为什么有时__LINKEDIT关闭0x1000? [英] Why is __LINKEDIT sometimes 0x1000 off?

问题描述

正在解析内存中已经加载的Mach-O二进制文件...

Parsing an already-loaded Mach-O binary in memory...

有时候，字符串表，符号表等应位于它们的正确位置，有时会掉0x1000.

Sometimes the string table, symbol table, etc, are where they should be, and sometimes they're 0x1000 off.

例如，我可以运行我的程序，并且 baseOffset + cmd-> symoff 是准确的.然后，我将进行单元测试，并且 baseOffset + cmd-> symoff + 0x1000 是准确的. baseOffset 始终有效，并指向有效的Mach标头.

For example, I might run my program and baseOffset + cmd->symoff is accurate. Then I'll unit test and baseOffset + cmd->symoff + 0x1000 is accurate. baseOffset is always valid and pointing to a valid Mach header.

推荐答案

我通过查看dyld源代码了解了这一点...它不保证关闭0x1000，但是链接编辑偏移量是: baseImageOffset + linkedit.vmaddr -linkedit.fileoff .在大多数情况下，此差异为0，但有时并非如此.

I figured it out by looking at dyld source code... It's not guarenteed to be 0x1000 off, however, the link edit offset is: baseImageOffset + linkedit.vmaddr - linkedit.fileoff. Most of the time this difference is 0, but sometimes it is not.

这会影响 LC_FUNCTION_STARTS (cmd-> dataoff)和 LC_SYMTAB (cmd-> stroff和cmd-> symoff)

This impacts LC_FUNCTION_STARTS (cmd->dataoff) and LC_SYMTAB (cmd->stroff and cmd->symoff)

这篇关于为什么有时__LINKEDIT关闭0x1000?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！