This repository has been archived by the owner on Jun 7, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathmacho.py
100 lines (85 loc) · 3.75 KB
/
macho.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# -*- coding: utf-8 -*-
# This file is part of Viper - https://github.com/viper-framework/viper
# See the file 'LICENSE' for copying permission.
from viper.common.abstracts import Module
from viper.core.session import __sessions__
try:
from .pymacho_helper import MachO
HAVE_MACHO = True
except ImportError:
HAVE_MACHO = False
class Macho(Module):
cmd = 'macho'
description = 'Get Macho OSX Headers'
authors = ['Alexander J']
categories = ["osx"]
def __init__(self):
super(Macho, self).__init__()
# self.parser.add_argument('-i', '--info', action='store_true', help='Show general info')
self.parser.add_argument('-hd', '--headers', action='store_true', help='show informations about header')
self.parser.add_argument('-sg', '--segments', help='display all segments', action='store_true')
self.parser.add_argument('-lc', '--load-commands', help='display all load commands', action='store_true')
self.parser.add_argument('-a', '--all', help='display all', action='store_true')
def run(self):
super(Macho, self).run()
if self.args is None:
return
if not __sessions__.is_set():
self.log('error', "No open session. This command expects a file to be open.")
return
if not HAVE_MACHO:
self.log('error', "Missing dependency")
return
# List general info
def macho_headers(m):
self.log('info', "Headers: ")
magic = "magic : 0x{0:x} - {1}".format(m.header.magic, m.header.display_magic())
self.log('item', magic)
cputype = "cputype : 0x{0:x} - {1}".format(m.header.cputype, m.header.display_cputype())
self.log('item', cputype)
cpu_subtype = "cpusubtype : 0x{0}".format(m.header.cpusubtype)
self.log('item', cpu_subtype)
filetype = "filetype : 0x{0:x} - {1}".format(m.header.filetype, m.header.display_filetype())
self.log('item', filetype)
ncmds = "ncmds : {0}".format(m.header.ncmds)
self.log('item', ncmds)
sizeofcmds = "sizeofcmds : {0} bytes".format(m.header.sizeofcmds)
self.log('item', sizeofcmds)
flags = "flags : 0x{0:x} - {1}".format(m.header.flags, ", ".join(m.header.display_flags()))
self.log('item', flags)
if m.header.is_64():
reserved = "reserved : 0x{0:x}".format(m.header.reserved)
self.log('item', reserved)
# self.log('item', "filetype: 0x{0}".format(m.header.display_filetype()))
# self.log('item', "ncmds: 0x{0}".format(m.header.ncmds))
# print all load commands
# TODO replace display method
def macho_load_commands(m):
load_commands = " Load Commands ({})".format(len(m.commands))
self.log('info', load_commands)
for lc in m.commands:
lc.display("\t")
# print all segments
# TODO replace display method
def macho_segments(m):
segments = " Segments ({})".format(len(m.segments))
self.log('info', segments)
for segment in m.segments:
segment.display(before="\t")
try:
m = MachO(__sessions__.current.file.path)
except Exception as e:
self.log('error', "Not a Mach-O file: {0}".format(e))
return
if self.args is None:
return
elif self.args.all:
macho_headers(m)
macho_segments(m)
macho_load_commands(m)
elif self.args.headers:
macho_headers(m)
elif self.args.segments:
macho_segments(m)
elif self.args.load_commands:
macho_load_commands(m)