Kapalı

Functions to operate in Mach-O files (x86-64)

Hi,

I need some functions that operates on Mach-O files (x86/x64). I don’t know much about the Mach-O file format, but hopefully the following functionality can be implemented (I have this functionality for PE files):

Function 1: AppendToLastSection

This function will receive a filename, and a pointer to a buffer and its size that will be appended to the last section of the given Mach-O filename.

Function 2: GetRVAtoAppendToLastSection

This function returns the RVA of the last memory address (+1) in the last section. So, we can know at which RVA will start our buffer that will be appended to the last section

Function 3: GetRAWtoAppendToLastSection

This function returns the RAW file offset of the last byte (+1) in last section. So, we can know at which RAW address where it will start our buffer that will be appended to the last section

Function 4: AppendToNewSection

This function is the same as Function1 but instead of appending the buffer to the last section it will create a new section in the Mach-O file and copy the buffer on the new section.

Function 5: GetRVAtoAppendToNewSection

This function is the same as Function2 but for the new section

Function 6: GetRAWtoAppendToLastSection

This function is the same as Function3 but for the new section

Function 7: RedirectEntryPoint

This function will redirect the entry point of a given filename to a given RVA. So, we can for example redirect the entry point to the buffer that we have copied into the last or new section.

Function 8: GetRVAsCallToAPI

The idea of this function is that we can detect where in the code sections a specific API is called. So, you have to examine in all code sections where a CALL instruction (0xE8 or 0xFF15 opcodes) is located and check if it points to the given API name.

This function receives:

Filename: Name of the Mach-O file

APIName: Name of the API to search

BufferRVAout: This is a buffer that it will contain all RVAs (DWORDs) found in the file that points to the API and the type of CALL found (if it was from a “CALL API_Name (0xe8 opcode)” or “CALL [API_NAME (0xFF15 opcode). BufferRVAout is an array of structures like:

typedef struct sAPIinfo

{

DWORD rva;

BYTE type_call;

}

Function 9: DestroyCodeAtRVA

This function receives a filename (Mach-O) and an RVA and size to destroy in the file. The function will write random values in the file at the offsets that corresponds to RVA and RVA+size.

Function 10: StripLibrary

This functions removes from the import table in a given Mach-O file the linking with a specific library. So, after calling that function, the file won’t require that given library to run.

REQUERIMENTS:

1) Please, provide working examples to check the functions (under Windows)

2) The solutions must be coded in Visual Studio in either C or C++

3) Please, provide well designed code (modular, commented…)

4) Please, if you are not able to implement any of the functions or it’s not possible to do it in Mach-O file format, please, let me know. I don’t want to start a project and in the middle of the implementation you say that any of the above functions is not possible to implement for Mach-O (x86/x64)

Beceriler: C Programlama, C++ Programlama, x86/x64 Çevirici

Daha fazlasını görün: mach import function, mach x64, getrvatoappendtolastsection, where to start programming, struct c programming, search structures, programming instruction, programming functions, pointer programming, functions programming, c programming typedef, c programming struct, c programming pointer, cplusplus struct, cplusplus programming examples, cplusplus array, array in c programming, search o, o search, x86, raw file, o, mach , appending, size function

İşveren Hakkında:
( 62 değerlendirme ) Jerez de la Frontera, Spain

Proje NO: #4388287

1 freelancer is bidding on average $714 for this job

SaSTechnologies

Please look into PM. I am an expert in File Handling through C/C++.

in 14 gün içinde714$ USD
(2 Değerlendirme)
0.5