Documentation
¶
Index ¶
- Constants
- func Disassemble(d Disass)
- func ParseGotPtrs(m *macho.File) (map[uint64]uint64, error)
- func ParseHelpersASM(m *macho.File) (map[uint64]uint64, error)
- func ParseStubsASM(data []byte, begin uint64, readPtr func(uint64) (uint64, error)) (map[uint64]uint64, error)
- func ParseStubsForMachO(m *macho.File) (map[uint64]uint64, error)
- type AddrDetails
- type Config
- type Disass
- type MachoDisass
- func (d MachoDisass) Analyze() error
- func (d MachoDisass) AsJSON() bool
- func (d MachoDisass) Color() bool
- func (d MachoDisass) Contains(address uint64) (bool, uint64)
- func (d MachoDisass) Data() []byte
- func (d MachoDisass) Demangle() bool
- func (d MachoDisass) FindSymbol(addr uint64) (string, bool)
- func (d MachoDisass) GetCString(addr uint64) (string, error)
- func (d MachoDisass) IsBranchLocation(addr uint64) (bool, uint64)
- func (d MachoDisass) IsData(addr uint64) (bool, *AddrDetails)
- func (d MachoDisass) IsFunctionStart(addr uint64) (bool, string)
- func (d MachoDisass) IsLocation(imm uint64) bool
- func (d MachoDisass) IsPointer(imm uint64) (bool, *AddrDetails)
- func (d MachoDisass) Middle() uint64
- func (d MachoDisass) Quite() bool
- func (d MachoDisass) ReadAddr(addr uint64) (uint64, error)
- func (d *MachoDisass) SaveAddrToSymMap(dest string) error
- func (d MachoDisass) StartAddr() uint64
- func (d *MachoDisass) Triage() error
- type Triage
Constants ¶
View Source
const ( AMXLDX opName = iota AMXLDY AMXSTX AMXSTY AMXLDZ AMXSTZ AMXLDZI AMXSTZI AMXEXTRX // amxextrx? AMXEXTRY // amxextry? AMXFMA64 AMXFMS64 AMXFMA32 AMXFMS32 AMXMAC16 AMXFMA16 AMXFMS16 AMX17 // amxset / amxclr AMXVECINT AMXVECFP AMXMATINT AMXMATFP AMXGENLUT )
Variables ¶
This section is empty.
Functions ¶
func Disassemble ¶
func Disassemble(d Disass)
func ParseGotPtrs ¶
func ParseHelpersASM ¶
func ParseStubsASM ¶
func ParseStubsForMachO ¶
Types ¶
type AddrDetails ¶
func (AddrDetails) String ¶
func (d AddrDetails) String() string
type Disass ¶
type Disass interface {
Triage() error
IsFunctionStart(uint64) (bool, string)
IsLocation(uint64) bool
IsBranchLocation(uint64) (bool, uint64)
IsData(uint64) (bool, *AddrDetails)
IsPointer(uint64) (bool, *AddrDetails)
FindSymbol(uint64) (string, bool)
GetCString(uint64) (string, error)
// getters
Demangle() bool
Quite() bool
Color() bool
AsJSON() bool
Data() []byte
StartAddr() uint64
Middle() uint64
ReadAddr(uint64) (uint64, error)
}
type MachoDisass ¶
type MachoDisass struct {
// contains filtered or unexported fields
}
func NewMachoDisass ¶
func NewMachoDisass(f *macho.File, a2s *map[uint64]string, cfg *Config) *MachoDisass
func (MachoDisass) Analyze ¶
func (d MachoDisass) Analyze() error
func (MachoDisass) AsJSON ¶
func (d MachoDisass) AsJSON() bool
func (MachoDisass) Color ¶
func (d MachoDisass) Color() bool
func (MachoDisass) Contains ¶
func (d MachoDisass) Contains(address uint64) (bool, uint64)
Contains returns true if Triage immediates contains a given address and will return the instruction address
func (MachoDisass) Data ¶
func (d MachoDisass) Data() []byte
func (MachoDisass) Demangle ¶
func (d MachoDisass) Demangle() bool
func (MachoDisass) FindSymbol ¶
func (d MachoDisass) FindSymbol(addr uint64) (string, bool)
FindSymbol returns symbol from the addr2symbol map for a given virtual address
func (MachoDisass) GetCString ¶
func (d MachoDisass) GetCString(addr uint64) (string, error)
func (MachoDisass) IsBranchLocation ¶
func (d MachoDisass) IsBranchLocation(addr uint64) (bool, uint64)
IsBranchLocation returns if given address is branch to a location instruction
func (MachoDisass) IsData ¶
func (d MachoDisass) IsData(addr uint64) (bool, *AddrDetails)
IsData returns if given address is a data variable address referenced in the disassembled function
func (MachoDisass) IsFunctionStart ¶
func (d MachoDisass) IsFunctionStart(addr uint64) (bool, string)
IsFunctionStart checks if address is at a function start and returns symbol name
func (MachoDisass) IsLocation ¶
func (d MachoDisass) IsLocation(imm uint64) bool
IsLocation returns if given address is a local branch location within the disassembled function
func (MachoDisass) IsPointer ¶
func (d MachoDisass) IsPointer(imm uint64) (bool, *AddrDetails)
IsPointer returns if given address is a pointer to another address
func (MachoDisass) Middle ¶
func (d MachoDisass) Middle() uint64
func (MachoDisass) Quite ¶
func (d MachoDisass) Quite() bool
func (*MachoDisass) SaveAddrToSymMap ¶
func (d *MachoDisass) SaveAddrToSymMap(dest string) error
func (MachoDisass) StartAddr ¶
func (d MachoDisass) StartAddr() uint64
func (*MachoDisass) Triage ¶
func (d *MachoDisass) Triage() error
Triage walks a function and analyzes all immediates
Source Files
Click to show internal directories.
Click to hide internal directories.