iOS【查看Mach-O可执行文件命令】
2020-05-30 本文已影响0人
NJ_墨
1、在终端输入:otool
返回如下:
-f print the fat headers-a print the archive header
-h print the mach header-l print the load commands
-L print shared libraries used
-D print shared library id name
-t print the text section (disassemble with -v)
-p <routine name> start dissassemble from routine name
-s <segname> <sectname> print contents of section-d print the data section
-o print the Objective-C segment-r print the relocation entries
-S print the table of contents of a library
-T print the table of contents of a dynamic shared library
-M print the module table of a dynamic shared library
-R print the reference table of a dynamic shared library
-I print the indirect symbol table-
H print the two-level hints table
-G print the data in code table
-v print verbosely (symbolically) when possible
-V print disassembled operands symbolically
-c print argument strings of a core file
-X print no leading addresses or headers
-m don't use archive(member) syntax
-B force Thumb disassembly (ARM objects only)
-q use llvm's disassembler (the default)
-Q use otool(1)'s disassembler-mcpu=arg use `arg' as the cpu for disassembly
-j print opcode bytes-P print the info plist section as strings
-C print linker optimization hints--version print the version of
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/otool
查看Mach-O头结构 :otool -h {Mach-O}
MacBook-Pro Desktop % otool -h Zaful
Mach header
magic cputype cpusubtype caps filetype ncmds sizeofcmds flags
0xfeedfacf 16777223 3 0x00 2 82 9216 0x00218085
magic(魔数)- 0xfeedfacf
cputype(CPU类型)- 16777223
cpusubtype(CPU子类型)- 3
caps - 0x00
filetype(文件类型) - 2
ncmds - 82
sizeofcmds(加载命令大小) - 9216
flags(动态连接器dyld标志) - 0x00218085
otool -l {Mach-O}
查看系统库、支持的架构信息及版本号
fengqican@fengqicandeMacBook-Pro Desktop % otool -l Zaful
Zaful:
Mach header
magic cputype cpusubtype caps filetype ncmds sizeofcmds flags
0xfeedfacf 16777223 3 0x00 2 82 9216 0x00218085
Load command 0
cmd LC_SEGMENT_64
cmdsize 72
segname __PAGEZERO
vmaddr 0x0000000000000000
vmsize 0x0000000100000000
fileoff 0
filesize 0
maxprot 0x00000000
initprot 0x00000000
nsects 0
flags 0x0
Load command 1
cmd LC_SEGMENT_64
cmdsize 1832
segname __TEXT
vmaddr 0x0000000100000000
vmsize 0x0000000002b31000
fileoff 0
filesize 45289472
maxprot 0x00000005
initprot 0x00000005
nsects 22
flags 0x0
Section
sectname __text
segname __TEXT
addr 0x0000000100002d00
size 0x00000000027a4160
offset 11520
align 2^8 (256)
reloff 0
nreloc 0
flags 0x80000400
reserved1 0
reserved2 0
.....
otool -tV {Mach-O}
查看ARM汇编码
otool -l {Mach-O} | grep -B 2 crypt
查看是否砸壳,cryptid 0-砸壳 1-未砸壳
