Exetools

Exetools (https://forum.exetools.com/index.php)
-   Source Code (https://forum.exetools.com/forumdisplay.php?f=46)
-   -   Macho Loader from memory - FPC Mac OS (https://forum.exetools.com/showthread.php?t=18867)

Coldzer0 07-27-2018 05:43

Macho Loader - load macho files in memory without touching the Disk
 
Hello all

as the title said :D

https://github.com/Coldzer0/Macho-loader

<load macho files in memory without touching the Disk>

this code work with mini FPC core librarys <Bare Bones> for Mac OS
the generated files main & libtest.dylib is 8kb only .



< load macho from memory with socket connection >

The macho loader requires access to some system functions
(e.g., NSCreateObjectFileImageFromMemory, NSLinkModule)


that are provided by libdyld.dylib. As we don't know the address of libdyld.dylib in memory .
we first walk to the very top of the stack.

We then start walking downwards on the stack and we inspect
every pointer we find.

The trick is that the offset inside of libdyld.dylib must be
present as it's placed there by the dynamic linker as the
return function when main returns.

We find the offset, we resolve the functions and from then on,
it's standard loading of macho bundle .

the main logic start at "Core/loadfunctions.pas" in loadall() .

Requirements
  • FreePascal Compiler >= v3
  • Mac OS :V
  • nodejs >> for the server.js - or make your own :P

How to Build
  1. Just run ./Build.sh after installing FreePascal
  2. run node server.js
  3. run ./main

that's all - see you soon guys :V


All times are GMT +8. The time now is 23:47.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX