Struct lief::macho::commands::ThreadCommand

pub struct ThreadCommand<'a> { /* private fields */ }

Structure that represents the LC_THREAD / LC_UNIXTHREAD commands and that can be used to get the binary entrypoint when the LC_MAIN is not present

Generally speaking, this command aims at defining the original state of the main thread which includes the registers’ values

Implementations

impl ThreadCommand<'_>

pub fn flavor(&self) -> u32

Integer that defines a special flavor for the thread.

The meaning of this value depends on the architecture. The list of the values can be found in the XNU kernel files:

• xnu/osfmk/mach/arm/thread_status.h for the ARM/AArch64 architectures
• xnu/osfmk/mach/i386/thread_status.h for the x86/x86-64 architectures

pub fn architecture(&self) -> CpuType

The CPU architecture that is targeted by this Thread Command

pub fn count(&self) -> u32

Size of the thread state data with 32-bits alignment.

This value should match state().len()

pub fn pc(&self) -> u64

Return the initial Program Counter regardless of the underlying architecture. This value, when non null, can be used to determine the binary’s entrypoint.

Underneath, it works by looking for the PC register value in the ThreadCommand::state data

pub fn state(&self) -> &[u8]

The actual thread state as a vector of bytes. Depending on the architecture(), these data can be casted into x86_thread_state_t, x86_thread_state64_t, ...

Trait Implementations

impl Command for ThreadCommand<'_>

fn size(&self) -> u32

Size of the command (should be greather than sizeof(load_command))

fn offset(&self) -> u64

Offset of the command within the Load Command Table

fn command_type(&self) -> LoadCommandTypes

The command’s type

fn data(&self) -> &[u8]

The raw command as a slice of bytes

impl Debug for ThreadCommand<'_>

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.