kernelcache

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 7, 2023 License: MIT Imports: 36 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	RET_NONE     returnType = 0
	RET_INT_T    returnType = 1
	RET_UINT_T   returnType = 2
	RET_OFF_T    returnType = 3
	RET_ADDR_T   returnType = 4
	RET_SIZE_T   returnType = 5
	RET_SSIZE_T  returnType = 6
	RET_UINT64_T returnType = 7
)
View Source 
const (
	MACH_TRAP_TABLE_COUNT = 128
)

Variables

This section is empty.

Functions

func Decompress 

func Decompress(kcache, outputDir string) error

Decompress decompresses a compressed kernelcache

func DecompressData 

func DecompressData(cc *CompressedCache) ([]byte, error)

DecompressData decompresses compressed kernelcache []byte data

func DecompressKernelManagement 

func DecompressKernelManagement(kcache, outputDir string) error

DecompressKernelManagement decompresses a compressed KernelManagement_host kernelcache

func DecompressKernelManagementData 

func DecompressKernelManagementData(kcache string) ([]byte, error)

DecompressKernelManagementData decompresses a compressed KernelManagement_host kernelcache's data

func Extract 

func Extract(ipsw, destPath string) (map[string][]string, error)

Extract extracts and decompresses a kernelcache from ipsw

func File2lines 

func File2lines(filePath string) ([]string, error)

func GetKextStartVMAddrs 

func GetKextStartVMAddrs(m *macho.File) ([]uint64, error)

func InsertStringToFile 

func InsertStringToFile(path, str string, index int) error

InsertStringToFile inserts sting to n-th line of file. If you want to insert a line, append newline '\n' to the end of the string.

func InspectKM 

func InspectKM(m *macho.File, filter string, explicitOnly, asJSON bool) (string, error)

func KextList 

func KextList(kernelPath string, diffable bool) ([]string, error)

KextList lists all the kernel extensions in the kernelcache

func LinesFromReader 

func LinesFromReader(r io.Reader) ([]string, error)

func Parse 

func Parse(r io.ReadCloser) ([]byte, error)

Parse parses the compressed kernelcache Img4 data

func ParseMachO 

func ParseMachO(name string) error

ParseMachO parses the kernelcache as a mach-o

func ParseSyscallFiles 

func ParseSyscallFiles(output string) error

func ParseSyscallHeader 

func ParseSyscallHeader() (map[int]string, error)

func ParseSyscallsMaster 

func ParseSyscallsMaster() (map[int]sysMaster, error)

func RemoteParse 

func RemoteParse(zr *zip.Reader, destPath string) (map[string][]string, error)

RemoteParse parses plist files in a remote ipsw file

Types

type BsdSyscall 

type BsdSyscall struct {
	Arguments []string `json:"arguments"`
	Name      string   `json:"name"`
	Number    int      `json:"number"`
	Old       bool     `json:"old,omitempty"`
}

BsdSyscall is the bsd syscall object

type CFBundle 

type CFBundle struct {
	ID   string `plist:"CFBundleIdentifier,omitempty" json:"id,omitempty"`
	Name string `plist:"CFBundleName,omitempty" json:"name,omitempty"`

	SDK                 string   `plist:"DTSDKName,omitempty" json:"sdk,omitempty"`
	SDKBuild            string   `plist:"DTSDKBuild,omitempty" json:"sdk_build,omitempty"`
	Xcode               string   `plist:"DTXcode,omitempty" json:"xcode,omitempty"`
	XcodeBuild          string   `plist:"DTXcodeBuild,omitempty" json:"xcode_build,omitempty"`
	Copyright           string   `plist:"NSHumanReadableCopyright,omitempty" json:"copyright,omitempty"`
	BuildMachineOSBuild string   `plist:"BuildMachineOSBuild,omitempty" json:"build_machine_os_build,omitempty"`
	DevelopmentRegion   string   `plist:"CFBundleDevelopmentRegion,omitempty" json:"development_region,omitempty"`
	PlatformName        string   `plist:"DTPlatformName,omitempty" json:"platform_name,omitempty"`
	PlatformVersion     string   `plist:"DTPlatformVersion,omitempty" json:"platform_version,omitempty"`
	PlatformBuild       string   `plist:"DTPlatformBuild,omitempty" json:"platform_build,omitempty"`
	PackageType         string   `plist:"CFBundlePackageType,omitempty" json:"package_type,omitempty"`
	Version             string   `plist:"CFBundleVersion,omitempty" json:"version,omitempty"`
	ShortVersionString  string   `plist:"CFBundleShortVersionString,omitempty" json:"short_version_string,omitempty"`
	CompatibleVersion   string   `plist:"OSBundleCompatibleVersion,omitempty" json:"compatible_version,omitempty"`
	MinimumOSVersion    string   `plist:"MinimumOSVersion,omitempty" json:"minimum_os_version,omitempty"`
	SupportedPlatforms  []string `plist:"CFBundleSupportedPlatforms,omitempty" json:"supported_platforms,omitempty"`
	Signature           string   `plist:"CFBundleSignature,omitempty" json:"signature,omitempty"`

	IOKitPersonalities map[string]interface{} `plist:"IOKitPersonalities,omitempty" json:"io_kit_personalities,omitempty"`
	OSBundleLibraries  map[string]string      `plist:"OSBundleLibraries,omitempty" json:"os_bundle_libraries,omitempty"`
	UIDeviceFamily     []int                  `plist:"UIDeviceFamily,omitempty" json:"ui_device_family,omitempty"`

	OSBundleRequired             string   `plist:"OSBundleRequired,omitempty" json:"os_bundle_required,omitempty"`
	UIRequiredDeviceCapabilities []string `plist:"UIRequiredDeviceCapabilities,omitempty" json:"ui_required_device_capabilities,omitempty"`

	AppleSecurityExtension bool `plist:"AppleSecurityExtension,omitempty" json:"apple_security_extension,omitempty"`

	InfoDictionaryVersion string `plist:"CFBundleInfoDictionaryVersion,omitempty" json:"info_dictionary_version,omitempty"`
	OSKernelResource      bool   `plist:"OSKernelResource,omitempty" json:"os_kernel_resource,omitempty"`
	GetInfoString         string `plist:"CFBundleGetInfoString,omitempty" json:"get_info_string,omitempty"`
	AllowUserLoad         bool   `plist:"OSBundleAllowUserLoad,omitempty" json:"allow_user_load,omitempty"`
	ExecutableLoadAddr    uint64 `plist:"_PrelinkExecutableLoadAddr,omitempty" json:"executable_load_addr,omitempty"`

	ModuleIndex  uint64 `plist:"ModuleIndex,omitempty" json:"module_index,omitempty"`
	Executable   string `plist:"CFBundleExecutable,omitempty" json:"executable,omitempty"`
	BundlePath   string `plist:"_PrelinkBundlePath,omitempty" json:"bundle_path,omitempty"`
	RelativePath string `plist:"_PrelinkExecutableRelativePath,omitempty" json:"relative_path,omitempty"`
}

func GetKexts 

func GetKexts(kernel *macho.File) ([]CFBundle, error)

type CompressedCache 

type CompressedCache struct {
	Magic  []byte
	Header interface{}
	Size   int
	Data   []byte
}

A CompressedCache represents an open compressed kernelcache file.

func ParseImg4Data 

func ParseImg4Data(data []byte) (*CompressedCache, error)

ParseImg4Data parses a img4 data containing a compressed kernelcache.

type Im4p 

type Im4p struct {
	IM4P    string
	Name    string
	Version string
	Data    []byte
}

Im4p Kernelcache object

type KernelVersion 

type KernelVersion struct {
	// The darwin version
	Darwin string `json:"darwin,omitempty"`
	// The build date
	Date time.Time `json:"date,omitempty"`
	// The xnu version
	XNU string `json:"xnu,omitempty"`
	// The kernel type
	Type string `json:"type,omitempty"`
	// The kernel architecture
	Arch string `json:"arch,omitempty"`
	// The kernel CPU
	CPU string `json:"cpu,omitempty"`
}

KernelVersion represents the kernel version. swagger:model

type KmodInfoT 

type KmodInfoT struct {
	NextAddr          uint64
	InfoVersion       int32
	ID                uint32
	Name              [64]byte
	Version           [64]byte
	ReferenceCount    int32  // # linkage refs to this
	ReferenceListAddr uint64 // who this refs (links on)
	Address           uint64 // starting address
	Size              uint64 // total size
	HeaderSize        uint64 // unwired hdr size
	StartAddr         uint64
	StopAddr          uint64
}

func GetKextInfos 

func GetKextInfos(m *macho.File) ([]KmodInfoT, error)

func (KmodInfoT) String 

func (i KmodInfoT) String() string

type LLVMVersion 

type LLVMVersion struct {
	// The LLVM version
	Version string `json:"version,omitempty"`
	// The LLVM compiler
	Clang string `json:"clang,omitempty"`
	// The LLVM compiler flags
	Flags []string `json:"flags,omitempty"`
}

LLVMVersion represents the LLVM version used to compile the kernel. swagger:model

type MachSyscall 

type MachSyscall struct {
	Arguments []string `json:"arguments"`
	Name      string   `json:"name"`
	Number    int      `json:"number"`
}

MachSyscall is the mach tral object

type MachTrap 

type MachTrap struct {
	Number int
	Name   string
	Args   []string
	// contains filtered or unexported fields
}

MachTrap is the mach_trap object

func GetMachTrapTable 

func GetMachTrapTable(m *macho.File) ([]MachTrap, error)

GetMachTrapTable returns the mach trap table for the given kernel.

func (MachTrap) String 

func (m MachTrap) String() string

type PrelinkInfo 

type PrelinkInfo struct {
	PrelinkInfoDictionary []CFBundle `plist:"_PrelinkInfoDictionary,omitempty" json:"prelink_info_dictionary,omitempty"`
}

type SyscallData 

type SyscallData struct {
	Names map[int]string
	Table map[int]sysMaster
}

type SyscallsData 

type SyscallsData struct {
	MachSyscalls []MachSyscall `json:"mach_syscalls"`
	BsdSyscalls  []BsdSyscall  `json:"bsd_syscalls"`
}

SyscallsData is the struct that holds the syscall data

func (SyscallsData) GetBsdSyscallByNumber 

func (s SyscallsData) GetBsdSyscallByNumber(num int) (BsdSyscall, error)

func (SyscallsData) GetMachSyscallByNumber 

func (s SyscallsData) GetMachSyscallByNumber(num int) (MachSyscall, error)

GetMachSyscallByNumber returns the mach trap for the given number

type Sysent 

type Sysent struct {
	Number int      `json:"number,omitempty"`
	Name   string   `json:"name,omitempty"`
	DBName string   `json:"old_name,omitempty"`
	Args   []string `json:"args,omitempty"`
	Proto  string   `json:"proto,omitempty"`
	New    bool     `json:"new,omitempty"`
	Old    bool     `json:"old,omitempty"`
	// contains filtered or unexported fields
}

func GetSyscallTable 

func GetSyscallTable(m *macho.File) ([]Sysent, error)

GetSyscallTable returns a map of system call table as array of sysent structs

func (Sysent) String 

func (s Sysent) String() string

type Version 

type Version struct {
	// swagger:model
	KernelVersion `json:"kernel,omitempty"`
	// swagger:allOf
	LLVMVersion `json:"llvm,omitempty"`
	// contains filtered or unexported fields
}

Version represents the kernel version and LLVM version. swagger:response kernelcacheVersion

func GetVersion 

func GetVersion(m *macho.File) (*Version, error)

func (*Version) String 

func (v *Version) String() string

Source Files

View all Source files
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.