search

DerekSelander / dsdump

An improved nm + Objective-C & Swift class-dump
1.12k stars 111 forks source link

Missing LC_DYLD_EXPORTS_TRIE support #38

Open MCApollo opened 2 years ago

MCApollo commented 2 years ago

Hey :wave:,

./dsdump -vvvvv --swift <app> segfaults, this- in my case- comes from not checking if self->dyldInfo exists.

Adding a quick check, I'm able to get some borked output but dsdump will crash eventually.

Here's some documentation and line where dyldInfo is set; LC_DYLD_INFO{,_ONLY} is missing & replaced on newer binaries that target 15 for "load-time improvements".

Thanks

https://github.com/qyang-nj/llios/blob/main/exported_symbol/README.md https://github.com/qyang-nj/llios/blob/main/dynamic_linking/chained_fixups.md https://medium.com/geekculture/how-ios-15-makes-your-app-launch-faster-51cf0aa6c520

TLDR: "If the binary is targeted at iOS 14+ or is linked with -fixup_chains linker flag, the same information is stored in LC_DYLD_EXPORTS_TRIE load command instead."

> jtool2 -l <app>

LC 00: LC_SEGMENT_64             Mem: 0x000000000-0x100000000   __PAGEZERO
LC 01: LC_SEGMENT_64             Mem: 0x100000000-0x1020e0000   __TEXT
        Mem: 0x100006138-0x101b3aaf0            __TEXT.__text   (Normal)
        Mem: 0x101b3aaf0-0x101b42bf0            __TEXT.__stubs  (Symbol Stubs)
        Mem: 0x101b42bf0-0x101b42bf8            __TEXT.__init_offsets   (?! (Value 16))
        Mem: 0x101b42bf8-0x101b7e790            __TEXT.__objc_methlist
        Mem: 0x101b7e790-0x101ce4fe8            __TEXT.__const
        Mem: 0x101ce4ff0-0x101de79cc            __TEXT.__cstring        (C-String Literals)
        Mem: 0x101de79d0-0x101e6ac71            __TEXT.__swift5_typeref
        Mem: 0x101e6ac74-0x101e6ac78            __TEXT.__swift5_entry
        Mem: 0x101e6ac78-0x101e6ccf8            __TEXT.__swift5_builtin
        Mem: 0x101e6cd00-0x101ee29b0            __TEXT.__swift5_reflstr
        Mem: 0x101ee29b0-0x101f56c54            __TEXT.__swift5_fieldmd
        Mem: 0x101f56c54-0x101f679fc            __TEXT.__swift5_assocty
        Mem: 0x101f679fc-0x101f73d74            __TEXT.__swift5_proto
        Mem: 0x101f73d74-0x101f7a748            __TEXT.__swift5_types
        Mem: 0x101f7a748-0x101fcebc5            __TEXT.__objc_methname  (C-String Literals)
        Mem: 0x101fcebc8-0x101fd0660            __TEXT.__swift5_protos
        Mem: 0x101fd0660-0x101fee7a0            __TEXT.__swift5_capture
        Mem: 0x101fee7a0-0x101ff4df0            __TEXT.__gcc_except_tab
        Mem: 0x101ff4df0-0x101ff8e77            __TEXT.__objc_classname (C-String Literals)
        Mem: 0x101ff8e77-0x10200252c            __TEXT.__objc_methtype  (C-String Literals)
        Mem: 0x10200252c-0x1020696d4            __TEXT.__unwind_info
        Mem: 0x1020696d8-0x1020dfff4            __TEXT.__eh_frame
LC 02: LC_SEGMENT_64             Mem: 0x1020e0000-0x10221c000   __DATA_CONST
        Mem: 0x1020e0000-0x1020efb58            __DATA_CONST.__got      (Non-Lazy Symbol Ptrs)
        Mem: 0x1020efb58-0x1021e8f80            __DATA_CONST.__const
        Mem: 0x1021e8f80-0x102212b80            __DATA_CONST.__cfstring
        Mem: 0x102212b80-0x102218ff0            __DATA_CONST.__objc_classlist   (Normal)
        Mem: 0x102218ff0-0x102219080            __DATA_CONST.__objc_nlclslist   (Normal)
        Mem: 0x102219080-0x1022196e0            __DATA_CONST.__objc_catlist     (Normal)
        Mem: 0x1022196e0-0x1022196e8            __DATA_CONST.__objc_nlcatlist   (Normal)
        Mem: 0x1022196e8-0x10221a138            __DATA_CONST.__objc_protolist
        Mem: 0x10221a138-0x10221a140            __DATA_CONST.__objc_imageinfo
LC 03: LC_SEGMENT_64             Mem: 0x10221c000-0x1025bc000   __DATA
        Mem: 0x10221c000-0x10231faa0            __DATA.__objc_const
        Mem: 0x10231faa0-0x102334e00            __DATA.__objc_selrefs   (Literal Pointers)
        Mem: 0x102334e00-0x102335458            __DATA.__objc_protorefs
        Mem: 0x102335458-0x102336f10            __DATA.__objc_classrefs (Normal)
        Mem: 0x102336f10-0x102337c88            __DATA.__objc_superrefs (Normal)
        Mem: 0x102337c88-0x102339d5c            __DATA.__objc_ivar
        Mem: 0x102339d60-0x1023c7338            __DATA.__objc_data
        Mem: 0x1023c7338-0x1024974c4            __DATA.__data
        Mem: 0x1024974c8-0x102497560            __DATA.__objc_stublist
        Mem: 0x102497560-0x102497578            __DATA.__objc_catlist2
        Mem: 0x102497578-0x102497630            __DATA.__swift51_hooks
        Mem: 0x102497630-0x1024976e8            __DATA.__swift_hooks
        Mem: 0x1024976f0-0x10259b4b8            __DATA.__bss    (Zero Fill)
        Mem: 0x10259b4c0-0x1025bab40            __DATA.__common (Zero Fill)
LC 04: LC_SEGMENT_64             Mem: 0x1025bc000-0x102814000   __LINKEDIT
LC 05: LC_DYLD_CHAINED_FIXUPS
LC 06: LC_DYLD_EXPORTS_TRIE  
LC 07: LC_SYMTAB             
LC 08: LC_DYSYMTAB           
            1 local symbols at index     0
            2 external symbols at index  1
         5231 undefined symbols at index 3
           No TOC
           No modtab
        10795 Indirect symbols at offset 0x25aec78
LC 09: LC_LOAD_DYLINKER         /usr/lib/dyld
LC 10: LC_UUID                  UUID: 07BC6697-C0CD-3F20-9077-0E568FBE1BC3
LC 11: LC_BUILD_VERSION         Build Version:           Platform: iOS 14.1.0 SDK: 15
LC 12: LC_SOURCE_VERSION        Source Version:          0.0.0.0.0
LC 13: LC_MAIN                  Entry Point:             0x6138 (Mem: 0x1025a15f9)
LC 14: LC_ENCRYPTION_INFO_64    Encryption: 0 from offset 24576 spanning 4096 bytes
MCApollo commented 2 years ago

Here's some bash code to download swift if someone wants to play with this. The swift/utils/ pull script is messed up since the master to main changes.

#!/usr/bin/env bash
# https://src.fedoraproject.org/rpms/swift-lang/blob/80c3f9215c329712f744aa4ff49382637784c0c9/f/swift-lang.spec

export TAG="swift-5.1.4-RELEASE";

export FILES=(
  "https://github.com/apple/swift/archive/${TAG}.tar.gz#/swift.tar.gz"
  "https://github.com/apple/swift-corelibs-libdispatch/archive/${TAG}.tar.gz#/corelibs-libdispatch.tar.gz"
  "https://github.com/apple/swift-corelibs-foundation/archive/${TAG}.tar.gz#/corelibs-foundation.tar.gz"
  "https://github.com/apple/swift-integration-tests/archive/${TAG}.tar.gz#/swift-integration-tests.tar.gz"
  "https://github.com/apple/swift-corelibs-xctest/archive/${TAG}.tar.gz#/corelibs-xctest.tar.gz"
  "https://github.com/apple/swift-package-manager/archive/${TAG}.tar.gz#/package-manager.tar.gz"
  "https://github.com/apple/swift-llbuild/archive/${TAG}.tar.gz#/llbuild.tar.gz"
  "https://github.com/apple/swift-cmark/archive/${TAG}.tar.gz#/cmark.tar.gz"
  "https://github.com/apple/swift-xcode-playground-support/archive/${TAG}.tar.gz#/swift-xcode-playground-support.tar.gz"
  "https://github.com/apple/sourcekit-lsp/archive/${TAG}.tar.gz#/sourcekit-lsp.tar.gz"
  "https://github.com/apple/indexstore-db/archive/${TAG}.tar.gz#/indexstore-db.tar.gz"
  "https://github.com/apple/llvm-project/archive/${TAG}.tar.gz#/llvm-project.tar.gz"
  "https://github.com/apple/swift-syntax/archive/${TAG}.zip#/swift-syntax.zip"
);

for url in ${FILES[@]}; do
  file="$(basename "${url}")";
  base="${file%%.*}";

  wget "${url}" -O "${file}";

  if [[ "${file}" == *".tar"* ]]; then
    tar xf "${file}";
  elif [[ "${file}" == *".zip"* ]]; then
    unzip "${file}";
  else
    echo "No prog to extract ${file}";
  fi

  mv "${base}-${TAG}" "${file}";
done

exit 0;