It’s also located at Section _objc_const. The field _objc_class_TestXrefs1_method is a type of struct _method_list_t. The data structure of _objc_class_TestXrefs1_data in Hopper The following is the data structure of _objc_class_TestXrefs1_data.įigure 4. The field _objc_class_TestXrefs1_data is the type of struct _class_ro_t. Hopper is able to identify the data structure of the class in Objective-C.įigure 3. We can see that this section stores the data of all classes, which includes all classes defined by the user and their meta-class. The following is the Section _objc_data of the executable file in Hopper. The script first walks through all classes in Section _objc_data. Print 'selref VA: %08x - function VA: %08x\n' %(selRefVA, funcVA)ĭoc.getSegmentAtAddress(x).addReference(x, funcVA) IsMsgRef, selRefVA = getRefPtr(doc, va1, objcSelRefs, objcMsgRefs, objcConst)įuncVA = doc.readUInt64LE(va1 + objc2ClassMethImpOffs) If classMethodsVA = BADADDR or classMethodsVA = 0:Ĭount = doc.readUInt32LE(classMethodsVA + 4)įor va1 in range(classMethodsVA,classMethodsVA + objc2ClassMethSize * count, objc2ClassMethSize): If classRoVA = BADADDR or classRoVA = 0:ĬlassMethodsVA = doc.readUInt64LE(classRoVA + objc2ClassBaseMethOffs) If((objcSelRefs != None or objcMsgRefs != None) and (objcData != None and objcConst != None)) = False:ĭoc.log("could not find necessary Objective-C sections.\n")įor va in range(objcData,objcData,objc2ClassSize):ĬlassRoVA = doc.readUInt64LE(va + objc2ClassInfoOffs) #print ' +++' + sectName, (hex(sect.getStartingAddress()),hex(sect.getStartingAddress()+sect.getLength())) ObjcConst = (sect.getStartingAddress(),sect.getStartingAddress()+sect.getLength()) ObjcMsgRefs = (sect.getStartingAddress(),sect.getStartingAddress()+sect.getLength()) ObjcSelRefs = (sect.getStartingAddress(),sect.getStartingAddress()+sect.getLength()) ObjcData = (sect.getStartingAddress(),sect.getStartingAddress()+sect.getLength()) If objcSelRefs and x >= objcSelRefs and x =objcMsgRefs and x = objcConst and x 1:Įachxrefs = seg.getReferencesOfAddress(addr) Print 'xreffrom: ' + hex(x) ,'xrefto: ' + hex(namePtr) NamePtr = doc.readUInt64LE(classMethodsVA) #get name field in struct _objc_method, it's selector #author: Kai getRefPtr(doc,classMethodsVA,objcSelRefs, objcMsgRefs, objcConst): The following is the python script objc2_xrefs_helper_hopper.py. Loading the demo application’s executable file into Hopper Disassembler We load the executable mach-o file of the demo application into Hopper Disassembler, as shown below.įigure 2. The demo application can be downloaded from here. To verify the functionality of objc2_xrefs_helper_hopper.py, I wrote a simple Cocoa application. The relationship between these related data structures of class in Objective-C I have included a figure showing the relationship between these related data structures, as shown below.įigure 1. It’s important that we figure out the data structures of Class in low level in Objective-C, as well as the relationship between these data structures. Before rewriting the python script for Hopper, therefore, we need to walk through the codes in IDAPython script objc2_xrefs_helper.py and understand all the details. Unfortunately, this message sending mechanism causes problems when trying to follow cross-references for selectors in Hopper Disassembler. As mentioned in that article, the function call is implemented by the message sending mechanism in Objective-C. Some background regarding Objective-C can be found from here. I named this Hopper python script objc2_xrefs_helper_hopper.py. I rewrote the IDAPython script named objc2_xrefs_helper.py and developed a python script for the Hopper Disassembler.
0 kommentar(er)
