fix: when searching for syms in shared_caches that use BOTH export tr…

…ies AND symtabs
blacktop · Jan 15, 2022 · e4d7f18 · e4d7f18
1 parent 9bc5ddd
commit e4d7f18
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 23 deletions.
diff --git a/cmd/ipsw/cmd/dyld_symaddr.go b/cmd/ipsw/cmd/dyld_symaddr.go
@@ -134,36 +134,44 @@ var symaddrCmd = &cobra.Command{
 					}
 				}
 
-				if sym, _ := f.FindLocalSymbolInImage(args[1], imageName); sym != nil {
-					sym.Sections = m.Sections
-					fmt.Println(sym)
-				}
+				// if sym, _ := f.FindLocalSymbolInImage(args[1], imageName); sym != nil {
+				// 	sym.Sections = m.Sections
+				// 	fmt.Println(sym)
+				// }
 
-				return nil
+				// return nil
 			}
 
 			/**********************************
 			 * Search ALL dylibs for a symbol *
 			 **********************************/
 			log.Warn("searching in local symbols...")
 			if lSym, _ := f.FindLocalSymbol(args[1]); lSym != nil {
+				if len(lSym.FoundInDylib) > 0 {
+					image, err := f.Image(lSym.FoundInDylib)
+					if err != nil {
+						return err
+					}
+					lSym.Macho, err = image.GetPartialMacho()
+					if err != nil {
+						return err
+					}
+				}
 				fmt.Println(lSym)
+				if !allMatches {
+					return nil
+				}
 			}
 			log.Warn("searching in exported symbols...")
 			for _, image := range f.Images {
-				// utils.Indent(log.Debug, 2)("Searching " + image.Name)
-				m, err := image.GetPartialMacho()
+				utils.Indent(log.Debug, 2)("Searching " + image.Name)
+				m, err := image.GetMacho()
 				if err != nil {
 					return err
 				}
-
 				w := tabwriter.NewWriter(os.Stdout, 0, 0, 1, ' ', 0)
 				if sym, err := f.FindExportedSymbolInImage(image.Name, args[1]); err != nil {
-					if !errors.Is(err, dyld.ErrSymbolNotInImage) {
-						m, err := image.GetMacho()
-						if err != nil {
-							return err
-						}
+					if errors.Is(err, dyld.ErrSymbolNotInExportTrie) {
 						for _, sym := range m.Symtab.Syms {
 							if sym.Name == args[1] {
 								var sec string
@@ -234,7 +242,7 @@ var symaddrCmd = &cobra.Command{
 			}
 			w := tabwriter.NewWriter(os.Stdout, 0, 0, 1, ' ', 0)
 			for _, sym := range i.LocalSymbols {
-				sym.Sections = m.Sections
+				sym.Macho = m
 				fmt.Fprintf(w, "%s\n", sym)
 			}
 			w.Flush()
@@ -252,9 +260,9 @@ var symaddrCmd = &cobra.Command{
 		* Dump ALL symbols*
 		*******************/
 		log.Warn("parsing exported symbols...")
-		if err = f.GetAllExportedSymbols(true); err != nil {
-			log.Errorf("failed to get all exported symbols: %v", err)
-		}
+		// if err = f.GetAllExportedSymbols(true); err != nil {
+		// 	log.Errorf("failed to get all exported symbols: %v", err)
+		// }
 
 		log.Warn("parsing local symbols (slow)...")
 		if err = f.ParseLocalSyms(); err != nil {
@@ -270,7 +278,7 @@ var symaddrCmd = &cobra.Command{
 			}
 			w := tabwriter.NewWriter(os.Stdout, 0, 0, 1, ' ', 0)
 			for _, sym := range image.LocalSymbols {
-				sym.Sections = m.Sections
+				sym.Macho = m
 				fmt.Fprintf(w, "%s\n", sym)
 			}
 			w.Flush()

diff --git a/pkg/dyld/symbols.go b/pkg/dyld/symbols.go
@@ -28,6 +28,7 @@ var ErrNoExportTrieInCache = errors.New("dyld shared cache does NOT contain expo
 
 // ErrNoExportTrieInMachO is the error for a shared cache that has no LocalSymbolsOffset
 var ErrNoExportTrieInMachO = errors.New("dylib does NOT contain export trie info")
+var ErrSymbolNotInExportTrie = errors.New("dylib does NOT contain symbolin export trie info")
 var ErrSymbolNotInImage = errors.New("dylib does NOT contain symbol")
 
 // ParseLocalSyms parses dyld's private symbols
@@ -392,19 +393,19 @@ func (f *File) GetAllExportedSymbols(dump bool) error {
 						}
 						w.Flush()
 					}
-
+					image.Analysis.State.SetExports(true)
 				} else {
 					return err
 				}
 			} else {
-				m, err := image.GetPartialMacho()
+				m, err := image.GetMacho()
 				if err != nil {
 					return err
 				}
 
 				for _, sym := range syms {
 					if sym.Flags.ReExport() {
-						sym.FoundInDylib = m.ImportedLibraries()[sym.Other-1]
+						sym.FoundInDylib = m.LibraryOrdinalName(int(sym.Other - 1))
 					} else {
 						sym.FoundInDylib = image.Name
 					}
@@ -414,9 +415,17 @@ func (f *File) GetAllExportedSymbols(dump bool) error {
 						// fmt.Println(sym)
 					} else {
 						f.AddressToSymbol[sym.Address] = sym.Name
-						image.Analysis.State.SetExports(true)
 					}
 				}
+				for _, sym := range m.Symtab.Syms {
+					f.AddressToSymbol[sym.Value] = sym.Name
+				}
+				if binds, err := m.GetBindInfo(); err == nil {
+					for _, bind := range binds {
+						f.AddressToSymbol[bind.Start+bind.Offset] = bind.Name
+					}
+				}
+				image.Analysis.State.SetExports(true)
 				w.Flush()
 			}
 		}
@@ -627,7 +636,7 @@ func (f *File) FindExportedSymbolInImage(imagePath, symbolName string) (*trie.Tr
 		}
 	}
 
-	return nil, fmt.Errorf("failed to find in image %s: %w", imagePath, ErrSymbolNotInImage)
+	return nil, fmt.Errorf("failed to find in image %s export trie: %w", imagePath, ErrSymbolNotInExportTrie)
 }
 
 // GetSymbolAddress returns the virtual address and possibly the dylib containing a given symbol