machomachomangler - Tools for mangling Mach-O and PE binaries

  •        47

Additionally: a tool that creates a "placeholder" library, which imports the mangled library described above, and then re-exports the symbols under their original names. For code that wants to use a pynativelib library: a tool that takes a dylib/bundle/executable, a list of "original" dylibs, and for each "original" dylib, a newname for that dylib, and a mangling rule. It then (a) replaces the import of the original dylib with an absolute import of the new dylib name from a non-existent directory, (b) marks this as a "weak" import, (c) applies the mangling rule to all symbols imported from this dylib, (d) marks these symbols for lookup in the flat namespace.

https://github.com/njsmith/machomachomangler

Tags
Implementation
License
Platform

   




Related Projects

bloaty - Bloaty McBloatface: a size profiler for binaries

  •    C++

Ever wondered what's making your ELF or Mach-O binary big? Bloaty McBloatface will show you a size profile of the binary so you can understand what's taking up space inside.Bloaty works on binaries, shared objects, object files, and static libraries (.a files). It supports ELF/DWARF and Mach-O, though the Mach-O support is much more preliminary (it shells out to otool/symbols instead of parsing the file directly).

rp - rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O x86/x64 binaries

  •    C++

rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O (doesn't support the FAT binaries) x86/x64 binaries. It is open-source, documented with Doxygen (well, I'm trying to..) and has been tested on several OS: Debian / Windows 7 / FreeBSD / Mac OSX Lion (10.7.3). Moreover, it is x64 compatible. I almost forgot, it handles both Intel and AT&T syntax (beloved BeaEngine). By the way, the tool is a standalone executable ; I will upload static-compiled binaries for each OS. You can build very easily rp++ with CMake, it will generate a project file for your prefered IDE. There are some other things you will be able to do with rp++, like finding hexadecimal values, or strings, etc.

the-backdoor-factory - Patch PE, ELF, Mach-O binaries with shellcode (NOT Supported)

  •    Python

For security professionals and researchers only. The goal of BDF is to patch executable binaries with user desired shellcode and continue normal execution of the prepatched state.

ROPgadget - This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation

  •    Python

This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF/PE/Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC and MIPS architectures. Since the version 5, ROPgadget has a new core which is written in Python using Capstone disassembly framework for the gadgets search engine - The older version can be found in the Archives directory but it will not be maintained. If you want to use ROPgadget, you have to install Capstone first.

Il2CppDumper - Get types, methods, fields and so on from Unity Il2Cpp binary file

  •    CSharp

Run Il2CppDumper.exe and choose the main il2cpp executable (in ELF, Mach-O or PE format) and global-metadata.dat file, then select the extraction mode. The program will then generate all the output files in current working directory. The parameters (CodeRegistration and MetadataRegistration) that are passed to il2cpp::vm::MetadataCache::Register() needs to be manually reverse engineered and passed to the program.


fishhook - A library that enables dynamically rebinding symbols in Mach-O binaries running on iOS.

  •    C

fishhook is a very simple library that enables dynamically rebinding symbols in Mach-O binaries running on iOS in the simulator and on device. This provides functionality that is similar to using DYLD_INTERPOSE on OS X. At Facebook, we've found it useful as a way to hook calls in libSystem for debugging/tracing purposes (for example, auditing for double-close issues with file descriptors).dyld binds lazy and non-lazy symbols by updating pointers in particular sections of the __DATA segment of a Mach-O binary. fishhook re-binds these symbols by determining the locations to update for each of the symbol names passed to rebind_symbols and then writing out the corresponding replacements.

class-dump - Generate Objective-C headers from Mach-O files.

  •    Objective-C

Generate Objective-C headers from Mach-O files.

dumpdecrypted - Dumps decrypted mach-o files from encrypted iPhone applications from memory to disk

  •    C

Dumps decrypted mach-o files from encrypted iPhone applications from memory to disk. This tool is necessary for security researchers to be able to look under the hood of encryption.

unsign - Remove code signatures from OSX Mach-O binaries (note: unsigned binaries cannot currently be re-codesign'ed

  •    C

Remove code signatures from OSX Mach-O binaries (note: unsigned binaries cannot currently be re-codesign'ed. Patches welcome!)

maloader - mach-o loader for linux

  •    C

This is a userland Mach-O loader for linux. You need OpenCFLite (http://sourceforge.net/projects/opencflite/) installed if you want to run some programs such as dsymutil. opencflite-476.17.2 is recommended.

yololib - dylib injector for mach-o binaries

  •    Objective-C

dylib injector for mach-o binaries

insert_dylib - Command line utility for inserting a dylib load command into a Mach-O binary

  •    C

Command line utility for inserting a dylib load command into a Mach-O binary. insert_dylib inserts a load command to load the dylib_path in binary_path.

dissection - The dissection of a simple "hello world" ELF binary.

  •    Assembly

The representation of executables, shared libraries and relocatable object code is standardized by a variety of file formats which provides encapsulation of assembly instructions and data. Two such formats are the Portable Executable (PE) file format and the Executable and Linkable Format (ELF), which are used by Windows and Linux respectively. Both of these formats partition executable code and data into sections and assign appropriate access permissions to each section, as summarised by table 1. In general, no single section has both write and execute permissions as this could compromise the security of the system. Table 1: A summary of the most commonly used sections in ELF files. The .text section contains executable code while the .rodata, .data and .bss sections contains data in various forms.

Retete

  •    DotNet

Aplicatia gestioneaza stocul unui restaurant pe baza de retete. Materia prima este introdusa in sistem prin receptii si inventar, iar la vanzare este consumata in functie de retetele configurate. Vanzarile pot fi inregistrate pe o casa de marcat folosind driver-ul DocPrint.

trio - Trio – Pythonic async I/O for humans and snake people 🐍

  •    Python

The Trio project's goal is to produce a production-quality, permissively licensed, async/await-native I/O library for Python. Like all async libraries, its main purpose is to help you write programs that do multiple things at the same time with parallelized I/O. A web spider that wants to fetch lots of pages in parallel, a web server that needs to juggle lots of downloads and websocket connections at the same time, a process supervisor monitoring multiple subprocesses... that sort of thing. Compared to other libraries, Trio attempts to distinguish itself with an obsessive focus on usability and correctness. Concurrency is complicated; we try to make it easy to get things right. Trio was built from the ground up to take advantage of the latest Python features, and draws inspiration from many sources, in particular Dave Beazley's Curio. The resulting design is radically simpler than older competitors like asyncio and Twisted, yet just as capable. Trio is the Python I/O library I always wanted; I find it makes building I/O-oriented programs easier, less error-prone, and just plain more fun. Perhaps you'll find the same.

pe-sieve - Scans a given process

  •    C++

PE-sieve is a light-weight tool that helps to detect malware running on the system, as well as to collect the potentially malicious material for further analysis. Recognizes and dumps variety of implants within the scanned process: replaced/injected PEs, shellcodes, hooks, and other in-memory patches. Detects inline hooks, Process Hollowing, Process Doppelgänging, Reflective DLL Injection, etc.

Library Optimizer

  •    Python

The Library Optimizer tool rebuilds shared libraries to contain only the object files needed to provide symbols required by executables and shared libraries in a given directory tree. It can be used to reduce file system sizes for embedded systems.

xHook - 🔥 A PLT hook library for Android native ELF (executable and shared libraries)

  •    C

xhook is a PLT (Procedure Linkage Table) hook library for Android native ELF (executable and shared libraries). xhook has been keeping optimized for stability and compatibility.

StfalconImageViewer - A simple and customizable Android full-screen image viewer with shared image transition support, "pinch to zoom" and "swipe to dismiss" gestures

  •    Kotlin

A simple and customizable full-screen image viewer with shared image transition support, "pinch to zoom" and "swipe to dismiss" gestures. Compatible with all of the most popular image processing libraries such as Picasso, Glide etc. Based on PhotoView by chrisbanes. Need iOS and Android apps, MVP development or prototyping? Contact us via info@stfalcon.com. We develop software since 2009, and we're known experts in this field. Check out our portfolio and see more libraries from stfalcon-studio.

gawk libraries for XML, PostgreSQL,...

  •    Awk

Dynamically loaded extension libraries for GNU AWK





We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.