is64bit = arch.is64bit# prepare mach_header(_64)cputype = arch.cputype cpusubtype = arch.cpusubtypePackedifis64bit: magic =0xFEEDFACFmach_header = Struct(endian +"7I4x")else: magic =0xFEEDFACEmach_header = Struct(endian +"7I")# prepare segment_command(_64)ifis64bit: segment_comm...
image.png 它主要分为三个部分:1.Header 2.Load commands 3Data区 header中表明该文件是 Mach-O 格式,指定目标架构,还有一些其他的文件属性信 息,文件头信息影响后续的文件结构 Load commands是一张包含很多内容的表。内容包括区域的位置、符号表、动态符号表 等。 Data 区主要就是负责代码和数据记录的。Mach-O...
arch = arch_names.get(mach)ifarchisNone:raiseException("Machine %.4x is not supported for PE!"% mach) vw.setMeta('Architecture', arch) vw.setMeta('Format','pe') platform ='windows'# Drivers are platform "winkern" so impapi etc workssubsys = pe.IMAGE_NT_HEADERS.OptionalHeader.Subsyst...
# To compare the structs to their C counterparts, see:# http://fxr.watson.org/fxr/source/EXTERNAL_HEADERS/mach-o/fat.h?v=xnu-1228require'rstruct'extendRstruct::ClassMethodsFAT_MAGIC=0xcafebabeFAT_CIGAM=0xbebafecastruct(:fat_header) {uint32be:magic;# FAT_MAGICuint32be:nfat_arch;# numbe...
开发者ID:Antonin-Deniau,项目名称:cave_miner,代码行数:19,代码来源:mach_o.py 示例6: _read ▲点赞 6▼ # 需要导入模块: import kaitaistruct [as 别名]# 或者: from kaitaistruct importBytesIO[as 别名]def_read(self):self.crc16 = self._io.read_u2le() ...