Tuesday, September 15, 2015

Parsing Mach-O Files

Alex Denisov:

Mach-O doesn’t have any special format like XML/YAML/JSON/whatnot, it’s just a binary stream of bytes grouped in meaningful data chunks. These chunks contain a meta-information, e.g.: byte order, cpu type, size of the chunk and so on.

Typical Mach-O file (corresponding to the official documentation) consists of a three regions[…]

[…]

OS X doesn’t provide us with any libmacho or something similar, the only thing we have here - a set of C structures defined under /usr/include/mach-o/*, hence we need to implement parsing on our own. It might be tricky, but it’s not that hard.

1 Comment RSS · Twitter

otool and class-dump source code are also helpful when you are investigating parsing Mach-O files.

Leave a Comment