Displaying 1 to 14 from 14 results

bingrep - like ~~grep~~ UBER, but for binaries

  •    Rust

NOTE: Building requires rustc version 1.17 or greater. If you're using a distro's rust compiler, consider using https://rustup.rs to install your rustc compiler and associated binaries. bingrep is available through cargo, via cargo install bingrep, or you can build, and install the resulting binary wherever you like.

fcd - An optimizing decompiler

  •    C++

Fcd is an LLVM-based native program optimizing decompiler, released under an LLVM-style license. It started as a bachelor's degree senior project and carries forward its initial development philosophy of getting results fast. As such, it was architectured to have low coupling between distinct decompilation phases and to be highly hackable. Fcd uses a unique technique to reliably translate machine code to LLVM IR. Currently, it only supports x86_64. Disassembly uses Capstone. It implements pattern-independent structuring to provide a goto-free output.

bitcode_retriever - Retrieves Bitcode from Mach-O binaries

  •    C

Bitcode stores as an xar archive inside of a Mach-O binary. Note: currently is does not work with static libraries, there is an opened issue #1, if you need this feature please a comment there, it will bump prioity of this project at my personal todo-list.

segment_dumper - Simple example of a Mach-O parser

  •    C

Simple example of a Mach-O parser

macho - Mach-O parser for node.js

  •    Javascript

Simple and incomplete Mach-O binary format parser.This software is licensed under the MIT License.

rust-macho - Mach-O File Format Parser for Rust

  •    Rust

Use OFile::parse to read the mach-o file from a &[u8] slice. For more detail, please check the unit tests and the otool example.

machomachomangler - Tools for mangling Mach-O and PE binaries

  •    Python

Additionally: a tool that creates a "placeholder" library, which imports the mangled library described above, and then re-exports the symbols under their original names. For code that wants to use a pynativelib library: a tool that takes a dylib/bundle/executable, a list of "original" dylibs, and for each "original" dylib, a newname for that dylib, and a mangling rule. It then (a) replaces the import of the original dylib with an absolute import of the new dylib name from a non-existent directory, (b) marks this as a "weak" import, (c) applies the mangling rule to all symbols imported from this dylib, (d) marks these symbols for lookup in the flat namespace.

osx-abi-macho-file-format-reference - Mirror of OS X ABI Mach-O File Format Reference


Preamble: I couldn't find this anywhere on Apple's developer documentation website, so I've copied it here for my own benefit. If you are going to use this page, I highly recommend the Github Table of Contents web browser extension. This document describes the structure of the Mach-O (Mach object) file format, which is the standard used to store programs and libraries on disk in the Mac app binary interface (ABI). To understand how the Xcode tools work with Mach-O files, and to perform low-level debugging tasks, you need to understand this information.

dispar - Dispar - Cross-platform Disassemling binary Parser

  •    C++

Dispar is short for "[Dis]assemling binary [Par]ser" written in C++14. The whole concept of the project is to load binaries, like executables, libraries, core dumps etc., and do analysis of their structure and data; most notably their strings, symbols, and functions. Currently, it supports only 32+64 bit Mach-O binaries (including universal binaries) but there are plans for supporting ELF and PE/PE+ later on. There are both external and internal libraries and tools required to build and run this program.

MachO-Explorer - A graphical Mach-O viewer for macOS. Powered by Mach-O Kit.

  •    Swift

Mach-O Explorer is a graphical Mach-O viewer for macOS. It aims to provide an interface and feature set that are similar to the venerable MachOView application. Parsing is handled by Mach-O Kit. Mach-O Explorer leverages Mach-O Kit's rich description system to present the parsed data using very little code. Mach-O Explorer should deploy back to OS X 10.11 (and possibly further) but is currently only being actively tested on macOS 10.13.

MachO-Kit - A C/Objective-C library for parsing Mach-O files.

  •    Objective-C

Mach-O Kit is an Objective-C framework for parsing Mach-O binaries used by Darwin platforms (macOS, iOS, tvOS, and watchOS). The project also includes a lightweight C library - libMachO - for parsing Mach-O images loaded in the current process. Mach-O Kit is designed to be easy to use while still exposing all the details of the parsed Mach-O file (if you need them). It can serve as the foundation for anything that needs to read Mach-O files - from a one-off command line tool up to a fully featured interactive disassembler. Most importantly, Mach-O Kit is designed to be safe. Every read operation and its returned data is extensively error checked so that parsing a malformed Mach-O file (even a malicious one) does not crash your program.

MachDump - A very basic C Mach-O Header Dump tool written for practicing purposes

  •    C

A C Mach-O Header Dump tool was written for practicing purposes. Works With x86 and x86_64 binaries. Didn't bother with Mach-O armv7 and AARCH64 nor with FAT files but will probably do in the future. The program is written in 100% C so with some modifications you may be able to port it if needed. (You may wanna remove the macOS-specific system(clear); though). However, the FAT Mach-O binary is a bit different. The FAT Mach-O contains usually two different architectures inside. Mostly both 64-Bit and 32-Bit but if you have an older Mach-O it may as well contain a 32-Bit and a Power-PC variant from back when Apple used to use those. The FAT Mach-O has a different format and a different magic. The magic for FAT Mach-Os is 0xcafebabe.

tbd - mach-o to tbd command line tool, designed in C++

  •    C++

Note: Development is currently focused on the rewrite branch.

rd_route - Function hooking for macOS

  •    C

Replace (aka «hook» or «override» or «route») implementation of any C function in runtime. Works on OS X with Mach–O binaries. Do not use this code. It can destroy everthing. But if you do, I wish you a luck.