41 * included in all copies or substantial portions of the Software.
42 *
43 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
44 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
45 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
46 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
47 * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
48 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
49 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
50 * OTHER DEALINGS IN THE SOFTWARE.
51 */
52
53
54/*********************************************************************************************************************************
55* Header Files *
56*********************************************************************************************************************************/
57#define LOG_GROUP RTLOGGROUP_LDR
58#include <iprt/ldr.h>
59#include "internal/iprt.h"
60
61#include <iprt/asm.h>
62#include <iprt/assert.h>
63#include <iprt/base64.h>
64#include <iprt/ctype.h>
65#include <iprt/err.h>
66#include <iprt/log.h>
67#include <iprt/mem.h>
68#include <iprt/string.h>
69#include <iprt/sha.h>
70#include <iprt/crypto/digest.h>
71
72#include <iprt/formats/mach-o.h>
73#include <iprt/crypto/applecodesign.h>
74#include "internal/ldr.h"
75
76
77/*********************************************************************************************************************************
78* Defined Constants And Macros *
79*********************************************************************************************************************************/
80/** @def RTLDRMODMACHO_STRICT
81 * Define RTLDRMODMACHO_STRICT to enabled strict checks in RTLDRMODMACHO. */
82#define RTLDRMODMACHO_STRICT 1
83#define RTLDRMODMACHO_STRICT2
84
85/** @def RTLDRMODMACHO_ASSERT
86 * Assert that an expression is true when KLDR_STRICT is defined.
87 */
88#ifdef RTLDRMODMACHO_STRICT
89# define RTLDRMODMACHO_ASSERT(expr) Assert(expr)
90#else
91# define RTLDRMODMACHO_ASSERT(expr) do {} while (0)
92#endif
93
94/** @def RTLDRMODMACHO_CHECK_RETURN
95 * Checks that an expression is true and return if it isn't.
96 * This is a debug aid.
97 */
98#ifdef RTLDRMODMACHO_STRICT2
99# define RTLDRMODMACHO_CHECK_RETURN(expr, rc) AssertReturn(expr, rc)
100#else
101# define RTLDRMODMACHO_CHECK_RETURN(expr, rc) do { if (RT_LIKELY(expr)) {/* likely */ } else return (rc); } while (0)
102#endif
103
104/** @def RTLDRMODMACHO_CHECK_MSG_RETURN
105 * Checks that an expression is true and return if it isn't.
106 * This is a debug aid.
107 */
108#ifdef RTLDRMODMACHO_STRICT2
109# define RTLDRMODMACHO_CHECK_MSG_RETURN(expr, msgargs, rc) AssertMsgReturn(expr, msgargs, rc)
110#else
111# define RTLDRMODMACHO_CHECK_MSG_RETURN(expr, msgargs, rc) do { if (RT_LIKELY(expr)) {/* likely */ } else return (rc); } while (0)
112#endif
113
114/** @def RTLDRMODMACHO_CHECK_RETURN
115 * Checks that an expression is true and return if it isn't.
116 * This is a debug aid.
117 */
118#ifdef RTLDRMODMACHO_STRICT2
119# define RTLDRMODMACHO_FAILED_RETURN(rc) AssertFailedReturn(rc)
120#else
121# define RTLDRMODMACHO_FAILED_RETURN(rc) return (rc)
122#endif
123
124
125/*********************************************************************************************************************************
126* Structures and Typedefs *
127*********************************************************************************************************************************/
128/**
129 * Mach-O section details.
130 */
131typedef struct RTLDRMODMACHOSECT
132{
133 /** The size of the section (in bytes). */
134 RTLDRADDR cb;
135 /** The link address of this section. */
136 RTLDRADDR LinkAddress;
137 /** The RVA of this section. */
138 RTLDRADDR RVA;
139 /** The file offset of this section.
140 * This is -1 if the section doesn't have a file backing. */
141 RTFOFF offFile;
142 /** The number of fixups. */
143 uint32_t cFixups;
144 /** The array of fixups. (lazy loaded) */
145 macho_relocation_union_t *paFixups;
146 /** Array of virgin data running parallel to paFixups */
147 PRTUINT64U pauFixupVirginData;
148 /** The file offset of the fixups for this section.
149 * This is -1 if the section doesn't have any fixups. */
150 RTFOFF offFixups;
151 /** Mach-O section flags. */
152 uint32_t fFlags;
153 /** kLdr segment index. */
154 uint32_t iSegment;
155 /** Pointer to the Mach-O section structure. */
156 void *pvMachoSection;
157} RTLDRMODMACHOSECT, *PRTLDRMODMACHOSECT;
158
159/**
160 * Extra per-segment info.
161 *
162 * This is corresponds to a kLdr segment, not a Mach-O segment!
163 */
164typedef struct RTLDRMODMACHOSEG
165{
166 /** Common segment info. */
167 RTLDRSEG SegInfo;
168
169 /** The orignal segment number (in case we had to resort it). */
170 uint32_t iOrgSegNo;
171 /** The number of sections in the segment. */
172 uint32_t cSections;
173 /** Pointer to the sections belonging to this segment.
174 * The array resides in the big memory chunk allocated for
175 * the module handle, so it doesn't need freeing. */
176 PRTLDRMODMACHOSECT paSections;
177
178} RTLDRMODMACHOSEG, *PRTLDRMODMACHOSEG;
179
180/**
181 * Instance data for the Mach-O MH_OBJECT module interpreter.
182 * @todo interpret the other MH_* formats.
183 */
184typedef struct RTLDRMODMACHO
185{
186 /** Core module structure. */
187 RTLDRMODINTERNAL Core;
188
189 /** The minium cpu this module was built for.
190 * This might not be accurate, so use kLdrModCanExecuteOn() to check. */
191 RTLDRCPU enmCpu;
192 /** The number of segments in the module. */
193 uint32_t cSegments;
194
195 /** Pointer to the RDR file mapping of the raw file bits. NULL if not mapped. */
196 const void *pvBits;
197 /** Pointer to the user mapping. */
198 void *pvMapping;
199 /** The module open flags. */
200 uint32_t fOpenFlags;
201
202 /** The offset of the image. (FAT fun.) */
203 RTFOFF offImage;
204 /** The link address. */
205 RTLDRADDR LinkAddress;
206 /** The size of the mapped image. */
207 RTLDRADDR cbImage;
208 /** Whether we're capable of loading the image. */
209 bool fCanLoad;
210 /** Whether we're creating a global offset table segment.
211 * This dependes on the cputype and image type. */
212 bool fMakeGot;
213 /** The size of a indirect GOT jump stub entry.
214 * This is 0 if not needed. */
215 uint32_t cbJmpStub;
216 /** Effective file type. If the original was a MH_OBJECT file, the
217 * corresponding MH_DSYM needs the segment translation of a MH_OBJECT too.
218 * The MH_DSYM normally has a separate __DWARF segment, but this is
219 * automatically skipped during the transation. */
220 uint32_t uEffFileType;
221 /** Pointer to the load commands. (endian converted) */
222 uint8_t *pbLoadCommands;
223 /** The Mach-O header. (endian converted)
224 * @remark The reserved field is only valid for real 64-bit headers. */
225 mach_header_64_t Hdr;
226
227 /** The offset of the symbol table. */
228 RTFOFF offSymbols;
229 /** The number of symbols. */
230 uint32_t cSymbols;
231 /** The pointer to the loaded symbol table. */
232 void *pvaSymbols;
233 /** The offset of the string table. */
234 RTFOFF offStrings;
235 /** The size of the of the string table. */
236 uint32_t cchStrings;
237 /** Pointer to the loaded string table. */
238 char *pchStrings;
239 /** Pointer to the dynamic symbol table command if present. */
240 dysymtab_command_t *pDySymTab;
241 /** The indirect symbol table (size given by pDySymTab->nindirectsymb).
242 * @remarks Host endian. */
243 uint32_t *paidxIndirectSymbols;
244 /** Dynamic relocations, first pDySymTab->nextrel external relocs followed by
245 * pDySymTab->nlocrel local ones. */
246 macho_relocation_union_t *paRelocations;
247 /** Array of virgin data running parallel to paRelocations */
248 PRTUINT64U pauRelocationsVirginData;
249
250 /** The image UUID, all zeros if not found. */
251 uint8_t abImageUuid[16];
252
253 /** The code signature offset. */
254 uint32_t offCodeSignature;
255 /** The code signature size (0 if not signed). */
256 uint32_t cbCodeSignature;
257 /** Pointer to the code signature blob if loaded. */
258 union
259 {
260 uint8_t *pb;
261 PCRTCRAPLCSSUPERBLOB pSuper;
262 } PtrCodeSignature;
263 /** File offset of segment 0 (relative to Mach-O header). */
264 uint64_t offSeg0ForCodeSign;
265 /** File size of segment 0. */
266 uint64_t cbSeg0ForCodeSign;
267 /** Segment 0 flags. */
268 uint64_t fSeg0ForCodeSign;
269
270 /** The RVA of the Global Offset Table. */
271 RTLDRADDR GotRVA;
272 /** The RVA of the indirect GOT jump stubs. */
273 RTLDRADDR JmpStubsRVA;
274
275 /** The number of sections. */
276 uint32_t cSections;
277 /** Pointer to the section array running in parallel to the Mach-O one. */
278 PRTLDRMODMACHOSECT paSections;
279
280 /** Array of segments parallel to the one in KLDRMOD. */
281 RTLDRMODMACHOSEG aSegments[1];
282} RTLDRMODMACHO;
283/** Pointer instance data for an Mach-O module. */
284typedef RTLDRMODMACHO *PRTLDRMODMACHO;
285
286/**
287 * Code directory data.
288 */
289typedef struct RTLDRMACHCODEDIR
290{
291 PCRTCRAPLCSCODEDIRECTORY pCodeDir;
292 /** The slot type. */
293 uint32_t uSlot;
294 /** The naturalized size. */
295 uint32_t cb;
296 /** The digest type. */
297 RTDIGESTTYPE enmDigest;
298} RTLDRMACHCODEDIR;
299/** Pointer to code directory data. */
300typedef RTLDRMACHCODEDIR *PRTLDRMACHCODEDIR;
301
302/**
303 * Decoded apple Mach-O signature data.
304 * @note The raw signature data lives in RTLDRMODMACHO::PtrCodeSignature.
305 */
306typedef struct RTLDRMACHOSIGNATURE
307{
308 /** Number of code directory slots. */
309 uint32_t cCodeDirs;
310 /** Code directories. */
311 RTLDRMACHCODEDIR aCodeDirs[6];
312
313 /** The index of the PKCS#7 slot. */
314 uint32_t idxPkcs7;
315 /** The size of the PKCS#7 data. */
316 uint32_t cbPkcs7;
317 /** Pointer to the PKCS#7 data. */
318 uint8_t const *pbPkcs7;
319 /** Parsed PKCS#7 data. */
320 RTCRPKCS7CONTENTINFO ContentInfo;
321 /** Pointer to the decoded SignedData inside the ContentInfo member. */
322 PRTCRPKCS7SIGNEDDATA pSignedData;
323} RTLDRMACHOSIGNATURE;
324/** Pointer to decoded apple code signing data. */
325typedef RTLDRMACHOSIGNATURE *PRTLDRMACHOSIGNATURE;
326
327
328
329/*********************************************************************************************************************************
330* Internal Functions *
331*********************************************************************************************************************************/
332#if 0
333static int32_t kldrModMachONumberOfImports(PRTLDRMODINTERNAL pMod, const void *pvBits);
334#endif
335static DECLCALLBACK(int) rtldrMachO_RelocateBits(PRTLDRMODINTERNAL pMod, void *pvBits, RTUINTPTR NewBaseAddress,
336 RTUINTPTR OldBaseAddress, PFNRTLDRIMPORT pfnGetImport, void *pvUser);
337
338
339static int kldrModMachOPreParseLoadCommands(uint8_t *pbLoadCommands, const mach_header_32_t *pHdr, PRTLDRREADER pRdr, RTFOFF offImage,
340 uint32_t fOpenFlags, uint32_t *pcSegments, uint32_t *pcSections, uint32_t *pcbStringPool,
341 bool *pfCanLoad, PRTLDRADDR pLinkAddress, uint8_t *puEffFileType, PRTERRINFO pErrInfo);
342static int kldrModMachOParseLoadCommands(PRTLDRMODMACHO pThis, char *pbStringPool, uint32_t cbStringPool);
343
344static int kldrModMachOLoadObjSymTab(PRTLDRMODMACHO pThis);
345static int kldrModMachOLoadFixups(PRTLDRMODMACHO pThis, RTFOFF offFixups, uint32_t cFixups, macho_relocation_union_t **ppaFixups);
346
347static int kldrModMachODoQuerySymbol32Bit(PRTLDRMODMACHO pThis, const macho_nlist_32_t *paSyms, uint32_t cSyms, const char *pchStrings,
348 uint32_t cchStrings, RTLDRADDR BaseAddress, uint32_t iSymbol, const char *pchSymbol,
349 uint32_t cchSymbol, PRTLDRADDR puValue, uint32_t *pfKind);
350static int kldrModMachODoQuerySymbol64Bit(PRTLDRMODMACHO pThis, const macho_nlist_64_t *paSyms, uint32_t cSyms, const char *pchStrings,
351 uint32_t cchStrings, RTLDRADDR BaseAddress, uint32_t iSymbol, const char *pchSymbol,
352 uint32_t cchSymbol, PRTLDRADDR puValue, uint32_t *pfKind);
353static int kldrModMachODoEnumSymbols32Bit(PRTLDRMODMACHO pThis, const macho_nlist_32_t *paSyms, uint32_t cSyms,
354 const char *pchStrings, uint32_t cchStrings, RTLDRADDR BaseAddress,
355 uint32_t fFlags, PFNRTLDRENUMSYMS pfnCallback, void *pvUser);
356static int kldrModMachODoEnumSymbols64Bit(PRTLDRMODMACHO pThis, const macho_nlist_64_t *paSyms, uint32_t cSyms,
357 const char *pchStrings, uint32_t cchStrings, RTLDRADDR BaseAddress,
358 uint32_t fFlags, PFNRTLDRENUMSYMS pfnCallback, void *pvUser);
359static int kldrModMachOObjDoImports(PRTLDRMODMACHO pThis, RTLDRADDR BaseAddress, PFNRTLDRIMPORT pfnGetImport, void *pvUser);
360static int kldrModMachOObjDoFixups(PRTLDRMODMACHO pThis, void *pvMapping, RTLDRADDR NewBaseAddress);
361static int kldrModMachOApplyFixupsGeneric32Bit(PRTLDRMODMACHO pThis, uint8_t *pbSectBits, size_t cbSectBits, RTLDRADDR uBitsRva,
362 RTLDRADDR uBitsLinkAddr, const macho_relocation_union_t *paFixups,
363 const uint32_t cFixups, PCRTUINT64U const pauVirginData,
364 macho_nlist_32_t *paSyms, uint32_t cSyms, RTLDRADDR NewBaseAddress);
365static int kldrModMachOApplyFixupsAMD64(PRTLDRMODMACHO pThis, uint8_t *pbSectBits, size_t cbSectBits, RTLDRADDR uBitsRva,
366 const macho_relocation_union_t *paFixups,
367 const uint32_t cFixups, PCRTUINT64U const pauVirginData,
368 macho_nlist_64_t *paSyms, uint32_t cSyms, RTLDRADDR NewBaseAddress);
369
370static int kldrModMachOMakeGOT(PRTLDRMODMACHO pThis, void *pvBits, RTLDRADDR NewBaseAddress);
371
372/*static int kldrModMachODoFixups(PRTLDRMODMACHO pThis, void *pvMapping, RTLDRADDR NewBaseAddress, RTLDRADDR OldBaseAddress);
373static int kldrModMachODoImports(PRTLDRMODMACHO pThis, void *pvMapping, PFNRTLDRIMPORT pfnGetImport, void *pvUser);*/
374
375
376
377/**
378 * Separate function for reading creating the Mach-O module instance to
379 * simplify cleanup on failure.
380 */
381static int kldrModMachODoCreate(PRTLDRREADER pRdr, RTFOFF offImage, uint32_t fOpenFlags,
382 PRTLDRMODMACHO *ppModMachO, PRTERRINFO pErrInfo)
383{
384 *ppModMachO = NULL;
385
386 /*
387 * Read the Mach-O header.
388 */
389 union
390 {
391 mach_header_32_t Hdr32;
392 mach_header_64_t Hdr64;
393 } s;
394 Assert(&s.Hdr32.magic == &s.Hdr64.magic);
395 Assert(&s.Hdr32.flags == &s.Hdr64.flags);
396 int rc = pRdr->pfnRead(pRdr, &s, sizeof(s), offImage);
397 if (rc)
398 return RTErrInfoSetF(pErrInfo, rc, "Error reading Mach-O header at %RTfoff: %Rrc", offImage, rc);
399 if ( s.Hdr32.magic != IMAGE_MACHO32_SIGNATURE
400 && s.Hdr32.magic != IMAGE_MACHO64_SIGNATURE)
401 {
402 if ( s.Hdr32.magic == IMAGE_MACHO32_SIGNATURE_OE
403 || s.Hdr32.magic == IMAGE_MACHO64_SIGNATURE_OE)
404 return VERR_LDRMACHO_OTHER_ENDIAN_NOT_SUPPORTED;
405 return VERR_INVALID_EXE_SIGNATURE;
406 }
407
408 /* sanity checks. */
409 if ( s.Hdr32.sizeofcmds > pRdr->pfnSize(pRdr) - sizeof(mach_header_32_t)
410 || s.Hdr32.sizeofcmds < sizeof(load_command_t) * s.Hdr32.ncmds
411 || (s.Hdr32.flags & ~MH_VALID_FLAGS))
412 return VERR_LDRMACHO_BAD_HEADER;
413
414 bool fMakeGot;
415 uint8_t cbJmpStub;
416 switch (s.Hdr32.cputype)
417 {
418 case CPU_TYPE_X86:
419 fMakeGot = false;
420 cbJmpStub = 0;
421 break;
422 case CPU_TYPE_X86_64:
423 fMakeGot = s.Hdr32.filetype == MH_OBJECT || s.Hdr32.filetype == MH_KEXT_BUNDLE;
424 cbJmpStub = fMakeGot ? 8 : 0;
425 break;
426 default:
427 return VERR_LDRMACHO_UNSUPPORTED_MACHINE;
428 }
429
430 if ( s.Hdr32.filetype != MH_OBJECT
431 && s.Hdr32.filetype != MH_EXECUTE
432 && s.Hdr32.filetype != MH_DYLIB
433 && s.Hdr32.filetype != MH_BUNDLE
434 && s.Hdr32.filetype != MH_DSYM
435 && s.Hdr32.filetype != MH_KEXT_BUNDLE)
436 return VERR_LDRMACHO_UNSUPPORTED_FILE_TYPE;
437
438 /*
439 * Read and pre-parse the load commands to figure out how many segments we'll be needing.
440 */
441 uint8_t *pbLoadCommands = (uint8_t *)RTMemAlloc(s.Hdr32.sizeofcmds);
442 if (!pbLoadCommands)
443 return VERR_NO_MEMORY;
444 rc = pRdr->pfnRead(pRdr, pbLoadCommands, s.Hdr32.sizeofcmds,
445 s.Hdr32.magic == IMAGE_MACHO32_SIGNATURE
446 || s.Hdr32.magic == IMAGE_MACHO32_SIGNATURE_OE
447 ? sizeof(mach_header_32_t) + offImage
448 : sizeof(mach_header_64_t) + offImage);
449
450 uint32_t cSegments = 0;
451 uint32_t cSections = 0;
452 uint32_t cbStringPool = 0;
453 bool fCanLoad = true;
454 RTLDRADDR LinkAddress = NIL_RTLDRADDR;
455 uint8_t uEffFileType = 0;
456 if (RT_SUCCESS(rc))
457 rc = kldrModMachOPreParseLoadCommands(pbLoadCommands, &s.Hdr32, pRdr, offImage, fOpenFlags,
458 &cSegments, &cSections, &cbStringPool, &fCanLoad, &LinkAddress, &uEffFileType,
459 pErrInfo);
460 if (RT_FAILURE(rc))
461 {
462 RTMemFree(pbLoadCommands);
463 return rc;
464 }
465 cSegments += fMakeGot;
466
467
468 /*
469 * Calc the instance size, allocate and initialize it.
470 */
471 size_t const cbModAndSegs = RT_ALIGN_Z(RT_UOFFSETOF_DYN(RTLDRMODMACHO, aSegments[cSegments])
472 + sizeof(RTLDRMODMACHOSECT) * cSections, 16);
473 PRTLDRMODMACHO pThis = (PRTLDRMODMACHO)RTMemAlloc(cbModAndSegs + cbStringPool);
474 if (!pThis)
475 return VERR_NO_MEMORY;
476 *ppModMachO = pThis;
477 pThis->pbLoadCommands = pbLoadCommands;
478 pThis->offImage = offImage;
479
480 /* Core & CPU.*/
481 pThis->Core.u32Magic = 0; /* set by caller */
482 pThis->Core.eState = LDR_STATE_OPENED;
483 pThis->Core.pOps = NULL; /* set by caller. */
484 pThis->Core.pReader = pRdr;
485 switch (s.Hdr32.cputype)
486 {
487 case CPU_TYPE_X86:
488 pThis->Core.enmArch = RTLDRARCH_X86_32;
489 pThis->Core.enmEndian = RTLDRENDIAN_LITTLE;
490 switch (s.Hdr32.cpusubtype)
491 {
492 case CPU_SUBTYPE_I386_ALL: /* == CPU_SUBTYPE_386 */
493 pThis->enmCpu = RTLDRCPU_X86_32_BLEND;
494 break;
495 case CPU_SUBTYPE_486:
496 pThis->enmCpu = RTLDRCPU_I486;
497 break;
498 case CPU_SUBTYPE_486SX:
499 pThis->enmCpu = RTLDRCPU_I486SX;
500 break;
501 case CPU_SUBTYPE_PENT: /* == CPU_SUBTYPE_586 */
502 pThis->enmCpu = RTLDRCPU_I586;
503 break;
504 case CPU_SUBTYPE_PENTPRO:
505 case CPU_SUBTYPE_PENTII_M3:
506 case CPU_SUBTYPE_PENTII_M5:
507 case CPU_SUBTYPE_CELERON:
508 case CPU_SUBTYPE_CELERON_MOBILE:
509 case CPU_SUBTYPE_PENTIUM_3:
510 case CPU_SUBTYPE_PENTIUM_3_M:
511 case CPU_SUBTYPE_PENTIUM_3_XEON:
512 pThis->enmCpu = RTLDRCPU_I686;
513 break;
514 case CPU_SUBTYPE_PENTIUM_M:
515 case CPU_SUBTYPE_PENTIUM_4:
516 case CPU_SUBTYPE_PENTIUM_4_M:
517 case CPU_SUBTYPE_XEON:
518 case CPU_SUBTYPE_XEON_MP:
519 pThis->enmCpu = RTLDRCPU_P4;
520 break;
521
522 default:
523 /* Hack for kextutil output. */
524 if ( s.Hdr32.cpusubtype == 0
525 && s.Hdr32.filetype == MH_OBJECT)
526 break;
527 return VERR_LDRMACHO_UNSUPPORTED_MACHINE;
528 }
529 break;
530
531 case CPU_TYPE_X86_64:
532 pThis->Core.enmArch = RTLDRARCH_AMD64;
533 pThis->Core.enmEndian = RTLDRENDIAN_LITTLE;
534 switch (s.Hdr32.cpusubtype & ~CPU_SUBTYPE_MASK)
535 {
536 case CPU_SUBTYPE_X86_64_ALL: pThis->enmCpu = RTLDRCPU_AMD64_BLEND; break;
537 default:
538 return VERR_LDRMACHO_UNSUPPORTED_MACHINE;
539 }
540 break;
541
542 default:
543 return VERR_LDRMACHO_UNSUPPORTED_MACHINE;
544 }
545
546 pThis->Core.enmFormat = RTLDRFMT_MACHO;
547 switch (s.Hdr32.filetype)
548 {
549 case MH_OBJECT: pThis->Core.enmType = RTLDRTYPE_OBJECT; break;
550 case MH_EXECUTE: pThis->Core.enmType = RTLDRTYPE_EXECUTABLE_FIXED; break;
551 case MH_DYLIB: pThis->Core.enmType = RTLDRTYPE_SHARED_LIBRARY_RELOCATABLE; break;
552 case MH_BUNDLE: pThis->Core.enmType = RTLDRTYPE_SHARED_LIBRARY_RELOCATABLE; break;
553 case MH_KEXT_BUNDLE:pThis->Core.enmType = RTLDRTYPE_SHARED_LIBRARY_RELOCATABLE; break;
554 case MH_DSYM: pThis->Core.enmType = RTLDRTYPE_DEBUG_INFO; break;
555 default:
556 return VERR_LDRMACHO_UNSUPPORTED_FILE_TYPE;
557 }
558
559 /* RTLDRMODMACHO */
560 pThis->cSegments = cSegments;
561 pThis->pvBits = NULL;
562 pThis->pvMapping = NULL;
563 pThis->fOpenFlags = fOpenFlags;
564 pThis->Hdr = s.Hdr64;
565 if ( s.Hdr32.magic == IMAGE_MACHO32_SIGNATURE
566 || s.Hdr32.magic == IMAGE_MACHO32_SIGNATURE_OE)
567 pThis->Hdr.reserved = 0;
568 pThis->LinkAddress = LinkAddress;
569 pThis->cbImage = 0;
570 pThis->fCanLoad = fCanLoad;
571 pThis->fMakeGot = fMakeGot;
572 pThis->cbJmpStub = cbJmpStub;
573 pThis->uEffFileType = uEffFileType;
574 pThis->offSymbols = 0;
575 pThis->cSymbols = 0;
576 pThis->pvaSymbols = NULL;
577 pThis->pDySymTab = NULL;
578 pThis->paRelocations = NULL;
579 pThis->pauRelocationsVirginData = NULL;
580 pThis->paidxIndirectSymbols = NULL;
581 pThis->offStrings = 0;
582 pThis->cchStrings = 0;
583 pThis->pchStrings = NULL;
584 memset(pThis->abImageUuid, 0, sizeof(pThis->abImageUuid));
585 pThis->offCodeSignature = 0;
586 pThis->cbCodeSignature = 0;
587 pThis->PtrCodeSignature.pb = NULL;
588 pThis->GotRVA = NIL_RTLDRADDR;
589 pThis->JmpStubsRVA = NIL_RTLDRADDR;
590 pThis->cSections = cSections;
591 pThis->paSections = (PRTLDRMODMACHOSECT)&pThis->aSegments[pThis->cSegments];
592
593 /*
594 * Setup the KLDRMOD segment array.
595 */
596 rc = kldrModMachOParseLoadCommands(pThis, (char *)pThis + cbModAndSegs, cbStringPool);
597
598 /*
599 * We're done.
600 */
601 return rc;
602}
603
604
605/**
606 * Converts, validates and preparses the load commands before we carve
607 * out the module instance.
608 *
609 * The conversion that's preformed is format endian to host endian. The
610 * preparsing has to do with segment counting, section counting and string pool
611 * sizing.
612 *
613 * Segment are created in two different ways, depending on the file type.
614 *
615 * For object files there is only one segment command without a given segment
616 * name. The sections inside that segment have different segment names and are
617 * not sorted by their segname attribute. We create one segment for each
618 * section, with the segment name being 'segname.sectname' in order to hopefully
619 * keep the names unique. Debug sections does not get segments.
620 *
621 * For non-object files, one kLdr segment is created for each Mach-O segment.
622 * Debug segments is not exposed by kLdr via the kLdr segment table, but via the
623 * debug enumeration callback API.
624 *
625 * @returns IPRT status code.
626 * @param pbLoadCommands The load commands to parse.
627 * @param pHdr The header.
628 * @param pRdr The file reader.
629 * @param offImage The image header (FAT fun).
630 * @param fOpenFlags RTLDR_O_XXX.
631 * @param pcSegments Where to store the segment count.
632 * @param pcSections Where to store the section count.
633 * @param pcbStringPool Where to store the string pool size.
634 * @param pfCanLoad Where to store the can-load-image indicator.
635 * @param pLinkAddress Where to store the image link address (i.e. the
636 * lowest segment address).
637 * @param puEffFileType Where to store the effective file type.
638 * @param pErrInfo Where to return additional error info. Optional.
639 */
640static int kldrModMachOPreParseLoadCommands(uint8_t *pbLoadCommands, const mach_header_32_t *pHdr, PRTLDRREADER pRdr,
641 RTFOFF offImage, uint32_t fOpenFlags, uint32_t *pcSegments, uint32_t *pcSections,
642 uint32_t *pcbStringPool, bool *pfCanLoad, PRTLDRADDR pLinkAddress,
643 uint8_t *puEffFileType, PRTERRINFO pErrInfo)
644{
645 union
646 {
647 uint8_t *pb;
648 load_command_t *pLoadCmd;
649 segment_command_32_t *pSeg32;
650 segment_command_64_t *pSeg64;
651 thread_command_t *pThread;
652 symtab_command_t *pSymTab;
653 dysymtab_command_t *pDySymTab;
654 uuid_command_t *pUuid;
655 } u;
656 const uint64_t cbFile = pRdr->pfnSize(pRdr) - offImage;
657 int const fConvertEndian = pHdr->magic == IMAGE_MACHO32_SIGNATURE_OE
658 || pHdr->magic == IMAGE_MACHO64_SIGNATURE_OE;
659 uint32_t cSegments = 0;
660 uint32_t cSections = 0;
661 size_t cbStringPool = 0;
662 uint32_t cLeft = pHdr->ncmds;
663 uint32_t cbLeft = pHdr->sizeofcmds;
664 uint8_t *pb = pbLoadCommands;
665 int cSegmentCommands = 0;
666 int cSymbolTabs = 0;
667 uint32_t cSymbols = 0; /* Copy of u.pSymTab->nsyms. */
668 uint32_t cDySymbolTabs = 0;
669 bool fDySymbolTabWithRelocs = false;
670 uint32_t cSectionsWithRelocs = 0;
671 uint8_t uEffFileType = *puEffFileType = pHdr->filetype;
672
673 *pcSegments = 0;
674 *pcSections = 0;
675 *pcbStringPool = 0;
676 *pfCanLoad = true;
677 *pLinkAddress = ~(RTLDRADDR)0;
678
679 while (cLeft-- > 0)
680 {
681 u.pb = pb;
682
683 /*
684 * Convert and validate command header.
685 */
686 RTLDRMODMACHO_CHECK_RETURN(cbLeft >= sizeof(load_command_t), VERR_LDRMACHO_BAD_LOAD_COMMAND);
687 if (fConvertEndian)
688 {
689 u.pLoadCmd->cmd = RT_BSWAP_U32(u.pLoadCmd->cmd);
690 u.pLoadCmd->cmdsize = RT_BSWAP_U32(u.pLoadCmd->cmdsize);
691 }
692 RTLDRMODMACHO_CHECK_RETURN(u.pLoadCmd->cmdsize <= cbLeft, VERR_LDRMACHO_BAD_LOAD_COMMAND);
693 cbLeft -= u.pLoadCmd->cmdsize;
694 pb += u.pLoadCmd->cmdsize;
695
696 /*
697 * Segment macros for avoiding code duplication.
698 */
699 /* Validation code shared with the 64-bit variant. */
700 #define VALIDATE_AND_ADD_SEGMENT(a_cBits) \
701 do { \
702 bool fSkipSeg = !strcmp(pSrcSeg->segname, "__DWARF") /* Note: Not for non-object files. */ \
703 || ( !strcmp(pSrcSeg->segname, "__CTF") /* Their CTF tool did/does weird things, */ \
704 && pSrcSeg->vmsize == 0) /* overlapping vmaddr and zero vmsize. */ \
705 || (cSectionsLeft > 0 && (pFirstSect->flags & S_ATTR_DEBUG)); \
706 \
707 /* MH_DSYM files for MH_OBJECT files must have MH_OBJECT segment translation. */ \
708 if ( uEffFileType == MH_DSYM \
709 && cSegmentCommands == 0 \
710 && pSrcSeg->segname[0] == '\0') \
711 *puEffFileType = uEffFileType = MH_OBJECT; \
712 \
713 RTLDRMODMACHO_CHECK_RETURN( pSrcSeg->filesize == 0 \
714 || ( pSrcSeg->fileoff <= cbFile \
715 && (uint64_t)pSrcSeg->fileoff + pSrcSeg->filesize <= cbFile), \
716 VERR_LDRMACHO_BAD_LOAD_COMMAND); \
717 RTLDRMODMACHO_CHECK_RETURN( pSrcSeg->filesize <= pSrcSeg->vmsize \
718 || (fSkipSeg && !strcmp(pSrcSeg->segname, "__CTF") /* see above */), \
719 VERR_LDRMACHO_BAD_LOAD_COMMAND); \
720 RTLDRMODMACHO_CHECK_RETURN(!(~pSrcSeg->maxprot & pSrcSeg->initprot), \
721 VERR_LDRMACHO_BAD_LOAD_COMMAND); \
722 RTLDRMODMACHO_CHECK_MSG_RETURN(!(pSrcSeg->flags & ~(SG_HIGHVM | SG_FVMLIB | SG_NORELOC | SG_PROTECTED_VERSION_1 | SG_READ_ONLY)), \
723 ("flags=%#x %s\n", pSrcSeg->flags, pSrcSeg->segname), \
724 VERR_LDRMACHO_BAD_LOAD_COMMAND); \
725 RTLDRMODMACHO_CHECK_RETURN( pSrcSeg->nsects * sizeof(section_##a_cBits##_t) \
726 <= u.pLoadCmd->cmdsize - sizeof(segment_command_##a_cBits##_t), \
727 VERR_LDRMACHO_BAD_LOAD_COMMAND); \
728 RTLDRMODMACHO_CHECK_RETURN( uEffFileType != MH_OBJECT \
729 || cSegmentCommands == 0 \
730 || ( cSegmentCommands == 1 \
731 && uEffFileType == MH_OBJECT \
732 && pHdr->filetype == MH_DSYM \
733 && fSkipSeg), \
734 VERR_LDRMACHO_BAD_OBJECT_FILE); \
735 cSegmentCommands++; \
736 \
737 /* Add the segment, if not object file. */ \
738 if (!fSkipSeg && uEffFileType != MH_OBJECT) \
739 { \
740 cbStringPool += RTStrNLen(&pSrcSeg->segname[0], sizeof(pSrcSeg->segname)) + 1; \
741 cSegments++; \
742 if (cSegments == 1) /* The link address is set by the first segment. */ \
743 *pLinkAddress = pSrcSeg->vmaddr; \
744 } \
745 } while (0)
746
747
748 /* Validation code shared with the 64-bit variant. */
749 #define VALIDATE_AND_ADD_SECTION(a_cBits) \
750 do { \
751 int fFileBits; \
752 \
753 /* validate */ \
754 if (uEffFileType != MH_OBJECT) \
755 RTLDRMODMACHO_CHECK_RETURN(!strcmp(pSect->segname, pSrcSeg->segname),\
756 VERR_LDRMACHO_BAD_SECTION); \
757 \
758 switch (pSect->flags & SECTION_TYPE) \
759 { \
760 case S_ZEROFILL: \
761 RTLDRMODMACHO_CHECK_RETURN(!pSect->reserved1, VERR_LDRMACHO_BAD_SECTION); \
762 RTLDRMODMACHO_CHECK_RETURN(!pSect->reserved2, VERR_LDRMACHO_BAD_SECTION); \
763 fFileBits = 0; \
764 break; \
765 case S_REGULAR: \
766 case S_CSTRING_LITERALS: \
767 case S_COALESCED: \
768 case S_4BYTE_LITERALS: \
769 case S_8BYTE_LITERALS: \
770 case S_16BYTE_LITERALS: \
771 RTLDRMODMACHO_CHECK_RETURN(!pSect->reserved1, VERR_LDRMACHO_BAD_SECTION); \
772 RTLDRMODMACHO_CHECK_RETURN(!pSect->reserved2, VERR_LDRMACHO_BAD_SECTION); \
773 fFileBits = 1; \
774 break; \
775 \
776 case S_SYMBOL_STUBS: \
777 RTLDRMODMACHO_CHECK_RETURN(!pSect->reserved1, VERR_LDRMACHO_BAD_SECTION); \
778 /* reserved2 == stub size. 0 has been seen (corecrypto.kext) */ \
779 RTLDRMODMACHO_CHECK_RETURN(pSect->reserved2 < 64, VERR_LDRMACHO_BAD_SECTION); \
780 fFileBits = 1; \
781 break; \
782 \
783 case S_NON_LAZY_SYMBOL_POINTERS: \
784 case S_LAZY_SYMBOL_POINTERS: \
785 case S_LAZY_DYLIB_SYMBOL_POINTERS: \
786 /* (reserved 1 = is indirect symbol table index) */ \
787 RTLDRMODMACHO_CHECK_RETURN(!pSect->reserved2, VERR_LDRMACHO_BAD_SECTION); \
788 Log(("ldrMachO: Can't load because of section flags: %#x\n", pSect->flags & SECTION_TYPE)); \
789 *pfCanLoad = false; \
790 fFileBits = -1; /* __DATA.__got in the 64-bit mach_kernel has bits, any things without bits? */ \
791 break; \
792 \
793 case S_MOD_INIT_FUNC_POINTERS: \
794 /** @todo this requires a query API or flag... (e.g. C++ constructors) */ \
795 RTLDRMODMACHO_CHECK_RETURN(fOpenFlags & (RTLDR_O_FOR_DEBUG | RTLDR_O_FOR_VALIDATION), \
796 VERR_LDRMACHO_UNSUPPORTED_INIT_SECTION); \
797 RT_FALL_THRU(); \
798 case S_MOD_TERM_FUNC_POINTERS: \
799 /** @todo this requires a query API or flag... (e.g. C++ destructors) */ \
800 RTLDRMODMACHO_CHECK_RETURN(fOpenFlags & (RTLDR_O_FOR_DEBUG | RTLDR_O_FOR_VALIDATION), \
801 VERR_LDRMACHO_UNSUPPORTED_TERM_SECTION); \
802 RTLDRMODMACHO_CHECK_RETURN(!pSect->reserved1, VERR_LDRMACHO_BAD_SECTION); \
803 RTLDRMODMACHO_CHECK_RETURN(!pSect->reserved2, VERR_LDRMACHO_BAD_SECTION); \
804 fFileBits = 1; \
805 break; /* ignored */ \
806 \
807 case S_LITERAL_POINTERS: \
808 case S_DTRACE_DOF: \
809 RTLDRMODMACHO_CHECK_RETURN(!pSect->reserved1, VERR_LDRMACHO_BAD_SECTION); \
810 RTLDRMODMACHO_CHECK_RETURN(!pSect->reserved2, VERR_LDRMACHO_BAD_SECTION); \
811 fFileBits = 1; \
812 break; \
813 \
814 case S_INTERPOSING: \
815 case S_GB_ZEROFILL: \
816 RTLDRMODMACHO_FAILED_RETURN(VERR_LDRMACHO_UNSUPPORTED_SECTION); \
817 \
818 default: \
819 RTLDRMODMACHO_FAILED_RETURN(VERR_LDRMACHO_UNKNOWN_SECTION); \
820 } \
821 RTLDRMODMACHO_CHECK_RETURN(!(pSect->flags & ~( S_ATTR_PURE_INSTRUCTIONS | S_ATTR_NO_TOC | S_ATTR_STRIP_STATIC_SYMS \
822 | S_ATTR_NO_DEAD_STRIP | S_ATTR_LIVE_SUPPORT | S_ATTR_SELF_MODIFYING_CODE \
823 | S_ATTR_DEBUG | S_ATTR_SOME_INSTRUCTIONS | S_ATTR_EXT_RELOC \
824 | S_ATTR_LOC_RELOC | SECTION_TYPE)), \
825 VERR_LDRMACHO_BAD_SECTION); \
826 RTLDRMODMACHO_CHECK_RETURN((pSect->flags & S_ATTR_DEBUG) == (pFirstSect->flags & S_ATTR_DEBUG), \
827 VERR_LDRMACHO_MIXED_DEBUG_SECTION_FLAGS); \
828 \
829 RTLDRMODMACHO_CHECK_RETURN(pSect->addr - pSrcSeg->vmaddr <= pSrcSeg->vmsize, \
830 VERR_LDRMACHO_BAD_SECTION); \
831 RTLDRMODMACHO_CHECK_RETURN( pSect->addr - pSrcSeg->vmaddr + pSect->size <= pSrcSeg->vmsize \
832 || !strcmp(pSrcSeg->segname, "__CTF") /* see above */, \
833 VERR_LDRMACHO_BAD_SECTION); \
834 RTLDRMODMACHO_CHECK_RETURN(pSect->align < 31, \
835 VERR_LDRMACHO_BAD_SECTION); \
836 /* Workaround for buggy ld64 (or as, llvm, ++) that produces a misaligned __TEXT.__unwind_info. */ \
837 /* Seen: pSect->align = 4, pSect->addr = 0x5ebe14. Just adjust the alignment down. */ \
838 if ( ((RT_BIT_32(pSect->align) - UINT32_C(1)) & pSect->addr) \
839 && pSect->align == 4 \
840 && strcmp(pSect->sectname, "__unwind_info") == 0) \
841 pSect->align = 2; \
842 RTLDRMODMACHO_CHECK_RETURN(!((RT_BIT_32(pSect->align) - UINT32_C(1)) & pSect->addr), \
843 VERR_LDRMACHO_BAD_SECTION); \
844 RTLDRMODMACHO_CHECK_RETURN(!((RT_BIT_32(pSect->align) - UINT32_C(1)) & pSrcSeg->vmaddr), \
845 VERR_LDRMACHO_BAD_SECTION); \
846 \
847 /* Adjust the section offset before we check file offset. */ \
848 offSect = (offSect + RT_BIT_64(pSect->align) - UINT64_C(1)) & ~(RT_BIT_64(pSect->align) - UINT64_C(1)); \
849 if (pSect->addr) \
850 { \
851 RTLDRMODMACHO_CHECK_RETURN(offSect <= pSect->addr - pSrcSeg->vmaddr, VERR_LDRMACHO_BAD_SECTION); \
852 if (offSect < pSect->addr - pSrcSeg->vmaddr) \
853 offSect = pSect->addr - pSrcSeg->vmaddr; \
854 } \
855 \
856 if (fFileBits && pSect->offset == 0 && pSrcSeg->fileoff == 0 && pHdr->filetype == MH_DSYM) \
857 fFileBits = 0; \
858 if (fFileBits) \
859 { \
860 if (uEffFileType != MH_OBJECT) \
861 { \
862 RTLDRMODMACHO_CHECK_RETURN(pSect->offset == pSrcSeg->fileoff + offSect, \
863 VERR_LDRMACHO_NON_CONT_SEG_BITS); \
864 RTLDRMODMACHO_CHECK_RETURN(pSect->offset - pSrcSeg->fileoff <= pSrcSeg->filesize, \
865 VERR_LDRMACHO_BAD_SECTION); \
866 } \
867 RTLDRMODMACHO_CHECK_RETURN(pSect->offset <= cbFile, \
868 VERR_LDRMACHO_BAD_SECTION); \
869 RTLDRMODMACHO_CHECK_RETURN((uint64_t)pSect->offset + pSect->size <= cbFile, \
870 VERR_LDRMACHO_BAD_SECTION); \
871 } \
872 else \
873 RTLDRMODMACHO_CHECK_RETURN(pSect->offset == 0, VERR_LDRMACHO_BAD_SECTION); \
874 \
875 if (!pSect->nreloc) \
876 RTLDRMODMACHO_CHECK_RETURN(!pSect->reloff, \
877 VERR_LDRMACHO_BAD_SECTION); \
878 else \
879 { \
880 RTLDRMODMACHO_CHECK_RETURN(pSect->reloff <= cbFile, \
881 VERR_LDRMACHO_BAD_SECTION); \
882 RTLDRMODMACHO_CHECK_RETURN( (uint64_t)pSect->reloff \
883 + (RTFOFF)pSect->nreloc * sizeof(macho_relocation_info_t) \
884 <= cbFile, \
885 VERR_LDRMACHO_BAD_SECTION); \
886 cSectionsWithRelocs++; \
887 } \
888 \
889 /* Validate against file type (pointless?) and count the section, for object files add segment. */ \
890 switch (uEffFileType) \
891 { \
892 case MH_OBJECT: \
893 if ( !(pSect->flags & S_ATTR_DEBUG) \
894 && strcmp(pSect->segname, "__DWARF")) \
895 { \
896 cbStringPool += RTStrNLen(&pSect->segname[0], sizeof(pSect->segname)) + 1; \
897 cbStringPool += RTStrNLen(&pSect->sectname[0], sizeof(pSect->sectname)) + 1; \
898 cSegments++; \
899 if (cSegments == 1) /* The link address is set by the first segment. */ \
900 *pLinkAddress = pSect->addr; \
901 } \
902 RT_FALL_THRU(); \
903 case MH_EXECUTE: \
904 case MH_DYLIB: \
905 case MH_BUNDLE: \
906 case MH_DSYM: \
907 case MH_KEXT_BUNDLE: \
908 cSections++; \
909 break; \
910 default: \
911 RTLDRMODMACHO_FAILED_RETURN(VERR_INVALID_PARAMETER); \
912 } \
913 \
914 /* Advance the section offset, since we're also aligning it. */ \
915 offSect += pSect->size; \
916 } while (0) /* VALIDATE_AND_ADD_SECTION */
917
918 /*
919 * Convert endian if needed, parse and validate the command.
920 */
921 switch (u.pLoadCmd->cmd)
922 {
923 case LC_SEGMENT_32:
924 {
925 segment_command_32_t *pSrcSeg = (segment_command_32_t *)u.pLoadCmd;
926 section_32_t *pFirstSect = (section_32_t *)(pSrcSeg + 1);
927 section_32_t *pSect = pFirstSect;
928 uint32_t cSectionsLeft = pSrcSeg->nsects;
929 uint64_t offSect = 0;
930
931 /* Convert and verify the segment. */
932 RTLDRMODMACHO_CHECK_RETURN(u.pLoadCmd->cmdsize >= sizeof(segment_command_32_t), VERR_LDRMACHO_BAD_LOAD_COMMAND);
933 RTLDRMODMACHO_CHECK_RETURN( pHdr->magic == IMAGE_MACHO32_SIGNATURE_OE
934 || pHdr->magic == IMAGE_MACHO32_SIGNATURE, VERR_LDRMACHO_BIT_MIX);
935 if (fConvertEndian)
936 {
937 pSrcSeg->vmaddr = RT_BSWAP_U32(pSrcSeg->vmaddr);
938 pSrcSeg->vmsize = RT_BSWAP_U32(pSrcSeg->vmsize);
939 pSrcSeg->fileoff = RT_BSWAP_U32(pSrcSeg->fileoff);
940 pSrcSeg->filesize = RT_BSWAP_U32(pSrcSeg->filesize);
941 pSrcSeg->maxprot = RT_BSWAP_U32(pSrcSeg->maxprot);
942 pSrcSeg->initprot = RT_BSWAP_U32(pSrcSeg->initprot);
943 pSrcSeg->nsects = RT_BSWAP_U32(pSrcSeg->nsects);
944 pSrcSeg->flags = RT_BSWAP_U32(pSrcSeg->flags);
945 }
946
947 VALIDATE_AND_ADD_SEGMENT(32);
948
949
950 /*
951 * Convert, validate and parse the sections.
952 */
953 cSectionsLeft = pSrcSeg->nsects;
954 pFirstSect = pSect = (section_32_t *)(pSrcSeg + 1);
955 while (cSectionsLeft-- > 0)
956 {
957 if (fConvertEndian)
958 {
959 pSect->addr = RT_BSWAP_U32(pSect->addr);
960 pSect->size = RT_BSWAP_U32(pSect->size);
961 pSect->offset = RT_BSWAP_U32(pSect->offset);
962 pSect->align = RT_BSWAP_U32(pSect->align);
963 pSect->reloff = RT_BSWAP_U32(pSect->reloff);
964 pSect->nreloc = RT_BSWAP_U32(pSect->nreloc);
965 pSect->flags = RT_BSWAP_U32(pSect->flags);
966 pSect->reserved1 = RT_BSWAP_U32(pSect->reserved1);
967 pSect->reserved2 = RT_BSWAP_U32(pSect->reserved2);
968 }
969
970 VALIDATE_AND_ADD_SECTION(32);
971
972 /* next */
973 pSect++;
974 }
975 break;
976 }
977
978 case LC_SEGMENT_64:
979 {
980 segment_command_64_t *pSrcSeg = (segment_command_64_t *)u.pLoadCmd;
981 section_64_t *pFirstSect = (section_64_t *)(pSrcSeg + 1);
982 section_64_t *pSect = pFirstSect;
983 uint32_t cSectionsLeft = pSrcSeg->nsects;
984 uint64_t offSect = 0;
985
986 /* Convert and verify the segment. */
987 RTLDRMODMACHO_CHECK_RETURN(u.pLoadCmd->cmdsize >= sizeof(segment_command_64_t), VERR_LDRMACHO_BAD_LOAD_COMMAND);
988 RTLDRMODMACHO_CHECK_RETURN( pHdr->magic == IMAGE_MACHO64_SIGNATURE_OE
989 || pHdr->magic == IMAGE_MACHO64_SIGNATURE, VERR_LDRMACHO_BIT_MIX);
990 if (fConvertEndian)
991 {
992 pSrcSeg->vmaddr = RT_BSWAP_U64(pSrcSeg->vmaddr);
993 pSrcSeg->vmsize = RT_BSWAP_U64(pSrcSeg->vmsize);
994 pSrcSeg->fileoff = RT_BSWAP_U64(pSrcSeg->fileoff);
995 pSrcSeg->filesize = RT_BSWAP_U64(pSrcSeg->filesize);
996 pSrcSeg->maxprot = RT_BSWAP_U32(pSrcSeg->maxprot);
997 pSrcSeg->initprot = RT_BSWAP_U32(pSrcSeg->initprot);
998 pSrcSeg->nsects = RT_BSWAP_U32(pSrcSeg->nsects);
999 pSrcSeg->flags = RT_BSWAP_U32(pSrcSeg->flags);
1000 }
1001
1002 VALIDATE_AND_ADD_SEGMENT(64);
1003
1004 /*
1005 * Convert, validate and parse the sections.
1006 */
1007 while (cSectionsLeft-- > 0)
1008 {
1009 if (fConvertEndian)
1010 {
1011 pSect->addr = RT_BSWAP_U64(pSect->addr);
1012 pSect->size = RT_BSWAP_U64(pSect->size);
1013 pSect->offset = RT_BSWAP_U32(pSect->offset);
1014 pSect->align = RT_BSWAP_U32(pSect->align);
1015 pSect->reloff = RT_BSWAP_U32(pSect->reloff);
1016 pSect->nreloc = RT_BSWAP_U32(pSect->nreloc);
1017 pSect->flags = RT_BSWAP_U32(pSect->flags);
1018 pSect->reserved1 = RT_BSWAP_U32(pSect->reserved1);
1019 pSect->reserved2 = RT_BSWAP_U32(pSect->reserved2);
1020 }
1021
1022 VALIDATE_AND_ADD_SECTION(64);
1023
1024 /* next */
1025 pSect++;
1026 }
1027 break;
1028 } /* LC_SEGMENT_64 */
1029
1030
1031 case LC_SYMTAB:
1032 {
1033 size_t cbSym;
1034 if (fConvertEndian)
1035 {
1036 u.pSymTab->symoff = RT_BSWAP_U32(u.pSymTab->symoff);
1037 u.pSymTab->nsyms = RT_BSWAP_U32(u.pSymTab->nsyms);
1038 u.pSymTab->stroff = RT_BSWAP_U32(u.pSymTab->stroff);
1039 u.pSymTab->strsize = RT_BSWAP_U32(u.pSymTab->strsize);
1040 }
1041
1042 /* verify */
1043 cbSym = pHdr->magic == IMAGE_MACHO32_SIGNATURE
1044 || pHdr->magic == IMAGE_MACHO32_SIGNATURE_OE
1045 ? sizeof(macho_nlist_32_t)
1046 : sizeof(macho_nlist_64_t);
1047 if ( u.pSymTab->symoff >= cbFile
1048 || (uint64_t)u.pSymTab->symoff + u.pSymTab->nsyms * cbSym > cbFile)
1049 RTLDRMODMACHO_FAILED_RETURN(VERR_LDRMACHO_BAD_LOAD_COMMAND);
1050 if ( u.pSymTab->stroff >= cbFile
1051 || (uint64_t)u.pSymTab->stroff + u.pSymTab->strsize > cbFile)
1052 RTLDRMODMACHO_FAILED_RETURN(VERR_LDRMACHO_BAD_LOAD_COMMAND);
1053
1054 /* Only one object table, please. */
1055 cSymbolTabs++;
1056 if (cSymbolTabs != 1)
1057 RTLDRMODMACHO_FAILED_RETURN(VERR_LDRMACHO_BAD_OBJECT_FILE);
1058
1059 cSymbols = u.pSymTab->nsyms;
1060 break;
1061 }
1062
1063 case LC_DYSYMTAB:
1064 {
1065 if (pHdr->filetype == MH_OBJECT)
1066 RTLDRMODMACHO_FAILED_RETURN(RTErrInfoSet(pErrInfo, VERR_LDRMACHO_BAD_OBJECT_FILE,
1067 "Not expecting LC_DYSYMTAB in MH_OBJECT"));
1068 if (fConvertEndian)
1069 {
1070 u.pDySymTab->ilocalsym = RT_BSWAP_U32(u.pDySymTab->ilocalsym);
1071 u.pDySymTab->nlocalsym = RT_BSWAP_U32(u.pDySymTab->nlocalsym);
1072 u.pDySymTab->iextdefsym = RT_BSWAP_U32(u.pDySymTab->iextdefsym);
1073 u.pDySymTab->nextdefsym = RT_BSWAP_U32(u.pDySymTab->nextdefsym);
1074 u.pDySymTab->iundefsym = RT_BSWAP_U32(u.pDySymTab->iundefsym);
1075 u.pDySymTab->nundefsym = RT_BSWAP_U32(u.pDySymTab->nundefsym);
1076 u.pDySymTab->tocoff = RT_BSWAP_U32(u.pDySymTab->tocoff);
1077 u.pDySymTab->ntoc = RT_BSWAP_U32(u.pDySymTab->ntoc);
1078 u.pDySymTab->modtaboff = RT_BSWAP_U32(u.pDySymTab->modtaboff);
1079 u.pDySymTab->nmodtab = RT_BSWAP_U32(u.pDySymTab->nmodtab);
1080 u.pDySymTab->extrefsymoff = RT_BSWAP_U32(u.pDySymTab->extrefsymoff);
1081 u.pDySymTab->nextrefsym = RT_BSWAP_U32(u.pDySymTab->nextrefsym);
1082 u.pDySymTab->indirectsymboff = RT_BSWAP_U32(u.pDySymTab->indirectsymboff);
1083 u.pDySymTab->nindirectsymb = RT_BSWAP_U32(u.pDySymTab->nindirectsymb);
1084 u.pDySymTab->extreloff = RT_BSWAP_U32(u.pDySymTab->extreloff);
1085 u.pDySymTab->nextrel = RT_BSWAP_U32(u.pDySymTab->nextrel);
1086 u.pDySymTab->locreloff = RT_BSWAP_U32(u.pDySymTab->locreloff);
1087 u.pDySymTab->nlocrel = RT_BSWAP_U32(u.pDySymTab->nlocrel);
1088 }
1089
1090 /* verify */
1091 RTLDRMODMACHO_CHECK_RETURN((uint64_t)u.pDySymTab->ilocalsym + u.pDySymTab->nlocalsym <= cSymbols,
1092 RTErrInfoSetF(pErrInfo, VERR_LDRMACHO_BAD_LOAD_COMMAND,
1093 "ilocalsym=%#x + nlocalsym=%#x vs cSymbols=%#x",
1094 u.pDySymTab->ilocalsym, u.pDySymTab->nlocalsym, cSymbols));
1095 RTLDRMODMACHO_CHECK_RETURN((uint64_t)u.pDySymTab->iextdefsym + u.pDySymTab->nextdefsym <= cSymbols,
1096 RTErrInfoSetF(pErrInfo, VERR_LDRMACHO_BAD_LOAD_COMMAND,
1097 "iextdefsym=%#x + nextdefsym=%#x vs cSymbols=%#x",
1098 u.pDySymTab->iextdefsym, u.pDySymTab->nextdefsym, cSymbols));
1099 RTLDRMODMACHO_CHECK_RETURN((uint64_t)u.pDySymTab->iundefsym + u.pDySymTab->nundefsym <= cSymbols,
1100 RTErrInfoSetF(pErrInfo, VERR_LDRMACHO_BAD_LOAD_COMMAND,
1101 "iundefsym=%#x + nundefsym=%#x vs cSymbols=%#x",
1102 u.pDySymTab->iundefsym, u.pDySymTab->nundefsym, cSymbols));
1103 RTLDRMODMACHO_CHECK_RETURN( (uint64_t)u.pDySymTab->tocoff + u.pDySymTab->ntoc * sizeof(dylib_table_of_contents_t)
1104 <= cbFile,
1105 RTErrInfoSetF(pErrInfo, VERR_LDRMACHO_BAD_LOAD_COMMAND,
1106 "tocoff=%#x + ntoc=%#x vs cbFile=%#RX64",
1107 u.pDySymTab->tocoff, u.pDySymTab->ntoc, cbFile));
1108 const uint32_t cbModTabEntry = pHdr->magic == IMAGE_MACHO32_SIGNATURE
1109 || pHdr->magic == IMAGE_MACHO32_SIGNATURE_OE
1110 ? sizeof(dylib_module_32_t) : sizeof(dylib_module_64_t);
1111 RTLDRMODMACHO_CHECK_RETURN((uint64_t)u.pDySymTab->modtaboff + u.pDySymTab->nmodtab * cbModTabEntry <= cbFile,
1112 RTErrInfoSetF(pErrInfo, VERR_LDRMACHO_BAD_LOAD_COMMAND,
1113 "modtaboff=%#x + nmodtab=%#x cbModTabEntry=%#x vs cbFile=%#RX64",
1114 u.pDySymTab->modtaboff, u.pDySymTab->nmodtab, cbModTabEntry, cbFile));
1115 RTLDRMODMACHO_CHECK_RETURN( (uint64_t)u.pDySymTab->extrefsymoff + u.pDySymTab->nextrefsym * sizeof(dylib_reference_t)
1116 <= cbFile,
1117 RTErrInfoSetF(pErrInfo, VERR_LDRMACHO_BAD_LOAD_COMMAND,
1118 "extrefsymoff=%#x + nextrefsym=%#x vs cbFile=%#RX64",
1119 u.pDySymTab->extrefsymoff, u.pDySymTab->nextrefsym, cbFile));
1120 RTLDRMODMACHO_CHECK_RETURN( (uint64_t)u.pDySymTab->indirectsymboff + u.pDySymTab->nindirectsymb * sizeof(uint32_t)
1121 <= cbFile,
1122 RTErrInfoSetF(pErrInfo, VERR_LDRMACHO_BAD_LOAD_COMMAND,
1123 "indirectsymboff=%#x + nindirectsymb=%#x vs cbFile=%#RX64",
1124 u.pDySymTab->indirectsymboff, u.pDySymTab->nindirectsymb, cbFile));
1125 RTLDRMODMACHO_CHECK_RETURN((uint64_t)u.pDySymTab->extreloff + u.pDySymTab->nextrel * sizeof(macho_relocation_info_t) <= cbFile,
1126 RTErrInfoSetF(pErrInfo, VERR_LDRMACHO_BAD_LOAD_COMMAND,
1127 "extreloff=%#x + nextrel=%#x vs cbFile=%#RX64",
1128 u.pDySymTab->extreloff, u.pDySymTab->nextrel, cbFile));
1129 RTLDRMODMACHO_CHECK_RETURN((uint64_t)u.pDySymTab->locreloff + u.pDySymTab->nlocrel * sizeof(macho_relocation_info_t) <= cbFile,
1130 RTErrInfoSetF(pErrInfo, VERR_LDRMACHO_BAD_LOAD_COMMAND,
1131 "locreloff=%#x + nlocrel=%#x vs cbFile=%#RX64",
1132 u.pDySymTab->locreloff, u.pDySymTab->nlocrel, cbFile));
1133 cDySymbolTabs++;
1134 fDySymbolTabWithRelocs |= (u.pDySymTab->nlocrel + u.pDySymTab->nextrel) != 0;
1135 break;
1136 }
1137
1138 case LC_THREAD:
1139 case LC_UNIXTHREAD:
1140 {
1141 uint32_t *pu32 = (uint32_t *)(u.pb + sizeof(load_command_t));
1142 uint32_t cItemsLeft = (u.pThread->cmdsize - sizeof(load_command_t)) / sizeof(uint32_t);
1143 while (cItemsLeft)
1144 {
1145 /* convert & verify header items ([0] == flavor, [1] == uint32_t count). */
1146 if (cItemsLeft < 2)
1147 RTLDRMODMACHO_FAILED_RETURN(VERR_LDRMACHO_BAD_LOAD_COMMAND);
1148 if (fConvertEndian)
1149 {
1150 pu32[0] = RT_BSWAP_U32(pu32[0]);
1151 pu32[1] = RT_BSWAP_U32(pu32[1]);
1152 }
1153 if (pu32[1] + 2 > cItemsLeft)
1154 RTLDRMODMACHO_FAILED_RETURN(VERR_LDRMACHO_BAD_LOAD_COMMAND);
1155
1156 /* convert & verify according to flavor. */
1157 switch (pu32[0])
1158 {
1159 /** @todo */
1160 default:
1161 break;
1162 }
1163
1164 /* next */
1165 cItemsLeft -= pu32[1] + 2;
1166 pu32 += pu32[1] + 2;
1167 }
1168 break;
1169 }
1170
1171 case LC_UUID:
1172 if (u.pUuid->cmdsize != sizeof(uuid_command_t))
1173 RTLDRMODMACHO_FAILED_RETURN(VERR_LDRMACHO_BAD_LOAD_COMMAND);
1174 /** @todo Check anything here need converting? */
1175 break;
1176
1177 case LC_CODE_SIGNATURE:
1178 if (u.pUuid->cmdsize != sizeof(linkedit_data_command_t))
1179 RTLDRMODMACHO_FAILED_RETURN(VERR_LDRMACHO_BAD_LOAD_COMMAND);
1180 break;
1181
1182 case LC_VERSION_MIN_MACOSX:
1183 case LC_VERSION_MIN_IPHONEOS:
1184 if (u.pUuid->cmdsize != sizeof(version_min_command_t))
1185 RTLDRMODMACHO_FAILED_RETURN(VERR_LDRMACHO_BAD_LOAD_COMMAND);
1186 break;
1187
1188 case LC_SOURCE_VERSION: /* Harmless. It just gives a clue regarding the source code revision/version. */
1189 case LC_BUILD_VERSION: /* Harmless. It just gives a clue regarding the tool/sdk versions. */
1190 case LC_DATA_IN_CODE: /* Ignore */
1191 case LC_DYLIB_CODE_SIGN_DRS:/* Ignore */
1192 /** @todo valid command size. */
1193 break;
1194
1195 case LC_FUNCTION_STARTS: /** @todo dylib++ */
1196 /* Ignore for now. */
1197 break;
1198 case LC_ID_DYLIB: /** @todo dylib */
1199 case LC_LOAD_DYLIB: /** @todo dylib */
1200 case LC_LOAD_DYLINKER: /** @todo dylib */
1201 case LC_TWOLEVEL_HINTS: /** @todo dylib */
1202 case LC_LOAD_WEAK_DYLIB: /** @todo dylib */
1203 case LC_ID_DYLINKER: /** @todo dylib */
1204 case LC_RPATH: /** @todo dylib */
1205 case LC_SEGMENT_SPLIT_INFO: /** @todo dylib++ */
1206 case LC_REEXPORT_DYLIB: /** @todo dylib */
1207 case LC_DYLD_INFO: /** @todo dylib */
1208 case LC_DYLD_INFO_ONLY: /** @todo dylib */
1209 case LC_LOAD_UPWARD_DYLIB: /** @todo dylib */
1210 case LC_DYLD_ENVIRONMENT: /** @todo dylib */
1211 case LC_MAIN: /** @todo parse this and find and entry point or smth. */
1212 /** @todo valid command size. */
1213 if (!(fOpenFlags & (RTLDR_O_FOR_DEBUG | RTLDR_O_FOR_VALIDATION)))
1214 RTLDRMODMACHO_FAILED_RETURN(RTErrInfoSetF(pErrInfo, VERR_LDRMACHO_UNSUPPORTED_LOAD_COMMAND,
1215 "cmd=%#x", u.pLoadCmd->cmd));
1216 Log(("ldrMachO: Can't load because of load command: %#x\n", u.pLoadCmd->cmd));
1217 *pfCanLoad = false;
1218 break;
1219
1220 case LC_LOADFVMLIB:
1221 case LC_IDFVMLIB:
1222 case LC_IDENT:
1223 case LC_FVMFILE:
1224 case LC_PREPAGE:
1225 case LC_PREBOUND_DYLIB:
1226 case LC_ROUTINES:
1227 case LC_ROUTINES_64:
1228 case LC_SUB_FRAMEWORK:
1229 case LC_SUB_UMBRELLA:
1230 case LC_SUB_CLIENT:
1231 case LC_SUB_LIBRARY:
1232 case LC_PREBIND_CKSUM:
1233 case LC_SYMSEG:
1234 RTLDRMODMACHO_FAILED_RETURN(RTErrInfoSetF(pErrInfo, VERR_LDRMACHO_UNSUPPORTED_LOAD_COMMAND,
1235 "cmd=%#x", u.pLoadCmd->cmd));
1236
1237 default:
1238 RTLDRMODMACHO_FAILED_RETURN(RTErrInfoSetF(pErrInfo, VERR_LDRMACHO_UNKNOWN_LOAD_COMMAND,
1239 "cmd=%#x", u.pLoadCmd->cmd));
1240 }
1241 }
1242
1243 /* be strict. */
1244 if (cbLeft)
1245 RTLDRMODMACHO_FAILED_RETURN(VERR_LDRMACHO_BAD_LOAD_COMMAND);
1246
1247 RTLDRMODMACHO_CHECK_RETURN(cDySymbolTabs <= 1,
1248 RTErrInfoSetF(pErrInfo, VERR_LDRMACHO_BAD_LOAD_COMMAND,
1249 "More than one LC_DYSYMTAB command: %u", cDySymbolTabs));
1250 RTLDRMODMACHO_CHECK_RETURN(!fDySymbolTabWithRelocs || cSectionsWithRelocs == 0,
1251 RTErrInfoSetF(pErrInfo, VERR_LDRMACHO_BAD_LOAD_COMMAND,
1252 "Have relocations both in sections and LC_DYSYMTAB"));
1253 if (!cSegments)
1254 RTLDRMODMACHO_FAILED_RETURN(VERR_LDRMACHO_BAD_OBJECT_FILE);
1255
1256 switch (uEffFileType)
1257 {
1258 case MH_OBJECT:
1259 case MH_EXECUTE:
1260 RTLDRMODMACHO_CHECK_RETURN(!fDySymbolTabWithRelocs || (fOpenFlags & (RTLDR_O_FOR_DEBUG | RTLDR_O_FOR_VALIDATION)),
1261 RTErrInfoSetF(pErrInfo, VERR_LDRMACHO_BAD_LOAD_COMMAND,
1262 "Did not expect relocations in LC_DYSYMTAB (file type %u)", uEffFileType));
1263 break;
1264
1265 case MH_DYLIB:
1266 case MH_BUNDLE:
1267 case MH_KEXT_BUNDLE:
1268 RTLDRMODMACHO_CHECK_RETURN(cDySymbolTabs > 0,
1269 RTErrInfoSetF(pErrInfo, VERR_LDRMACHO_BAD_LOAD_COMMAND,
1270 "No LC_DYSYMTAB command (file type %u)", uEffFileType));
1271 RTLDRMODMACHO_CHECK_RETURN(fDySymbolTabWithRelocs || cSectionsWithRelocs == 0,
1272 RTErrInfoSetF(pErrInfo, VERR_LDRMACHO_BAD_LOAD_COMMAND,
1273 "Expected relocations in LC_DYSYMTAB (file type %u)", uEffFileType));
1274 break;
1275
1276 case MH_DSYM:
1277 break;
1278 }
1279
1280 /*
1281 * Set return values and return.
1282 */
1283 *pcSegments = cSegments;
1284 *pcSections = cSections;
1285 *pcbStringPool = (uint32_t)cbStringPool;
1286
1287 return VINF_SUCCESS;
1288}
1289
1290
1291/**
1292 * Parses the load commands after we've carved out the module instance.
1293 *
1294 * This fills in the segment table and perhaps some other properties.
1295 *
1296 * @returns IPRT status code.
1297 * @param pThis The module.
1298 * @param pbStringPool The string pool
1299 * @param cbStringPool The size of the string pool.
1300 */
1301static int kldrModMachOParseLoadCommands(PRTLDRMODMACHO pThis, char *pbStringPool, uint32_t cbStringPool)
1302{
1303 union
1304 {
1305 const uint8_t *pb;
1306 const load_command_t *pLoadCmd;
1307 const segment_command_32_t *pSeg32;
1308 const segment_command_64_t *pSeg64;
1309 const symtab_command_t *pSymTab;
1310 const uuid_command_t *pUuid;
1311 const linkedit_data_command_t *pData;
1312 } u;
1313 uint32_t cLeft = pThis->Hdr.ncmds;
1314 uint32_t cbLeft = pThis->Hdr.sizeofcmds;
1315 const uint8_t *pb = pThis->pbLoadCommands;
1316 PRTLDRMODMACHOSEG pDstSeg = &pThis->aSegments[0];
1317 PRTLDRMODMACHOSECT pSectExtra = pThis->paSections;
1318 const uint32_t cSegments = pThis->cSegments;
1319 PRTLDRMODMACHOSEG pSegItr;
1320 bool fFirstSeg = true;
1321 RT_NOREF(cbStringPool);
1322
1323 while (cLeft-- > 0)
1324 {
1325 u.pb = pb;
1326 cbLeft -= u.pLoadCmd->cmdsize;
1327 pb += u.pLoadCmd->cmdsize;
1328
1329 /*
1330 * Convert endian if needed, parse and validate the command.
1331 */
1332 switch (u.pLoadCmd->cmd)
1333 {
1334 case LC_SEGMENT_32:
1335 {
1336 const segment_command_32_t *pSrcSeg = (const segment_command_32_t *)u.pLoadCmd;
1337 section_32_t *pFirstSect = (section_32_t *)(pSrcSeg + 1);
1338 section_32_t *pSect = pFirstSect;
1339 uint32_t cSectionsLeft = pSrcSeg->nsects;
1340
1341 /* Adds a segment, used by the macro below and thus shared with the 64-bit segment variant. */
1342#define NEW_SEGMENT(a_cBits, a_achName1, a_fObjFile, a_achName2, a_SegAddr, a_cbSeg, a_fFileBits, a_offFile, a_cbFile) \
1343 do { \
1344 pDstSeg->SegInfo.pszName = pbStringPool; \
1345 pDstSeg->SegInfo.cchName = (uint32_t)RTStrNLen(a_achName1, sizeof(a_achName1)); \
1346 memcpy(pbStringPool, a_achName1, pDstSeg->SegInfo.cchName); \
1347 pbStringPool += pDstSeg->SegInfo.cchName; \
1348 if (a_fObjFile) \
1349 { /* MH_OBJECT: Add '.sectname' - sections aren't sorted by segments. */ \
1350 size_t cchName2 = RTStrNLen(a_achName2, sizeof(a_achName2)); \
1351 *pbStringPool++ = '.'; \
1352 memcpy(pbStringPool, a_achName2, cchName2); \
1353 pbStringPool += cchName2; \
1354 pDstSeg->SegInfo.cchName += (uint32_t)cchName2; \
1355 } \
1356 *pbStringPool++ = '\0'; \
1357 pDstSeg->SegInfo.SelFlat = 0; \
1358 pDstSeg->SegInfo.Sel16bit = 0; \
1359 pDstSeg->SegInfo.fFlags = 0; \
1360 pDstSeg->SegInfo.fProt = RTMEM_PROT_READ | RTMEM_PROT_WRITE | RTMEM_PROT_EXEC; /** @todo fixme! */ \
1361 pDstSeg->SegInfo.cb = (a_cbSeg); \
1362 pDstSeg->SegInfo.Alignment = 1; /* updated while parsing sections. */ \
1363 pDstSeg->SegInfo.LinkAddress = (a_SegAddr); \
1364 if (a_fFileBits) \
1365 { \
1366 pDstSeg->SegInfo.offFile = (RTFOFF)((a_offFile) + pThis->offImage); \
1367 pDstSeg->SegInfo.cbFile = (RTFOFF)(a_cbFile); \
1368 } \
1369 else \
1370 { \
1371 pDstSeg->SegInfo.offFile = -1; \
1372 pDstSeg->SegInfo.cbFile = -1; \
1373 } \
1374 pDstSeg->SegInfo.RVA = (a_SegAddr) - pThis->LinkAddress; \
1375 pDstSeg->SegInfo.cbMapped = 0; \
1376 \
1377 pDstSeg->iOrgSegNo = (uint32_t)(pDstSeg - &pThis->aSegments[0]); \
1378 pDstSeg->cSections = 0; \
1379 pDstSeg->paSections = pSectExtra; \
1380 } while (0)
1381
1382 /* Closes the new segment - part of NEW_SEGMENT. */
1383#define CLOSE_SEGMENT() \
1384 do { \
1385 pDstSeg->cSections = (uint32_t)(pSectExtra - pDstSeg->paSections); \
1386 pDstSeg++; \
1387 } while (0)
1388
1389
1390 /* Shared with the 64-bit variant. */
1391#define ADD_SEGMENT_AND_ITS_SECTIONS(a_cBits) \
1392 do { \
1393 bool fAddSegOuter = false; \
1394 \
1395 /* \
1396 * Check that the segment name is unique. We couldn't do that \
1397 * in the preparsing stage. \
1398 */ \
1399 if (pThis->uEffFileType != MH_OBJECT) \
1400 for (pSegItr = &pThis->aSegments[0]; pSegItr != pDstSeg; pSegItr++) \
1401 if (!strncmp(pSegItr->SegInfo.pszName, pSrcSeg->segname, sizeof(pSrcSeg->segname))) \
1402 RTLDRMODMACHO_FAILED_RETURN(VERR_LDR_DUPLICATE_SEGMENT_NAME); \
1403 \
1404 /* \
1405 * Create a new segment, unless we're supposed to skip this one. \
1406 */ \
1407 if ( pThis->uEffFileType != MH_OBJECT \
1408 && (cSectionsLeft == 0 || !(pFirstSect->flags & S_ATTR_DEBUG)) \
1409 && strcmp(pSrcSeg->segname, "__DWARF") \
1410 && strcmp(pSrcSeg->segname, "__CTF") ) \
1411 { \
1412 NEW_SEGMENT(a_cBits, pSrcSeg->segname, false /*a_fObjFile*/, "" /*a_achName2*/, \
1413 pSrcSeg->vmaddr, pSrcSeg->vmsize, \
1414 pSrcSeg->filesize != 0, pSrcSeg->fileoff, pSrcSeg->filesize); \
1415 fAddSegOuter = true; \
1416 } \
1417 \
1418 /* \
1419 * Convert and parse the sections. \
1420 */ \
1421 while (cSectionsLeft-- > 0) \
1422 { \
1423 /* New segment if object file. */ \
1424 bool fAddSegInner = false; \
1425 if ( pThis->uEffFileType == MH_OBJECT \
1426 && !(pSect->flags & S_ATTR_DEBUG) \
1427 && strcmp(pSrcSeg->segname, "__DWARF") \
1428 && strcmp(pSrcSeg->segname, "__CTF") ) \
1429 { \
1430 Assert(!fAddSegOuter); \
1431 NEW_SEGMENT(a_cBits, pSect->segname, true /*a_fObjFile*/, pSect->sectname, \
1432 pSect->addr, pSect->size, \
1433 pSect->offset != 0, pSect->offset, pSect->size); \
1434 fAddSegInner = true; \
1435 } \
1436 \
1437 /* Section data extract. */ \
1438 pSectExtra->cb = pSect->size; \
1439 pSectExtra->RVA = pSect->addr - pDstSeg->SegInfo.LinkAddress; \
1440 pSectExtra->LinkAddress = pSect->addr; \
1441 if (pSect->offset) \
1442 pSectExtra->offFile = pSect->offset + pThis->offImage; \
1443 else \
1444 pSectExtra->offFile = -1; \
1445 pSectExtra->cFixups = pSect->nreloc; \
1446 pSectExtra->paFixups = NULL; \
1447 pSectExtra->pauFixupVirginData = NULL; \
1448 if (pSect->nreloc) \
1449 pSectExtra->offFixups = pSect->reloff + pThis->offImage; \
1450 else \
1451 pSectExtra->offFixups = -1; \
1452 pSectExtra->fFlags = pSect->flags; \
1453 pSectExtra->iSegment = (uint32_t)(pDstSeg - &pThis->aSegments[0]); \
1454 pSectExtra->pvMachoSection = pSect; \
1455 \
1456 /* Update the segment alignment, if we're not skipping it. */ \
1457 if ( (fAddSegOuter || fAddSegInner) \
1458 && pDstSeg->SegInfo.Alignment < ((RTLDRADDR)1 << pSect->align)) \
1459 pDstSeg->SegInfo.Alignment = (RTLDRADDR)1 << pSect->align; \
1460 \
1461 /* Next section, and if object file next segment. */ \
1462 pSectExtra++; \
1463 pSect++; \
1464 if (fAddSegInner) \
1465 CLOSE_SEGMENT(); \
1466 } \
1467 \
1468 /* Close the segment and advance. */ \
1469 if (fAddSegOuter) \
1470 CLOSE_SEGMENT(); \
1471 \
1472 /* Take down 'execSeg' info for signing */ \
1473 if (fFirstSeg) \
1474 { \
1475 fFirstSeg = false; \
1476 pThis->offSeg0ForCodeSign = pSrcSeg->fileoff; \
1477 pThis->cbSeg0ForCodeSign = pSrcSeg->filesize; /** @todo file or vm size? */ \
1478 pThis->fSeg0ForCodeSign = pSrcSeg->flags; \
1479 } \
1480 } while (0) /* ADD_SEGMENT_AND_ITS_SECTIONS */
1481
1482 ADD_SEGMENT_AND_ITS_SECTIONS(32);
1483 break;
1484 }
1485
1486 case LC_SEGMENT_64:
1487 {
1488 const segment_command_64_t *pSrcSeg = (const segment_command_64_t *)u.pLoadCmd;
1489 section_64_t *pFirstSect = (section_64_t *)(pSrcSeg + 1);
1490 section_64_t *pSect = pFirstSect;
1491 uint32_t cSectionsLeft = pSrcSeg->nsects;
1492
1493 ADD_SEGMENT_AND_ITS_SECTIONS(64);
1494 break;
1495 }
1496
1497 case LC_SYMTAB:
1498 switch (pThis->uEffFileType)
1499 {
1500 case MH_OBJECT:
1501 case MH_EXECUTE:
1502 case MH_DYLIB:
1503 case MH_BUNDLE:
1504 case MH_DSYM:
1505 case MH_KEXT_BUNDLE:
1506 pThis->offSymbols = u.pSymTab->symoff + pThis->offImage;
1507 pThis->cSymbols = u.pSymTab->nsyms;
1508 pThis->offStrings = u.pSymTab->stroff + pThis->offImage;
1509 pThis->cchStrings = u.pSymTab->strsize;
1510 break;
1511 }
1512 break;
1513
1514 case LC_DYSYMTAB:
1515 pThis->pDySymTab = (dysymtab_command_t *)u.pb;
1516 break;
1517
1518 case LC_UUID:
1519 memcpy(pThis->abImageUuid, u.pUuid->uuid, sizeof(pThis->abImageUuid));
1520 break;
1521
1522 case LC_CODE_SIGNATURE:
1523 pThis->offCodeSignature = u.pData->dataoff;
1524 pThis->cbCodeSignature = u.pData->datasize;
1525 break;
1526
1527 default:
1528 break;
1529 } /* command switch */
1530 } /* while more commands */
1531
1532 Assert(pDstSeg == &pThis->aSegments[cSegments - pThis->fMakeGot]);
1533
1534 /*
1535 * Adjust mapping addresses calculating the image size.
1536 */
1537 {
1538 bool fLoadLinkEdit = RT_BOOL(pThis->fOpenFlags & RTLDR_O_MACHO_LOAD_LINKEDIT);
1539 PRTLDRMODMACHOSECT pSectExtraItr;
1540 RTLDRADDR uNextRVA = 0;
1541 RTLDRADDR cb;
1542 uint32_t cSegmentsToAdjust = cSegments - pThis->fMakeGot;
1543 uint32_t c;
1544
1545 for (;;)
1546 {
1547 /* Check if there is __DWARF segment at the end and make sure it's left
1548 out of the RVA negotiations and image loading. */
1549 if ( cSegmentsToAdjust > 0
1550 && !strcmp(pThis->aSegments[cSegmentsToAdjust - 1].SegInfo.pszName, "__DWARF"))
1551 {
1552 cSegmentsToAdjust--;
1553 pThis->aSegments[cSegmentsToAdjust].SegInfo.RVA = NIL_RTLDRADDR;
1554 pThis->aSegments[cSegmentsToAdjust].SegInfo.cbMapped = NIL_RTLDRADDR;
1555 continue;
1556 }
1557
1558 /* If we're skipping the __LINKEDIT segment, check for it and adjust
1559 the number of segments we'll be messing with here. ASSUMES it's
1560 last (typcially is, but not always for mach_kernel). */
1561 if ( !fLoadLinkEdit
1562 && cSegmentsToAdjust > 0
1563 && !strcmp(pThis->aSegments[cSegmentsToAdjust - 1].SegInfo.pszName, "__LINKEDIT"))
1564 {
1565 cSegmentsToAdjust--;
1566 pThis->aSegments[cSegmentsToAdjust].SegInfo.RVA = NIL_RTLDRADDR;
1567 pThis->aSegments[cSegmentsToAdjust].SegInfo.cbMapped = NIL_RTLDRADDR;
1568 continue;
1569 }
1570 break;
1571 }
1572
1573 /* Adjust RVAs. */
1574 c = cSegmentsToAdjust;
1575 for (pDstSeg = &pThis->aSegments[0]; c-- > 0; pDstSeg++)
1576 {
1577 uNextRVA = RTLDR_ALIGN_ADDR(uNextRVA, pDstSeg->SegInfo.Alignment);
1578 cb = pDstSeg->SegInfo.RVA - uNextRVA;
1579 if (cb >= 0x00100000) /* 1MB */
1580 {
1581 pDstSeg->SegInfo.RVA = uNextRVA;
1582 //pThis->pMod->fFlags |= KLDRMOD_FLAGS_NON_CONTIGUOUS_LINK_ADDRS;
1583 }
1584 uNextRVA = pDstSeg->SegInfo.RVA + pDstSeg->SegInfo.cb;
1585 }
1586
1587 /* Calculate the cbMapping members. */
1588 c = cSegmentsToAdjust;
1589 for (pDstSeg = &pThis->aSegments[0]; c-- > 1; pDstSeg++)
1590 {
1591
1592 cb = pDstSeg[1].SegInfo.RVA - pDstSeg->SegInfo.RVA;
1593 pDstSeg->SegInfo.cbMapped = (size_t)cb == cb ? (size_t)cb : ~(size_t)0;
1594 }
1595
1596 cb = RTLDR_ALIGN_ADDR(pDstSeg->SegInfo.cb, pDstSeg->SegInfo.Alignment);
1597 pDstSeg->SegInfo.cbMapped = (size_t)cb == cb ? (size_t)cb : ~(size_t)0;
1598
1599 /* Set the image size. */
1600 pThis->cbImage = pDstSeg->SegInfo.RVA + cb;
1601
1602 /* Fixup the section RVAs (internal). */
1603 c = cSegmentsToAdjust;
1604 uNextRVA = pThis->cbImage;
1605 pDstSeg = &pThis->aSegments[0];
1606 for (pSectExtraItr = pThis->paSections; pSectExtraItr != pSectExtra; pSectExtraItr++)
1607 {
1608 if (pSectExtraItr->iSegment < c)
1609 pSectExtraItr->RVA += pDstSeg[pSectExtraItr->iSegment].SegInfo.RVA;
1610 else
1611 {
1612 pSectExtraItr->RVA = uNextRVA;
1613 uNextRVA += RTLDR_ALIGN_ADDR(pSectExtraItr->cb, 64);
1614 }
1615 }
1616 }
1617
1618 /*
1619 * Make the GOT segment if necessary.
1620 */
1621 if (pThis->fMakeGot)
1622 {
1623 uint32_t cbPtr = ( pThis->Hdr.magic == IMAGE_MACHO32_SIGNATURE
1624 || pThis->Hdr.magic == IMAGE_MACHO32_SIGNATURE_OE)
1625 ? sizeof(uint32_t)
1626 : sizeof(uint64_t);
1627 uint32_t cbGot = pThis->cSymbols * cbPtr;
1628 uint32_t cbJmpStubs;
1629
1630 pThis->GotRVA = pThis->cbImage;
1631
1632 if (pThis->cbJmpStub)
1633 {
1634 cbGot = RT_ALIGN_Z(cbGot, 64);
1635 pThis->JmpStubsRVA = pThis->GotRVA + cbGot;
1636 cbJmpStubs = pThis->cbJmpStub * pThis->cSymbols;
1637 }
1638 else
1639 {
1640 pThis->JmpStubsRVA = NIL_RTLDRADDR;
1641 cbJmpStubs = 0;
1642 }
1643
1644 pDstSeg = &pThis->aSegments[cSegments - 1];
1645 pDstSeg->SegInfo.pszName = "GOT";
1646 pDstSeg->SegInfo.cchName = 3;
1647 pDstSeg->SegInfo.SelFlat = 0;
1648 pDstSeg->SegInfo.Sel16bit = 0;
1649 pDstSeg->SegInfo.fFlags = 0;
1650 pDstSeg->SegInfo.fProt = RTMEM_PROT_READ;
1651 pDstSeg->SegInfo.cb = cbGot + cbJmpStubs;
1652 pDstSeg->SegInfo.Alignment = 64;
1653 pDstSeg->SegInfo.LinkAddress = pThis->LinkAddress + pThis->GotRVA;
1654 pDstSeg->SegInfo.offFile = -1;
1655 pDstSeg->SegInfo.cbFile = -1;
1656 pDstSeg->SegInfo.RVA = pThis->GotRVA;
1657 pDstSeg->SegInfo.cbMapped = (size_t)RTLDR_ALIGN_ADDR(cbGot + cbJmpStubs, pDstSeg->SegInfo.Alignment);
1658
1659 pDstSeg->iOrgSegNo = UINT32_MAX;
1660 pDstSeg->cSections = 0;
1661 pDstSeg->paSections = NULL;
1662
1663 pThis->cbImage += pDstSeg->SegInfo.cbMapped;
1664 }
1665
1666 return VINF_SUCCESS;
1667}
1668
1669
1670/**
1671 * @interface_method_impl{RTLDROPS,pfnClose}
1672 */
1673static DECLCALLBACK(int) rtldrMachO_Close(PRTLDRMODINTERNAL pMod)
1674{
1675 PRTLDRMODMACHO pThis = RT_FROM_MEMBER(pMod, RTLDRMODMACHO, Core);
1676 RTLDRMODMACHO_ASSERT(!pThis->pvMapping);
1677
1678 uint32_t i = pThis->cSegments;
1679 while (i-- > 0)
1680 {
1681 uint32_t j = pThis->aSegments[i].cSections;
1682 while (j-- > 0)
1683 {
1684 RTMemFree(pThis->aSegments[i].paSections[j].paFixups);
1685 pThis->aSegments[i].paSections[j].paFixups = NULL;
1686 RTMemFree(pThis->aSegments[i].paSections[j].pauFixupVirginData);
1687 pThis->aSegments[i].paSections[j].pauFixupVirginData = NULL;
1688 }
1689 }
1690
1691 RTMemFree(pThis->pbLoadCommands);
1692 pThis->pbLoadCommands = NULL;
1693 RTMemFree(pThis->pchStrings);
1694 pThis->pchStrings = NULL;
1695 RTMemFree(pThis->pvaSymbols);
1696 pThis->pvaSymbols = NULL;
1697 RTMemFree(pThis->paidxIndirectSymbols);
1698 pThis->paidxIndirectSymbols = NULL;
1699 RTMemFree(pThis->paRelocations);
1700 pThis->paRelocations = NULL;
1701 RTMemFree(pThis->pauRelocationsVirginData);
1702 pThis->pauRelocationsVirginData = NULL;
1703 RTMemFree(pThis->PtrCodeSignature.pb);
1704 pThis->PtrCodeSignature.pb = NULL;
1705
1706 return VINF_SUCCESS;
1707}
1708
1709
1710/**
1711 * Gets the right base address.
1712 *
1713 * @param pThis The interpreter module instance
1714 * @param pBaseAddress The base address, IN & OUT. Optional.
1715 */
1716static void kldrModMachOAdjustBaseAddress(PRTLDRMODMACHO pThis, PRTLDRADDR pBaseAddress)
1717{
1718 /*
1719 * Adjust the base address.
1720 */
1721 if (*pBaseAddress == RTLDR_BASEADDRESS_LINK)
1722 *pBaseAddress = pThis->LinkAddress;
1723}
1724
1725
1726/**
1727 * Resolves a linker generated symbol.
1728 *
1729 * The Apple linker generates symbols indicating the start and end of sections
1730 * and segments. This function checks for these and returns the right value.
1731 *
1732 * @returns VINF_SUCCESS or VERR_SYMBOL_NOT_FOUND.
1733 * @param pThis The interpreter module instance.
1734 * @param pchSymbol The symbol.
1735 * @param cchSymbol The length of the symbol.
1736 * @param BaseAddress The base address to apply when calculating the
1737 * value.
1738 * @param puValue Where to return the symbol value.
1739 */
1740static int kldrModMachOQueryLinkerSymbol(PRTLDRMODMACHO pThis, const char *pchSymbol, size_t cchSymbol,
1741 RTLDRADDR BaseAddress, PRTLDRADDR puValue)
1742{
1743 /*
1744 * Match possible name prefixes.
1745 */
1746 static const struct
1747 {
1748 const char *pszPrefix;
1749 uint32_t cchPrefix;
1750 bool fSection;
1751 bool fStart;
1752 } s_aPrefixes[] =
1753 {
1754 { "section$start$", (uint8_t)sizeof("section$start$") - 1, true, true },
1755 { "section$end$", (uint8_t)sizeof("section$end$") - 1, true, false},
1756 { "segment$start$", (uint8_t)sizeof("segment$start$") - 1, false, true },
1757 { "segment$end$", (uint8_t)sizeof("segment$end$") - 1, false, false},
1758 };
1759 size_t cchSectName = 0;
1760 const char *pchSectName = "";
1761 size_t cchSegName = 0;
1762 const char *pchSegName = NULL;
1763 uint32_t iPrefix = RT_ELEMENTS(s_aPrefixes) - 1;
1764 uint32_t iSeg;
1765 RTLDRADDR uValue;
1766
1767 for (;;)
1768 {
1769 uint8_t const cchPrefix = s_aPrefixes[iPrefix].cchPrefix;
1770 if ( cchSymbol > cchPrefix
1771 && strncmp(pchSymbol, s_aPrefixes[iPrefix].pszPrefix, cchPrefix) == 0)
1772 {
1773 pchSegName = pchSymbol + cchPrefix;
1774 cchSegName = cchSymbol - cchPrefix;
1775 break;
1776 }
1777
1778 /* next */
1779 if (!iPrefix)
1780 return VERR_SYMBOL_NOT_FOUND;
1781 iPrefix--;
1782 }
1783
1784 /*
1785 * Split the remainder into segment and section name, if necessary.
1786 */
1787 if (s_aPrefixes[iPrefix].fSection)
1788 {
1789 pchSectName = (const char *)memchr(pchSegName, '$', cchSegName);
1790 if (!pchSectName)
1791 return VERR_SYMBOL_NOT_FOUND;
1792 cchSegName = pchSectName - pchSegName;
1793 pchSectName++;
1794 cchSectName = cchSymbol - (pchSectName - pchSymbol);
1795 }
1796
1797 /*
1798 * Locate the segment.
1799 */
1800 if (!pThis->cSegments)
1801 return VERR_SYMBOL_NOT_FOUND;
1802 for (iSeg = 0; iSeg < pThis->cSegments; iSeg++)
1803 {
1804 if ( pThis->aSegments[iSeg].SegInfo.cchName >= cchSegName
1805 && memcmp(pThis->aSegments[iSeg].SegInfo.pszName, pchSegName, cchSegName) == 0)
1806 {
1807 section_32_t const *pSect;
1808 if ( pThis->aSegments[iSeg].SegInfo.cchName == cchSegName
1809 && pThis->Hdr.filetype != MH_OBJECT /* Good enough for __DWARF segs in MH_DHSYM, I hope. */)
1810 break;
1811
1812 pSect = (section_32_t *)pThis->aSegments[iSeg].paSections[0].pvMachoSection;
1813 if ( pThis->uEffFileType == MH_OBJECT
1814 && pThis->aSegments[iSeg].SegInfo.cchName > cchSegName + 1
1815 && pThis->aSegments[iSeg].SegInfo.pszName[cchSegName] == '.'
1816 && strncmp(&pThis->aSegments[iSeg].SegInfo.pszName[cchSegName + 1], pSect->sectname, sizeof(pSect->sectname)) == 0
1817 && pThis->aSegments[iSeg].SegInfo.cchName - cchSegName - 1 <= sizeof(pSect->sectname) )
1818 break;
1819 }
1820 }
1821 if (iSeg >= pThis->cSegments)
1822 return VERR_SYMBOL_NOT_FOUND;
1823
1824 if (!s_aPrefixes[iPrefix].fSection)
1825 {
1826 /*
1827 * Calculate the segment start/end address.
1828 */
1829 uValue = pThis->aSegments[iSeg].SegInfo.RVA;
1830 if (!s_aPrefixes[iPrefix].fStart)
1831 uValue += pThis->aSegments[iSeg].SegInfo.cb;
1832 }
1833 else
1834 {
1835 /*
1836 * Locate the section.
1837 */
1838 uint32_t iSect = pThis->aSegments[iSeg].cSections;
1839 if (!iSect)
1840 return VERR_SYMBOL_NOT_FOUND;
1841 for (;;)
1842 {
1843 section_32_t *pSect = (section_32_t *)pThis->aSegments[iSeg].paSections[iSect].pvMachoSection;
1844 if ( cchSectName <= sizeof(pSect->sectname)
1845 && memcmp(pSect->sectname, pchSectName, cchSectName) == 0
1846 && ( cchSectName == sizeof(pSect->sectname)
1847 || pSect->sectname[cchSectName] == '\0') )
1848 break;
1849 /* next */
1850 if (!iSect)
1851 return VERR_SYMBOL_NOT_FOUND;
1852 iSect--;
1853 }
1854
1855 uValue = pThis->aSegments[iSeg].paSections[iSect].RVA;
1856 if (!s_aPrefixes[iPrefix].fStart)
1857 uValue += pThis->aSegments[iSeg].paSections[iSect].cb;
1858 }
1859
1860 /*
1861 * Convert from RVA to load address.
1862 */
1863 uValue += BaseAddress;
1864 if (puValue)
1865 *puValue = uValue;
1866
1867 return VINF_SUCCESS;
1868}
1869
1870
1871/**
1872 * @interface_method_impl{RTLDROPS,pfnGetSymbolEx}
1873 */
1874static DECLCALLBACK(int) rtldrMachO_GetSymbolEx(PRTLDRMODINTERNAL pMod, const void *pvBits, RTUINTPTR BaseAddress,
1875 uint32_t iOrdinal, const char *pszSymbol, RTUINTPTR *pValue)
1876{
1877 PRTLDRMODMACHO pThis = RT_FROM_MEMBER(pMod, RTLDRMODMACHO, Core);
1878 RT_NOREF(pvBits);
1879 //RT_NOREF(pszVersion);
1880 //RT_NOREF(pfnGetForwarder);
1881 //RT_NOREF(pvUser);
1882 uint32_t fKind = RTLDRSYMKIND_REQ_FLAT;
1883 uint32_t *pfKind = &fKind;
1884 size_t cchSymbol = pszSymbol ? strlen(pszSymbol) : 0;
1885
1886 /*
1887 * Resolve defaults.
1888 */
1889 kldrModMachOAdjustBaseAddress(pThis, &BaseAddress);
1890
1891 /*
1892 * Refuse segmented requests for now.
1893 */
1894 RTLDRMODMACHO_CHECK_RETURN( !pfKind
1895 || (*pfKind & RTLDRSYMKIND_REQ_TYPE_MASK) == RTLDRSYMKIND_REQ_FLAT,
1896 VERR_LDRMACHO_TODO);
1897
1898 /*
1899 * Take action according to file type.
1900 */
1901 int rc;
1902 if ( pThis->Hdr.filetype == MH_OBJECT
1903 || pThis->Hdr.filetype == MH_EXECUTE /** @todo dylib, execute, dsym: symbols */
1904 || pThis->Hdr.filetype == MH_DYLIB
1905 || pThis->Hdr.filetype == MH_BUNDLE
1906 || pThis->Hdr.filetype == MH_DSYM
1907 || pThis->Hdr.filetype == MH_KEXT_BUNDLE)
1908 {
1909 rc = kldrModMachOLoadObjSymTab(pThis);
1910 if (RT_SUCCESS(rc))
1911 {
1912 if ( pThis->Hdr.magic == IMAGE_MACHO32_SIGNATURE
1913 || pThis->Hdr.magic == IMAGE_MACHO32_SIGNATURE_OE)
1914 rc = kldrModMachODoQuerySymbol32Bit(pThis, (macho_nlist_32_t *)pThis->pvaSymbols, pThis->cSymbols,
1915 pThis->pchStrings, pThis->cchStrings, BaseAddress, iOrdinal, pszSymbol,
1916 (uint32_t)cchSymbol, pValue, pfKind);
1917 else
1918 rc = kldrModMachODoQuerySymbol64Bit(pThis, (macho_nlist_64_t *)pThis->pvaSymbols, pThis->cSymbols,
1919 pThis->pchStrings, pThis->cchStrings, BaseAddress, iOrdinal, pszSymbol,
1920 (uint32_t)cchSymbol, pValue, pfKind);
1921 }
1922
1923 /*
1924 * Check for link-editor generated symbols and supply what we can.
1925 *
1926 * As small service to clients that insists on adding a '_' prefix
1927 * before querying symbols, we will ignore the prefix.
1928 */
1929 if ( rc == VERR_SYMBOL_NOT_FOUND
1930 && cchSymbol > sizeof("section$end$") - 1
1931 && ( pszSymbol[0] == 's'
1932 || (pszSymbol[1] == 's' && pszSymbol[0] == '_') )
1933 && memchr(pszSymbol, '$', cchSymbol) )
1934 {
1935 if (pszSymbol[0] == '_')
1936 rc = kldrModMachOQueryLinkerSymbol(pThis, pszSymbol + 1, cchSymbol - 1, BaseAddress, pValue);
1937 else
1938 rc = kldrModMachOQueryLinkerSymbol(pThis, pszSymbol, cchSymbol, BaseAddress, pValue);
1939 }
1940 }
1941 else
1942 rc = VERR_LDRMACHO_TODO;
1943
1944 return rc;
1945}
1946
1947
1948/**
1949 * Lookup a symbol in a 32-bit symbol table.
1950 *
1951 * @returns IPRT status code.
1952 * @param pThis
1953 * @param paSyms Pointer to the symbol table.
1954 * @param cSyms Number of symbols in the table.
1955 * @param pchStrings Pointer to the string table.
1956 * @param cchStrings Size of the string table.
1957 * @param BaseAddress Adjusted base address, see kLdrModQuerySymbol.
1958 * @param iSymbol See kLdrModQuerySymbol.
1959 * @param pchSymbol See kLdrModQuerySymbol.
1960 * @param cchSymbol See kLdrModQuerySymbol.
1961 * @param puValue See kLdrModQuerySymbol.
1962 * @param pfKind See kLdrModQuerySymbol.
1963 */
1964static int kldrModMachODoQuerySymbol32Bit(PRTLDRMODMACHO pThis, const macho_nlist_32_t *paSyms, uint32_t cSyms,
1965 const char *pchStrings, uint32_t cchStrings, RTLDRADDR BaseAddress, uint32_t iSymbol,
1966 const char *pchSymbol, uint32_t cchSymbol, PRTLDRADDR puValue, uint32_t *pfKind)
1967{
1968 /*
1969 * Find a valid symbol matching the search criteria.
1970 */
1971 if (iSymbol == UINT32_MAX)
1972 {
1973 /* simplify validation. */
1974 /** @todo figure out a better way to deal with underscore prefixes. sigh. */
1975 if (cchStrings <= cchSymbol + 1)
1976 return VERR_SYMBOL_NOT_FOUND;
1977 cchStrings -= cchSymbol + 1;
1978
1979 /* external symbols are usually at the end, so search the other way. */
1980 for (iSymbol = cSyms - 1; iSymbol != UINT32_MAX; iSymbol--)
1981 {
1982 const char *psz;
1983
1984 /* Skip irrellevant and non-public symbols. */
1985 if (paSyms[iSymbol].n_type & MACHO_N_STAB)
1986 continue;
1987 if ((paSyms[iSymbol].n_type & MACHO_N_TYPE) == MACHO_N_UNDF)
1988 continue;
1989 if (!(paSyms[iSymbol].n_type & MACHO_N_EXT)) /*??*/
1990 continue;
1991 if (paSyms[iSymbol].n_type & MACHO_N_PEXT) /*??*/
1992 continue;
1993
1994 /* get name */
1995 if (!paSyms[iSymbol].n_un.n_strx)
1996 continue;
1997 if ((uint32_t)paSyms[iSymbol].n_un.n_strx >= cchStrings)
1998 continue;
1999 psz = &pchStrings[paSyms[iSymbol].n_un.n_strx];
2000 if (psz[cchSymbol + 1])
2001 continue;
2002 /** @todo figure out a better way to deal with underscore prefixes. sigh. */
2003 if (*psz != '_' || memcmp(psz + 1, pchSymbol, cchSymbol))
2004 continue;
2005
2006 /* match! */
2007 break;
2008 }
2009 if (iSymbol == UINT32_MAX)
2010 return VERR_SYMBOL_NOT_FOUND;
2011 }
2012 else
2013 {
2014 if (iSymbol >= cSyms)
2015 return VERR_SYMBOL_NOT_FOUND;
2016 if (paSyms[iSymbol].n_type & MACHO_N_STAB)
2017 return VERR_SYMBOL_NOT_FOUND;
2018 if ((paSyms[iSymbol].n_type & MACHO_N_TYPE) == MACHO_N_UNDF)
2019 return VERR_SYMBOL_NOT_FOUND;
2020 }
2021
2022 /*
2023 * Calc the return values.
2024 */
2025 if (pfKind)
2026 {
2027 if ( pThis->Hdr.magic == IMAGE_MACHO32_SIGNATURE
2028 || pThis->Hdr.magic == IMAGE_MACHO32_SIGNATURE_OE)
2029 *pfKind = RTLDRSYMKIND_32BIT | RTLDRSYMKIND_NO_TYPE;
2030 else
2031 *pfKind = RTLDRSYMKIND_64BIT | RTLDRSYMKIND_NO_TYPE;
2032 if (paSyms[iSymbol].n_desc & N_WEAK_DEF)
2033 *pfKind |= RTLDRSYMKIND_WEAK;
2034 }
2035
2036 switch (paSyms[iSymbol].n_type & MACHO_N_TYPE)
2037 {
2038 case MACHO_N_SECT:
2039 {
2040 PRTLDRMODMACHOSECT pSect;
2041 RTLDRADDR offSect;
2042 RTLDRMODMACHO_CHECK_RETURN((uint32_t)(paSyms[iSymbol].n_sect - 1) < pThis->cSections, VERR_LDRMACHO_BAD_SYMBOL);
2043 pSect = &pThis->paSections[paSyms[iSymbol].n_sect - 1];
2044
2045 offSect = paSyms[iSymbol].n_value - pSect->LinkAddress;
2046 RTLDRMODMACHO_CHECK_RETURN( offSect <= pSect->cb
2047 || ( paSyms[iSymbol].n_sect == 1 /* special hack for __mh_execute_header */
2048 && offSect == 0U - pSect->RVA
2049 && pThis->uEffFileType != MH_OBJECT),
2050 VERR_LDRMACHO_BAD_SYMBOL);
2051 if (puValue)
2052 *puValue = BaseAddress + pSect->RVA + offSect;
2053
2054 if ( pfKind
2055 && (pSect->fFlags & (S_ATTR_PURE_INSTRUCTIONS | S_ATTR_SELF_MODIFYING_CODE)))
2056 *pfKind = (*pfKind & ~RTLDRSYMKIND_TYPE_MASK) | RTLDRSYMKIND_CODE;
2057 break;
2058 }
2059
2060 case MACHO_N_ABS:
2061 if (puValue)
2062 *puValue = paSyms[iSymbol].n_value;
2063 /*if (pfKind)
2064 pfKind |= RTLDRSYMKIND_ABS;*/
2065 break;
2066
2067 case MACHO_N_PBUD:
2068 case MACHO_N_INDR:
2069 /** @todo implement indirect and prebound symbols. */
2070 default:
2071 RTLDRMODMACHO_FAILED_RETURN(VERR_LDRMACHO_TODO);
2072 }
2073
2074 return VINF_SUCCESS;
2075}
2076
2077
2078/**
2079 * Lookup a symbol in a 64-bit symbol table.
2080 *
2081 * @returns IPRT status code.
2082 * @param pThis
2083 * @param paSyms Pointer to the symbol table.
2084 * @param cSyms Number of symbols in the table.
2085 * @param pchStrings Pointer to the string table.
2086 * @param cchStrings Size of the string table.
2087 * @param BaseAddress Adjusted base address, see kLdrModQuerySymbol.
2088 * @param iSymbol See kLdrModQuerySymbol.
2089 * @param pchSymbol See kLdrModQuerySymbol.
2090 * @param cchSymbol See kLdrModQuerySymbol.
2091 * @param puValue See kLdrModQuerySymbol.
2092 * @param pfKind See kLdrModQuerySymbol.
2093 */
2094static int kldrModMachODoQuerySymbol64Bit(PRTLDRMODMACHO pThis, const macho_nlist_64_t *paSyms, uint32_t cSyms,
2095 const char *pchStrings, uint32_t cchStrings, RTLDRADDR BaseAddress, uint32_t iSymbol,
2096 const char *pchSymbol, uint32_t cchSymbol, PRTLDRADDR puValue, uint32_t *pfKind)
2097{
2098 /*
2099 * Find a valid symbol matching the search criteria.
2100 */
2101 if (iSymbol == UINT32_MAX)
2102 {
2103 /* simplify validation. */
2104 /** @todo figure out a better way to deal with underscore prefixes. sigh. */
2105 if (cchStrings <= cchSymbol + 1)
2106 return VERR_SYMBOL_NOT_FOUND;
2107 cchStrings -= cchSymbol + 1;
2108
2109 /* external symbols are usually at the end, so search the other way. */
2110 for (iSymbol = cSyms - 1; iSymbol != UINT32_MAX; iSymbol--)
2111 {
2112 const char *psz;
2113
2114 /* Skip irrellevant and non-public symbols. */
2115 if (paSyms[iSymbol].n_type & MACHO_N_STAB)
2116 continue;
2117 if ((paSyms[iSymbol].n_type & MACHO_N_TYPE) == MACHO_N_UNDF)
2118 continue;
2119 if (!(paSyms[iSymbol].n_type & MACHO_N_EXT)) /*??*/
2120 continue;
2121 if (paSyms[iSymbol].n_type & MACHO_N_PEXT) /*??*/
2122 continue;
2123
2124 /* get name */
2125 if (!paSyms[iSymbol].n_un.n_strx)
2126 continue;
2127 if ((uint32_t)paSyms[iSymbol].n_un.n_strx >= cchStrings)
2128 continue;
2129 psz = &pchStrings[paSyms[iSymbol].n_un.n_strx];
2130 if (psz[cchSymbol + 1])
2131 continue;
2132 if (*psz != '_' || memcmp(psz + 1, pchSymbol, cchSymbol))
2133 continue;
2134
2135 /* match! */
2136 break;
2137 }
2138 if (iSymbol == UINT32_MAX)
2139 return VERR_SYMBOL_NOT_FOUND;
2140 }
2141 else
2142 {
2143 if (iSymbol >= cSyms)
2144 return VERR_SYMBOL_NOT_FOUND;
2145 if (paSyms[iSymbol].n_type & MACHO_N_STAB)
2146 return VERR_SYMBOL_NOT_FOUND;
2147 if ((paSyms[iSymbol].n_type & MACHO_N_TYPE) == MACHO_N_UNDF)
2148 return VERR_SYMBOL_NOT_FOUND;
2149 }
2150
2151 /*
2152 * Calc the return values.
2153 */
2154 if (pfKind)
2155 {
2156 if ( pThis->Hdr.magic == IMAGE_MACHO32_SIGNATURE
2157 || pThis->Hdr.magic == IMAGE_MACHO32_SIGNATURE_OE)
2158 *pfKind = RTLDRSYMKIND_32BIT | RTLDRSYMKIND_NO_TYPE;
2159 else
2160 *pfKind = RTLDRSYMKIND_64BIT | RTLDRSYMKIND_NO_TYPE;
2161 if (paSyms[iSymbol].n_desc & N_WEAK_DEF)
2162 *pfKind |= RTLDRSYMKIND_WEAK;
2163 }
2164
2165 switch (paSyms[iSymbol].n_type & MACHO_N_TYPE)
2166 {
2167 case MACHO_N_SECT:
2168 {
2169 PRTLDRMODMACHOSECT pSect;
2170 RTLDRADDR offSect;
2171 RTLDRMODMACHO_CHECK_RETURN((uint32_t)(paSyms[iSymbol].n_sect - 1) < pThis->cSections, VERR_LDRMACHO_BAD_SYMBOL);
2172 pSect = &pThis->paSections[paSyms[iSymbol].n_sect - 1];
2173
2174 offSect = paSyms[iSymbol].n_value - pSect->LinkAddress;
2175 RTLDRMODMACHO_CHECK_RETURN( offSect <= pSect->cb
2176 || ( paSyms[iSymbol].n_sect == 1 /* special hack for __mh_execute_header */
2177 && offSect == 0U - pSect->RVA
2178 && pThis->uEffFileType != MH_OBJECT),
2179 VERR_LDRMACHO_BAD_SYMBOL);
2180 if (puValue)
2181 *puValue = BaseAddress + pSect->RVA + offSect;
2182
2183 if ( pfKind
2184 && (pSect->fFlags & (S_ATTR_PURE_INSTRUCTIONS | S_ATTR_SELF_MODIFYING_CODE)))
2185 *pfKind = (*pfKind & ~RTLDRSYMKIND_TYPE_MASK) | RTLDRSYMKIND_CODE;
2186 break;
2187 }
2188
2189 case MACHO_N_ABS:
2190 if (puValue)
2191 *puValue = paSyms[iSymbol].n_value;
2192 /*if (pfKind)
2193 pfKind |= RTLDRSYMKIND_ABS;*/
2194 break;
2195
2196 case MACHO_N_PBUD:
2197 case MACHO_N_INDR:
2198 /** @todo implement indirect and prebound symbols. */
2199 default:
2200 RTLDRMODMACHO_FAILED_RETURN(VERR_LDRMACHO_TODO);
2201 }
2202
2203 return VINF_SUCCESS;
2204}
2205
2206
2207/**
2208 * @interface_method_impl{RTLDROPS,pfnEnumSymbols}
2209 */
2210static DECLCALLBACK(int) rtldrMachO_EnumSymbols(PRTLDRMODINTERNAL pMod, unsigned fFlags, const void *pvBits,
2211 RTUINTPTR BaseAddress, PFNRTLDRENUMSYMS pfnCallback, void *pvUser)
2212{
2213 PRTLDRMODMACHO pThis = RT_FROM_MEMBER(pMod, RTLDRMODMACHO, Core);
2214 RT_NOREF(pvBits);
2215
2216 /*
2217 * Resolve defaults.
2218 */
2219 kldrModMachOAdjustBaseAddress(pThis, &BaseAddress);
2220
2221 /*
2222 * Take action according to file type.
2223 */
2224 int rc;
2225 if ( pThis->Hdr.filetype == MH_OBJECT
2226 || pThis->Hdr.filetype == MH_EXECUTE /** @todo dylib, execute, dsym: symbols */
2227 || pThis->Hdr.filetype == MH_DYLIB
2228 || pThis->Hdr.filetype == MH_BUNDLE
2229 || pThis->Hdr.filetype == MH_DSYM
2230 || pThis->Hdr.filetype == MH_KEXT_BUNDLE)
2231 {
2232 rc = kldrModMachOLoadObjSymTab(pThis);
2233 if (RT_SUCCESS(rc))
2234 {
2235 if ( pThis->Hdr.magic == IMAGE_MACHO32_SIGNATURE
2236 || pThis->Hdr.magic == IMAGE_MACHO32_SIGNATURE_OE)
2237 rc = kldrModMachODoEnumSymbols32Bit(pThis, (macho_nlist_32_t *)pThis->pvaSymbols, pThis->cSymbols,
2238 pThis->pchStrings, pThis->cchStrings, BaseAddress,
2239 fFlags, pfnCallback, pvUser);
2240 else
2241 rc = kldrModMachODoEnumSymbols64Bit(pThis, (macho_nlist_64_t *)pThis->pvaSymbols, pThis->cSymbols,
2242 pThis->pchStrings, pThis->cchStrings, BaseAddress,
2243 fFlags, pfnCallback, pvUser);
2244 }
2245 }
2246 else
2247 RTLDRMODMACHO_FAILED_RETURN(VERR_LDRMACHO_TODO);
2248
2249 return rc;
2250}
2251
2252
2253/**
2254 * Enum a 32-bit symbol table.
2255 *
2256 * @returns IPRT status code.
2257 * @param pThis
2258 * @param paSyms Pointer to the symbol table.
2259 * @param cSyms Number of symbols in the table.
2260 * @param pchStrings Pointer to the string table.
2261 * @param cchStrings Size of the string table.
2262 * @param BaseAddress Adjusted base address, see kLdrModEnumSymbols.
2263 * @param fFlags See kLdrModEnumSymbols.
2264 * @param pfnCallback See kLdrModEnumSymbols.
2265 * @param pvUser See kLdrModEnumSymbols.
2266 */
2267static int kldrModMachODoEnumSymbols32Bit(PRTLDRMODMACHO pThis, const macho_nlist_32_t *paSyms, uint32_t cSyms,
2268 const char *pchStrings, uint32_t cchStrings, RTLDRADDR BaseAddress,
2269 uint32_t fFlags, PFNRTLDRENUMSYMS pfnCallback, void *pvUser)
2270{
2271 const uint32_t fKindBase = pThis->Hdr.magic == IMAGE_MACHO32_SIGNATURE
2272 || pThis->Hdr.magic == IMAGE_MACHO32_SIGNATURE_OE
2273 ? RTLDRSYMKIND_32BIT : RTLDRSYMKIND_64BIT;
2274 uint32_t iSym;
2275 int rc;
2276
2277 /*
2278 * Iterate the symbol table.
2279 */
2280 for (iSym = 0; iSym < cSyms; iSym++)
2281 {
2282 uint32_t fKind;
2283 RTLDRADDR uValue;
2284 const char *psz;
2285 size_t cch;
2286
2287 /* Skip debug symbols and undefined symbols. */
2288 if (paSyms[iSym].n_type & MACHO_N_STAB)
2289 continue;
2290 if ((paSyms[iSym].n_type & MACHO_N_TYPE) == MACHO_N_UNDF)
2291 continue;
2292
2293 /* Skip non-public symbols unless they are requested explicitly. */
2294 if (!(fFlags & RTLDR_ENUM_SYMBOL_FLAGS_ALL))
2295 {
2296 if (!(paSyms[iSym].n_type & MACHO_N_EXT)) /*??*/
2297 continue;
2298 if (paSyms[iSym].n_type & MACHO_N_PEXT) /*??*/
2299 continue;
2300 if (!paSyms[iSym].n_un.n_strx)
2301 continue;
2302 }
2303
2304 /*
2305 * Gather symbol info
2306 */
2307
2308 /* name */
2309 RTLDRMODMACHO_CHECK_RETURN((uint32_t)paSyms[iSym].n_un.n_strx < cchStrings, VERR_LDRMACHO_BAD_SYMBOL);
2310 psz = &pchStrings[paSyms[iSym].n_un.n_strx];
2311 cch = strlen(psz);
2312 if (!cch)
2313 psz = NULL;
2314
2315 /* kind & value */
2316 fKind = fKindBase;
2317 if (paSyms[iSym].n_desc & N_WEAK_DEF)
2318 fKind |= RTLDRSYMKIND_WEAK;
2319 switch (paSyms[iSym].n_type & MACHO_N_TYPE)
2320 {
2321 case MACHO_N_SECT:
2322 {
2323 PRTLDRMODMACHOSECT pSect;
2324 RTLDRMODMACHO_CHECK_RETURN((uint32_t)(paSyms[iSym].n_sect - 1) < pThis->cSections, VERR_LDRMACHO_BAD_SYMBOL);
2325 pSect = &pThis->paSections[paSyms[iSym].n_sect - 1];
2326
2327 uValue = paSyms[iSym].n_value - pSect->LinkAddress;
2328 RTLDRMODMACHO_CHECK_RETURN( uValue <= pSect->cb
2329 || ( paSyms[iSym].n_sect == 1 /* special hack for __mh_execute_header */
2330 && uValue == 0U - pSect->RVA
2331 && pThis->uEffFileType != MH_OBJECT),
2332 VERR_LDRMACHO_BAD_SYMBOL);
2333 uValue += BaseAddress + pSect->RVA;
2334
2335 if (pSect->fFlags & (S_ATTR_PURE_INSTRUCTIONS | S_ATTR_SELF_MODIFYING_CODE))
2336 fKind |= RTLDRSYMKIND_CODE;
2337 else
2338 fKind |= RTLDRSYMKIND_NO_TYPE;
2339 break;
2340 }
2341
2342 case MACHO_N_ABS:
2343 uValue = paSyms[iSym].n_value;
2344 fKind |= RTLDRSYMKIND_NO_TYPE /*RTLDRSYMKIND_ABS*/;
2345 break;
2346
2347 case MACHO_N_PBUD:
2348 case MACHO_N_INDR:
2349 /** @todo implement indirect and prebound symbols. */
2350 default:
2351 RTLDRMODMACHO_FAILED_RETURN(VERR_LDRMACHO_TODO);
2352 }
2353
2354 /*
2355 * Do callback.
2356 */
2357 /** @todo figure out a better way to deal with underscore prefixes. sigh. */
2358 if (cch > 1 && *psz == '_')
2359 psz++;
2360 rc = pfnCallback(&pThis->Core, psz, iSym, uValue/*, fKind*/, pvUser);
2361 if (rc != VINF_SUCCESS)
2362 return rc;
2363 }
2364 return VINF_SUCCESS;
2365}
2366
2367
2368/**
2369 * Enum a 64-bit symbol table.
2370 *
2371 * @returns IPRT status code.
2372 * @param pThis
2373 * @param paSyms Pointer to the symbol table.
2374 * @param cSyms Number of symbols in the table.
2375 * @param pchStrings Pointer to the string table.
2376 * @param cchStrings Size of the string table.
2377 * @param BaseAddress Adjusted base address, see kLdrModEnumSymbols.
2378 * @param fFlags See kLdrModEnumSymbols.
2379 * @param pfnCallback See kLdrModEnumSymbols.
2380 * @param pvUser See kLdrModEnumSymbols.
2381 */
2382static int kldrModMachODoEnumSymbols64Bit(PRTLDRMODMACHO pThis, const macho_nlist_64_t *paSyms, uint32_t cSyms,
2383 const char *pchStrings, uint32_t cchStrings, RTLDRADDR BaseAddress,
2384 uint32_t fFlags, PFNRTLDRENUMSYMS pfnCallback, void *pvUser)
2385{
2386 const uint32_t fKindBase = pThis->Hdr.magic == IMAGE_MACHO64_SIGNATURE
2387 || pThis->Hdr.magic == IMAGE_MACHO64_SIGNATURE_OE
2388 ? RTLDRSYMKIND_64BIT : RTLDRSYMKIND_32BIT;
2389 uint32_t iSym;
2390 int rc;
2391
2392 /*
2393 * Iterate the symbol table.
2394 */
2395 for (iSym = 0; iSym < cSyms; iSym++)
2396 {
2397 uint32_t fKind;
2398 RTLDRADDR uValue;
2399 const char *psz;
2400 size_t cch;
2401
2402 /* Skip debug symbols and undefined symbols. */
2403 if (paSyms[iSym].n_type & MACHO_N_STAB)
2404 continue;
2405 if ((paSyms[iSym].n_type & MACHO_N_TYPE) == MACHO_N_UNDF)
2406 continue;
2407
2408 /* Skip non-public symbols unless they are requested explicitly. */
2409 if (!(fFlags & RTLDR_ENUM_SYMBOL_FLAGS_ALL))
2410 {
2411 if (!(paSyms[iSym].n_type & MACHO_N_EXT)) /*??*/
2412 continue;
2413 if (paSyms[iSym].n_type & MACHO_N_PEXT) /*??*/
2414 continue;
2415 if (!paSyms[iSym].n_un.n_strx)
2416 continue;
2417 }
2418
2419 /*
2420 * Gather symbol info
2421 */
2422
2423 /* name */
2424 RTLDRMODMACHO_CHECK_RETURN((uint32_t)paSyms[iSym].n_un.n_strx < cchStrings, VERR_LDRMACHO_BAD_SYMBOL);
2425 psz = &pchStrings[paSyms[iSym].n_un.n_strx];
2426 cch = strlen(psz);
2427 if (!cch)
2428 psz = NULL;
2429
2430 /* kind & value */
2431 fKind = fKindBase;
2432 if (paSyms[iSym].n_desc & N_WEAK_DEF)
2433 fKind |= RTLDRSYMKIND_WEAK;
2434 switch (paSyms[iSym].n_type & MACHO_N_TYPE)
2435 {
2436 case MACHO_N_SECT:
2437 {
2438 PRTLDRMODMACHOSECT pSect;
2439 RTLDRMODMACHO_CHECK_RETURN((uint32_t)(paSyms[iSym].n_sect - 1) < pThis->cSections, VERR_LDRMACHO_BAD_SYMBOL);
2440 pSect = &pThis->paSections[paSyms[iSym].n_sect - 1];
2441
2442 uValue = paSyms[iSym].n_value - pSect->LinkAddress;
2443 RTLDRMODMACHO_CHECK_RETURN( uValue <= pSect->cb
2444 || ( paSyms[iSym].n_sect == 1 /* special hack for __mh_execute_header */
2445 && uValue == 0U - pSect->RVA
2446 && pThis->uEffFileType != MH_OBJECT),
2447 VERR_LDRMACHO_BAD_SYMBOL);
2448 uValue += BaseAddress + pSect->RVA;
2449
2450 if (pSect->fFlags & (S_ATTR_PURE_INSTRUCTIONS | S_ATTR_SELF_MODIFYING_CODE))
2451 fKind |= RTLDRSYMKIND_CODE;
2452 else
2453 fKind |= RTLDRSYMKIND_NO_TYPE;
2454 break;
2455 }
2456
2457 case MACHO_N_ABS:
2458 uValue = paSyms[iSym].n_value;
2459 fKind |= RTLDRSYMKIND_NO_TYPE /*RTLDRSYMKIND_ABS*/;
2460 break;
2461
2462 case MACHO_N_PBUD:
2463 case MACHO_N_INDR:
2464 /** @todo implement indirect and prebound symbols. */
2465 default:
2466 RTLDRMODMACHO_FAILED_RETURN(VERR_LDRMACHO_TODO);
2467 }
2468
2469 /*
2470 * Do callback.
2471 */
2472 /** @todo figure out a better way to deal with underscore prefixes. sigh. */
2473 if (cch > 1 && *psz == '_')
2474 psz++;
2475 rc = pfnCallback(&pThis->Core, psz, iSym, uValue/*, fKind*/, pvUser);
2476 if (rc != VINF_SUCCESS)
2477 return rc;
2478 }
2479 return VINF_SUCCESS;
2480}
2481
2482#if 0
2483
2484/** @copydoc kLdrModGetImport */
2485static int kldrModMachOGetImport(PRTLDRMODINTERNAL pMod, const void *pvBits, uint32_t iImport, char *pszName, size_t cchName)
2486{
2487 PRTLDRMODMACHO pThis = RT_FROM_MEMBER(pMod, RTLDRMODMACHO, Core);
2488 RT_NOREF(pvBits);
2489 RT_NOREF(iImport);
2490 RT_NOREF(pszName);
2491 RT_NOREF(cchName);
2492
2493 if (pThis->Hdr.filetype == MH_OBJECT)
2494 return KLDR_ERR_IMPORT_ORDINAL_OUT_OF_BOUNDS;
2495
2496 /* later */
2497 return KLDR_ERR_IMPORT_ORDINAL_OUT_OF_BOUNDS;
2498}
2499
2500
2501
2502/** @copydoc kLdrModNumberOfImports */
2503static int32_t kldrModMachONumberOfImports(PRTLDRMODINTERNAL pMod, const void *pvBits)
2504{
2505 PRTLDRMODMACHO pThis = RT_FROM_MEMBER(pMod, RTLDRMODMACHO, Core);
2506 RT_NOREF(pvBits);
2507
2508 if (pThis->Hdr.filetype == MH_OBJECT)
2509 return VINF_SUCCESS;
2510
2511 /* later */
2512 return VINF_SUCCESS;
2513}
2514
2515
2516/** @copydoc kLdrModGetStackInfo */
2517static int kldrModMachOGetStackInfo(PRTLDRMODINTERNAL pMod, const void *pvBits, RTLDRADDR BaseAddress, PKLDRSTACKINFO pStackInfo)
2518{
2519 /*PRTLDRMODMACHO pThis = RT_FROM_MEMBER(pMod, RTLDRMODMACHO, Core);*/
2520 RT_NOREF(pMod);
2521 RT_NOREF(pvBits);
2522 RT_NOREF(BaseAddress);
2523
2524 pStackInfo->Address = NIL_RTLDRADDR;
2525 pStackInfo->LinkAddress = NIL_RTLDRADDR;
2526 pStackInfo->cbStack = pStackInfo->cbStackThread = 0;
2527 /* later */
2528
2529 return VINF_SUCCESS;
2530}
2531
2532
2533/** @copydoc kLdrModQueryMainEntrypoint */
2534static int kldrModMachOQueryMainEntrypoint(PRTLDRMODINTERNAL pMod, const void *pvBits, RTLDRADDR BaseAddress, PRTLDRADDR pMainEPAddress)
2535{
2536#if 0
2537 PRTLDRMODMACHO pThis = RT_FROM_MEMBER(pMod, RTLDRMODMACHO, Core);
2538 int rc;
2539
2540 /*
2541 * Resolve base address alias if any.
2542 */
2543 rc = kldrModMachOBitsAndBaseAddress(pThis, NULL, &BaseAddress);
2544 if (RT_FAILURE(rc))
2545 return rc;
2546
2547 /*
2548 * Convert the address from the header.
2549 */
2550 *pMainEPAddress = pThis->Hdrs.OptionalHeader.AddressOfEntryPoint
2551 ? BaseAddress + pThis->Hdrs.OptionalHeader.AddressOfEntryPoint
2552 : NIL_RTLDRADDR;
2553#else
2554 *pMainEPAddress = NIL_RTLDRADDR;
2555 RT_NOREF(pvBits);
2556 RT_NOREF(BaseAddress);
2557 RT_NOREF(pMod);
2558#endif
2559 return VINF_SUCCESS;
2560}
2561
2562#endif
2563
2564
2565/**
2566 * @interface_method_impl{RTLDROPS,pfnEnumDbgInfo}
2567 */
2568static DECLCALLBACK(int) rtldrMachO_EnumDbgInfo(PRTLDRMODINTERNAL pMod, const void *pvBits, PFNRTLDRENUMDBG pfnCallback, void *pvUser)
2569{
2570 PRTLDRMODMACHO pThis = RT_FROM_MEMBER(pMod, RTLDRMODMACHO, Core);
2571 int rc = VINF_SUCCESS;
2572 uint32_t iSect;
2573 RT_NOREF(pvBits);
2574
2575 for (iSect = 0; iSect < pThis->cSections; iSect++)
2576 {
2577 /* (32-bit & 64-bit starts the same way) */
2578 section_32_t *pMachOSect = (section_32_t *)pThis->paSections[iSect].pvMachoSection;
2579 char szTmp[sizeof(pMachOSect->sectname) + 1];
2580
2581 if (strcmp(pMachOSect->segname, "__DWARF"))
2582 continue;
2583
2584 memcpy(szTmp, pMachOSect->sectname, sizeof(pMachOSect->sectname));
2585 szTmp[sizeof(pMachOSect->sectname)] = '\0';
2586
2587 RTLDRDBGINFO DbgInfo;
2588 DbgInfo.enmType = RTLDRDBGINFOTYPE_DWARF;
2589 DbgInfo.iDbgInfo = iSect;
2590 DbgInfo.LinkAddress = pThis->paSections[iSect].LinkAddress;
2591 DbgInfo.cb = pThis->paSections[iSect].cb;
2592 DbgInfo.pszExtFile = NULL;
2593 DbgInfo.u.Dwarf.pszSection = szTmp;
2594 rc = pfnCallback(&pThis->Core, &DbgInfo, pvUser);
2595 if (rc != VINF_SUCCESS)
2596 break;
2597 }
2598
2599 return rc;
2600}
2601
2602#if 0
2603
2604/** @copydoc kLdrModHasDbgInfo */
2605static int kldrModMachOHasDbgInfo(PRTLDRMODINTERNAL pMod, const void *pvBits)
2606{
2607 /*PRTLDRMODMACHO pThis = RT_FROM_MEMBER(pMod, RTLDRMODMACHO, Core);*/
2608
2609#if 0
2610 /*
2611 * Base this entirely on the presence of a debug directory.
2612 */
2613 if ( pThis->Hdrs.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_DEBUG].Size
2614 < sizeof(IMAGE_DEBUG_DIRECTORY) /* screw borland linkers */
2615 || !pThis->Hdrs.OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_DEBUG].VirtualAddress)
2616 return KLDR_ERR_NO_DEBUG_INFO;
2617 return VINF_SUCCESS;
2618#else
2619 RT_NOREF(pMod);
2620 RT_NOREF(pvBits);
2621 return VERR_LDR_NO_DEBUG_INFO;
2622#endif
2623}
2624
2625
2626/** @copydoc kLdrModMap */
2627static int kldrModMachOMap(PRTLDRMODINTERNAL pMod)
2628{
2629 PRTLDRMODMACHO pThis = RT_FROM_MEMBER(pMod, RTLDRMODMACHO, Core);
2630 unsigned fFixed;
2631 uint32_t i;
2632 void *pvBase;
2633 int rc;
2634
2635 if (!pThis->fCanLoad)
2636 return VERR_LDRMACHO_TODO;
2637
2638 /*
2639 * Already mapped?
2640 */
2641 if (pThis->pvMapping)
2642 return KLDR_ERR_ALREADY_MAPPED;
2643
2644 /*
2645 * Map it.
2646 */
2647 /* fixed image? */
2648 fFixed = pMod->enmType == KLDRTYPE_EXECUTABLE_FIXED
2649 || pMod->enmType == KLDRTYPE_SHARED_LIBRARY_FIXED;
2650 if (!fFixed)
2651 pvBase = NULL;
2652 else
2653 {
2654 pvBase = (void *)(uintptr_t)pMod->aSegments[0].LinkAddress;
2655 if ((uintptr_t)pvBase != pMod->aSegments[0].LinkAddress)
2656 return VERR_LDR_ADDRESS_OVERFLOW;
2657 }
2658
2659 /* try do the prepare */
2660 rc = kRdrMap(pMod->pRdr, &pvBase, pMod->cSegments, pMod->aSegments, fFixed);
2661 if (RT_FAILURE(rc))
2662 return rc;
2663
2664 /*
2665 * Update the segments with their map addresses.
2666 */
2667 for (i = 0; i < pMod->cSegments; i++)
2668 {
2669 if (pMod->aSegments[i].RVA != NIL_RTLDRADDR)
2670 pMod->aSegments[i].MapAddress = (uintptr_t)pvBase + (uintptr_t)pMod->aSegments[i].RVA;
2671 }
2672 pThis->pvMapping = pvBase;
2673
2674 return VINF_SUCCESS;
2675}
2676
2677
2678/** @copydoc kLdrModUnmap */
2679static int kldrModMachOUnmap(PRTLDRMODINTERNAL pMod)
2680{
2681 PRTLDRMODMACHO pThis = RT_FROM_MEMBER(pMod, RTLDRMODMACHO, Core);
2682 uint32_t i;
2683 int rc;
2684
2685 /*
2686 * Mapped?
2687 */
2688 if (!pThis->pvMapping)
2689 return KLDR_ERR_NOT_MAPPED;
2690
2691 /*
2692 * Try unmap the image.
2693 */
2694 rc = kRdrUnmap(pMod->pRdr, pThis->pvMapping, pMod->cSegments, pMod->aSegments);
2695 if (RT_FAILURE(rc))
2696 return rc;
2697
2698 /*
2699 * Update the segments to reflect that they aren't mapped any longer.
2700 */
2701 pThis->pvMapping = NULL;
2702 for (i = 0; i < pMod->cSegments; i++)
2703 pMod->aSegments[i].MapAddress = 0;
2704
2705 return VINF_SUCCESS;
2706}
2707
2708
2709/** @copydoc kLdrModAllocTLS */
2710static int kldrModMachOAllocTLS(PRTLDRMODINTERNAL pMod, void *pvMapping)
2711{
2712 PRTLDRMODMACHO pThis = RT_FROM_MEMBER(pMod, RTLDRMODMACHO, Core);
2713
2714 /*
2715 * Mapped?
2716 */
2717 if ( pvMapping == KLDRMOD_INT_MAP
2718 && !pThis->pvMapping )
2719 return KLDR_ERR_NOT_MAPPED;
2720 return VINF_SUCCESS;
2721}
2722
2723
2724/** @copydoc kLdrModFreeTLS */
2725static void kldrModMachOFreeTLS(PRTLDRMODINTERNAL pMod, void *pvMapping)
2726{
2727 RT_NOREF(pMod);
2728 RT_NOREF(pvMapping);
2729}
2730
2731
2732
2733/** @copydoc kLdrModReload */
2734static int kldrModMachOReload(PRTLDRMODINTERNAL pMod)
2735{
2736 PRTLDRMODMACHO pThis = RT_FROM_MEMBER(pMod, RTLDRMODMACHO, Core);
2737
2738 /*
2739 * Mapped?
2740 */
2741 if (!pThis->pvMapping)
2742 return KLDR_ERR_NOT_MAPPED;
2743
2744 /* the file provider does it all */
2745 return kRdrRefresh(pMod->pRdr, pThis->pvMapping, pMod->cSegments, pMod->aSegments);
2746}
2747
2748
2749/** @copydoc kLdrModFixupMapping */
2750static int kldrModMachOFixupMapping(PRTLDRMODINTERNAL pMod, PFNRTLDRIMPORT pfnGetImport, void *pvUser)
2751{
2752 PRTLDRMODMACHO pThis = RT_FROM_MEMBER(pMod, RTLDRMODMACHO, Core);
2753 int rc, rc2;
2754
2755 /*
2756 * Mapped?
2757 */
2758 if (!pThis->pvMapping)
2759 return KLDR_ERR_NOT_MAPPED;
2760
2761 /*
2762 * Before doing anything we'll have to make all pages writable.
2763 */
2764 rc = kRdrProtect(pMod->pRdr, pThis->pvMapping, pMod->cSegments, pMod->aSegments, 1 /* unprotect */);
2765 if (RT_FAILURE(rc))
2766 return rc;
2767
2768 /*
2769 * Resolve imports and apply base relocations.
2770 */
2771 rc = rtldrMachO_RelocateBits(pMod, pThis->pvMapping, (uintptr_t)pThis->pvMapping, pThis->LinkAddress,
2772 pfnGetImport, pvUser);
2773
2774 /*
2775 * Restore protection.
2776 */
2777 rc2 = kRdrProtect(pMod->pRdr, pThis->pvMapping, pMod->cSegments, pMod->aSegments, 0 /* protect */);
2778 if (RT_SUCCESS(rc) && RT_FAILURE(rc2)
2779 rc = rc2;
2780 return rc;
2781}
2782
2783#endif
2784
2785
2786/**
2787 * Worker for resolving an undefined 32-bit symbol table entry.
2788 *
2789 * @returns IPRT status code.
2790 * @param pThis The Mach-O module interpreter instance.
2791 * @param pSym The symbol table entry.
2792 * @param BaseAddress The module base address.
2793 * @param pfnGetImport The callback for resolving an imported symbol.
2794 * @param pvUser User argument to the callback.
2795 */
2796DECLINLINE(int) rtdlrModMachOHandleUndefinedSymbol32(PRTLDRMODMACHO pThis, macho_nlist_32_t *pSym,
2797 RTLDRADDR BaseAddress, PFNRTLDRIMPORT pfnGetImport, void *pvUser)
2798{
2799 RTLDRADDR Value = NIL_RTLDRADDR;
2800
2801 /** @todo Implement N_REF_TO_WEAK. */
2802 RTLDRMODMACHO_CHECK_RETURN(!(pSym->n_desc & N_REF_TO_WEAK), VERR_LDRMACHO_TODO);
2803
2804 /* Get the symbol name. */
2805 RTLDRMODMACHO_CHECK_RETURN((uint32_t)pSym->n_un.n_strx < pThis->cchStrings, VERR_LDRMACHO_BAD_SYMBOL);
2806 const char *pszSymbol = &pThis->pchStrings[pSym->n_un.n_strx];
2807 size_t cchSymbol = strlen(pszSymbol);
2808
2809 /* Check for linker defined symbols relating to sections and segments. */
2810 int rc;
2811 if ( cchSymbol <= sizeof("section$end$") - 1
2812 || *pszSymbol != 's'
2813 || memchr(pszSymbol, '$', cchSymbol) == NULL)
2814 rc = VERR_SYMBOL_NOT_FOUND;
2815 else
2816 rc = kldrModMachOQueryLinkerSymbol(pThis, pszSymbol, cchSymbol, BaseAddress, &Value);
2817
2818 /* Ask the user for an address to the symbol. */
2819 //uint32_t fKind = RTLDRSYMKIND_REQ_FLAT;
2820 /** @todo figure out a better way to deal with underscore prefixes. sigh. */
2821 if (RT_FAILURE_NP(rc))
2822 rc = pfnGetImport(&pThis->Core, NULL /*pszModule*/, pszSymbol + (pszSymbol[0] == '_'),
2823 UINT32_MAX, &Value/*, &fKind*/, pvUser);
2824 if (RT_SUCCESS(rc))
2825 { /* likely */ }
2826 /* If weak reference we can continue, otherwise fail? */
2827 else if (pSym->n_desc & N_WEAK_REF)
2828 Value = 0;
2829 else
2830 return rc;
2831
2832 /* Update the symbol. */
2833 pSym->n_value = (uint32_t)Value;
2834 if (pSym->n_value == Value)
2835 return VINF_SUCCESS;
2836 return VERR_LDR_ADDRESS_OVERFLOW;
2837}
2838
2839
2840/**
2841 * Worker for resolving an undefined 64-bit symbol table entry.
2842 *
2843 * @returns IPRT status code.
2844 * @param pThis The Mach-O module interpreter instance.
2845 * @param pSym The symbol table entry.
2846 * @param BaseAddress The module base address.
2847 * @param pfnGetImport The callback for resolving an imported symbol.
2848 * @param pvUser User argument to the callback.
2849 */
2850DECLINLINE(int) rtdlrModMachOHandleUndefinedSymbol64(PRTLDRMODMACHO pThis, macho_nlist_64_t *pSym,
2851 RTLDRADDR BaseAddress, PFNRTLDRIMPORT pfnGetImport, void *pvUser)
2852{
2853 RTLDRADDR Value = NIL_RTLDRADDR;
2854
2855 /** @todo Implement N_REF_TO_WEAK. */
2856 RTLDRMODMACHO_CHECK_RETURN(!(pSym->n_desc & N_REF_TO_WEAK), VERR_LDRMACHO_TODO);
2857
2858 /* Get the symbol name. */
2859 RTLDRMODMACHO_CHECK_RETURN((uint32_t)pSym->n_un.n_strx < pThis->cchStrings, VERR_LDRMACHO_BAD_SYMBOL);
2860 const char *pszSymbol = &pThis->pchStrings[pSym->n_un.n_strx];
2861 size_t cchSymbol = strlen(pszSymbol);
2862
2863 /* Check for linker defined symbols relating to sections and segments. */
2864 int rc;
2865 if ( cchSymbol <= sizeof("section$end$") - 1
2866 || *pszSymbol != 's'
2867 || memchr(pszSymbol, '$', cchSymbol) == NULL)
2868 rc = VERR_SYMBOL_NOT_FOUND;
2869 else
2870 rc = kldrModMachOQueryLinkerSymbol(pThis, pszSymbol, cchSymbol, BaseAddress, &Value);
2871
2872 /* Ask the user for an address to the symbol. */
2873 //uint32_t fKind = RTLDRSYMKIND_REQ_FLAT;
2874 /** @todo figure out a better way to deal with underscore prefixes. sigh. */
2875 if (RT_FAILURE_NP(rc))
2876 rc = pfnGetImport(&pThis->Core, NULL /*pszModule*/, pszSymbol + (pszSymbol[0] == '_'),
2877 UINT32_MAX, &Value/*, &fKind*/, pvUser);
2878 if (RT_SUCCESS(rc))
2879 { /* likely */ }
2880 /* If weak reference we can continue, otherwise fail? */
2881 else if (pSym->n_desc & N_WEAK_REF)
2882 Value = 0;
2883 else
2884 return rc;
2885
2886 /* Update the symbol. */
2887 pSym->n_value = (uint64_t)Value;
2888 if (pSym->n_value == Value)
2889 return VINF_SUCCESS;
2890 return VERR_LDR_ADDRESS_OVERFLOW;
2891}
2892
2893
2894/**
2895 * MH_OBJECT: Resolves undefined symbols (imports).
2896 *
2897 * @returns IPRT status code.
2898 * @param pThis The Mach-O module interpreter instance.
2899 * @param BaseAddress The module base address.
2900 * @param pfnGetImport The callback for resolving an imported symbol.
2901 * @param pvUser User argument to the callback.
2902 */
2903static int kldrModMachOObjDoImports(PRTLDRMODMACHO pThis, RTLDRADDR BaseAddress, PFNRTLDRIMPORT pfnGetImport, void *pvUser)
2904{
2905
2906 /*
2907 * Ensure that we've got the symbol table.
2908 */
2909 int rc = kldrModMachOLoadObjSymTab(pThis);
2910 if (RT_FAILURE(rc))
2911 return rc;
2912
2913 /*
2914 * Iterate the symbol table and resolve undefined symbols.
2915 * We currently ignore REFERENCE_TYPE.
2916 */
2917 const uint32_t cSyms = pThis->cSymbols;
2918 if ( pThis->Hdr.magic == IMAGE_MACHO32_SIGNATURE
2919 || pThis->Hdr.magic == IMAGE_MACHO32_SIGNATURE_OE)
2920 {
2921 macho_nlist_32_t *paSyms = (macho_nlist_32_t *)pThis->pvaSymbols;
2922 for (uint32_t iSym = 0; iSym < cSyms; iSym++)
2923 {
2924 /* skip stabs */
2925 if (paSyms[iSym].n_type & MACHO_N_STAB)
2926 continue;
2927
2928 if ((paSyms[iSym].n_type & MACHO_N_TYPE) == MACHO_N_UNDF)
2929 {
2930 rc = rtdlrModMachOHandleUndefinedSymbol32(pThis, &paSyms[iSym], BaseAddress, pfnGetImport, pvUser);
2931 if (RT_FAILURE(rc))
2932 break;
2933 }
2934 else if (paSyms[iSym].n_desc & N_WEAK_DEF)
2935 {
2936 /** @todo implement weak symbols. */
2937 /*return VERR_LDRMACHO_TODO; - ignored for now. */
2938 }
2939 }
2940 }
2941 else
2942 {
2943 /* (Identical to the 32-bit code, just different paSym type. (and n_strx is unsigned)) */
2944 macho_nlist_64_t *paSyms = (macho_nlist_64_t *)pThis->pvaSymbols;
2945 for (uint32_t iSym = 0; iSym < cSyms; iSym++)
2946 {
2947 /* skip stabs */
2948 if (paSyms[iSym].n_type & MACHO_N_STAB)
2949 continue;
2950
2951 if ((paSyms[iSym].n_type & MACHO_N_TYPE) == MACHO_N_UNDF)
2952 {
2953 rc = rtdlrModMachOHandleUndefinedSymbol64(pThis, &paSyms[iSym], BaseAddress, pfnGetImport, pvUser);
2954 if (RT_FAILURE(rc))
2955 break;
2956 }
2957 else if (paSyms[iSym].n_desc & N_WEAK_DEF)
2958 {
2959 /** @todo implement weak symbols. */
2960 /*return VERR_LDRMACHO_TODO; - ignored for now. */
2961 }
2962 }
2963 }
2964
2965 return rc;
2966}
2967
2968
2969/**
2970 * Dylib: Resolves undefined symbols (imports).
2971 *
2972 * This is conceptually identically to kldrModMachOObjDoImports, only
2973 * LC_DYSYMTAB helps us avoid working over the whole symbol table.
2974 *
2975 * @returns IPRT status code.
2976 * @param pThis The Mach-O module interpreter instance.
2977 * @param BaseAddress The module base address.
2978 * @param pfnGetImport The callback for resolving an imported symbol.
2979 * @param pvUser User argument to the callback.
2980 */
2981static int kldrModMachODylibDoImports(PRTLDRMODMACHO pThis, RTLDRADDR BaseAddress, PFNRTLDRIMPORT pfnGetImport, void *pvUser)
2982{
2983 /*
2984 * There must be a LC_DYSYMTAB.
2985 * We might be lucky, though, and not have any imports.
2986 */
2987 dysymtab_command_t const *pDySymTab = pThis->pDySymTab;
2988 AssertReturn(pDySymTab, VERR_INTERNAL_ERROR_2);
2989 if (pDySymTab->nundefsym == 0)
2990 return VINF_SUCCESS;
2991
2992 /*
2993 * Ensure that we've got the symbol table.
2994 */
2995 int rc = kldrModMachOLoadObjSymTab(pThis);
2996 if (RT_FAILURE(rc))
2997 return rc;
2998
2999 /*
3000 * Iterate the give symbol table section containing undefined symbols and resolve them.
3001 */
3002 uint32_t const cSyms = pDySymTab->iundefsym + pDySymTab->nundefsym;
3003 if ( pThis->Hdr.magic == IMAGE_MACHO32_SIGNATURE
3004 || pThis->Hdr.magic == IMAGE_MACHO32_SIGNATURE_OE)
3005 {
3006 macho_nlist_32_t *paSyms = (macho_nlist_32_t *)pThis->pvaSymbols;
3007 for (uint32_t iSym = pDySymTab->iundefsym; RT_SUCCESS(rc) && iSym < cSyms; iSym++)
3008 {
3009 AssertContinue((paSyms[iSym].n_type & (MACHO_N_TYPE | MACHO_N_STAB)) == MACHO_N_UNDF);
3010 rc = rtdlrModMachOHandleUndefinedSymbol32(pThis, &paSyms[iSym], BaseAddress, pfnGetImport, pvUser);
3011 }
3012 }
3013 else
3014 {
3015 /* (Identical to the 32-bit code, just different paSym type. (and n_strx is unsigned)) */
3016 macho_nlist_64_t *paSyms = (macho_nlist_64_t *)pThis->pvaSymbols;
3017 for (uint32_t iSym = pDySymTab->iundefsym; RT_SUCCESS(rc) && iSym < cSyms; iSym++)
3018 {
3019 AssertContinue((paSyms[iSym].n_type & (MACHO_N_TYPE | MACHO_N_STAB)) == MACHO_N_UNDF);
3020 rc = rtdlrModMachOHandleUndefinedSymbol64(pThis, &paSyms[iSym], BaseAddress, pfnGetImport, pvUser);
3021 }
3022 }
3023
3024 return rc;
3025}
3026
3027
3028static int kldrModMachODylibDoIndirectSymbols(PRTLDRMODMACHO pThis, void *pvBits, RTLDRADDR offDelta)
3029{
3030 /*
3031 * There must be a LC_DYSYMTAB.
3032 * We might be lucky, though, and not have any imports.
3033 */
3034 dysymtab_command_t const *pDySymTab = pThis->pDySymTab;
3035 AssertReturn(pDySymTab, VERR_INTERNAL_ERROR_2);
3036 uint32_t const cIndirectSymbols = pDySymTab->nindirectsymb;
3037 if (cIndirectSymbols == 0)
3038 return VINF_SUCCESS;
3039
3040 /*
3041 * Ensure that we've got the symbol table.
3042 */
3043 int rc = kldrModMachOLoadObjSymTab(pThis);
3044 if (RT_FAILURE(rc))
3045 return rc;
3046
3047 /*
3048 * Load the indirect symbol table.
3049 */
3050 if (!pThis->paidxIndirectSymbols)
3051 {
3052 uint32_t *paidxIndirectSymbols = (uint32_t *)RTMemAlloc(cIndirectSymbols * sizeof(uint32_t));
3053 if (!paidxIndirectSymbols)
3054 return VERR_NO_MEMORY;
3055 rc = pThis->Core.pReader->pfnRead(pThis->Core.pReader, paidxIndirectSymbols, cIndirectSymbols * sizeof(uint32_t),
3056 pDySymTab->indirectsymboff);
3057 if (RT_SUCCESS(rc))
3058 pThis->paidxIndirectSymbols = paidxIndirectSymbols;
3059 else
3060 {
3061 RTMemFree(paidxIndirectSymbols);
3062 return rc;
3063 }
3064
3065 /* Byte swap if needed. */
3066 if ( pThis->Hdr.magic == IMAGE_MACHO32_SIGNATURE_OE
3067 || pThis->Hdr.magic == IMAGE_MACHO64_SIGNATURE_OE)
3068 for (uint32_t i = 0; i < cIndirectSymbols; i++)
3069 paidxIndirectSymbols[i] = RT_BSWAP_U32(paidxIndirectSymbols[i]);
3070 }
3071 uint32_t const *paidxIndirectSymbols = pThis->paidxIndirectSymbols;
3072
3073 /*
3074 * Process the sections using indirect symbols.
3075 */
3076 const uint32_t cSymbols = pThis->cSymbols;
3077 if ( pThis->Hdr.magic == IMAGE_MACHO32_SIGNATURE
3078 || pThis->Hdr.magic == IMAGE_MACHO32_SIGNATURE_OE)
3079 {
3080 macho_nlist_32_t const *paSymbols = (macho_nlist_32_t *)pThis->pvaSymbols;
3081 for (uint32_t iSect = 0; iSect < pThis->cSections; iSect++)
3082 {
3083 section_32_t const *pSect = (section_32_t const *)pThis->paSections[iSect].pvMachoSection;
3084 switch (pSect->flags & SECTION_TYPE)
3085 {
3086 case S_NON_LAZY_SYMBOL_POINTERS:
3087 case S_LAZY_SYMBOL_POINTERS:
3088 {
3089 uint32_t *pauDstPtrs = (uint32_t *)((uintptr_t)pvBits + pThis->paSections[iSect].RVA);
3090 uint32_t const cDstPtrs = pThis->paSections[iSect].cb / sizeof(pauDstPtrs[0]);
3091 uint32_t const idxSrcSkip = pSect->reserved1;
3092 if ((uint64_t)idxSrcSkip + cDstPtrs > cIndirectSymbols)
3093 return VERR_BAD_EXE_FORMAT; /// @todo better error code.
3094
3095 for (uint32_t i = 0; i < cDstPtrs; i++)
3096 {
3097 uint32_t const idxSym = paidxIndirectSymbols[idxSrcSkip + i];
3098 if (idxSym == INDIRECT_SYMBOL_LOCAL)
3099 pauDstPtrs[i] += (int32_t)offDelta;
3100 else if (idxSym != INDIRECT_SYMBOL_ABS)
3101 {
3102 AssertMsgReturn(idxSym < cSymbols,
3103 ("i=%#x idxSym=%#x cSymbols=%#x iSect=%#x\n", i, idxSym, cSymbols, iSect),
3104 VERR_BAD_EXE_FORMAT); /// @todo better error code.
3105 pauDstPtrs[i] = paSymbols[idxSym].n_value;
3106 }
3107 }
3108 break;
3109 }
3110
3111 case S_SYMBOL_STUBS:
3112 if ( pThis->Core.enmArch == RTLDRARCH_X86_32
3113 && (pSect->flags & S_ATTR_SELF_MODIFYING_CODE)
3114 && pSect->reserved2 == 5)
3115 {
3116 uint32_t uDstRva = pThis->paSections[iSect].RVA;
3117 uint8_t *pbDst = (uint8_t *)((uintptr_t)pvBits + uDstRva);
3118 uint32_t const cDstPtrs = pThis->paSections[iSect].cb / 5;
3119 uint32_t const idxSrcSkip = pSect->reserved1;
3120 if ((uint64_t)idxSrcSkip + cDstPtrs > cIndirectSymbols)
3121 return VERR_BAD_EXE_FORMAT; /// @todo better error code.
3122
3123 for (uint32_t i = 0; i < cDstPtrs; i++, uDstRva += 5, pbDst += 5)
3124 {
3125 uint32_t const idxSym = paidxIndirectSymbols[idxSrcSkip + i];
3126 if (idxSym != INDIRECT_SYMBOL_ABS && idxSym != INDIRECT_SYMBOL_LOCAL)
3127 {
3128 AssertMsgReturn(idxSym < cSymbols,
3129 ("i=%#x idxSym=%#x cSymbols=%#x iSect=%#x\n", i, idxSym, cSymbols, iSect),
3130 VERR_BAD_EXE_FORMAT); /// @todo better error code.
3131 pbDst[0] = 0xeb; /* JMP rel32 */
3132 uint32_t offDisp = paSymbols[idxSym].n_value - (uint32_t)uDstRva - 5;
3133 pbDst[1] = (uint8_t)offDisp;
3134 offDisp >>= 8;
3135 pbDst[2] = (uint8_t)offDisp;
3136 offDisp >>= 8;
3137 pbDst[3] = (uint8_t)offDisp;
3138 offDisp >>= 8;
3139 pbDst[4] = (uint8_t)offDisp;
3140 }
3141 }
3142 break;
3143 }
3144 break;
3145 }
3146
3147 }
3148 }
3149 else
3150 {
3151 /* Exact like for 32-bit, except for 64-bit symbol table, 64-bit addresses and no need to process S_SYMBOL_STUBS. */
3152 macho_nlist_64_t const *paSymbols = (macho_nlist_64_t *)pThis->pvaSymbols;
3153 for (uint32_t iSect = 0; iSect < pThis->cSections; iSect++)
3154 {
3155 section_64_t const *pSect = (section_64_t const *)pThis->paSections[iSect].pvMachoSection;
3156 switch (pSect->flags & SECTION_TYPE)
3157 {
3158 case S_NON_LAZY_SYMBOL_POINTERS:
3159 case S_LAZY_SYMBOL_POINTERS:
3160 {
3161 uint64_t *pauDstPtrs = (uint64_t *)((uintptr_t)pvBits + pThis->paSections[iSect].RVA);
3162 uint32_t const cDstPtrs = pThis->paSections[iSect].cb / sizeof(pauDstPtrs[0]);
3163 uint32_t const idxSrcSkip = pSect->reserved1;
3164 if ((uint64_t)idxSrcSkip + cDstPtrs > cIndirectSymbols)
3165 return VERR_BAD_EXE_FORMAT; /// @todo better error code.
3166
3167 for (uint32_t i = 0; i < cDstPtrs; i++)
3168 {
3169 uint32_t const idxSym = paidxIndirectSymbols[idxSrcSkip + i];
3170 if (idxSym == INDIRECT_SYMBOL_LOCAL)
3171 pauDstPtrs[i] += (int64_t)offDelta;
3172 else if (idxSym != INDIRECT_SYMBOL_ABS)
3173 {
3174 AssertMsgReturn(idxSym < cSymbols,
3175 ("i=%#x idxSym=%#x cSymbols=%#x iSect=%#x\n", i, idxSym, cSymbols, iSect),
3176 VERR_BAD_EXE_FORMAT); /// @todo better error code.
3177 pauDstPtrs[i] = paSymbols[idxSym].n_value;
3178 }
3179 }
3180 break;
3181 }
3182
3183 case S_SYMBOL_STUBS:
3184 if ( pThis->Core.enmArch == RTLDRARCH_X86_32
3185 && (pSect->flags & S_ATTR_SELF_MODIFYING_CODE)
3186 && pSect->reserved2 == 5)
3187 return VERR_BAD_EXE_FORMAT;
3188 break;
3189 }
3190 }
3191 }
3192
3193 return VINF_SUCCESS;
3194}
3195
3196
3197/**
3198 * MH_OBJECT: Applies base relocations to an (unprotected) image mapping.
3199 *
3200 * @returns IPRT status code.
3201 * @param pThis The Mach-O module interpreter instance.
3202 * @param pvMapping The mapping to fixup.
3203 * @param NewBaseAddress The address to fixup the mapping to.
3204 */
3205static int kldrModMachOObjDoFixups(PRTLDRMODMACHO pThis, void *pvMapping, RTLDRADDR NewBaseAddress)
3206{
3207 /*
3208 * Ensure that we've got the symbol table.
3209 */
3210 int rc = kldrModMachOLoadObjSymTab(pThis);
3211 if (RT_FAILURE(rc))
3212 return rc;
3213
3214 /*
3215 * Iterate over the segments and their sections and apply fixups.
3216 */
3217 rc = VINF_SUCCESS;
3218 for (uint32_t iSeg = 0; RT_SUCCESS(rc) && iSeg < pThis->cSegments; iSeg++)
3219 {
3220 PRTLDRMODMACHOSEG pSeg = &pThis->aSegments[iSeg];
3221 for (uint32_t iSect = 0; iSect < pSeg->cSections; iSect++)
3222 {
3223 PRTLDRMODMACHOSECT pSect = &pSeg->paSections[iSect];
3224
3225 /* skip sections without fixups. */
3226 if (!pSect->cFixups)
3227 continue;
3228 AssertReturn(pSect->paFixups, VERR_INTERNAL_ERROR_4);
3229 AssertReturn(pSect->pauFixupVirginData, VERR_INTERNAL_ERROR_4);
3230
3231 /*
3232 * Apply the fixups.
3233 */
3234 uint8_t *pbSectBits = (uint8_t *)pvMapping + (uintptr_t)pSect->RVA;
3235 if (pThis->Hdr.magic == IMAGE_MACHO32_SIGNATURE) /** @todo this aint right. */
3236 rc = kldrModMachOApplyFixupsGeneric32Bit(pThis, pbSectBits, (size_t)pSect->cb, pSect->RVA, pSect->LinkAddress,
3237 pSect->paFixups, pSect->cFixups, pSect->pauFixupVirginData,
3238 (macho_nlist_32_t *)pThis->pvaSymbols, pThis->cSymbols, NewBaseAddress);
3239 else if ( pThis->Hdr.magic == IMAGE_MACHO64_SIGNATURE
3240 && pThis->Hdr.cputype == CPU_TYPE_X86_64)
3241 rc = kldrModMachOApplyFixupsAMD64(pThis, pbSectBits, (size_t)pSect->cb, pSect->RVA,
3242 pSect->paFixups, pSect->cFixups, pSect->pauFixupVirginData,
3243 (macho_nlist_64_t *)pThis->pvaSymbols, pThis->cSymbols, NewBaseAddress);
3244 else
3245 RTLDRMODMACHO_FAILED_RETURN(VERR_LDRMACHO_TODO);
3246 if (RT_FAILURE(rc))
3247 break;
3248 }
3249 }
3250
3251 return rc;
3252}
3253
3254
3255/**
3256 * Dylib: Applies base relocations to an (unprotected) image mapping.
3257 *
3258 * @returns IPRT status code.
3259 * @param pThis The Mach-O module interpreter instance.
3260 * @param pvMapping The mapping to fixup.
3261 * @param NewBaseAddress The address to fixup the mapping to.
3262 */
3263static int kldrModMachODylibDoFixups(PRTLDRMODMACHO pThis, void *pvMapping, RTLDRADDR NewBaseAddress)
3264{
3265 /*
3266 * There must be a LC_DYSYMTAB.
3267 * We might be lucky, though, and not have any imports.
3268 */
3269 dysymtab_command_t const *pDySymTab = pThis->pDySymTab;
3270 AssertReturn(pDySymTab, VERR_INTERNAL_ERROR_2);
3271 uint32_t cRelocations = pDySymTab->nlocrel + pDySymTab->nextrel;
3272 if (cRelocations == 0)
3273 return VINF_SUCCESS;
3274
3275 /*
3276 * Ensure that we've got the symbol table.
3277 */
3278 int rc = kldrModMachOLoadObjSymTab(pThis);
3279 if (RT_FAILURE(rc))
3280 return rc;
3281
3282 /*
3283 * Load the relocations if needed.
3284 */
3285 macho_relocation_union_t const *paRelocations = pThis->paRelocations;
3286 if (!paRelocations)
3287 {
3288 uint32_t *paRawRelocs = (uint32_t *)RTMemAlloc(cRelocations * sizeof(macho_relocation_union_t));
3289 if (!paRawRelocs)
3290 return VERR_NO_MEMORY;
3291 if (pDySymTab->nextrel)
3292 rc = pThis->Core.pReader->pfnRead(pThis->Core.pReader, paRawRelocs, pDySymTab->nextrel * sizeof(macho_relocation_union_t),
3293 pDySymTab->extreloff);
3294 if (pDySymTab->nlocrel && RT_SUCCESS(rc))
3295 rc = pThis->Core.pReader->pfnRead(pThis->Core.pReader,
3296 (uint8_t *)paRawRelocs + pDySymTab->nextrel * sizeof(macho_relocation_union_t),
3297 pDySymTab->nlocrel * sizeof(macho_relocation_union_t), pDySymTab->locreloff);
3298 if (RT_SUCCESS(rc))
3299 pThis->paRelocations = (macho_relocation_union_t *)paRawRelocs;
3300 else
3301 {
3302 RTMemFree(paRawRelocs);
3303 return rc;
3304 }
3305
3306 /* Byte swap if needed. */
3307 if ( pThis->Hdr.magic == IMAGE_MACHO32_SIGNATURE_OE
3308 || pThis->Hdr.magic == IMAGE_MACHO64_SIGNATURE_OE)
3309 {
3310 for (uint32_t i = 0; i < cRelocations; i++)
3311 {
3312 paRawRelocs[i * 2] = RT_BSWAP_U32(paRawRelocs[i * 2]);
3313 paRawRelocs[i * 2 + 1] = RT_BSWAP_U32(paRawRelocs[i * 2 + 1]);
3314 }
3315 ASMCompilerBarrier();
3316 }
3317
3318 paRelocations = pThis->paRelocations;
3319 }
3320
3321 /*
3322 * Apply the fixups.
3323 */
3324 if (pThis->Hdr.magic == IMAGE_MACHO32_SIGNATURE) /** @todo this aint right. */
3325 return kldrModMachOApplyFixupsGeneric32Bit(pThis, (uint8_t *)pvMapping, (size_t)pThis->cbImage, 0, pThis->LinkAddress,
3326 paRelocations, cRelocations, pThis->pauRelocationsVirginData,
3327 (macho_nlist_32_t *)pThis->pvaSymbols, pThis->cSymbols, NewBaseAddress);
3328 if ( pThis->Hdr.magic == IMAGE_MACHO64_SIGNATURE
3329 && pThis->Hdr.cputype == CPU_TYPE_X86_64)
3330 return kldrModMachOApplyFixupsAMD64(pThis, (uint8_t *)pvMapping, (size_t)pThis->cbImage, 0,
3331 paRelocations, cRelocations, pThis->pauRelocationsVirginData,
3332 (macho_nlist_64_t *)pThis->pvaSymbols, pThis->cSymbols, NewBaseAddress);
3333 RTLDRMODMACHO_FAILED_RETURN(VERR_LDRMACHO_TODO);
3334}
3335
3336
3337/**
3338 * Applies generic fixups to a section in an image of the same endian-ness
3339 * as the host CPU.
3340 *
3341 * @returns IPRT status code.
3342 * @param pThis The Mach-O module interpreter instance.
3343 * @param pbBits Pointer to the bits to fix up.
3344 * @param cbBits Size of the bits to fix up.
3345 * @param uBitsRva The RVA of the bits.
3346 * @param uBitsLinkAddr The link address of the bits.
3347 * @param paFixups The fixups.
3348 * @param cFixups Number of fixups.
3349 * @param pauVirginData The virgin data / addends. Parallel to paFixups.
3350 * @param paSyms Pointer to the symbol table.
3351 * @param cSyms Number of symbols.
3352 * @param NewBaseAddress The new base image address.
3353 */
3354static int kldrModMachOApplyFixupsGeneric32Bit(PRTLDRMODMACHO pThis, uint8_t *pbBits, size_t cbBits, RTLDRADDR uBitsRva,
3355 RTLDRADDR uBitsLinkAddr, const macho_relocation_union_t *paFixups,
3356 const uint32_t cFixups, PCRTUINT64U const pauVirginData,
3357 macho_nlist_32_t *paSyms, uint32_t cSyms, RTLDRADDR NewBaseAddress)
3358{
3359 /*
3360 * Iterate the fixups and apply them.
3361 */
3362 for (uint32_t iFixup = 0; iFixup < cFixups; iFixup++)
3363 {
3364 macho_relocation_union_t Fixup = paFixups[iFixup];
3365 RTLDRADDR SymAddr = ~(RTLDRADDR)0;
3366 RTPTRUNION uFix;
3367
3368 if (!(Fixup.r.r_address & R_SCATTERED))
3369 {
3370 /* sanity */
3371 RTLDRMODMACHO_CHECK_RETURN((uint32_t)Fixup.r.r_address + RT_BIT_32(Fixup.r.r_length) <= cbBits, VERR_LDR_BAD_FIXUP);
3372
3373 /* Calc the fixup address. */
3374 uFix.pv = pbBits + Fixup.r.r_address;
3375
3376 /*
3377 * Calc the symbol value.
3378 */
3379 /* Calc the linked symbol address / addend. */
3380 switch (Fixup.r.r_length)
3381 {
3382 case 0: SymAddr = (int8_t)pauVirginData[iFixup].au8[0]; break;
3383 case 1: SymAddr = (int16_t)pauVirginData[iFixup].au16[0]; break;
3384 case 2: SymAddr = (int32_t)pauVirginData[iFixup].au32[0]; break;
3385 case 3: SymAddr = (int64_t)pauVirginData[iFixup].u; break;
3386 default: RTLDRMODMACHO_FAILED_RETURN(VERR_LDR_BAD_FIXUP);
3387 }
3388 if (Fixup.r.r_pcrel)
3389 SymAddr += Fixup.r.r_address + uBitsLinkAddr;
3390
3391 /* Add symbol / section address. */
3392 if (Fixup.r.r_extern)
3393 {
3394 const macho_nlist_32_t *pSym;
3395 if (Fixup.r.r_symbolnum >= cSyms)
3396 return VERR_LDR_BAD_FIXUP;
3397 pSym = &paSyms[Fixup.r.r_symbolnum];
3398
3399 if (pSym->n_type & MACHO_N_STAB)
3400 return VERR_LDR_BAD_FIXUP;
3401
3402 switch (pSym->n_type & MACHO_N_TYPE)
3403 {
3404 case MACHO_N_SECT:
3405 {
3406 PRTLDRMODMACHOSECT pSymSect;
3407 RTLDRMODMACHO_CHECK_RETURN((uint32_t)pSym->n_sect - 1 <= pThis->cSections, VERR_LDRMACHO_BAD_SYMBOL);
3408 pSymSect = &pThis->paSections[pSym->n_sect - 1];
3409
3410 SymAddr += pSym->n_value - pSymSect->LinkAddress + pSymSect->RVA + NewBaseAddress;
3411 break;
3412 }
3413
3414 case MACHO_N_UNDF:
3415 case MACHO_N_ABS:
3416 SymAddr += pSym->n_value;
3417 break;
3418
3419 case MACHO_N_INDR:
3420 case MACHO_N_PBUD:
3421 RTLDRMODMACHO_FAILED_RETURN(VERR_LDRMACHO_TODO);
3422 default:
3423 RTLDRMODMACHO_FAILED_RETURN(VERR_LDRMACHO_BAD_SYMBOL);
3424 }
3425 }
3426 else if (Fixup.r.r_symbolnum != R_ABS)
3427 {
3428 PRTLDRMODMACHOSECT pSymSect;
3429 if (Fixup.r.r_symbolnum > pThis->cSections)
3430 return VERR_LDR_BAD_FIXUP;
3431 pSymSect = &pThis->paSections[Fixup.r.r_symbolnum - 1];
3432
3433 SymAddr -= pSymSect->LinkAddress;
3434 SymAddr += pSymSect->RVA + NewBaseAddress;
3435 }
3436
3437 /* adjust for PC relative */
3438 if (Fixup.r.r_pcrel)
3439 SymAddr -= Fixup.r.r_address + uBitsRva + NewBaseAddress;
3440 }
3441 else
3442 {
3443 PRTLDRMODMACHOSECT pSymSect;
3444 uint32_t iSymSect;
3445 RTLDRADDR Value;
3446
3447 /* sanity */
3448 RTLDRMODMACHO_ASSERT(Fixup.s.r_scattered);
3449 RTLDRMODMACHO_CHECK_RETURN((uint32_t)Fixup.s.r_address + RT_BIT_32(Fixup.s.r_length) <= cbBits, VERR_LDR_BAD_FIXUP);
3450
3451 /* Calc the fixup address. */
3452 uFix.pv = pbBits + Fixup.s.r_address;
3453
3454 /*
3455 * Calc the symbol value.
3456 */
3457 /* The addend is stored in the code. */
3458 switch (Fixup.s.r_length)
3459 {
3460 case 0: SymAddr = (int8_t)pauVirginData[iFixup].au8[0]; break;
3461 case 1: SymAddr = (int16_t)pauVirginData[iFixup].au16[0]; break;
3462 case 2: SymAddr = (int32_t)pauVirginData[iFixup].au32[0]; break;
3463 case 3: SymAddr = (int64_t)pauVirginData[iFixup].u; break;
3464 default: RTLDRMODMACHO_FAILED_RETURN(VERR_LDR_BAD_FIXUP);
3465 }
3466 if (Fixup.s.r_pcrel)
3467 SymAddr += Fixup.s.r_address;
3468 Value = Fixup.s.r_value;
3469 SymAddr -= Value; /* (-> addend only) */
3470
3471 /* Find the section number from the r_value. */
3472 pSymSect = NULL;
3473 for (iSymSect = 0; iSymSect < pThis->cSections; iSymSect++)
3474 {
3475 RTLDRADDR off = Value - pThis->paSections[iSymSect].LinkAddress;
3476 if (off < pThis->paSections[iSymSect].cb)
3477 {
3478 pSymSect = &pThis->paSections[iSymSect];
3479 break;
3480 }
3481 else if (off == pThis->paSections[iSymSect].cb) /* edge case */
3482 pSymSect = &pThis->paSections[iSymSect];
3483 }
3484 if (!pSymSect)
3485 return VERR_LDR_BAD_FIXUP;
3486
3487 /* Calc the symbol address. */
3488 SymAddr += Value - pSymSect->LinkAddress + pSymSect->RVA + NewBaseAddress;
3489 if (Fixup.s.r_pcrel)
3490 SymAddr -= Fixup.s.r_address + uBitsRva + NewBaseAddress;
3491
3492 Fixup.r.r_length = ((scattered_relocation_info_t *)&paFixups[iFixup])->r_length;
3493 Fixup.r.r_type = ((scattered_relocation_info_t *)&paFixups[iFixup])->r_type;
3494 }
3495
3496 /*
3497 * Write back the fixed up value.
3498 */
3499 if (Fixup.r.r_type == GENERIC_RELOC_VANILLA)
3500 {
3501 switch (Fixup.r.r_length)
3502 {
3503 case 0: *uFix.pu8 = (uint8_t)SymAddr; break;
3504 case 1: *uFix.pu16 = (uint16_t)SymAddr; break;
3505 case 2: *uFix.pu32 = (uint32_t)SymAddr; break;
3506 case 3: *uFix.pu64 = (uint64_t)SymAddr; break;
3507 }
3508 }
3509 else if (Fixup.r.r_type <= GENERIC_RELOC_LOCAL_SECTDIFF)
3510 return VERR_LDRMACHO_UNSUPPORTED_FIXUP_TYPE;
3511 else
3512 return VERR_LDR_BAD_FIXUP;
3513 }
3514
3515 return VINF_SUCCESS;
3516}
3517
3518
3519/**
3520 * Applies AMD64 fixups to a section.
3521 *
3522 * @returns IPRT status code.
3523 * @param pThis The Mach-O module interpreter instance.
3524 * @param pbBits Pointer to the section bits.
3525 * @param cbBits Size of the bits to fix up.
3526 * @param uBitsRva The RVA of the bits.
3527 * @param paFixups The fixups.
3528 * @param cFixups Number of fixups.
3529 * @param pauVirginData The virgin data / addends. Parallel to paFixups.
3530 * @param paSyms Pointer to the symbol table.
3531 * @param cSyms Number of symbols.
3532 * @param NewBaseAddress The new base image address.
3533 */
3534static int kldrModMachOApplyFixupsAMD64(PRTLDRMODMACHO pThis, uint8_t *pbBits, size_t cbBits, RTLDRADDR uBitsRva,
3535 const macho_relocation_union_t *paFixups,
3536 const uint32_t cFixups, PCRTUINT64U const pauVirginData,
3537 macho_nlist_64_t *paSyms, uint32_t cSyms, RTLDRADDR NewBaseAddress)
3538{
3539 /*
3540 * Iterate the fixups and apply them.
3541 */
3542 for (uint32_t iFixup = 0; iFixup < cFixups; iFixup++)
3543 {
3544 macho_relocation_union_t Fixup = paFixups[iFixup];
3545
3546 /* AMD64 doesn't use scattered fixups. */
3547 RTLDRMODMACHO_CHECK_RETURN(!(Fixup.r.r_address & R_SCATTERED), VERR_LDR_BAD_FIXUP);
3548
3549 /* sanity */
3550 RTLDRMODMACHO_CHECK_RETURN((uint32_t)Fixup.r.r_address + RT_BIT_32(Fixup.r.r_length) <= cbBits, VERR_LDR_BAD_FIXUP);
3551
3552 /* calc fixup addresses. */
3553 RTPTRUNION uFix;
3554 uFix.pv = pbBits + Fixup.r.r_address;
3555
3556 /*
3557 * Calc the symbol value.
3558 */
3559 /* Calc the linked symbol address / addend. */
3560 RTLDRADDR SymAddr;
3561 switch (Fixup.r.r_length)
3562 {
3563 case 2: SymAddr = (int32_t)pauVirginData[iFixup].au32[0]; break;
3564 case 3: SymAddr = (int64_t)pauVirginData[iFixup].u; break;
3565 default:
3566 RTLDRMODMACHO_FAILED_RETURN(VERR_LDR_BAD_FIXUP);
3567 }
3568
3569 /* Add symbol / section address. */
3570 if (Fixup.r.r_extern)
3571 {
3572 const macho_nlist_64_t *pSym;
3573
3574 RTLDRMODMACHO_CHECK_RETURN(Fixup.r.r_symbolnum < cSyms, VERR_LDR_BAD_FIXUP);
3575 pSym = &paSyms[Fixup.r.r_symbolnum];
3576 RTLDRMODMACHO_CHECK_RETURN(!(pSym->n_type & MACHO_N_STAB), VERR_LDR_BAD_FIXUP);
3577
3578 switch (Fixup.r.r_type)
3579 {
3580 /* GOT references just needs to have their symbol verified.
3581 Later, we'll optimize GOT building here using a parallel sym->got array. */
3582 case X86_64_RELOC_GOT_LOAD:
3583 case X86_64_RELOC_GOT:
3584 switch (pSym->n_type & MACHO_N_TYPE)
3585 {
3586 case MACHO_N_SECT:
3587 case MACHO_N_UNDF:
3588 case MACHO_N_ABS:
3589 break;
3590 case MACHO_N_INDR:
3591 case MACHO_N_PBUD:
3592 RTLDRMODMACHO_FAILED_RETURN(VERR_LDRMACHO_TODO);
3593 default:
3594 RTLDRMODMACHO_FAILED_RETURN(VERR_LDRMACHO_BAD_SYMBOL);
3595 }
3596 SymAddr = sizeof(uint64_t) * Fixup.r.r_symbolnum + pThis->GotRVA + NewBaseAddress;
3597 RTLDRMODMACHO_CHECK_RETURN(Fixup.r.r_length == 2, VERR_LDR_BAD_FIXUP);
3598 SymAddr -= 4;
3599 break;
3600
3601 /* Verify the r_pcrel field for signed fixups on the way into the default case. */
3602 case X86_64_RELOC_BRANCH:
3603 case X86_64_RELOC_SIGNED:
3604 case X86_64_RELOC_SIGNED_1:
3605 case X86_64_RELOC_SIGNED_2:
3606 case X86_64_RELOC_SIGNED_4:
3607 RTLDRMODMACHO_CHECK_RETURN(Fixup.r.r_pcrel, VERR_LDR_BAD_FIXUP);
3608 RT_FALL_THRU();
3609 default:
3610 {
3611 /* Adjust with fixup specific addend and verify unsigned/r_pcrel. */
3612 switch (Fixup.r.r_type)
3613 {
3614 case X86_64_RELOC_UNSIGNED:
3615 RTLDRMODMACHO_CHECK_RETURN(!Fixup.r.r_pcrel, VERR_LDR_BAD_FIXUP);
3616 break;
3617 case X86_64_RELOC_BRANCH:
3618 RTLDRMODMACHO_CHECK_RETURN(Fixup.r.r_length == 2, VERR_LDR_BAD_FIXUP);
3619 SymAddr -= 4;
3620 break;
3621 case X86_64_RELOC_SIGNED:
3622 case X86_64_RELOC_SIGNED_1:
3623 case X86_64_RELOC_SIGNED_2:
3624 case X86_64_RELOC_SIGNED_4:
3625 SymAddr -= 4;
3626 break;
3627 default:
3628 RTLDRMODMACHO_FAILED_RETURN(VERR_LDR_BAD_FIXUP);
3629 }
3630
3631 switch (pSym->n_type & MACHO_N_TYPE)
3632 {
3633 case MACHO_N_SECT:
3634 {
3635 PRTLDRMODMACHOSECT pSymSect;
3636 RTLDRMODMACHO_CHECK_RETURN((uint32_t)pSym->n_sect - 1 <= pThis->cSections, VERR_LDRMACHO_BAD_SYMBOL);
3637 pSymSect = &pThis->paSections[pSym->n_sect - 1];
3638 SymAddr += pSym->n_value - pSymSect->LinkAddress + pSymSect->RVA + NewBaseAddress;
3639 break;
3640 }
3641
3642 case MACHO_N_UNDF:
3643 /* branch to an external symbol may have to take a short detour. */
3644 if ( Fixup.r.r_type == X86_64_RELOC_BRANCH
3645 && SymAddr + Fixup.r.r_address + uBitsRva + NewBaseAddress
3646 - pSym->n_value
3647 + UINT64_C(0x80000000)
3648 >= UINT64_C(0xffffff20))
3649 {
3650 RTLDRMODMACHO_CHECK_RETURN(pThis->JmpStubsRVA != NIL_RTLDRADDR, VERR_LDR_ADDRESS_OVERFLOW);
3651 SymAddr += pThis->cbJmpStub * Fixup.r.r_symbolnum + pThis->JmpStubsRVA + NewBaseAddress;
3652 }
3653 else
3654 SymAddr += pSym->n_value;
3655 break;
3656
3657 case MACHO_N_ABS:
3658 SymAddr += pSym->n_value;
3659 break;
3660
3661 case MACHO_N_INDR:
3662 case MACHO_N_PBUD:
3663 RTLDRMODMACHO_FAILED_RETURN(VERR_LDRMACHO_TODO);
3664 default:
3665 RTLDRMODMACHO_FAILED_RETURN(VERR_LDRMACHO_BAD_SYMBOL);
3666 }
3667 break;
3668 }
3669
3670 /*
3671 * This is a weird customer, it will always be follows by an UNSIGNED fixup.
3672 * The value is calculated: target - pair_target.
3673 * Note! The linker generally eliminate these when linking modules rather
3674 * than objects (-r).
3675 */
3676 case X86_64_RELOC_SUBTRACTOR:
3677 {
3678 /* Deal with the SUBTRACT symbol first, by subtracting it from SymAddr. */
3679 switch (pSym->n_type & MACHO_N_TYPE)
3680 {
3681 case MACHO_N_SECT:
3682 {
3683 PRTLDRMODMACHOSECT pSymSect;
3684 RTLDRMODMACHO_CHECK_RETURN((uint32_t)pSym->n_sect - 1 <= pThis->cSections, VERR_LDRMACHO_BAD_SYMBOL);
3685 pSymSect = &pThis->paSections[pSym->n_sect - 1];
3686 SymAddr -= pSym->n_value - pSymSect->LinkAddress + pSymSect->RVA + NewBaseAddress;
3687 break;
3688 }
3689
3690 case MACHO_N_UNDF:
3691 case MACHO_N_ABS:
3692 SymAddr -= pSym->n_value;
3693 break;
3694
3695 case MACHO_N_INDR:
3696 case MACHO_N_PBUD:
3697 RTLDRMODMACHO_FAILED_RETURN(VERR_LDRMACHO_TODO);
3698 default:
3699 RTLDRMODMACHO_FAILED_RETURN(VERR_LDRMACHO_BAD_SYMBOL);
3700 }
3701
3702 /* Load the 2nd fixup, check sanity. */
3703 iFixup++;
3704 RTLDRMODMACHO_CHECK_RETURN(!Fixup.r.r_pcrel && iFixup < cFixups, VERR_LDR_BAD_FIXUP);
3705 macho_relocation_info_t const Fixup2 = paFixups[iFixup].r;
3706 RTLDRMODMACHO_CHECK_RETURN( Fixup2.r_address == Fixup.r.r_address
3707 && Fixup2.r_length == Fixup.r.r_length
3708 && Fixup2.r_type == X86_64_RELOC_UNSIGNED
3709 && !Fixup2.r_pcrel
3710 && Fixup2.r_symbolnum < cSyms,
3711 VERR_LDR_BAD_FIXUP);
3712
3713 if (Fixup2.r_extern)
3714 {
3715 RTLDRMODMACHO_CHECK_RETURN(Fixup2.r_symbolnum < cSyms, VERR_LDR_BAD_FIXUP);
3716 pSym = &paSyms[Fixup2.r_symbolnum];
3717 RTLDRMODMACHO_CHECK_RETURN(!(pSym->n_type & MACHO_N_STAB), VERR_LDR_BAD_FIXUP);
3718
3719 /* Add its value to SymAddr. */
3720 switch (pSym->n_type & MACHO_N_TYPE)
3721 {
3722 case MACHO_N_SECT:
3723 {
3724 PRTLDRMODMACHOSECT pSymSect;
3725 RTLDRMODMACHO_CHECK_RETURN((uint32_t)pSym->n_sect - 1 <= pThis->cSections, VERR_LDRMACHO_BAD_SYMBOL);
3726 pSymSect = &pThis->paSections[pSym->n_sect - 1];
3727 SymAddr += pSym->n_value - pSymSect->LinkAddress + pSymSect->RVA + NewBaseAddress;
3728 break;
3729 }
3730
3731 case MACHO_N_UNDF:
3732 case MACHO_N_ABS:
3733 SymAddr += pSym->n_value;
3734 break;
3735
3736 case MACHO_N_INDR:
3737 case MACHO_N_PBUD:
3738 RTLDRMODMACHO_FAILED_RETURN(VERR_LDRMACHO_TODO);
3739 default:
3740 RTLDRMODMACHO_FAILED_RETURN(VERR_LDRMACHO_BAD_SYMBOL);
3741 }
3742 }
3743 else if (Fixup2.r_symbolnum != R_ABS)
3744 {
3745 PRTLDRMODMACHOSECT pSymSect;
3746 RTLDRMODMACHO_CHECK_RETURN(Fixup2.r_symbolnum <= pThis->cSections, VERR_LDR_BAD_FIXUP);
3747 pSymSect = &pThis->paSections[Fixup2.r_symbolnum - 1];
3748 SymAddr += pSymSect->RVA - pSymSect->LinkAddress + NewBaseAddress;
3749 }
3750 else
3751 RTLDRMODMACHO_FAILED_RETURN(VERR_LDR_BAD_FIXUP);
3752 }
3753 break;
3754 }
3755 }
3756 else
3757 {
3758 /* verify against fixup type and make adjustments */
3759 switch (Fixup.r.r_type)
3760 {
3761 case X86_64_RELOC_UNSIGNED:
3762 RTLDRMODMACHO_CHECK_RETURN(!Fixup.r.r_pcrel, VERR_LDR_BAD_FIXUP);
3763 break;
3764 case X86_64_RELOC_BRANCH:
3765 RTLDRMODMACHO_CHECK_RETURN(Fixup.r.r_pcrel, VERR_LDR_BAD_FIXUP);
3766 SymAddr += 4; /* dunno what the assmbler/linker really is doing here... */
3767 break;
3768 case X86_64_RELOC_SIGNED:
3769 case X86_64_RELOC_SIGNED_1:
3770 case X86_64_RELOC_SIGNED_2:
3771 case X86_64_RELOC_SIGNED_4:
3772 RTLDRMODMACHO_CHECK_RETURN(Fixup.r.r_pcrel, VERR_LDR_BAD_FIXUP);
3773 break;
3774 /*case X86_64_RELOC_GOT_LOAD:*/
3775 /*case X86_64_RELOC_GOT: */
3776 /*case X86_64_RELOC_SUBTRACTOR: - must be r_extern=1 says as. */
3777 default:
3778 RTLDRMODMACHO_FAILED_RETURN(VERR_LDR_BAD_FIXUP);
3779 }
3780 if (Fixup.r.r_symbolnum != R_ABS)
3781 {
3782 PRTLDRMODMACHOSECT pSymSect;
3783 RTLDRMODMACHO_CHECK_RETURN(Fixup.r.r_symbolnum <= pThis->cSections, VERR_LDR_BAD_FIXUP);
3784 pSymSect = &pThis->paSections[Fixup.r.r_symbolnum - 1];
3785
3786 SymAddr -= pSymSect->LinkAddress;
3787 SymAddr += pSymSect->RVA + NewBaseAddress;
3788 if (Fixup.r.r_pcrel)
3789 SymAddr += Fixup.r.r_address;
3790 }
3791 }
3792
3793 /* adjust for PC relative */
3794 if (Fixup.r.r_pcrel)
3795 SymAddr -= Fixup.r.r_address + uBitsRva + NewBaseAddress;
3796
3797 /*
3798 * Write back the fixed up value.
3799 */
3800 switch (Fixup.r.r_length)
3801 {
3802 case 3:
3803 *uFix.pu64 = (uint64_t)SymAddr;
3804 break;
3805 case 2:
3806 RTLDRMODMACHO_CHECK_RETURN(Fixup.r.r_pcrel || Fixup.r.r_type == X86_64_RELOC_SUBTRACTOR, VERR_LDR_BAD_FIXUP);
3807 RTLDRMODMACHO_CHECK_RETURN((int32_t)SymAddr == (int64_t)SymAddr, VERR_LDR_ADDRESS_OVERFLOW);
3808 *uFix.pu32 = (uint32_t)SymAddr;
3809 break;
3810 default:
3811 RTLDRMODMACHO_FAILED_RETURN(VERR_LDR_BAD_FIXUP);
3812 }
3813 }
3814
3815 return VINF_SUCCESS;
3816}
3817
3818
3819/**
3820 * Loads the symbol table (LC_SYMTAB).
3821 *
3822 * The symbol table is pointed to by RTLDRMODMACHO::pvaSymbols.
3823 *
3824 * @returns IPRT status code.
3825 * @param pThis The Mach-O module interpreter instance.
3826 */
3827static int kldrModMachOLoadObjSymTab(PRTLDRMODMACHO pThis)
3828{
3829 int rc = VINF_SUCCESS;
3830
3831 if ( !pThis->pvaSymbols
3832 && pThis->cSymbols)
3833 {
3834 size_t cbSyms;
3835 size_t cbSym;
3836 void *pvSyms;
3837 void *pvStrings;
3838
3839 /* sanity */
3840 RTLDRMODMACHO_CHECK_RETURN( pThis->offSymbols
3841 && (!pThis->cchStrings || pThis->offStrings),
3842 VERR_LDRMACHO_BAD_OBJECT_FILE);
3843
3844 /* allocate */
3845 cbSym = pThis->Hdr.magic == IMAGE_MACHO32_SIGNATURE
3846 || pThis->Hdr.magic == IMAGE_MACHO32_SIGNATURE_OE
3847 ? sizeof(macho_nlist_32_t)
3848 : sizeof(macho_nlist_64_t);
3849 cbSyms = pThis->cSymbols * cbSym;
3850 RTLDRMODMACHO_CHECK_RETURN(cbSyms / cbSym == pThis->cSymbols, VERR_LDRMACHO_BAD_SYMTAB_SIZE);
3851 rc = VERR_NO_MEMORY;
3852 pvSyms = RTMemAlloc(cbSyms);
3853 if (pvSyms)
3854 {
3855 if (pThis->cchStrings)
3856 pvStrings = RTMemAlloc(pThis->cchStrings);
3857 else
3858 pvStrings = RTMemAllocZ(4);
3859 if (pvStrings)
3860 {
3861 /* read */
3862 rc = pThis->Core.pReader->pfnRead(pThis->Core.pReader, pvSyms, cbSyms, pThis->offSymbols);
3863 if (RT_SUCCESS(rc) && pThis->cchStrings)
3864 rc = pThis->Core.pReader->pfnRead(pThis->Core.pReader, pvStrings, pThis->cchStrings, pThis->offStrings);
3865 if (RT_SUCCESS(rc))
3866 {
3867 pThis->pvaSymbols = pvSyms;
3868 pThis->pchStrings = (char *)pvStrings;
3869
3870 /* perform endian conversion? */
3871 if (pThis->Hdr.magic == IMAGE_MACHO32_SIGNATURE_OE)
3872 {
3873 uint32_t cLeft = pThis->cSymbols;
3874 macho_nlist_32_t *pSym = (macho_nlist_32_t *)pvSyms;
3875 while (cLeft-- > 0)
3876 {
3877 pSym->n_un.n_strx = RT_BSWAP_U32(pSym->n_un.n_strx);
3878 pSym->n_desc = (int16_t)RT_BSWAP_U16(pSym->n_desc);
3879 pSym->n_value = RT_BSWAP_U32(pSym->n_value);
3880 pSym++;
3881 }
3882 }
3883 else if (pThis->Hdr.magic == IMAGE_MACHO64_SIGNATURE_OE)
3884 {
3885 uint32_t cLeft = pThis->cSymbols;
3886 macho_nlist_64_t *pSym = (macho_nlist_64_t *)pvSyms;
3887 while (cLeft-- > 0)
3888 {
3889 pSym->n_un.n_strx = RT_BSWAP_U32(pSym->n_un.n_strx);
3890 pSym->n_desc = (int16_t)RT_BSWAP_U16(pSym->n_desc);
3891 pSym->n_value = RT_BSWAP_U64(pSym->n_value);
3892 pSym++;
3893 }
3894 }
3895
3896 return VINF_SUCCESS;
3897 }
3898 RTMemFree(pvStrings);
3899 }
3900 RTMemFree(pvSyms);
3901 }
3902 }
3903 else
3904 RTLDRMODMACHO_ASSERT(pThis->pchStrings || pThis->Hdr.filetype == MH_DSYM);
3905
3906 return rc;
3907}
3908
3909
3910/**
3911 * Loads the fixups at the given address and performs endian
3912 * conversion if necessary.
3913 *
3914 * @returns IPRT status code.
3915 * @param pThis The Mach-O module interpreter instance.
3916 * @param offFixups The file offset of the fixups.
3917 * @param cFixups The number of fixups to load.
3918 * @param ppaFixups Where to put the pointer to the allocated fixup array.
3919 */
3920static int kldrModMachOLoadFixups(PRTLDRMODMACHO pThis, RTFOFF offFixups, uint32_t cFixups, macho_relocation_union_t **ppaFixups)
3921{
3922 macho_relocation_union_t *paFixups;
3923 size_t cbFixups;
3924
3925 /* allocate the memory. */
3926 cbFixups = cFixups * sizeof(*paFixups);
3927 RTLDRMODMACHO_CHECK_RETURN(cbFixups / sizeof(*paFixups) == cFixups, VERR_LDRMACHO_BAD_SYMTAB_SIZE);
3928 paFixups = (macho_relocation_union_t *)RTMemAlloc(cbFixups);
3929 if (!paFixups)
3930 return VERR_NO_MEMORY;
3931
3932 /* read the fixups. */
3933 int rc = pThis->Core.pReader->pfnRead(pThis->Core.pReader, paFixups, cbFixups, offFixups);
3934 if (RT_SUCCESS(rc))
3935 {
3936 *ppaFixups = paFixups;
3937
3938 /* do endian conversion if necessary. */
3939 if ( pThis->Hdr.magic == IMAGE_MACHO32_SIGNATURE_OE
3940 || pThis->Hdr.magic == IMAGE_MACHO64_SIGNATURE_OE)
3941 {
3942 uint32_t iFixup;
3943 for (iFixup = 0; iFixup < cFixups; iFixup++)
3944 {
3945 uint32_t *pu32 = (uint32_t *)&paFixups[iFixup];
3946 pu32[0] = RT_BSWAP_U32(pu32[0]);
3947 pu32[1] = RT_BSWAP_U32(pu32[1]);
3948 }
3949 }
3950 }
3951 else
3952 RTMemFree(paFixups);
3953 return rc;
3954}
3955
3956
3957/**
3958 * Loads virgin data (addends) for an array of fixups.
3959 *
3960 * @returns IPRT status code.
3961 * @param pThis The Mach-O module interpreter instance.
3962 * @param pbBits The virgin bits to lift the data from
3963 * @param cbBits The number of virgin bytes.
3964 * @param paFixups The fixups.
3965 * @param cFixups Number of fixups
3966 * @param pszName Name for logging.
3967 * @param ppauVirginData Where to return the virgin data.
3968 */
3969static int rtldrMachOLoadVirginData(PRTLDRMODMACHO pThis, uint8_t const *pbBits, size_t cbBits,
3970 macho_relocation_union_t const *paFixups, uint32_t cFixups, const char *pszName,
3971 PRTUINT64U *ppauVirginData)
3972{
3973 /*
3974 * In case we jettisoned the fixups, we will leave virgin data.
3975 */
3976 if (*ppauVirginData)
3977 return VINF_SUCCESS;
3978
3979#ifdef LOG_ENABLED
3980 /*
3981 * Ensure that we've got the symbol table if we're logging fixups.
3982 */
3983 if (LogIs5Enabled())
3984 {
3985 int rc = kldrModMachOLoadObjSymTab(pThis);
3986 if (RT_FAILURE(rc))
3987 return rc;
3988 }
3989#endif
3990
3991
3992 /*
3993 * Allocate memory and iterate the fixups to get the data.
3994 */
3995 PRTUINT64U pauVirginData = *ppauVirginData = (PRTUINT64U)RTMemAllocZ(sizeof(uint64_t) * cFixups);
3996 if (pauVirginData)
3997 {
3998 Log5(("Fixups for %s: (%u)\n", pszName, cFixups));
3999 for (uint32_t i = 0; i < cFixups; i++)
4000 {
4001 uint32_t off;
4002 uint32_t cShift;
4003 if (!paFixups[i].s.r_scattered)
4004 {
4005 off = paFixups[i].r.r_address;
4006 cShift = paFixups[i].r.r_length;
4007 }
4008 else
4009 {
4010 off = paFixups[i].s.r_address;
4011 cShift = paFixups[i].s.r_length;
4012 }
4013 RTLDRMODMACHO_CHECK_RETURN(off + RT_BIT_32(cShift) <= cbBits, VERR_LDR_BAD_FIXUP);
4014
4015 /** @todo This ASSUMES same endian in the image and on the host. Would need
4016 * to check target cpu (pThis->Core.enmArch) endianness against host to get
4017 * it right... (outside the loop, obviously) */
4018 switch (cShift)
4019 {
4020 case 3:
4021 pauVirginData[i].u = RT_MAKE_U64_FROM_U8(pbBits[off], pbBits[off + 1], pbBits[off + 2], pbBits[off + 3],
4022 pbBits[off + 4], pbBits[off + 5], pbBits[off + 6], pbBits[off + 7]);
4023 break;
4024 case 2:
4025 pauVirginData[i].u = (int32_t)RT_MAKE_U32_FROM_U8(pbBits[off], pbBits[off + 1], pbBits[off + 2], pbBits[off + 3]);
4026 break;
4027 case 1:
4028 pauVirginData[i].u = (int16_t)RT_MAKE_U16(pbBits[off], pbBits[off + 1]);
4029 break;
4030 case 0:
4031 pauVirginData[i].u = (int8_t)pbBits[off];
4032 break;
4033 default:
4034 RTLDRMODMACHO_FAILED_RETURN(VERR_LDR_BAD_FIXUP);
4035 }
4036
4037#ifdef LOG_ENABLED
4038 if (LogIs5Enabled())
4039 {
4040 if (!paFixups[i].s.r_scattered)
4041 {
4042 Log5((" #%06x: %#08x LB %u: t=%#x pc=%u ex=%u sym=%#010x add=%#RX64\n",
4043 i, off, RT_BIT_32(cShift), paFixups[i].r.r_type, paFixups[i].r.r_pcrel, paFixups[i].r.r_extern,
4044 paFixups[i].r.r_symbolnum, pauVirginData[i].u));
4045 if (paFixups[i].r.r_symbolnum < pThis->cSymbols)
4046 {
4047 if (pThis->Hdr.magic == IMAGE_MACHO64_SIGNATURE || pThis->Hdr.magic == IMAGE_MACHO64_SIGNATURE_OE)
4048 {
4049 macho_nlist_64_t const *pSym = (macho_nlist_64_t const *)pThis->pvaSymbols + paFixups[i].r.r_symbolnum;
4050 Log5((" sym: %#04x:%#018RX64 t=%#04x d=%#06x %s\n",
4051 pSym->n_sect, pSym->n_value, pSym->n_type, pSym->n_desc,
4052 pSym->n_un.n_strx < pThis->cchStrings ? &pThis->pchStrings[pSym->n_un.n_strx] : ""));
4053
4054 }
4055 else
4056 {
4057 macho_nlist_32_t const *pSym = (macho_nlist_32_t const *)pThis->pvaSymbols + paFixups[i].r.r_symbolnum;
4058 Log5((" sym: %#04x:%#010RX32 t=%#04x d=%#06x %s\n",
4059 pSym->n_sect, pSym->n_value, pSym->n_type, pSym->n_desc,
4060 (uint32_t)pSym->n_un.n_strx < pThis->cchStrings ? &pThis->pchStrings[pSym->n_un.n_strx] : ""));
4061 }
4062 }
4063 }
4064 else
4065 Log5((" #%06x: %#08x LB %u: t=%#x pc=%u val=%#010x add=%#RX64\n", i, off, RT_BIT_32(cShift),
4066 paFixups[i].s.r_type, paFixups[i].s.r_pcrel, paFixups[i].s.r_value, pauVirginData[i].u));
4067 }
4068#endif
4069 }
4070 return VINF_SUCCESS;
4071 }
4072 RT_NOREF(pThis, pszName);
4073 return VERR_NO_MEMORY;
4074}
4075
4076
4077/**
4078 * MH_OBJECT: Loads fixups and addends for each section.
4079 *
4080 * @returns IPRT status code.
4081 * @param pThis The Mach-O module interpreter instance.
4082 * @param pbBits The image bits. First time we're called, these are
4083 * ASSUMED to be in virgin state and suitable for
4084 * saving addends.
4085 */
4086static int rtldrMachOObjLoadFixupsAndVirginData(PRTLDRMODMACHO pThis, uint8_t const *pbBits)
4087{
4088 PRTLDRMODMACHOSECT pSect = pThis->paSections;
4089 for (uint32_t i = 0; i < pThis->cSections; i++, pSect++)
4090 if ( !pSect->paFixups
4091 && pSect->cFixups > 0)
4092 {
4093 /*
4094 * Load and endian convert the fixups.
4095 */
4096 int rc = kldrModMachOLoadFixups(pThis, pSect->offFixups, pSect->cFixups, &pSect->paFixups);
4097 if (RT_SUCCESS(rc))
4098 {
4099 /*
4100 * Save virgin data (addends) for each fixup.
4101 */
4102 rc = rtldrMachOLoadVirginData(pThis, &pbBits[(size_t)pSect->RVA], (size_t)pSect->cb, pSect->paFixups, pSect->cFixups,
4103 pThis->aSegments[pSect->iSegment].SegInfo.pszName, &pSect->pauFixupVirginData);
4104 if (RT_SUCCESS(rc))
4105 continue;
4106
4107 RTMemFree(pSect->pauFixupVirginData);
4108 pSect->pauFixupVirginData = NULL;
4109 RTMemFree(pSect->paFixups);
4110 pSect->paFixups = NULL;
4111 }
4112 return rc;
4113 }
4114
4115 return VINF_SUCCESS;
4116}
4117
4118
4119/**
4120 * Dylib: Loads fixups and addends.
4121 *
4122 * @returns IPRT status code.
4123 * @param pThis The Mach-O module interpreter instance.
4124 * @param pbBits The image bits. First time we're called, these are
4125 * ASSUMED to be in virgin state and suitable for
4126 * saving addends.
4127 */
4128static int rtldrMachODylibLoadFixupsAndVirginData(PRTLDRMODMACHO pThis, uint8_t const *pbBits)
4129{
4130 /*
4131 * Don't do it again if we already loaded them.
4132 */
4133 if (pThis->paRelocations)
4134 {
4135 Assert(pThis->pauRelocationsVirginData);
4136 return VINF_SUCCESS;
4137 }
4138
4139 /*
4140 * There must be a LC_DYSYMTAB. Fixups are optionals.
4141 */
4142 dysymtab_command_t const *pDySymTab = pThis->pDySymTab;
4143 AssertReturn(pDySymTab, VERR_INTERNAL_ERROR_2);
4144 uint32_t cRelocations = pDySymTab->nlocrel + pDySymTab->nextrel;
4145 if (cRelocations == 0)
4146 return VINF_SUCCESS;
4147
4148 /*
4149 * Load fixups.
4150 */
4151 int rc = VINF_SUCCESS;
4152 uint32_t *paRawRelocs = (uint32_t *)RTMemAlloc(cRelocations * sizeof(macho_relocation_union_t));
4153 if (paRawRelocs)
4154 {
4155 pThis->paRelocations = (macho_relocation_union_t *)paRawRelocs;
4156
4157 if (pDySymTab->nextrel)
4158 rc = pThis->Core.pReader->pfnRead(pThis->Core.pReader, paRawRelocs,
4159 pDySymTab->nextrel * sizeof(macho_relocation_union_t), pDySymTab->extreloff);
4160 if (pDySymTab->nlocrel && RT_SUCCESS(rc))
4161 rc = pThis->Core.pReader->pfnRead(pThis->Core.pReader,
4162 (uint8_t *)paRawRelocs + pDySymTab->nextrel * sizeof(macho_relocation_union_t),
4163 pDySymTab->nlocrel * sizeof(macho_relocation_union_t), pDySymTab->locreloff);
4164 if (RT_SUCCESS(rc))
4165 {
4166 /* Byte swap if needed. */
4167 if ( pThis->Hdr.magic == IMAGE_MACHO32_SIGNATURE_OE
4168 || pThis->Hdr.magic == IMAGE_MACHO64_SIGNATURE_OE)
4169 {
4170 for (uint32_t i = 0; i < cRelocations; i++)
4171 {
4172 paRawRelocs[i * 2] = RT_BSWAP_U32(paRawRelocs[i * 2]);
4173 paRawRelocs[i * 2 + 1] = RT_BSWAP_U32(paRawRelocs[i * 2 + 1]);
4174 }
4175 ASMCompilerBarrier();
4176 }
4177
4178 /*
4179 * Load virgin data (addends).
4180 */
4181 rc = rtldrMachOLoadVirginData(pThis, pbBits, (size_t)pThis->cbImage, pThis->paRelocations, cRelocations,
4182 "whole-image", &pThis->pauRelocationsVirginData);
4183 if (RT_SUCCESS(rc))
4184 return VINF_SUCCESS;
4185
4186 RTMemFree(pThis->pauRelocationsVirginData);
4187 pThis->pauRelocationsVirginData = NULL;
4188 }
4189 RTMemFree(pThis->paRelocations);
4190 pThis->paRelocations = NULL;
4191 }
4192 else
4193 rc = VERR_NO_MEMORY;
4194 return rc;
4195}
4196
4197#if 0
4198
4199/** @copydoc kLdrModCallInit */
4200static int kldrModMachOCallInit(PRTLDRMODINTERNAL pMod, void *pvMapping, uintptr_t uHandle)
4201{
4202 /* later */
4203 RT_NOREF(pMod);
4204 RT_NOREF(pvMapping);
4205 RT_NOREF(uHandle);
4206 return VINF_SUCCESS;
4207}
4208
4209
4210/** @copydoc kLdrModCallTerm */
4211static int kldrModMachOCallTerm(PRTLDRMODINTERNAL pMod, void *pvMapping, uintptr_t uHandle)
4212{
4213 /* later */
4214 RT_NOREF(pMod);
4215 RT_NOREF(pvMapping);
4216 RT_NOREF(uHandle);
4217 return VINF_SUCCESS;
4218}
4219
4220
4221/** @copydoc kLdrModCallThread */
4222static int kldrModMachOCallThread(PRTLDRMODINTERNAL pMod, void *pvMapping, uintptr_t uHandle, unsigned fAttachingOrDetaching)
4223{
4224 /* Relevant for Mach-O? */
4225 RT_NOREF(pMod);
4226 RT_NOREF(pvMapping);
4227 RT_NOREF(uHandle);
4228 RT_NOREF(fAttachingOrDetaching);
4229 return VINF_SUCCESS;
4230}
4231
4232#endif
4233
4234/**
4235 * @interface_method_impl{RTLDROPS,pfnGetImageSize}
4236 */
4237static DECLCALLBACK(size_t) rtldrMachO_GetImageSize(PRTLDRMODINTERNAL pMod)
4238{
4239 PRTLDRMODMACHO pThis = RT_FROM_MEMBER(pMod, RTLDRMODMACHO, Core);
4240 return pThis->cbImage;
4241}
4242
4243
4244/**
4245 * @interface_method_impl{RTLDROPS,pfnGetBits}
4246 */
4247static DECLCALLBACK(int) rtldrMachO_GetBits(PRTLDRMODINTERNAL pMod, void *pvBits, RTUINTPTR BaseAddress,
4248 PFNRTLDRIMPORT pfnGetImport, void *pvUser)
4249{
4250 PRTLDRMODMACHO pThis = RT_FROM_MEMBER(pMod, RTLDRMODMACHO, Core);
4251
4252 if (!pThis->fCanLoad)
4253 return VERR_LDRMACHO_TODO;
4254
4255 /*
4256 * Zero the entire buffer first to simplify things.
4257 */
4258 memset(pvBits, 0, (size_t)pThis->cbImage);
4259
4260 /*
4261 * When possible use the segment table to load the data.
4262 */
4263 for (uint32_t i = 0; i < pThis->cSegments; i++)
4264 {
4265 /* skip it? */
4266 if ( pThis->aSegments[i].SegInfo.cbFile == -1
4267 || pThis->aSegments[i].SegInfo.offFile == -1
4268 || pThis->aSegments[i].SegInfo.RVA == NIL_RTLDRADDR
4269 || pThis->aSegments[i].SegInfo.cbMapped == 0
4270 || !pThis->aSegments[i].SegInfo.Alignment)
4271 continue;
4272 int rc = pThis->Core.pReader->pfnRead(pThis->Core.pReader,
4273 (uint8_t *)pvBits + pThis->aSegments[i].SegInfo.RVA,
4274 pThis->aSegments[i].SegInfo.cbFile,
4275 pThis->aSegments[i].SegInfo.offFile);
4276 if (RT_FAILURE(rc))
4277 return rc;
4278 }
4279
4280 /*
4281 * Perform relocations.
4282 */
4283 return rtldrMachO_RelocateBits(pMod, pvBits, BaseAddress, pThis->LinkAddress, pfnGetImport, pvUser);
4284}
4285
4286
4287/**
4288 * @interface_method_impl{RTLDROPS,pfnRelocate}
4289 */
4290static DECLCALLBACK(int) rtldrMachO_RelocateBits(PRTLDRMODINTERNAL pMod, void *pvBits, RTUINTPTR NewBaseAddress,
4291 RTUINTPTR OldBaseAddress, PFNRTLDRIMPORT pfnGetImport, void *pvUser)
4292{
4293 PRTLDRMODMACHO pThis = RT_FROM_MEMBER(pMod, RTLDRMODMACHO, Core);
4294 int rc;
4295
4296 /*
4297 * Call workers to do the jobs.
4298 */
4299 if (pThis->Hdr.filetype == MH_OBJECT)
4300 {
4301 rc = rtldrMachOObjLoadFixupsAndVirginData(pThis, (uint8_t const *)pvBits);
4302 if (RT_SUCCESS(rc))
4303 rc = kldrModMachOObjDoImports(pThis, NewBaseAddress, pfnGetImport, pvUser);
4304 if (RT_SUCCESS(rc))
4305 rc = kldrModMachOObjDoFixups(pThis, pvBits, NewBaseAddress);
4306
4307 }
4308 else
4309 {
4310 rc = rtldrMachODylibLoadFixupsAndVirginData(pThis, (uint8_t const *)pvBits);
4311 if (RT_SUCCESS(rc))
4312 rc = kldrModMachODylibDoImports(pThis, NewBaseAddress, pfnGetImport, pvUser);
4313 if (RT_SUCCESS(rc))
4314 rc = kldrModMachODylibDoIndirectSymbols(pThis, pvBits, NewBaseAddress - OldBaseAddress);
4315 if (RT_SUCCESS(rc))
4316 rc = kldrModMachODylibDoFixups(pThis, pvBits, NewBaseAddress);
4317 }
4318
4319 /*
4320 * Construct the global offset table if necessary, it's always the last
4321 * segment when present.
4322 */
4323 if (RT_SUCCESS(rc) && pThis->fMakeGot)
4324 rc = kldrModMachOMakeGOT(pThis, pvBits, NewBaseAddress);
4325
4326 return rc;
4327}
4328
4329
4330/**
4331 * Builds the GOT.
4332 *
4333 * Assumes the symbol table has all external symbols resolved correctly and that
4334 * the bits has been cleared up front.
4335 */
4336static int kldrModMachOMakeGOT(PRTLDRMODMACHO pThis, void *pvBits, RTLDRADDR NewBaseAddress)
4337{
4338 uint32_t iSym = pThis->cSymbols;
4339 if ( pThis->Hdr.magic == IMAGE_MACHO32_SIGNATURE
4340 || pThis->Hdr.magic == IMAGE_MACHO32_SIGNATURE_OE)
4341 {
4342 macho_nlist_32_t const *paSyms = (macho_nlist_32_t const *)pThis->pvaSymbols;
4343 uint32_t *paGOT = (uint32_t *)((uint8_t *)pvBits + pThis->GotRVA);
4344 while (iSym-- > 0)
4345 switch (paSyms[iSym].n_type & MACHO_N_TYPE)
4346 {
4347 case MACHO_N_SECT:
4348 {
4349 PRTLDRMODMACHOSECT pSymSect;
4350 RTLDRMODMACHO_CHECK_RETURN((uint32_t)paSyms[iSym].n_sect - 1 <= pThis->cSections, VERR_LDRMACHO_BAD_SYMBOL);
4351 pSymSect = &pThis->paSections[paSyms[iSym].n_sect - 1];
4352 paGOT[iSym] = (uint32_t)(paSyms[iSym].n_value - pSymSect->LinkAddress + pSymSect->RVA + NewBaseAddress);
4353 break;
4354 }
4355
4356 case MACHO_N_UNDF:
4357 case MACHO_N_ABS:
4358 paGOT[iSym] = paSyms[iSym].n_value;
4359 break;
4360 }
4361 }
4362 else
4363 {
4364 macho_nlist_64_t const *paSyms = (macho_nlist_64_t const *)pThis->pvaSymbols;
4365 uint64_t *paGOT = (uint64_t *)((uint8_t *)pvBits + pThis->GotRVA);
4366 while (iSym-- > 0)
4367 {
4368 switch (paSyms[iSym].n_type & MACHO_N_TYPE)
4369 {
4370 case MACHO_N_SECT:
4371 {
4372 PRTLDRMODMACHOSECT pSymSect;
4373 RTLDRMODMACHO_CHECK_RETURN((uint32_t)paSyms[iSym].n_sect - 1 <= pThis->cSections, VERR_LDRMACHO_BAD_SYMBOL);
4374 pSymSect = &pThis->paSections[paSyms[iSym].n_sect - 1];
4375 paGOT[iSym] = paSyms[iSym].n_value - pSymSect->LinkAddress + pSymSect->RVA + NewBaseAddress;
4376 break;
4377 }
4378
4379 case MACHO_N_UNDF:
4380 case MACHO_N_ABS:
4381 paGOT[iSym] = paSyms[iSym].n_value;
4382 break;
4383 }
4384 }
4385
4386 if (pThis->JmpStubsRVA != NIL_RTLDRADDR)
4387 {
4388 iSym = pThis->cSymbols;
4389 switch (pThis->Hdr.cputype)
4390 {
4391 /*
4392 * AMD64 is simple since the GOT and the indirect jmps are parallel
4393 * arrays with entries of the same size. The relative offset will
4394 * be the the same for each entry, kind of nice. :-)
4395 */
4396 case CPU_TYPE_X86_64:
4397 {
4398 uint64_t *paJmps = (uint64_t *)((uint8_t *)pvBits + pThis->JmpStubsRVA);
4399 int32_t off;
4400 uint64_t u64Tmpl;
4401 union
4402 {
4403 uint8_t ab[8];
4404 uint64_t u64;
4405 } Tmpl;
4406
4407 /* create the template. */
4408 off = (int32_t)(pThis->GotRVA - (pThis->JmpStubsRVA + 6));
4409 Tmpl.ab[0] = 0xff; /* jmp [GOT-entry wrt RIP] */
4410 Tmpl.ab[1] = 0x25;
4411 Tmpl.ab[2] = off & 0xff;
4412 Tmpl.ab[3] = (off >> 8) & 0xff;
4413 Tmpl.ab[4] = (off >> 16) & 0xff;
4414 Tmpl.ab[5] = (off >> 24) & 0xff;
4415 Tmpl.ab[6] = 0xcc;
4416 Tmpl.ab[7] = 0xcc;
4417 u64Tmpl = Tmpl.u64;
4418
4419 /* copy the template to every jmp table entry. */
4420 while (iSym-- > 0)
4421 paJmps[iSym] = u64Tmpl;
4422 break;
4423 }
4424
4425 default:
4426 RTLDRMODMACHO_FAILED_RETURN(VERR_LDRMACHO_TODO);
4427 }
4428 }
4429 }
4430 return VINF_SUCCESS;
4431}
4432
4433
4434/**
4435 * @interface_method_impl{RTLDROPS,pfnEnumSegments}
4436 */
4437static DECLCALLBACK(int) rtldrMachO_EnumSegments(PRTLDRMODINTERNAL pMod, PFNRTLDRENUMSEGS pfnCallback, void *pvUser)
4438{
4439 PRTLDRMODMACHO pThis = RT_FROM_MEMBER(pMod, RTLDRMODMACHO, Core);
4440 uint32_t const cSegments = pThis->cSegments;
4441 for (uint32_t iSeg = 0; iSeg < cSegments; iSeg++)
4442 {
4443 int rc = pfnCallback(pMod, &pThis->aSegments[iSeg].SegInfo, pvUser);
4444 if (rc != VINF_SUCCESS)
4445 return rc;
4446 }
4447
4448 return VINF_SUCCESS;
4449}
4450
4451
4452/**
4453 * @interface_method_impl{RTLDROPS,pfnLinkAddressToSegOffset}
4454 */
4455static DECLCALLBACK(int) rtldrMachO_LinkAddressToSegOffset(PRTLDRMODINTERNAL pMod, RTLDRADDR LinkAddress,
4456 uint32_t *piSeg, PRTLDRADDR poffSeg)
4457{
4458 PRTLDRMODMACHO pThis = RT_FROM_MEMBER(pMod, RTLDRMODMACHO, Core);
4459 uint32_t const cSegments = pThis->cSegments;
4460 for (uint32_t iSeg = 0; iSeg < cSegments; iSeg++)
4461 if (pThis->aSegments[iSeg].SegInfo.RVA != NIL_RTLDRADDR)
4462 {
4463 Assert(pThis->aSegments[iSeg].SegInfo.cbMapped != NIL_RTLDRADDR);
4464 RTLDRADDR offSeg = LinkAddress - pThis->aSegments[iSeg].SegInfo.LinkAddress;
4465 if ( offSeg < pThis->aSegments[iSeg].SegInfo.cbMapped
4466 || offSeg < pThis->aSegments[iSeg].SegInfo.cb)
4467 {
4468 *piSeg = iSeg;
4469 *poffSeg = offSeg;
4470 return VINF_SUCCESS;
4471 }
4472 }
4473
4474 return VERR_LDR_INVALID_LINK_ADDRESS;
4475}
4476
4477
4478/**
4479 * @interface_method_impl{RTLDROPS,pfnLinkAddressToRva}
4480 */
4481static DECLCALLBACK(int) rtldrMachO_LinkAddressToRva(PRTLDRMODINTERNAL pMod, RTLDRADDR LinkAddress, PRTLDRADDR pRva)
4482{
4483 PRTLDRMODMACHO pThis = RT_FROM_MEMBER(pMod, RTLDRMODMACHO, Core);
4484 uint32_t const cSegments = pThis->cSegments;
4485 for (uint32_t iSeg = 0; iSeg < cSegments; iSeg++)
4486 if (pThis->aSegments[iSeg].SegInfo.RVA != NIL_RTLDRADDR)
4487 {
4488 Assert(pThis->aSegments[iSeg].SegInfo.cbMapped != NIL_RTLDRADDR);
4489 RTLDRADDR offSeg = LinkAddress - pThis->aSegments[iSeg].SegInfo.LinkAddress;
4490 if ( offSeg < pThis->aSegments[iSeg].SegInfo.cbMapped
4491 || offSeg < pThis->aSegments[iSeg].SegInfo.cb)
4492 {
4493 *pRva = pThis->aSegments[iSeg].SegInfo.RVA + offSeg;
4494 return VINF_SUCCESS;
4495 }
4496 }
4497
4498 return VERR_LDR_INVALID_RVA;
4499}
4500
4501
4502/**
4503 * @interface_method_impl{RTLDROPS,pfnSegOffsetToRva}
4504 */
4505static DECLCALLBACK(int) rtldrMachO_SegOffsetToRva(PRTLDRMODINTERNAL pMod, uint32_t iSeg, RTLDRADDR offSeg, PRTLDRADDR pRva)
4506{
4507 PRTLDRMODMACHO pThis = RT_FROM_MEMBER(pMod, RTLDRMODMACHO, Core);
4508
4509 if (iSeg >= pThis->cSegments)
4510 return VERR_LDR_INVALID_SEG_OFFSET;
4511 RTLDRMODMACHOSEG const *pSegment = &pThis->aSegments[iSeg];
4512
4513 if (pSegment->SegInfo.RVA == NIL_RTLDRADDR)
4514 return VERR_LDR_INVALID_SEG_OFFSET;
4515
4516 if ( offSeg > pSegment->SegInfo.cbMapped
4517 && offSeg > pSegment->SegInfo.cb
4518 && ( pSegment->SegInfo.cbFile < 0
4519 || offSeg > (uint64_t)pSegment->SegInfo.cbFile))
4520 return VERR_LDR_INVALID_SEG_OFFSET;
4521
4522 *pRva = pSegment->SegInfo.RVA + offSeg;
4523 return VINF_SUCCESS;
4524}
4525
4526
4527/**
4528 * @interface_method_impl{RTLDROPS,pfnRvaToSegOffset}
4529 */
4530static DECLCALLBACK(int) rtldrMachO_RvaToSegOffset(PRTLDRMODINTERNAL pMod, RTLDRADDR Rva, uint32_t *piSeg, PRTLDRADDR poffSeg)
4531{
4532 PRTLDRMODMACHO pThis = RT_FROM_MEMBER(pMod, RTLDRMODMACHO, Core);
4533 uint32_t const cSegments = pThis->cSegments;
4534 for (uint32_t iSeg = 0; iSeg < cSegments; iSeg++)
4535 if (pThis->aSegments[iSeg].SegInfo.RVA != NIL_RTLDRADDR)
4536 {
4537 Assert(pThis->aSegments[iSeg].SegInfo.cbMapped != NIL_RTLDRADDR);
4538 RTLDRADDR offSeg = Rva - pThis->aSegments[iSeg].SegInfo.RVA;
4539 if ( offSeg < pThis->aSegments[iSeg].SegInfo.cbMapped
4540 || offSeg < pThis->aSegments[iSeg].SegInfo.cb)
4541 {
4542 *piSeg = iSeg;
4543 *poffSeg = offSeg;
4544 return VINF_SUCCESS;
4545 }
4546 }
4547
4548 return VERR_LDR_INVALID_RVA;
4549}
4550
4551
4552/**
4553 * @interface_method_impl{RTLDROPS,pfnReadDbgInfo}
4554 */
4555static DECLCALLBACK(int) rtldrMachO_ReadDbgInfo(PRTLDRMODINTERNAL pMod, uint32_t iDbgInfo, RTFOFF off, size_t cb, void *pvBuf)
4556{
4557 PRTLDRMODMACHO pThis = RT_FROM_MEMBER(pMod, RTLDRMODMACHO, Core);
4558
4559 /** @todo May have to apply fixups here. */
4560 if (iDbgInfo < pThis->cSections)
4561 return pThis->Core.pReader->pfnRead(pThis->Core.pReader, pvBuf, cb, off);
4562 return VERR_OUT_OF_RANGE;
4563}
4564
4565
4566/**
4567 * Loads the code signing blob if necessary (RTLDRMODMACHO::PtrCodeSignature).
4568 *
4569 * @returns IPRT status code.
4570 * @param pThis The mach-o instance.
4571 */
4572static int rtldrMachO_LoadSignatureBlob(PRTLDRMODMACHO pThis)
4573{
4574 Assert(pThis->cbCodeSignature > 0);
4575 if (pThis->PtrCodeSignature.pb != NULL)
4576 return VINF_SUCCESS;
4577
4578 if ( pThis->cbCodeSignature > sizeof(RTCRAPLCSHDR)
4579 && pThis->cbCodeSignature <= _1M)
4580 {
4581 /* Allocate and read. */
4582 void *pv = RTMemAllocZ(RT_ALIGN_Z(pThis->cbCodeSignature, 16));
4583 AssertReturn(pv, VERR_NO_MEMORY);
4584 int rc = pThis->Core.pReader->pfnRead(pThis->Core.pReader, pv, pThis->cbCodeSignature,
4585 pThis->offImage + pThis->offCodeSignature);
4586 if (RT_SUCCESS(rc))
4587 {
4588 /* Check blob signature. */
4589 PCRTCRAPLCSSUPERBLOB pSuper = (PCRTCRAPLCSSUPERBLOB)pv;
4590 if (pSuper->Hdr.uMagic == RTCRAPLCS_MAGIC_EMBEDDED_SIGNATURE)
4591 {
4592 uint32_t cbHdr = RT_BE2H_U32(pSuper->Hdr.cb);
4593 uint32_t cSlots = RT_BE2H_U32(pSuper->cSlots);
4594 if ( cbHdr <= pThis->cbCodeSignature
4595 && cbHdr > RT_UOFFSETOF(RTCRAPLCSSUPERBLOB, aSlots)
4596 && cSlots > 0
4597 && cSlots < 128
4598 && RT_UOFFSETOF_DYN(RTCRAPLCSSUPERBLOB, aSlots[cSlots]) <= cbHdr)
4599 {
4600 pThis->PtrCodeSignature.pSuper = pSuper;
4601 return VINF_SUCCESS;
4602 }
4603 rc = VERR_LDRVI_BAD_CERT_HDR_LENGTH;
4604 }
4605 else
4606 rc = VERR_LDRVI_BAD_CERT_HDR_TYPE;
4607 }
4608 RTMemFree(pv);
4609 return rc;
4610 }
4611 return VERR_LDRVI_INVALID_SECURITY_DIR_ENTRY;
4612}
4613
4614
4615/**
4616 * Handles a RTLDRPROP_PKCS7_SIGNED_DATA query.
4617 */
4618static int rtldrMachO_QueryPkcs7SignedData(PRTLDRMODMACHO pThis, void *pvBuf, size_t cbBuf, size_t *pcbRet)
4619{
4620 int rc = rtldrMachO_LoadSignatureBlob(pThis);
4621 if (RT_SUCCESS(rc))
4622 {
4623 /*
4624 * Locate the signature slot.
4625 */
4626 uint32_t iSlot = RT_BE2H_U32(pThis->PtrCodeSignature.pSuper->cSlots);
4627 PCRTCRAPLCSBLOBSLOT pSlot = &pThis->PtrCodeSignature.pSuper->aSlots[iSlot];
4628 while (iSlot-- > 0)
4629 {
4630 pSlot--;
4631 if (pSlot->uType == RTCRAPLCS_SLOT_SIGNATURE)
4632 {
4633 /*
4634 * Validate the data offset.
4635 */
4636 uint32_t offData = RT_BE2H_U32(pSlot->offData);
4637 if ( offData < pThis->cbCodeSignature - sizeof(RTCRAPLCSHDR)
4638 || !(offData & 3) )
4639 {
4640 /*
4641 * The data is prefixed by a header with magic set to blob wrapper.
4642 * Check that the size is within the bounds of the code signing blob.
4643 */
4644 PCRTCRAPLCSHDR pHdr = (PCRTCRAPLCSHDR)&pThis->PtrCodeSignature.pb[offData];
4645 if (pHdr->uMagic == RTCRAPLCS_MAGIC_BLOBWRAPPER)
4646 {
4647 uint32_t cbData = RT_BE2H_U32(pHdr->cb);
4648 uint32_t cbMax = pThis->cbCodeSignature - offData ;
4649 if ( cbData <= cbMax
4650 && cbData > sizeof(RTCRAPLCSHDR))
4651 {
4652 /*
4653 * Copy out the requested data.
4654 */
4655 *pcbRet = cbData;
4656 if (cbData <= cbBuf)
4657 {
4658 memcpy(pvBuf, pHdr + 1, cbData);
4659 return VINF_SUCCESS;
4660 }
4661 memcpy(pvBuf, pHdr + 1, cbBuf);
4662 return VERR_BUFFER_OVERFLOW;
4663 }
4664 }
4665 }
4666 return VERR_LDRVI_BAD_CERT_FORMAT;
4667 }
4668 }
4669 rc = VERR_NOT_FOUND;
4670 }
4671 return rc;
4672}
4673
4674
4675/** @interface_method_impl{RTLDROPS,pfnQueryProp} */
4676static DECLCALLBACK(int) rtldrMachO_QueryProp(PRTLDRMODINTERNAL pMod, RTLDRPROP enmProp, void const *pvBits,
4677 void *pvBuf, size_t cbBuf, size_t *pcbRet)
4678{
4679 PRTLDRMODMACHO pThis = RT_FROM_MEMBER(pMod, RTLDRMODMACHO, Core);
4680 int rc = VERR_NOT_FOUND;
4681 switch (enmProp)
4682 {
4683 case RTLDRPROP_UUID:
4684 Assert(cbBuf >= sizeof(pThis->abImageUuid));
4685 if (!ASMMemIsZero(pThis->abImageUuid, sizeof(pThis->abImageUuid)))
4686 {
4687 *pcbRet = sizeof(pThis->abImageUuid);
4688 memcpy(pvBuf, pThis->abImageUuid, sizeof(pThis->abImageUuid));
4689 return VINF_SUCCESS;
4690 }
4691 break;
4692
4693 case RTLDRPROP_FILE_OFF_HEADER:
4694 Assert(cbBuf == sizeof(uint32_t) || cbBuf == sizeof(uint64_t));
4695 if (cbBuf == sizeof(uint32_t))
4696 *(uint32_t *)pvBuf = pThis->offImage;
4697 else
4698 *(uint64_t *)pvBuf = pThis->offImage;
4699 return VINF_SUCCESS;
4700
4701 case RTLDRPROP_IS_SIGNED:
4702 Assert(cbBuf == sizeof(bool));
4703 Assert(*pcbRet == cbBuf);
4704 *(bool *)pvBuf = pThis->cbCodeSignature > 0;
4705 return VINF_SUCCESS;
4706
4707 case RTLDRPROP_PKCS7_SIGNED_DATA:
4708 if (pThis->cbCodeSignature > 0)
4709 return rtldrMachO_QueryPkcs7SignedData(pThis, pvBuf, cbBuf, pcbRet);
4710 break;
4711
4712
4713#if 0 /** @todo return LC_ID_DYLIB */
4714 case RTLDRPROP_INTERNAL_NAME:
4715#endif
4716
4717 default:
4718 break;
4719 }
4720 NOREF(cbBuf);
4721 RT_NOREF_PV(pvBits);
4722 return rc;
4723}
4724
4725
4726#ifndef IPRT_WITHOUT_LDR_VERIFY
4727
4728/**
4729 * Decodes the signature blob at RTLDRMODMACHO::PtrCodeSignature.
4730 *
4731 * @returns IPRT status code.
4732 * @param pThis The Mach-O module instance.
4733 * @param ppSignature Where to return the decoded signature data.
4734 * @param pErrInfo Where to supply extra error details. Optional.
4735 */
4736static int rtldrMachO_VerifySignatureDecode(PRTLDRMODMACHO pThis, PRTLDRMACHOSIGNATURE *ppSignature, PRTERRINFO pErrInfo)
4737{
4738 Assert(pThis->PtrCodeSignature.pSuper != NULL);
4739
4740 /*
4741 * Allocate and init decoded signature data structure.
4742 */
4743 PRTLDRMACHOSIGNATURE pSignature = (PRTLDRMACHOSIGNATURE)RTMemTmpAllocZ(sizeof(*pSignature));
4744 *ppSignature = pSignature;
4745 if (!pSignature)
4746 return VERR_NO_TMP_MEMORY;
4747 pSignature->idxPkcs7 = UINT32_MAX;
4748
4749 /*
4750 * Parse the slots, validating the slot headers.
4751 */
4752 PCRTCRAPLCSSUPERBLOB pSuper = pThis->PtrCodeSignature.pSuper;
4753 uint32_t const cSlots = RT_BE2H_U32(pSuper->cSlots);
4754 uint32_t const offFirst = RT_UOFFSETOF_DYN(RTCRAPLCSSUPERBLOB, aSlots[cSlots]);
4755 uint32_t const cbBlob = RT_BE2H_U32(pSuper->Hdr.cb);
4756 for (uint32_t iSlot = 0; iSlot < cSlots; iSlot++)
4757 {
4758 /*
4759 * Check that the data offset is valid. There appears to be no alignment
4760 * requirements here, which is a little weird consindering the PPC heritage.
4761 */
4762 uint32_t const offData = RT_BE2H_U32(pSuper->aSlots[iSlot].offData);
4763 if ( offData < offFirst
4764 || offData > cbBlob - sizeof(RTCRAPLCSHDR))
4765 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
4766 "Slot #%u has an invalid data offset: %#x (min %#x, max %#x-4)",
4767 iSlot, offData, offFirst, cbBlob);
4768 uint32_t const cbMaxData = cbBlob - offData;
4769
4770 /*
4771 * PKCS#7/CMS signature.
4772 */
4773 if (pSuper->aSlots[iSlot].uType == RTCRAPLCS_SLOT_SIGNATURE)
4774 {
4775 if (pSignature->idxPkcs7 != UINT32_MAX)
4776 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
4777 "Slot #%u: Already have PKCS#7 data in slot %#u", iSlot, pSignature->idxPkcs7);
4778 PCRTCRAPLCSHDR pHdr = (PCRTCRAPLCSHDR)&pThis->PtrCodeSignature.pb[offData];
4779 if (pHdr->uMagic != RTCRAPLCS_MAGIC_BLOBWRAPPER)
4780 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
4781 "Slot #%u: Invalid PKCS#7 wrapper magic: %#x", iSlot, RT_BE2H_U32(pHdr->uMagic));
4782 uint32_t const cb = RT_BE2H_U32(pHdr->cb);
4783 if (cb > cbMaxData || cb < sizeof(*pHdr) + 2U)
4784 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
4785 "Slot #%u: Invalid PKCS#7 size is out of bound: %#x (min %#x, max %#x)",
4786 iSlot, cb, sizeof(*pHdr) + 2, cbMaxData);
4787 pSignature->idxPkcs7 = iSlot;
4788 pSignature->pbPkcs7 = (uint8_t const *)(pHdr + 1);
4789 pSignature->cbPkcs7 = cb - sizeof(*pHdr);
4790 }
4791 /*
4792 * Code directories.
4793 */
4794 else if ( pSuper->aSlots[iSlot].uType == RTCRAPLCS_SLOT_CODEDIRECTORY
4795 || ( RT_BE2H_U32(pSuper->aSlots[iSlot].uType) - RT_BE2H_U32_C(RTCRAPLCS_SLOT_ALTERNATE_CODEDIRECTORIES)
4796 < RTCRAPLCS_SLOT_ALTERNATE_CODEDIRECTORIES_COUNT))
4797 {
4798 /* Make sure we don't get too many code directories and that the first one is a regular one. */
4799 if (pSignature->cCodeDirs >= RT_ELEMENTS(pSignature->aCodeDirs))
4800 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
4801 "Slot #%u: Too many code directory slots (%u found thus far)",
4802 iSlot, pSignature->cCodeDirs + 1);
4803 if ( pSuper->aSlots[iSlot].uType == RTCRAPLCS_SLOT_CODEDIRECTORY
4804 && pSignature->cCodeDirs > 0)
4805 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
4806 "Slot #%u: Already have primary code directory in slot #%u",
4807 iSlot, pSignature->aCodeDirs[0].uSlot);
4808 if ( pSuper->aSlots[iSlot].uType != RTCRAPLCS_SLOT_CODEDIRECTORY /* lazy bird */
4809 && pSignature->cCodeDirs == 0)
4810 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
4811 "Slot #%u: Expected alternative code directory after the primary one", iSlot);
4812
4813 /* Check data header: */
4814 if (cbMaxData < RT_UOFFSETOF(RTCRAPLCSCODEDIRECTORY, uUnused1))
4815 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
4816 "Slot #%u: Insufficient data vailable for code directory (max %#x)", iSlot, cbMaxData);
4817
4818 PCRTCRAPLCSCODEDIRECTORY pCodeDir = (PCRTCRAPLCSCODEDIRECTORY)&pThis->PtrCodeSignature.pb[offData];
4819 if (pCodeDir->Hdr.uMagic != RTCRAPLCS_MAGIC_CODEDIRECTORY)
4820 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
4821 "Slot #%u: Invalid code directory magic: %#x", iSlot, RT_BE2H_U32(pCodeDir->Hdr.uMagic));
4822 uint32_t const cbCodeDir = RT_BE2H_U32(pCodeDir->Hdr.cb);
4823 if (cbCodeDir > cbMaxData || cbCodeDir < RT_UOFFSETOF(RTCRAPLCSCODEDIRECTORY, offScatter))
4824 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
4825 "Slot #%u: Code directory size is out of bound: %#x (min %#x, max %#x)",
4826 iSlot, cbCodeDir, RT_UOFFSETOF(RTCRAPLCSCODEDIRECTORY, offScatter), cbMaxData);
4827 pSignature->aCodeDirs[pSignature->cCodeDirs].pCodeDir = pCodeDir;
4828 pSignature->aCodeDirs[pSignature->cCodeDirs].cb = cbCodeDir;
4829
4830 /* Check Version: */
4831 uint32_t const uVersion = RT_BE2H_U32(pCodeDir->uVersion);
4832 if ( uVersion < RTCRAPLCS_VER_2_0
4833 || uVersion >= RT_MAKE_U32(0, 3))
4834 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
4835 "Slot #%u: Code directory version is out of bounds: %#07x", iSlot, uVersion);
4836 uint32_t cbSelf = uVersion >= RTCRAPLCS_VER_SUPPORTS_EXEC_SEG ? RT_UOFFSET_AFTER(RTCRAPLCSCODEDIRECTORY, fExecSeg)
4837 : uVersion >= RTCRAPLCS_VER_SUPPORTS_CODE_LIMIT_64 ? RT_UOFFSET_AFTER(RTCRAPLCSCODEDIRECTORY, cbCodeLimit64)
4838 : uVersion >= RTCRAPLCS_VER_SUPPORTS_TEAMID ? RT_UOFFSET_AFTER(RTCRAPLCSCODEDIRECTORY, offTeamId)
4839 : uVersion >= RTCRAPLCS_VER_SUPPORTS_SCATTER ? RT_UOFFSET_AFTER(RTCRAPLCSCODEDIRECTORY, offScatter)
4840 : RT_UOFFSET_AFTER(RTCRAPLCSCODEDIRECTORY, uUnused1);
4841 if (cbSelf > cbCodeDir)
4842 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
4843 "Slot #%u: Code directory size is out of bound: %#x (min %#x, max %#x)",
4844 iSlot, cbCodeDir, cbSelf, cbCodeDir);
4845
4846 /* hash type and size. */
4847 uint8_t cbHash;
4848 RTDIGESTTYPE enmDigest;
4849 switch (pCodeDir->bHashType)
4850 {
4851 case RTCRAPLCS_HASHTYPE_SHA1:
4852 enmDigest = RTDIGESTTYPE_SHA1;
4853 cbHash = RTSHA1_HASH_SIZE;
4854 break;
4855 case RTCRAPLCS_HASHTYPE_SHA256:
4856 enmDigest = RTDIGESTTYPE_SHA256;
4857 cbHash = RTSHA256_HASH_SIZE;
4858 break;
4859 case RTCRAPLCS_HASHTYPE_SHA256_TRUNCATED:
4860 enmDigest = RTDIGESTTYPE_SHA256;
4861 cbHash = RTSHA1_HASH_SIZE; /* truncated to SHA-1 size. */
4862 break;
4863 case RTCRAPLCS_HASHTYPE_SHA384:
4864 enmDigest = RTDIGESTTYPE_SHA384;
4865 cbHash = RTSHA384_HASH_SIZE;
4866 break;
4867 default:
4868 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT, "Slot #%u: Unknown hash type %#x (LB %#x)",
4869 iSlot, pCodeDir->bHashType, pCodeDir->cbHash);
4870 }
4871 pSignature->aCodeDirs[pSignature->cCodeDirs].enmDigest = enmDigest;
4872 if (pCodeDir->cbHash != cbHash)
4873 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
4874 "Slot #%u: Unexpected hash size for %s: %#x, expected %#x",
4875 iSlot, RTCrDigestTypeToName(enmDigest), pCodeDir->cbHash, cbHash);
4876
4877 /* Hash slot offset and counts. Special slots are counted backwards from offHashSlots. */
4878 uint32_t const cSpecialSlots = RT_BE2H_U32(pCodeDir->cSpecialSlots);
4879 if (cSpecialSlots > 256)
4880 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
4881 "Slot #%u: Too many special slots: %#x", iSlot, cSpecialSlots);
4882 uint32_t const cCodeSlots = RT_BE2H_U32(pCodeDir->cCodeSlots);
4883 if ( cCodeSlots >= UINT32_MAX / 2
4884 || cCodeSlots + cSpecialSlots > (cbCodeDir - cbHash) / cbHash)
4885 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT, "Slot #%u: Too many code slots: %#x + %#x (max %#x)",
4886 iSlot, cCodeSlots, cSpecialSlots, (cbCodeDir - cbHash) / cbHash);
4887 uint32_t const offHashSlots = RT_BE2H_U32(pCodeDir->offHashSlots);
4888 if ( offHashSlots > cbCodeDir - cCodeSlots * cbHash
4889 || offHashSlots < cbSelf + cSpecialSlots * cbHash)
4890 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
4891 "Slot #%u: Code directory hash offset is out of bounds: %#x (min: %#x, max: %#x)",
4892 iSlot, offHashSlots, cbSelf + cSpecialSlots * cbHash, cbCodeDir - cCodeSlots * cbHash);
4893
4894 /* page shift */
4895 if (pCodeDir->cPageShift == 0)
4896 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
4897 "Slot #%u: Unsupported page shift of zero in code directory", iSlot);
4898 uint32_t cMaxPageShift;
4899 if ( pThis->Core.enmArch == RTLDRARCH_AMD64
4900 || pThis->Core.enmArch == RTLDRARCH_X86_32
4901 || pThis->Core.enmArch == RTLDRARCH_ARM32)
4902 cMaxPageShift = 12;
4903 else if (pThis->Core.enmArch == RTLDRARCH_ARM64)
4904 cMaxPageShift = 16; /* 16KB */
4905 else
4906 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT, "Unsupported architecture: %d", pThis->Core.enmArch);
4907 if ( pCodeDir->cPageShift < 12 /* */
4908 || pCodeDir->cPageShift > cMaxPageShift)
4909 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
4910 "Slot #%u: Page shift in code directory is out of range: %d (min: 12, max: %d)",
4911 iSlot, pCodeDir->cPageShift, cMaxPageShift);
4912
4913 /* code limit vs page shift and code hash slots */
4914 uint32_t const cbCodeLimit32 = RT_BE2H_U32(pCodeDir->cbCodeLimit32);
4915 uint32_t const cExpectedCodeHashes = pCodeDir->cPageShift == 0 ? 1
4916 : (cbCodeLimit32 + RT_BIT_32(pCodeDir->cPageShift) - 1) >> pCodeDir->cPageShift;
4917 if (cExpectedCodeHashes != cCodeSlots)
4918 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
4919 "Slot #%u: Code limit and page shift value does not match code hash slots: cbCodeLimit32=%#x cPageShift=%u -> %#x; cCodeSlots=%#x",
4920 iSlot, cbCodeLimit32, pCodeDir->cPageShift, cExpectedCodeHashes, cCodeSlots);
4921
4922 /* Identifier offset: */
4923 if (pCodeDir->offIdentifier)
4924 {
4925 uint32_t const offIdentifier = RT_BE2H_U32(pCodeDir->offIdentifier);
4926 if ( offIdentifier < cbSelf
4927 || offIdentifier >= cbCodeDir)
4928 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
4929 "Slot #%u: Identifier offset is out of bounds: %#x (min: %#x, max: %#x)",
4930 iSlot, offIdentifier, cbSelf, cbCodeDir - 1);
4931 int rc = RTStrValidateEncodingEx((char const *)pCodeDir + offIdentifier, cbCodeDir - offIdentifier,
4932 RTSTR_VALIDATE_ENCODING_ZERO_TERMINATED);
4933 if (RT_FAILURE(rc))
4934 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
4935 "Slot #%u: Malformed identifier string: %Rrc", iSlot, rc);
4936 }
4937
4938 /* Team identifier: */
4939 if (cbSelf >= RT_UOFFSET_AFTER(RTCRAPLCSCODEDIRECTORY, offTeamId) && pCodeDir->offTeamId)
4940 {
4941 uint32_t const offTeamId = RT_BE2H_U32(pCodeDir->offTeamId);
4942 if ( offTeamId < cbSelf
4943 || offTeamId >= cbCodeDir)
4944 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
4945 "Slot #%u: Team identifier offset is out of bounds: %#x (min: %#x, max: %#x)",
4946 iSlot, offTeamId, cbSelf, cbCodeDir - 1);
4947 int rc = RTStrValidateEncodingEx((char const *)pCodeDir + offTeamId, cbCodeDir - offTeamId,
4948 RTSTR_VALIDATE_ENCODING_ZERO_TERMINATED);
4949 if (RT_FAILURE(rc))
4950 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
4951 "Slot #%u: Malformed team identifier string: %Rrc", iSlot, rc);
4952 }
4953
4954 /* We don't support scatter. */
4955 if (cbSelf >= RT_UOFFSET_AFTER(RTCRAPLCSCODEDIRECTORY, offScatter) && pCodeDir->offScatter)
4956 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
4957 "Slot #%u: Scatter not supported.", iSlot);
4958
4959 /* We don't really support the 64-bit code limit either: */
4960 if ( cbSelf >= RT_UOFFSET_AFTER(RTCRAPLCSCODEDIRECTORY, cbCodeLimit64)
4961 && pCodeDir->cbCodeLimit64
4962 && RT_BE2H_U64(pCodeDir->cbCodeLimit64) != cbCodeLimit32)
4963 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
4964 "Slot #%u: 64-bit code limit does not match 32-bit: %#RX64 vs %#RX32",
4965 iSlot, RT_BE2H_U64(pCodeDir->cbCodeLimit64), cbCodeLimit32);
4966
4967 /* Check executable segment info if present: */
4968 if ( cbSelf >= RT_UOFFSET_AFTER(RTCRAPLCSCODEDIRECTORY, fExecSeg)
4969 && ( pThis->offSeg0ForCodeSign != RT_BE2H_U64(pCodeDir->offExecSeg)
4970 || pThis->cbSeg0ForCodeSign != RT_BE2H_U64(pCodeDir->cbExecSeg)
4971 || pThis->fSeg0ForCodeSign != RT_BE2H_U64(pCodeDir->fExecSeg)) )
4972 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
4973 "Slot #%u: Segment #0 info mismatch: @%#RX64 LB %#RX64 flags=%#RX64; expected @%#RX64 LB %#RX64 flags=%#RX64",
4974 iSlot, RT_BE2H_U64(pCodeDir->offExecSeg), RT_BE2H_U64(pCodeDir->cbExecSeg),
4975 RT_BE2H_U64(pCodeDir->fExecSeg), pThis->offSeg0ForCodeSign, pThis->cbSeg0ForCodeSign,
4976 pThis->fSeg0ForCodeSign);
4977
4978 /* Check fields that must be zero (don't want anyone to use them to counter changes): */
4979 if (pCodeDir->uUnused1 != 0)
4980 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
4981 "Slot #%u: Unused field #1 is non-zero: %#x", iSlot, RT_BE2H_U32(pCodeDir->uUnused1));
4982 if ( cbSelf >= RT_UOFFSET_AFTER(RTCRAPLCSCODEDIRECTORY, uUnused2)
4983 && pCodeDir->uUnused2 != 0)
4984 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
4985 "Slot #%u: Unused field #2 is non-zero: %#x", iSlot, RT_BE2H_U32(pCodeDir->uUnused2));
4986
4987 /** @todo idPlatform values. */
4988 /** @todo Check for gaps if we know the version number? Alignment? */
4989
4990 /* If first code directory, check that the code limit covers the whole image up to the signature data. */
4991 if (pSignature->cCodeDirs == 0)
4992 {
4993 /** @todo verify the that the signature data is at the very end... */
4994 if (cbCodeLimit32 != pThis->offCodeSignature)
4995 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
4996 "Slot #%u: Unexpected code limit: %#x, expected %#x",
4997 iSlot, cbCodeLimit32, pThis->offCodeSignature);
4998 }
4999 /* Otherwise, check that the code limit matches the previous directories. */
5000 else
5001 for (uint32_t i = 0; i < pSignature->cCodeDirs; i++)
5002 if (pSignature->aCodeDirs[i].pCodeDir->cbCodeLimit32 != pCodeDir->cbCodeLimit32)
5003 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
5004 "Slot #%u: Code limit differs from previous directory: %#x, expected %#x",
5005 iSlot, cbCodeLimit32, RT_BE2H_U32(pSignature->aCodeDirs[i].pCodeDir->cbCodeLimit32));
5006
5007 /* Commit the code dir entry: */
5008 pSignature->aCodeDirs[pSignature->cCodeDirs++].uSlot = iSlot;
5009 }
5010 }
5011
5012 /*
5013 * Check that we've got at least one code directory and one PKCS#7 signature.
5014 */
5015 if (pSignature->cCodeDirs == 0)
5016 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT, "No code directory slot in the code signature");
5017 if (pSignature->idxPkcs7 == UINT32_MAX)
5018 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT, "No PKCS#7 slot in the code signature");
5019
5020 /*
5021 * Decode the PKCS#7 signature.
5022 */
5023 RTASN1CURSORPRIMARY PrimaryCursor;
5024 RTAsn1CursorInitPrimary(&PrimaryCursor, pSignature->pbPkcs7, pSignature->cbPkcs7,
5025 pErrInfo, &g_RTAsn1DefaultAllocator, 0, "Mach-O-BLOB");
5026 int rc = RTCrPkcs7ContentInfo_DecodeAsn1(&PrimaryCursor.Cursor, 0, &pSignature->ContentInfo, "CI");
5027 if (RT_SUCCESS(rc))
5028 {
5029 if (RTCrPkcs7ContentInfo_IsSignedData(&pSignature->ContentInfo))
5030 {
5031 pSignature->pSignedData = pSignature->ContentInfo.u.pSignedData;
5032
5033 /*
5034 * Check that the signedData stuff adds up.
5035 */
5036 if (!strcmp(pSignature->pSignedData->ContentInfo.ContentType.szObjId, RTCR_PKCS7_DATA_OID))
5037 {
5038 rc = RTCrPkcs7SignedData_CheckSanity(pSignature->pSignedData,
5039 RTCRPKCS7SIGNEDDATA_SANITY_F_AUTHENTICODE /** @todo consider not piggy-backing on auth-code */
5040 | RTCRPKCS7SIGNEDDATA_SANITY_F_ONLY_KNOWN_HASH
5041 | RTCRPKCS7SIGNEDDATA_SANITY_F_SIGNING_CERT_PRESENT,
5042 pErrInfo, "SD");
5043 if (RT_SUCCESS(rc))
5044 return VINF_SUCCESS;
5045 }
5046 else
5047 rc = RTErrInfoSetF(pErrInfo, VERR_LDRVI_EXPECTED_INDIRECT_DATA_CONTENT_OID,
5048 "Unexpected pSignedData.ContentInfo.ContentType.szObjId value: %s (expected %s)",
5049 pSignature->pSignedData->ContentInfo.ContentType.szObjId, RTCR_PKCS7_DATA_OID);
5050 }
5051 else
5052 rc = RTErrInfoSetF(pErrInfo, VERR_LDRVI_EXPECTED_INDIRECT_DATA_CONTENT_OID, /** @todo error code*/
5053 "PKCS#7 is not 'signedData': %s", pSignature->ContentInfo.ContentType.szObjId);
5054 }
5055 return rc;
5056}
5057
5058/**
5059 * Destroys the decoded signature data structure.
5060 *
5061 * @param pSignature The decoded signature data. Can be NULL.
5062 */
5063static void rtldrMachO_VerifySignatureDestroy(PRTLDRMACHOSIGNATURE pSignature)
5064{
5065 if (pSignature)
5066 {
5067 RTCrPkcs7ContentInfo_Delete(&pSignature->ContentInfo);
5068 RTMemTmpFree(pSignature);
5069 }
5070}
5071
5072
5073/**
5074 * Worker for rtldrMachO_VerifySignatureValidatePkcs7Hashes that handles plists
5075 * with code directory hashes inside them.
5076 *
5077 * It is assumed that these plist files was invented to handle alternative code
5078 * directories.
5079 *
5080 * @note Putting an XML plist into the authenticated attribute list was
5081 * probably not such a great idea, given all the optional and
5082 * adjustable white-space padding. We should probably validate
5083 * everything very strictly, limiting the elements, require certain
5084 * attribute lists and even have strict expectations about the
5085 * white-space, but right now let just make sure it's xml and get the
5086 * data in the cdhashes array.
5087 *
5088 * @todo The code here is a little braindead and bulky. It should be
5089 * possible to describe the expected XML structure using a tables.
5090 */
5091static int rtldrMachO_VerifySignatureValidateCdHashesPlist(PRTLDRMACHOSIGNATURE pSignature, char *pszPlist,
5092 uint8_t *pbHash, uint32_t cbHash, PRTERRINFO pErrInfo)
5093{
5094 const char * const pszStart = pszPlist;
5095#define CHECK_ISTR_AND_SKIP_OR_RETURN(a_szLead) \
5096 do { \
5097 if (!RTStrNICmp(pszPlist, RT_STR_TUPLE(a_szLead))) \
5098 pszPlist += sizeof(a_szLead) - 1; \
5099 else return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT, \
5100 "Expected '%s' found '%.16s...' at %#zu in plist", a_szLead, pszPlist, pszPlist - pszStart); \
5101 } while (0)
5102#define CHECK_STR_AND_SKIP_OR_RETURN(a_szLead) \
5103 do { \
5104 if (!RTStrNCmp(pszPlist, RT_STR_TUPLE(a_szLead))) \
5105 pszPlist += sizeof(a_szLead) - 1; \
5106 else return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT, \
5107 "Expected '%s' found '%.16s...' at %#zu in plist", a_szLead, pszPlist, pszPlist - pszStart); \
5108 } while (0)
5109#define SKIP_SPACE_BETWEEN_ELEMENTS_OR_RETURN() \
5110 do { /* currently only permitting spaces, tabs and newline, following char must be '<'. */ \
5111 char chMacro; \
5112 while ((chMacro = *pszPlist) == ' ' || chMacro == '\n' || chMacro == '\t') \
5113 pszPlist++; \
5114 if (chMacro == '<') { /* likely */ } \
5115 else return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT, \
5116 "Expected '<' found '%.16s...' at %#zu in plist", pszPlist, pszPlist - pszStart); \
5117 } while (0)
5118#define SKIP_SPACE_BEFORE_VALUE() \
5119 do { /* currently only permitting spaces, tabs and newline. */ \
5120 char chMacro; \
5121 while ((chMacro = *pszPlist) == ' ' || chMacro == '\n' || chMacro == '\t') \
5122 pszPlist++; \
5123 } while (0)
5124#define SKIP_REQUIRED_SPACE_BETWEEN_ATTRIBUTES_OR_RETURN() \
5125 do { /* currently only permitting a single space */ \
5126 if (pszPlist[0] == ' ' && pszPlist[1] != ' ') \
5127 pszPlist++; \
5128 else return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT, \
5129 "Expected ' ' found '%.16s...' at %#zu in plist", pszPlist, pszPlist - pszStart); \
5130 } while (0)
5131
5132 /* Example:
5133<?xml version="1.0" encoding="UTF-8"?>
5134<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
5135<plist version="1.0">
5136<dict>
5137 <key>cdhashes</key>
5138 <array>
5139 <data>
5140 hul2SSkDQFRXbGlt3AmCp25MU0Y=
5141 </data>
5142 <data>
5143 N0kvxg0CJBNuZTq135PntAaRczw=
5144 </data>
5145 </array>
5146</dict>
5147</plist>
5148 */
5149
5150 /* <?xml version="1.0" encoding="UTF-8"?> */
5151 CHECK_STR_AND_SKIP_OR_RETURN("<?xml");
5152 SKIP_REQUIRED_SPACE_BETWEEN_ATTRIBUTES_OR_RETURN();
5153 CHECK_STR_AND_SKIP_OR_RETURN("version=\"1.0\"");
5154 SKIP_REQUIRED_SPACE_BETWEEN_ATTRIBUTES_OR_RETURN();
5155 CHECK_STR_AND_SKIP_OR_RETURN("encoding=\"UTF-8\"");
5156 CHECK_STR_AND_SKIP_OR_RETURN("?>");
5157 SKIP_SPACE_BETWEEN_ELEMENTS_OR_RETURN();
5158
5159 /* <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> */
5160 CHECK_STR_AND_SKIP_OR_RETURN("<!DOCTYPE");
5161 SKIP_REQUIRED_SPACE_BETWEEN_ATTRIBUTES_OR_RETURN();
5162 CHECK_STR_AND_SKIP_OR_RETURN("plist");
5163 SKIP_REQUIRED_SPACE_BETWEEN_ATTRIBUTES_OR_RETURN();
5164 CHECK_STR_AND_SKIP_OR_RETURN("PUBLIC");
5165 SKIP_REQUIRED_SPACE_BETWEEN_ATTRIBUTES_OR_RETURN();
5166 CHECK_STR_AND_SKIP_OR_RETURN("\"-//Apple//DTD PLIST 1.0//EN\"");
5167 SKIP_REQUIRED_SPACE_BETWEEN_ATTRIBUTES_OR_RETURN();
5168 CHECK_STR_AND_SKIP_OR_RETURN("\"http://www.apple.com/DTDs/PropertyList-1.0.dtd\"");
5169 CHECK_STR_AND_SKIP_OR_RETURN(">");
5170 SKIP_SPACE_BETWEEN_ELEMENTS_OR_RETURN();
5171
5172 /* <plist version="1.0"> */
5173 CHECK_STR_AND_SKIP_OR_RETURN("<plist");
5174 SKIP_REQUIRED_SPACE_BETWEEN_ATTRIBUTES_OR_RETURN();
5175 CHECK_STR_AND_SKIP_OR_RETURN("version=\"1.0\"");
5176 CHECK_STR_AND_SKIP_OR_RETURN(">");
5177 SKIP_SPACE_BETWEEN_ELEMENTS_OR_RETURN();
5178
5179 /* <dict> */
5180 CHECK_STR_AND_SKIP_OR_RETURN("<dict>");
5181 SKIP_SPACE_BETWEEN_ELEMENTS_OR_RETURN();
5182
5183 /* <key>cdhashes</key> */
5184 CHECK_STR_AND_SKIP_OR_RETURN("<key>cdhashes</key>");
5185 SKIP_SPACE_BETWEEN_ELEMENTS_OR_RETURN();
5186
5187 /* <array> */
5188 CHECK_STR_AND_SKIP_OR_RETURN("<array>");
5189 SKIP_SPACE_BETWEEN_ELEMENTS_OR_RETURN();
5190
5191 /*
5192 * Repeated: <data>hul2SSkDQFRXbGlt3AmCp25MU0Y=</data>
5193 */
5194 uint32_t iCodeDir = 0;
5195 for (;;)
5196 {
5197 /* Decode the binary data (base64) and skip it. */
5198 CHECK_STR_AND_SKIP_OR_RETURN("<data>");
5199 SKIP_SPACE_BEFORE_VALUE();
5200
5201 char ch;
5202 size_t cchBase64 = 0;
5203 while (RT_C_IS_ALNUM(ch = pszPlist[cchBase64]) || ch == '+' || ch == '/' || ch == '=')
5204 cchBase64++;
5205 size_t cbActualHash = cbHash;
5206 char *pszEnd = NULL;
5207 int rc = RTBase64DecodeEx(pszPlist, cchBase64, pbHash, cbHash, &cbActualHash, &pszEnd);
5208 if (RT_FAILURE(rc))
5209 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
5210 "Failed to decode hash #%u in authenticated plist attribute: %Rrc (%.*s)",
5211 iCodeDir, rc, cchBase64, pszPlist);
5212 pszPlist += cchBase64;
5213 AssertReturn(pszPlist == pszEnd, VERR_INTERNAL_ERROR_2);
5214 SKIP_SPACE_BETWEEN_ELEMENTS_OR_RETURN();
5215
5216 /* The binary hash data must be exactly the size of SHA1, larger
5217 hash like SHA-256 and SHA-384 are truncated for some reason. */
5218 if (cbActualHash != RTSHA1_HASH_SIZE)
5219 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
5220 "Hash #%u in authenticated plist attribute has the wrong length: %u, exepcted %u",
5221 iCodeDir, cbActualHash, RTSHA1_HASH_SIZE);
5222
5223 /* Skip closing tag. */
5224 CHECK_STR_AND_SKIP_OR_RETURN("</data>");
5225 SKIP_SPACE_BETWEEN_ELEMENTS_OR_RETURN();
5226
5227
5228 /* Calculate the hash and compare. */
5229 RTCRDIGEST hDigest;
5230 rc = RTCrDigestCreateByType(&hDigest, pSignature->aCodeDirs[iCodeDir].enmDigest);
5231 if (RT_SUCCESS(rc))
5232 {
5233 rc = RTCrDigestUpdate(hDigest, pSignature->aCodeDirs[iCodeDir].pCodeDir, pSignature->aCodeDirs[iCodeDir].cb);
5234 if (RT_SUCCESS(rc))
5235 {
5236 if (memcmp(pbHash, RTCrDigestGetHash(hDigest), cbActualHash) == 0)
5237 rc = VINF_SUCCESS;
5238 else
5239 rc = RTErrInfoSetF(pErrInfo, VERR_LDRVI_IMAGE_HASH_MISMATCH,
5240 "Code directory #%u hash mismatch (plist):\n"
5241 "signed: %.*Rhxs\n"
5242 "our: %.*Rhxs\n",
5243 iCodeDir, cbActualHash, pbHash,
5244 RTCrDigestGetHashSize(hDigest), RTCrDigestGetHash(hDigest));
5245 }
5246 else
5247 rc = RTErrInfoSetF(pErrInfo, rc, "RTCrDigestUpdate failed: %Rrc", rc);
5248 RTCrDigestRelease(hDigest);
5249 }
5250 else
5251 rc = RTErrInfoSetF(pErrInfo, rc, "Failed to create a digest of type %u verifying code dir #%u: %Rrc",
5252 pSignature->aCodeDirs[iCodeDir].enmDigest, iCodeDir, rc);
5253 if (RT_FAILURE(rc))
5254 return rc;
5255
5256 /*
5257 * Advance.
5258 */
5259 iCodeDir++;
5260 SKIP_SPACE_BETWEEN_ELEMENTS_OR_RETURN();
5261 if (RTStrNCmp(pszPlist, RT_STR_TUPLE("<data>")) == 0)
5262 {
5263 if (iCodeDir >= pSignature->cCodeDirs)
5264 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
5265 "Authenticated plist attribute has too many code directories (%u in blob)",
5266 pSignature->cCodeDirs);
5267 }
5268 else if (iCodeDir == pSignature->cCodeDirs)
5269 break;
5270 else
5271 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
5272 "Authenticated plist attribute does not include all code directors: %u out of %u",
5273 iCodeDir, pSignature->cCodeDirs);
5274 }
5275
5276 /*</array>*/
5277 CHECK_STR_AND_SKIP_OR_RETURN("</array>");
5278 SKIP_SPACE_BETWEEN_ELEMENTS_OR_RETURN();
5279
5280 /*</dict>*/
5281 CHECK_STR_AND_SKIP_OR_RETURN("</dict>");
5282 SKIP_SPACE_BETWEEN_ELEMENTS_OR_RETURN();
5283
5284 /*</plist>*/
5285 CHECK_STR_AND_SKIP_OR_RETURN("</plist>");
5286 SKIP_SPACE_BEFORE_VALUE();
5287
5288 if (*pszPlist == '\0')
5289 return VINF_SUCCESS;
5290 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
5291 "Authenticated plist attribute has unexpected trailing content: %.32s", pszPlist);
5292}
5293
5294
5295/**
5296 * Verifies the code directory hashes embedded in the PKCS\#7 data.
5297 *
5298 * @returns IPRT status code.
5299 * @param pSignature The decoded signature data.
5300 * @param pErrInfo Where to supply extra error details. Optional.
5301 */
5302static int rtldrMachO_VerifySignatureValidatePkcs7Hashes(PRTLDRMACHOSIGNATURE pSignature, PRTERRINFO pErrInfo)
5303{
5304 /*
5305 * Look thru the authenticated attributes in the signer info array.
5306 */
5307 PRTCRPKCS7SIGNEDDATA pSignedData = pSignature->pSignedData;
5308 for (uint32_t iSignerInfo = 0; iSignerInfo < pSignedData->SignerInfos.cItems; iSignerInfo++)
5309 {
5310 PCRTCRPKCS7SIGNERINFO pSignerInfo = pSignedData->SignerInfos.papItems[iSignerInfo];
5311 bool fMsgDigest = false;
5312 bool fPlist = false;
5313 for (uint32_t iAttrib = 0; iAttrib < pSignerInfo->AuthenticatedAttributes.cItems; iAttrib++)
5314 {
5315 PCRTCRPKCS7ATTRIBUTE pAttrib = pSignerInfo->AuthenticatedAttributes.papItems[iAttrib];
5316 if (RTAsn1ObjId_CompareWithString(&pAttrib->Type, RTCR_PKCS9_ID_MESSAGE_DIGEST_OID) == 0)
5317 {
5318 /*
5319 * Validate the message digest while we're here.
5320 */
5321 AssertReturn(pAttrib->uValues.pOctetStrings && pAttrib->uValues.pOctetStrings->cItems == 1, VERR_INTERNAL_ERROR_5);
5322
5323 RTCRDIGEST hDigest;
5324 int rc = RTCrDigestCreateByObjId(&hDigest, &pSignerInfo->DigestAlgorithm.Algorithm);
5325 if (RT_SUCCESS(rc))
5326 {
5327 rc = RTCrDigestUpdate(hDigest, pSignature->aCodeDirs[0].pCodeDir, pSignature->aCodeDirs[0].cb);
5328 if (RT_SUCCESS(rc))
5329 {
5330 if (!RTCrDigestMatch(hDigest,
5331 pAttrib->uValues.pOctetStrings->papItems[0]->Asn1Core.uData.pv,
5332 pAttrib->uValues.pOctetStrings->papItems[0]->Asn1Core.cb))
5333 rc = RTErrInfoSetF(pErrInfo, VERR_CR_PKCS7_MESSAGE_DIGEST_ATTRIB_MISMATCH,
5334 "Authenticated message-digest attribute mismatch:\n"
5335 "signed: %.*Rhxs\n"
5336 "our: %.*Rhxs\n",
5337 pAttrib->uValues.pOctetStrings->papItems[0]->Asn1Core.cb,
5338 pAttrib->uValues.pOctetStrings->papItems[0]->Asn1Core.uData.pv,
5339 RTCrDigestGetHashSize(hDigest), RTCrDigestGetHash(hDigest));
5340 }
5341 else
5342 rc = RTErrInfoSetF(pErrInfo, rc, "RTCrDigestUpdate failed: %Rrc", rc);
5343 RTCrDigestRelease(hDigest);
5344 }
5345 else
5346 rc = RTErrInfoSetF(pErrInfo, rc, "Failed to create a digest for OID %s: %Rrc",
5347 pSignerInfo->DigestAlgorithm.Algorithm.szObjId, rc);
5348 if (RT_FAILURE(rc))
5349 return rc;
5350 fMsgDigest = true;
5351 }
5352 else if (pAttrib->enmType == RTCRPKCS7ATTRIBUTETYPE_APPLE_MULTI_CD_PLIST)
5353 {
5354 /*
5355 * An XML (better be) property list with code directory hashes in it.
5356 */
5357 if (!pAttrib->uValues.pOctetStrings || pAttrib->uValues.pOctetStrings->cItems != 1)
5358 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT, "Bad authenticated plist attribute");
5359
5360 uint32_t cch = pAttrib->uValues.pOctetStrings->papItems[0]->Asn1Core.cb;
5361 char const *pch = pAttrib->uValues.pOctetStrings->papItems[0]->Asn1Core.uData.pch;
5362 int rc = RTStrValidateEncodingEx(pch, cch, RTSTR_VALIDATE_ENCODING_EXACT_LENGTH);
5363 if (RT_FAILURE(rc))
5364 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
5365 "Authenticated plist attribute is not valid UTF-8: %Rrc", rc);
5366 uint32_t const cchMin = sizeof("<?xml?><plist><dict><key>cdhashes</key><array><data>hul2SSkDQFRXbGlt3AmCp25MU0Y=</data></array></dict></plist>") - 1;
5367 if (cch < cchMin)
5368 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
5369 "Authenticated plist attribute is too short: %#x, min: %#x", cch, cchMin);
5370 if (cch > _64K)
5371 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT,
5372 "Authenticated plist attribute is too long: %#x, max: 64KB", cch);
5373
5374 /* Copy the plist into a buffer and zero terminate it. Also allocate room for decoding a hash. */
5375 const uint32_t cbMaxHash = 128;
5376 char *pszTmp = (char *)RTMemTmpAlloc(cbMaxHash + cch + 3);
5377 if (!pszTmp)
5378 return VERR_NO_TMP_MEMORY;
5379 pszTmp[cbMaxHash + cch] = '\0';
5380 pszTmp[cbMaxHash + cch + 1] = '\0';
5381 pszTmp[cbMaxHash + cch + 2] = '\0';
5382 rc = rtldrMachO_VerifySignatureValidateCdHashesPlist(pSignature, (char *)memcpy(pszTmp + cbMaxHash, pch, cch),
5383 (uint8_t *)pszTmp, cbMaxHash, pErrInfo);
5384 RTMemTmpFree(pszTmp);
5385 if (RT_FAILURE(rc))
5386 return rc;
5387 fPlist = true;
5388 }
5389 }
5390 if (!fMsgDigest && pSignature->cCodeDirs > 1)
5391 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT, "Missing authenticated message-digest attribute");
5392 if (!fPlist && pSignature->cCodeDirs > 1)
5393 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT, "Missing authenticated code directory hash plist attribute");
5394 }
5395 if (pSignedData->SignerInfos.cItems < 1)
5396 return RTErrInfoSetF(pErrInfo, VERR_LDRVI_BAD_CERT_FORMAT, "PKCS#7 signed data contains no signatures");
5397
5398 return VINF_SUCCESS;
5399}
5400
5401
5402/**
5403 * Verifies the page hashes of the given code directory.
5404 *
5405 * @returns IPRT status code.
5406 * @param pThis The Mach-O module instance.
5407 * @param pEntry The data entry for the code directory to validate.
5408 * @param pbBuf Read buffer.
5409 * @param cbBuf Buffer size.
5410 * @param pErrInfo Where to supply extra error details. Optional.
5411 */
5412static int rtldrMachO_VerifySignatureValidateCodeDir(PRTLDRMODMACHO pThis, PRTLDRMACHCODEDIR pEntry,
5413 uint8_t *pbBuf, uint32_t cbBuf, PRTERRINFO pErrInfo)
5414{
5415 RTCRDIGEST hDigest;
5416 int rc = RTCrDigestCreateByType(&hDigest, pEntry->enmDigest);
5417 if (RT_SUCCESS(rc))
5418 {
5419 PCRTCRAPLCSCODEDIRECTORY pCodeDir = pEntry->pCodeDir;
5420 PRTLDRREADER const pRdr = pThis->Core.pReader;
5421 uint32_t cbCodeLimit = RT_BE2H_U32(pCodeDir->cbCodeLimit32);
5422 uint32_t const cbPage = RT_BIT_32(pCodeDir->cPageShift);
5423 uint32_t const cHashes = RT_BE2H_U32(pCodeDir->cCodeSlots);
5424 uint8_t const cbHash = pCodeDir->cbHash;
5425 uint8_t const *pbHash = (uint8_t const *)pCodeDir + RT_BE2H_U32(pCodeDir->offHashSlots);
5426 RTFOFF offFile = pThis->offImage;
5427 if ( RT_BE2H_U32(pCodeDir->uVersion) < RTCRAPLCS_VER_SUPPORTS_SCATTER
5428 || pCodeDir->offScatter == 0)
5429 {
5430 /*
5431 * Work the image in linear fashion.
5432 */
5433 for (uint32_t iHash = 0; iHash < cHashes; iHash++, pbHash += cbHash, cbCodeLimit -= cbPage)
5434 {
5435 RTFOFF const offPage = offFile;
5436
5437 /*
5438 * Read and digest the data for the current hash page.
5439 */
5440 rc = RTCrDigestReset(hDigest);
5441 AssertRCBreak(rc);
5442 Assert(cbCodeLimit > cbPage || iHash + 1 == cHashes);
5443 uint32_t cbLeft = iHash + 1 < cHashes ? cbPage : cbCodeLimit;
5444 while (cbLeft > 0)
5445 {
5446 uint32_t const cbToRead = RT_MIN(cbBuf, cbLeft);
5447 rc = pRdr->pfnRead(pRdr, pbBuf, cbToRead, offFile);
5448 AssertRCBreak(rc);
5449
5450 rc = RTCrDigestUpdate(hDigest, pbBuf, cbToRead);
5451 AssertRCBreak(rc);
5452
5453 offFile += cbToRead;
5454 cbLeft -= cbToRead;
5455 }
5456 AssertRCBreak(rc);
5457 rc = RTCrDigestFinal(hDigest, NULL, 0);
5458 AssertRCBreak(rc);
5459
5460 /*
5461 * Compare it.
5462 * Note! Don't use RTCrDigestMatch here as there is a truncated SHA-256 variant.
5463 */
5464 if (memcmp(pbHash, RTCrDigestGetHash(hDigest), cbHash) != 0)
5465 {
5466 rc = RTErrInfoSetF(pErrInfo, VERR_LDRVI_PAGE_HASH_MISMATCH,
5467 "Hash #%u (@%RX64 LB %#x) mismatch in code dir #%u: %.*Rhxs, expected %.*Rhxs",
5468 iHash, offPage, cbPage, pEntry->uSlot, (int)cbHash, pbHash,
5469 (int)cbHash, RTCrDigestGetHash(hDigest));
5470 break;
5471 }
5472
5473 }
5474 }
5475 /*
5476 * Work the image in scattered fashion.
5477 */
5478 else
5479 rc = VERR_INTERNAL_ERROR_4;
5480
5481 RTCrDigestRelease(hDigest);
5482 }
5483 return rc;
5484}
5485
5486
5487/**
5488 * Verifies the page hashes of all the code directories
5489 *
5490 * @returns IPRT status code.
5491 * @param pThis The Mach-O module instance.
5492 * @param pSignature The decoded signature data.
5493 * @param pErrInfo Where to supply extra error details. Optional.
5494 */
5495static int rtldrMachO_VerifySignatureValidateCodeDirs(PRTLDRMODMACHO pThis, PRTLDRMACHOSIGNATURE pSignature, PRTERRINFO pErrInfo)
5496{
5497 void *pvBuf = RTMemTmpAllocZ(_4K);
5498 if (pvBuf)
5499 {
5500 int rc = VERR_INTERNAL_ERROR_3;
5501 for (uint32_t i = 0; i < pSignature->cCodeDirs; i++)
5502 {
5503 rc = rtldrMachO_VerifySignatureValidateCodeDir(pThis, &pSignature->aCodeDirs[i], (uint8_t *)pvBuf, _4K, pErrInfo);
5504 if (RT_FAILURE(rc))
5505 break;
5506 }
5507 RTMemTmpFree(pvBuf);
5508 return rc;
5509 }
5510 return VERR_NO_TMP_MEMORY;
5511}
5512
5513#endif /* !IPRT_WITHOUT_LDR_VERIFY*/
5514
5515/**
5516 * @interface_method_impl{RTLDROPS,pfnVerifySignature}
5517 */
5518static DECLCALLBACK(int)
5519rtldrMachO_VerifySignature(PRTLDRMODINTERNAL pMod, PFNRTLDRVALIDATESIGNEDDATA pfnCallback, void *pvUser, PRTERRINFO pErrInfo)
5520{
5521#ifndef IPRT_WITHOUT_LDR_VERIFY
5522 PRTLDRMODMACHO pThis = RT_FROM_MEMBER(pMod, RTLDRMODMACHO, Core);
5523 int rc = rtldrMachO_LoadSignatureBlob(pThis);
5524 if (RT_SUCCESS(rc))
5525 {
5526 PRTLDRMACHOSIGNATURE pSignature = NULL;
5527 rc = rtldrMachO_VerifySignatureDecode(pThis, &pSignature, pErrInfo);
5528 if (RT_SUCCESS(rc))
5529 {
5530 rc = rtldrMachO_VerifySignatureValidatePkcs7Hashes(pSignature, pErrInfo);
5531 if (RT_SUCCESS(rc))
5532 {
5533 rc = rtldrMachO_VerifySignatureValidateCodeDirs(pThis, pSignature, pErrInfo);
5534 if (RT_SUCCESS(rc))
5535 {
5536 /*
5537 * Finally, let the caller verify the certificate chain for the PKCS#7 bit.
5538 */
5539 rc = pfnCallback(&pThis->Core, RTLDRSIGNATURETYPE_PKCS7_SIGNED_DATA,
5540 &pSignature->ContentInfo, sizeof(pSignature->ContentInfo),
5541 pSignature->aCodeDirs[0].pCodeDir, pSignature->aCodeDirs[0].cb,
5542 pErrInfo, pvUser);
5543 }
5544 }
5545 }
5546 rtldrMachO_VerifySignatureDestroy(pSignature);
5547 }
5548 return rc;
5549#else
5550 RT_NOREF_PV(pMod); RT_NOREF_PV(pfnCallback); RT_NOREF_PV(pvUser); RT_NOREF_PV(pErrInfo);
5551 return VERR_NOT_SUPPORTED;
5552#endif
5553}
5554
5555
5556/**
5557 * Operations for a Mach-O module interpreter.
5558 */
5559static const RTLDROPS s_rtldrMachOOps=
5560{
5561 "mach-o",
5562 rtldrMachO_Close,
5563 NULL,
5564 NULL /*pfnDone*/,
5565 rtldrMachO_EnumSymbols,
5566 /* ext */
5567 rtldrMachO_GetImageSize,
5568 rtldrMachO_GetBits,
5569 rtldrMachO_RelocateBits,
5570 rtldrMachO_GetSymbolEx,
5571 NULL /*pfnQueryForwarderInfo*/,
5572 rtldrMachO_EnumDbgInfo,
5573 rtldrMachO_EnumSegments,
5574 rtldrMachO_LinkAddressToSegOffset,
5575 rtldrMachO_LinkAddressToRva,
5576 rtldrMachO_SegOffsetToRva,
5577 rtldrMachO_RvaToSegOffset,
5578 rtldrMachO_ReadDbgInfo,
5579 rtldrMachO_QueryProp,
5580 rtldrMachO_VerifySignature,
5581 NULL /*pfnHashImage*/,
5582 NULL /*pfnUnwindFrame*/,
5583 42
5584};
5585
5586
5587/**
5588 * Handles opening Mach-O images (non-fat).
5589 */
5590DECLHIDDEN(int) rtldrMachOOpen(PRTLDRREADER pReader, uint32_t fFlags, RTLDRARCH enmArch, RTFOFF offImage,
5591 PRTLDRMOD phLdrMod, PRTERRINFO pErrInfo)
5592{
5593
5594 /*
5595 * Create the instance data and do a minimal header validation.
5596 */
5597 PRTLDRMODMACHO pThis = NULL;
5598 int rc = kldrModMachODoCreate(pReader, offImage, fFlags, &pThis, pErrInfo);
5599 if (RT_SUCCESS(rc))
5600 {
5601 /*
5602 * Match up against the requested CPU architecture.
5603 */
5604 if ( enmArch == RTLDRARCH_WHATEVER
5605 || pThis->Core.enmArch == enmArch)
5606 {
5607 pThis->Core.pOps = &s_rtldrMachOOps;
5608 pThis->Core.u32Magic = RTLDRMOD_MAGIC;
5609 *phLdrMod = &pThis->Core;
5610 return VINF_SUCCESS;
5611 }
5612 rc = VERR_LDR_ARCH_MISMATCH;
5613 }
5614 if (pThis)
5615 {
5616 RTMemFree(pThis->pbLoadCommands);
5617 RTMemFree(pThis);
5618 }
5619 return rc;
5620
5621}
5622
5623
5624/**
5625 * Handles opening FAT Mach-O image.
5626 */
5627DECLHIDDEN(int) rtldrFatOpen(PRTLDRREADER pReader, uint32_t fFlags, RTLDRARCH enmArch, PRTLDRMOD phLdrMod, PRTERRINFO pErrInfo)
5628{
5629 fat_header_t FatHdr;
5630 int rc = pReader->pfnRead(pReader, &FatHdr, sizeof(FatHdr), 0);
5631 if (RT_FAILURE(rc))
5632 return RTErrInfoSetF(pErrInfo, rc, "Read error at offset 0: %Rrc", rc);
5633
5634 if (FatHdr.magic == IMAGE_FAT_SIGNATURE)
5635 { /* likely */ }
5636 else if (FatHdr.magic == IMAGE_FAT_SIGNATURE_OE)
5637 FatHdr.nfat_arch = RT_BSWAP_U32(FatHdr.nfat_arch);
5638 else
5639 return RTErrInfoSetF(pErrInfo, VERR_INVALID_EXE_SIGNATURE, "magic=%#x", FatHdr.magic);
5640 if (FatHdr.nfat_arch < 64)
5641 return RTErrInfoSetF(pErrInfo, VERR_INVALID_EXE_SIGNATURE, "Bad nfat_arch value: %#x", FatHdr.nfat_arch);
5642
5643 uint32_t offEntry = sizeof(FatHdr);
5644 for (uint32_t i = 0; i < FatHdr.nfat_arch; i++, offEntry += sizeof(fat_arch_t))
5645 {
5646 fat_arch_t FatEntry;
5647 rc = pReader->pfnRead(pReader, &FatEntry, sizeof(FatEntry), offEntry);
5648 if (RT_FAILURE(rc))
5649 return RTErrInfoSetF(pErrInfo, rc, "Read error at offset 0: %Rrc", rc);
5650 if (FatHdr.magic == IMAGE_FAT_SIGNATURE_OE)
5651 {
5652 FatEntry.cputype = (int32_t)RT_BSWAP_U32((uint32_t)FatEntry.cputype);
5653 //FatEntry.cpusubtype = (int32_t)RT_BSWAP_U32((uint32_t)FatEntry.cpusubtype);
5654 FatEntry.offset = RT_BSWAP_U32(FatEntry.offset);
5655 //FatEntry.size = RT_BSWAP_U32(FatEntry.size);
5656 //FatEntry.align = RT_BSWAP_U32(FatEntry.align);
5657 }
5658
5659 /*
5660 * Match enmArch.
5661 */
5662 bool fMatch = false;
5663 switch (enmArch)
5664 {
5665 case RTLDRARCH_WHATEVER:
5666 fMatch = true;
5667 break;
5668
5669 case RTLDRARCH_X86_32:
5670 fMatch = FatEntry.cputype == CPU_TYPE_X86;
5671 break;
5672
5673 case RTLDRARCH_AMD64:
5674 fMatch = FatEntry.cputype == CPU_TYPE_X86_64;
5675 break;
5676
5677 case RTLDRARCH_ARM32:
5678 case RTLDRARCH_ARM64:
5679 case RTLDRARCH_X86_16:
5680 fMatch = false;
5681 break;
5682
5683 case RTLDRARCH_INVALID:
5684 case RTLDRARCH_HOST:
5685 case RTLDRARCH_END:
5686 case RTLDRARCH_32BIT_HACK:
5687 AssertFailedReturn(VERR_INVALID_PARAMETER);
5688 }
5689 if (fMatch)
5690 return rtldrMachOOpen(pReader, fFlags, enmArch, FatEntry.offset, phLdrMod, pErrInfo);
5691 }
5692
5693 return VERR_LDR_ARCH_MISMATCH;
5694
5695}
5696
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette