首页
社区
课程
招聘
[原创]初探Mach-O学习小记(附源码)
发表于: 2016-5-2 17:25 20480

[原创]初探Mach-O学习小记(附源码)

2016-5-2 17:25
20480

近来在学习osx和ios方面的东西,简单熟悉了下oc的语法后打算学习下osx和ios下的文件格式。
--------------------------------------------------------------------------------------------

struct mach_header {
    uint32_t magic;
    cpu_type_t cputype;
    cpu_subtype_t cpusubtype;
    uint32_t filetype;
    uint32_t ncmds;
    uint32_t sizeofcmds;
    uint32_t flags;
};

struct mach_header_64 {
    uint32_t magic;
    cpu_type_t cputype;
    cpu_subtype_t cpusubtype;
    uint32_t filetype;
    uint32_t ncmds;
    uint32_t sizeofcmds;
    uint32_t flags;
    uint32_t reserved;
};
#define MH_MAGIC 0xfeedface    /* the mach magic number */
#define MH_CIGAM 0xcefaedfe    /* NXSwapInt(MH_MAGIC) */

#define MH_MAGIC_64 0xfeedfacf /* the 64-bit mach magic number */
#define MH_CIGAM_64 0xcffaedfe /* NXSwapInt(MH_MAGIC_64) */
#define    MH_OBJECT   0x1     /* relocatable object file */
#define    MH_EXECUTE  0x2     /* demand paged executable file */
#define    MH_FVMLIB   0x3     /* fixed VM shared library file */
#define    MH_CORE     0x4     /* core file */
#define    MH_PRELOAD  0x5     /* preloaded executable file */
#define    MH_DYLIB    0x6     /* dynamically bound shared library */
#define    MH_DYLINKER 0x7     /* dynamic link editor */
#define    MH_BUNDLE   0x8     /* dynamically bound bundle file */
#define    MH_DYLIB_STUB   0x9     /* shared library stub for static */
                /*  linking only, no section contents */
#define    MH_DSYM     0xa     /* companion file with only debug */
                /*  sections */
#define    MH_KEXT_BUNDLE  0xb     /* x86_64 kexts */
struct load_command {
    uint32_t cmd;
    uint32_t cmdsize;
};
segment_command          LC_SEGMENT
segment_command_64       LC_SEGMENT_64
fvmlib_command           LC_IDFVMLIB or LC_LOADFVMLIB
dylib_command            LC_ID_DYLIB, LC_LOAD_{,WEAK_}DYLIB, LC_REEXPORT_DYLIB`
sub_framework_command    LC_SUB_FRAMEWORK
sub_client_command       LC_SUB_CLIENT`
sub_umbrella_command     LC_SUB_UMBRELLA
sub_library_command      LC_SUB_LIBRARY
prebound_dylib_command   LC_PREBOUND_DYLIB
dylinker_command         LC_ID_DYLINKER, LC_LOAD_DYLINKER orLC_DYLD_ENVIRONMENT
thread_command           LC_THREAD or  LC_UNIXTHREAD
routines_command         LC_ROUTINES
symtab_command           LC_SYMTAB
dysymtab_command         LC_DYSYMTAB
twolevel_hints_command   LC_TWOLEVEL_HINTS
prebind_cksum_command    LC_PREBIND_CKSUM
uuid_command             LC_UUID
rpath_command            LC_RPATH
linkedit_data_command    LC_CODE_SIGNATURE,LC_SEGMENT_SPLIT_INFO,LC_FUNCTION_STARTS,  LC_DATA_IN_CODE, LC_DYLIB_CODE_SIGN_DRS or LC_LINKER_OPTIMIZATION_HINT.
encryption_info_command  LC_ENCRYPTION_INFO
version_min_command      LC_VERSION_MIN_MACOSX or LC_VERSION_MIN_IPHONEOS LC_VERSION_MIN_WATCHOS
dyld_info_command        LC_DYLD_INFO or LC_DYLD_INFO_ONLY
linker_option_command    LC_LINKER_OPTION
symseg_command           LC_SYMSEG
ident_command            LC_IDENT
fvmfile_command          LC_FVMFILE
entry_point_command      LC_MAIN
source_version_command   LC_SOURCE_VERSION
struct section {
    char sectname[16];
    char segname[16];
    uint32_t addr;
    uint32_t size;
    uint32_t offset;
    uint32_t align;
    uint32_t reloff;
    uint32_t nreloc;
    uint32_t flags;
    uint32_t reserved1;
    uint32_t reserved2;
};

struct section_64 {
    char sectname[16];
    char segname[16];
    uint64_t addr;
    uint64_t size;
    uint32_t offset;
    uint32_t align;
    uint32_t reloff;
    uint32_t nreloc;
    uint32_t flags;
    uint32_t reserved1;
    uint32_t reserved2;
    uint32_t reserved3;
};

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

上传的附件:
收藏
免费 3
支持
分享
最新回复 (7)
雪    币: 284
活跃值: (250)
能力值: ( LV4,RANK:40 )
在线值:
发帖
回帖
粉丝
2
谢谢,挺好的文章~
2016-5-4 11:15
0
雪    币: 4
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
3
不敢入坑ios
2016-5-4 11:35
0
雪    币: 341
活跃值: (77)
能力值: ( LV7,RANK:100 )
在线值:
发帖
回帖
粉丝
5
期待楼主更多的帖子,学习了
2016-5-11 22:04
0
雪    币: 3
活跃值: (45)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
6
https://github.com/gdbinit/MachOView,这个开源软件把macho文件分析透了。
2016-5-31 10:54
0
雪    币: 393
活跃值: (224)
能力值: ( LV8,RANK:140 )
在线值:
发帖
回帖
粉丝
7
是的,我只不过是为了自己动手了解下。感谢指点
2016-5-31 14:28
0
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
8
感谢提供源码
2016-6-6 17:49
0
雪    币: 191
活跃值: (195)
能力值: ( LV8,RANK:130 )
在线值:
发帖
回帖
粉丝
9
[QUOTE=NAGAじSKY;1428214]Android的坑都跳出来了,何况ios的深坑-娜迦[/QUOTE]
毛线哪里都可以看到你,娜迦娜迦娜迦娜迦囧!!,关于ios逆向的学习还是建议去小黄书作者那个网站,关于mach-o的文章早在几年前就有啦,看雪好安静啊!!!
2016-8-4 21:00
0
游客
登录 | 注册 方可回帖
返回
//