Skip to content

Does not parse LC_UNIXTHREAD #6

New issue
New issue
Open
Open
Does not parse LC_UNIXTHREAD#6
@mnrkbys

Description

@mnrkbys
mnrkbys
opened on Jul 8, 2020

MachO-Explorer seems not to parse LC_UNIXTHREAD load command as in the figure below.
スクリーンショット 2020-07-08 17 39 05

Note that the file to be analyzed is a malware binary.
otool command can parse it.

Mach header
      magic cputype cpusubtype  caps    filetype ncmds sizeofcmds      flags
 0xfeedfacf 16777223          3  0x80           2     5        496 0x00000085
Load command 0
      cmd LC_SEGMENT_64
  cmdsize 72
  segname __PAGEZERO
   vmaddr 0x0000000000000000
   vmsize 0x00000000f0000000
  fileoff 0
 filesize 0
  maxprot 0x00000000
 initprot 0x00000000
   nsects 0
    flags 0x0
Load command 1
      cmd LC_SEGMENT_64
  cmdsize 152
  segname __TEXT
   vmaddr 0x00000000f0000000
   vmsize 0x000000000000b000
  fileoff 0
 filesize 45056
  maxprot 0x00000007
 initprot 0x00000005
   nsects 1
    flags 0x0
Section
  sectname __cfstring
   segname __TEXT
      addr 0x00000000f00008fd
      size 0x000000000000a703
    offset 2301
     align 2^0 (1)
    reloff 0
    nreloc 0
     flags 0x80000400
 reserved1 0
 reserved2 0
Load command 2
      cmd LC_SEGMENT_64
  cmdsize 72
  segname __LINKEDIT
   vmaddr 0x00000000f000b000
   vmsize 0x0000000000001000
  fileoff 45056
 filesize 2888
  maxprot 0x00000007
 initprot 0x00000005
   nsects 0
    flags 0x0
Load command 3
      cmd LC_VERSION_MIN_MACOSX
  cmdsize 16
  version 10.6
      sdk 10.6
Load command 4
        cmd LC_UNIXTHREAD
    cmdsize 184
     flavor x86_THREAD_STATE64
      count x86_THREAD_STATE64_COUNT
   rax  0x0000000000000000 rbx 0x0000000000000000 rcx  0x0000000000000000
   rdx  0x0000000000000000 rdi 0x0000000000000000 rsi  0x0000000000000000
   rbp  0x0000000000000000 rsp 0x0000000000000000 r8   0x0000000000000000
    r9  0x0000000000000000 r10 0x0000000000000000 r11  0x0000000000000000
   r12  0x0000000000000000 r13 0x0000000000000000 r14  0x0000000000000000
   r15  0x0000000000000000 rip 0x00000000f0000e44
rflags  0x0000000000000000 cs  0x0000000000000000 fs   0x0000000000000000
    gs  0x0000000000000000

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions