Skip to content

vtky/MachOView

This branch is 6 commits ahead of, 70 commits behind gdbinit/MachOView:master.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

45737ba · Oct 19, 2016

History

58 Commits
Mar 2, 2014
Oct 19, 2016
Oct 19, 2016
Mar 1, 2014
Oct 19, 2016
Oct 19, 2016
Sep 8, 2013
Mar 1, 2014
Sep 6, 2013
Apr 23, 2015
Sep 8, 2013
Apr 23, 2015
Oct 13, 2012
Nov 20, 2014
Oct 19, 2016
Apr 23, 2015
Oct 19, 2016
Sep 6, 2013
Sep 6, 2013
Oct 13, 2012
Apr 23, 2015
Oct 13, 2012
Apr 23, 2015
Oct 13, 2012
Apr 23, 2015
Sep 6, 2013
Apr 23, 2015
Oct 19, 2016
Apr 23, 2015
Apr 23, 2015
Mar 1, 2014
Apr 23, 2015
Oct 13, 2012
Apr 23, 2015
Apr 23, 2015
Oct 19, 2016
Oct 13, 2012
Apr 23, 2015
Mar 2, 2014
Apr 23, 2015
Apr 23, 2015
Oct 19, 2016
Apr 23, 2015
Apr 23, 2015
Apr 23, 2015
Sep 2, 2014
Apr 23, 2015
Mar 1, 2014
Oct 13, 2012
Oct 13, 2012
Oct 13, 2012
Oct 13, 2012

Repository files navigation

   _____                .__     ____________   ____.__               
  /     \ _____    ____ |  |__  \_____  \   \ /   /|__| ______  _  __
 /  \ /  \\__  \ _/ ___\|  |  \  /   |   \   Y   / |  |/ __ \ \/ \/ /
/    Y    \/ __ \\  \___|   Y  \/    |    \     /  |  \  ___/\     / 
\____|__  (____  /\___  >___|  /\_______  /\___/   |__|\___  >\/\_/  
        \/     \/     \/     \/         \/                 \/        

A fork from MachOView to update and fix some bugs, mostly Mountain Lion & iOS 6 related.
Also some small changes to the original behaviour.

Original MachOView by psaghelyi at http://sourceforge.net/projects/machoview/.
Thanks to psaghelyi for his great work :-)

Latest versions are Lion+ only.
The LLVM disassembler was replaced with Capstone. This eliminates Clang/LLVM packages requirements.
The downside is that Capstone stops disassembling on bad instructions which means that for now data in code and jump tables data will create problems and __text section disassembly might be incomplete in binaries that contain such data.
Capstone improved disassembly on error but data in code locations are available in header so this can and should be improved.

A static Capstone library extracted from the official DMG is included in the repo.
If you want to be safe you should download Capstone and compile it yourself.

Now features the attach option to analyse headers of a running process.
To use this feature you will need to codesign the binary.
Follow this LLDB guide to create the certificate and then codesign MachOView binary.
https://llvm.org/svn/llvm-project/lldb/trunk/docs/code-signing.txt
The necessary entitlements are already added to Info.plist.

Be warned that this allows MachOView to have task_for_pid() privs under current under and control
every process from user running it.
The whole Mach-O parsing code needs to be reviewed and made more robust.

Enjoy,
fG!


20 Oct 2016
- Added and updated capstone lib to v3.0.5 RC1
- Cleaned up files in capstone directory
- update mach-o header file loader.h, nlist.h from xnu 3248.60.10

About

MachOView fork

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Objective-C++ 68.8%
  • C 24.9%
  • Objective-C 6.2%
  • Shell 0.1%