Search code examples
iosiphoneipadmemorylow-level

How to find text segment range in iOS


How can I find the text segment (AKA code segment) range in iOS? Meaning, what is the start address and the end address of the text segment?

I found this interesting post but it works for me on Android but not on iOS.


Solution

  • After some digging and expert help (thanks Moshe Kravchik) I got to the desired solution - getting the text segment range by parsing the mach header and retrieving the load commands, segments and sections.

    #include <mach-o/dyld.h>
    #include <stdio.h>
    #include <stdlib.h>
    #include <string.h>
    #include <dlfcn.h>
    #import <Foundation/Foundation.h>
    
    #define PRINT_STR "Found __text Section of %s, addr 0x%x, size %u, offset 0x%x, calc address 0x%x"
    #define LC_SEGMENT_NATIVE LC_SEGMENT
    #define segment_command_native segment_command
    #define section_native section
    
    struct libRange
    {
        uint32_t start;
        uint32_t end;
    };
    
    void getTextSegmentAddr(struct libRange *txtSegRange)
    {
        if (txtSegRange==NULL)
            return;
    
        txtSegRange->start=0;
    
        const struct mach_header *mach_hdr;
        mach_hdr = _dyld_get_image_header(0);                           
    
        const struct load_command *cmds = (const struct load_command *)(mach_hdr + 1);
        uint32_t cmdsleft;
        const struct load_command *lc;
    
        for(lc = cmds, cmdsleft = mach_hdr->ncmds; cmdsleft-- && (0 == txtSegRange->start);) {
                if(lc->cmd == LC_SEGMENT_NATIVE) {
                        const struct segment_command_native *sc = (void *) lc;
                        const struct section_native *sect = (void *) (sc + 1);
                        for(uint32_t sect_idx = 0; sect_idx < sc->nsects; sect_idx++) {
                                if(!strcmp("__TEXT", sect->segname) && !strcmp("__text", sect->sectname)) {
                                        uint32_t memAddr = (sc->vmaddr + _dyld_get_image_vmaddr_slide(0) + sect->offset - sc->fileoff);                                                                                                   
                                        NSLog(@PRINT_STR,_dyld_get_image_name(0), sect->addr, sect->size, sect->offset, memAddr);                                                                                           
                                        txtSegRange->start = memAddr;                                                                                            
                                        txtSegRange->end = memAddr + sect->size;
                                        break;
                                 }
                                 sect++;    
                        }
                }
                lc = (void *) ((char *) lc + lc->cmdsize);
        }
    }
    
    int main()
    {
        struct libRange txtSegRange;
        getTextSegmentAddr(&txtSegRange);
        return 0;
    }