Documentation
¶
Index ¶
- Constants
- func Decompress(kcache, outputDir string) error
- func DecompressData(cc *CompressedCache) ([]byte, error)
- func DecompressKernelManagement(kcache, outputDir string) error
- func DecompressKernelManagementData(kcache string) ([]byte, error)
- func Extract(ipsw, destPath string) (map[string][]string, error)
- func File2lines(filePath string) ([]string, error)
- func GetKextStartVMAddrs(m *macho.File) ([]uint64, error)
- func InsertStringToFile(path, str string, index int) error
- func InspectKM(m *macho.File, filter string, explicitOnly, asJSON bool) (string, error)
- func KextList(kernelPath string, diffable bool) ([]string, error)
- func LinesFromReader(r io.Reader) ([]string, error)
- func Parse(r io.ReadCloser) ([]byte, error)
- func ParseMachO(name string) error
- func ParseSyscallFiles(output string) error
- func ParseSyscallHeader() (map[int]string, error)
- func ParseSyscallsMaster() (map[int]sysMaster, error)
- func RemoteParse(zr *zip.Reader, destPath string) (map[string][]string, error)
- type BsdSyscall
- type CFBundle
- type CompressedCache
- type Im4p
- type KernelVersion
- type KmodInfoT
- type LLVMVersion
- type MachSyscall
- type MachTrap
- type PrelinkInfo
- type SyscallData
- type SyscallsData
- type Sysent
- type Version
Constants ¶
View Source
const ( RET_NONE returnType = 0 RET_INT_T returnType = 1 RET_UINT_T returnType = 2 RET_OFF_T returnType = 3 RET_ADDR_T returnType = 4 RET_SIZE_T returnType = 5 RET_SSIZE_T returnType = 6 RET_UINT64_T returnType = 7 )
View Source
const (
MACH_TRAP_TABLE_COUNT = 128
)
Variables ¶
This section is empty.
Functions ¶
func Decompress ¶
Decompress decompresses a compressed kernelcache
func DecompressData ¶
func DecompressData(cc *CompressedCache) ([]byte, error)
DecompressData decompresses compressed kernelcache []byte data
func DecompressKernelManagement ¶
DecompressKernelManagement decompresses a compressed KernelManagement_host kernelcache
func DecompressKernelManagementData ¶
DecompressKernelManagementData decompresses a compressed KernelManagement_host kernelcache's data
func File2lines ¶
func GetKextStartVMAddrs ¶
func InsertStringToFile ¶
InsertStringToFile inserts sting to n-th line of file. If you want to insert a line, append newline '\n' to the end of the string.
func Parse ¶
func Parse(r io.ReadCloser) ([]byte, error)
Parse parses the compressed kernelcache Img4 data
func ParseSyscallFiles ¶
func ParseSyscallHeader ¶
func ParseSyscallsMaster ¶
Types ¶
type BsdSyscall ¶
type BsdSyscall struct {
Arguments []string `json:"arguments"`
Name string `json:"name"`
Number int `json:"number"`
Old bool `json:"old,omitempty"`
}
BsdSyscall is the bsd syscall object
type CFBundle ¶
type CFBundle struct {
ID string `plist:"CFBundleIdentifier,omitempty" json:"id,omitempty"`
Name string `plist:"CFBundleName,omitempty" json:"name,omitempty"`
SDK string `plist:"DTSDKName,omitempty" json:"sdk,omitempty"`
SDKBuild string `plist:"DTSDKBuild,omitempty" json:"sdk_build,omitempty"`
Xcode string `plist:"DTXcode,omitempty" json:"xcode,omitempty"`
XcodeBuild string `plist:"DTXcodeBuild,omitempty" json:"xcode_build,omitempty"`
Copyright string `plist:"NSHumanReadableCopyright,omitempty" json:"copyright,omitempty"`
BuildMachineOSBuild string `plist:"BuildMachineOSBuild,omitempty" json:"build_machine_os_build,omitempty"`
DevelopmentRegion string `plist:"CFBundleDevelopmentRegion,omitempty" json:"development_region,omitempty"`
PlatformName string `plist:"DTPlatformName,omitempty" json:"platform_name,omitempty"`
PlatformVersion string `plist:"DTPlatformVersion,omitempty" json:"platform_version,omitempty"`
PlatformBuild string `plist:"DTPlatformBuild,omitempty" json:"platform_build,omitempty"`
PackageType string `plist:"CFBundlePackageType,omitempty" json:"package_type,omitempty"`
Version string `plist:"CFBundleVersion,omitempty" json:"version,omitempty"`
ShortVersionString string `plist:"CFBundleShortVersionString,omitempty" json:"short_version_string,omitempty"`
CompatibleVersion string `plist:"OSBundleCompatibleVersion,omitempty" json:"compatible_version,omitempty"`
MinimumOSVersion string `plist:"MinimumOSVersion,omitempty" json:"minimum_os_version,omitempty"`
SupportedPlatforms []string `plist:"CFBundleSupportedPlatforms,omitempty" json:"supported_platforms,omitempty"`
Signature string `plist:"CFBundleSignature,omitempty" json:"signature,omitempty"`
IOKitPersonalities map[string]interface{} `plist:"IOKitPersonalities,omitempty" json:"io_kit_personalities,omitempty"`
OSBundleLibraries map[string]string `plist:"OSBundleLibraries,omitempty" json:"os_bundle_libraries,omitempty"`
UIDeviceFamily []int `plist:"UIDeviceFamily,omitempty" json:"ui_device_family,omitempty"`
OSBundleRequired string `plist:"OSBundleRequired,omitempty" json:"os_bundle_required,omitempty"`
UIRequiredDeviceCapabilities []string `plist:"UIRequiredDeviceCapabilities,omitempty" json:"ui_required_device_capabilities,omitempty"`
AppleSecurityExtension bool `plist:"AppleSecurityExtension,omitempty" json:"apple_security_extension,omitempty"`
InfoDictionaryVersion string `plist:"CFBundleInfoDictionaryVersion,omitempty" json:"info_dictionary_version,omitempty"`
OSKernelResource bool `plist:"OSKernelResource,omitempty" json:"os_kernel_resource,omitempty"`
GetInfoString string `plist:"CFBundleGetInfoString,omitempty" json:"get_info_string,omitempty"`
AllowUserLoad bool `plist:"OSBundleAllowUserLoad,omitempty" json:"allow_user_load,omitempty"`
ExecutableLoadAddr uint64 `plist:"_PrelinkExecutableLoadAddr,omitempty" json:"executable_load_addr,omitempty"`
ModuleIndex uint64 `plist:"ModuleIndex,omitempty" json:"module_index,omitempty"`
Executable string `plist:"CFBundleExecutable,omitempty" json:"executable,omitempty"`
BundlePath string `plist:"_PrelinkBundlePath,omitempty" json:"bundle_path,omitempty"`
RelativePath string `plist:"_PrelinkExecutableRelativePath,omitempty" json:"relative_path,omitempty"`
}
type CompressedCache ¶
A CompressedCache represents an open compressed kernelcache file.
func ParseImg4Data ¶
func ParseImg4Data(data []byte) (*CompressedCache, error)
ParseImg4Data parses a img4 data containing a compressed kernelcache.
type KernelVersion ¶
type KernelVersion struct {
// The darwin version
Darwin string `json:"darwin,omitempty"`
// The build date
Date time.Time `json:"date,omitempty"`
// The xnu version
XNU string `json:"xnu,omitempty"`
// The kernel type
Type string `json:"type,omitempty"`
// The kernel architecture
Arch string `json:"arch,omitempty"`
// The kernel CPU
CPU string `json:"cpu,omitempty"`
}
KernelVersion represents the kernel version. swagger:model
type KmodInfoT ¶
type KmodInfoT struct {
NextAddr uint64
InfoVersion int32
ID uint32
Name [64]byte
Version [64]byte
ReferenceCount int32 // # linkage refs to this
ReferenceListAddr uint64 // who this refs (links on)
Address uint64 // starting address
Size uint64 // total size
HeaderSize uint64 // unwired hdr size
StartAddr uint64
StopAddr uint64
}
func GetKextInfos ¶
type LLVMVersion ¶
type LLVMVersion struct {
// The LLVM version
Version string `json:"version,omitempty"`
// The LLVM compiler
Clang string `json:"clang,omitempty"`
// The LLVM compiler flags
Flags []string `json:"flags,omitempty"`
}
LLVMVersion represents the LLVM version used to compile the kernel. swagger:model
type MachSyscall ¶
type MachSyscall struct {
Arguments []string `json:"arguments"`
Name string `json:"name"`
Number int `json:"number"`
}
MachSyscall is the mach tral object
type MachTrap ¶
type MachTrap struct {
Number int
Name string
Args []string
// contains filtered or unexported fields
}
MachTrap is the mach_trap object
func GetMachTrapTable ¶
GetMachTrapTable returns the mach trap table for the given kernel.
type PrelinkInfo ¶
type PrelinkInfo struct {
PrelinkInfoDictionary []CFBundle `plist:"_PrelinkInfoDictionary,omitempty" json:"prelink_info_dictionary,omitempty"`
}
type SyscallData ¶
type SyscallsData ¶
type SyscallsData struct {
MachSyscalls []MachSyscall `json:"mach_syscalls"`
BsdSyscalls []BsdSyscall `json:"bsd_syscalls"`
}
SyscallsData is the struct that holds the syscall data
func (SyscallsData) GetBsdSyscallByNumber ¶
func (s SyscallsData) GetBsdSyscallByNumber(num int) (BsdSyscall, error)
func (SyscallsData) GetMachSyscallByNumber ¶
func (s SyscallsData) GetMachSyscallByNumber(num int) (MachSyscall, error)
GetMachSyscallByNumber returns the mach trap for the given number
type Sysent ¶
type Sysent struct {
Number int `json:"number,omitempty"`
Name string `json:"name,omitempty"`
DBName string `json:"old_name,omitempty"`
Args []string `json:"args,omitempty"`
Proto string `json:"proto,omitempty"`
New bool `json:"new,omitempty"`
Old bool `json:"old,omitempty"`
// contains filtered or unexported fields
}
func GetSyscallTable ¶
GetSyscallTable returns a map of system call table as array of sysent structs
type Version ¶
type Version struct {
// swagger:model
KernelVersion `json:"kernel,omitempty"`
// swagger:allOf
LLVMVersion `json:"llvm,omitempty"`
// contains filtered or unexported fields
}
Version represents the kernel version and LLVM version. swagger:response kernelcacheVersion
func GetVersion ¶
Source Files
Click to show internal directories.
Click to hide internal directories.