Struct malwaredb_types::exec::macho::Macho
source · pub struct Macho<'a> {
pub is64bit: bool,
pub arch: Architecture,
pub has_overlay: Option<bool>,
pub ordering: Ordering,
pub executable_type: ExecutableType,
pub os: OperatingSystem,
pub sections: Option<Vec<Section<'a>>>,
pub imports: Option<Imports>,
pub contents: &'a [u8],
}
Expand description
A struct presenting Mach Objects (Mach-O) files
These are executables or libraries used on macOS, iOS, iPadOS, tvOS, watchOS, etc. They began as the file format for NeXTSTEP.
Because of the different architectures, these files could be bi-endian.
Fields§
§is64bit: bool
If the program is 64-bit
arch: Architecture
Instruction set architecture for this binary
has_overlay: Option<bool>
If the binary has extra data after the last section, could be used to hide something
ordering: Ordering
Byte ordering for this binary
executable_type: ExecutableType
Executable subtype: Program, Library, or Core file?
os: OperatingSystem
Operating System for this binary, going to be Mac OS or some derivative, could be NeXTSTEP
sections: Option<Vec<Section<'a>>>
Sections of this binary
imports: Option<Imports>
External libraries used by this application or library
contents: &'a [u8]
The array containing the raw bytes used to parse this program
Implementations§
Trait Implementations§
source§impl<'a> ExecutableFile for Macho<'a>
impl<'a> ExecutableFile for Macho<'a>
source§fn architecture(&self) -> Architecture
fn architecture(&self) -> Architecture
Get the architecture type
source§fn pointer_size(&self) -> usize
fn pointer_size(&self) -> usize
Get the pointer size, 32- or 64-bit
source§fn operating_system(&self) -> OperatingSystem
fn operating_system(&self) -> OperatingSystem
Get the operating system type for a binary
source§fn compiled_timestamp(&self) -> Option<DateTime<Utc>>
fn compiled_timestamp(&self) -> Option<DateTime<Utc>>
Get the compilation timestamp, if available
source§fn num_sections(&self) -> u32
fn num_sections(&self) -> u32
Number of sections for a binary
source§fn import_hash(&self) -> Option<String>
fn import_hash(&self) -> Option<String>
Import hash of the binary
source§fn fuzzy_imports(&self) -> Option<String>
fn fuzzy_imports(&self) -> Option<String>
SSDeep fuzzy hash of the binary
source§impl<'a> SpecimenFile for Macho<'a>
impl<'a> SpecimenFile for Macho<'a>
Auto Trait Implementations§
impl<'a> Freeze for Macho<'a>
impl<'a> RefUnwindSafe for Macho<'a>
impl<'a> Send for Macho<'a>
impl<'a> Sync for Macho<'a>
impl<'a> Unpin for Macho<'a>
impl<'a> UnwindSafe for Macho<'a>
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more
source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
source§unsafe fn clone_to_uninit(&self, dst: *mut T)
unsafe fn clone_to_uninit(&self, dst: *mut T)
🔬This is a nightly-only experimental API. (
clone_to_uninit
)source§impl<T> Instrument for T
impl<T> Instrument for T
source§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
source§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
source§impl<T> IntoEither for T
impl<T> IntoEither for T
source§fn into_either(self, into_left: bool) -> Either<Self, Self>
fn into_either(self, into_left: bool) -> Either<Self, Self>
Converts
self
into a Left
variant of Either<Self, Self>
if into_left
is true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read moresource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
Converts
self
into a Left
variant of Either<Self, Self>
if into_left(&self)
returns true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read more