1/*
2 * Copyright (c) 1999-2019 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23#ifndef _MACHO_LOADER_H_
24#define _MACHO_LOADER_H_
25
26/*
27 * This file describes the format of mach object files.
28 */
29#include <stdint.h>
30
31/*
32 * <mach/machine.h> is needed here for the cpu_type_t and cpu_subtype_t types
33 * and contains the constants for the possible values of these types.
34 */
35#include <mach/machine.h>
36
37/*
38 * <mach/vm_prot.h> is needed here for the vm_prot_t type and contains the
39 * constants that are or'ed together for the possible values of this type.
40 */
41#include <mach/vm_prot.h>
42
43/*
44 * <machine/thread_status.h> is expected to define the flavors of the thread
45 * states and the structures of those flavors for each machine.
46 */
47#include <mach/machine/thread_status.h>
48#include <architecture/byte_order.h>
49
50/*
51 * The 32-bit mach header appears at the very beginning of the object file for
52 * 32-bit architectures.
53 */
54struct mach_header {
55 uint32_t magic; /* mach magic number identifier */
56 cpu_type_t cputype; /* cpu specifier */
57 cpu_subtype_t cpusubtype; /* machine specifier */
58 uint32_t filetype; /* type of file */
59 uint32_t ncmds; /* number of load commands */
60 uint32_t sizeofcmds; /* the size of all the load commands */
61 uint32_t flags; /* flags */
62};
63
64/* Constant for the magic field of the mach_header (32-bit architectures) */
65#define MH_MAGIC 0xfeedface /* the mach magic number */
66#define MH_CIGAM 0xcefaedfe /* NXSwapInt(MH_MAGIC) */
67
68/*
69 * The 64-bit mach header appears at the very beginning of object files for
70 * 64-bit architectures.
71 */
72struct mach_header_64 {
73 uint32_t magic; /* mach magic number identifier */
74 cpu_type_t cputype; /* cpu specifier */
75 cpu_subtype_t cpusubtype; /* machine specifier */
76 uint32_t filetype; /* type of file */
77 uint32_t ncmds; /* number of load commands */
78 uint32_t sizeofcmds; /* the size of all the load commands */
79 uint32_t flags; /* flags */
80 uint32_t reserved; /* reserved */
81};
82
83/* Constant for the magic field of the mach_header_64 (64-bit architectures) */
84#define MH_MAGIC_64 0xfeedfacf /* the 64-bit mach magic number */
85#define MH_CIGAM_64 0xcffaedfe /* NXSwapInt(MH_MAGIC_64) */
86
87/*
88 * The layout of the file depends on the filetype. For all but the MH_OBJECT
89 * file type the segments are padded out and aligned on a segment alignment
90 * boundary for efficient demand pageing. The MH_EXECUTE, MH_FVMLIB, MH_DYLIB,
91 * MH_DYLINKER and MH_BUNDLE file types also have the headers included as part
92 * of their first segment.
93 *
94 * The file type MH_OBJECT is a compact format intended as output of the
95 * assembler and input (and possibly output) of the link editor (the .o
96 * format). All sections are in one unnamed segment with no segment padding.
97 * This format is used as an executable format when the file is so small the
98 * segment padding greatly increases its size.
99 *
100 * The file type MH_PRELOAD is an executable format intended for things that
101 * are not executed under the kernel (proms, stand alones, kernels, etc). The
102 * format can be executed under the kernel but may demand paged it and not
103 * preload it before execution.
104 *
105 * A core file is in MH_CORE format and can be any in an arbritray legal
106 * Mach-O file.
107 *
108 * Constants for the filetype field of the mach_header
109 */
110#define MH_OBJECT 0x1 /* relocatable object file */
111#define MH_EXECUTE 0x2 /* demand paged executable file */
112#define MH_FVMLIB 0x3 /* fixed VM shared library file */
113#define MH_CORE 0x4 /* core file */
114#define MH_PRELOAD 0x5 /* preloaded executable file */
115#define MH_DYLIB 0x6 /* dynamically bound shared library */
116#define MH_DYLINKER 0x7 /* dynamic link editor */
117#define MH_BUNDLE 0x8 /* dynamically bound bundle file */
118#define MH_DYLIB_STUB 0x9 /* shared library stub for static */
119 /* linking only, no section contents */
120#define MH_DSYM 0xa /* companion file with only debug */
121 /* sections */
122#define MH_KEXT_BUNDLE 0xb /* x86_64 kexts */
123#define MH_FILESET 0xc /* set of mach-o's */
124
125/* Constants for the flags field of the mach_header */
126#define MH_NOUNDEFS 0x1 /* the object file has no undefined
127 references */
128#define MH_INCRLINK 0x2 /* the object file is the output of an
129 incremental link against a base file
130 and can't be link edited again */
131#define MH_DYLDLINK 0x4 /* the object file is input for the
132 dynamic linker and can't be staticly
133 link edited again */
134#define MH_BINDATLOAD 0x8 /* the object file's undefined
135 references are bound by the dynamic
136 linker when loaded. */
137#define MH_PREBOUND 0x10 /* the file has its dynamic undefined
138 references prebound. */
139#define MH_SPLIT_SEGS 0x20 /* the file has its read-only and
140 read-write segments split */
141#define MH_LAZY_INIT 0x40 /* the shared library init routine is
142 to be run lazily via catching memory
143 faults to its writeable segments
144 (obsolete) */
145#define MH_TWOLEVEL 0x80 /* the image is using two-level name
146 space bindings */
147#define MH_FORCE_FLAT 0x100 /* the executable is forcing all images
148 to use flat name space bindings */
149#define MH_NOMULTIDEFS 0x200 /* this umbrella guarantees no multiple
150 defintions of symbols in its
151 sub-images so the two-level namespace
152 hints can always be used. */
153#define MH_NOFIXPREBINDING 0x400 /* do not have dyld notify the
154 prebinding agent about this
155 executable */
156#define MH_PREBINDABLE 0x800 /* the binary is not prebound but can
157 have its prebinding redone. only used
158 when MH_PREBOUND is not set. */
159#define MH_ALLMODSBOUND 0x1000 /* indicates that this binary binds to
160 all two-level namespace modules of
161 its dependent libraries. only used
162 when MH_PREBINDABLE and MH_TWOLEVEL
163 are both set. */
164#define MH_SUBSECTIONS_VIA_SYMBOLS 0x2000/* safe to divide up the sections into
165 sub-sections via symbols for dead
166 code stripping */
167#define MH_CANONICAL 0x4000 /* the binary has been canonicalized
168 via the unprebind operation */
169#define MH_WEAK_DEFINES 0x8000 /* the final linked image contains
170 external weak symbols */
171#define MH_BINDS_TO_WEAK 0x10000 /* the final linked image uses
172 weak symbols */
173
174#define MH_ALLOW_STACK_EXECUTION 0x20000/* When this bit is set, all stacks
175 in the task will be given stack
176 execution privilege. Only used in
177 MH_EXECUTE filetypes. */
178#define MH_ROOT_SAFE 0x40000 /* When this bit is set, the binary
179 declares it is safe for use in
180 processes with uid zero */
181
182#define MH_SETUID_SAFE 0x80000 /* When this bit is set, the binary
183 declares it is safe for use in
184 processes when issetugid() is true */
185
186#define MH_NO_REEXPORTED_DYLIBS 0x100000 /* When this bit is set on a dylib,
187 the static linker does not need to
188 examine dependent dylibs to see
189 if any are re-exported */
190#define MH_PIE 0x200000 /* When this bit is set, the OS will
191 load the main executable at a
192 random address. Only used in
193 MH_EXECUTE filetypes. */
194#define MH_DEAD_STRIPPABLE_DYLIB 0x400000 /* Only for use on dylibs. When
195 linking against a dylib that
196 has this bit set, the static linker
197 will automatically not create a
198 LC_LOAD_DYLIB load command to the
199 dylib if no symbols are being
200 referenced from the dylib. */
201#define MH_HAS_TLV_DESCRIPTORS 0x800000 /* Contains a section of type
202 S_THREAD_LOCAL_VARIABLES */
203
204#define MH_NO_HEAP_EXECUTION 0x1000000 /* When this bit is set, the OS will
205 run the main executable with
206 a non-executable heap even on
207 platforms (e.g. i386) that don't
208 require it. Only used in MH_EXECUTE
209 filetypes. */
210
211#define MH_APP_EXTENSION_SAFE 0x02000000 /* The code was linked for use in an
212 application extension. */
213
214#define MH_NLIST_OUTOFSYNC_WITH_DYLDINFO 0x04000000 /* The external symbols
215 listed in the nlist symbol table do
216 not include all the symbols listed in
217 the dyld info. */
218
219#define MH_SIM_SUPPORT 0x08000000 /* Allow LC_MIN_VERSION_MACOS and
220 LC_BUILD_VERSION load commands with
221 the platforms macOS, iOSMac,
222 iOSSimulator, tvOSSimulator and
223 watchOSSimulator. */
224
225#define MH_DYLIB_IN_CACHE 0x80000000 /* Only for use on dylibs. When this bit
226 is set, the dylib is part of the dyld
227 shared cache, rather than loose in
228 the filesystem. */
229
230/*
231 * The load commands directly follow the mach_header. The total size of all
232 * of the commands is given by the sizeofcmds field in the mach_header. All
233 * load commands must have as their first two fields cmd and cmdsize. The cmd
234 * field is filled in with a constant for that command type. Each command type
235 * has a structure specifically for it. The cmdsize field is the size in bytes
236 * of the particular load command structure plus anything that follows it that
237 * is a part of the load command (i.e. section structures, strings, etc.). To
238 * advance to the next load command the cmdsize can be added to the offset or
239 * pointer of the current load command. The cmdsize for 32-bit architectures
240 * MUST be a multiple of 4 bytes and for 64-bit architectures MUST be a multiple
241 * of 8 bytes (these are forever the maximum alignment of any load commands).
242 * The padded bytes must be zero. All tables in the object file must also
243 * follow these rules so the file can be memory mapped. Otherwise the pointers
244 * to these tables will not work well or at all on some machines. With all
245 * padding zeroed like objects will compare byte for byte.
246 */
247struct load_command {
248 uint32_t cmd; /* type of load command */
249 uint32_t cmdsize; /* total size of command in bytes */
250};
251
252/*
253 * After MacOS X 10.1 when a new load command is added that is required to be
254 * understood by the dynamic linker for the image to execute properly the
255 * LC_REQ_DYLD bit will be or'ed into the load command constant. If the dynamic
256 * linker sees such a load command it it does not understand will issue a
257 * "unknown load command required for execution" error and refuse to use the
258 * image. Other load commands without this bit that are not understood will
259 * simply be ignored.
260 */
261#define LC_REQ_DYLD 0x80000000
262
263/* Constants for the cmd field of all load commands, the type */
264#define LC_SEGMENT 0x1 /* segment of this file to be mapped */
265#define LC_SYMTAB 0x2 /* link-edit stab symbol table info */
266#define LC_SYMSEG 0x3 /* link-edit gdb symbol table info (obsolete) */
267#define LC_THREAD 0x4 /* thread */
268#define LC_UNIXTHREAD 0x5 /* unix thread (includes a stack) */
269#define LC_LOADFVMLIB 0x6 /* load a specified fixed VM shared library */
270#define LC_IDFVMLIB 0x7 /* fixed VM shared library identification */
271#define LC_IDENT 0x8 /* object identification info (obsolete) */
272#define LC_FVMFILE 0x9 /* fixed VM file inclusion (internal use) */
273#define LC_PREPAGE 0xa /* prepage command (internal use) */
274#define LC_DYSYMTAB 0xb /* dynamic link-edit symbol table info */
275#define LC_LOAD_DYLIB 0xc /* load a dynamically linked shared library */
276#define LC_ID_DYLIB 0xd /* dynamically linked shared lib ident */
277#define LC_LOAD_DYLINKER 0xe /* load a dynamic linker */
278#define LC_ID_DYLINKER 0xf /* dynamic linker identification */
279#define LC_PREBOUND_DYLIB 0x10 /* modules prebound for a dynamically */
280 /* linked shared library */
281#define LC_ROUTINES 0x11 /* image routines */
282#define LC_SUB_FRAMEWORK 0x12 /* sub framework */
283#define LC_SUB_UMBRELLA 0x13 /* sub umbrella */
284#define LC_SUB_CLIENT 0x14 /* sub client */
285#define LC_SUB_LIBRARY 0x15 /* sub library */
286#define LC_TWOLEVEL_HINTS 0x16 /* two-level namespace lookup hints */
287#define LC_PREBIND_CKSUM 0x17 /* prebind checksum */
288
289/*
290 * load a dynamically linked shared library that is allowed to be missing
291 * (all symbols are weak imported).
292 */
293#define LC_LOAD_WEAK_DYLIB (0x18 | LC_REQ_DYLD)
294
295#define LC_SEGMENT_64 0x19 /* 64-bit segment of this file to be
296 mapped */
297#define LC_ROUTINES_64 0x1a /* 64-bit image routines */
298#define LC_UUID 0x1b /* the uuid */
299#define LC_RPATH (0x1c | LC_REQ_DYLD) /* runpath additions */
300#define LC_CODE_SIGNATURE 0x1d /* local of code signature */
301#define LC_SEGMENT_SPLIT_INFO 0x1e /* local of info to split segments */
302#define LC_REEXPORT_DYLIB (0x1f | LC_REQ_DYLD) /* load and re-export dylib */
303#define LC_LAZY_LOAD_DYLIB 0x20 /* delay load of dylib until first use */
304#define LC_ENCRYPTION_INFO 0x21 /* encrypted segment information */
305#define LC_DYLD_INFO 0x22 /* compressed dyld information */
306#define LC_DYLD_INFO_ONLY (0x22|LC_REQ_DYLD) /* compressed dyld information only */
307#define LC_LOAD_UPWARD_DYLIB (0x23 | LC_REQ_DYLD) /* load upward dylib */
308#define LC_VERSION_MIN_MACOSX 0x24 /* build for MacOSX min OS version */
309#define LC_VERSION_MIN_IPHONEOS 0x25 /* build for iPhoneOS min OS version */
310#define LC_FUNCTION_STARTS 0x26 /* compressed table of function start addresses */
311#define LC_DYLD_ENVIRONMENT 0x27 /* string for dyld to treat
312 like environment variable */
313#define LC_MAIN (0x28|LC_REQ_DYLD) /* replacement for LC_UNIXTHREAD */
314#define LC_DATA_IN_CODE 0x29 /* table of non-instructions in __text */
315#define LC_SOURCE_VERSION 0x2A /* source version used to build binary */
316#define LC_DYLIB_CODE_SIGN_DRS 0x2B /* Code signing DRs copied from linked dylibs */
317#define LC_ENCRYPTION_INFO_64 0x2C /* 64-bit encrypted segment information */
318#define LC_LINKER_OPTION 0x2D /* linker options in MH_OBJECT files */
319#define LC_LINKER_OPTIMIZATION_HINT 0x2E /* optimization hints in MH_OBJECT files */
320#define LC_VERSION_MIN_TVOS 0x2F /* build for AppleTV min OS version */
321#define LC_VERSION_MIN_WATCHOS 0x30 /* build for Watch min OS version */
322#define LC_NOTE 0x31 /* arbitrary data included within a Mach-O file */
323#define LC_BUILD_VERSION 0x32 /* build for platform min OS version */
324#define LC_DYLD_EXPORTS_TRIE (0x33 | LC_REQ_DYLD) /* used with linkedit_data_command, payload is trie */
325#define LC_DYLD_CHAINED_FIXUPS (0x34 | LC_REQ_DYLD) /* used with linkedit_data_command */
326#define LC_FILESET_ENTRY (0x35 | LC_REQ_DYLD) /* used with fileset_entry_command */
327
328/*
329 * A variable length string in a load command is represented by an lc_str
330 * union. The strings are stored just after the load command structure and
331 * the offset is from the start of the load command structure. The size
332 * of the string is reflected in the cmdsize field of the load command.
333 * Once again any padded bytes to bring the cmdsize field to a multiple
334 * of 4 bytes must be zero.
335 */
336union lc_str {
337 uint32_t offset; /* offset to the string */
338#ifndef __LP64__
339 char *ptr; /* pointer to the string */
340#endif
341};
342
343/*
344 * The segment load command indicates that a part of this file is to be
345 * mapped into the task's address space. The size of this segment in memory,
346 * vmsize, maybe equal to or larger than the amount to map from this file,
347 * filesize. The file is mapped starting at fileoff to the beginning of
348 * the segment in memory, vmaddr. The rest of the memory of the segment,
349 * if any, is allocated zero fill on demand. The segment's maximum virtual
350 * memory protection and initial virtual memory protection are specified
351 * by the maxprot and initprot fields. If the segment has sections then the
352 * section structures directly follow the segment command and their size is
353 * reflected in cmdsize.
354 */
355struct segment_command { /* for 32-bit architectures */
356 uint32_t cmd; /* LC_SEGMENT */
357 uint32_t cmdsize; /* includes sizeof section structs */
358 char segname[16]; /* segment name */
359 uint32_t vmaddr; /* memory address of this segment */
360 uint32_t vmsize; /* memory size of this segment */
361 uint32_t fileoff; /* file offset of this segment */
362 uint32_t filesize; /* amount to map from the file */
363 vm_prot_t maxprot; /* maximum VM protection */
364 vm_prot_t initprot; /* initial VM protection */
365 uint32_t nsects; /* number of sections in segment */
366 uint32_t flags; /* flags */
367};
368
369/*
370 * The 64-bit segment load command indicates that a part of this file is to be
371 * mapped into a 64-bit task's address space. If the 64-bit segment has
372 * sections then section_64 structures directly follow the 64-bit segment
373 * command and their size is reflected in cmdsize.
374 */
375struct segment_command_64 { /* for 64-bit architectures */
376 uint32_t cmd; /* LC_SEGMENT_64 */
377 uint32_t cmdsize; /* includes sizeof section_64 structs */
378 char segname[16]; /* segment name */
379 uint64_t vmaddr; /* memory address of this segment */
380 uint64_t vmsize; /* memory size of this segment */
381 uint64_t fileoff; /* file offset of this segment */
382 uint64_t filesize; /* amount to map from the file */
383 vm_prot_t maxprot; /* maximum VM protection */
384 vm_prot_t initprot; /* initial VM protection */
385 uint32_t nsects; /* number of sections in segment */
386 uint32_t flags; /* flags */
387};
388
389/* Constants for the flags field of the segment_command */
390#define SG_HIGHVM 0x1 /* the file contents for this segment is for
391 the high part of the VM space, the low part
392 is zero filled (for stacks in core files) */
393#define SG_FVMLIB 0x2 /* this segment is the VM that is allocated by
394 a fixed VM library, for overlap checking in
395 the link editor */
396#define SG_NORELOC 0x4 /* this segment has nothing that was relocated
397 in it and nothing relocated to it, that is
398 it maybe safely replaced without relocation*/
399#define SG_PROTECTED_VERSION_1 0x8 /* This segment is protected. If the
400 segment starts at file offset 0, the
401 first page of the segment is not
402 protected. All other pages of the
403 segment are protected. */
404#define SG_READ_ONLY 0x10 /* This segment is made read-only after fixups */
405
406
407
408/*
409 * A segment is made up of zero or more sections. Non-MH_OBJECT files have
410 * all of their segments with the proper sections in each, and padded to the
411 * specified segment alignment when produced by the link editor. The first
412 * segment of a MH_EXECUTE and MH_FVMLIB format file contains the mach_header
413 * and load commands of the object file before its first section. The zero
414 * fill sections are always last in their segment (in all formats). This
415 * allows the zeroed segment padding to be mapped into memory where zero fill
416 * sections might be. The gigabyte zero fill sections, those with the section
417 * type S_GB_ZEROFILL, can only be in a segment with sections of this type.
418 * These segments are then placed after all other segments.
419 *
420 * The MH_OBJECT format has all of its sections in one segment for
421 * compactness. There is no padding to a specified segment boundary and the
422 * mach_header and load commands are not part of the segment.
423 *
424 * Sections with the same section name, sectname, going into the same segment,
425 * segname, are combined by the link editor. The resulting section is aligned
426 * to the maximum alignment of the combined sections and is the new section's
427 * alignment. The combined sections are aligned to their original alignment in
428 * the combined section. Any padded bytes to get the specified alignment are
429 * zeroed.
430 *
431 * The format of the relocation entries referenced by the reloff and nreloc
432 * fields of the section structure for mach object files is described in the
433 * header file <reloc.h>.
434 */
435struct section { /* for 32-bit architectures */
436 char sectname[16]; /* name of this section */
437 char segname[16]; /* segment this section goes in */
438 uint32_t addr; /* memory address of this section */
439 uint32_t size; /* size in bytes of this section */
440 uint32_t offset; /* file offset of this section */
441 uint32_t align; /* section alignment (power of 2) */
442 uint32_t reloff; /* file offset of relocation entries */
443 uint32_t nreloc; /* number of relocation entries */
444 uint32_t flags; /* flags (section type and attributes)*/
445 uint32_t reserved1; /* reserved (for offset or index) */
446 uint32_t reserved2; /* reserved (for count or sizeof) */
447};
448
449struct section_64 { /* for 64-bit architectures */
450 char sectname[16]; /* name of this section */
451 char segname[16]; /* segment this section goes in */
452 uint64_t addr; /* memory address of this section */
453 uint64_t size; /* size in bytes of this section */
454 uint32_t offset; /* file offset of this section */
455 uint32_t align; /* section alignment (power of 2) */
456 uint32_t reloff; /* file offset of relocation entries */
457 uint32_t nreloc; /* number of relocation entries */
458 uint32_t flags; /* flags (section type and attributes)*/
459 uint32_t reserved1; /* reserved (for offset or index) */
460 uint32_t reserved2; /* reserved (for count or sizeof) */
461 uint32_t reserved3; /* reserved */
462};
463
464/*
465 * The flags field of a section structure is separated into two parts a section
466 * type and section attributes. The section types are mutually exclusive (it
467 * can only have one type) but the section attributes are not (it may have more
468 * than one attribute).
469 */
470#define SECTION_TYPE 0x000000ff /* 256 section types */
471#define SECTION_ATTRIBUTES 0xffffff00 /* 24 section attributes */
472
473/* Constants for the type of a section */
474#define S_REGULAR 0x0 /* regular section */
475#define S_ZEROFILL 0x1 /* zero fill on demand section */
476#define S_CSTRING_LITERALS 0x2 /* section with only literal C strings*/
477#define S_4BYTE_LITERALS 0x3 /* section with only 4 byte literals */
478#define S_8BYTE_LITERALS 0x4 /* section with only 8 byte literals */
479#define S_LITERAL_POINTERS 0x5 /* section with only pointers to */
480 /* literals */
481/*
482 * For the two types of symbol pointers sections and the symbol stubs section
483 * they have indirect symbol table entries. For each of the entries in the
484 * section the indirect symbol table entries, in corresponding order in the
485 * indirect symbol table, start at the index stored in the reserved1 field
486 * of the section structure. Since the indirect symbol table entries
487 * correspond to the entries in the section the number of indirect symbol table
488 * entries is inferred from the size of the section divided by the size of the
489 * entries in the section. For symbol pointers sections the size of the entries
490 * in the section is 4 bytes and for symbol stubs sections the byte size of the
491 * stubs is stored in the reserved2 field of the section structure.
492 */
493#define S_NON_LAZY_SYMBOL_POINTERS 0x6 /* section with only non-lazy
494 symbol pointers */
495#define S_LAZY_SYMBOL_POINTERS 0x7 /* section with only lazy symbol
496 pointers */
497#define S_SYMBOL_STUBS 0x8 /* section with only symbol
498 stubs, byte size of stub in
499 the reserved2 field */
500#define S_MOD_INIT_FUNC_POINTERS 0x9 /* section with only function
501 pointers for initialization*/
502#define S_MOD_TERM_FUNC_POINTERS 0xa /* section with only function
503 pointers for termination */
504#define S_COALESCED 0xb /* section contains symbols that
505 are to be coalesced */
506#define S_GB_ZEROFILL 0xc /* zero fill on demand section
507 (that can be larger than 4
508 gigabytes) */
509#define S_INTERPOSING 0xd /* section with only pairs of
510 function pointers for
511 interposing */
512#define S_16BYTE_LITERALS 0xe /* section with only 16 byte
513 literals */
514#define S_DTRACE_DOF 0xf /* section contains
515 DTrace Object Format */
516#define S_LAZY_DYLIB_SYMBOL_POINTERS 0x10 /* section with only lazy
517 symbol pointers to lazy
518 loaded dylibs */
519/*
520 * Section types to support thread local variables
521 */
522#define S_THREAD_LOCAL_REGULAR 0x11 /* template of initial
523 values for TLVs */
524#define S_THREAD_LOCAL_ZEROFILL 0x12 /* template of initial
525 values for TLVs */
526#define S_THREAD_LOCAL_VARIABLES 0x13 /* TLV descriptors */
527#define S_THREAD_LOCAL_VARIABLE_POINTERS 0x14 /* pointers to TLV
528 descriptors */
529#define S_THREAD_LOCAL_INIT_FUNCTION_POINTERS 0x15 /* functions to call
530 to initialize TLV
531 values */
532#define S_INIT_FUNC_OFFSETS 0x16 /* 32-bit offsets to
533 initializers */
534
535/*
536 * Constants for the section attributes part of the flags field of a section
537 * structure.
538 */
539#define SECTION_ATTRIBUTES_USR 0xff000000 /* User setable attributes */
540#define S_ATTR_PURE_INSTRUCTIONS 0x80000000 /* section contains only true
541 machine instructions */
542#define S_ATTR_NO_TOC 0x40000000 /* section contains coalesced
543 symbols that are not to be
544 in a ranlib table of
545 contents */
546#define S_ATTR_STRIP_STATIC_SYMS 0x20000000 /* ok to strip static symbols
547 in this section in files
548 with the MH_DYLDLINK flag */
549#define S_ATTR_NO_DEAD_STRIP 0x10000000 /* no dead stripping */
550#define S_ATTR_LIVE_SUPPORT 0x08000000 /* blocks are live if they
551 reference live blocks */
552#define S_ATTR_SELF_MODIFYING_CODE 0x04000000 /* Used with i386 code stubs
553 written on by dyld */
554/*
555 * If a segment contains any sections marked with S_ATTR_DEBUG then all
556 * sections in that segment must have this attribute. No section other than
557 * a section marked with this attribute may reference the contents of this
558 * section. A section with this attribute may contain no symbols and must have
559 * a section type S_REGULAR. The static linker will not copy section contents
560 * from sections with this attribute into its output file. These sections
561 * generally contain DWARF debugging info.
562 */
563#define S_ATTR_DEBUG 0x02000000 /* a debug section */
564#define SECTION_ATTRIBUTES_SYS 0x00ffff00 /* system setable attributes */
565#define S_ATTR_SOME_INSTRUCTIONS 0x00000400 /* section contains some
566 machine instructions */
567#define S_ATTR_EXT_RELOC 0x00000200 /* section has external
568 relocation entries */
569#define S_ATTR_LOC_RELOC 0x00000100 /* section has local
570 relocation entries */
571
572
573/*
574 * The names of segments and sections in them are mostly meaningless to the
575 * link-editor. But there are few things to support traditional UNIX
576 * executables that require the link-editor and assembler to use some names
577 * agreed upon by convention.
578 *
579 * The initial protection of the "__TEXT" segment has write protection turned
580 * off (not writeable).
581 *
582 * The link-editor will allocate common symbols at the end of the "__common"
583 * section in the "__DATA" segment. It will create the section and segment
584 * if needed.
585 */
586
587/* The currently known segment names and the section names in those segments */
588
589#define SEG_PAGEZERO "__PAGEZERO" /* the pagezero segment which has no */
590 /* protections and catches NULL */
591 /* references for MH_EXECUTE files */
592
593
594#define SEG_TEXT "__TEXT" /* the tradition UNIX text segment */
595#define SECT_TEXT "__text" /* the real text part of the text */
596 /* section no headers, and no padding */
597#define SECT_FVMLIB_INIT0 "__fvmlib_init0" /* the fvmlib initialization */
598 /* section */
599#define SECT_FVMLIB_INIT1 "__fvmlib_init1" /* the section following the */
600 /* fvmlib initialization */
601 /* section */
602
603#define SEG_DATA "__DATA" /* the tradition UNIX data segment */
604#define SECT_DATA "__data" /* the real initialized data section */
605 /* no padding, no bss overlap */
606#define SECT_BSS "__bss" /* the real uninitialized data section*/
607 /* no padding */
608#define SECT_COMMON "__common" /* the section common symbols are */
609 /* allocated in by the link editor */
610
611#define SEG_OBJC "__OBJC" /* objective-C runtime segment */
612#define SECT_OBJC_SYMBOLS "__symbol_table" /* symbol table */
613#define SECT_OBJC_MODULES "__module_info" /* module information */
614#define SECT_OBJC_STRINGS "__selector_strs" /* string table */
615#define SECT_OBJC_REFS "__selector_refs" /* string table */
616
617#define SEG_ICON "__ICON" /* the icon segment */
618#define SECT_ICON_HEADER "__header" /* the icon headers */
619#define SECT_ICON_TIFF "__tiff" /* the icons in tiff format */
620
621#define SEG_LINKEDIT "__LINKEDIT" /* the segment containing all structs */
622 /* created and maintained by the link */
623 /* editor. Created with -seglinkedit */
624 /* option to ld(1) for MH_EXECUTE and */
625 /* FVMLIB file types only */
626
627#define SEG_LINKINFO "__LINKINFO" /* the segment overlapping with linkedit */
628 /* containing linking information */
629
630#define SEG_UNIXSTACK "__UNIXSTACK" /* the unix stack segment */
631
632#define SEG_IMPORT "__IMPORT" /* the segment for the self (dyld) */
633 /* modifing code stubs that has read, */
634 /* write and execute permissions */
635
636/*
637 * Fixed virtual memory shared libraries are identified by two things. The
638 * target pathname (the name of the library as found for execution), and the
639 * minor version number. The address of where the headers are loaded is in
640 * header_addr. (THIS IS OBSOLETE and no longer supported).
641 */
642struct fvmlib {
643 union lc_str name; /* library's target pathname */
644 uint32_t minor_version; /* library's minor version number */
645 uint32_t header_addr; /* library's header address */
646};
647
648/*
649 * A fixed virtual shared library (filetype == MH_FVMLIB in the mach header)
650 * contains a fvmlib_command (cmd == LC_IDFVMLIB) to identify the library.
651 * An object that uses a fixed virtual shared library also contains a
652 * fvmlib_command (cmd == LC_LOADFVMLIB) for each library it uses.
653 * (THIS IS OBSOLETE and no longer supported).
654 */
655struct fvmlib_command {
656 uint32_t cmd; /* LC_IDFVMLIB or LC_LOADFVMLIB */
657 uint32_t cmdsize; /* includes pathname string */
658 struct fvmlib fvmlib; /* the library identification */
659};
660
661/*
662 * Dynamicly linked shared libraries are identified by two things. The
663 * pathname (the name of the library as found for execution), and the
664 * compatibility version number. The pathname must match and the compatibility
665 * number in the user of the library must be greater than or equal to the
666 * library being used. The time stamp is used to record the time a library was
667 * built and copied into user so it can be use to determined if the library used
668 * at runtime is exactly the same as used to built the program.
669 */
670struct dylib {
671 union lc_str name; /* library's path name */
672 uint32_t timestamp; /* library's build time stamp */
673 uint32_t current_version; /* library's current version number */
674 uint32_t compatibility_version; /* library's compatibility vers number*/
675};
676
677/*
678 * A dynamically linked shared library (filetype == MH_DYLIB in the mach header)
679 * contains a dylib_command (cmd == LC_ID_DYLIB) to identify the library.
680 * An object that uses a dynamically linked shared library also contains a
681 * dylib_command (cmd == LC_LOAD_DYLIB, LC_LOAD_WEAK_DYLIB, or
682 * LC_REEXPORT_DYLIB) for each library it uses.
683 */
684struct dylib_command {
685 uint32_t cmd; /* LC_ID_DYLIB, LC_LOAD_{,WEAK_}DYLIB,
686 LC_REEXPORT_DYLIB */
687 uint32_t cmdsize; /* includes pathname string */
688 struct dylib dylib; /* the library identification */
689};
690
691/*
692 * A dynamically linked shared library may be a subframework of an umbrella
693 * framework. If so it will be linked with "-umbrella umbrella_name" where
694 * Where "umbrella_name" is the name of the umbrella framework. A subframework
695 * can only be linked against by its umbrella framework or other subframeworks
696 * that are part of the same umbrella framework. Otherwise the static link
697 * editor produces an error and states to link against the umbrella framework.
698 * The name of the umbrella framework for subframeworks is recorded in the
699 * following structure.
700 */
701struct sub_framework_command {
702 uint32_t cmd; /* LC_SUB_FRAMEWORK */
703 uint32_t cmdsize; /* includes umbrella string */
704 union lc_str umbrella; /* the umbrella framework name */
705};
706
707/*
708 * For dynamically linked shared libraries that are subframework of an umbrella
709 * framework they can allow clients other than the umbrella framework or other
710 * subframeworks in the same umbrella framework. To do this the subframework
711 * is built with "-allowable_client client_name" and an LC_SUB_CLIENT load
712 * command is created for each -allowable_client flag. The client_name is
713 * usually a framework name. It can also be a name used for bundles clients
714 * where the bundle is built with "-client_name client_name".
715 */
716struct sub_client_command {
717 uint32_t cmd; /* LC_SUB_CLIENT */
718 uint32_t cmdsize; /* includes client string */
719 union lc_str client; /* the client name */
720};
721
722/*
723 * A dynamically linked shared library may be a sub_umbrella of an umbrella
724 * framework. If so it will be linked with "-sub_umbrella umbrella_name" where
725 * Where "umbrella_name" is the name of the sub_umbrella framework. When
726 * staticly linking when -twolevel_namespace is in effect a twolevel namespace
727 * umbrella framework will only cause its subframeworks and those frameworks
728 * listed as sub_umbrella frameworks to be implicited linked in. Any other
729 * dependent dynamic libraries will not be linked it when -twolevel_namespace
730 * is in effect. The primary library recorded by the static linker when
731 * resolving a symbol in these libraries will be the umbrella framework.
732 * Zero or more sub_umbrella frameworks may be use by an umbrella framework.
733 * The name of a sub_umbrella framework is recorded in the following structure.
734 */
735struct sub_umbrella_command {
736 uint32_t cmd; /* LC_SUB_UMBRELLA */
737 uint32_t cmdsize; /* includes sub_umbrella string */
738 union lc_str sub_umbrella; /* the sub_umbrella framework name */
739};
740
741/*
742 * A dynamically linked shared library may be a sub_library of another shared
743 * library. If so it will be linked with "-sub_library library_name" where
744 * Where "library_name" is the name of the sub_library shared library. When
745 * staticly linking when -twolevel_namespace is in effect a twolevel namespace
746 * shared library will only cause its subframeworks and those frameworks
747 * listed as sub_umbrella frameworks and libraries listed as sub_libraries to
748 * be implicited linked in. Any other dependent dynamic libraries will not be
749 * linked it when -twolevel_namespace is in effect. The primary library
750 * recorded by the static linker when resolving a symbol in these libraries
751 * will be the umbrella framework (or dynamic library). Zero or more sub_library
752 * shared libraries may be use by an umbrella framework or (or dynamic library).
753 * The name of a sub_library framework is recorded in the following structure.
754 * For example /usr/lib/libobjc_profile.A.dylib would be recorded as "libobjc".
755 */
756struct sub_library_command {
757 uint32_t cmd; /* LC_SUB_LIBRARY */
758 uint32_t cmdsize; /* includes sub_library string */
759 union lc_str sub_library; /* the sub_library name */
760};
761
762/*
763 * A program (filetype == MH_EXECUTE) that is
764 * prebound to its dynamic libraries has one of these for each library that
765 * the static linker used in prebinding. It contains a bit vector for the
766 * modules in the library. The bits indicate which modules are bound (1) and
767 * which are not (0) from the library. The bit for module 0 is the low bit
768 * of the first byte. So the bit for the Nth module is:
769 * (linked_modules[N/8] >> N%8) & 1
770 */
771struct prebound_dylib_command {
772 uint32_t cmd; /* LC_PREBOUND_DYLIB */
773 uint32_t cmdsize; /* includes strings */
774 union lc_str name; /* library's path name */
775 uint32_t nmodules; /* number of modules in library */
776 union lc_str linked_modules; /* bit vector of linked modules */
777};
778
779/*
780 * A program that uses a dynamic linker contains a dylinker_command to identify
781 * the name of the dynamic linker (LC_LOAD_DYLINKER). And a dynamic linker
782 * contains a dylinker_command to identify the dynamic linker (LC_ID_DYLINKER).
783 * A file can have at most one of these.
784 * This struct is also used for the LC_DYLD_ENVIRONMENT load command and
785 * contains string for dyld to treat like environment variable.
786 */
787struct dylinker_command {
788 uint32_t cmd; /* LC_ID_DYLINKER, LC_LOAD_DYLINKER or
789 LC_DYLD_ENVIRONMENT */
790 uint32_t cmdsize; /* includes pathname string */
791 union lc_str name; /* dynamic linker's path name */
792};
793
794/*
795 * Thread commands contain machine-specific data structures suitable for
796 * use in the thread state primitives. The machine specific data structures
797 * follow the struct thread_command as follows.
798 * Each flavor of machine specific data structure is preceded by an uint32_t
799 * constant for the flavor of that data structure, an uint32_t that is the
800 * count of uint32_t's of the size of the state data structure and then
801 * the state data structure follows. This triple may be repeated for many
802 * flavors. The constants for the flavors, counts and state data structure
803 * definitions are expected to be in the header file <machine/thread_status.h>.
804 * These machine specific data structures sizes must be multiples of
805 * 4 bytes. The cmdsize reflects the total size of the thread_command
806 * and all of the sizes of the constants for the flavors, counts and state
807 * data structures.
808 *
809 * For executable objects that are unix processes there will be one
810 * thread_command (cmd == LC_UNIXTHREAD) created for it by the link-editor.
811 * This is the same as a LC_THREAD, except that a stack is automatically
812 * created (based on the shell's limit for the stack size). Command arguments
813 * and environment variables are copied onto that stack.
814 */
815struct thread_command {
816 uint32_t cmd; /* LC_THREAD or LC_UNIXTHREAD */
817 uint32_t cmdsize; /* total size of this command */
818 /* uint32_t flavor flavor of thread state */
819 /* uint32_t count count of uint32_t's in thread state */
820 /* struct XXX_thread_state state thread state for this flavor */
821 /* ... */
822};
823
824/*
825 * The routines command contains the address of the dynamic shared library
826 * initialization routine and an index into the module table for the module
827 * that defines the routine. Before any modules are used from the library the
828 * dynamic linker fully binds the module that defines the initialization routine
829 * and then calls it. This gets called before any module initialization
830 * routines (used for C++ static constructors) in the library.
831 */
832struct routines_command { /* for 32-bit architectures */
833 uint32_t cmd; /* LC_ROUTINES */
834 uint32_t cmdsize; /* total size of this command */
835 uint32_t init_address; /* address of initialization routine */
836 uint32_t init_module; /* index into the module table that */
837 /* the init routine is defined in */
838 uint32_t reserved1;
839 uint32_t reserved2;
840 uint32_t reserved3;
841 uint32_t reserved4;
842 uint32_t reserved5;
843 uint32_t reserved6;
844};
845
846/*
847 * The 64-bit routines command. Same use as above.
848 */
849struct routines_command_64 { /* for 64-bit architectures */
850 uint32_t cmd; /* LC_ROUTINES_64 */
851 uint32_t cmdsize; /* total size of this command */
852 uint64_t init_address; /* address of initialization routine */
853 uint64_t init_module; /* index into the module table that */
854 /* the init routine is defined in */
855 uint64_t reserved1;
856 uint64_t reserved2;
857 uint64_t reserved3;
858 uint64_t reserved4;
859 uint64_t reserved5;
860 uint64_t reserved6;
861};
862
863/*
864 * The symtab_command contains the offsets and sizes of the link-edit 4.3BSD
865 * "stab" style symbol table information as described in the header files
866 * <nlist.h> and <stab.h>.
867 */
868struct symtab_command {
869 uint32_t cmd; /* LC_SYMTAB */
870 uint32_t cmdsize; /* sizeof(struct symtab_command) */
871 uint32_t symoff; /* symbol table offset */
872 uint32_t nsyms; /* number of symbol table entries */
873 uint32_t stroff; /* string table offset */
874 uint32_t strsize; /* string table size in bytes */
875};
876
877/*
878 * This is the second set of the symbolic information which is used to support
879 * the data structures for the dynamically link editor.
880 *
881 * The original set of symbolic information in the symtab_command which contains
882 * the symbol and string tables must also be present when this load command is
883 * present. When this load command is present the symbol table is organized
884 * into three groups of symbols:
885 * local symbols (static and debugging symbols) - grouped by module
886 * defined external symbols - grouped by module (sorted by name if not lib)
887 * undefined external symbols (sorted by name if MH_BINDATLOAD is not set,
888 * and in order the were seen by the static
889 * linker if MH_BINDATLOAD is set)
890 * In this load command there are offsets and counts to each of the three groups
891 * of symbols.
892 *
893 * This load command contains a the offsets and sizes of the following new
894 * symbolic information tables:
895 * table of contents
896 * module table
897 * reference symbol table
898 * indirect symbol table
899 * The first three tables above (the table of contents, module table and
900 * reference symbol table) are only present if the file is a dynamically linked
901 * shared library. For executable and object modules, which are files
902 * containing only one module, the information that would be in these three
903 * tables is determined as follows:
904 * table of contents - the defined external symbols are sorted by name
905 * module table - the file contains only one module so everything in the
906 * file is part of the module.
907 * reference symbol table - is the defined and undefined external symbols
908 *
909 * For dynamically linked shared library files this load command also contains
910 * offsets and sizes to the pool of relocation entries for all sections
911 * separated into two groups:
912 * external relocation entries
913 * local relocation entries
914 * For executable and object modules the relocation entries continue to hang
915 * off the section structures.
916 */
917struct dysymtab_command {
918 uint32_t cmd; /* LC_DYSYMTAB */
919 uint32_t cmdsize; /* sizeof(struct dysymtab_command) */
920
921 /*
922 * The symbols indicated by symoff and nsyms of the LC_SYMTAB load command
923 * are grouped into the following three groups:
924 * local symbols (further grouped by the module they are from)
925 * defined external symbols (further grouped by the module they are from)
926 * undefined symbols
927 *
928 * The local symbols are used only for debugging. The dynamic binding
929 * process may have to use them to indicate to the debugger the local
930 * symbols for a module that is being bound.
931 *
932 * The last two groups are used by the dynamic binding process to do the
933 * binding (indirectly through the module table and the reference symbol
934 * table when this is a dynamically linked shared library file).
935 */
936 uint32_t ilocalsym; /* index to local symbols */
937 uint32_t nlocalsym; /* number of local symbols */
938
939 uint32_t iextdefsym;/* index to externally defined symbols */
940 uint32_t nextdefsym;/* number of externally defined symbols */
941
942 uint32_t iundefsym; /* index to undefined symbols */
943 uint32_t nundefsym; /* number of undefined symbols */
944
945 /*
946 * For the for the dynamic binding process to find which module a symbol
947 * is defined in the table of contents is used (analogous to the ranlib
948 * structure in an archive) which maps defined external symbols to modules
949 * they are defined in. This exists only in a dynamically linked shared
950 * library file. For executable and object modules the defined external
951 * symbols are sorted by name and is use as the table of contents.
952 */
953 uint32_t tocoff; /* file offset to table of contents */
954 uint32_t ntoc; /* number of entries in table of contents */
955
956 /*
957 * To support dynamic binding of "modules" (whole object files) the symbol
958 * table must reflect the modules that the file was created from. This is
959 * done by having a module table that has indexes and counts into the merged
960 * tables for each module. The module structure that these two entries
961 * refer to is described below. This exists only in a dynamically linked
962 * shared library file. For executable and object modules the file only
963 * contains one module so everything in the file belongs to the module.
964 */
965 uint32_t modtaboff; /* file offset to module table */
966 uint32_t nmodtab; /* number of module table entries */
967
968 /*
969 * To support dynamic module binding the module structure for each module
970 * indicates the external references (defined and undefined) each module
971 * makes. For each module there is an offset and a count into the
972 * reference symbol table for the symbols that the module references.
973 * This exists only in a dynamically linked shared library file. For
974 * executable and object modules the defined external symbols and the
975 * undefined external symbols indicates the external references.
976 */
977 uint32_t extrefsymoff; /* offset to referenced symbol table */
978 uint32_t nextrefsyms; /* number of referenced symbol table entries */
979
980 /*
981 * The sections that contain "symbol pointers" and "routine stubs" have
982 * indexes and (implied counts based on the size of the section and fixed
983 * size of the entry) into the "indirect symbol" table for each pointer
984 * and stub. For every section of these two types the index into the
985 * indirect symbol table is stored in the section header in the field
986 * reserved1. An indirect symbol table entry is simply a 32bit index into
987 * the symbol table to the symbol that the pointer or stub is referring to.
988 * The indirect symbol table is ordered to match the entries in the section.
989 */
990 uint32_t indirectsymoff; /* file offset to the indirect symbol table */
991 uint32_t nindirectsyms; /* number of indirect symbol table entries */
992
993 /*
994 * To support relocating an individual module in a library file quickly the
995 * external relocation entries for each module in the library need to be
996 * accessed efficiently. Since the relocation entries can't be accessed
997 * through the section headers for a library file they are separated into
998 * groups of local and external entries further grouped by module. In this
999 * case the presents of this load command who's extreloff, nextrel,
1000 * locreloff and nlocrel fields are non-zero indicates that the relocation
1001 * entries of non-merged sections are not referenced through the section
1002 * structures (and the reloff and nreloc fields in the section headers are
1003 * set to zero).
1004 *
1005 * Since the relocation entries are not accessed through the section headers
1006 * this requires the r_address field to be something other than a section
1007 * offset to identify the item to be relocated. In this case r_address is
1008 * set to the offset from the vmaddr of the first LC_SEGMENT command.
1009 * For MH_SPLIT_SEGS images r_address is set to the the offset from the
1010 * vmaddr of the first read-write LC_SEGMENT command.
1011 *
1012 * The relocation entries are grouped by module and the module table
1013 * entries have indexes and counts into them for the group of external
1014 * relocation entries for that the module.
1015 *
1016 * For sections that are merged across modules there must not be any
1017 * remaining external relocation entries for them (for merged sections
1018 * remaining relocation entries must be local).
1019 */
1020 uint32_t extreloff; /* offset to external relocation entries */
1021 uint32_t nextrel; /* number of external relocation entries */
1022
1023 /*
1024 * All the local relocation entries are grouped together (they are not
1025 * grouped by their module since they are only used if the object is moved
1026 * from it staticly link edited address).
1027 */
1028 uint32_t locreloff; /* offset to local relocation entries */
1029 uint32_t nlocrel; /* number of local relocation entries */
1030
1031};
1032
1033/*
1034 * An indirect symbol table entry is simply a 32bit index into the symbol table
1035 * to the symbol that the pointer or stub is refering to. Unless it is for a
1036 * non-lazy symbol pointer section for a defined symbol which strip(1) as
1037 * removed. In which case it has the value INDIRECT_SYMBOL_LOCAL. If the
1038 * symbol was also absolute INDIRECT_SYMBOL_ABS is or'ed with that.
1039 */
1040#define INDIRECT_SYMBOL_LOCAL 0x80000000
1041#define INDIRECT_SYMBOL_ABS 0x40000000
1042
1043
1044/* a table of contents entry */
1045struct dylib_table_of_contents {
1046 uint32_t symbol_index; /* the defined external symbol
1047 (index into the symbol table) */
1048 uint32_t module_index; /* index into the module table this symbol
1049 is defined in */
1050};
1051
1052/* a module table entry */
1053struct dylib_module {
1054 uint32_t module_name; /* the module name (index into string table) */
1055
1056 uint32_t iextdefsym; /* index into externally defined symbols */
1057 uint32_t nextdefsym; /* number of externally defined symbols */
1058 uint32_t irefsym; /* index into reference symbol table */
1059 uint32_t nrefsym; /* number of reference symbol table entries */
1060 uint32_t ilocalsym; /* index into symbols for local symbols */
1061 uint32_t nlocalsym; /* number of local symbols */
1062
1063 uint32_t iextrel; /* index into external relocation entries */
1064 uint32_t nextrel; /* number of external relocation entries */
1065
1066 uint32_t iinit_iterm; /* low 16 bits are the index into the init
1067 section, high 16 bits are the index into
1068 the term section */
1069 uint32_t ninit_nterm; /* low 16 bits are the number of init section
1070 entries, high 16 bits are the number of
1071 term section entries */
1072
1073 uint32_t /* for this module address of the start of */
1074 objc_module_info_addr; /* the (__OBJC,__module_info) section */
1075 uint32_t /* for this module size of */
1076 objc_module_info_size; /* the (__OBJC,__module_info) section */
1077};
1078
1079/* a 64-bit module table entry */
1080struct dylib_module_64 {
1081 uint32_t module_name; /* the module name (index into string table) */
1082
1083 uint32_t iextdefsym; /* index into externally defined symbols */
1084 uint32_t nextdefsym; /* number of externally defined symbols */
1085 uint32_t irefsym; /* index into reference symbol table */
1086 uint32_t nrefsym; /* number of reference symbol table entries */
1087 uint32_t ilocalsym; /* index into symbols for local symbols */
1088 uint32_t nlocalsym; /* number of local symbols */
1089
1090 uint32_t iextrel; /* index into external relocation entries */
1091 uint32_t nextrel; /* number of external relocation entries */
1092
1093 uint32_t iinit_iterm; /* low 16 bits are the index into the init
1094 section, high 16 bits are the index into
1095 the term section */
1096 uint32_t ninit_nterm; /* low 16 bits are the number of init section
1097 entries, high 16 bits are the number of
1098 term section entries */
1099
1100 uint32_t /* for this module size of */
1101 objc_module_info_size; /* the (__OBJC,__module_info) section */
1102 uint64_t /* for this module address of the start of */
1103 objc_module_info_addr; /* the (__OBJC,__module_info) section */
1104};
1105
1106/*
1107 * The entries in the reference symbol table are used when loading the module
1108 * (both by the static and dynamic link editors) and if the module is unloaded
1109 * or replaced. Therefore all external symbols (defined and undefined) are
1110 * listed in the module's reference table. The flags describe the type of
1111 * reference that is being made. The constants for the flags are defined in
1112 * <mach-o/nlist.h> as they are also used for symbol table entries.
1113 */
1114struct dylib_reference {
1115 uint32_t isym:24, /* index into the symbol table */
1116 flags:8; /* flags to indicate the type of reference */
1117};
1118
1119/*
1120 * The twolevel_hints_command contains the offset and number of hints in the
1121 * two-level namespace lookup hints table.
1122 */
1123struct twolevel_hints_command {
1124 uint32_t cmd; /* LC_TWOLEVEL_HINTS */
1125 uint32_t cmdsize; /* sizeof(struct twolevel_hints_command) */
1126 uint32_t offset; /* offset to the hint table */
1127 uint32_t nhints; /* number of hints in the hint table */
1128};
1129
1130/*
1131 * The entries in the two-level namespace lookup hints table are twolevel_hint
1132 * structs. These provide hints to the dynamic link editor where to start
1133 * looking for an undefined symbol in a two-level namespace image. The
1134 * isub_image field is an index into the sub-images (sub-frameworks and
1135 * sub-umbrellas list) that made up the two-level image that the undefined
1136 * symbol was found in when it was built by the static link editor. If
1137 * isub-image is 0 the the symbol is expected to be defined in library and not
1138 * in the sub-images. If isub-image is non-zero it is an index into the array
1139 * of sub-images for the umbrella with the first index in the sub-images being
1140 * 1. The array of sub-images is the ordered list of sub-images of the umbrella
1141 * that would be searched for a symbol that has the umbrella recorded as its
1142 * primary library. The table of contents index is an index into the
1143 * library's table of contents. This is used as the starting point of the
1144 * binary search or a directed linear search.
1145 */
1146struct twolevel_hint {
1147 uint32_t
1148 isub_image:8, /* index into the sub images */
1149 itoc:24; /* index into the table of contents */
1150};
1151
1152/*
1153 * The prebind_cksum_command contains the value of the original check sum for
1154 * prebound files or zero. When a prebound file is first created or modified
1155 * for other than updating its prebinding information the value of the check sum
1156 * is set to zero. When the file has it prebinding re-done and if the value of
1157 * the check sum is zero the original check sum is calculated and stored in
1158 * cksum field of this load command in the output file. If when the prebinding
1159 * is re-done and the cksum field is non-zero it is left unchanged from the
1160 * input file.
1161 */
1162struct prebind_cksum_command {
1163 uint32_t cmd; /* LC_PREBIND_CKSUM */
1164 uint32_t cmdsize; /* sizeof(struct prebind_cksum_command) */
1165 uint32_t cksum; /* the check sum or zero */
1166};
1167
1168/*
1169 * The uuid load command contains a single 128-bit unique random number that
1170 * identifies an object produced by the static link editor.
1171 */
1172struct uuid_command {
1173 uint32_t cmd; /* LC_UUID */
1174 uint32_t cmdsize; /* sizeof(struct uuid_command) */
1175 uint8_t uuid[16]; /* the 128-bit uuid */
1176};
1177
1178/*
1179 * The rpath_command contains a path which at runtime should be added to
1180 * the current run path used to find @rpath prefixed dylibs.
1181 */
1182struct rpath_command {
1183 uint32_t cmd; /* LC_RPATH */
1184 uint32_t cmdsize; /* includes string */
1185 union lc_str path; /* path to add to run path */
1186};
1187
1188/*
1189 * The linkedit_data_command contains the offsets and sizes of a blob
1190 * of data in the __LINKEDIT segment.
1191 */
1192struct linkedit_data_command {
1193 uint32_t cmd; /* LC_CODE_SIGNATURE, LC_SEGMENT_SPLIT_INFO,
1194 LC_FUNCTION_STARTS, LC_DATA_IN_CODE,
1195 LC_DYLIB_CODE_SIGN_DRS,
1196 LC_LINKER_OPTIMIZATION_HINT,
1197 LC_DYLD_EXPORTS_TRIE, or
1198 LC_DYLD_CHAINED_FIXUPS. */
1199 uint32_t cmdsize; /* sizeof(struct linkedit_data_command) */
1200 uint32_t dataoff; /* file offset of data in __LINKEDIT segment */
1201 uint32_t datasize; /* file size of data in __LINKEDIT segment */
1202};
1203
1204struct fileset_entry_command {
1205 uint32_t cmd; /* LC_FILESET_ENTRY */
1206 uint32_t cmdsize; /* includes id string */
1207 uint64_t vmaddr; /* memory address of the dylib */
1208 uint64_t fileoff; /* file offset of the dylib */
1209 union lc_str entry_id; /* contained entry id */
1210 uint32_t reserved; /* entry_id is 32-bits long, so this is the reserved padding */
1211};
1212
1213/*
1214 * The encryption_info_command contains the file offset and size of an
1215 * of an encrypted segment.
1216 */
1217struct encryption_info_command {
1218 uint32_t cmd; /* LC_ENCRYPTION_INFO */
1219 uint32_t cmdsize; /* sizeof(struct encryption_info_command) */
1220 uint32_t cryptoff; /* file offset of encrypted range */
1221 uint32_t cryptsize; /* file size of encrypted range */
1222 uint32_t cryptid; /* which enryption system,
1223 0 means not-encrypted yet */
1224};
1225
1226/*
1227 * The encryption_info_command_64 contains the file offset and size of an
1228 * of an encrypted segment (for use in x86_64 targets).
1229 */
1230struct encryption_info_command_64 {
1231 uint32_t cmd; /* LC_ENCRYPTION_INFO_64 */
1232 uint32_t cmdsize; /* sizeof(struct encryption_info_command_64) */
1233 uint32_t cryptoff; /* file offset of encrypted range */
1234 uint32_t cryptsize; /* file size of encrypted range */
1235 uint32_t cryptid; /* which enryption system,
1236 0 means not-encrypted yet */
1237 uint32_t pad; /* padding to make this struct's size a multiple
1238 of 8 bytes */
1239};
1240
1241/*
1242 * The version_min_command contains the min OS version on which this
1243 * binary was built to run.
1244 */
1245struct version_min_command {
1246 uint32_t cmd; /* LC_VERSION_MIN_MACOSX or
1247 LC_VERSION_MIN_IPHONEOS or
1248 LC_VERSION_MIN_WATCHOS or
1249 LC_VERSION_MIN_TVOS */
1250 uint32_t cmdsize; /* sizeof(struct min_version_command) */
1251 uint32_t version; /* X.Y.Z is encoded in nibbles xxxx.yy.zz */
1252 uint32_t sdk; /* X.Y.Z is encoded in nibbles xxxx.yy.zz */
1253};
1254
1255/*
1256 * The build_version_command contains the min OS version on which this
1257 * binary was built to run for its platform. The list of known platforms and
1258 * tool values following it.
1259 */
1260struct build_version_command {
1261 uint32_t cmd; /* LC_BUILD_VERSION */
1262 uint32_t cmdsize; /* sizeof(struct build_version_command) plus */
1263 /* ntools * sizeof(struct build_tool_version) */
1264 uint32_t platform; /* platform */
1265 uint32_t minos; /* X.Y.Z is encoded in nibbles xxxx.yy.zz */
1266 uint32_t sdk; /* X.Y.Z is encoded in nibbles xxxx.yy.zz */
1267 uint32_t ntools; /* number of tool entries following this */
1268};
1269
1270struct build_tool_version {
1271 uint32_t tool; /* enum for the tool */
1272 uint32_t version; /* version number of the tool */
1273};
1274
1275/* Known values for the platform field above. */
1276#define PLATFORM_MACOS 1
1277#define PLATFORM_IOS 2
1278#define PLATFORM_TVOS 3
1279#define PLATFORM_WATCHOS 4
1280#define PLATFORM_BRIDGEOS 5
1281#define PLATFORM_MACCATALYST 6
1282#define PLATFORM_IOSSIMULATOR 7
1283#define PLATFORM_TVOSSIMULATOR 8
1284#define PLATFORM_WATCHOSSIMULATOR 9
1285#define PLATFORM_DRIVERKIT 10
1286#define PLATFORM_MAX PLATFORM_DRIVERKIT
1287/* Addition of simulated platfrom also needs to update proc_is_simulated() */
1288
1289/* Known values for the tool field above. */
1290#define TOOL_CLANG 1
1291#define TOOL_SWIFT 2
1292#define TOOL_LD 3
1293
1294/*
1295 * The dyld_info_command contains the file offsets and sizes of
1296 * the new compressed form of the information dyld needs to
1297 * load the image. This information is used by dyld on Mac OS X
1298 * 10.6 and later. All information pointed to by this command
1299 * is encoded using byte streams, so no endian swapping is needed
1300 * to interpret it.
1301 */
1302struct dyld_info_command {
1303 uint32_t cmd; /* LC_DYLD_INFO or LC_DYLD_INFO_ONLY */
1304 uint32_t cmdsize; /* sizeof(struct dyld_info_command) */
1305
1306 /*
1307 * Dyld rebases an image whenever dyld loads it at an address different
1308 * from its preferred address. The rebase information is a stream
1309 * of byte sized opcodes whose symbolic names start with REBASE_OPCODE_.
1310 * Conceptually the rebase information is a table of tuples:
1311 * <seg-index, seg-offset, type>
1312 * The opcodes are a compressed way to encode the table by only
1313 * encoding when a column changes. In addition simple patterns
1314 * like "every n'th offset for m times" can be encoded in a few
1315 * bytes.
1316 */
1317 uint32_t rebase_off; /* file offset to rebase info */
1318 uint32_t rebase_size; /* size of rebase info */
1319
1320 /*
1321 * Dyld binds an image during the loading process, if the image
1322 * requires any pointers to be initialized to symbols in other images.
1323 * The bind information is a stream of byte sized
1324 * opcodes whose symbolic names start with BIND_OPCODE_.
1325 * Conceptually the bind information is a table of tuples:
1326 * <seg-index, seg-offset, type, symbol-library-ordinal, symbol-name, addend>
1327 * The opcodes are a compressed way to encode the table by only
1328 * encoding when a column changes. In addition simple patterns
1329 * like for runs of pointers initialzed to the same value can be
1330 * encoded in a few bytes.
1331 */
1332 uint32_t bind_off; /* file offset to binding info */
1333 uint32_t bind_size; /* size of binding info */
1334
1335 /*
1336 * Some C++ programs require dyld to unique symbols so that all
1337 * images in the process use the same copy of some code/data.
1338 * This step is done after binding. The content of the weak_bind
1339 * info is an opcode stream like the bind_info. But it is sorted
1340 * alphabetically by symbol name. This enable dyld to walk
1341 * all images with weak binding information in order and look
1342 * for collisions. If there are no collisions, dyld does
1343 * no updating. That means that some fixups are also encoded
1344 * in the bind_info. For instance, all calls to "operator new"
1345 * are first bound to libstdc++.dylib using the information
1346 * in bind_info. Then if some image overrides operator new
1347 * that is detected when the weak_bind information is processed
1348 * and the call to operator new is then rebound.
1349 */
1350 uint32_t weak_bind_off; /* file offset to weak binding info */
1351 uint32_t weak_bind_size; /* size of weak binding info */
1352
1353 /*
1354 * Some uses of external symbols do not need to be bound immediately.
1355 * Instead they can be lazily bound on first use. The lazy_bind
1356 * are contains a stream of BIND opcodes to bind all lazy symbols.
1357 * Normal use is that dyld ignores the lazy_bind section when
1358 * loading an image. Instead the static linker arranged for the
1359 * lazy pointer to initially point to a helper function which
1360 * pushes the offset into the lazy_bind area for the symbol
1361 * needing to be bound, then jumps to dyld which simply adds
1362 * the offset to lazy_bind_off to get the information on what
1363 * to bind.
1364 */
1365 uint32_t lazy_bind_off; /* file offset to lazy binding info */
1366 uint32_t lazy_bind_size; /* size of lazy binding infs */
1367
1368 /*
1369 * The symbols exported by a dylib are encoded in a trie. This
1370 * is a compact representation that factors out common prefixes.
1371 * It also reduces LINKEDIT pages in RAM because it encodes all
1372 * information (name, address, flags) in one small, contiguous range.
1373 * The export area is a stream of nodes. The first node sequentially
1374 * is the start node for the trie.
1375 *
1376 * Nodes for a symbol start with a uleb128 that is the length of
1377 * the exported symbol information for the string so far.
1378 * If there is no exported symbol, the node starts with a zero byte.
1379 * If there is exported info, it follows the length.
1380 *
1381 * First is a uleb128 containing flags. Normally, it is followed by
1382 * a uleb128 encoded offset which is location of the content named
1383 * by the symbol from the mach_header for the image. If the flags
1384 * is EXPORT_SYMBOL_FLAGS_REEXPORT, then following the flags is
1385 * a uleb128 encoded library ordinal, then a zero terminated
1386 * UTF8 string. If the string is zero length, then the symbol
1387 * is re-export from the specified dylib with the same name.
1388 * If the flags is EXPORT_SYMBOL_FLAGS_STUB_AND_RESOLVER, then following
1389 * the flags is two uleb128s: the stub offset and the resolver offset.
1390 * The stub is used by non-lazy pointers. The resolver is used
1391 * by lazy pointers and must be called to get the actual address to use.
1392 *
1393 * After the optional exported symbol information is a byte of
1394 * how many edges (0-255) that this node has leaving it,
1395 * followed by each edge.
1396 * Each edge is a zero terminated UTF8 of the addition chars
1397 * in the symbol, followed by a uleb128 offset for the node that
1398 * edge points to.
1399 *
1400 */
1401 uint32_t export_off; /* file offset to lazy binding info */
1402 uint32_t export_size; /* size of lazy binding infs */
1403};
1404
1405/*
1406 * The following are used to encode rebasing information
1407 */
1408#define REBASE_TYPE_POINTER 1
1409#define REBASE_TYPE_TEXT_ABSOLUTE32 2
1410#define REBASE_TYPE_TEXT_PCREL32 3
1411
1412#define REBASE_OPCODE_MASK 0xF0
1413#define REBASE_IMMEDIATE_MASK 0x0F
1414#define REBASE_OPCODE_DONE 0x00
1415#define REBASE_OPCODE_SET_TYPE_IMM 0x10
1416#define REBASE_OPCODE_SET_SEGMENT_AND_OFFSET_ULEB 0x20
1417#define REBASE_OPCODE_ADD_ADDR_ULEB 0x30
1418#define REBASE_OPCODE_ADD_ADDR_IMM_SCALED 0x40
1419#define REBASE_OPCODE_DO_REBASE_IMM_TIMES 0x50
1420#define REBASE_OPCODE_DO_REBASE_ULEB_TIMES 0x60
1421#define REBASE_OPCODE_DO_REBASE_ADD_ADDR_ULEB 0x70
1422#define REBASE_OPCODE_DO_REBASE_ULEB_TIMES_SKIPPING_ULEB 0x80
1423
1424
1425/*
1426 * The following are used to encode binding information
1427 */
1428#define BIND_TYPE_POINTER 1
1429#define BIND_TYPE_TEXT_ABSOLUTE32 2
1430#define BIND_TYPE_TEXT_PCREL32 3
1431
1432#define BIND_SPECIAL_DYLIB_SELF 0
1433#define BIND_SPECIAL_DYLIB_MAIN_EXECUTABLE -1
1434#define BIND_SPECIAL_DYLIB_FLAT_LOOKUP -2
1435#define BIND_SPECIAL_DYLIB_WEAK_LOOKUP -3
1436
1437#define BIND_SYMBOL_FLAGS_WEAK_IMPORT 0x1
1438#define BIND_SYMBOL_FLAGS_NON_WEAK_DEFINITION 0x8
1439
1440#define BIND_OPCODE_MASK 0xF0
1441#define BIND_IMMEDIATE_MASK 0x0F
1442#define BIND_OPCODE_DONE 0x00
1443#define BIND_OPCODE_SET_DYLIB_ORDINAL_IMM 0x10
1444#define BIND_OPCODE_SET_DYLIB_ORDINAL_ULEB 0x20
1445#define BIND_OPCODE_SET_DYLIB_SPECIAL_IMM 0x30
1446#define BIND_OPCODE_SET_SYMBOL_TRAILING_FLAGS_IMM 0x40
1447#define BIND_OPCODE_SET_TYPE_IMM 0x50
1448#define BIND_OPCODE_SET_ADDEND_SLEB 0x60
1449#define BIND_OPCODE_SET_SEGMENT_AND_OFFSET_ULEB 0x70
1450#define BIND_OPCODE_ADD_ADDR_ULEB 0x80
1451#define BIND_OPCODE_DO_BIND 0x90
1452#define BIND_OPCODE_DO_BIND_ADD_ADDR_ULEB 0xA0
1453#define BIND_OPCODE_DO_BIND_ADD_ADDR_IMM_SCALED 0xB0
1454#define BIND_OPCODE_DO_BIND_ULEB_TIMES_SKIPPING_ULEB 0xC0
1455#define BIND_OPCODE_THREADED 0xD0
1456#define BIND_SUBOPCODE_THREADED_SET_BIND_ORDINAL_TABLE_SIZE_ULEB 0x00
1457#define BIND_SUBOPCODE_THREADED_APPLY 0x01
1458
1459
1460/*
1461 * The following are used on the flags byte of a terminal node
1462 * in the export information.
1463 */
1464#define EXPORT_SYMBOL_FLAGS_KIND_MASK 0x03
1465#define EXPORT_SYMBOL_FLAGS_KIND_REGULAR 0x00
1466#define EXPORT_SYMBOL_FLAGS_KIND_THREAD_LOCAL 0x01
1467#define EXPORT_SYMBOL_FLAGS_KIND_ABSOLUTE 0x02
1468#define EXPORT_SYMBOL_FLAGS_WEAK_DEFINITION 0x04
1469#define EXPORT_SYMBOL_FLAGS_REEXPORT 0x08
1470#define EXPORT_SYMBOL_FLAGS_STUB_AND_RESOLVER 0x10
1471
1472/*
1473 * The linker_option_command contains linker options embedded in object files.
1474 */
1475struct linker_option_command {
1476 uint32_t cmd; /* LC_LINKER_OPTION only used in MH_OBJECT filetypes */
1477 uint32_t cmdsize;
1478 uint32_t count; /* number of strings */
1479 /* concatenation of zero terminated UTF8 strings.
1480 Zero filled at end to align */
1481};
1482
1483/*
1484 * The symseg_command contains the offset and size of the GNU style
1485 * symbol table information as described in the header file <symseg.h>.
1486 * The symbol roots of the symbol segments must also be aligned properly
1487 * in the file. So the requirement of keeping the offsets aligned to a
1488 * multiple of a 4 bytes translates to the length field of the symbol
1489 * roots also being a multiple of a long. Also the padding must again be
1490 * zeroed. (THIS IS OBSOLETE and no longer supported).
1491 */
1492struct symseg_command {
1493 uint32_t cmd; /* LC_SYMSEG */
1494 uint32_t cmdsize; /* sizeof(struct symseg_command) */
1495 uint32_t offset; /* symbol segment offset */
1496 uint32_t size; /* symbol segment size in bytes */
1497};
1498
1499/*
1500 * The ident_command contains a free format string table following the
1501 * ident_command structure. The strings are null terminated and the size of
1502 * the command is padded out with zero bytes to a multiple of 4 bytes/
1503 * (THIS IS OBSOLETE and no longer supported).
1504 */
1505struct ident_command {
1506 uint32_t cmd; /* LC_IDENT */
1507 uint32_t cmdsize; /* strings that follow this command */
1508};
1509
1510/*
1511 * The fvmfile_command contains a reference to a file to be loaded at the
1512 * specified virtual address. (Presently, this command is reserved for
1513 * internal use. The kernel ignores this command when loading a program into
1514 * memory).
1515 */
1516struct fvmfile_command {
1517 uint32_t cmd; /* LC_FVMFILE */
1518 uint32_t cmdsize; /* includes pathname string */
1519 union lc_str name; /* files pathname */
1520 uint32_t header_addr; /* files virtual address */
1521};
1522
1523
1524/*
1525 * The entry_point_command is a replacement for thread_command.
1526 * It is used for main executables to specify the location (file offset)
1527 * of main(). If -stack_size was used at link time, the stacksize
1528 * field will contain the stack size need for the main thread.
1529 */
1530struct entry_point_command {
1531 uint32_t cmd; /* LC_MAIN only used in MH_EXECUTE filetypes */
1532 uint32_t cmdsize; /* 24 */
1533 uint64_t entryoff; /* file (__TEXT) offset of main() */
1534 uint64_t stacksize;/* if not zero, initial stack size */
1535};
1536
1537
1538/*
1539 * The source_version_command is an optional load command containing
1540 * the version of the sources used to build the binary.
1541 */
1542struct source_version_command {
1543 uint32_t cmd; /* LC_SOURCE_VERSION */
1544 uint32_t cmdsize; /* 16 */
1545 uint64_t version; /* A.B.C.D.E packed as a24.b10.c10.d10.e10 */
1546};
1547
1548
1549/*
1550 * The LC_DATA_IN_CODE load commands uses a linkedit_data_command
1551 * to point to an array of data_in_code_entry entries. Each entry
1552 * describes a range of data in a code section.
1553 */
1554struct data_in_code_entry {
1555 uint32_t offset; /* from mach_header to start of data range*/
1556 uint16_t length; /* number of bytes in data range */
1557 uint16_t kind; /* a DICE_KIND_* value */
1558};
1559#define DICE_KIND_DATA 0x0001
1560#define DICE_KIND_JUMP_TABLE8 0x0002
1561#define DICE_KIND_JUMP_TABLE16 0x0003
1562#define DICE_KIND_JUMP_TABLE32 0x0004
1563#define DICE_KIND_ABS_JUMP_TABLE32 0x0005
1564
1565
1566
1567/*
1568 * Sections of type S_THREAD_LOCAL_VARIABLES contain an array
1569 * of tlv_descriptor structures.
1570 */
1571struct tlv_descriptor
1572{
1573 void* (*thunk)(struct tlv_descriptor*);
1574 unsigned long key;
1575 unsigned long offset;
1576};
1577
1578/*
1579 * LC_NOTE commands describe a region of arbitrary data included in a Mach-O
1580 * file. Its initial use is to record extra data in MH_CORE files.
1581 */
1582struct note_command {
1583 uint32_t cmd; /* LC_NOTE */
1584 uint32_t cmdsize; /* sizeof(struct note_command) */
1585 char data_owner[16]; /* owner name for this LC_NOTE */
1586 uint64_t offset; /* file offset of this data */
1587 uint64_t size; /* length of data region */
1588};
1589
1590#endif /* _MACHO_LOADER_H_ */
1591