diff --git a/yara-x/src/modules/macho/tests/testdata/8962a76d0aeaee3326cf840de11543c8beebeb768e712bd3b754b5cd3e151356.in.zip b/yara-x/src/modules/macho/tests/testdata/8962a76d0aeaee3326cf840de11543c8beebeb768e712bd3b754b5cd3e151356.in.zip new file mode 100644 index 000000000..28f93ac82 Binary files /dev/null and b/yara-x/src/modules/macho/tests/testdata/8962a76d0aeaee3326cf840de11543c8beebeb768e712bd3b754b5cd3e151356.in.zip differ diff --git a/yara-x/src/modules/macho/tests/testdata/8962a76d0aeaee3326cf840de11543c8beebeb768e712bd3b754b5cd3e151356.out b/yara-x/src/modules/macho/tests/testdata/8962a76d0aeaee3326cf840de11543c8beebeb768e712bd3b754b5cd3e151356.out new file mode 100644 index 000000000..62b3adab4 --- /dev/null +++ b/yara-x/src/modules/macho/tests/testdata/8962a76d0aeaee3326cf840de11543c8beebeb768e712bd3b754b5cd3e151356.out @@ -0,0 +1,81 @@ +magic: 0xcefaedfe +cputype: 0xc +cpusubtype: 0x6 +filetype: 2 +ncmds: 6 +sizeofcmds: 536 +flags: 0x2001 +number_of_segments: 4 +entry_point: 3476 +segments: + - segname: "__PAGEZERO" + vmaddr: 0x0 + vmsize: 0x1000 + fileoff: 0 + filesize: 0 + maxprot: 0x0 + initprot: 0x0 + nsects: 0 + flags: 0x4 + - segname: "__TEXT" + vmaddr: 0x1000 + vmsize: 0x3000 + fileoff: 0 + filesize: 12288 + maxprot: 0x7 + initprot: 0x5 + nsects: 2 + flags: 0x0 + sections: + - segname: "__TEXT" + sectname: "__text" + addr: 0x1d94 + size: 0x2044 + offset: 3476 + align: 2 + reloff: 0 + nreloc: 0 + flags: 0x0 + reserved1: 0 + reserved2: 0 + - segname: "__TEXT" + sectname: "__cstring" + addr: 0x3de0 + size: 0x210 + offset: 11744 + align: 4 + reloff: 0 + nreloc: 0 + flags: 0x2 + reserved1: 0 + reserved2: 0 + - segname: "__DATA" + vmaddr: 0x4000 + vmsize: 0x1000 + fileoff: 12288 + filesize: 4096 + maxprot: 0x7 + initprot: 0x3 + nsects: 1 + flags: 0x0 + sections: + - segname: "__DATA" + sectname: "__data" + addr: 0x4000 + size: 0x4 + offset: 12288 + align: 2 + reloff: 0 + nreloc: 0 + flags: 0x0 + reserved1: 0 + reserved2: 0 + - segname: "__LINKEDIT" + vmaddr: 0x5000 + vmsize: 0x1000 + fileoff: 16384 + filesize: 88 + maxprot: 0x7 + initprot: 0x1 + nsects: 0 + flags: 0x4 \ No newline at end of file diff --git a/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.in.zip b/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.in.zip new file mode 100644 index 000000000..c0d94ba8a Binary files /dev/null and b/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.in.zip differ diff --git a/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out b/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out new file mode 100644 index 000000000..29dcbee41 --- /dev/null +++ b/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out @@ -0,0 +1,338 @@ +fat_magic: 0xcafebabe +nfat_arch: 2 +fat_arch: + - cputype: 0x1000007 + cpusubtype: 0x3 + offset: 16384 + size: 33232 + align: 14 + reserved: 0 + - cputype: 0x100000c + cpusubtype: 0x0 + offset: 65536 + size: 33528 + align: 14 + reserved: 0 +file: + - magic: 0xcffaedfe + cputype: 0x1000007 + cpusubtype: 0x3 + filetype: 2 + ncmds: 15 + sizeofcmds: 1688 + flags: 0x200085 + reserved: 0 + number_of_segments: 4 + dynamic_linker: "/usr/lib/dyld" + entry_point: 15952 + segments: + - segname: "__PAGEZERO" + vmaddr: 0x0 + vmsize: 0x100000000 + fileoff: 0 + filesize: 0 + maxprot: 0x0 + initprot: 0x0 + nsects: 0 + flags: 0x0 + - segname: "__TEXT" + vmaddr: 0x100000000 + vmsize: 0x4000 + fileoff: 0 + filesize: 16384 + maxprot: 0x5 + initprot: 0x5 + nsects: 5 + flags: 0x0 + sections: + - segname: "__TEXT" + sectname: "__text" + addr: 0x100003e50 + size: 0x93 + offset: 15952 + align: 4 + reloff: 0 + nreloc: 0 + flags: 0x80000400 + reserved1: 0 + reserved2: 0 + reserved3: 0 + - segname: "__TEXT" + sectname: "__stubs" + addr: 0x100003ee4 + size: 0x12 + offset: 16100 + align: 1 + reloff: 0 + nreloc: 0 + flags: 0x80000408 + reserved1: 0 + reserved2: 6 + reserved3: 0 + - segname: "__TEXT" + sectname: "__stub_helper" + addr: 0x100003ef8 + size: 0x2e + offset: 16120 + align: 2 + reloff: 0 + nreloc: 0 + flags: 0x80000400 + reserved1: 0 + reserved2: 0 + reserved3: 0 + - segname: "__TEXT" + sectname: "__unwind_info" + addr: 0x100003f28 + size: 0x50 + offset: 16168 + align: 2 + reloff: 0 + nreloc: 0 + flags: 0x0 + reserved1: 0 + reserved2: 0 + reserved3: 0 + - segname: "__TEXT" + sectname: "__eh_frame" + addr: 0x100003f78 + size: 0x80 + offset: 16248 + align: 3 + reloff: 0 + nreloc: 0 + flags: 0x0 + reserved1: 0 + reserved2: 0 + reserved3: 0 + - segname: "__DATA" + vmaddr: 0x100004000 + vmsize: 0x4000 + fileoff: 16384 + filesize: 16384 + maxprot: 0x3 + initprot: 0x3 + nsects: 5 + flags: 0x0 + sections: + - segname: "__DATA" + sectname: "__program_vars" + addr: 0x100004000 + size: 0x28 + offset: 16384 + align: 3 + reloff: 0 + nreloc: 0 + flags: 0x0 + reserved1: 0 + reserved2: 0 + reserved3: 0 + - segname: "__DATA" + sectname: "__nl_symbol_ptr" + addr: 0x100004028 + size: 0x8 + offset: 16424 + align: 3 + reloff: 0 + nreloc: 0 + flags: 0x6 + reserved1: 3 + reserved2: 0 + reserved3: 0 + - segname: "__DATA" + sectname: "__got" + addr: 0x100004030 + size: 0x8 + offset: 16432 + align: 3 + reloff: 0 + nreloc: 0 + flags: 0x6 + reserved1: 4 + reserved2: 0 + reserved3: 0 + - segname: "__DATA" + sectname: "__la_symbol_ptr" + addr: 0x100004038 + size: 0x18 + offset: 16440 + align: 3 + reloff: 0 + nreloc: 0 + flags: 0x7 + reserved1: 5 + reserved2: 0 + reserved3: 0 + - segname: "__DATA" + sectname: "__common" + addr: 0x100004050 + size: 0x20 + offset: 0 + align: 3 + reloff: 0 + nreloc: 0 + flags: 0x1 + reserved1: 0 + reserved2: 0 + reserved3: 0 + - segname: "__LINKEDIT" + vmaddr: 0x100008000 + vmsize: 0x1d0 + fileoff: 32768 + filesize: 464 + maxprot: 0x1 + initprot: 0x1 + nsects: 0 + flags: 0x0 + dylibs: + - name: "/System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices" + timestamp: 2 # 1970-01-01 00:00:02 UTC + compatibility_version: "1.0.0" + current_version: "1141.1.0" + - name: "/usr/lib/libSystem.B.dylib" + timestamp: 2 # 1970-01-01 00:00:02 UTC + compatibility_version: "1.0.0" + current_version: "1311.120.1" + dysymtab: + ilocalsym: 0 + nlocalsym: 1 + iextdefsym: 1 + nextdefsym: 1 + tocoff: 2 + ntoc: 4 + modtaboff: 0 + nmodtab: 0 + extrefsymoff: 0 + nextrefsyms: 0 + indirectsymoff: 0 + nindirectsyms: 0 + extreloff: 33088 + nextrel: 8 + locreloff: 0 + nlocrel: 0 + - magic: 0xcffaedfe + cputype: 0x100000c + cpusubtype: 0x0 + filetype: 2 + ncmds: 18 + sizeofcmds: 1080 + flags: 0x200085 + reserved: 0 + number_of_segments: 4 + dynamic_linker: "/usr/lib/dyld" + entry_point: 16184 + stack_size: 0 + source_version: "192.1.0.0.0" + segments: + - segname: "__PAGEZERO" + vmaddr: 0x0 + vmsize: 0x100000000 + fileoff: 0 + filesize: 0 + maxprot: 0x0 + initprot: 0x0 + nsects: 0 + flags: 0x0 + - segname: "__TEXT" + vmaddr: 0x100000000 + vmsize: 0x4000 + fileoff: 0 + filesize: 16384 + maxprot: 0x5 + initprot: 0x5 + nsects: 3 + flags: 0x0 + sections: + - segname: "__TEXT" + sectname: "__text" + addr: 0x100003f38 + size: 0x68 + offset: 16184 + align: 2 + reloff: 0 + nreloc: 0 + flags: 0x80000400 + reserved1: 0 + reserved2: 0 + reserved3: 0 + - segname: "__TEXT" + sectname: "__stubs" + addr: 0x100003fa0 + size: 0x18 + offset: 16288 + align: 2 + reloff: 0 + nreloc: 0 + flags: 0x80000408 + reserved1: 0 + reserved2: 12 + reserved3: 0 + - segname: "__TEXT" + sectname: "__unwind_info" + addr: 0x100003fb8 + size: 0x48 + offset: 16312 + align: 2 + reloff: 0 + nreloc: 0 + flags: 0x0 + reserved1: 0 + reserved2: 0 + reserved3: 0 + - segname: "__DATA_CONST" + vmaddr: 0x100004000 + vmsize: 0x4000 + fileoff: 16384 + filesize: 16384 + maxprot: 0x3 + initprot: 0x3 + nsects: 1 + flags: 0x10 + sections: + - segname: "__DATA_CONST" + sectname: "__got" + addr: 0x100004000 + size: 0x10 + offset: 16384 + align: 3 + reloff: 0 + nreloc: 0 + flags: 0x6 + reserved1: 2 + reserved2: 0 + reserved3: 0 + - segname: "__LINKEDIT" + vmaddr: 0x100008000 + vmsize: 0x4000 + fileoff: 32768 + filesize: 760 + maxprot: 0x1 + initprot: 0x1 + nsects: 0 + flags: 0x0 + dylibs: + - name: "/System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices" + timestamp: 2 # 1970-01-01 00:00:02 UTC + compatibility_version: "1.0.0" + current_version: "1141.1.0" + - name: "/usr/lib/libSystem.B.dylib" + timestamp: 2 # 1970-01-01 00:00:02 UTC + compatibility_version: "1.0.0" + current_version: "1311.120.1" + dysymtab: + ilocalsym: 0 + nlocalsym: 1 + iextdefsym: 1 + nextdefsym: 1 + tocoff: 2 + ntoc: 2 + modtaboff: 0 + nmodtab: 0 + extrefsymoff: 0 + nextrefsyms: 0 + indirectsymoff: 0 + nindirectsyms: 0 + extreloff: 33008 + nextrel: 4 + locreloff: 0 + nlocrel: 0 \ No newline at end of file