🔬 A Swift library for parsing MachO files to obtain various information.
Library for parsing MachO files to obtain various information.
In addition to file reading, parsing of images in memory by _dyld_get_image_header
is also supported.
For reading from memory, use the MachO
structure.
It can be initialized by using the Mach-O Header pointer obtained by _dyld_get_image_header
.
guard let mh = _dyld_get_image_header(0) else { return }
let machO = MachOImage(ptr: mh)
Alternatively, it can be initialized using the name.
// /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
guard let machO = MachOImage(name: "Foundation") else { return }
For reading from file, use the MachOFile
structure.
Reading from a file can be as follows. There is a case of a Fat file and a single MachO file, so a conditional branching process is required.
let path = "Path to MachO file"
let url = URL(string: path)
let file = try MachOKit.loadFromFile(url: url)
switch file {
case .machO(let machOFile): // single MachO file
print(machOFile)
case .fat(let fatFile): // Fat file
let machOFiles = try fatFile.machOFiles()
print(machOFiles)
}
Both MachO
and MachOFile
can use essentially the same properties and methods.
The available methods are defined in the following file as the MachORepresentable
protocol.
loading of dyld_shared_cache
is also supported.
let path = "/System/Volumes/Preboot/Cryptexes/OS/System/Library/dyld/dyld_shared_cache_x86_64h"
let url = URL(fileURLWithPath: path)
let cache = try! DyldCache(url: url)
It is also possible to extract machO information contained in dyld _shared _cache
.
The machO extracted is of type MachOFile
.
As with reading from a single MachO file, various analyses are possible.
let machOs = cache.machOFiles()
for machO in machOs {
print(
String(machO.headerStartOffsetInCache, radix: 16),
machO.imagePath,
machO.header.ncmds
)
}
// 5c000 /usr/lib/libobjc.A.dylib 22
// 98000 /usr/lib/dyld 15
// 131000 /usr/lib/system/libsystem_blocks.dylib 24
// ...
There are a variety of uses, but most show a basic example that prints output to the Test directory.
The following file contains sample code. MachOPrintTests
The following file contains sample code. MachOFilePrintTests
The following file contains sample code. DyldCachePrintTests
MachOKit is released under the MIT License. See LICENSE