12 #include "../format/mach0/kernelcache.h"
13 #include "../format/xnu/mig_index.h"
15 #define VFILE_NAME_REBASED "rebased"
35 struct MACH0_(obj_t) * mach0;
55 #define KEXT_SHORT_NAME_FROM_SECTION(io_section) ({ \
56 char *result = NULL; \
57 char *clone = strdup(io_section->name); \
58 char *cursor = strstr(clone, "__"); \
63 cursor = strrchr(cursor, '.'); \
66 cursor = strrchr(cursor, '.'); \
68 result = strdup(cursor + 1); \
73 result ? result : clone; \
76 #define KEXT_INFER_VSIZE(index, i) \
77 ((i + 1 < index->length) ? index->entries[i + 1]->vaddr - index->entries[i]->vaddr : UT64_MAX)
79 #define KEXT_INFER_PSIZE(index, i) \
80 ((i + 1 < index->length) ? index->entries[i + 1]->range.offset - index->entries[i]->range.offset : UT64_MAX)
82 #define RZ_K_CONSTRUCTOR_TO_ENTRY 0
83 #define RZ_K_CONSTRUCTOR_TO_SYMBOL 1
85 #define K_PPTR(p) p_ptr(p, obj)
86 #define K_RPTR(buf) rz_ptr(buf, obj)
88 #define IS_PTR_AUTH(x) ((x & (1ULL << 63)) != 0)
89 #define IS_PTR_BIND(x) ((x & (1ULL << 62)) != 0)
117 #define rz_kext_index_foreach(index, i, item) \
119 for (i = 0; i < index->length && (item = index->entries[i], 1); i++)
135 struct MACH0_(opts_t) opts;
138 struct MACH0_(obj_t) *main_mach0 =
MACH0_(new_buf)(fbuf, &opts);
147 if (!prelink_range) {
168 obj->mach0 = main_mach0;
230 if (!prelink_range) {
263 if (incomplete == 1 && !prelink_range->
pa2va_data) {
264 struct MACH0_(segment_command) * seg;
265 int nsegs =
RZ_MIN(mach0->nsegs, 128);
267 for (
i = 0;
i < nsegs;
i++) {
268 seg = &mach0->segs[
i];
269 if (!strcmp(seg->segname,
"__DATA")) {
270 prelink_range->
pa2va_data = seg->vmaddr - seg->fileoff;
281 return prelink_range;
289 if (!strcmp(item->
key,
"_PrelinkInfoDictionary")) {
304 bool is_sorted =
true;
307 rz_list_foreach (kext_array->
values,
iter, kext_item) {
314 int kext_incomplete = 5;
316 rz_list_foreach (kext_item->
pairs, internal_iter, item) {
317 if (!strcmp(item->
key,
"CFBundlePackageType")) {
322 if (strcmp(
type->value,
"KEXT")) {
328 if (!strcmp(item->
key,
"_PrelinkExecutableLoadAddr")) {
336 if (!strcmp(item->
key,
"_PrelinkExecutableSize")) {
345 if (!strcmp(item->
key,
"_PrelinkKmodInfo")) {
353 if (!strcmp(item->
key,
"CFBundleIdentifier")) {
361 if (kext_incomplete) {
366 if (prev_kext && kext->
vaddr < prev_kext->
vaddr) {
371 kext->mach0 = create_kext_mach0(obj, kext);
397 return K_PPTR(decorated_addr);
408 ut64 kmod_start = 0, kmod_end = 0;
409 ut64 kmod_info = 0, kmod_info_end = 0;
414 for (; !
sections[
i].last && incomplete > 0;
i++) {
423 if (strstr(
sections[
i].
name,
"__PRELINK_INFO.__kmod_start")) {
425 kmod_end = kmod_start +
sections[
i].size;
428 if (strstr(
sections[
i].
name,
"__PRELINK_INFO.__kmod_info")) {
430 kmod_info_end = kmod_info +
sections[
i].size;
446 int n_kmod_info = (kmod_info_end - kmod_info) / 8;
447 if (n_kmod_info == 0) {
458 for (; j < n_kmod_info; j++) {
459 ut64 entry_offset = j * 8 + kmod_info;
468 ut64 field_start = kmod_info_paddr + 0xb4;
480 all_infos[j].
name[0x40] = 0;
483 ut64 cursor = kmod_start;
484 for (; cursor < kmod_end; cursor += 8) {
498 kext->mach0 = create_kext_mach0(obj, kext);
506 kext->pa2va_exec = pa2va_exec;
507 kext->pa2va_data = pa2va_data;
512 if (text_start == text_end) {
517 for (j = 0; j < n_kmod_info; j++) {
518 if (text_start > all_infos[j].
start || all_infos[j].
start >= text_end) {
523 kext->own_name =
true;
559 ut32 cursor =
sizeof(
struct MACH0_(mach_header));
560 for (
i = 0;
i < ncmds && cursor <
length;
i++) {
590 st32 padded_name_length = (
st32)cmdsize - 32;
591 if (padded_name_length <= 0) {
596 char *padded_name =
calloc(1, padded_name_length);
614 kext->mach0 = create_kext_shared_mach0(obj, kext);
627 kext->own_name =
true;
651 if (kext->own_name && kext->
name) {
681 int vaddr_compare =
A->vaddr -
B->vaddr;
682 if (vaddr_compare == 0) {
683 return A->text_range.size -
B->text_range.size;
685 return vaddr_compare;
712 rz_list_foreach (kexts,
iter, kext) {
739 int imax = index->
length - 1;
741 while (imin < imax) {
742 imid = (imin + imax) / 2;
760 struct MACH0_(opts_t) opts = { 0 };
763 struct MACH0_(obj_t) *mach0 =
MACH0_(new_buf)(
buf, &opts);
770 struct MACH0_(opts_t) opts = { 0 };
771 opts.verbose =
false;
773 struct MACH0_(obj_t) *mach0 =
MACH0_(new_buf)(
buf, &opts);
787 ut64 entry_vaddr = kobj->mach0->entry;
802 if (!*inits || !*terms) {
814 ut64 start_paddr = 0;
836 if (!target || !n_ptrs) {
842 for (; j < n_ptrs; j++) {
869 const char *sn = strrchr(kext->
name,
'.');
870 return sn ? sn + 1 : kext->
name;
876 for (; pointers[
i];
i++) {
877 ut64 func_vaddr = pointers[
i];
881 if (text_start == text_end) {
885 if (text_start > func_vaddr || func_vaddr >= text_end) {
895 sym->
vaddr = func_vaddr;
896 sym->
paddr = func_vaddr - kext->pa2va_exec;
899 sym->
bind =
"GLOBAL";
936 for (j = 0; j <
sections[
i].size; j += 8) {
950 sym->
paddr = paddr64;
953 sym->
bind =
"GLOBAL";
981 if (!memcmp(
buf,
"\xcf\xfa\xed\xfe", 4)) {
1021 int nsegs =
RZ_MIN(kobj->mach0->nsegs, 128);
1023 for (
i = 0;
i < nsegs;
i++) {
1029 struct MACH0_(segment_command) *seg = &kobj->mach0->segs[
i];
1034 map->psize = seg->vmsize;
1035 map->vsize = seg->vmsize;
1036 map->vaddr = seg->vmaddr;
1078 struct MACH0_(segment_command) * seg;
1079 int nsegs =
RZ_MIN(kobj->mach0->nsegs, 128);
1081 for (
i = 0;
i < nsegs;
i++) {
1089 seg = &kobj->mach0->segs[
i];
1093 ptr->
size = seg->vmsize;
1094 ptr->
vsize = seg->vmsize;
1096 ptr->
vaddr = seg->vmaddr;
1135 if (strstr(ptr->
name,
"la_symbol_ptr")) {
1157 if (strstr(sect->
name,
"_cstring")) {
1159 }
else if (strstr(sect->
name,
"_os_log")) {
1161 }
else if (strstr(sect->
name,
"_objc_methname")) {
1163 }
else if (strstr(sect->
name,
"_objc_classname")) {
1165 }
else if (strstr(sect->
name,
"_objc_methtype")) {
1181 if (!kernel_syms_by_addr) {
1188 ut64 enosys_addr = 0;
1189 rz_list_foreach (ret,
iter, sym) {
1192 if (!enosys_addr && strstr(sym->
name,
"enosys")) {
1193 enosys_addr = sym->
vaddr;
1199 rz_list_foreach (syscalls,
iter, sym) {
1210 rz_list_foreach (subsystem,
iter, sym) {
1267 if (sym->
name[0] ==
'_') {
1271 char *
p = strchr(dn,
'.');
1296 #define IS_KERNEL_ADDR(x) ((x & 0xfffffff000000000L) == 0xfffffff000000000L)
1315 ut64 data_const_offset = 0, data_const_size = 0, data_const_vaddr = 0;
1326 if (!data_const_offset || !data_const_size || !data_const_vaddr) {
1330 data_const =
malloc(data_const_size);
1338 ut8 *cursor = data_const;
1339 ut8 *
end = data_const + data_const_size;
1340 while (cursor <
end) {
1342 if (
test == enosys_addr) {
1348 if (cursor >=
end) {
1353 while (cursor >= data_const) {
1369 if (cursor < data_const) {
1388 ut64 sysent_vaddr = cursor - data_const + data_const_vaddr;
1396 sym->
vaddr = sysent_vaddr;
1397 sym->
paddr = cursor - data_const + data_const_offset;
1400 sym->
bind =
"GLOBAL";
1401 sym->
type =
"OBJECT";
1407 while (cursor <
end &&
i < num_syscalls) {
1410 if (item && item->
name) {
1422 sym->
bind =
"GLOBAL";
1447 #define K_MIG_SUBSYSTEM_SIZE (4 * 8)
1448 #define K_MIG_ROUTINE_SIZE (5 * 8)
1449 #define K_MIG_MAX_ROUTINES 100
1473 HtPP *mig_hash =
NULL;
1476 ut64 data_const_offset = 0, data_const_size = 0, data_const_vaddr = 0;
1477 ut64 text_exec_offset = 0, text_exec_size = 0, text_exec_vaddr = 0;
1480 for (; !
sections[
i].last && incomplete > 0;
i++) {
1495 if (!data_const_offset || !data_const_size || !data_const_vaddr ||
1496 !text_exec_offset || !text_exec_size || !text_exec_vaddr) {
1500 data_const =
malloc(data_const_size);
1518 ut8 *cursor = data_const;
1519 ut8 *
end = data_const + data_const_size;
1520 while (cursor <
end) {
1522 if (subs_p < text_exec_vaddr || subs_p >= text_exec_vaddr + text_exec_size) {
1528 ut32 n_routines = (subs_max_idx - subs_min_idx);
1529 if (subs_min_idx >= subs_max_idx || (subs_max_idx - subs_min_idx) >
K_MIG_MAX_ROUTINES) {
1540 bool is_consistent =
true;
1542 while (array_cursor < end_array) {
1544 if (should_be_null != 0) {
1545 is_consistent =
false;
1550 if (routine_p != 0 && (routine_p < text_exec_vaddr || routine_p >= text_exec_vaddr + text_exec_size)) {
1551 is_consistent =
false;
1555 routines[
idx++] = routine_p;
1559 if (is_consistent) {
1560 for (
idx = 0;
idx < n_routines;
idx++) {
1561 ut64 routine_p = routines[
idx];
1572 int num =
idx + subs_min_idx;
1582 sym->
vaddr = routine_p;
1583 sym->
paddr = sym->
vaddr - text_exec_vaddr + text_exec_offset;
1586 sym->
bind =
"GLOBAL";
1587 sym->
type =
"OBJECT";
1620 ut64 adrp_offset = ((
adrp & 0x60000000) >> 29) | ((
adrp & 0xffffe0) >> 3);
1621 addr += adrp_offset << 12;
1624 addr += ((
ldr & 0x3ffc00) >> 10) << ((
ldr & 0xc0000000) >> 30);
1637 for (; stubs_cursor < stubs_end; stubs_cursor += 12) {
1672 sym->
paddr = stubs_cursor;
1675 sym->
bind =
"LOCAL";
1701 remote_sym->
vaddr = target_addr;
1703 remote_sym->
size = 0;
1705 remote_sym->
bind =
"GLOBAL";
1706 remote_sym->
type =
"FUNC";
1707 remote_sym->
ordinal = ordinal++;
1717 local_sym->
paddr = stubs_cursor;
1718 local_sym->
size = 12;
1720 local_sym->
bind =
"GLOBAL";
1721 local_sym->
type =
"FUNC";
1722 local_sym->
ordinal = ordinal++;
1747 if (!--incomplete) {
1755 if (!--incomplete) {
1772 bool big_endian = 0;
1846 ut64 starts_offset = 0, starts_size = 0;
1859 ut64 kernel_base = 0;
1861 struct MACH0_(segment_command) * seg;
1862 int nsegs =
RZ_MIN(mach0->nsegs, 128);
1863 for (
i = 0;
i < nsegs;
i++) {
1865 seg = &mach0->segs[
i];
1867 if (!strncmp(segname,
"__TEXT", 6) && segname[6] ==
'\0') {
1868 kernel_base = seg->vmaddr;
1873 if (starts_offset == 0 || starts_size == 0 || kernel_base == 0) {
1877 int n_starts = starts_size / 4;
1878 if (n_starts <= 1) {
1882 if (rebase_ranges ==
NULL) {
1886 ut64 multiplier = 4;
1887 for (
i = 0;
i != n_starts;
i++) {
1903 if (rebase_info ==
NULL) {
1906 rebase_info->
ranges = rebase_ranges;
1907 rebase_info->
n_ranges = n_starts - 1;
1933 .
name =
"kernelcache",
1934 .desc =
"kernelcache bin plugin",
1948 #ifndef RZ_PLUGIN_INCORE
1951 .data = &rz_bin_plugin_kernelcache,
static RzILOpEffect * ldr(cs_insn *insn, bool is_thumb)
static ut32 adrp(ArmOp *op, ut64 addr, ut32 k)
RZ_API void rz_bin_symbol_free(RzBinSymbol *sym)
RZ_API void rz_bin_map_free(RzBinMap *map)
RZ_API void rz_bin_section_free(RzBinSection *bs)
RZ_API RZ_OWN char * rz_bin_demangle(RZ_NULLABLE RzBinFile *bf, RZ_NULLABLE const char *language, RZ_NULLABLE const char *symbol, ut64 vaddr, bool libs)
Demangles a symbol based on the language or the RzBinFile data.
RZ_API void rz_bin_virtual_file_free(RzBinVirtualFile *vfile)
static bool load_buffer(RzBinFile *bf, RzBinObject *obj, RzBuffer *buf, Sdb *sdb)
#define IS_KERNEL_ADDR(x)
static RzXNUKernelCacheRebaseInfo * rz_rebase_info_new_from_mach0(RzBuffer *cache_buf, struct MACH0_(obj_t) *mach0)
static HtPP * mig_hash_new(void)
static RzList * resolve_syscalls(RzXNUKernelCacheObj *obj, ut64 enosys_addr)
static void rz_kext_index_free(RKextIndex *index)
static void symbols_from_mach0(RzList *ret, struct MACH0_(obj_t) *mach0, RzBinFile *bf, ut64 paddr, int ordinal)
static RzList * symbols(RzBinFile *bf)
static RzBinAddr * newEntry(ut64 haddr, ut64 vaddr, int type)
#define RZ_K_CONSTRUCTOR_TO_ENTRY
static RzList * filter_kexts(RzXNUKernelCacheObj *obj)
static void rz_kext_free(RKext *kext)
#define RZ_K_CONSTRUCTOR_TO_SYMBOL
static ut64 extract_addr_from_code(ut8 *arm64_code, ut64 vaddr)
struct _RzParsedPointer RzParsedPointer
static void rz_rebase_info_free(RzXNUKernelCacheRebaseInfo *info)
static void rz_kext_fill_text_range(RKext *kext)
static RzList * carve_kexts(RzXNUKernelCacheObj *obj)
static void handle_data_sections(RzBinSection *sect)
static void create_initterm_syms(RKext *kext, RzList *ret, int type, ut64 *pointers)
RzBinPlugin rz_bin_plugin_xnu_kernelcache
static void destroy(RzBinFile *bf)
static RKext * rz_kext_index_vget(RKextIndex *index, ut64 vaddr)
static bool check_buffer(RzBuffer *b)
static void rz_kernel_cache_free(RzXNUKernelCacheObj *obj)
static ut64 p_ptr(ut64 decorated_addr, RzXNUKernelCacheObj *obj)
#define K_MIG_SUBSYSTEM_SIZE
static RzList * kexts_from_load_commands(RzXNUKernelCacheObj *obj)
struct _RPrelinkRange RPrelinkRange
static const char * kext_short_name(RKext *kext)
static RzList * virtual_files(RzBinFile *bf)
#define K_MIG_ROUTINE_SIZE
static RzBinInfo * info(RzBinFile *bf)
static ut64 baddr(RzBinFile *bf)
static int prot2perm(int x)
static ut64 rz_ptr(ut8 *buf, RzXNUKernelCacheObj *obj)
#define K_MIG_MAX_ROUTINES
static void process_kmod_init_term(RzXNUKernelCacheObj *obj, RKext *kext, RzList *ret, ut64 **inits, ut64 **terms)
struct _RKmodInfo RKmodInfo
static RzList * entries(RzBinFile *bf)
static RStubsInfo * get_stubs_info(struct MACH0_(obj_t) *mach0, ut64 paddr, RzXNUKernelCacheObj *obj)
static void ensure_kexts_initialized(RzXNUKernelCacheObj *obj)
static RzList * maps(RzBinFile *bf)
struct _RStubsInfo RStubsInfo
#define rz_kext_index_foreach(index, i, item)
static void symbols_from_stubs(RzList *ret, HtPP *kernel_syms_by_addr, RzXNUKernelCacheObj *obj, RzBinFile *bf, RKext *kext, int ordinal)
static RzList * sections(RzBinFile *bf)
static int kexts_sort_vaddr_func(const void *a, const void *b)
static void sections_from_mach0(RzList *ret, struct MACH0_(obj_t) *mach0, RzBinFile *bf, ut64 paddr, char *prefix, RzXNUKernelCacheObj *obj)
static RzList * resolve_mig_subsystem(RzXNUKernelCacheObj *obj)
static struct MACH0_(obj_t)
static RKextIndex * rz_kext_index_new(RzList *kexts)
#define VFILE_NAME_REBASED
static RPrelinkRange * get_prelink_info_range_from_mach0(struct MACH0_(obj_t) *mach0)
struct _RKextIndex RKextIndex
static void process_constructors(RzXNUKernelCacheObj *obj, struct MACH0_(obj_t) *mach0, RzList *ret, ut64 paddr, bool is_first, int mode, const char *prefix)
static static sync static getppid static getegid const char static filename char static len const char char static bufsiz static mask static vfork const void static prot static getpgrp const char static swapflags static arg static fd static protocol static who struct sockaddr static addrlen static backlog struct timeval struct timezone static tz const struct iovec static count static mode const void const struct sockaddr static tolen const char static pathname void count
static static sync static getppid static getegid const char static filename char static len const char char static bufsiz static mask static vfork const void static prot static getpgrp const char static swapflags static arg static fd static protocol static who struct sockaddr static addrlen static backlog struct timeval struct timezone static tz const struct iovec static count static mode const void const struct sockaddr static tolen const char static pathname void static offset struct stat static buf void long static basep static whence static length const void static len static semflg const void static shmflg const struct timespec struct timespec static rem const char static group const void start
static static sync static getppid static getegid const char static filename char static len const char char static bufsiz static mask static vfork const void static prot static getpgrp const char static swapflags static arg static fd static protocol static who struct sockaddr static addrlen static backlog struct timeval struct timezone static tz const struct iovec static count static mode const void const struct sockaddr static tolen const char static pathname void static offset struct stat static buf void long static basep static whence static length const void static len key
static static sync static getppid static getegid const char static filename char static len const char char static bufsiz static mask static vfork const void static prot static getpgrp const char static swapflags static arg static fd static protocol static who struct sockaddr static addrlen static backlog struct timeval struct timezone static tz const struct iovec static count static mode const void const struct sockaddr static tolen const char static pathname void static offset struct stat static buf void long static basep static whence static length const void static len static semflg const void static shmflg const struct timespec struct timespec static rem const char static group const void length
size_t map(int syms, int left, int len)
RZ_API char * sdb_fmt(const char *fmt,...)
unsigned short prefix[65536]
RZ_API void Ht_() free(HtName_(Ht) *ht)
RZ_API const KEY_TYPE bool * found
RZ_API RzBuffer * rz_xnu_kernelcache_new_rebasing_buf(RzXNUKernelCacheObj *obj)
RZ_API bool rz_xnu_kernelcache_needs_rebasing(RzXNUKernelCacheObj *obj)
RZ_API bool rz_xnu_kernelcache_parse_pointer(RzXNUKernelCacheParsedPointer *ptr, ut64 decorated_addr, RzXNUKernelCacheObj *obj)
RZ_API bool rz_xnu_kernelcache_buf_is_kernelcache(RzBuffer *b)
RZ_API RZ_OWN RzList * rz_list_newf(RzListFree f)
Returns a new initialized RzList pointer and sets the free method.
RZ_API void rz_list_sort(RZ_NONNULL RzList *list, RZ_NONNULL RzListComparator cmp)
Sorts via merge sort or via insertion sort a list.
RZ_API RZ_BORROW RzListIter * rz_list_push(RZ_NONNULL RzList *list, void *item)
Alias for rz_list_append.
RZ_API ut32 rz_list_length(RZ_NONNULL const RzList *list)
Returns the length of the list.
RZ_API RZ_BORROW RzListIter * rz_list_append(RZ_NONNULL RzList *list, void *data)
Appends at the end of the list a new element.
RZ_API void rz_list_free(RZ_NONNULL RzList *list)
Empties the list and frees the list pointer.
void * malloc(size_t size)
void * calloc(size_t number, size_t size)
static static fork const void static count static fd const char const char static newpath char char char static envp time_t static t const char static mode static whence const char static dir time_t static t unsigned static seconds const char struct utimbuf static buf static inc static sig const char static mode static oldfd struct tms static buf static getgid static geteuid const char static filename static arg static mask struct ustat static ubuf static getppid static setsid static egid sigset_t static set struct timeval struct timezone static tz fd_set fd_set fd_set struct timeval static timeout const char char static bufsiz const char static swapflags void static offset const char static length static mode static who const char struct statfs static buf unsigned unsigned num
return strdup("=SP r13\n" "=LR r14\n" "=PC r15\n" "=A0 r0\n" "=A1 r1\n" "=A2 r2\n" "=A3 r3\n" "=ZF zf\n" "=SF nf\n" "=OF vf\n" "=CF cf\n" "=SN or0\n" "gpr lr .32 56 0\n" "gpr pc .32 60 0\n" "gpr cpsr .32 64 0 ____tfiae_________________qvczn\n" "gpr or0 .32 68 0\n" "gpr tf .1 64.5 0 thumb\n" "gpr ef .1 64.9 0 endian\n" "gpr jf .1 64.24 0 java\n" "gpr qf .1 64.27 0 sticky_overflow\n" "gpr vf .1 64.28 0 overflow\n" "gpr cf .1 64.29 0 carry\n" "gpr zf .1 64.30 0 zero\n" "gpr nf .1 64.31 0 negative\n" "gpr itc .4 64.10 0 if_then_count\n" "gpr gef .4 64.16 0 great_or_equal\n" "gpr r0 .32 0 0\n" "gpr r1 .32 4 0\n" "gpr r2 .32 8 0\n" "gpr r3 .32 12 0\n" "gpr r4 .32 16 0\n" "gpr r5 .32 20 0\n" "gpr r6 .32 24 0\n" "gpr r7 .32 28 0\n" "gpr r8 .32 32 0\n" "gpr r9 .32 36 0\n" "gpr r10 .32 40 0\n" "gpr r11 .32 44 0\n" "gpr r12 .32 48 0\n" "gpr r13 .32 52 0\n" "gpr r14 .32 56 0\n" "gpr r15 .32 60 0\n" "gpr r16 .32 64 0\n" "gpr r17 .32 68 0\n")
struct section_t *MACH0_() get_sections(struct MACH0_(obj_t) *bin)
const struct symbol_t *MACH0_() get_symbols(struct MACH0_(obj_t) *bin)
ut64 MACH0_() get_baddr(struct MACH0_(obj_t) *bin)
void *MACH0_() mach0_free(struct MACH0_(obj_t) *mo)
void MACH0_() opts_set_default(struct MACH0_(opts_t) *options, RzBinFile *bf)
#define RZ_BIN_MACH0_SYMBOL_TYPE_LOCAL
static const char * mig_index[RZ_MIG_INDEX_LEN]
#define rz_return_val_if_fail(expr, val)
#define RZ_BIN_ENTRY_TYPE_FINI
#define RZ_BIN_ENTRY_TYPE_INIT
RZ_API RzBuffer * rz_buf_ref(RzBuffer *b)
Increment the reference count of the buffer.
RZ_API st64 rz_buf_read_at(RZ_NONNULL RzBuffer *b, ut64 addr, RZ_NONNULL RZ_OUT ut8 *buf, ut64 len)
Read len bytes of the buffer at the specified address.
#define rz_buf_read_le32_at(b, addr, result)
RZ_API void rz_buf_free(RzBuffer *b)
Free all internal data hold by the buffer and the buffer.
RZ_API RZ_OWN RzBuffer * rz_buf_new_slice(RzBuffer *b, ut64 offset, ut64 size)
Creates a new buffer from a slice of another buffer.
RZ_API ut64 rz_buf_size(RZ_NONNULL RzBuffer *b)
Return the size of the buffer.
#define rz_buf_read_le64_at(b, addr, result)
RZ_API void rz_cf_value_dict_free(RCFValueDict *dict)
RZ_API RCFValueDict * rz_cf_value_dict_parse(RzBuffer *file_buf, ut64 offset, ut64 size, int options)
#define RZ_CF_OPTION_SKIP_NSDATA
static ut32 rz_read_le32(const void *src)
static ut64 rz_read_le64(const void *src)
void(* RzListFree)(void *ptr)
RZ_API char * rz_str_newf(const char *fmt,...) RZ_PRINTF_CHECK(1
RZ_API size_t rz_str_ncpy(char *dst, const char *src, size_t n)
Secure string copy with null terminator.
RZ_API void rz_str_filter(char *str)
Convert all non-printable characters in str with '.'.
RZ_API int sdb_count(Sdb *s)
RZ_API char * sdb_ht_find(HtPP *ht, const char *key, bool *found)
RZ_API HtPP * sdb_ht_new(void)
RZ_API void sdb_ht_free(HtPP *ht)
RZ_API bool sdb_ht_insert(HtPP *ht, const char *key, const char *value)
RzXNUKernelCacheFileRange text_range
RzXNUKernelCacheFileRange range
RzXNUKernelCacheFileRange range
RzXNUKernelCacheFileRange got
RzXNUKernelCacheFileRange stubs
XX curplugin == o->plugin.
Description of a single memory mapping into virtual memory from a binary.
RZ_NONNULL RzBuffer * buf
bool buf_owned
whether buf is owned and freed by this RzBinVirtualFile
RZ_OWN RZ_NONNULL char * name
RzXNUKernelCacheRebaseInfo * rebase_info
RCFValueDict * prelink_info
struct _RKextIndex * kexts
RzXNUKernelCacheFileRange * ranges
RZ_API RzSyscall * rz_syscall_new(void)
Creates a new RzSyscall type.
RZ_API void rz_syscall_free(RzSyscall *s)
Frees an RzSyscall type.
RZ_API void rz_syscall_item_free(RzSyscallItem *si)
RZ_API RzSyscallItem * rz_syscall_get(RzSyscall *s, int num, int swi)
RZ_API bool rz_syscall_setup(RzSyscall *s, const char *arch, int bits, const char *cpu, const char *os)
if(dbg->bits==RZ_SYS_BITS_64)
ut64(WINAPI *w32_GetEnabledXStateFeatures)()
1.9.1