Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
Mach-O Internals <ul><li>Anthony Shoumikhin
http://shoumikh.in </li></ul>
Agenda <ul><li>Program linking and loading on Mac OS X
Mach-O structure
Dynamic linking details
Run-time hooking </li></ul>
Compiling <ul><li>Converting human-readable text file to Mach-O binary </li><ul><li>Preprocessing
Generating assembler
Assembling to object file </li></ul></ul>
Compiling <ul><li>clang -c test.c </li><ul><li>clang -E  # Preprocess, but don't compile
clang -S  # Compile, but don't assemble
clang -c  # Asseble, but don't link </li></ul><li>Object file (Mach-O format) </li></ul>
Object file <ul><li>Generated by ld </li><ul><li>Header information
Object code
Relocation
Symbols
Debugging info </li></ul></ul>
Symbols in object files <ul><li>Calls in code </li><ul><li>Defined functions
Undefined functions </li></ul><li>References to static data </li><ul><li>Defined variables
Undefined variables </li></ul></ul>
Linking <ul><li>Process of resolving of undifined symbols </li></ul>
Linking <ul><li>ld just converts Mach-O files of one type to another
Executables and dynamic-linked Mach-O have no undefined symbols </li></ul>
Dynamic-linked library <ul><li>A complete Mach-O file without startup code
Used to be linked against like any other object file during linking by ld, but does not become a part of executable
Could be loaded on executable startup or manually in code at any moment </li></ul>
Loading <ul><li>Transferring of Mach-O file into process memory </li></ul>
Process memory layout Arguments & environment Stack unused memory Heap Uninitialized data Initialized data Text
File mapping into memory <ul><li>Code maps readonly
Data maps copy-on-write </li></ul>
Prochain SlideShare
Chargement dans…5
×

Mach-O Internals

7 195 vues

Publié le

Publié dans : Technologie
  • DOWNLOAD FULL eBOOK INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF eBook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB eBook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc eBook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. PDF eBook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB eBook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc eBook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, CookeBOOK Crime, eeBOOK Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici

Mach-O Internals

  1. 1. Mach-O Internals <ul><li>Anthony Shoumikhin
  2. 2. http://shoumikh.in </li></ul>
  3. 3. Agenda <ul><li>Program linking and loading on Mac OS X
  4. 4. Mach-O structure
  5. 5. Dynamic linking details
  6. 6. Run-time hooking </li></ul>
  7. 7. Compiling <ul><li>Converting human-readable text file to Mach-O binary </li><ul><li>Preprocessing
  8. 8. Generating assembler
  9. 9. Assembling to object file </li></ul></ul>
  10. 10. Compiling <ul><li>clang -c test.c </li><ul><li>clang -E # Preprocess, but don't compile
  11. 11. clang -S # Compile, but don't assemble
  12. 12. clang -c # Asseble, but don't link </li></ul><li>Object file (Mach-O format) </li></ul>
  13. 13. Object file <ul><li>Generated by ld </li><ul><li>Header information
  14. 14. Object code
  15. 15. Relocation
  16. 16. Symbols
  17. 17. Debugging info </li></ul></ul>
  18. 18. Symbols in object files <ul><li>Calls in code </li><ul><li>Defined functions
  19. 19. Undefined functions </li></ul><li>References to static data </li><ul><li>Defined variables
  20. 20. Undefined variables </li></ul></ul>
  21. 21. Linking <ul><li>Process of resolving of undifined symbols </li></ul>
  22. 22. Linking <ul><li>ld just converts Mach-O files of one type to another
  23. 23. Executables and dynamic-linked Mach-O have no undefined symbols </li></ul>
  24. 24. Dynamic-linked library <ul><li>A complete Mach-O file without startup code
  25. 25. Used to be linked against like any other object file during linking by ld, but does not become a part of executable
  26. 26. Could be loaded on executable startup or manually in code at any moment </li></ul>
  27. 27. Loading <ul><li>Transferring of Mach-O file into process memory </li></ul>
  28. 28. Process memory layout Arguments & environment Stack unused memory Heap Uninitialized data Initialized data Text
  29. 29. File mapping into memory <ul><li>Code maps readonly
  30. 30. Data maps copy-on-write </li></ul>
  31. 31. Introducing Mach-O
  32. 32. File layout
  33. 33. otool – CLI exploring <ul><li>man otool
  34. 34. -v (verbose) rulez </li></ul>$ otool -h Example.app/Contents/MacOS/Example Example.app/Contents/MacOS/Example (architecture i386): Mach header magic cputype cpusubtype caps filetype ncmds sizeofcmds flags 0xFEEDFACE 7 3 0x00 2 19 2356 0x00000085 Example.app/Contents/MacOS/Example (architecture ppc): Mach header magic cputype cpusubtype caps filetype ncmds sizeofcmds flags 0xFEEDFACE 18 0 0x00 2 17 2412 0x00000085
  35. 35. Mach-O View – GUI advantages http://sourceforge.net/projects/machoview
  36. 36. Header struct mach_header { uint32_t magic; cpu_type_t cputype; cpu_subtype_t cpusubtype; uint32_t filetype; uint32_t ncmds; uint32_t sizeofcmds; uint32_t flags; };
  37. 37. Load Commands x32 x64
  38. 38. Example - LC_SYMTAB struct load_command { uint32_t cmd; uint32_t cmdsize; //custom fields };
  39. 39. Introducing Fat Mach-O <ul><li>Several Mach-O of different target architecture in one </li><ul><li>struct fat_header
  40. 40. {
  41. 41. uint32_t magic; //0xCAFEBABE
  42. 42. uint32_t nfat_arch;
  43. 43. };
  44. 44. struct fat_arch
  45. 45. { cpu_type_t cputype;
  46. 46. cpu_subtype_t cpusubtype;
  47. 47. uint32_t offset;
  48. 48. uint32_t size;
  49. 49. uint32_t align;
  50. 50. }; </li></ul></ul>
  51. 51. Let's explore dynamic linking <ul><li>Test bed </li><ul><li>File test.c
  52. 52. void libtest(); //from libtest.dylib int main() { libtest(); //calls puts() from libSystem.B.dylib return 0; }
  53. 53. File libtest.c #include <stdio.h> void libtest() //just a simple library function { puts(&quot;libtest: calls the original puts()&quot;); } </li></ul></ul>
  54. 54. Debugging external call <ul><li>Here is a simple CALL </li></ul>
  55. 55. Debugging external call <ul><li>Welcome to __TEXT, __symbol_stub1 - a set of JMP instructions for each imported function </li></ul>
  56. 56. Debugging external call <ul><li>Each such instruction performs a jump to the address that is defined in the corresponding cell of the __DATA, __la_symbol_ptr table </li></ul>
  57. 57. <ul><li>Procedure Linkage Table </li></ul><ul><li>Welcome to __TEXT, __stub_helper - a PLT for Mach-O </li><ul><li>remember which symbol requires the relocation
  58. 58. jump to __dyld_stub_binding_helper for actual linking </li></ul></ul>
  59. 59. Dynamic linker - dyld <ul><li>dyld changes the corresponding cell in __DATA, __la_symbol_ptr </li></ul>
  60. 60. Let's hook
  61. 61. Mach-O hook tool <ul><li>github.com/shoumikhin/Mach-O-Hook </li><ul><li>void * mach_hook_init ( char const * library_filename , void const * library_address );
  62. 62. mach_substitution mach_hook ( void const * handle , char const * function_name , mach_substitution substitution );
  63. 63. void mach_hook_free (void * handle ); </li></ul><li>Just download it and run the test project! </li></ul>
  64. 64. Mach-O exploring (live demo) <ul><li>$ arch -x86_64 ./test
  65. 65. libtest: calls the original puts()
  66. 66. -----------------------------
  67. 67. libtest: calls the original puts()
  68. 68. HOOKED!
  69. 69. -----------------------------
  70. 70. libtest: calls the original puts() </li></ul>
  71. 71. Questions <ul><li>More at codeproject.com/members/shoumikhin </li></ul>

×