otool命令记录
2020-08-06 本文已影响0人
沉江小鱼
1. 介绍
用来查看可执行文件的mach-o信息.
2. 命令使用
终端输入otool,然后回车,会显示如下内容:
Usage: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/otool [-arch arch_type] [-fahlLDtdorSTMRIHGvVcXmqQjCP] [-mcpu=arg] [--version] <object file> ...
-f print the fat headers
-a print the archive header
-h print the mach header
-l print the load commands
-L print shared libraries used
-D print shared library id name
-t print the text section (disassemble with -v)
-x print all text sections (disassemble with -v)
-p <routine name> start dissassemble from routine name
-s <segname> <sectname> print contents of section
-d print the data section
-o print the Objective-C segment
-r print the relocation entries
-S print the table of contents of a library (obsolete)
-T print the table of contents of a dynamic shared library (obsolete)
-M print the module table of a dynamic shared library (obsolete)
-R print the reference table of a dynamic shared library (obsolete)
-I print the indirect symbol table
-H print the two-level hints table (obsolete)
-G print the data in code table
-v print verbosely (symbolically) when possible
-V print disassembled operands symbolically
-c print argument strings of a core file
-X print no leading addresses or headers
-m don't use archive(member) syntax
-B force Thumb disassembly (ARM objects only)
-q use llvm's disassembler (the default)
-Q use otool(1)'s disassembler
-mcpu=arg use `arg' as the cpu for disassembly
-j print opcode bytes
-P print the info plist section as strings
-C print linker optimization hints
--version print the version of /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/otool
有兴趣的同学,可以仔细研究一下每个命令是用来干嘛的。
3.常用命令记录
- 查看App所使用的动态库
otool -L Mach-O文件路径
- 查看ipa是否已经砸壳
otool -l Mach-O文件路径 | grep crypt
cryptid为 0 则已经砸壳,为 1 未砸壳,输出:
$ otool -l /Users/demo/Desktop/demo | grep crypt
cryptoff 16384
cryptsize 557056
cryptid 0
cryptoff 16384
cryptsize 606208
cryptid 0
我们发现打印了两遍,其实代表着该可执行文件支持两种架构armv7和arm64。
