Skip to content

Instantly share code, notes, and snippets.

@riptl

riptl/xcoff64.pat

Created February 1, 2023 09:57
Show Gist options
  • Save riptl/3f28daa083edf18c9e88ee8589cdafd4 to your computer and use it in GitHub Desktop.
Save riptl/3f28daa083edf18c9e88ee8589cdafd4 to your computer and use it in GitHub Desktop.
Download ZIP
imHex pattern for XCOFF64
Raw
xcoff64.pat
#include <std/mem.pat>
#include <std/io.pat>
struct filehdr {
be u16 f_magic; /* Magic number */
be u16 f_nscns; /* Number of Sections */
be u32 f_timdat; /* Time & date stamp */
be u64 f_symptr; /* File pointer to Symbol Table */
be u16 f_opthdr; /* sizeof (Optional Header) */
be u16 f_flags; /* Flags */
be u32 f_nsyms; /* Number of Symbols */
};
struct opthdr {
be u16 magic;
be u16 vstamp;
be u32 o_debugger; /* Reserved for debugger */
be u64 text_start; /* Virtual address of text section */
be u64 data_start; /* Virtual address of data section */
be u64 o_toc;
be u16 o_snentry; /* Section number of entry point */
be u16 o_sntext; /* Section number of text section */
be u16 o_sndata; /* Section number of data section */
be u16 o_sntoc; /* Section number of TOC */
be u16 o_snloader; /* Section number of loader section */
be u16 o_snbss; /* Section number of bss section */
be u16 o_algntext; /* Section alignment (2^n) of text section */
be u16 o_algndata; /* Section alignment (2^n) of data section */
be u8 o_modtype[2]; /* Module type */
be u8 o_cpuflag;
be u8 o_cputype;
be u8 o_textpsize; /* Text page size */
be u8 o_datapsize; /* Data page size */
be u8 o_stackpsize; /* Stack page size */
be u8 o_flags;
be u64 tsize; /* Size of text section */
be u64 dsize; /* Size of data section */
be u64 bsize; /* Size of bss section */
be u64 entry; /* Entry point */
be u64 o_maxstack; /* Maximum stack size */
be u64 o_maxdata; /* Maximum data size */
be u16 o_sntdata; /* Section number of tdata section */
be u16 o_sntbss; /* Section number of tbss section */
be u16 o_x64flags; /* 64-bit object flags */
be u16 o_resv3a; /* Reserved */
be u32 o_resv3[2]; /* Reserved */
};
struct scn_hdr {
be char s_name[8]; /* Section name */
be u64 s_paddr; /* Physical address */
be u64 s_vaddr; /* Virtual address */
be u64 s_size; /* Section Size in Bytes */
be u64 s_scnptr; /* File offset to the Section data */
be u64 s_relptr; /* File offset to the Relocation table for this Section */
be u64 s_lnnoptr; /* File offset to the Line Number table for this Section */
be u32 s_nreloc; /* Number of relocation entries */
be u32 s_nlnno; /* Number of line number entries */
be u32 s_flags; /* Flags for this section */
be u32 pad_0x44;
char data[s_size] @ s_scnptr;
};
struct hdr {
filehdr hdr;
opthdr opthdr;
scn_hdr scn[ hdr.f_nscns ];
};
hdr hdr @ 0x00;
u64 name_tbl = hdr.hdr.f_symptr + ((hdr.hdr.f_nsyms)*18);
struct aux_csect {
be u32 x_scnlen_lo;
be u32 x_parmhash;
be u16 x_snhash;
be u8 x_smtyp;
be u8 x_smclas;
be s32 x_scnlen_hi;
};
struct aux_file_s {
be s32 x_zeroes;
be s32 x_offset;
padding[6];
u8 x_ftype;
};
union aux_file {
char x_fname[14];
aux_file_s x_;
};
struct aux_sym {
be s32 x_lnno;
};
struct aux_fcn {
be u64 x_lnnoptr;
be u32 x_fsize;
be u32 x_endndx;
u8 x_pad;
};
struct auxent {
padding[17];
u8 type;
if (type==251) aux_csect @ $-18;
if (type==252) aux_file @ $-18;
if (type==253) aux_sym @ $-18;
if (type==254) aux_fcn @ $-18;
};
struct symbol {
be u64 n_value; /* Value of Symbol */
be u32 n_offset;
if (name_tbl + n_offset < std::mem::size()) {
char name[] @ name_tbl + n_offset;
}
be u16 n_scnum; /* Section Number */
be u16 n_type; /* Symbol Type */
be u8 n_sclass; /* Storage Class */
be u8 n_numaux; /* Auxiliary Count */
auxent aux[n_numaux];
};
symbol syms[while((($-hdr.hdr.f_symptr)/18) < hdr.hdr.f_nsyms)] @ hdr.hdr.f_symptr;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment