Functions to operate in Mach-O files (x86-64)


I need some functions that operates on Mach-O files (x86/x64). I don’t know much about the Mach-O file format, but hopefully the following functionality can be implemented (I have this functionality for PE files):

Function 1: AppendToLastSection

This function will receive a filename, and a pointer to a buffer and its size that will be appended to the last section of the given Mach-O filename.

Function 2: GetRVAtoAppendToLastSection

This function returns the RVA of the last memory address (+1) in the last section. So, we can know at which RVA will start our buffer that will be appended to the last section

Function 3: GetRAWtoAppendToLastSection

This function returns the RAW file offset of the last byte (+1) in last section. So, we can know at which RAW address where it will start our buffer that will be appended to the last section

Function 4: AppendToNewSection

This function is the same as Function1 but instead of appending the buffer to the last section it will create a new section in the Mach-O file and copy the buffer on the new section.

Function 5: GetRVAtoAppendToNewSection

This function is the same as Function2 but for the new section

Function 6: GetRAWtoAppendToLastSection

This function is the same as Function3 but for the new section

Function 7: RedirectEntryPoint

This function will redirect the entry point of a given filename to a given RVA. So, we can for example redirect the entry point to the buffer that we have copied into the last or new section.

Function 8: GetRVAsCallToAPI

The idea of this function is that we can detect where in the code sections a specific API is called. So, you have to examine in all code sections where a CALL instruction (0xE8 or 0xFF15 opcodes) is located and check if it points to the given API name.

This function receives:

Filename: Name of the Mach-O file

APIName: Name of the API to search

BufferRVAout: This is a buffer that it will contain all RVAs (DWORDs) found in the file that points to the API and the type of CALL found (if it was from a “CALL API_Name (0xe8 opcode)” or “CALL [API_NAME (0xFF15 opcode). BufferRVAout is an array of structures like:

typedef struct sAPIinfo


DWORD rva;

BYTE type_call;


Function 9: DestroyCodeAtRVA

This function receives a filename (Mach-O) and an RVA and size to destroy in the file. The function will write random values in the file at the offsets that corresponds to RVA and RVA+size.

Function 10: StripLibrary

This functions removes from the import table in a given Mach-O file the linking with a specific library. So, after calling that function, the file won’t require that given library to run.


1) Please, provide working examples to check the functions (under Windows)

2) The solutions must be coded in Visual Studio in either C or C++

3) Please, provide well designed code (modular, commented…)

4) Please, if you are not able to implement any of the functions or it’s not possible to do it in Mach-O file format, please, let me know. I don’t want to start a project and in the middle of the implementation you say that any of the above functions is not possible to implement for Mach-O (x86/x64)

Beceriler: C Programlama, C++ Programlama, x86/x64 Çevirici

Daha fazlasını gör: mach import function, mach x64, getrvatoappendtolastsection, where to start programming, struct c programming, search structures, programming instruction, programming functions, pointer programming, functions programming, c programming typedef, c programming struct, c programming pointer, cplusplus struct, cplusplus programming examples, cplusplus array, array in c programming, search o, o search, x86, raw file, o, mach , appending, size function

İşveren Hakkında:
( 62 değerlendirme ) Jerez de la Frontera, Spain

Proje NO: #4388287

Bu iş için 1 freelancer ortalamada $714 teklif veriyor


Please look into PM. I am an expert in File Handling through C/C++.

in %bids___i_period_sub_35% gün içinde714%project_currencyDetails_sign_sub_37% %project_currencyDetails_code_sub_38%
(2 Değerlendirme)