multiplier
multiplier copied to clipboard
trailofbits
Handle AppleClang-specific builtins
To find them:
strings /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang | grep -E '^__builtin_[a-zA-Z0-9_]+$' | sort | uniq > /tmp/apple_builtins
strings /Users/pag/Build/Release/multiplier/bin/Index/mx-index | grep -E '^__builtin_[a-zA-Z0-9_]+$' | sort | uniq > /tmp/mx_builtins
a = set(l.strip() for l in open("/tmp/apple_builtins"))
v = set(l.strip() for l in open("/tmp/mx_builtins"))
for b in sorted(m for m in a if m not in v):
print(f" - [ ] {b}")
- [x]
__builtin_altivec_vec_replace_elt - [x]
__builtin_altivec_vec_replace_unaligned - [x]
__builtin_coro_param - [ ]
__builtin_get_pointer_ - [ ]
__builtin_get_pointer_lower_bound - [ ]
__builtin_get_pointer_upper_bound - [ ]
__builtin_get_vtable_pointer - [x]
__builtin_load_member_function_pointer - [x]
__builtin_ptrauth_auth - [x]
__builtin_ptrauth_auth_and_resign - [x]
__builtin_ptrauth_blend_discriminator - [x]
__builtin_ptrauth_sign_constant - [x]
__builtin_ptrauth_sign_generic_data - [x]
__builtin_ptrauth_sign_unauthenticated - [x]
__builtin_ptrauth_string_discriminator - [x]
__builtin_ptrauth_strip - [ ]
__builtin_ptrauth_type_discriminator - [ ]
__builtin_rvv_vmandnot_mm - [ ]
__builtin_rvv_vmornot_mm - [ ]
__builtin_rvv_vpopc_m - [ ]
__builtin_rvv_vpopc_m_m - [ ]
__builtin_terminated_by_to_indexable - [ ]
__builtin_tmo_type_get_alignment - [ ]
__builtin_tmo_type_get_metadata - [ ]
__builtin_tmo_type_get_size - [ ]
__builtin_unsafe_forge_bidi_indexable - [ ]
__builtin_unsafe_forge_single - [ ]
__builtin_unsafe_terminated_by_from_indexable - [ ]
__builtin_unsafe_terminated_by_to_indexable - [ ]
__builtin_va_lisodulemap - [x]
__builtin_virtual_member_address - [ ]
__builtin_wasm_trunc_sat_zero_s_f64x2_i32x4 - [ ]
__builtin_wasm_trunc_sat_zero_u_f64x2_i32x4 - [x]
__builtin_xnu_type_signature - [x]
__builtin_xnu_type_summary - [x]
__builtin_xnu_types_compatible
Good process to find them for IDA Pro:
strings -t x /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang | grep __builtin_xnu_
That gets us addresses like:
43f4550 __builtin_xnu_type_signature
43f456d __builtin_xnu_type_summary
43f4588 __builtin_xnu_types_compatible
4486b96 __builtin_xnu_type_signature
4486bb3 __builtin_xnu_type_summary
4486bce __builtin_xnu_types_compatible
4487788 __builtin_xnu_type_signature
44877a5 __builtin_xnu_type_summary
Then go to 10<address> in IDA, e.g. 1043f4550:
Then, double click on the data reference, and decompile:
Sometimes we won't find a coderef, and if IDA isn't telling us the DREFs, then we can go searching for them using search for bytes, using a hex string of bytes. Those results can get you the TARGET_BUILTIN info, e.g. the feature set:
The order of TARGET_BUILTIN info is:
#define TARGET_BUILTIN(id, type, attrs, features) \
{#id, type, attrs, kNoHeaderName, \
clang::LanguageID::ALL_LANGUAGES, features},
struct Info {
const char *Name, *Type, *Attributes, *HeaderName;
LanguageID Langs;
const char *Features;
};
We can type it as:
struct clang_Builtin_Info {
const char *Name, *Type, *Attributes, *HeaderName;
int Langs;
const char *Features;
};
In: Open Subviews > Local Types, right click insert.
Click on an address and key in y to apply the new structure type, clang_Builtin_Info. Then right click on the address to make an array if there are a bunch of them that you want to make.
