MachOView | MachOView fork - _____ | Reverse Engineering library

by gdbinit PHP Version: Capstone License: No License

X-Ray Key Features Code Snippets Community Discussions(2)Vulnerabilities Install Support

kandi X-RAY | MachOView Summary

MachOView is a PHP library typically used in Utilities, Reverse Engineering applications. MachOView has no bugs, it has no vulnerabilities and it has medium support. You can download it from GitHub.

_____ .__ ____________ . / \ _____ ____ | | _____ \ \ / /|| ______ _ __ / \ / \ \ / | | \ / | \ y / | |/ __ \ / / / / y / __ \ _| y / | \ / | \ /\ / _| (____ /___ >| /____ /_/ ||___ >/_/ / / / / / /. a fork from machoview to update and fix some bugs, mostly mountain lion & ios 6 related. also some small changes to the original behaviour. original machoview by psaghelyi at thanks to psaghelyi for his great work :-). latest versions are lion+ only. the llvm disassembler was replaced with capstone. this eliminates clang/llvm packages requirements. the downside is that capstone stops disassembling on bad instructions which means that for now data in code and jump tables data will create problems and __text section disassembly might be incomplete in binaries that contain such data. capstone improved disassembly on error but data in code locations are available in header so this can and should be improved. a static capstone

Support

Quality

Security

License

Reuse

Support

MachOView has a medium active ecosystem.

It has 2284 star(s) with 638 fork(s). There are 71 watchers for this library.

It had no major release in the last 6 months.

There are 8 open issues and 2 have been closed. On average issues are closed in 3 days. There are 10 open pull requests and 0 closed requests.

It has a neutral sentiment in the developer community.

The latest version of MachOView is Capstone

Quality

MachOView has 0 bugs and 0 code smells.

Security

MachOView has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

MachOView code analysis shows 0 unresolved vulnerabilities.

There are 0 security hotspots that need review.

License

MachOView does not have a standard license declared.

Check the repository for any license declaration and review the terms closely.

Without a license, all rights are reserved, and you cannot use the library in your applications.

Reuse

MachOView releases are not available. You will need to build from source code and install.

Top functions reviewed by kandi - BETA

kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of MachOView

Get all kandi verified functions for this library.

MachOView Key Features

No Key Features are available at this moment for MachOView.

MachOView Examples and Code Snippets

No Code Snippets are available at this moment for MachOView.

Community Discussions

Trending Discussions on MachOView

How does pointer data stored in MachO __objc_classlist section rebased when run a iOS app?

Where Debug info stored in Framework?

QUESTION

How does pointer data stored in MachO __objc_classlist section rebased when run a iOS app?

Asked 2021-Apr-15 at 21:25

In MachOView, I can see that in a iOS binary file, class pointers are stored in section __objc_classlist. They are absolute address values which point to class Data in section __objc_data. But we known that iOS use ASLR, so when loaded, the real address must be different.

I checked the "getsectiondata" method, can not found any rebase logic.

So the question is:

when and how does the pointer Data rebased?
Is the rebased data dirty?

...

ANSWER

Answered 2021-Apr-15 at 21:25

dyld handles rebasing as part of loading the binary, long before you call getsectiondata. The LC_DYLD_INFO_ONLY load command within the binary points to the rebase opcodes which contain information about which addresses to update and how.

You can use xcrun dyldinfo -rebase to see the list of addresses that dyld will rebase. You'll see entries for each class within __DATA,__objc_classlist. You can set DYLD_PRINT_REBASINGS=1 in the environment prior to launch to have dyld print out each address it rebases.

And yes, since dyld modifies data as it rebases it, the page no longer matches the underlying storage and is dirty. Avoiding dirtying pages during load has been a motivation for switching some Objective-C data structures from using pointers to relative offsets.

Source https://stackoverflow.com/questions/67108312

QUESTION

Where Debug info stored in Framework?

Asked 2020-Dec-24 at 09:15

As the title mentioned, I'm confusing about where is the debug info stored in .Framework file.

I googled for serval days, what I gots are:

Framework binary compiled by debug mode will include a debug info segment, to indicate the symbol location. Release mode compiling will move it to a dSYM file.

But, what confused me is, I build a framework with ninja, and it doesn't generate dSYM file. Meanwhile I can't find the symbol location by dwarfdump command or MachOView app. As Regards strings command can get some relative file path results, like ../../flutter/fml/memory/task_runner_checker.cc.

Here dwarfdump prints:

...

ANSWER

Answered 2020-Dec-24 at 09:15

Debug information on Darwin systems exists in one of two places: In the .o files, and later after dsymutil is run to create a .dSYM, it exists in the .dSYM bundle, all collected together, relocated to the actual binary's addresses.

This was a build-link-debug performance enhancement. Linking all of the debug information -- updating all the symbol addresses, copying it all around -- is very slow, so leaving the debug information in the .o files for this common iterative development cycle, and having the debugger locate the .o files and update the addresses of the functions internally, allows for rapid development.

Leaving all of the debug information in the .o files requires that they all be present, of course! And at the same file paths. So it is not good when you need to move a binary between computers, or save it for later debugging. For these cases, you link the debug information with dsymutil and you get a .dSYM bundle.

Source https://stackoverflow.com/questions/65406574

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install MachOView

You can download it from GitHub.
PHP requires the Visual C runtime (CRT). The Microsoft Visual C++ Redistributable for Visual Studio 2019 is suitable for all these PHP versions, see visualstudio.microsoft.com. You MUST download the x86 CRT for PHP x86 builds and the x64 CRT for PHP x64 builds. The CRT installer supports the /quiet and /norestart command-line switches, so you can also script it.

Support

For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .

Find more information at: