LIEF: Library to Instrument Executable Formats Version 0.16.2
|
Class that represents the LC_THREAD / LC_UNIXTHREAD commands and that can be used to get the binary entrypoint when the LC_MAIN (MainCommand) is not present. More...
#include <ThreadCommand.hpp>
Public Member Functions | |
ThreadCommand ()=default | |
ThreadCommand (const details::thread_command &cmd, Header::CPU_TYPE arch=Header::CPU_TYPE::ANY) | |
ThreadCommand (uint32_t flavor, uint32_t count, Header::CPU_TYPE arch=Header::CPU_TYPE::ANY) | |
ThreadCommand & | operator= (const ThreadCommand ©)=default |
ThreadCommand (const ThreadCommand ©)=default | |
std::unique_ptr< LoadCommand > | clone () const override |
~ThreadCommand () override=default | |
uint32_t | flavor () const |
Integer that defines a special flavor for the thread. | |
uint32_t | count () const |
Size of the thread state data with 32-bits alignment. | |
Header::CPU_TYPE | architecture () const |
The CPU architecture that is targeted by this ThreadCommand. | |
span< const uint8_t > | state () const |
The actual thread state as a vector of bytes. Depending on the architecture(), these data can be casted into x86_thread_state_t, x86_thread_state64_t, ... | |
span< uint8_t > | state () |
uint64_t | pc () const |
Return the initial Program Counter regardless of the underlying architecture. This value, when non null, can be used to determine the binary's entrypoint. | |
void | state (std::vector< uint8_t > state) |
void | flavor (uint32_t flavor) |
void | count (uint32_t count) |
void | architecture (Header::CPU_TYPE arch) |
void | accept (Visitor &visitor) const override |
std::ostream & | print (std::ostream &os) const override |
Public Member Functions inherited from LIEF::MachO::LoadCommand | |
LoadCommand ()=default | |
LoadCommand (const details::load_command &command) | |
LoadCommand (LoadCommand::TYPE type, uint32_t size) | |
LoadCommand & | operator= (const LoadCommand ©)=default |
LoadCommand (const LoadCommand ©)=default | |
void | swap (LoadCommand &other) noexcept |
~LoadCommand () override=default | |
LoadCommand::TYPE | command () const |
Command type. | |
uint32_t | size () const |
Size of the command (should be greather than sizeof(load_command) ) | |
span< const uint8_t > | data () const |
Raw command. | |
uint64_t | command_offset () const |
Offset of the command within the Load Command Table | |
void | data (raw_t data) |
void | command (LoadCommand::TYPE command) |
void | size (uint32_t size) |
void | command_offset (uint64_t offset) |
template<class T > | |
const T * | cast () const |
template<class T > | |
T * | cast () |
Public Member Functions inherited from LIEF::Object | |
Object () | |
Object (const Object &other) | |
Object & | operator= (const Object &other) |
template<class T > | |
output_t< T > | as () |
template<class T > | |
output_const_t< T > | as () const |
virtual bool | operator== (const Object &other) const |
virtual bool | operator!= (const Object &other) const |
virtual | ~Object () |
Static Public Member Functions | |
static bool | classof (const LoadCommand *cmd) |
Static Public Member Functions inherited from LIEF::MachO::LoadCommand | |
static bool | is_linkedit_data (const LoadCommand &cmd) |
Additional Inherited Members | |
Public Types inherited from LIEF::MachO::LoadCommand | |
enum class | TYPE : uint64_t { UNKNOWN = 0 , SEGMENT = 0x00000001u , SYMTAB = 0x00000002u , SYMSEG = 0x00000003u , THREAD = 0x00000004u , UNIXTHREAD = 0x00000005u , LOADFVMLIB = 0x00000006u , IDFVMLIB = 0x00000007u , IDENT = 0x00000008u , FVMFILE = 0x00000009u , PREPAGE = 0x0000000Au , DYSYMTAB = 0x0000000Bu , LOAD_DYLIB = 0x0000000Cu , ID_DYLIB = 0x0000000Du , LOAD_DYLINKER = 0x0000000Eu , ID_DYLINKER = 0x0000000Fu , PREBOUND_DYLIB = 0x00000010u , ROUTINES = 0x00000011u , SUB_FRAMEWORK = 0x00000012u , SUB_UMBRELLA = 0x00000013u , SUB_CLIENT = 0x00000014u , SUB_LIBRARY = 0x00000015u , TWOLEVEL_HINTS = 0x00000016u , PREBIND_CKSUM = 0x00000017u , LOAD_WEAK_DYLIB = 0x80000018u , SEGMENT_64 = 0x00000019u , ROUTINES_64 = 0x0000001Au , UUID = 0x0000001Bu , RPATH = 0x8000001Cu , CODE_SIGNATURE = 0x0000001Du , SEGMENT_SPLIT_INFO = 0x0000001Eu , REEXPORT_DYLIB = 0x8000001Fu , LAZY_LOAD_DYLIB = 0x00000020u , ENCRYPTION_INFO = 0x00000021u , DYLD_INFO = 0x00000022u , DYLD_INFO_ONLY = 0x80000022u , LOAD_UPWARD_DYLIB = 0x80000023u , VERSION_MIN_MACOSX = 0x00000024u , VERSION_MIN_IPHONEOS = 0x00000025u , FUNCTION_STARTS = 0x00000026u , DYLD_ENVIRONMENT = 0x00000027u , MAIN = 0x80000028u , DATA_IN_CODE = 0x00000029u , SOURCE_VERSION = 0x0000002Au , DYLIB_CODE_SIGN_DRS = 0x0000002Bu , ENCRYPTION_INFO_64 = 0x0000002Cu , LINKER_OPTION = 0x0000002Du , LINKER_OPTIMIZATION_HINT = 0x0000002Eu , VERSION_MIN_TVOS = 0x0000002Fu , VERSION_MIN_WATCHOS = 0x00000030u , NOTE = 0x00000031u , BUILD_VERSION = 0x00000032u , DYLD_EXPORTS_TRIE = 0x80000033u , DYLD_CHAINED_FIXUPS = 0x80000034u , FILESET_ENTRY = 0x80000035u , LIEF_UNKNOWN = 0xffee0001u } |
using | raw_t = std::vector<uint8_t> |
Public Types inherited from LIEF::Object | |
template<class T > | |
using | output_t = add_pointer_t<decay_t<T>> |
template<class T > | |
using | output_const_t = add_pointer_t<add_const_t<decay_t<T>>> |
Class that represents the LC_THREAD / LC_UNIXTHREAD commands and that can be used to get the binary entrypoint when the LC_MAIN (MainCommand) is not present.
Generally speaking, this command aims at defining the original state of the main thread which includes the registers' values
|
default |
LIEF::MachO::ThreadCommand::ThreadCommand | ( | const details::thread_command & | cmd, |
Header::CPU_TYPE | arch = Header::CPU_TYPE::ANY ) |
LIEF::MachO::ThreadCommand::ThreadCommand | ( | uint32_t | flavor, |
uint32_t | count, | ||
Header::CPU_TYPE | arch = Header::CPU_TYPE::ANY ) |
|
default |
|
overridedefault |
|
overridevirtual |
Reimplemented from LIEF::MachO::LoadCommand.
|
inline |
The CPU architecture that is targeted by this ThreadCommand.
|
inline |
|
inlinestatic |
References LIEF::MachO::LoadCommand::command().
|
inlineoverridevirtual |
Reimplemented from LIEF::MachO::LoadCommand.
|
inline |
|
inline |
|
inline |
Integer that defines a special flavor for the thread.
The meaning of this value depends on the architecture(). The list of the values can be found in the XNU kernel files:
|
inline |
|
default |
uint64_t LIEF::MachO::ThreadCommand::pc | ( | ) | const |
Return the initial Program Counter regardless of the underlying architecture. This value, when non null, can be used to determine the binary's entrypoint.
Underneath, it works by looking for the PC register value in the state() data
|
overridevirtual |
Reimplemented from LIEF::MachO::LoadCommand.
|
inline |
|
inline |
The actual thread state as a vector of bytes. Depending on the architecture(), these data can be casted into x86_thread_state_t, x86_thread_state64_t, ...
|
inline |