From 897969f7e965ceef3f9cbf5288977c91903eac85 Mon Sep 17 00:00:00 2001 From: Fabian Freyer Date: Sat, 2 Sep 2023 02:59:57 +0200 Subject: [PATCH] darwin: Add function to find module's TLV data/bss --- gum/gumdarwinmodule-priv.h | 9 +++++++++ gum/gumdarwinmodule.c | 32 ++++++++++++++++++++++++++++++++ gum/gumdarwinmodule.h | 2 ++ 3 files changed, 43 insertions(+) diff --git a/gum/gumdarwinmodule-priv.h b/gum/gumdarwinmodule-priv.h index 6ff008f526..69b9f4074f 100644 --- a/gum/gumdarwinmodule-priv.h +++ b/gum/gumdarwinmodule-priv.h @@ -21,6 +21,8 @@ #define GUM_SECTION_TYPE_MASK 0x000000ff +#define GUM_S_THREAD_LOCAL_REGULAR 0x11 +#define GUM_S_THREAD_LOCAL_ZEROFILL 0x12 #define GUM_S_THREAD_LOCAL_VARIABLES 0x13 #define GUM_N_EXT 0x01 @@ -60,6 +62,7 @@ typedef struct _GumSection64 GumSection64; typedef struct _GumNList32 GumNList32; typedef struct _GumNList64 GumNList64; typedef struct _GumFindDarwinTLVDescriptorsContext GumFindDarwinTLVDescriptorsContext; +typedef struct _GumFindDarwinTLVInitContext GumFindDarwinTLVInitContext; typedef struct _GumFixedSizeTLVThunk32 GumFixedSizeTLVThunk32; typedef struct _GumFixedSizeTLVThunk64 GumFixedSizeTLVThunk64; typedef struct _GumFixedSizeLibdyldDyld4Section32 GumFixedSizeLibdyldDyld4Section32; @@ -407,6 +410,12 @@ struct _GumFindDarwinTLVDescriptorsContext { gsize descriptor_sz; }; +struct _GumFindDarwinTLVInitContext { + guint32 data_offset; + guint64 data_size; + guint64 bss_size; +}; + struct _GumFixedSizeTLVThunk32 { guint32 thunk; guint32 key; diff --git a/gum/gumdarwinmodule.c b/gum/gumdarwinmodule.c index 2f1467ab3b..36dbb35ce9 100644 --- a/gum/gumdarwinmodule.c +++ b/gum/gumdarwinmodule.c @@ -1122,6 +1122,38 @@ gum_darwin_module_enumerate_tlv_descriptors (GumDarwinModule * self, } } +gboolean +gum_darwin_module_find_tlv_init (const GumDarwinSectionDetails * section, + gpointer user_data) +{ + GumFindDarwinTLVInitContext *ctx = user_data; + + if (section->flags == GUM_S_THREAD_LOCAL_REGULAR) + { + ctx->data_offset = section->file_offset; + ctx->data_size = section->size; + } + + if (section->flags == GUM_S_THREAD_LOCAL_ZEROFILL) + ctx->bss_size = section->size; + + return TRUE; +} + +void +gum_darwin_module_get_tlv_init (GumDarwinModule * self, guint32 * data_offset, + guint64 * data_size, guint64 * bss_size) +{ + GumFindDarwinTLVInitContext ctx = { 0 }; + + gum_darwin_module_enumerate_sections (self, + gum_darwin_module_find_tlv_init, &ctx); + + *data_offset = ctx.data_offset; + *data_size = ctx.data_size; + *bss_size = ctx.bss_size; +} + void gum_darwin_module_enumerate_chained_fixups ( GumDarwinModule * self, diff --git a/gum/gumdarwinmodule.h b/gum/gumdarwinmodule.h index 6e97a1cab4..55d1e0808a 100644 --- a/gum/gumdarwinmodule.h +++ b/gum/gumdarwinmodule.h @@ -619,6 +619,8 @@ GUM_API guint gum_darwin_module_count_tlv_descriptors (GumDarwinModule * self); GUM_API void gum_darwin_module_enumerate_tlv_descriptors ( GumDarwinModule * self, GumFoundDarwinTLVDescriptorFunc func, gpointer user_data); +GUM_API void gum_darwin_module_get_tlv_init (GumDarwinModule * self, + guint32 * data_offset, guint64 * data_size, guint64 * bss_size); GUM_API void gum_darwin_module_enumerate_rebases (GumDarwinModule * self, GumFoundDarwinRebaseFunc func, gpointer user_data); GUM_API void gum_darwin_module_enumerate_binds (GumDarwinModule * self,