Created
August 26, 2020 15:08
-
-
Save Siguza/eef732424b68f942b00eea86057b934d to your computer and use it in GitHub Desktop.
Apple Silicon kernels
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <fcntl.h> | |
| #include <stdio.h> | |
| #include <sys/mman.h> | |
| #include <sys/stat.h> | |
| #include <mach-o/loader.h> | |
| #include <mach-o/nlist.h> | |
| int main(int argc, const char **argv) | |
| { | |
| if(argc != 2) | |
| { | |
| fprintf(stderr, "Usage: %s file\n", argv[0]); | |
| return -1; | |
| } | |
| int fd = open(argv[1], O_RDONLY); | |
| if(fd < 0) perror("open"); | |
| struct stat s; | |
| int r = fstat(fd, &s); | |
| if(r != 0) perror("fstat"); | |
| void *file = mmap(NULL, s.st_size, PROT_READ, MAP_FILE | MAP_PRIVATE, fd, 0); | |
| if(file == MAP_FAILED) perror("mmap"); | |
| struct mach_header_64 *mh = file; | |
| if(mh->filetype != 0xc) | |
| { | |
| fprintf(stderr, "Not an Apple Silicon kernel\n"); | |
| return -1; | |
| } | |
| for(struct load_command *lc = (struct load_command*)(mh + 1), *max = (struct load_command*)((uintptr_t)lc + mh->sizeofcmds); lc < max; lc = (struct load_command*)((uintptr_t)lc + lc->cmdsize)) | |
| { | |
| if(lc->cmd == 0x80000035) | |
| { | |
| struct | |
| { | |
| uint32_t cmd; | |
| uint32_t cmdsize; | |
| uint64_t addr; | |
| uint64_t off; | |
| uint32_t name; | |
| } *ent = (void*)lc; | |
| const char *name = (const char*)((uintptr_t)ent + ent->name); | |
| printf("\e[1;96m%s\e[0m\n", name); | |
| struct mach_header_64 *hdr = (struct mach_header_64*)((uintptr_t)file + ent->off); | |
| for(struct load_command *cmd = (struct load_command*)(hdr + 1), *end = (struct load_command*)((uintptr_t)cmd + hdr->sizeofcmds); cmd < end; cmd = (struct load_command*)((uintptr_t)cmd + cmd->cmdsize)) | |
| { | |
| if(cmd->cmd == LC_SYMTAB) | |
| { | |
| struct symtab_command *stab = (struct symtab_command*)cmd; | |
| struct nlist_64 *symtab = (struct nlist_64*)((uintptr_t)file + stab->symoff); | |
| const char *strtab = (const char*)((uintptr_t)file + stab->stroff); | |
| for(uint32_t i = 0; i < stab->nsyms; ++i) | |
| { | |
| if((symtab[i].n_type & 0xe) == 0xe) | |
| { | |
| printf("0x%016llx %s\n", symtab[i].n_value, &strtab[symtab[i].n_un.n_strx]); | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment