Why is __LINKEDIT sometimes 0x1000 off?

问题

Parsing an already-loaded Mach-O binary in memory...

Sometimes the string table, symbol table, etc, are where they should be, and sometimes they're 0x1000 off.

For example, I might run my program and baseOffset + cmd->symoff is accurate. Then I'll unit test and baseOffset + cmd->symoff + 0x1000 is accurate. baseOffset is always valid and pointing to a valid Mach header.

回答1:

I figured it out by looking at dyld source code... It's not guarenteed to be 0x1000 off, however, the link edit offset is: baseImageOffset + linkedit.vmaddr - linkedit.fileoff. Most of the time this difference is 0, but sometimes it is not.

This impacts LC_FUNCTION_STARTS (cmd->dataoff) and LC_SYMTAB (cmd->stroff and cmd->symoff)

来源：https://stackoverflow.com/questions/34253370/why-is-linkedit-sometimes-0x1000-off

标签

macos

binary

dyld

mach-o

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!