-
-
Save bb33bb/2a458d489c338ba5de2d74a37dc06eca to your computer and use it in GitHub Desktop.
Apple Silicon kernels
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <fcntl.h> | |
| #include <stdio.h> | |
| #include <sys/mman.h> | |
| #include <sys/stat.h> | |
| #include <mach-o/loader.h> | |
| #include <mach-o/nlist.h> | |
| int main(int argc, const char **argv) | |
| { | |
| if(argc != 2) | |
| { | |
| fprintf(stderr, "Usage: %s file\n", argv[0]); | |
| return -1; | |
| } | |
| int fd = open(argv[1], O_RDONLY); | |
| if(fd < 0) perror("open"); | |
| struct stat s; | |
| int r = fstat(fd, &s); | |
| if(r != 0) perror("fstat"); | |
| void *file = mmap(NULL, s.st_size, PROT_READ, MAP_FILE | MAP_PRIVATE, fd, 0); | |
| if(file == MAP_FAILED) perror("mmap"); | |
| struct mach_header_64 *mh = file; | |
| if(mh->filetype != 0xc) | |
| { | |
| fprintf(stderr, "Not an Apple Silicon kernel\n"); | |
| return -1; | |
| } | |
| for(struct load_command *lc = (struct load_command*)(mh + 1), *max = (struct load_command*)((uintptr_t)lc + mh->sizeofcmds); lc < max; lc = (struct load_command*)((uintptr_t)lc + lc->cmdsize)) | |
| { | |
| if(lc->cmd == 0x80000035) | |
| { | |
| struct | |
| { | |
| uint32_t cmd; | |
| uint32_t cmdsize; | |
| uint64_t addr; | |
| uint64_t off; | |
| uint32_t name; | |
| } *ent = (void*)lc; | |
| const char *name = (const char*)((uintptr_t)ent + ent->name); | |
| printf("\e[1;96m%s\e[0m\n", name); | |
| struct mach_header_64 *hdr = (struct mach_header_64*)((uintptr_t)file + ent->off); | |
| for(struct load_command *cmd = (struct load_command*)(hdr + 1), *end = (struct load_command*)((uintptr_t)cmd + hdr->sizeofcmds); cmd < end; cmd = (struct load_command*)((uintptr_t)cmd + cmd->cmdsize)) | |
| { | |
| if(cmd->cmd == LC_SYMTAB) | |
| { | |
| struct symtab_command *stab = (struct symtab_command*)cmd; | |
| struct nlist_64 *symtab = (struct nlist_64*)((uintptr_t)file + stab->symoff); | |
| const char *strtab = (const char*)((uintptr_t)file + stab->stroff); | |
| for(uint32_t i = 0; i < stab->nsyms; ++i) | |
| { | |
| if((symtab[i].n_type & 0xe) == 0xe) | |
| { | |
| printf("0x%016llx %s\n", symtab[i].n_value, &strtab[symtab[i].n_un.n_strx]); | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment