copumpkin · April 23, 2009 07:19
diff --git a/gistfile1.h b/gistfile1.h
 /*
 kernelcache.idc, by pumpkin with contributions from roxfan
 Copyright (C) 2008 pumpkin

 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
 the Free Software Foundation, either version 3 of the License, or
 (at your option) any later version.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.

 You should have received a copy of the GNU General Public License
 along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

 #include <idc.idc>

 static makestructs() {
 	auto id;

 	id = AddStrucEx(-1,"mach_header",0);
 	AddStrucMember(id,"magic",	0X0,	0x20000400,	-1,	4);
 	AddStrucMember(id,"cputype",	0X4,	0x20000400,	-1,	4);
 	AddStrucMember(id,"cpusubtype",	0X8,	0x20000400,	-1,	4);
 	AddStrucMember(id,"filetype",	0XC,	0x20000400,	-1,	4);
 	AddStrucMember(id,"ncmds",	0X10,	0x20000400,	-1,	4);
 	AddStrucMember(id,"sizeofcmds",	0X14,	0x20000400,	-1,	4);
 	AddStrucMember(id,"flags",	0X18,	0x20000400,	-1,	4);

 	id = AddStrucEx(-1,"segment_command",0);
 	AddStrucMember(id,"cmd",	0X0,	0x20000400,	-1,	4);
 	AddStrucMember(id,"cmdsize",	0X4,	0x20000400,	-1,	4);
 	AddStrucMember(id,"segname",	0X8,	0x50000400,	0x0,	16);
 	AddStrucMember(id,"vmaddr",	0X18,	0x20500400,	0XFFFFFFFF,	4);
 	AddStrucMember(id,"vmsize",	0X1C,	0x20000400,	-1,	4);
 	AddStrucMember(id,"fileoff",	0X20,	0x20000400,	-1,	4);
 	AddStrucMember(id,"filesize",	0X24,	0x20000400,	-1,	4);
 	AddStrucMember(id,"maxprot",	0X28,	0x20000400,	-1,	4);
 	AddStrucMember(id,"initprot",	0X2C,	0x20000400,	-1,	4);
 	AddStrucMember(id,"nsects",	0X30,	0x20000400,	-1,	4);
 	AddStrucMember(id,"flags",	0X34,	0x20000400,	-1,	4);

 	id = AddStrucEx(-1, "section", 0);
 	AddStrucMember(id,"sectname",	0X0,	0x50000400,	0x0,	16);
 	AddStrucMember(id,"segname",	0X10,	0x50000400,	0x0,	16);
 	AddStrucMember(id,"addr",	0X20,	0x20500400,	0XFFFFFFFF,	4);
 	AddStrucMember(id,"size",	0X24,	0x20000400,	-1,	4);
 	AddStrucMember(id,"offset",	0X28,	0x20000400,	-1,	4);
 	AddStrucMember(id,"align",	0X2C,	0x20000400,	-1,	4);
 	AddStrucMember(id,"reloff",	0X30,	0x20000400,	-1,	4);
 	AddStrucMember(id,"nreloc",	0X34,	0x20000400,	-1,	4);
 	AddStrucMember(id,"flags",	0X38,	0x20000400,	-1,	4);
 	AddStrucMember(id,"reserved1",	0X3C,	0x20000400,	-1,	4);
 	AddStrucMember(id,"reserved2",	0X40,	0x20000400,	-1,	4);

 	id = AddStrucEx(-1, "symtab_command", 0);
 	AddStrucMember(id,"cmd",	0X0,	0x20000400,	-1,	4);
 	AddStrucMember(id,"cmdsize",	0X4,	0x20000400,	-1,	4);
 	AddStrucMember(id,"symoff",	0X8,	0x20000400,	-1,	4);
 	AddStrucMember(id,"nsyms",	0XC,	0x20000400,	-1,	4);
 	AddStrucMember(id,"stroff",	0X10,	0x20000400,	-1,	4);
 	AddStrucMember(id,"strsize",	0X14,	0x20000400,	-1,	4);


 	id = AddStrucEx(-1,"uuid_command",0);
 	AddStrucMember(id,"cmd",	0X0,	0x20000400,	-1,	4);
 	AddStrucMember(id,"cmdsize",	0X4,	0x20000400,	-1,	4);
 	AddStrucMember(id,"uuid",	0X8,	0x000400,	-1,	16);

 	id = AddStrucEx(-1,"prelink_info",0);
 	AddStrucMember(id,"field_0",	0X0,	0x20000400,	-1,	4);
 	AddStrucMember(id,"field_4",	0X4,	0x20000400,	-1,	4);
 	AddStrucMember(id,"offset",	0X8,	0x20500400,	0X0,	4);
 	AddStrucMember(id,"identifier",	0XC,	0x50000400,	0x0,	64);
 	AddStrucMember(id,"version",	0X4C,	0x50000400,	0x0,	64);
 	AddStrucMember(id,"field_8C",	0X8C,	0x20000400,	-1,	4);
 	AddStrucMember(id,"field_90",	0X90,	0x20000400,	-1,	4);
 	AddStrucMember(id,"macho_start",	0X94,	0x20500400,	0X0,	4);
 	AddStrucMember(id,"field_98",	0X98,	0x20000400,	-1,	4);
 	AddStrucMember(id,"field_9C",	0X9C,	0x20000400,	-1,	4);
 	AddStrucMember(id,"initializer",	0XA0,	0x20500400,	0X0,	4);
 	AddStrucMember(id,"finalizer",	0XA4,	0x20500400,	0X0,	4);

 	
 }

 static mkcode(addr) {
 	if (addr & 1 == 1) {
 		SetReg(addr - 1, "T", 1);
 		MakeCode(addr - 1);
 		MakeFunction(addr - 1, BADADDR);
 	} else {
 		SetReg(addr, "T", 0);
 		MakeCode(addr);
 		MakeFunction(addr, BADADDR);
 	}
 }

 static process_macho(addr) {
 	auto i, j, k;
 	auto lc_cur, lc_count;

 	auto cur_seg_text_start, cur_seg_text_end;
 	auto cur_sec_name, cur_sec_addr, cur_sec_size;

 	MakeStructEx(addr, -1, "mach_header");

 	lc_count = Dword(addr + GetMemberOffset(GetStrucIdByName("mach_header"), "ncmds"));
 	lc_cur = addr + GetStrucSize(GetStrucIdByName("mach_header"));

 	for (i = 0; i < lc_count; i++) {
 		if(Dword(lc_cur) == 1) {
 			MakeStructEx(lc_cur, -1, "segment_command");

 			for (j = 0; j < Dword(lc_cur + GetMemberOffset(GetStrucIdByName("segment_command"), "nsects")); j++) {
 				MakeStructEx(lc_cur + GetStrucSize(GetStrucIdByName("segment_command")) + (GetStrucSize(GetStrucIdByName("section")) * j), -1, "section");
 				
 				cur_sec_name = GetString(lc_cur + GetStrucSize(GetStrucIdByName("segment_command")) + (GetStrucSize(GetStrucIdByName("section")) * j) + GetMemberOffset(GetStrucIdByName("section"), "sectname"), -1, ASCSTR_C); 
 				cur_sec_addr = Dword(lc_cur + GetStrucSize(GetStrucIdByName("segment_command")) + (GetStrucSize(GetStrucIdByName("section")) * j) + GetMemberOffset(GetStrucIdByName("section"), "addr")); 
 				cur_sec_size = Dword(lc_cur + GetStrucSize(GetStrucIdByName("segment_command")) + (GetStrucSize(GetStrucIdByName("section")) * j) + GetMemberOffset(GetStrucIdByName("section"), "size")); 
 					
 				
 				if (cur_sec_name == "__text") {
 					cur_seg_text_start = cur_sec_addr;
 					cur_seg_text_end = cur_sec_addr + cur_sec_size;
 				} else if (cur_sec_name == "__const") {
 					// This is where vtables live... I'm assuming that any dword in here that's in the text section is code
 					for (k = 0; k < cur_sec_size; k = k + 4) {
 						MakeDword(cur_sec_addr + k);
 							
 						if (Dword(cur_sec_addr + k) >= cur_seg_text_start && Dword(cur_sec_addr + k) < cur_seg_text_end) {
 							mkcode(Dword(cur_sec_addr + k));
 						}
 					}

 				} else if (cur_sec_name == "__constructor" || cur_sec_name == "__destructor") {
 					for (k = 0; k < cur_sec_size; k = k + 4) {
 						MakeDword(cur_sec_addr + k);
 						mkcode(Dword(cur_sec_addr + k));
 					}
 				}
 			}
 		} else if (Dword(lc_cur) == 2) {
 			// Check if symtab has any entries
 			MakeStructEx(lc_cur, -1, "symtab_command");
 		} else if (Dword(lc_cur) == 0x1b) {
 			// Totally useless
 			MakeStructEx(lc_cur, -1, "uuid_command");			
 		}
 		lc_cur = lc_cur + Dword(lc_cur + 4);
 	}

 	// wait for autoanalysis of above to complete
 	Wait();
 	

 	// now go through the text section of this mach-o and codeify it as best we can (currently broken in that unexpected thumb code will throw it off)
 	/*
 	i = cur_seg_text_start;
 	while (i < cur_seg_text_end) {
 		Message("i = %x\n", i);
 		if (isUnknown(GetFlags(i))) {
 			mkcode(i);
 		} else if (isCode(GetFlags(i))) {
 			if (strlen(GetFunctionName(i)) > 0) {
 				i = GetFchunkAttr(i, FUNCATTR_END);
 			} else {
 				MakeFunction(i, BADADDR);
 				Wait();
 				if (strlen(GetFunctionName(i)) > 0) {
 					i = GetFchunkAttr(i, FUNCATTR_END);
 				}
 			}
 		} else if (isData(GetFlags(i))) {
 			i = i + ItemSize(i);
 		}
 	}
 	*/

 }

 static main()
 {
 	auto macho_start;

 	auto info_xml, info_xml_rest;

 	auto current_pos, stop;

 	auto extension_identifier;

 	auto base64_chars;

 	auto string_offset, base64_data_start, base64_data_end, base64_data;

 	auto i, j, k;

 	auto cur_char, first_three, second_three, info_offset;

 	auto initializer, finalizer;

 	makestructs();

 	base64_chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";

 	macho_start = GetMemberOffset(GetStrucIdByName("prelink_info"), "macho_start");

 	info_xml = GetString(SegByBase(SegByName("__info")), -1, ASCSTR_C);

 	current_pos = 0;

 	while (1) {
 		string_offset = strstr(info_xml, "OSBundlePrelink</key><data>");
 		base64_data_start = string_offset + strlen("OSBundlePrelink</key><data>");
 		info_xml_rest = substr(info_xml, base64_data_start, -1);
 		base64_data_end = strstr(info_xml_rest, "</data>");

 		base64_data = substr(info_xml_rest, 0, base64_data_end);

 		// Dumb criterion, should probably just fix the parsing instead of relying on this shit
 		if (base64_data_end == -1 || substr(base64_data, 0, 1) != "w") {
 			break;
 		}

 		info_xml = info_xml_rest;

 		first_three = 0;
 		second_three = 0;

 		// Super lame base64
 		for (i = 0; i < 4; i++) {
 			cur_char = strstr(base64_chars, substr(base64_data, i, i + 1));

 			first_three = first_three | (cur_char << (6 * (3 - i)));
 		}

 		for (i = 4; i < 8; i++) {
 			cur_char = strstr(base64_chars, substr(base64_data, i, i + 1));

 			second_three = second_three | (cur_char << (6 * (3 - (i - 4))));
 		}		
 		
 		info_offset = (first_three << 8) | (second_three >> 16);

 		Message("Processing %s\n", GetString(info_offset + GetMemberOffset(GetStrucIdByName("prelink_info"), "identifier"), -1, ASCSTR_C));

 		SegCreate(Dword(info_offset + macho_start), Dword(info_offset + macho_start) + Dword(info_offset + macho_start + 4), 0, 1, saRelDble, scCommon); 
 		SegRename(Dword(info_offset + macho_start), substr(GetString(info_offset + GetMemberOffset(GetStrucIdByName("prelink_info"), "identifier"), -1, ASCSTR_C), 10, -1));	

 		MakeStructEx(info_offset, -1, "prelink_info");

 		initializer = Dword(info_offset + GetMemberOffset(GetStrucIdByName("prelink_info"), "initializer"));
 		finalizer = Dword(info_offset + GetMemberOffset(GetStrucIdByName("prelink_info"), "finalizer"));

 		mkcode(initializer);
 		mkcode(finalizer);
 		
 		for (i = 0; i < Dword(info_offset + macho_start + 4); i = i + 4) {
 			if (Dword(Dword(info_offset + macho_start) + i) == 0xFEEDFACE) {
 				Message("found Mach-O header at %#x\n", Dword(info_offset + macho_start) + i);
 				process_macho(Dword(info_offset + macho_start) + i);
 			}
 		}
 		
 	}
 }
	/*
	kernelcache.idc, by pumpkin with contributions from roxfan
	Copyright (C) 2008 pumpkin

	This program is free software: you can redistribute it and/or modify
	it under the terms of the GNU General Public License as published by
	the Free Software Foundation, either version 3 of the License, or
	(at your option) any later version.

	This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	GNU General Public License for more details.

	You should have received a copy of the GNU General Public License
	along with this program. If not, see <http://www.gnu.org/licenses/>.
	*/

	#include <idc.idc>

	static makestructs() {
	auto id;

	id = AddStrucEx(-1,"mach_header",0);
	AddStrucMember(id,"magic", 0X0, 0x20000400, -1, 4);
	AddStrucMember(id,"cputype", 0X4, 0x20000400, -1, 4);
	AddStrucMember(id,"cpusubtype", 0X8, 0x20000400, -1, 4);
	AddStrucMember(id,"filetype", 0XC, 0x20000400, -1, 4);
	AddStrucMember(id,"ncmds", 0X10, 0x20000400, -1, 4);
	AddStrucMember(id,"sizeofcmds", 0X14, 0x20000400, -1, 4);
	AddStrucMember(id,"flags", 0X18, 0x20000400, -1, 4);

	id = AddStrucEx(-1,"segment_command",0);
	AddStrucMember(id,"cmd", 0X0, 0x20000400, -1, 4);
	AddStrucMember(id,"cmdsize", 0X4, 0x20000400, -1, 4);
	AddStrucMember(id,"segname", 0X8, 0x50000400, 0x0, 16);
	AddStrucMember(id,"vmaddr", 0X18, 0x20500400, 0XFFFFFFFF, 4);
	AddStrucMember(id,"vmsize", 0X1C, 0x20000400, -1, 4);
	AddStrucMember(id,"fileoff", 0X20, 0x20000400, -1, 4);
	AddStrucMember(id,"filesize", 0X24, 0x20000400, -1, 4);
	AddStrucMember(id,"maxprot", 0X28, 0x20000400, -1, 4);
	AddStrucMember(id,"initprot", 0X2C, 0x20000400, -1, 4);
	AddStrucMember(id,"nsects", 0X30, 0x20000400, -1, 4);
	AddStrucMember(id,"flags", 0X34, 0x20000400, -1, 4);

	id = AddStrucEx(-1, "section", 0);
	AddStrucMember(id,"sectname", 0X0, 0x50000400, 0x0, 16);
	AddStrucMember(id,"segname", 0X10, 0x50000400, 0x0, 16);
	AddStrucMember(id,"addr", 0X20, 0x20500400, 0XFFFFFFFF, 4);
	AddStrucMember(id,"size", 0X24, 0x20000400, -1, 4);
	AddStrucMember(id,"offset", 0X28, 0x20000400, -1, 4);
	AddStrucMember(id,"align", 0X2C, 0x20000400, -1, 4);
	AddStrucMember(id,"reloff", 0X30, 0x20000400, -1, 4);
	AddStrucMember(id,"nreloc", 0X34, 0x20000400, -1, 4);
	AddStrucMember(id,"flags", 0X38, 0x20000400, -1, 4);
	AddStrucMember(id,"reserved1", 0X3C, 0x20000400, -1, 4);
	AddStrucMember(id,"reserved2", 0X40, 0x20000400, -1, 4);

	id = AddStrucEx(-1, "symtab_command", 0);
	AddStrucMember(id,"cmd", 0X0, 0x20000400, -1, 4);
	AddStrucMember(id,"cmdsize", 0X4, 0x20000400, -1, 4);
	AddStrucMember(id,"symoff", 0X8, 0x20000400, -1, 4);
	AddStrucMember(id,"nsyms", 0XC, 0x20000400, -1, 4);
	AddStrucMember(id,"stroff", 0X10, 0x20000400, -1, 4);
	AddStrucMember(id,"strsize", 0X14, 0x20000400, -1, 4);


	id = AddStrucEx(-1,"uuid_command",0);
	AddStrucMember(id,"cmd", 0X0, 0x20000400, -1, 4);
	AddStrucMember(id,"cmdsize", 0X4, 0x20000400, -1, 4);
	AddStrucMember(id,"uuid", 0X8, 0x000400, -1, 16);

	id = AddStrucEx(-1,"prelink_info",0);
	AddStrucMember(id,"field_0", 0X0, 0x20000400, -1, 4);
	AddStrucMember(id,"field_4", 0X4, 0x20000400, -1, 4);
	AddStrucMember(id,"offset", 0X8, 0x20500400, 0X0, 4);
	AddStrucMember(id,"identifier", 0XC, 0x50000400, 0x0, 64);
	AddStrucMember(id,"version", 0X4C, 0x50000400, 0x0, 64);
	AddStrucMember(id,"field_8C", 0X8C, 0x20000400, -1, 4);
	AddStrucMember(id,"field_90", 0X90, 0x20000400, -1, 4);
	AddStrucMember(id,"macho_start", 0X94, 0x20500400, 0X0, 4);
	AddStrucMember(id,"field_98", 0X98, 0x20000400, -1, 4);
	AddStrucMember(id,"field_9C", 0X9C, 0x20000400, -1, 4);
	AddStrucMember(id,"initializer", 0XA0, 0x20500400, 0X0, 4);
	AddStrucMember(id,"finalizer", 0XA4, 0x20500400, 0X0, 4);


	}

	static mkcode(addr) {
	if (addr & 1 == 1) {
	SetReg(addr - 1, "T", 1);
	MakeCode(addr - 1);
	MakeFunction(addr - 1, BADADDR);
	} else {
	SetReg(addr, "T", 0);
	MakeCode(addr);
	MakeFunction(addr, BADADDR);
	}
	}

	static process_macho(addr) {
	auto i, j, k;
	auto lc_cur, lc_count;

	auto cur_seg_text_start, cur_seg_text_end;
	auto cur_sec_name, cur_sec_addr, cur_sec_size;

	MakeStructEx(addr, -1, "mach_header");

	lc_count = Dword(addr + GetMemberOffset(GetStrucIdByName("mach_header"), "ncmds"));
	lc_cur = addr + GetStrucSize(GetStrucIdByName("mach_header"));

	for (i = 0; i < lc_count; i++) {
	if(Dword(lc_cur) == 1) {
	MakeStructEx(lc_cur, -1, "segment_command");

	for (j = 0; j < Dword(lc_cur + GetMemberOffset(GetStrucIdByName("segment_command"), "nsects")); j++) {
	MakeStructEx(lc_cur + GetStrucSize(GetStrucIdByName("segment_command")) + (GetStrucSize(GetStrucIdByName("section")) * j), -1, "section");

	cur_sec_name = GetString(lc_cur + GetStrucSize(GetStrucIdByName("segment_command")) + (GetStrucSize(GetStrucIdByName("section")) * j) + GetMemberOffset(GetStrucIdByName("section"), "sectname"), -1, ASCSTR_C);
	cur_sec_addr = Dword(lc_cur + GetStrucSize(GetStrucIdByName("segment_command")) + (GetStrucSize(GetStrucIdByName("section")) * j) + GetMemberOffset(GetStrucIdByName("section"), "addr"));
	cur_sec_size = Dword(lc_cur + GetStrucSize(GetStrucIdByName("segment_command")) + (GetStrucSize(GetStrucIdByName("section")) * j) + GetMemberOffset(GetStrucIdByName("section"), "size"));


	if (cur_sec_name == "__text") {
	cur_seg_text_start = cur_sec_addr;
	cur_seg_text_end = cur_sec_addr + cur_sec_size;
	} else if (cur_sec_name == "__const") {
	// This is where vtables live... I'm assuming that any dword in here that's in the text section is code
	for (k = 0; k < cur_sec_size; k = k + 4) {
	MakeDword(cur_sec_addr + k);

	if (Dword(cur_sec_addr + k) >= cur_seg_text_start && Dword(cur_sec_addr + k) < cur_seg_text_end) {
	mkcode(Dword(cur_sec_addr + k));
	}
	}

	} else if (cur_sec_name == "__constructor" \|\| cur_sec_name == "__destructor") {
	for (k = 0; k < cur_sec_size; k = k + 4) {
	MakeDword(cur_sec_addr + k);
	mkcode(Dword(cur_sec_addr + k));
	}
	}
	}
	} else if (Dword(lc_cur) == 2) {
	// Check if symtab has any entries
	MakeStructEx(lc_cur, -1, "symtab_command");
	} else if (Dword(lc_cur) == 0x1b) {
	// Totally useless
	MakeStructEx(lc_cur, -1, "uuid_command");
	}
	lc_cur = lc_cur + Dword(lc_cur + 4);
	}

	// wait for autoanalysis of above to complete
	Wait();


	// now go through the text section of this mach-o and codeify it as best we can (currently broken in that unexpected thumb code will throw it off)
	/*
	i = cur_seg_text_start;
	while (i < cur_seg_text_end) {
	Message("i = %x\n", i);
	if (isUnknown(GetFlags(i))) {
	mkcode(i);
	} else if (isCode(GetFlags(i))) {
	if (strlen(GetFunctionName(i)) > 0) {
	i = GetFchunkAttr(i, FUNCATTR_END);
	} else {
	MakeFunction(i, BADADDR);
	Wait();
	if (strlen(GetFunctionName(i)) > 0) {
	i = GetFchunkAttr(i, FUNCATTR_END);
	}
	}
	} else if (isData(GetFlags(i))) {
	i = i + ItemSize(i);
	}
	}
	*/

	}

	static main()
	{
	auto macho_start;

	auto info_xml, info_xml_rest;

	auto current_pos, stop;

	auto extension_identifier;

	auto base64_chars;

	auto string_offset, base64_data_start, base64_data_end, base64_data;

	auto i, j, k;

	auto cur_char, first_three, second_three, info_offset;

	auto initializer, finalizer;

	makestructs();

	base64_chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";

	macho_start = GetMemberOffset(GetStrucIdByName("prelink_info"), "macho_start");

	info_xml = GetString(SegByBase(SegByName("__info")), -1, ASCSTR_C);

	current_pos = 0;

	while (1) {
	string_offset = strstr(info_xml, "OSBundlePrelink</key><data>");
	base64_data_start = string_offset + strlen("OSBundlePrelink</key><data>");
	info_xml_rest = substr(info_xml, base64_data_start, -1);
	base64_data_end = strstr(info_xml_rest, "</data>");

	base64_data = substr(info_xml_rest, 0, base64_data_end);

	// Dumb criterion, should probably just fix the parsing instead of relying on this shit
	if (base64_data_end == -1 \|\| substr(base64_data, 0, 1) != "w") {
	break;
	}

	info_xml = info_xml_rest;

	first_three = 0;
	second_three = 0;

	// Super lame base64
	for (i = 0; i < 4; i++) {
	cur_char = strstr(base64_chars, substr(base64_data, i, i + 1));

	first_three = first_three \| (cur_char << (6 * (3 - i)));
	}

	for (i = 4; i < 8; i++) {
	cur_char = strstr(base64_chars, substr(base64_data, i, i + 1));

	second_three = second_three \| (cur_char << (6 * (3 - (i - 4))));
	}

	info_offset = (first_three << 8) \| (second_three >> 16);

	Message("Processing %s\n", GetString(info_offset + GetMemberOffset(GetStrucIdByName("prelink_info"), "identifier"), -1, ASCSTR_C));

	SegCreate(Dword(info_offset + macho_start), Dword(info_offset + macho_start) + Dword(info_offset + macho_start + 4), 0, 1, saRelDble, scCommon);
	SegRename(Dword(info_offset + macho_start), substr(GetString(info_offset + GetMemberOffset(GetStrucIdByName("prelink_info"), "identifier"), -1, ASCSTR_C), 10, -1));

	MakeStructEx(info_offset, -1, "prelink_info");

	initializer = Dword(info_offset + GetMemberOffset(GetStrucIdByName("prelink_info"), "initializer"));
	finalizer = Dword(info_offset + GetMemberOffset(GetStrucIdByName("prelink_info"), "finalizer"));

	mkcode(initializer);
	mkcode(finalizer);

	for (i = 0; i < Dword(info_offset + macho_start + 4); i = i + 4) {
	if (Dword(Dword(info_offset + macho_start) + i) == 0xFEEDFACE) {
	Message("found Mach-O header at %#x\n", Dword(info_offset + macho_start) + i);
	process_macho(Dword(info_offset + macho_start) + i);
	}
	}

	}
	}