Class that represents the LC_THREAD / LC_UNIXTHREAD commands and that can be used to get the binary entrypoint when the LC_MAIN (MainCommand) is not present. More...
#include <ThreadCommand.hpp>
Public Member Functions | |
| ThreadCommand (const details::thread_command &cmd, CPU_TYPES arch=CPU_TYPES::CPU_TYPE_ANY) | |
| ThreadCommand (uint32_t flavor, uint32_t count, CPU_TYPES arch=CPU_TYPES::CPU_TYPE_ANY) | |
| ThreadCommand & | operator= (const ThreadCommand ©) |
| ThreadCommand (const ThreadCommand ©) | |
| ThreadCommand * | clone () const override |
| uint32_t | flavor () const |
| Integer that defines a special flavor for the thread. | |
| uint32_t | count () const |
| Size of the thread state data with 32-bits alignment. | |
| CPU_TYPES | architecture () const |
| The CPU architecture that is targeted by this ThreadCommand. | |
| span< const uint8_t > | state () const |
| The actual thread state as a vector of bytes. Depending on the architecture(), these data can be casted into x86_thread_state_t, x86_thread_state64_t, ... | |
| span< uint8_t > | state () |
| uint64_t | pc () const |
| Return the initial Program Counter regardless of the underlying architecture. This value, when non null, can be used to determine the binary's entrypoint. | |
| void | state (const std::vector< uint8_t > &state) |
| void | flavor (uint32_t flavor) |
| void | count (uint32_t count) |
| void | architecture (CPU_TYPES arch) |
| void | accept (Visitor &visitor) const override |
| std::ostream & | print (std::ostream &os) const override |
 Public Member Functions inherited from LIEF::MachO::LoadCommand | |
| LoadCommand (const details::load_command &command) | |
| LoadCommand (LOAD_COMMAND_TYPES type, uint32_t size) | |
| LoadCommand & | operator= (LoadCommand copy) |
| LoadCommand (const LoadCommand ©) | |
| void | swap (LoadCommand &other) |
| LOAD_COMMAND_TYPES | command () const |
| Command type. | |
| uint32_t | size () const |
Size of the command (should be greather than sizeof(load_command)) | |
| span< const uint8_t > | data () const |
| Raw command. | |
| uint64_t | command_offset () const |
| Offset of the command within the Load Command Table | |
| void | data (const raw_t &data) |
| void | command (LOAD_COMMAND_TYPES command) |
| void | size (uint32_t size) |
| void | command_offset (uint64_t offset) |
| Public Member Functions inherited from LIEF::Object | |
| Object (const Object &other) | |
| Object & | operator= (const Object &other) |
| template<class T > | |
| output_t< T > | as () |
| template<class T > | |
| output_const_t< T > | as () const |
| virtual bool | operator== (const Object &other) const |
| virtual bool | operator!= (const Object &other) const |
Static Public Member Functions | |
| static bool | classof (const LoadCommand *cmd) |
| Static Public Member Functions inherited from LIEF::MachO::LoadCommand | |
| static bool | is_linkedit_data (const LoadCommand &cmd) |
Additional Inherited Members | |
| Public Types inherited from LIEF::MachO::LoadCommand | |
| using | raw_t = std::vector<uint8_t> |
| Public Types inherited from LIEF::Object | |
| template<class T > | |
| using | output_t = add_pointer_t<decay_t<T>> |
| template<class T > | |
| using | output_const_t = add_pointer_t<add_const_t<decay_t<T>>> |
Detailed Description
Class that represents the LC_THREAD / LC_UNIXTHREAD commands and that can be used to get the binary entrypoint when the LC_MAIN (MainCommand) is not present.
Generally speaking, this command aims at defining the original state of the main thread which includes the registers' values
Member Function Documentation
◆ accept()
|
overridevirtual |
Reimplemented from LIEF::MachO::LoadCommand.
◆ clone()
|
overridevirtual |
Reimplemented from LIEF::MachO::LoadCommand.
◆ count()
| uint32_t LIEF::MachO::ThreadCommand::count | ( | ) | const |
Size of the thread state data with 32-bits alignment.
This value should match state().size()
◆ flavor()
| uint32_t LIEF::MachO::ThreadCommand::flavor | ( | ) | const |
Integer that defines a special flavor for the thread.
The meaning of this value depends on the architecture(). The list of the values can be found in the XNU kernel files:
- xnu/osfmk/mach/arm/thread_status.h for the ARM/AArch64 architectures
- xnu/osfmk/mach/i386/thread_status.h for the x86/x86-64 architectures
◆ pc()
| uint64_t LIEF::MachO::ThreadCommand::pc | ( | ) | const |
Return the initial Program Counter regardless of the underlying architecture. This value, when non null, can be used to determine the binary's entrypoint.
Underneath, it works by looking for the PC register value in the state() data
◆ print()
|
overridevirtual |
Reimplemented from LIEF::MachO::LoadCommand.
The documentation for this class was generated from the following file:
