/* * Copyright (c) 1999-2010 Apple Inc. All Rights Reserved. * * @APPLE_LICENSE_HEADER_START@ * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this * file. * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. * * @APPLE_LICENSE_HEADER_END@ */ #ifndef _MACHO_LOADER_H_ #define _MACHO_LOADER_H_ /* * This file describes the format of mach object files. */ //#include /* * is needed here for the cpu_type_t and cpu_subtype_t types * and contains the constants for the possible values of these types. */ //#include /* * is needed here for the vm_prot_t type and contains the * constants that are or'ed together for the possible values of this type. */ //#include /* * is expected to define the flavors of the thread * states and the structures of those flavors for each machine. */ //#include //#include /* * The 32-bit mach header appears at the very beginning of the object file for * 32-bit architectures. */ struct mach_header { uint32_t magic; /* mach magic number identifier */ cpu_type_t cputype; /* cpu specifier */ cpu_subtype_t cpusubtype; /* machine specifier */ uint32_t filetype; /* type of file */ uint32_t ncmds; /* number of load commands */ uint32_t sizeofcmds; /* the size of all the load commands */ uint32_t flags; /* flags */ }; /* Constant for the magic field of the mach_header (32-bit architectures) */ #define MH_MAGIC 0xfeedface /* the mach magic number */ #define MH_CIGAM 0xcefaedfe /* NXSwapInt(MH_MAGIC) */ /* * The 64-bit mach header appears at the very beginning of object files for * 64-bit architectures. */ //CFFAEDFE 07000001 03000000 02000000 12000000 D00F0000 01002000 00000000 //19000000 88010000 //5F5F5445 58540000 00000000 00000000 //00002000 80FFFFFF struct mach_header_64 { uint32_t magic; // mach magic number identifier = 0xFEEDFACF cpu_type_t cputype; // cpu specifier UINT32 = 0x01000007 cpu_subtype_t cpusubtype; // machine specifier = 0x03 uint32_t filetype; // type of file = 0x02 MH_EXECUTE uint32_t ncmds; // number of load commands = 0x12 uint32_t sizeofcmds; // the size of all the load commands = 0x0FD0 uint32_t flags; // flags = 0x 0020 0001 (MH_NOUNDEFS | MH_PIE) uint32_t reserved; // reserved }; /* Constant for the magic field of the mach_header_64 (64-bit architectures) */ #define MH_MAGIC_64 0xfeedfacf /* the 64-bit mach magic number */ #define MH_CIGAM_64 0xcffaedfe /* NXSwapInt(MH_MAGIC_64) */ /* * The layout of the file depends on the filetype. For all but the MH_OBJECT * file type the segments are padded out and aligned on a segment alignment * boundary for efficient demand pageing. The MH_EXECUTE, MH_FVMLIB, MH_DYLIB, * MH_DYLINKER and MH_BUNDLE file types also have the headers included as part * of their first segment. * * The file type MH_OBJECT is a compact format intended as output of the * assembler and input (and possibly output) of the link editor (the .o * format). All sections are in one unnamed segment with no segment padding. * This format is used as an executable format when the file is so small the * segment padding greatly increases its size. * * The file type MH_PRELOAD is an executable format intended for things that * are not executed under the kernel (proms, stand alones, kernels, etc). The * format can be executed under the kernel but may demand paged it and not * preload it before execution. * * A core file is in MH_CORE format and can be any in an arbritray legal * Mach-O file. * * Constants for the filetype field of the mach_header */ #define MH_OBJECT 0x1 /* relocatable object file */ #define MH_EXECUTE 0x2 /* demand paged executable file */ #define MH_FVMLIB 0x3 /* fixed VM shared library file */ #define MH_CORE 0x4 /* core file */ #define MH_PRELOAD 0x5 /* preloaded executable file */ #define MH_DYLIB 0x6 /* dynamically bound shared library */ #define MH_DYLINKER 0x7 /* dynamic link editor */ #define MH_BUNDLE 0x8 /* dynamically bound bundle file */ #define MH_DYLIB_STUB 0x9 /* shared library stub for static */ /* linking only, no section contents */ #define MH_DSYM 0xa /* companion file with only debug */ /* sections */ #define MH_KEXT_BUNDLE 0xb /* x86_64 kexts */ #define MH_KERNEL_COLLECTION 0xc //??? /* Constants for the flags field of the mach_header */ #define MH_NOUNDEFS 0x1 /* the object file has no undefined references */ #define MH_INCRLINK 0x2 /* the object file is the output of an incremental link against a base file and can't be link edited again */ #define MH_DYLDLINK 0x4 /* the object file is input for the dynamic linker and can't be staticly link edited again */ #define MH_BINDATLOAD 0x8 /* the object file's undefined references are bound by the dynamic linker when loaded. */ #define MH_PREBOUND 0x10 /* the file has its dynamic undefined references prebound. */ #define MH_SPLIT_SEGS 0x20 /* the file has its read-only and read-write segments split */ #define MH_LAZY_INIT 0x40 /* the shared library init routine is to be run lazily via catching memory faults to its writeable segments (obsolete) */ #define MH_TWOLEVEL 0x80 /* the image is using two-level name space bindings */ #define MH_FORCE_FLAT 0x100 /* the executable is forcing all images to use flat name space bindings */ #define MH_NOMULTIDEFS 0x200 /* this umbrella guarantees no multiple defintions of symbols in its sub-images so the two-level namespace hints can always be used. */ #define MH_NOFIXPREBINDING 0x400 /* do not have dyld notify the prebinding agent about this executable */ #define MH_PREBINDABLE 0x800 /* the binary is not prebound but can have its prebinding redone. only used when MH_PREBOUND is not set. */ #define MH_ALLMODSBOUND 0x1000 /* indicates that this binary binds to all two-level namespace modules of its dependent libraries. only used when MH_PREBINDABLE and MH_TWOLEVEL are both set. */ #define MH_SUBSECTIONS_VIA_SYMBOLS 0x2000/* safe to divide up the sections into sub-sections via symbols for dead code stripping */ #define MH_CANONICAL 0x4000 /* the binary has been canonicalized via the unprebind operation */ #define MH_WEAK_DEFINES 0x8000 /* the final linked image contains external weak symbols */ #define MH_BINDS_TO_WEAK 0x10000 /* the final linked image uses weak symbols */ #define MH_ALLOW_STACK_EXECUTION 0x20000/* When this bit is set, all stacks in the task will be given stack execution privilege. Only used in MH_EXECUTE filetypes. */ #define MH_ROOT_SAFE 0x40000 /* When this bit is set, the binary declares it is safe for use in processes with uid zero */ #define MH_SETUID_SAFE 0x80000 /* When this bit is set, the binary declares it is safe for use in processes when issetugid() is true */ #define MH_NO_REEXPORTED_DYLIBS 0x100000 /* When this bit is set on a dylib, the static linker does not need to examine dependent dylibs to see if any are re-exported */ #define MH_PIE 0x200000 /* When this bit is set, the OS will load the main executable at a random address. Only used in MH_EXECUTE filetypes. */ #define MH_DEAD_STRIPPABLE_DYLIB 0x400000 /* Only for use on dylibs. When linking against a dylib that has this bit set, the static linker will automatically not create a LC_LOAD_DYLIB load command to the dylib if no symbols are being referenced from the dylib. */ #define MH_HAS_TLV_DESCRIPTORS 0x800000 /* Contains a section of type S_THREAD_LOCAL_VARIABLES */ #define MH_NO_HEAP_EXECUTION 0x1000000 /* When this bit is set, the OS will run the main executable with a non-executable heap even on platforms (e.g. i386) that don't require it. Only used in MH_EXECUTE filetypes. */ /* * The load commands directly follow the mach_header. The total size of all * of the commands is given by the sizeofcmds field in the mach_header. All * load commands must have as their first two fields cmd and cmdsize. The cmd * field is filled in with a constant for that command type. Each command type * has a structure specifically for it. The cmdsize field is the size in bytes * of the particular load command structure plus anything that follows it that * is a part of the load command (i.e. section structures, strings, etc.). To * advance to the next load command the cmdsize can be added to the offset or * pointer of the current load command. The cmdsize for 32-bit architectures * MUST be a multiple of 4 bytes and for 64-bit architectures MUST be a multiple * of 8 bytes (these are forever the maximum alignment of any load commands). * The padded bytes must be zero. All tables in the object file must also * follow these rules so the file can be memory mapped. Otherwise the pointers * to these tables will not work well or at all on some machines. With all * padding zeroed like objects will compare byte for byte. */ struct load_command { uint32_t cmd; /* type of load command */ uint32_t cmdsize; /* total size of command in bytes */ }; /* * After MacOS X 10.1 when a new load command is added that is required to be * understood by the dynamic linker for the image to execute properly the * LC_REQ_DYLD bit will be or'ed into the load command constant. If the dynamic * linker sees such a load command it it does not understand will issue a * "unknown load command required for execution" error and refuse to use the * image. Other load commands without this bit that are not understood will * simply be ignored. */ #define LC_REQ_DYLD 0x80000000 /* Constants for the cmd field of all load commands, the type */ #define LC_SEGMENT 0x1 /* segment of this file to be mapped */ #define LC_SYMTAB 0x2 /* link-edit stab symbol table info */ #define LC_SYMSEG 0x3 /* link-edit gdb symbol table info (obsolete) */ #define LC_THREAD 0x4 /* thread */ #define LC_UNIXTHREAD 0x5 /* unix thread (includes a stack) */ #define LC_LOADFVMLIB 0x6 /* load a specified fixed VM shared library */ #define LC_IDFVMLIB 0x7 /* fixed VM shared library identification */ #define LC_IDENT 0x8 /* object identification info (obsolete) */ #define LC_FVMFILE 0x9 /* fixed VM file inclusion (internal use) */ #define LC_PREPAGE 0xa /* prepage command (internal use) */ #define LC_DYSYMTAB 0xb /* dynamic link-edit symbol table info */ #define LC_LOAD_DYLIB 0xc /* load a dynamically linked shared library */ #define LC_ID_DYLIB 0xd /* dynamically linked shared lib ident */ #define LC_LOAD_DYLINKER 0xe /* load a dynamic linker */ #define LC_ID_DYLINKER 0xf /* dynamic linker identification */ #define LC_PREBOUND_DYLIB 0x10 /* modules prebound for a dynamically */ /* linked shared library */ #define LC_ROUTINES 0x11 /* image routines */ #define LC_SUB_FRAMEWORK 0x12 /* sub framework */ #define LC_SUB_UMBRELLA 0x13 /* sub umbrella */ #define LC_SUB_CLIENT 0x14 /* sub client */ #define LC_SUB_LIBRARY 0x15 /* sub library */ #define LC_TWOLEVEL_HINTS 0x16 /* two-level namespace lookup hints */ #define LC_PREBIND_CKSUM 0x17 /* prebind checksum */ /* * load a dynamically linked shared library that is allowed to be missing * (all symbols are weak imported). */ #define LC_LOAD_WEAK_DYLIB (0x18 | LC_REQ_DYLD) #define LC_SEGMENT_64 0x19 /* 64-bit segment of this file to be mapped */ #define LC_ROUTINES_64 0x1a /* 64-bit image routines */ #define LC_UUID 0x1b /* the uuid */ #define LC_RPATH (0x1c | LC_REQ_DYLD) /* runpath additions */ #define LC_CODE_SIGNATURE 0x1d /* local of code signature */ #define LC_SEGMENT_SPLIT_INFO 0x1e /* local of info to split segments */ #define LC_REEXPORT_DYLIB (0x1f | LC_REQ_DYLD) /* load and re-export dylib */ #define LC_LAZY_LOAD_DYLIB 0x20 /* delay load of dylib until first use */ #define LC_ENCRYPTION_INFO 0x21 /* encrypted segment information */ #define LC_DYLD_INFO 0x22 /* compressed dyld information */ #define LC_DYLD_INFO_ONLY (0x22|LC_REQ_DYLD) /* compressed dyld information only */ #define LC_LOAD_UPWARD_DYLIB (0x23 | LC_REQ_DYLD) /* load upward dylib */ #define LC_VERSION_MIN_MACOSX 0x24 /* build for macOS min OS version */ #define LC_VERSION_MIN_IPHONEOS 0x25 /* build for iPhoneOS min OS version */ #define LC_FUNCTION_STARTS 0x26 /* compressed table of function start addresses */ #define LC_DYLD_ENVIRONMENT 0x27 /* string for dyld to treat like environment variable */ #define LC_MAIN (0x28|LC_REQ_DYLD) /* replacement for LC_UNIXTHREAD */ #define LC_DATA_IN_CODE 0x29 /* table of non-instructions in __text */ #define LC_SOURCE_VERSION 0x2A /* source version used to build binary */ #define LC_DYLIB_CODE_SIGN_DRS 0x2B /* Code signing DRs copied from linked dylibs */ #define LC_ENCRYPTION_INFO_64 0x2C /* 64-bit encrypted segment information */ #define LC_LINKER_OPTION 0x2D /* linker options in MH_OBJECT files */ #define LC_LINKER_OPTIMIZATION_HINT 0x2E /* optimization hints in MH_OBJECT files */ #define LC_VERSION_MIN_TVOS 0x2F /* build for AppleTV min OS version */ #define LC_VERSION_MIN_WATCHOS 0x30 /* build for Watch min OS version */ #define LC_NOTE 0x31 /* arbitrary data included within a Mach-O file */ #define LC_BUILD_VERSION 0x32 /* build for platform min OS version */ #define LC_DYLD_EXPORTS_TRIE (0x33 | LC_REQ_DYLD) /* used with linkedit_data_command, payload is trie */ #define LC_DYLD_CHAINED_FIXUPS (0x34 | LC_REQ_DYLD) /* used with linkedit_data_command */ #define LC_KEXT (0x35 | LC_REQ_DYLD) /* * A variable length string in a load command is represented by an lc_str * union. The strings are stored just after the load command structure and * the offset is from the start of the load command structure. The size * of the string is reflected in the cmdsize field of the load command. * Once again any padded bytes to bring the cmdsize field to a multiple * of 4 bytes must be zero. */ union lc_str { uint32_t offset; /* offset to the string */ #ifndef __LP64__ char *ptr; /* pointer to the string */ #endif }; typedef union lc_str lc_str; /* * The segment load command indicates that a part of this file is to be * mapped into the task's address space. The size of this segment in memory, * vmsize, maybe equal to or larger than the amount to map from this file, * filesize. The file is mapped starting at fileoff to the beginning of * the segment in memory, vmaddr. The rest of the memory of the segment, * if any, is allocated zero fill on demand. The segment's maximum virtual * memory protection and initial virtual memory protection are specified * by the maxprot and initprot fields. If the segment has sections then the * section structures directly follow the segment command and their size is * reflected in cmdsize. */ struct segment_command { /* for 32-bit architectures */ uint32_t cmd; /* LC_SEGMENT */ uint32_t cmdsize; /* includes sizeof section structs */ char segname[16]; /* segment name */ uint32_t vmaddr; /* memory address of this segment */ uint32_t vmsize; /* memory size of this segment */ uint32_t fileoff; /* file offset of this segment */ uint32_t filesize; /* amount to map from the file */ vm_prot_t maxprot; /* maximum VM protection */ vm_prot_t initprot; /* initial VM protection */ uint32_t nsects; /* number of sections in segment */ uint32_t flags; /* flags */ }; /* * The 64-bit segment load command indicates that a part of this file is to be * mapped into a 64-bit task's address space. If the 64-bit segment has * sections then section_64 structures directly follow the 64-bit segment * command and their size is reflected in cmdsize. */ struct segment_command_64 { /* for 64-bit architectures */ uint32_t cmd; /* LC_SEGMENT_64 */ uint32_t cmdsize; /* includes sizeof section_64 structs */ char segname[16]; /* segment name */ uint64_t vmaddr; /* memory address of this segment */ uint64_t vmsize; /* memory size of this segment */ uint64_t fileoff; /* file offset of this segment */ //0x28 uint64_t filesize; /* amount to map from the file */ //0x30 vm_prot_t maxprot; /* maximum VM protection */ //38 vm_prot_t initprot; /* initial VM protection */ //3c uint32_t nsects; /* number of sections in segment */ //40 uint32_t flags; /* flags */ //44 // struct section_64 sect[]; //0x48 if nsect > 0 len=nsects }; /* Constants for the flags field of the segment_command */ #define SG_HIGHVM 0x1 /* the file contents for this segment is for the high part of the VM space, the low part is zero filled (for stacks in core files) */ #define SG_FVMLIB 0x2 /* this segment is the VM that is allocated by a fixed VM library, for overlap checking in the link editor */ #define SG_NORELOC 0x4 /* this segment has nothing that was relocated in it and nothing relocated to it, that is it maybe safely replaced without relocation*/ #define SG_PROTECTED_VERSION_1 0x8 /* This segment is protected. If the segment starts at file offset 0, the first page of the segment is not protected. All other pages of the segment are protected. */ #define SG_READ_ONLY 0x10 /* This segment is made read-only after fixups */ /* * A segment is made up of zero or more sections. Non-MH_OBJECT files have * all of their segments with the proper sections in each, and padded to the * specified segment alignment when produced by the link editor. The first * segment of a MH_EXECUTE and MH_FVMLIB format file contains the mach_header * and load commands of the object file before its first section. The zero * fill sections are always last in their segment (in all formats). This * allows the zeroed segment padding to be mapped into memory where zero fill * sections might be. The gigabyte zero fill sections, those with the section * type S_GB_ZEROFILL, can only be in a segment with sections of this type. * These segments are then placed after all other segments. * * The MH_OBJECT format has all of its sections in one segment for * compactness. There is no padding to a specified segment boundary and the * mach_header and load commands are not part of the segment. * * Sections with the same section name, sectname, going into the same segment, * segname, are combined by the link editor. The resulting section is aligned * to the maximum alignment of the combined sections and is the new section's * alignment. The combined sections are aligned to their original alignment in * the combined section. Any padded bytes to get the specified alignment are * zeroed. * * The format of the relocation entries referenced by the reloff and nreloc * fields of the section structure for mach object files is described in the * header file . */ struct section { /* for 32-bit architectures */ char sectname[16]; /* name of this section */ char segname[16]; /* segment this section goes in */ uint32_t addr; /* memory address of this section */ uint32_t size; /* size in bytes of this section */ uint32_t offset; /* file offset of this section */ uint32_t align; /* section alignment (power of 2) */ uint32_t reloff; /* file offset of relocation entries */ uint32_t nreloc; /* number of relocation entries */ uint32_t flags; /* flags (section type and attributes)*/ uint32_t reserved1; /* reserved (for offset or index) */ uint32_t reserved2; /* reserved (for count or sizeof) */ }; struct section_64 { /* for 64-bit architectures */ char sectname[16]; /* name of this section */ char segname[16]; /* segment this section goes in */ uint64_t addr; /* memory address of this section */ uint64_t size; /* size in bytes of this section */ uint32_t offset; /* file offset of this section */ uint32_t align; /* section alignment (power of 2) */ uint32_t reloff; /* file offset of relocation entries */ uint32_t nreloc; /* number of relocation entries */ uint32_t flags; /* flags (section type and attributes)*/ uint32_t reserved1; /* reserved (for offset or index) */ uint32_t reserved2; /* reserved (for count or sizeof) */ uint32_t reserved3; /* reserved */ }; /* * The flags field of a section structure is separated into two parts a section * type and section attributes. The section types are mutually exclusive (it * can only have one type) but the section attributes are not (it may have more * than one attribute). */ #define SECTION_TYPE 0x000000ff /* 256 section types */ #define SECTION_ATTRIBUTES 0xffffff00 /* 24 section attributes */ /* Constants for the type of a section */ #define S_REGULAR 0x0 /* regular section */ #define S_ZEROFILL 0x1 /* zero fill on demand section */ #define S_CSTRING_LITERALS 0x2 /* section with only literal C strings*/ #define S_4BYTE_LITERALS 0x3 /* section with only 4 byte literals */ #define S_8BYTE_LITERALS 0x4 /* section with only 8 byte literals */ #define S_LITERAL_POINTERS 0x5 /* section with only pointers to */ /* literals */ /* * For the two types of symbol pointers sections and the symbol stubs section * they have indirect symbol table entries. For each of the entries in the * section the indirect symbol table entries, in corresponding order in the * indirect symbol table, start at the index stored in the reserved1 field * of the section structure. Since the indirect symbol table entries * correspond to the entries in the section the number of indirect symbol table * entries is inferred from the size of the section divided by the size of the * entries in the section. For symbol pointers sections the size of the entries * in the section is 4 bytes and for symbol stubs sections the byte size of the * stubs is stored in the reserved2 field of the section structure. */ #define S_NON_LAZY_SYMBOL_POINTERS 0x6 /* section with only non-lazy symbol pointers */ #define S_LAZY_SYMBOL_POINTERS 0x7 /* section with only lazy symbol pointers */ #define S_SYMBOL_STUBS 0x8 /* section with only symbol stubs, byte size of stub in the reserved2 field */ #define S_MOD_INIT_FUNC_POINTERS 0x9 /* section with only function pointers for initialization*/ #define S_MOD_TERM_FUNC_POINTERS 0xa /* section with only function pointers for termination */ #define S_COALESCED 0xb /* section contains symbols that are to be coalesced */ #define S_GB_ZEROFILL 0xc /* zero fill on demand section (that can be larger than 4 gigabytes) */ #define S_INTERPOSING 0xd /* section with only pairs of function pointers for interposing */ #define S_16BYTE_LITERALS 0xe /* section with only 16 byte literals */ #define S_DTRACE_DOF 0xf /* section contains DTrace Object Format */ #define S_LAZY_DYLIB_SYMBOL_POINTERS 0x10 /* section with only lazy symbol pointers to lazy loaded dylibs */ /* * Section types to support thread local variables */ #define S_THREAD_LOCAL_REGULAR 0x11 /* template of initial values for TLVs */ #define S_THREAD_LOCAL_ZEROFILL 0x12 /* template of initial values for TLVs */ #define S_THREAD_LOCAL_VARIABLES 0x13 /* TLV descriptors */ #define S_THREAD_LOCAL_VARIABLE_POINTERS 0x14 /* pointers to TLV descriptors */ #define S_THREAD_LOCAL_INIT_FUNCTION_POINTERS 0x15 /* functions to call to initialize TLV values */ #define S_INIT_FUNC_OFFSETS 0x16 /* 32-bit offsets to initializers */ /* * Constants for the section attributes part of the flags field of a section * structure. */ #define SECTION_ATTRIBUTES_USR 0xff000000 /* User setable attributes */ #define S_ATTR_PURE_INSTRUCTIONS 0x80000000 /* section contains only true machine instructions */ #define S_ATTR_NO_TOC 0x40000000 /* section contains coalesced symbols that are not to be in a ranlib table of contents */ #define S_ATTR_STRIP_STATIC_SYMS 0x20000000 /* ok to strip static symbols in this section in files with the MH_DYLDLINK flag */ #define S_ATTR_NO_DEAD_STRIP 0x10000000 /* no dead stripping */ #define S_ATTR_LIVE_SUPPORT 0x08000000 /* blocks are live if they reference live blocks */ #define S_ATTR_SELF_MODIFYING_CODE 0x04000000 /* Used with i386 code stubs written on by dyld */ /* * If a segment contains any sections marked with S_ATTR_DEBUG then all * sections in that segment must have this attribute. No section other than * a section marked with this attribute may reference the contents of this * section. A section with this attribute may contain no symbols and must have * a section type S_REGULAR. The static linker will not copy section contents * from sections with this attribute into its output file. These sections * generally contain DWARF debugging info. */ #define S_ATTR_DEBUG 0x02000000 /* a debug section */ #define SECTION_ATTRIBUTES_SYS 0x00ffff00 /* system setable attributes */ #define S_ATTR_SOME_INSTRUCTIONS 0x00000400 /* section contains some machine instructions */ #define S_ATTR_EXT_RELOC 0x00000200 /* section has external relocation entries */ #define S_ATTR_LOC_RELOC 0x00000100 /* section has local relocation entries */ /* * The names of segments and sections in them are mostly meaningless to the * link-editor. But there are few things to support traditional UNIX * executables that require the link-editor and assembler to use some names * agreed upon by convention. * * The initial protection of the "__TEXT" segment has write protection turned * off (not writeable). * * The link-editor will allocate common symbols at the end of the "__common" * section in the "__DATA" segment. It will create the section and segment * if needed. */ /* The currently known segment names and the section names in those segments */ #define SEG_PAGEZERO "__PAGEZERO" /* the pagezero segment which has no */ /* protections and catches NULL */ /* references for MH_EXECUTE files */ #define SEG_TEXT "__TEXT" /* the tradition UNIX text segment */ #define SECT_TEXT "__text" /* the real text part of the text */ /* section no headers, and no padding */ #define SECT_FVMLIB_INIT0 "__fvmlib_init0" /* the fvmlib initialization */ /* section */ #define SECT_FVMLIB_INIT1 "__fvmlib_init1" /* the section following the */ /* fvmlib initialization */ /* section */ #define SEG_DATA "__DATA" /* the tradition UNIX data segment */ #define SECT_DATA "__data" /* the real initialized data section */ /* no padding, no bss overlap */ #define SECT_BSS "__bss" /* the real uninitialized data section*/ /* no padding */ #define SECT_COMMON "__common" /* the section common symbols are */ /* allocated in by the link editor */ #define SEG_OBJC "__OBJC" /* objective-C runtime segment */ #define SECT_OBJC_SYMBOLS "__symbol_table" /* symbol table */ #define SECT_OBJC_MODULES "__module_info" /* module information */ #define SECT_OBJC_STRINGS "__selector_strs" /* string table */ #define SECT_OBJC_REFS "__selector_refs" /* string table */ #define SEG_ICON "__ICON" /* the icon segment */ #define SECT_ICON_HEADER "__header" /* the icon headers */ #define SECT_ICON_TIFF "__tiff" /* the icons in tiff format */ #define SEG_LINKEDIT "__LINKEDIT" /* the segment containing all structs */ /* created and maintained by the link */ /* editor. Created with -seglinkedit */ /* option to ld(1) for MH_EXECUTE and */ /* FVMLIB file types only */ #define SEG_UNIXSTACK "__UNIXSTACK" /* the unix stack segment */ #define SEG_IMPORT "__IMPORT" /* the segment for the self (dyld) */ /* modifing code stubs that has read, */ /* write and execute permissions */ /* * Fixed virtual memory shared libraries are identified by two things. The * target pathname (the name of the library as found for execution), and the * minor version number. The address of where the headers are loaded is in * header_addr. (THIS IS OBSOLETE and no longer supported). */ struct fvmshlib { /*union*/ lc_str name; /* library's target pathname */ uint32_t minor_version; /* library's minor version number */ uint32_t header_addr; /* library's header address */ }; typedef struct fvmshlib fvmshlib; /* * A fixed virtual shared library (filetype == MH_FVMLIB in the mach header) * contains a fvmlib_command (cmd == LC_IDFVMLIB) to identify the library. * An object that uses a fixed virtual shared library also contains a * fvmlib_command (cmd == LC_LOADFVMLIB) for each library it uses. * (THIS IS OBSOLETE and no longer supported). */ struct fvmlib_command { uint32_t cmd; /* LC_IDFVMLIB or LC_LOADFVMLIB */ uint32_t cmdsize; /* includes pathname string */ /*struct*/ fvmshlib fvmlib; /* the library identification */ }; /* * Dynamicly linked shared libraries are identified by two things. The * pathname (the name of the library as found for execution), and the * compatibility version number. The pathname must match and the compatibility * number in the user of the library must be greater than or equal to the * library being used. The time stamp is used to record the time a library was * built and copied into user so it can be use to determined if the library used * at runtime is exactly the same as used to built the program. */ struct dylib { union lc_str name; /* library's path name */ uint32_t timestamp; /* library's build time stamp */ uint32_t current_version; /* library's current version number */ uint32_t compatibility_version; /* library's compatibility vers number*/ }; /* * A dynamically linked shared library (filetype == MH_DYLIB in the mach header) * contains a dylib_command (cmd == LC_ID_DYLIB) to identify the library. * An object that uses a dynamically linked shared library also contains a * dylib_command (cmd == LC_LOAD_DYLIB, LC_LOAD_WEAK_DYLIB, or * LC_REEXPORT_DYLIB) for each library it uses. */ struct dylib_command { uint32_t cmd; /* LC_ID_DYLIB, LC_LOAD_{,WEAK_}DYLIB, LC_REEXPORT_DYLIB */ uint32_t cmdsize; /* includes pathname string */ struct dylib dylib; /* the library identification */ }; /* * A dynamically linked shared library may be a subframework of an umbrella * framework. If so it will be linked with "-umbrella umbrella_name" where * Where "umbrella_name" is the name of the umbrella framework. A subframework * can only be linked against by its umbrella framework or other subframeworks * that are part of the same umbrella framework. Otherwise the static link * editor produces an error and states to link against the umbrella framework. * The name of the umbrella framework for subframeworks is recorded in the * following structure. */ struct sub_framework_command { uint32_t cmd; /* LC_SUB_FRAMEWORK */ uint32_t cmdsize; /* includes umbrella string */ union lc_str umbrella; /* the umbrella framework name */ }; /* * For dynamically linked shared libraries that are subframework of an umbrella * framework they can allow clients other than the umbrella framework or other * subframeworks in the same umbrella framework. To do this the subframework * is built with "-allowable_client client_name" and an LC_SUB_CLIENT load * command is created for each -allowable_client flag. The client_name is * usually a framework name. It can also be a name used for bundles clients * where the bundle is built with "-client_name client_name". */ struct sub_client_command { uint32_t cmd; /* LC_SUB_CLIENT */ uint32_t cmdsize; /* includes client string */ union lc_str client; /* the client name */ }; /* * A dynamically linked shared library may be a sub_umbrella of an umbrella * framework. If so it will be linked with "-sub_umbrella umbrella_name" where * Where "umbrella_name" is the name of the sub_umbrella framework. When * staticly linking when -twolevel_namespace is in effect a twolevel namespace * umbrella framework will only cause its subframeworks and those frameworks * listed as sub_umbrella frameworks to be implicited linked in. Any other * dependent dynamic libraries will not be linked it when -twolevel_namespace * is in effect. The primary library recorded by the static linker when * resolving a symbol in these libraries will be the umbrella framework. * Zero or more sub_umbrella frameworks may be use by an umbrella framework. * The name of a sub_umbrella framework is recorded in the following structure. */ struct sub_umbrella_command { uint32_t cmd; /* LC_SUB_UMBRELLA */ uint32_t cmdsize; /* includes sub_umbrella string */ union lc_str sub_umbrella; /* the sub_umbrella framework name */ }; /* * A dynamically linked shared library may be a sub_library of another shared * library. If so it will be linked with "-sub_library library_name" where * Where "library_name" is the name of the sub_library shared library. When * staticly linking when -twolevel_namespace is in effect a twolevel namespace * shared library will only cause its subframeworks and those frameworks * listed as sub_umbrella frameworks and libraries listed as sub_libraries to * be implicited linked in. Any other dependent dynamic libraries will not be * linked it when -twolevel_namespace is in effect. The primary library * recorded by the static linker when resolving a symbol in these libraries * will be the umbrella framework (or dynamic library). Zero or more sub_library * shared libraries may be use by an umbrella framework or (or dynamic library). * The name of a sub_library framework is recorded in the following structure. * For example /usr/lib/libobjc_profile.A.dylib would be recorded as "libobjc". */ struct sub_library_command { uint32_t cmd; /* LC_SUB_LIBRARY */ uint32_t cmdsize; /* includes sub_library string */ union lc_str sub_library; /* the sub_library name */ }; /* * A program (filetype == MH_EXECUTE) that is * prebound to its dynamic libraries has one of these for each library that * the static linker used in prebinding. It contains a bit vector for the * modules in the library. The bits indicate which modules are bound (1) and * which are not (0) from the library. The bit for module 0 is the low bit * of the first byte. So the bit for the Nth module is: * (linked_modules[N/8] >> N%8) & 1 */ struct prebound_dylib_command { uint32_t cmd; /* LC_PREBOUND_DYLIB */ uint32_t cmdsize; /* includes strings */ union lc_str name; /* library's path name */ uint32_t nmodules; /* number of modules in library */ union lc_str linked_modules; /* bit vector of linked modules */ }; /* * A program that uses a dynamic linker contains a dylinker_command to identify * the name of the dynamic linker (LC_LOAD_DYLINKER). And a dynamic linker * contains a dylinker_command to identify the dynamic linker (LC_ID_DYLINKER). * A file can have at most one of these. * This struct is also used for the LC_DYLD_ENVIRONMENT load command and * contains string for dyld to treat like environment variable. */ struct dylinker_command { uint32_t cmd; /* LC_ID_DYLINKER, LC_LOAD_DYLINKER or LC_DYLD_ENVIRONMENT */ uint32_t cmdsize; /* includes pathname string */ union lc_str name; /* dynamic linker's path name */ }; /* * Thread commands contain machine-specific data structures suitable for * use in the thread state primitives. The machine specific data structures * follow the struct thread_command as follows. * Each flavor of machine specific data structure is preceded by an unsigned * long constant for the flavor of that data structure, an uint32_t * that is the count of longs of the size of the state data structure and then * the state data structure follows. This triple may be repeated for many * flavors. The constants for the flavors, counts and state data structure * definitions are expected to be in the header file . * These machine specific data structures sizes must be multiples of * 4 bytes The cmdsize reflects the total size of the thread_command * and all of the sizes of the constants for the flavors, counts and state * data structures. * * For executable objects that are unix processes there will be one * thread_command (cmd == LC_UNIXTHREAD) created for it by the link-editor. * This is the same as a LC_THREAD, except that a stack is automatically * created (based on the shell's limit for the stack size). Command arguments * and environment variables are copied onto that stack. */ struct thread_command { uint32_t cmd; /* LC_THREAD or LC_UNIXTHREAD */ uint32_t cmdsize; /* total size of this command */ /* uint32_t flavor flavor of thread state */ /* uint32_t count count of longs in thread state */ /* struct XXX_thread_state state thread state for this flavor */ /* ... */ }; /* * The routines command contains the address of the dynamic shared library * initialization routine and an index into the module table for the module * that defines the routine. Before any modules are used from the library the * dynamic linker fully binds the module that defines the initialization routine * and then calls it. This gets called before any module initialization * routines (used for C++ static constructors) in the library. */ struct routines_command { /* for 32-bit architectures */ uint32_t cmd; /* LC_ROUTINES */ uint32_t cmdsize; /* total size of this command */ uint32_t init_address; /* address of initialization routine */ uint32_t init_module; /* index into the module table that */ /* the init routine is defined in */ uint32_t reserved1; uint32_t reserved2; uint32_t reserved3; uint32_t reserved4; uint32_t reserved5; uint32_t reserved6; }; /* * The 64-bit routines command. Same use as above. */ struct routines_command_64 { /* for 64-bit architectures */ uint32_t cmd; /* LC_ROUTINES_64 */ uint32_t cmdsize; /* total size of this command */ uint64_t init_address; /* address of initialization routine */ uint64_t init_module; /* index into the module table that */ /* the init routine is defined in */ uint64_t reserved1; uint64_t reserved2; uint64_t reserved3; uint64_t reserved4; uint64_t reserved5; uint64_t reserved6; }; /* * The symtab_command contains the offsets and sizes of the link-edit 4.3BSD * "stab" style symbol table information as described in the header files * and . */ struct symtab_command { uint32_t cmd; /* LC_SYMTAB == 2 */ uint32_t cmdsize; /* sizeof(struct symtab_command) */ uint32_t symoff; /* symbol table offset */ uint32_t nsyms; /* number of symbol table entries */ uint32_t stroff; /* string table offset */ uint32_t strsize; /* string table size in bytes */ }; /* * This is the second set of the symbolic information which is used to support * the data structures for the dynamically link editor. * * The original set of symbolic information in the symtab_command which contains * the symbol and string tables must also be present when this load command is * present. When this load command is present the symbol table is organized * into three groups of symbols: * local symbols (static and debugging symbols) - grouped by module * defined external symbols - grouped by module (sorted by name if not lib) * undefined external symbols (sorted by name if MH_BINDATLOAD is not set, * and in order the were seen by the static * linker if MH_BINDATLOAD is set) * In this load command there are offsets and counts to each of the three groups * of symbols. * * This load command contains a the offsets and sizes of the following new * symbolic information tables: * table of contents * module table * reference symbol table * indirect symbol table * The first three tables above (the table of contents, module table and * reference symbol table) are only present if the file is a dynamically linked * shared library. For executable and object modules, which are files * containing only one module, the information that would be in these three * tables is determined as follows: * table of contents - the defined external symbols are sorted by name * module table - the file contains only one module so everything in the * file is part of the module. * reference symbol table - is the defined and undefined external symbols * * For dynamically linked shared library files this load command also contains * offsets and sizes to the pool of relocation entries for all sections * separated into two groups: * external relocation entries * local relocation entries * For executable and object modules the relocation entries continue to hang * off the section structures. */ struct dysymtab_command { uint32_t cmd; /* LC_DYSYMTAB == 0x0b */ uint32_t cmdsize; /* sizeof(struct dysymtab_command) */ /* * The symbols indicated by symoff and nsyms of the LC_SYMTAB load command * are grouped into the following three groups: * local symbols (further grouped by the module they are from) * defined external symbols (further grouped by the module they are from) * undefined symbols * * The local symbols are used only for debugging. The dynamic binding * process may have to use them to indicate to the debugger the local * symbols for a module that is being bound. * * The last two groups are used by the dynamic binding process to do the * binding (indirectly through the module table and the reference symbol * table when this is a dynamically linked shared library file). */ uint32_t ilocalsym; /* index to local symbols */ uint32_t nlocalsym; /* number of local symbols */ uint32_t iextdefsym;/* index to externally defined symbols */ uint32_t nextdefsym;/* number of externally defined symbols */ uint32_t iundefsym; /* index to undefined symbols */ uint32_t nundefsym; /* number of undefined symbols */ /* * For the for the dynamic binding process to find which module a symbol * is defined in the table of contents is used (analogous to the ranlib * structure in an archive) which maps defined external symbols to modules * they are defined in. This exists only in a dynamically linked shared * library file. For executable and object modules the defined external * symbols are sorted by name and is use as the table of contents. */ uint32_t tocoff; /* file offset to table of contents */ uint32_t ntoc; /* number of entries in table of contents */ /* * To support dynamic binding of "modules" (whole object files) the symbol * table must reflect the modules that the file was created from. This is * done by having a module table that has indexes and counts into the merged * tables for each module. The module structure that these two entries * refer to is described below. This exists only in a dynamically linked * shared library file. For executable and object modules the file only * contains one module so everything in the file belongs to the module. */ uint32_t modtaboff; /* file offset to module table */ uint32_t nmodtab; /* number of module table entries */ /* * To support dynamic module binding the module structure for each module * indicates the external references (defined and undefined) each module * makes. For each module there is an offset and a count into the * reference symbol table for the symbols that the module references. * This exists only in a dynamically linked shared library file. For * executable and object modules the defined external symbols and the * undefined external symbols indicates the external references. */ uint32_t extrefsymoff; /* offset to referenced symbol table */ uint32_t nextrefsyms; /* number of referenced symbol table entries */ /* * The sections that contain "symbol pointers" and "routine stubs" have * indexes and (implied counts based on the size of the section and fixed * size of the entry) into the "indirect symbol" table for each pointer * and stub. For every section of these two types the index into the * indirect symbol table is stored in the section header in the field * reserved1. An indirect symbol table entry is simply a 32bit index into * the symbol table to the symbol that the pointer or stub is referring to. * The indirect symbol table is ordered to match the entries in the section. */ uint32_t indirectsymoff; /* file offset to the indirect symbol table */ uint32_t nindirectsyms; /* number of indirect symbol table entries */ /* * To support relocating an individual module in a library file quickly the * external relocation entries for each module in the library need to be * accessed efficiently. Since the relocation entries can't be accessed * through the section headers for a library file they are separated into * groups of local and external entries further grouped by module. In this * case the presents of this load command who's extreloff, nextrel, * locreloff and nlocrel fields are non-zero indicates that the relocation * entries of non-merged sections are not referenced through the section * structures (and the reloff and nreloc fields in the section headers are * set to zero). * * Since the relocation entries are not accessed through the section headers * this requires the r_address field to be something other than a section * offset to identify the item to be relocated. In this case r_address is * set to the offset from the vmaddr of the first LC_SEGMENT command. * For MH_SPLIT_SEGS images r_address is set to the the offset from the * vmaddr of the first read-write LC_SEGMENT command. * * The relocation entries are grouped by module and the module table * entries have indexes and counts into them for the group of external * relocation entries for that the module. * * For sections that are merged across modules there must not be any * remaining external relocation entries for them (for merged sections * remaining relocation entries must be local). */ uint32_t extreloff; /* offset to external relocation entries */ uint32_t nextrel; /* number of external relocation entries */ /* * All the local relocation entries are grouped together (they are not * grouped by their module since they are only used if the object is moved * from it staticly link edited address). */ uint32_t locreloff; /* offset to local relocation entries */ uint32_t nlocrel; /* number of local relocation entries */ }; /* * An indirect symbol table entry is simply a 32bit index into the symbol table * to the symbol that the pointer or stub is refering to. Unless it is for a * non-lazy symbol pointer section for a defined symbol which strip(1) as * removed. In which case it has the value INDIRECT_SYMBOL_LOCAL. If the * symbol was also absolute INDIRECT_SYMBOL_ABS is or'ed with that. */ #define INDIRECT_SYMBOL_LOCAL 0x80000000 #define INDIRECT_SYMBOL_ABS 0x40000000 /* a table of contents entry */ struct dylib_table_of_contents { uint32_t symbol_index; /* the defined external symbol (index into the symbol table) */ uint32_t module_index; /* index into the module table this symbol is defined in */ }; /* a module table entry */ struct dylib_module { uint32_t module_name; /* the module name (index into string table) */ uint32_t iextdefsym; /* index into externally defined symbols */ uint32_t nextdefsym; /* number of externally defined symbols */ uint32_t irefsym; /* index into reference symbol table */ uint32_t nrefsym; /* number of reference symbol table entries */ uint32_t ilocalsym; /* index into symbols for local symbols */ uint32_t nlocalsym; /* number of local symbols */ uint32_t iextrel; /* index into external relocation entries */ uint32_t nextrel; /* number of external relocation entries */ uint32_t iinit_iterm; /* low 16 bits are the index into the init section, high 16 bits are the index into the term section */ uint32_t ninit_nterm; /* low 16 bits are the number of init section entries, high 16 bits are the number of term section entries */ uint32_t /* for this module address of the start of */ objc_module_info_addr; /* the (__OBJC,__module_info) section */ uint32_t /* for this module size of */ objc_module_info_size; /* the (__OBJC,__module_info) section */ }; /* a 64-bit module table entry */ struct dylib_module_64 { uint32_t module_name; /* the module name (index into string table) */ uint32_t iextdefsym; /* index into externally defined symbols */ uint32_t nextdefsym; /* number of externally defined symbols */ uint32_t irefsym; /* index into reference symbol table */ uint32_t nrefsym; /* number of reference symbol table entries */ uint32_t ilocalsym; /* index into symbols for local symbols */ uint32_t nlocalsym; /* number of local symbols */ uint32_t iextrel; /* index into external relocation entries */ uint32_t nextrel; /* number of external relocation entries */ uint32_t iinit_iterm; /* low 16 bits are the index into the init section, high 16 bits are the index into the term section */ uint32_t ninit_nterm; /* low 16 bits are the number of init section entries, high 16 bits are the number of term section entries */ uint32_t /* for this module size of */ objc_module_info_size; /* the (__OBJC,__module_info) section */ uint64_t /* for this module address of the start of */ objc_module_info_addr; /* the (__OBJC,__module_info) section */ }; /* * The entries in the reference symbol table are used when loading the module * (both by the static and dynamic link editors) and if the module is unloaded * or replaced. Therefore all external symbols (defined and undefined) are * listed in the module's reference table. The flags describe the type of * reference that is being made. The constants for the flags are defined in * as they are also used for symbol table entries. */ struct dylib_reference { uint32_t isym:24, /* index into the symbol table */ flags:8; /* flags to indicate the type of reference */ }; /* * The twolevel_hints_command contains the offset and number of hints in the * two-level namespace lookup hints table. */ struct twolevel_hints_command { uint32_t cmd; /* LC_TWOLEVEL_HINTS */ uint32_t cmdsize; /* sizeof(struct twolevel_hints_command) */ uint32_t offset; /* offset to the hint table */ uint32_t nhints; /* number of hints in the hint table */ }; /* * The entries in the two-level namespace lookup hints table are twolevel_hint * structs. These provide hints to the dynamic link editor where to start * looking for an undefined symbol in a two-level namespace image. The * isub_image field is an index into the sub-images (sub-frameworks and * sub-umbrellas list) that made up the two-level image that the undefined * symbol was found in when it was built by the static link editor. If * isub-image is 0 the the symbol is expected to be defined in library and not * in the sub-images. If isub-image is non-zero it is an index into the array * of sub-images for the umbrella with the first index in the sub-images being * 1. The array of sub-images is the ordered list of sub-images of the umbrella * that would be searched for a symbol that has the umbrella recorded as its * primary library. The table of contents index is an index into the * library's table of contents. This is used as the starting point of the * binary search or a directed linear search. */ struct twolevel_hint { uint32_t isub_image:8, /* index into the sub images */ itoc:24; /* index into the table of contents */ }; /* * The prebind_cksum_command contains the value of the original check sum for * prebound files or zero. When a prebound file is first created or modified * for other than updating its prebinding information the value of the check sum * is set to zero. When the file has it prebinding re-done and if the value of * the check sum is zero the original check sum is calculated and stored in * cksum field of this load command in the output file. If when the prebinding * is re-done and the cksum field is non-zero it is left unchanged from the * input file. */ struct prebind_cksum_command { uint32_t cmd; /* LC_PREBIND_CKSUM */ uint32_t cmdsize; /* sizeof(struct prebind_cksum_command) */ uint32_t cksum; /* the check sum or zero */ }; /* * The uuid load command contains a single 128-bit unique random number that * identifies an object produced by the static link editor. */ struct uuid_command { uint32_t cmd; /* LC_UUID */ uint32_t cmdsize; /* sizeof(struct uuid_command) */ uint8_t uuid[16]; /* the 128-bit uuid */ }; /* * The rpath_command contains a path which at runtime should be added to * the current run path used to find @rpath prefixed dylibs. */ struct rpath_command { uint32_t cmd; /* LC_RPATH */ uint32_t cmdsize; /* includes string */ union lc_str path; /* path to add to run path */ }; /* * The linkedit_data_command contains the offsets and sizes of a blob * of data in the __LINKEDIT segment. */ struct linkedit_data_command { uint32_t cmd; /* LC_CODE_SIGNATURE, LC_SEGMENT_SPLIT_INFO, LC_FUNCTION_STARTS, LC_DATA_IN_CODE, LC_DYLIB_CODE_SIGN_DRS, LC_LINKER_OPTIMIZATION_HINT, LC_DYLD_EXPORTS_TRIE, or LC_DYLD_CHAINED_FIXUPS. */ uint32_t cmdsize; /* sizeof(struct linkedit_data_command) */ uint32_t dataoff; /* file offset of data in __LINKEDIT segment */ uint32_t datasize; /* file size of data in __LINKEDIT segment */ }; /* * The encryption_info_command contains the file offset and size of an * of an encrypted segment. */ struct encryption_info_command { uint32_t cmd; /* LC_ENCRYPTION_INFO */ uint32_t cmdsize; /* sizeof(struct encryption_info_command) */ uint32_t cryptoff; /* file offset of encrypted range */ uint32_t cryptsize; /* file size of encrypted range */ uint32_t cryptid; /* which enryption system, 0 means not-encrypted yet */ }; /* * The encryption_info_command_64 contains the file offset and size of an * of an encrypted segment (for use in x86_64 targets). */ struct encryption_info_command_64 { uint32_t cmd; /* LC_ENCRYPTION_INFO_64 */ uint32_t cmdsize; /* sizeof(struct encryption_info_command_64) */ uint32_t cryptoff; /* file offset of encrypted range */ uint32_t cryptsize; /* file size of encrypted range */ uint32_t cryptid; /* which enryption system, 0 means not-encrypted yet */ uint32_t pad; /* padding to make this struct's size a multiple of 8 bytes */ }; /* * The version_min_command contains the min OS version on which this * binary was built to run. */ struct version_min_command { uint32_t cmd; /* LC_VERSION_MIN_MACOSX or LC_VERSION_MIN_IPHONEOS */ uint32_t cmdsize; /* sizeof(struct min_version_command) */ uint32_t version; /* X.Y.Z is encoded in nibbles xxxx.yy.zz */ uint32_t sdk; /* X.Y.Z is encoded in nibbles xxxx.yy.zz */ }; /* * The build_version_command contains the min OS version on which this * binary was built to run for its platform. The list of known platforms and * tool values following it. */ struct build_version_command { uint32_t cmd; /* LC_BUILD_VERSION */ uint32_t cmdsize; /* sizeof(struct build_version_command) plus */ /* ntools * sizeof(struct build_tool_version) */ uint32_t platform; /* platform */ uint32_t minos; /* X.Y.Z is encoded in nibbles xxxx.yy.zz */ uint32_t sdk; /* X.Y.Z is encoded in nibbles xxxx.yy.zz */ uint32_t ntools; /* number of tool entries following this */ }; struct build_tool_version { uint32_t tool; /* enum for the tool */ uint32_t version; /* version number of the tool */ }; /* Known values for the platform field above. */ #define PLATFORM_MACOS 1 #define PLATFORM_IOS 2 #define PLATFORM_TVOS 3 #define PLATFORM_WATCHOS 4 #define PLATFORM_BRIDGEOS 5 #define PLATFORM_IOSMAC 6 #define PLATFORM_IOSSIMULATOR 7 #define PLATFORM_TVOSSIMULATOR 8 #define PLATFORM_WATCHOSSIMULATOR 9 #define PLATFORM_DRIVERKIT 10 /* Known values for the tool field above. */ #define TOOL_CLANG 1 #define TOOL_SWIFT 2 #define TOOL_LD 3 /* * The dyld_info_command contains the file offsets and sizes of * the new compressed form of the information dyld needs to * load the image. This information is used by dyld on Mac OS X * 10.6 and later. All information pointed to by this command * is encoded using byte streams, so no endian swapping is needed * to interpret it. */ struct dyld_info_command { uint32_t cmd; /* LC_DYLD_INFO or LC_DYLD_INFO_ONLY */ uint32_t cmdsize; /* sizeof(struct dyld_info_command) */ /* * Dyld rebases an image whenever dyld loads it at an address different * from its preferred address. The rebase information is a stream * of byte sized opcodes whose symbolic names start with REBASE_OPCODE_. * Conceptually the rebase information is a table of tuples: * * The opcodes are a compressed way to encode the table by only * encoding when a column changes. In addition simple patterns * like "every n'th offset for m times" can be encoded in a few * bytes. */ uint32_t rebase_off; /* file offset to rebase info */ uint32_t rebase_size; /* size of rebase info */ /* * Dyld binds an image during the loading process, if the image * requires any pointers to be initialized to symbols in other images. * The bind information is a stream of byte sized * opcodes whose symbolic names start with BIND_OPCODE_. * Conceptually the bind information is a table of tuples: * * The opcodes are a compressed way to encode the table by only * encoding when a column changes. In addition simple patterns * like for runs of pointers initialzed to the same value can be * encoded in a few bytes. */ uint32_t bind_off; /* file offset to binding info */ uint32_t bind_size; /* size of binding info */ /* * Some C++ programs require dyld to unique symbols so that all * images in the process use the same copy of some code/data. * This step is done after binding. The content of the weak_bind * info is an opcode stream like the bind_info. But it is sorted * alphabetically by symbol name. This enable dyld to walk * all images with weak binding information in order and look * for collisions. If there are no collisions, dyld does * no updating. That means that some fixups are also encoded * in the bind_info. For instance, all calls to "operator new" * are first bound to libstdc++.dylib using the information * in bind_info. Then if some image overrides operator new * that is detected when the weak_bind information is processed * and the call to operator new is then rebound. */ uint32_t weak_bind_off; /* file offset to weak binding info */ uint32_t weak_bind_size; /* size of weak binding info */ /* * Some uses of external symbols do not need to be bound immediately. * Instead they can be lazily bound on first use. The lazy_bind * are contains a stream of BIND opcodes to bind all lazy symbols. * Normal use is that dyld ignores the lazy_bind section when * loading an image. Instead the static linker arranged for the * lazy pointer to initially point to a helper function which * pushes the offset into the lazy_bind area for the symbol * needing to be bound, then jumps to dyld which simply adds * the offset to lazy_bind_off to get the information on what * to bind. */ uint32_t lazy_bind_off; /* file offset to lazy binding info */ uint32_t lazy_bind_size; /* size of lazy binding infs */ /* * The symbols exported by a dylib are encoded in a trie. This * is a compact representation that factors out common prefixes. * It also reduces LINKEDIT pages in RAM because it encodes all * information (name, address, flags) in one small, contiguous range. * The export area is a stream of nodes. The first node sequentially * is the start node for the trie. * * Nodes for a symbol start with a uleb128 that is the length of * the exported symbol information for the string so far. * If there is no exported symbol, the node starts with a zero byte. * If there is exported info, it follows the length. * * First is a uleb128 containing flags. Normally, it is followed by * a uleb128 encoded offset which is location of the content named * by the symbol from the mach_header for the image. If the flags * is EXPORT_SYMBOL_FLAGS_REEXPORT, then following the flags is * a uleb128 encoded library ordinal, then a zero terminated * UTF8 string. If the string is zero length, then the symbol * is re-export from the specified dylib with the same name. * If the flags is EXPORT_SYMBOL_FLAGS_STUB_AND_RESOLVER, then following * the flags is two uleb128s: the stub offset and the resolver offset. * The stub is used by non-lazy pointers. The resolver is used * by lazy pointers and must be called to get the actual address to use. * * After the optional exported symbol information is a byte of * how many edges (0-255) that this node has leaving it, * followed by each edge. * Each edge is a zero terminated UTF8 of the addition chars * in the symbol, followed by a uleb128 offset for the node that * edge points to. * */ uint32_t export_off; /* file offset to lazy binding info */ uint32_t export_size; /* size of lazy binding infs */ }; /* * The following are used to encode rebasing information */ #define REBASE_TYPE_POINTER 1 #define REBASE_TYPE_TEXT_ABSOLUTE32 2 #define REBASE_TYPE_TEXT_PCREL32 3 #define REBASE_OPCODE_MASK 0xF0 #define REBASE_IMMEDIATE_MASK 0x0F #define REBASE_OPCODE_DONE 0x00 #define REBASE_OPCODE_SET_TYPE_IMM 0x10 #define REBASE_OPCODE_SET_SEGMENT_AND_OFFSET_ULEB 0x20 #define REBASE_OPCODE_ADD_ADDR_ULEB 0x30 #define REBASE_OPCODE_ADD_ADDR_IMM_SCALED 0x40 #define REBASE_OPCODE_DO_REBASE_IMM_TIMES 0x50 #define REBASE_OPCODE_DO_REBASE_ULEB_TIMES 0x60 #define REBASE_OPCODE_DO_REBASE_ADD_ADDR_ULEB 0x70 #define REBASE_OPCODE_DO_REBASE_ULEB_TIMES_SKIPPING_ULEB 0x80 /* * The following are used to encode binding information */ #define BIND_TYPE_POINTER 1 #define BIND_TYPE_TEXT_ABSOLUTE32 2 #define BIND_TYPE_TEXT_PCREL32 3 #define BIND_SPECIAL_DYLIB_SELF 0 #define BIND_SPECIAL_DYLIB_MAIN_EXECUTABLE -1 #define BIND_SPECIAL_DYLIB_FLAT_LOOKUP -2 #define BIND_SYMBOL_FLAGS_WEAK_IMPORT 0x1 #define BIND_SYMBOL_FLAGS_NON_WEAK_DEFINITION 0x8 #define BIND_OPCODE_MASK 0xF0 #define BIND_IMMEDIATE_MASK 0x0F #define BIND_OPCODE_DONE 0x00 #define BIND_OPCODE_SET_DYLIB_ORDINAL_IMM 0x10 #define BIND_OPCODE_SET_DYLIB_ORDINAL_ULEB 0x20 #define BIND_OPCODE_SET_DYLIB_SPECIAL_IMM 0x30 #define BIND_OPCODE_SET_SYMBOL_TRAILING_FLAGS_IMM 0x40 #define BIND_OPCODE_SET_TYPE_IMM 0x50 #define BIND_OPCODE_SET_ADDEND_SLEB 0x60 #define BIND_OPCODE_SET_SEGMENT_AND_OFFSET_ULEB 0x70 #define BIND_OPCODE_ADD_ADDR_ULEB 0x80 #define BIND_OPCODE_DO_BIND 0x90 #define BIND_OPCODE_DO_BIND_ADD_ADDR_ULEB 0xA0 #define BIND_OPCODE_DO_BIND_ADD_ADDR_IMM_SCALED 0xB0 #define BIND_OPCODE_DO_BIND_ULEB_TIMES_SKIPPING_ULEB 0xC0 #define BIND_OPCODE_THREADED 0xD0 #define BIND_SUBOPCODE_THREADED_SET_BIND_ORDINAL_TABLE_SIZE_ULEB 0x00 #define BIND_SUBOPCODE_THREADED_APPLY 0x01 /* * The following are used on the flags byte of a terminal node * in the export information. */ #define EXPORT_SYMBOL_FLAGS_KIND_MASK 0x03 #define EXPORT_SYMBOL_FLAGS_KIND_REGULAR 0x00 #define EXPORT_SYMBOL_FLAGS_KIND_THREAD_LOCAL 0x01 #define EXPORT_SYMBOL_FLAGS_WEAK_DEFINITION 0x04 #define EXPORT_SYMBOL_FLAGS_REEXPORT 0x08 #define EXPORT_SYMBOL_FLAGS_STUB_AND_RESOLVER 0x10 /* * The linker_option_command contains linker options embedded in object files. */ struct linker_option_command { uint32_t cmd; /* LC_LINKER_OPTION only used in MH_OBJECT filetypes */ uint32_t cmdsize; uint32_t count; /* number of strings */ /* concatenation of zero terminated UTF8 strings. Zero filled at end to align */ }; /* * The symseg_command contains the offset and size of the GNU style * symbol table information as described in the header file . * The symbol roots of the symbol segments must also be aligned properly * in the file. So the requirement of keeping the offsets aligned to a * multiple of a 4 bytes translates to the length field of the symbol * roots also being a multiple of a long. Also the padding must again be * zeroed. (THIS IS OBSOLETE and no longer supported). */ struct symseg_command { uint32_t cmd; /* LC_SYMSEG */ uint32_t cmdsize; /* sizeof(struct symseg_command) */ uint32_t offset; /* symbol segment offset */ uint32_t size; /* symbol segment size in bytes */ }; /* * The ident_command contains a free format string table following the * ident_command structure. The strings are null terminated and the size of * the command is padded out with zero bytes to a multiple of 4 bytes/ * (THIS IS OBSOLETE and no longer supported). */ struct ident_command { uint32_t cmd; /* LC_IDENT */ uint32_t cmdsize; /* strings that follow this command */ }; /* * The fvmfile_command contains a reference to a file to be loaded at the * specified virtual address. (Presently, this command is reserved for * internal use. The kernel ignores this command when loading a program into * memory). */ struct fvmfile_command { uint32_t cmd; /* LC_FVMFILE */ uint32_t cmdsize; /* includes pathname string */ union lc_str name; /* files pathname */ uint32_t header_addr; /* files virtual address */ }; /* * The entry_point_command is a replacement for thread_command. * It is used for main executables to specify the location (file offset) * of main(). If -stack_size was used at link time, the stacksize * field will contain the stack size need for the main thread. */ struct entry_point_command { uint32_t cmd; /* LC_MAIN only used in MH_EXECUTE filetypes */ uint32_t cmdsize; /* 24 */ uint64_t entryoff; /* file (__TEXT) offset of main() */ uint64_t stacksize;/* if not zero, initial stack size */ }; /* * The source_version_command is an optional load command containing * the version of the sources used to build the binary. */ struct source_version_command { uint32_t cmd; /* LC_SOURCE_VERSION */ uint32_t cmdsize; /* 16 */ uint64_t version; /* A.B.C.D.E packed as a24.b10.c10.d10.e10 */ }; /* * The LC_DATA_IN_CODE load commands uses a linkedit_data_command * to point to an array of data_in_code_entry entries. Each entry * describes a range of data in a code section. This load command * is only used in final linked images. */ struct data_in_code_entry { uint32_t offset; /* from mach_header to start of data range*/ uint16_t length; /* number of bytes in data range */ uint16_t kind; /* a DICE_KIND_* value */ }; #define DICE_KIND_DATA 0x0001 /* L$start$data$... label */ #define DICE_KIND_JUMP_TABLE8 0x0002 /* L$start$jt8$... label */ #define DICE_KIND_JUMP_TABLE16 0x0003 /* L$start$jt16$... label */ #define DICE_KIND_JUMP_TABLE32 0x0004 /* L$start$jt32$... label */ #define DICE_KIND_ABS_JUMP_TABLE32 0x0005 /* L$start$jta32$... label */ /* * Sections of type S_THREAD_LOCAL_VARIABLES contain an array * of tlv_descriptor structures. */ struct tlv_descriptor { void* (*thunk)(struct tlv_descriptor*); unsigned long key; unsigned long offset; }; /* * LC_NOTE commands describe a region of arbitrary data included in a Mach-O * file. Its initial use is to record extra data in MH_CORE files. */ struct note_command { uint32_t cmd; /* LC_NOTE */ uint32_t cmdsize; /* sizeof(struct note_command) */ char data_owner[16]; /* owner name for this LC_NOTE */ uint64_t offset; /* file offset of this data */ uint64_t size; /* length of data region */ }; //kexts cache struct command_35 { uint32_t cmd; //0x35 - LC_KEXT uint32_t cmdsize; //=0x38 - short name, 0x48 - long name, ... uint64_t offset; /* file offset of this data */ uint64_t size; /* length of data region */ uint32_t res1; //=0x20 uint32_t res2; //=0x00 char name[]; //kext name [16] or [32] // align to 8 byte boundary }; //from file nlist.h //struct symtab_command { // uint32_t cmd; /* LC_SYMTAB == 2 */ // uint32_t cmdsize; /* sizeof(struct symtab_command) */ // uint32_t symoff; /* symbol table offset */ // uint32_t nsyms; /* number of symbol table entries */ // uint32_t stroff; /* string table offset */ // uint32_t strsize; /* string table size in bytes */ //}; /* * This is the symbol table entry structure for 64-bit architectures. */ struct nlist_64 { union { uint32_t n_strx; /* index into the string table */ //str_adr=stroff+n_strx } n_un; uint8_t n_type; /* type flag, see below */ uint8_t n_sect; /* section number or NO_SECT */ uint16_t n_desc; /* see */ uint64_t n_value; /* value of this symbol (or stab offset) */ }; //samples, str=0x39A9C48 //25000000 0F060000 940BFF00 80FFFFFF constructors_used, seg=__DATA:__lock_grp //2D9D0000 0F170000 00601000 80FFFFFF _BootPDPT __HIB:__text //EDCD0000 0F010000 F0729D00 80FFFFFF _IOFlushProcessorCache __TEXT:__text //7DE90000 0F150000 B0A6C100 80FFFFFF _KHEAP_AUDIT __DATA_CONST:__mod_init_func /* * Symbols with a index into the string table of zero (n_un.n_strx == 0) are * defined to have a null, "", name. Therefore all string indexes to non null * names must not have a zero string index. This is bit historical information * that has never been well documented. */ /* * The n_type field really contains four fields: * unsigned char N_STAB:3, * N_PEXT:1, * N_TYPE:3, * N_EXT:1; * which are used via the following masks. */ #define N_STAB 0xe0 /* if any of these bits set, a symbolic debugging entry */ #define N_PEXT 0x10 /* private external symbol bit */ #define N_TYPE 0x0e /* mask for the type bits */ #define N_EXT 0x01 /* external symbol bit, set for external symbols */ /* * Only symbolic debugging entries have some of the N_STAB bits set and if any * of these bits are set then it is a symbolic debugging entry (a stab). In * which case then the values of the n_type field (the entire field) are given * in */ /* * Symbolic debugger symbols. The comments give the conventional use for * * .stabs "n_name", n_type, n_sect, n_desc, n_value * * where n_type is the defined constant and not listed in the comment. Other * fields not listed are zero. n_sect is the section ordinal the entry is * refering to. */ #define N_GSYM 0x20 /* global symbol: name,,NO_SECT,type,0 */ #define N_FNAME 0x22 /* procedure name (f77 kludge): name,,NO_SECT,0,0 */ #define N_FUN 0x24 /* procedure: name,,n_sect,linenumber,address */ #define N_STSYM 0x26 /* static symbol: name,,n_sect,type,address */ #define N_LCSYM 0x28 /* .lcomm symbol: name,,n_sect,type,address */ #define N_BNSYM 0x2e /* begin nsect sym: 0,,n_sect,0,address */ #define N_AST 0x32 /* AST file path: name,,NO_SECT,0,0 */ #define N_OPT 0x3c /* emitted with gcc2_compiled and in gcc source */ #define N_RSYM 0x40 /* register sym: name,,NO_SECT,type,register */ #define N_SLINE 0x44 /* src line: 0,,n_sect,linenumber,address */ #define N_ENSYM 0x4e /* end nsect sym: 0,,n_sect,0,address */ #define N_SSYM 0x60 /* structure elt: name,,NO_SECT,type,struct_offset */ #define N_SO 0x64 /* source file name: name,,n_sect,0,address */ #define N_OSO 0x66 /* object file name: name,,0,0,st_mtime */ #define N_LSYM 0x80 /* local sym: name,,NO_SECT,type,offset */ #define N_BINCL 0x82 /* include file beginning: name,,NO_SECT,0,sum */ #define N_SOL 0x84 /* #included file name: name,,n_sect,0,address */ #define N_PARAMS 0x86 /* compiler parameters: name,,NO_SECT,0,0 */ #define N_VERSION 0x88 /* compiler version: name,,NO_SECT,0,0 */ #define N_OLEVEL 0x8A /* compiler -O level: name,,NO_SECT,0,0 */ #define N_PSYM 0xa0 /* parameter: name,,NO_SECT,type,offset */ #define N_EINCL 0xa2 /* include file end: name,,NO_SECT,0,0 */ #define N_ENTRY 0xa4 /* alternate entry: name,,n_sect,linenumber,address */ #define N_LBRAC 0xc0 /* left bracket: 0,,NO_SECT,nesting level,address */ #define N_EXCL 0xc2 /* deleted include file: name,,NO_SECT,0,sum */ #define N_RBRAC 0xe0 /* right bracket: 0,,NO_SECT,nesting level,address */ #define N_BCOMM 0xe2 /* begin common: name,,NO_SECT,0,0 */ #define N_ECOMM 0xe4 /* end common: name,,n_sect,0,0 */ #define N_ECOML 0xe8 /* end common (local name): 0,,n_sect,0,address */ #define N_LENG 0xfe /* second stab entry with length information */ /* * Values for N_TYPE bits of the n_type field. */ #define N_UNDF 0x0 /* undefined, n_sect == NO_SECT */ #define N_ABS 0x2 /* absolute, n_sect == NO_SECT */ #define N_SECT 0xe /* defined in section number n_sect */ #define N_PBUD 0xc /* prebound undefined (defined in a dylib) */ #define N_INDR 0xa /* indirect */ /* * If the type is N_INDR then the symbol is defined to be the same as another * symbol. In this case the n_value field is an index into the string table * of the other symbol's name. When the other symbol is defined then they both * take on the defined type and value. */ /* * If the type is N_SECT then the n_sect field contains an ordinal of the * section the symbol is defined in. The sections are numbered from 1 and * refer to sections in order they appear in the load commands for the file * they are in. This means the same ordinal may very well refer to different * sections in different files. * * The n_value field for all symbol table entries (including N_STAB's) gets * updated by the link editor based on the value of it's n_sect field and where * the section n_sect references gets relocated. If the value of the n_sect * field is NO_SECT then it's n_value field is not changed by the link editor. */ #define NO_SECT 0 /* symbol is not in any section */ #define MAX_SECT 255 /* 1 thru 255 inclusive */ /* * Common symbols are represented by undefined (N_UNDF) external (N_EXT) types * who's values (n_value) are non-zero. In which case the value of the n_value * field is the size (in bytes) of the common symbol. The n_sect field is set * to NO_SECT. The alignment of a common symbol may be set as a power of 2 * between 2^1 and 2^15 as part of the n_desc field using the macros below. If * the alignment is not set (a value of zero) then natural alignment based on * the size is used. */ #define GET_COMM_ALIGN(n_desc) (((n_desc) >> 8) & 0x0f) #define SET_COMM_ALIGN(n_desc,align) \ (n_desc) = (((n_desc) & 0xf0ff) | (((align) & 0x0f) << 8)) /* * To support the lazy binding of undefined symbols in the dynamic link-editor, * the undefined symbols in the symbol table (the nlist structures) are marked * with the indication if the undefined reference is a lazy reference or * non-lazy reference. If both a non-lazy reference and a lazy reference is * made to the same symbol the non-lazy reference takes precedence. A reference * is lazy only when all references to that symbol are made through a symbol * pointer in a lazy symbol pointer section. * * The implementation of marking nlist structures in the symbol table for * undefined symbols will be to use some of the bits of the n_desc field as a * reference type. The mask REFERENCE_TYPE will be applied to the n_desc field * of an nlist structure for an undefined symbol to determine the type of * undefined reference (lazy or non-lazy). * * The constants for the REFERENCE FLAGS are propagated to the reference table * in a shared library file. In that case the constant for a defined symbol, * REFERENCE_FLAG_DEFINED, is also used. */ /* Reference type bits of the n_desc field of undefined symbols */ #define REFERENCE_TYPE 0x7 /* types of references */ #define REFERENCE_FLAG_UNDEFINED_NON_LAZY 0 #define REFERENCE_FLAG_UNDEFINED_LAZY 1 #define REFERENCE_FLAG_DEFINED 2 #define REFERENCE_FLAG_PRIVATE_DEFINED 3 #define REFERENCE_FLAG_PRIVATE_UNDEFINED_NON_LAZY 4 #define REFERENCE_FLAG_PRIVATE_UNDEFINED_LAZY 5 /* * To simplify stripping of objects that use are used with the dynamic link * editor, the static link editor marks the symbols defined an object that are * referenced by a dynamicly bound object (dynamic shared libraries, bundles). * With this marking strip knows not to strip these symbols. */ #define REFERENCED_DYNAMICALLY 0x0010 /* * For images created by the static link editor with the -twolevel_namespace * option in effect the flags field of the mach header is marked with * MH_TWOLEVEL. And the binding of the undefined references of the image are * determined by the static link editor. Which library an undefined symbol is * bound to is recorded by the static linker in the high 8 bits of the n_desc * field using the SET_LIBRARY_ORDINAL macro below. The ordinal recorded * references the libraries listed in the Mach-O's LC_LOAD_DYLIB, * LC_LOAD_WEAK_DYLIB, LC_REEXPORT_DYLIB, LC_LOAD_UPWARD_DYLIB, and * LC_LAZY_LOAD_DYLIB, etc. load commands in the order they appear in the * headers. The library ordinals start from 1. * For a dynamic library that is built as a two-level namespace image the * undefined references from module defined in another use the same nlist struct * an in that case SELF_LIBRARY_ORDINAL is used as the library ordinal. For * defined symbols in all images they also must have the library ordinal set to * SELF_LIBRARY_ORDINAL. The EXECUTABLE_ORDINAL refers to the executable * image for references from plugins that refer to the executable that loads * them. * * The DYNAMIC_LOOKUP_ORDINAL is for undefined symbols in a two-level namespace * image that are looked up by the dynamic linker with flat namespace semantics. * This ordinal was added as a feature in Mac OS X 10.3 by reducing the * value of MAX_LIBRARY_ORDINAL by one. So it is legal for existing binaries * or binaries built with older tools to have 0xfe (254) dynamic libraries. In * this case the ordinal value 0xfe (254) must be treated as a library ordinal * for compatibility. */ #define GET_LIBRARY_ORDINAL(n_desc) (((n_desc) >> 8) & 0xff) #define SET_LIBRARY_ORDINAL(n_desc,ordinal) \ (n_desc) = (((n_desc) & 0x00ff) | (((ordinal) & 0xff) << 8)) #define SELF_LIBRARY_ORDINAL 0x0 #define MAX_LIBRARY_ORDINAL 0xfd #define DYNAMIC_LOOKUP_ORDINAL 0xfe #define EXECUTABLE_ORDINAL 0xff /* * The bit 0x0020 of the n_desc field is used for two non-overlapping purposes * and has two different symbolic names, N_NO_DEAD_STRIP and N_DESC_DISCARDED. */ /* * The N_NO_DEAD_STRIP bit of the n_desc field only ever appears in a * relocatable .o file (MH_OBJECT filetype). And is used to indicate to the * static link editor it is never to dead strip the symbol. */ #define N_NO_DEAD_STRIP 0x0020 /* symbol is not to be dead stripped */ /* * The N_DESC_DISCARDED bit of the n_desc field never appears in linked image. * But is used in very rare cases by the dynamic link editor to mark an in * memory symbol as discared and longer used for linking. */ #define N_DESC_DISCARDED 0x0020 /* symbol is discarded */ /* * The N_WEAK_REF bit of the n_desc field indicates to the dynamic linker that * the undefined symbol is allowed to be missing and is to have the address of * zero when missing. */ #define N_WEAK_REF 0x0040 /* symbol is weak referenced */ /* * The N_WEAK_DEF bit of the n_desc field indicates to the static and dynamic * linkers that the symbol definition is weak, allowing a non-weak symbol to * also be used which causes the weak definition to be discared. Currently this * is only supported for symbols in coalesed sections. */ #define N_WEAK_DEF 0x0080 /* coalesed symbol is a weak definition */ /* * The N_REF_TO_WEAK bit of the n_desc field indicates to the dynamic linker * that the undefined symbol should be resolved using flat namespace searching. */ #define N_REF_TO_WEAK 0x0080 /* reference to a weak symbol */ /* * The N_ARM_THUMB_DEF bit of the n_desc field indicates that the symbol is * a defintion of a Thumb function. */ #define N_ARM_THUMB_DEF 0x0008 /* symbol is a Thumb function (ARM) */ /* * The N_SYMBOL_RESOLVER bit of the n_desc field indicates that the * that the function is actually a resolver function and should * be called to get the address of the real function to use. * This bit is only available in .o files (MH_OBJECT filetype) */ #define N_SYMBOL_RESOLVER 0x0100 /* * The N_ALT_ENTRY bit of the n_desc field indicates that the * symbol is pinned to the previous content. */ #define N_ALT_ENTRY 0x0200 #endif /* _MACHO_LOADER_H_ */