segment_dumper - Simple example of a Mach-O parser

  •        4

Simple example of a Mach-O parser

http://lowlevelbits.org/parse-mach-o-files/
https://github.com/AlexDenisov/segment_dumper

Tags
Implementation
License
Platform

   




Related Projects

fishhook - A library that enables dynamically rebinding symbols in Mach-O binaries running on iOS.

  •    C

fishhook is a very simple library that enables dynamically rebinding symbols in Mach-O binaries running on iOS in the simulator and on device. This provides functionality that is similar to using DYLD_INTERPOSE on OS X. At Facebook, we've found it useful as a way to hook calls in libSystem for debugging/tracing purposes (for example, auditing for double-close issues with file descriptors).dyld binds lazy and non-lazy symbols by updating pointers in particular sections of the __DATA segment of a Mach-O binary. fishhook re-binds these symbols by determining the locations to update for each of the symbol names passed to rebind_symbols and then writing out the corresponding replacements.

bloaty - Bloaty McBloatface: a size profiler for binaries

  •    C++

Ever wondered what's making your ELF or Mach-O binary big? Bloaty McBloatface will show you a size profile of the binary so you can understand what's taking up space inside.Bloaty works on binaries, shared objects, object files, and static libraries (.a files). It supports ELF/DWARF and Mach-O, though the Mach-O support is much more preliminary (it shells out to otool/symbols instead of parsing the file directly).

class-dump - Generate Objective-C headers from Mach-O files.

  •    Objective-C

Generate Objective-C headers from Mach-O files.

dumpdecrypted - Dumps decrypted mach-o files from encrypted iPhone applications from memory to disk

  •    C

Dumps decrypted mach-o files from encrypted iPhone applications from memory to disk. This tool is necessary for security researchers to be able to look under the hood of encryption.

rp - rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O x86/x64 binaries

  •    C++

rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O (doesn't support the FAT binaries) x86/x64 binaries. It is open-source, documented with Doxygen (well, I'm trying to..) and has been tested on several OS: Debian / Windows 7 / FreeBSD / Mac OSX Lion (10.7.3). Moreover, it is x64 compatible. I almost forgot, it handles both Intel and AT&T syntax (beloved BeaEngine). By the way, the tool is a standalone executable ; I will upload static-compiled binaries for each OS. You can build very easily rp++ with CMake, it will generate a project file for your prefered IDE. There are some other things you will be able to do with rp++, like finding hexadecimal values, or strings, etc.


unsign - Remove code signatures from OSX Mach-O binaries (note: unsigned binaries cannot currently be re-codesign'ed

  •    C

Remove code signatures from OSX Mach-O binaries (note: unsigned binaries cannot currently be re-codesign'ed. Patches welcome!)

maloader - mach-o loader for linux

  •    C

This is a userland Mach-O loader for linux. You need OpenCFLite (http://sourceforge.net/projects/opencflite/) installed if you want to run some programs such as dsymutil. opencflite-476.17.2 is recommended.

yololib - dylib injector for mach-o binaries

  •    Objective-C

dylib injector for mach-o binaries

insert_dylib - Command line utility for inserting a dylib load command into a Mach-O binary

  •    C

Command line utility for inserting a dylib load command into a Mach-O binary. insert_dylib inserts a load command to load the dylib_path in binary_path.

ROPgadget - This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation

  •    Python

This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF/PE/Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC and MIPS architectures. Since the version 5, ROPgadget has a new core which is written in Python using Capstone disassembly framework for the gadgets search engine - The older version can be found in the Archives directory but it will not be maintained. If you want to use ROPgadget, you have to install Capstone first.

classdump-dyld - Class-dump any Mach-o file without extracting it from dyld_shared_cache

  •    Logos

As of February 5 2016, I have added cycript integration. and dlsym the dumpClass and dumpBundle functions.

fcd - An optimizing decompiler

  •    C++

Fcd is an LLVM-based native program optimizing decompiler, released under an LLVM-style license. It started as a bachelor's degree senior project and carries forward its initial development philosophy of getting results fast. As such, it was architectured to have low coupling between distinct decompilation phases and to be highly hackable. Fcd uses a unique technique to reliably translate machine code to LLVM IR. Currently, it only supports x86_64. Disassembly uses Capstone. It implements pattern-independent structuring to provide a goto-free output.

the-backdoor-factory - Patch PE, ELF, Mach-O binaries with shellcode (NOT Supported)

  •    Python

For security professionals and researchers only. The goal of BDF is to patch executable binaries with user desired shellcode and continue normal execution of the prepatched state.

Il2CppDumper - Get types, methods, fields and so on from Unity Il2Cpp binary file

  •    CSharp

Run Il2CppDumper.exe and choose the main il2cpp executable (in ELF, Mach-O or PE format) and global-metadata.dat file, then select the extraction mode. The program will then generate all the output files in current working directory. The parameters (CodeRegistration and MetadataRegistration) that are passed to il2cpp::vm::MetadataCache::Register() needs to be manually reverse engineered and passed to the program.

bingrep - like ~~grep~~ UBER, but for binaries

  •    Rust

NOTE: Building requires rustc version 1.17 or greater. If you're using a distro's rust compiler, consider using https://rustup.rs to install your rustc compiler and associated binaries. bingrep is available through cargo, via cargo install bingrep, or you can build, and install the resulting binary wherever you like.

temporal-segment-networks - Code & Models for Temporal Segment Networks (TSN) in ECCV 2016

  •    Python

Temporal Segment Networks: Towards Good Practices for Deep Action Recognition, Limin Wang, Yuanjun Xiong, Zhe Wang, Yu Qiao, Dahua Lin, Xiaoou Tang, and Luc Van Gool, ECCV 2016, Amsterdam, Netherlands. Sep. 8, 2017 - We released TSN models trained on the Kinetics dataset with 76.6% single model top-1 accuracy. Find the model weights and transfer learning experiment results on the website.

mach

  •    

mach allows you to set up clean build roots from scratch for any distribution or distribution variation supported.

sevengen : 7 segment code calculator and generator

  •    

this software helps electrical engineers to calculate codes used in microcontrollers firmwares.

WordSegment

  •    

This project is used to segment text into tokens according its context and semantic. the segment use front-maximum matching and CRF algorithms to split text.

????-????????

  •    

Pan Gu Segment is a library that can segment Chinese and English words from sentence. ?????????????????eaglet ?????KTDictSeg ?????????????? ?????????????????????????????????????