LIEF: Library to Instrument Executable Formats Version 0.15.1
Loading...
Searching...
No Matches
LIEF::MachO::ThreadCommand Class Reference

Class that represents the LC_THREAD / LC_UNIXTHREAD commands and that can be used to get the binary entrypoint when the LC_MAIN (MainCommand) is not present. More...

#include <ThreadCommand.hpp>

Inheritance diagram for LIEF::MachO::ThreadCommand:
Collaboration diagram for LIEF::MachO::ThreadCommand:

Public Member Functions

 ThreadCommand ()=default
 
 ThreadCommand (const details::thread_command &cmd, Header::CPU_TYPE arch=Header::CPU_TYPE::ANY)
 
 ThreadCommand (uint32_t flavor, uint32_t count, Header::CPU_TYPE arch=Header::CPU_TYPE::ANY)
 
ThreadCommandoperator= (const ThreadCommand &copy)=default
 
 ThreadCommand (const ThreadCommand &copy)=default
 
std::unique_ptr< LoadCommandclone () const override
 
 ~ThreadCommand () override=default
 
uint32_t flavor () const
 Integer that defines a special flavor for the thread.
 
uint32_t count () const
 Size of the thread state data with 32-bits alignment.
 
Header::CPU_TYPE architecture () const
 The CPU architecture that is targeted by this ThreadCommand.
 
span< const uint8_t > state () const
 The actual thread state as a vector of bytes. Depending on the architecture(), these data can be casted into x86_thread_state_t, x86_thread_state64_t, ...
 
span< uint8_t > state ()
 
uint64_t pc () const
 Return the initial Program Counter regardless of the underlying architecture. This value, when non null, can be used to determine the binary's entrypoint.
 
void state (std::vector< uint8_t > state)
 
void flavor (uint32_t flavor)
 
void count (uint32_t count)
 
void architecture (Header::CPU_TYPE arch)
 
void accept (Visitor &visitor) const override
 
std::ostream & print (std::ostream &os) const override
 
- Public Member Functions inherited from LIEF::MachO::LoadCommand
 LoadCommand ()=default
 
 LoadCommand (const details::load_command &command)
 
 LoadCommand (LoadCommand::TYPE type, uint32_t size)
 
LoadCommandoperator= (const LoadCommand &copy)=default
 
 LoadCommand (const LoadCommand &copy)=default
 
void swap (LoadCommand &other) noexcept
 
 ~LoadCommand () override=default
 
LoadCommand::TYPE command () const
 Command type.
 
uint32_t size () const
 Size of the command (should be greather than sizeof(load_command))
 
span< const uint8_t > data () const
 Raw command.
 
uint64_t command_offset () const
 Offset of the command within the Load Command Table
 
void data (raw_t data)
 
void command (LoadCommand::TYPE command)
 
void size (uint32_t size)
 
void command_offset (uint64_t offset)
 
- Public Member Functions inherited from LIEF::Object
 Object ()
 
 Object (const Object &other)
 
Objectoperator= (const Object &other)
 
template<class T >
output_t< T > as ()
 
template<class T >
output_const_t< T > as () const
 
virtual bool operator== (const Object &other) const
 
virtual bool operator!= (const Object &other) const
 
virtual ~Object ()
 

Static Public Member Functions

static bool classof (const LoadCommand *cmd)
 
- Static Public Member Functions inherited from LIEF::MachO::LoadCommand
static bool is_linkedit_data (const LoadCommand &cmd)
 

Additional Inherited Members

- Public Types inherited from LIEF::MachO::LoadCommand
enum class  TYPE : uint64_t {
  UNKNOWN = 0 , SEGMENT = 0x00000001u , SYMTAB = 0x00000002u , SYMSEG = 0x00000003u ,
  THREAD = 0x00000004u , UNIXTHREAD = 0x00000005u , LOADFVMLIB = 0x00000006u , IDFVMLIB = 0x00000007u ,
  IDENT = 0x00000008u , FVMFILE = 0x00000009u , PREPAGE = 0x0000000Au , DYSYMTAB = 0x0000000Bu ,
  LOAD_DYLIB = 0x0000000Cu , ID_DYLIB = 0x0000000Du , LOAD_DYLINKER = 0x0000000Eu , ID_DYLINKER = 0x0000000Fu ,
  PREBOUND_DYLIB = 0x00000010u , ROUTINES = 0x00000011u , SUB_FRAMEWORK = 0x00000012u , SUB_UMBRELLA = 0x00000013u ,
  SUB_CLIENT = 0x00000014u , SUB_LIBRARY = 0x00000015u , TWOLEVEL_HINTS = 0x00000016u , PREBIND_CKSUM = 0x00000017u ,
  LOAD_WEAK_DYLIB = 0x80000018u , SEGMENT_64 = 0x00000019u , ROUTINES_64 = 0x0000001Au , UUID = 0x0000001Bu ,
  RPATH = 0x8000001Cu , CODE_SIGNATURE = 0x0000001Du , SEGMENT_SPLIT_INFO = 0x0000001Eu , REEXPORT_DYLIB = 0x8000001Fu ,
  LAZY_LOAD_DYLIB = 0x00000020u , ENCRYPTION_INFO = 0x00000021u , DYLD_INFO = 0x00000022u , DYLD_INFO_ONLY = 0x80000022u ,
  LOAD_UPWARD_DYLIB = 0x80000023u , VERSION_MIN_MACOSX = 0x00000024u , VERSION_MIN_IPHONEOS = 0x00000025u , FUNCTION_STARTS = 0x00000026u ,
  DYLD_ENVIRONMENT = 0x00000027u , MAIN = 0x80000028u , DATA_IN_CODE = 0x00000029u , SOURCE_VERSION = 0x0000002Au ,
  DYLIB_CODE_SIGN_DRS = 0x0000002Bu , ENCRYPTION_INFO_64 = 0x0000002Cu , LINKER_OPTION = 0x0000002Du , LINKER_OPTIMIZATION_HINT = 0x0000002Eu ,
  VERSION_MIN_TVOS = 0x0000002Fu , VERSION_MIN_WATCHOS = 0x00000030u , NOTE = 0x00000031u , BUILD_VERSION = 0x00000032u ,
  DYLD_EXPORTS_TRIE = 0x80000033u , DYLD_CHAINED_FIXUPS = 0x80000034u , FILESET_ENTRY = 0x80000035u , LIEF_UNKNOWN = 0xffee0001u
}
 
using raw_t = std::vector<uint8_t>
 
- Public Types inherited from LIEF::Object
template<class T >
using output_t = add_pointer_t<decay_t<T>>
 
template<class T >
using output_const_t = add_pointer_t<add_const_t<decay_t<T>>>
 

Detailed Description

Class that represents the LC_THREAD / LC_UNIXTHREAD commands and that can be used to get the binary entrypoint when the LC_MAIN (MainCommand) is not present.

Generally speaking, this command aims at defining the original state of the main thread which includes the registers' values

Constructor & Destructor Documentation

◆ ThreadCommand() [1/4]

LIEF::MachO::ThreadCommand::ThreadCommand ( )
default

◆ ThreadCommand() [2/4]

LIEF::MachO::ThreadCommand::ThreadCommand ( const details::thread_command & cmd,
Header::CPU_TYPE arch = Header::CPU_TYPE::ANY )

◆ ThreadCommand() [3/4]

LIEF::MachO::ThreadCommand::ThreadCommand ( uint32_t flavor,
uint32_t count,
Header::CPU_TYPE arch = Header::CPU_TYPE::ANY )

◆ ThreadCommand() [4/4]

LIEF::MachO::ThreadCommand::ThreadCommand ( const ThreadCommand & copy)
default

◆ ~ThreadCommand()

LIEF::MachO::ThreadCommand::~ThreadCommand ( )
overridedefault

Member Function Documentation

◆ accept()

void LIEF::MachO::ThreadCommand::accept ( Visitor & visitor) const
overridevirtual

Reimplemented from LIEF::MachO::LoadCommand.

◆ architecture() [1/2]

Header::CPU_TYPE LIEF::MachO::ThreadCommand::architecture ( ) const
inline

The CPU architecture that is targeted by this ThreadCommand.

◆ architecture() [2/2]

void LIEF::MachO::ThreadCommand::architecture ( Header::CPU_TYPE arch)
inline

◆ classof()

static bool LIEF::MachO::ThreadCommand::classof ( const LoadCommand * cmd)
inlinestatic

◆ clone()

std::unique_ptr< LoadCommand > LIEF::MachO::ThreadCommand::clone ( ) const
inlineoverridevirtual

Reimplemented from LIEF::MachO::LoadCommand.

◆ count() [1/2]

uint32_t LIEF::MachO::ThreadCommand::count ( ) const
inline

Size of the thread state data with 32-bits alignment.

This value should match state().size()

◆ count() [2/2]

void LIEF::MachO::ThreadCommand::count ( uint32_t count)
inline

◆ flavor() [1/2]

uint32_t LIEF::MachO::ThreadCommand::flavor ( ) const
inline

Integer that defines a special flavor for the thread.

The meaning of this value depends on the architecture(). The list of the values can be found in the XNU kernel files:

  • xnu/osfmk/mach/arm/thread_status.h for the ARM/AArch64 architectures
  • xnu/osfmk/mach/i386/thread_status.h for the x86/x86-64 architectures

◆ flavor() [2/2]

void LIEF::MachO::ThreadCommand::flavor ( uint32_t flavor)
inline

◆ operator=()

ThreadCommand & LIEF::MachO::ThreadCommand::operator= ( const ThreadCommand & copy)
default

◆ pc()

uint64_t LIEF::MachO::ThreadCommand::pc ( ) const

Return the initial Program Counter regardless of the underlying architecture. This value, when non null, can be used to determine the binary's entrypoint.

Underneath, it works by looking for the PC register value in the state() data

◆ print()

std::ostream & LIEF::MachO::ThreadCommand::print ( std::ostream & os) const
overridevirtual

Reimplemented from LIEF::MachO::LoadCommand.

◆ state() [1/3]

span< uint8_t > LIEF::MachO::ThreadCommand::state ( )
inline

◆ state() [2/3]

span< const uint8_t > LIEF::MachO::ThreadCommand::state ( ) const
inline

The actual thread state as a vector of bytes. Depending on the architecture(), these data can be casted into x86_thread_state_t, x86_thread_state64_t, ...

◆ state() [3/3]

void LIEF::MachO::ThreadCommand::state ( std::vector< uint8_t > state)
inline

The documentation for this class was generated from the following file: