This updates the aarch64 payloads to include comments with the
corresponding instructions for each little-endian integer. It also fixes
the debug output for x64 payloads under rosetta.
The _AppDomainPtr, _AssemblyPtr and _MethodInfoPtr variables are COM smart pointers which will auto-Release() when they go out of scope, so we should not directly Release() them.
This adds support for the dyld changes incorperated into Sonoma and
cleans up the existing support for Ventura. This does not break
compatibility with previous versions.
This adds support for the dyld changes incorperated into Ventura which
includes changes to the symbols used. This does not break compatibility
with previous versions.
This builds on Back from the dyld by adding the required aarch64
assembly code to enable the OSX loader to run on the m1. This enables
the use of native payloads on M1 or M2 devices that do not have Rosetta
installed.
The mmap permissions prior to mprotect during the region mapping should
be write only. I also added a few more comments detailing the usage of
structs in dyld4.
This fixes a floating `\t` in a struct definition. This also adds more
clarity to a set of dprintf statements regarding the region. This fixes
the indentation for a comment as well.
This fixes the corruption incidentally resolved by assigning to an
unused variable by properly allocating memory for structs before
assigning to them. This will resolve the segfault on return issue, as
the saved return address is no longer clobbered.
By replicating the functionality of APIs::dlopen_from, we can bypass the
temporary file created when calling NSCreateObjectFileImageFromMemory on
macOS 12 and above. Constructing a custom JustInTimeLoader and running
through all the dyld calls required to fix it up manually results in
fileless MachO execution.
Spencer McIntyre