Fix some issues with Export Trie parsing

.gitignore

@@ -8,3 +8,9 @@ CHANGELOG.md
 *.egg-info
 /htmlcov/
 /.coverage
+poetry.lock
+*.DS_Store
+*.ninja_log
+tests/bins/testbin1
+tests/bins/testbin1.fat
+tests/bins/testlib1.dylib

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "k2l"
-version = "1.4.0"
+version = "2.0.0"
 description = "Static MachO/ObjC Reverse Engineering Toolkit"
 readme = "README.md"
 

src/ktool/loader.py

@@ -519,28 +519,28 @@ def read_node(cls, image: Image, trie_start: int, string: str, cursor: int, endp
             macho_is_malformed()
 
         start = cursor
-        byte = image.get_uint_at(cursor, 1)
+        terminal_size, cursor = image.decode_uleb128(cursor)
         results = []
-        log.debug_tm(f'@ {hex(start)} node: {hex(byte)} current_symbol: {string}')
-        if byte == 0:
-            cursor += 1
-            branches = image.get_uint_at(cursor, 1)
-            log.debug_tm(f'BRAN {branches}')
-            for i in range(0, branches):
-                if i == 0:
-                    cursor += 1
-                proc_str = image.get_cstr_at(cursor)
-                cursor += len(proc_str) + 1
-                offset, cursor = image.decode_uleb128(cursor)
-                log.debug_tm(f'({i}) string: {string + proc_str} next_node: {hex(trie_start + offset)}')
-                results += ExportTrie.read_node(image, trie_start, string + proc_str, trie_start + offset, endpoint)
-        else:
+        log.debug_tm(f'@ {hex(start)} node: {hex(terminal_size)} current_symbol: {string}')
+        child_start = cursor + terminal_size
+        if terminal_size != 0:
             log.debug_tm(f'TERM: 0')
             size, cursor = image.decode_uleb128(cursor)
             flags = image.get_uint_at(cursor, 1)
             cursor += 1
             offset, cursor = image.decode_uleb128(cursor)
             results.append(export_node(string, offset, flags))
+        cursor = child_start
+        branches = image.get_uint_at(cursor, 1)
+        log.debug_tm(f'BRAN {branches}')
+        for i in range(0, branches):
+            if i == 0:
+                cursor += 1
+            proc_str = image.get_cstr_at(cursor)
+            cursor += len(proc_str) + 1
+            offset, cursor = image.decode_uleb128(cursor)
+            log.debug_tm(f'({i}) string: {string + proc_str} next_node: {hex(trie_start + offset)}')
+            results += ExportTrie.read_node(image, trie_start, string + proc_str, trie_start + offset, endpoint)
 
         return results
 

tests/unit.py

@@ -66,7 +66,7 @@ def enable_error_capture():
 
 
 def assert_error_printed(msg):
-    assert msg in error_buffer
+    assert msg in error_buffer, "Error buffer didn't have '{}', has '{}'".format(msg, error_buffer)
 
 
 def disable_error_capture():
@@ -126,13 +126,6 @@ def reset(self):
         self.scratch.seek(0)
 
 
-# *I* watch the watchmen
-class TestTests(unittest.TestCase):
-    def test_is_importing_source_tree(self):
-        assert MY_DIR != ""
-        assert "src/ktool/util" in MY_DIR
-
-
 class StructTestCase(unittest.TestCase):
     def test_equality_check(self):
         s1 = Struct.create_with_values(linkedit_data_command, [0x34 | LC_REQ_DYLD, 0x10, 0xc000, 0xd0], "little")
@@ -392,7 +385,7 @@ def test_bad_load_command(self):
                     encoded += b'\x00'
                 load_command_items.append(command)
                 load_command_items.append(encoded)
-            elif command.__class__ == dyld_info_command:
+            elif command.__class__ == symtab_command:
                 command.cmd = 0x99
                 load_command_items.append(command)
             elif command.__class__ in [dylinker_command, build_version_command]:
@@ -413,7 +406,7 @@ def test_bad_load_command(self):
         disable_error_capture()
 
         assert_error_printed("Bad Load Command ")
-        assert_error_printed("0x99 - 0x30")
+        assert_error_printed("0x99 -")
 
     def test_insert_cmd(self):
 
@@ -780,4 +773,4 @@ def test_linked_images(self):
 if __name__ == '__main__':
     ignore.OBJC_ERRORS = False
 
-    unittest.main()
+