2

I’m looking in the Mach-O structure and there is one bit which I am confused over.

I understand the basic structure of a macho file. I'm trying to programmatically read the bytes in the first TEXT section in the first TEXT segment, and I have a pointer to the start of the Mach-O header. I am trying to compute the appropriate offset to add to that pointer so it points to the bytes in the TEXT section.

In order to obtain the data from the sections in segments, I would have to “take the offset of the segment command in the file, add the size of the segment structure, and then loop through nsects times, incrementing the offset by the size of the section struct each time” as mentioned in this article here: https://h3adsh0tzz.com/2020/01/macho-file-format/

However, with reference to the same article, in the “Data” section at the bottom of the page, the article also mentions that the memory addresses are relative to the start of the data and not the start of the Mach-O. In that case, why did we need to calculate all the offsets above if it is relative to the start of the data and not the Mach-O header?

Edit: Just a note, I'm interested in reading the bytes both in memory and on disk.

javiertzr01
  • 21
  • 2
  • I think you misread the section part. That's just a description of how to get to the `struct section_64*` that you're looking for. Nothing about memory addresses of the underlying binary. – Siguza Jul 18 '21 at 21:37
  • If I want to access the code of the __TEXT section from memory, I would have to get a pointer to the mach header of the image using `_dyld_get_image_header()` before I follow the steps to get to the `struct section_64*`. If I want to compare this section from memory with the section of a .dylib file from disk, how would I do it? I forgot where but I have seen some code where they compared it like this. From memory: `offset = section->addr - segment->vmaddr` `Mem = mach_header_obj + offset` From disk: `Disk = header_offset + offset` Wouldn't this lead to the address of load commands? – javiertzr01 Jul 19 '21 at 07:05

0 Answers0