From 936e189fc3452a98e52d194fcfa6d4c08087b1c1 Mon Sep 17 00:00:00 2001 From: "Victor M. Alvarez" Date: Wed, 31 Jan 2024 12:54:23 +0100 Subject: [PATCH] chore: dump `cputype` and `cpusubtype` as hex numbers. --- ...e768bfaae4d21de61f776e2405324c498ef52b21b.out | 4 ++-- ...1f2a6dafb2bb8114803e8b26c0652ce4afccb94e1.out | 4 ++-- ...c12b53a00bae94f868ce65a3352177dd6a75797ff.out | 4 ++-- ...c28d329a5bf085619bbde2c4146b0cc00ebad21c8.out | 4 ++-- .../macho/tests/testdata/macho_ppc_file.out | 4 ++-- .../tests/testdata/macho_x86_64_dylib_file.out | 4 ++-- .../macho/tests/testdata/macho_x86_file.out | 4 ++-- .../tests/testdata/macho_x86_object_file.out | 4 ++-- .../modules/macho/tests/testdata/tiny_macho.out | 4 ++-- .../macho/tests/testdata/tiny_universal.out | 16 ++++++++-------- yara-x/src/modules/protos/macho.proto | 12 ++++++------ 11 files changed, 32 insertions(+), 32 deletions(-) diff --git a/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out b/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out index a31e18ba2..d9d65975c 100644 --- a/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out +++ b/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out @@ -1,6 +1,6 @@ magic: 0xcffaedfe -cputype: 16777223 -cpusubtype: 3 +cputype: 0x1000007 +cpusubtype: 0x3 filetype: 8 ncmds: 28 sizeofcmds: 2936 diff --git a/yara-x/src/modules/macho/tests/testdata/3d27411e4465ae14ab2d02e1f2a6dafb2bb8114803e8b26c0652ce4afccb94e1.out b/yara-x/src/modules/macho/tests/testdata/3d27411e4465ae14ab2d02e1f2a6dafb2bb8114803e8b26c0652ce4afccb94e1.out index 744249134..f8f0da3ad 100644 --- a/yara-x/src/modules/macho/tests/testdata/3d27411e4465ae14ab2d02e1f2a6dafb2bb8114803e8b26c0652ce4afccb94e1.out +++ b/yara-x/src/modules/macho/tests/testdata/3d27411e4465ae14ab2d02e1f2a6dafb2bb8114803e8b26c0652ce4afccb94e1.out @@ -1,6 +1,6 @@ magic: 0xcefaedfe -cputype: 7 -cpusubtype: 3 +cputype: 0x7 +cpusubtype: 0x3 filetype: 2 ncmds: 20 sizeofcmds: 2120 diff --git a/yara-x/src/modules/macho/tests/testdata/4d0725d5c506c7ec26be89ec12b53a00bae94f868ce65a3352177dd6a75797ff.out b/yara-x/src/modules/macho/tests/testdata/4d0725d5c506c7ec26be89ec12b53a00bae94f868ce65a3352177dd6a75797ff.out index 68f9dc647..ef30a53e0 100644 --- a/yara-x/src/modules/macho/tests/testdata/4d0725d5c506c7ec26be89ec12b53a00bae94f868ce65a3352177dd6a75797ff.out +++ b/yara-x/src/modules/macho/tests/testdata/4d0725d5c506c7ec26be89ec12b53a00bae94f868ce65a3352177dd6a75797ff.out @@ -1,6 +1,6 @@ magic: 0xfeedface -cputype: 18 -cpusubtype: 0 +cputype: 0x12 +cpusubtype: 0x0 filetype: 2 ncmds: 18 sizeofcmds: 2616 diff --git a/yara-x/src/modules/macho/tests/testdata/edf47dd000b9fdf4519fb61c28d329a5bf085619bbde2c4146b0cc00ebad21c8.out b/yara-x/src/modules/macho/tests/testdata/edf47dd000b9fdf4519fb61c28d329a5bf085619bbde2c4146b0cc00ebad21c8.out index 8d242698a..7ecbc278d 100644 --- a/yara-x/src/modules/macho/tests/testdata/edf47dd000b9fdf4519fb61c28d329a5bf085619bbde2c4146b0cc00ebad21c8.out +++ b/yara-x/src/modules/macho/tests/testdata/edf47dd000b9fdf4519fb61c28d329a5bf085619bbde2c4146b0cc00ebad21c8.out @@ -1,6 +1,6 @@ magic: 0xcffaedfe -cputype: 16777228 -cpusubtype: 0 +cputype: 0x100000c +cpusubtype: 0x0 filetype: 6 ncmds: 107 sizeofcmds: 11416 diff --git a/yara-x/src/modules/macho/tests/testdata/macho_ppc_file.out b/yara-x/src/modules/macho/tests/testdata/macho_ppc_file.out index 898e56cae..bf22f456c 100644 --- a/yara-x/src/modules/macho/tests/testdata/macho_ppc_file.out +++ b/yara-x/src/modules/macho/tests/testdata/macho_ppc_file.out @@ -1,6 +1,6 @@ magic: 0xfeedface -cputype: 18 -cpusubtype: 0 +cputype: 0x12 +cpusubtype: 0x0 filetype: 2 ncmds: 10 sizeofcmds: 1484 diff --git a/yara-x/src/modules/macho/tests/testdata/macho_x86_64_dylib_file.out b/yara-x/src/modules/macho/tests/testdata/macho_x86_64_dylib_file.out index 7df2c925a..d9e3c5f80 100644 --- a/yara-x/src/modules/macho/tests/testdata/macho_x86_64_dylib_file.out +++ b/yara-x/src/modules/macho/tests/testdata/macho_x86_64_dylib_file.out @@ -1,6 +1,6 @@ magic: 0xcffaedfe -cputype: 16777223 -cpusubtype: 3 +cputype: 0x1000007 +cpusubtype: 0x3 filetype: 6 ncmds: 13 sizeofcmds: 744 diff --git a/yara-x/src/modules/macho/tests/testdata/macho_x86_file.out b/yara-x/src/modules/macho/tests/testdata/macho_x86_file.out index 9992c66d6..62ae12055 100644 --- a/yara-x/src/modules/macho/tests/testdata/macho_x86_file.out +++ b/yara-x/src/modules/macho/tests/testdata/macho_x86_file.out @@ -1,6 +1,6 @@ magic: 0xcefaedfe -cputype: 7 -cpusubtype: 3 +cputype: 0x7 +cpusubtype: 0x3 filetype: 2 ncmds: 17 sizeofcmds: 1098 diff --git a/yara-x/src/modules/macho/tests/testdata/macho_x86_object_file.out b/yara-x/src/modules/macho/tests/testdata/macho_x86_object_file.out index f0b7c0691..2072f0851 100644 --- a/yara-x/src/modules/macho/tests/testdata/macho_x86_object_file.out +++ b/yara-x/src/modules/macho/tests/testdata/macho_x86_object_file.out @@ -1,6 +1,6 @@ magic: 0xcefaedfe -cputype: 7 -cpusubtype: 3 +cputype: 0x7 +cpusubtype: 0x3 filetype: 1 ncmds: 3 sizeofcmds: 228 diff --git a/yara-x/src/modules/macho/tests/testdata/tiny_macho.out b/yara-x/src/modules/macho/tests/testdata/tiny_macho.out index df992c9c1..cb5676b26 100644 --- a/yara-x/src/modules/macho/tests/testdata/tiny_macho.out +++ b/yara-x/src/modules/macho/tests/testdata/tiny_macho.out @@ -1,6 +1,6 @@ magic: 0xcefaedfe -cputype: 7 -cpusubtype: 3 +cputype: 0x7 +cpusubtype: 0x3 filetype: 2 ncmds: 2 sizeofcmds: 136 diff --git a/yara-x/src/modules/macho/tests/testdata/tiny_universal.out b/yara-x/src/modules/macho/tests/testdata/tiny_universal.out index 46611b6ff..09f2b9845 100644 --- a/yara-x/src/modules/macho/tests/testdata/tiny_universal.out +++ b/yara-x/src/modules/macho/tests/testdata/tiny_universal.out @@ -1,22 +1,22 @@ fat_magic: 0xcafebabe nfat_arch: 2 fat_arch: - - cputype: 7 - cpusubtype: 3 + - cputype: 0x7 + cpusubtype: 0x3 offset: 4096 size: 8512 align: 12 reserved: 0 - - cputype: 16777223 - cpusubtype: 2147483651 + - cputype: 0x1000007 + cpusubtype: 0x80000003 offset: 16384 size: 8544 align: 12 reserved: 0 file: - magic: 0xcefaedfe - cputype: 7 - cpusubtype: 3 + cputype: 0x7 + cpusubtype: 0x3 filetype: 2 ncmds: 16 sizeofcmds: 1060 @@ -165,8 +165,8 @@ file: locreloff: 0 nlocrel: 0 - magic: 0xcffaedfe - cputype: 16777223 - cpusubtype: 2147483651 + cputype: 0x1000007 + cpusubtype: 0x80000003 filetype: 2 ncmds: 16 sizeofcmds: 1296 diff --git a/yara-x/src/modules/protos/macho.proto b/yara-x/src/modules/protos/macho.proto index 8d1bf8b15..8dfd00475 100644 --- a/yara-x/src/modules/protos/macho.proto +++ b/yara-x/src/modules/protos/macho.proto @@ -67,8 +67,8 @@ message Segment { } message FatArch { - optional uint32 cputype = 1; - optional uint32 cpusubtype = 2; + optional uint32 cputype = 1 [(yaml.field).fmt = "x"]; + optional uint32 cpusubtype = 2 [(yaml.field).fmt = "x"]; optional uint64 offset = 3; optional uint64 size = 4; optional uint32 align = 5; @@ -77,8 +77,8 @@ message FatArch { message File { optional uint32 magic = 1 [(yaml.field).fmt = "x"]; - optional uint32 cputype = 2; - optional uint32 cpusubtype = 3; + optional uint32 cputype = 2 [(yaml.field).fmt = "x"]; + optional uint32 cpusubtype = 3 [(yaml.field).fmt = "x"]; optional uint32 filetype = 4; optional uint32 ncmds = 5; optional uint32 sizeofcmds = 6; @@ -98,8 +98,8 @@ message File { message Macho { // Set Mach-O header and basic fields optional uint32 magic = 1 [(yaml.field).fmt = "x"]; - optional uint32 cputype = 2; - optional uint32 cpusubtype = 3; + optional uint32 cputype = 2 [(yaml.field).fmt = "x"]; + optional uint32 cpusubtype = 3 [(yaml.field).fmt = "x"]; optional uint32 filetype = 4; optional uint32 ncmds = 5; optional uint32 sizeofcmds = 6;