#1
|
|||
|
|||
Macho Loader - load macho files in memory without touching the Disk
Hello all
as the title said https://github.com/Coldzer0/Macho-loader this code work with mini FPC core librarys the generated files main & libtest.dylib is 8kb only . < load macho from memory with socket connection > The macho loader requires access to some system functions (e.g., NSCreateObjectFileImageFromMemory, NSLinkModule) that are provided by libdyld.dylib. As we don't know the address of libdyld.dylib in memory . we first walk to the very top of the stack. We then start walking downwards on the stack and we inspect every pointer we find. The trick is that the offset inside of libdyld.dylib must be present as it's placed there by the dynamic linker as the return function when main returns. We find the offset, we resolve the functions and from then on, it's standard loading of macho bundle . the main logic start at "Core/loadfunctions.pas" in loadall() . Requirements
How to Build
that's all - see you soon guys :V Last edited by Coldzer0; 07-27-2018 at 06:11. |
The Following 3 Users Say Thank You to Coldzer0 For This Useful Post: | ||
Tags |
coldzer0, macho, macho_loader, osx, reverse_engineering |
|
|