def print_sections(binary):
f_title = "|{:<20}|{:<16}|{:<16}|{:<16}|{:16}|{:22}|{:19}|{:25}|{:25}|"
f_value = "|{:<20}|0x{:<13x} |0x{:<13x} |0x{:<13x} |0x{:<13x} |0x{:<19x} |0x{:<16x} |{:<25}|{:<25}"
print("== Sections ==")
print(
f_title.format("Name", "Virtual Address", "Offset", "Size",
"Alignement", "Number of Relocations",
"Relocation offset", "Type", "Flags"))
for section in binary.sections:
flags_str = " - ".join(
[str(s).split(".")[-1] for s in section.flags_list])
print(
f_value.format(section.name, section.virtual_address,
section.offset, section.size, section.alignment,
section.numberof_relocations,
section.relocation_offset,
str(section.type).split(".")[-1], flags_str))
if len(section.relocations) > 0:
for idx, reloc in enumerate(section.relocations):
name = reloc.symbol.name if reloc.has_symbol else ""
secname = " - " + reloc.section.name if reloc.has_section else ""
type = str(reloc.type)
if reloc.architecture == MachO.CPU_TYPES.x86:
type = str(MachO.X86_RELOCATION(reloc.type))
if reloc.architecture == MachO.CPU_TYPES.x86_64:
type = str(MachO.X86_64_RELOCATION(reloc.type))
if reloc.architecture == MachO.CPU_TYPES.ARM:
type = str(MachO.ARM_RELOCATION(reloc.type))
if reloc.architecture == MachO.CPU_TYPES.ARM64:
type = str(MachO.ARM64_RELOCATION(reloc.type))
if reloc.architecture == MachO.CPU_TYPES.POWERPC:
type = str(MachO.PPC_RELOCATION(reloc.type))
print(
" [Reloc #{:d} {section}] {name:<10} 0x{address:<6x} {type:<20} {size:d} {pcrel} {scat}"
.format(idx,
section=secname,
name=name,
address=reloc.address,
type=type.split(".")[-1],
size=reloc.size,
pcrel=str(reloc.pc_relative),
scat=str(reloc.is_scattered)))
print("")
print("")
def main():
parser = argparse.ArgumentParser(usage='%(prog)s [options] <macho-file>')
parser.add_argument('-a',
'--all',
action='store_true',
dest='show_all',
help='Show all information')
parser.add_argument('-c',
'--commands',
action='store_true',
dest='show_commands',
help='Display Commands')
parser.add_argument('-H',
'--header',
action='store_true',
dest='show_header',
help='Display header')
parser.add_argument('-L',
'--libraries',
action='store_true',
dest='show_libraries',
help='Display Imported Libraries')
parser.add_argument('-l',
'--segments',
action='store_true',
dest='show_segments',
help='Display Segments')
parser.add_argument('-r',
'--relocations',
action='store_true',
dest='show_relocs',
help='Display the relocations (if present)')
parser.add_argument('-s',
'--symbols',
action='store_true',
dest='show_symbols',
help='Display Symbols')
parser.add_argument('-S',
'--sections',
action='store_true',
dest='show_sections',
help='Display Sections')
parser.add_argument('--uuid',
action='store_true',
dest='show_uuid',
help='Display the UUID command')
parser.add_argument('--main',
action='store_true',
dest='show_main',
help='Display the Main command')
parser.add_argument('--dylinker',
action='store_true',
dest='show_dylinker',
help='Display the Dylinker command')
parser.add_argument('--dyldinfo',
action='store_true',
dest='show_dyldinfo',
help='Display the DyldInfo command')
parser.add_argument('--function-starts',
action='store_true',
dest='show_function_starts',
help='Display the FunctionStarts command')
parser.add_argument('--source-version',
action='store_true',
dest='show_source_version',
help="Display the 'Source Version' command")
parser.add_argument('--version-min',
action='store_true',
dest='show_version_min',
help="Display the 'Version Min' command")
parser.add_argument("binary",
metavar="<macho-file>",
help='Target Mach-O File')
args = parser.parse_args()
binaries = None
try:
binaries = MachO.parse(args.binary)
except lief.exception as e:
print(e)
sys.exit(1)
for binary in binaries:
print_information(binary)
if args.show_header or args.show_all:
print_header(binary)
if args.show_commands or args.show_all:
print_commands(binary)
if args.show_libraries or args.show_all:
print_libraries(binary)
if args.show_segments or args.show_all:
print_segments(binary)
if args.show_sections or args.show_all:
print_sections(binary)
if args.show_symbols or args.show_all:
print_symbols(binary)
if (args.show_uuid or args.show_all) and binary.has_uuid:
print_uuid(binary)
if (args.show_main or args.show_all) and binary.has_main_command:
print_main_command(binary)
if (args.show_dylinker or args.show_all) and binary.has_dylinker:
print_dylinker(binary)
if (args.show_dyldinfo or args.show_all) and binary.has_dyld_info:
print_dyld_info(binary)
if (args.show_function_starts
or args.show_all) and binary.has_function_starts:
print_function_starts(binary)
if (args.show_source_version
or args.show_all) and binary.has_source_version:
print_source_version(binary)
if (args.show_version_min or args.show_all) and binary.has_version_min:
print_version_min(binary)
if (args.show_relocs or args.show_all) and len(binary.relocations) > 0:
print_relocations(binary)
def print_relocations(binary):
print("== Relocations ==")
f_value = "|0x{address:<10x} | {size:<4d} | {type:<15} | {pcrel:<11} | {secseg:<23} | {symbol}"
f_title = "|{address:<12} | {size:<4} | {type:<15} | {pcrel:<11} | {secseg:<23} | {symbol}"
print(
f_title.format(address="Address",
size="Size",
type="Type",
pcrel="PC Relative",
secseg="Section/Section",
symbol="Symbol"))
for reloc in binary.relocations:
type_str = ""
if reloc.origin == lief.MachO.RELOCATION_ORIGINS.DYLDINFO:
type_str = str(lief.MachO.REBASE_TYPES(reloc.type)).split(".")[-1]
if reloc.origin == lief.MachO.RELOCATION_ORIGINS.RELOC_TABLE:
if reloc.architecture == MachO.CPU_TYPES.x86:
type_str = str(MachO.X86_RELOCATION(reloc.type))
if reloc.architecture == MachO.CPU_TYPES.x86_64:
type_str = str(MachO.X86_64_RELOCATION(reloc.type))
if reloc.architecture == MachO.CPU_TYPES.ARM:
type_str = str(MachO.ARM_RELOCATION(reloc.type))
if reloc.architecture == MachO.CPU_TYPES.ARM64:
type_str = str(MachO.ARM64_RELOCATION(reloc.type))
if reloc.architecture == MachO.CPU_TYPES.POWERPC:
type_str = str(MachO.PPC_RELOCATION(reloc.type))
type_str = type_str.split(".")[-1]
symbol_name = ""
if reloc.has_symbol:
symbol_name = reloc.symbol.name
secseg_name = ""
if reloc.has_segment and reloc.has_section:
secseg_name = "{}.{}".format(reloc.segment.name,
reloc.section.name)
else:
if reloc.has_segment:
secseg_name = reloc.segment.name
if reloc.has_section:
secseg_name = reloc.section.name
print(
f_value.format(address=reloc.address,
size=reloc.size,
type=type_str,
pcrel=str(reloc.pc_relative),
secseg=secseg_name,
symbol=symbol_name))
print("")
def main():
parser = argparse.ArgumentParser(usage='%(prog)s [options] <macho-file>')
parser.add_argument('-a',
'--all',
action='store_true',
dest='show_all',
help='Show all information')
parser.add_argument('-c',
'--commands',
action='store_true',
dest='show_commands',
help='Display Commands')
parser.add_argument('-H',
'--header',
action='store_true',
dest='show_header',
help='Display header')
parser.add_argument('-L',
'--libraries',
action='store_true',
dest='show_libraries',
help='Display Imported Libraries')
parser.add_argument('-l',
'--segments',
action='store_true',
dest='show_segments',
help='Display Segments')
parser.add_argument('-r',
'--relocations',
action='store_true',
dest='show_relocs',
help='Display the relocations (if present)')
parser.add_argument('-s',
'--symbols',
action='store_true',
dest='show_symbols',
help='Display Symbols')
parser.add_argument('-S',
'--sections',
action='store_true',
dest='show_sections',
help='Display Sections')
parser.add_argument('--uuid',
action='store_true',
dest='show_uuid',
help='Display the UUID command')
parser.add_argument('--main',
action='store_true',
dest='show_main',
help='Display the Main command')
parser.add_argument('--dylinker',
action='store_true',
dest='show_dylinker',
help='Display the Dylinker command')
parser.add_argument('--dyldinfo',
action='store_true',
dest='show_dyldinfo',
help='Display the DyldInfo command')
parser.add_argument('--function-starts',
action='store_true',
dest='show_function_starts',
help='Display the FunctionStarts command')
parser.add_argument('--rebase-opcodes',
action='store_true',
dest='show_rebase_opcodes',
help='Display the "Rebase" opcodes')
parser.add_argument('--source-version',
action='store_true',
dest='show_source_version',
help="Display the 'Source Version' command")
parser.add_argument('--version-min',
action='store_true',
dest='show_version_min',
help="Display the 'Version Min' command")
parser.add_argument('--thread-command',
action='store_true',
dest='show_thread_command',
help="Display the 'Thread Command' command")
parser.add_argument('--rpath-command',
action='store_true',
dest='show_rpath_command',
help="Display the 'Rpath Command' command")
parser.add_argument('--symbol-command',
action='store_true',
dest='show_symbol_command',
help="Display the 'Symbol Command' command")
parser.add_argument('--dynamic-symbol-command',
action='store_true',
dest='show_dynamic_symbol_command',
help="Display the 'Symbol Command' command")
parser.add_argument('--data-in-code',
action='store_true',
dest='show_data_in_code',
help="Display the 'Data In Code' command")
parser.add_argument('--segment-split-info',
action='store_true',
dest='show_segment_split_info',
help="Display the 'Segment Split Info' command")
parser.add_argument('--sub-framework',
action='store_true',
dest='show_sub_framework',
help="Display the 'Sub Framework' command")
parser.add_argument('--dyld-environment',
action='store_true',
dest='show_dyld_env',
help="Display the 'Dyld Environment' command")
parser.add_argument('--encryption-info',
action='store_true',
dest='show_encrypt_info',
help="Display the 'Encryption Info' command")
parser.add_argument('--bind-opcodes',
action='store_true',
dest='show_bind_opcodes',
help='Display the "Bind" opcodes')
parser.add_argument('--weak-bind-opcodes',
action='store_true',
dest='show_weak_bind_opcodes',
help='Display the "Weak Bind" opcodes')
parser.add_argument('--lazy-bind-opcodes',
action='store_true',
dest='show_lazy_bind_opcodes',
help='Display the "Lazy Bind" opcodes')
parser.add_argument('--export-trie',
action='store_true',
dest='show_export_trie',
help='Display the export trie')
parser.add_argument('--opcodes',
action='store_true',
dest='show_opcodes',
help='Display the bind and rebase opcodes')
parser.add_argument('--ctor',
action='store_true',
dest='show_ctor',
help='Constructor functions')
parser.add_argument("binary",
metavar="<macho-file>",
help='Target Mach-O File')
args = parser.parse_args()
binaries = None
try:
binaries = MachO.parse(args.binary)
except lief.exception as e:
print(e)
sys.exit(1)
if len(binaries) > 1:
print("Fat Mach-O: {:d} binaries".format(len(binaries)))
for binary in binaries:
print_information(binary)
if args.show_header or args.show_all:
print_header(binary)
if args.show_commands or args.show_all:
print_commands(binary)
if args.show_libraries or args.show_all:
print_libraries(binary)
if args.show_segments or args.show_all:
print_segments(binary)
if args.show_sections or args.show_all:
print_sections(binary)
if args.show_symbols or args.show_all:
print_symbols(binary)
if (args.show_uuid or args.show_all) and binary.has_uuid:
print_uuid(binary)
if (args.show_main or args.show_all) and binary.has_main_command:
print_main_command(binary)
if (args.show_dylinker or args.show_all) and binary.has_dylinker:
print_dylinker(binary)
if (args.show_dyldinfo or args.show_all) and binary.has_dyld_info:
print_dyld_info(binary)
if (args.show_function_starts
or args.show_all) and binary.has_function_starts:
print_function_starts(binary)
if (args.show_source_version
or args.show_all) and binary.has_source_version:
print_source_version(binary)
if (args.show_version_min or args.show_all) and binary.has_version_min:
print_version_min(binary)
if (args.show_relocs or args.show_all) and len(binary.relocations) > 0:
print_relocations(binary)
if (args.show_thread_command
or args.show_all) and binary.has_thread_command:
print_thread_command(binary)
if (args.show_rpath_command or args.show_all) and binary.has_rpath:
print_rpath_command(binary)
if (args.show_symbol_command
or args.show_all) and binary.has_symbol_command:
print_symbol_command(binary)
if (args.show_dynamic_symbol_command
or args.show_all) and binary.has_dynamic_symbol_command:
print_dynamic_symbol_command(binary)
if (args.show_data_in_code
or args.show_all) and binary.has_data_in_code:
print_data_in_code(binary)
if (args.show_segment_split_info
or args.show_all) and binary.has_segment_split_info:
print_segment_split_info(binary)
if (args.show_sub_framework
or args.show_all) and binary.has_sub_framework:
print_sub_framework(binary)
if (args.show_dyld_env
or args.show_all) and binary.has_dyld_environment:
print_dyld_environment(binary)
if (args.show_encrypt_info
or args.show_all) and binary.has_encryption_info:
print_encryption_info(binary)
if (args.show_rpath_command or args.show_all) and binary.has_rpath:
print_rpath_command(binary)
if (args.show_rebase_opcodes
or args.show_opcodes) and binary.has_dyld_info:
print_rebase_opcodes(binary)
if (args.show_bind_opcodes
or args.show_opcodes) and binary.has_dyld_info:
print_bind_opcodes(binary)
if (args.show_weak_bind_opcodes
or args.show_opcodes) and binary.has_dyld_info:
print_weak_bind_opcodes(binary)
if (args.show_lazy_bind_opcodes
or args.show_opcodes) and binary.has_dyld_info:
print_lazy_bind_opcodes(binary)
if (args.show_export_trie
or args.show_opcodes) and binary.has_dyld_info:
print_export_trie(binary)
if args.show_ctor or args.show_all:
print_ctor(binary)
sys.exit(EXIT_STATUS)
def main():
parser = argparse.ArgumentParser(usage='%(prog)s [options] <macho-file>')
parser.add_argument('-a',
'--all',
action='store_true',
dest='show_all',
help='Show all information')
parser.add_argument('-c',
'--commands',
action='store_true',
dest='show_commands',
help='Display Commands')
parser.add_argument('-H',
'--header',
action='store_true',
dest='show_header',
help='Display header')
parser.add_argument('-L',
'--libraries',
action='store_true',
dest='show_libraries',
help='Display Imported Libraries')
parser.add_argument('-l',
'--segments',
action='store_true',
dest='show_segments',
help='Display Segments')
parser.add_argument('-r',
'--relocations',
action='store_true',
dest='show_relocs',
help='Display the relocations (if present)')
parser.add_argument('-s',
'--symbols',
action='store_true',
dest='show_symbols',
help='Display Symbols')
parser.add_argument('-S',
'--sections',
action='store_true',
dest='show_sections',
help='Display Sections')
parser.add_argument('--uuid',
action='store_true',
dest='show_uuid',
help='Display the UUID command')
parser.add_argument('--main',
action='store_true',
dest='show_main',
help='Display the Main command')
parser.add_argument('--dylinker',
action='store_true',
dest='show_dylinker',
help='Display the Dylinker command')
parser.add_argument('--dyldinfo',
action='store_true',
dest='show_dyldinfo',
help='Display the DyldInfo command')
parser.add_argument('--function-starts',
action='store_true',
dest='show_function_starts',
help='Display the FunctionStarts command')
parser.add_argument('--rebase-opcodes',
action='store_true',
dest='show_rebase_opcodes',
help='Display the "Rebase" opcodes')
parser.add_argument('--source-version',
action='store_true',
dest='show_source_version',
help="Display the 'Source Version' command")
parser.add_argument('--version-min',
action='store_true',
dest='show_version_min',
help="Display the 'Version Min' command")
parser.add_argument('--thread-command',
action='store_true',
dest='show_thread_command',
help="Display the 'Thread Command' command")
parser.add_argument('--rpath-command',
action='store_true',
dest='show_rpath_command',
help="Display the 'Rpath Command' command")
parser.add_argument('--symbol-command',
action='store_true',
dest='show_symbol_command',
help="Display the 'Symbol Command' command")
parser.add_argument('--dynamic-symbol-command',
action='store_true',
dest='show_dynamic_symbol_command',
help="Display the 'Symbol Command' command")
parser.add_argument('--data-in-code',
action='store_true',
dest='show_data_in_code',
help="Display the 'Data In Code' command")
parser.add_argument('--segment-split-info',
action='store_true',
dest='show_segment_split_info',
help="Display the 'Segment Split Info' command")
parser.add_argument('--sub-framework',
action='store_true',
dest='show_sub_framework',
help="Display the 'Sub Framework' command")
parser.add_argument('--dyld-environment',
action='store_true',
dest='show_dyld_env',
help="Display the 'Dyld Environment' command")
parser.add_argument('--encryption-info',
action='store_true',
dest='show_encrypt_info',
help="Display the 'Encryption Info' command")
parser.add_argument('--bind-opcodes',
action='store_true',
dest='show_bind_opcodes',
help='Display the "Bind" opcodes')
parser.add_argument('--weak-bind-opcodes',
action='store_true',
dest='show_weak_bind_opcodes',
help='Display the "Weak Bind" opcodes')
parser.add_argument('--lazy-bind-opcodes',
action='store_true',
dest='show_lazy_bind_opcodes',
help='Display the "Lazy Bind" opcodes')
parser.add_argument('--export-trie',
action='store_true',
dest='show_export_trie',
help='Display the export trie')
parser.add_argument('--opcodes',
action='store_true',
dest='show_opcodes',
help='Display the bind and rebase opcodes')
parser.add_argument('--ctor',
action='store_true',
dest='show_ctor',
help='Constructor functions')
parser.add_argument('--unwind-functions',
action='store_true',
dest='show_ufunctions',
help='Functions from unwind info')
parser.add_argument('--functions',
action='store_true',
dest='show_functions',
help='All functions found in the binary')
parser.add_argument('--build-version',
action='store_true',
dest='show_build_version',
help='Show build version')
parser.add_argument("binary",
metavar="<macho-file>",
help='Target Mach-O File')
# Logging setup
logger_group = parser.add_argument_group('Logger')
verbosity = logger_group.add_mutually_exclusive_group()
verbosity.add_argument('--debug',
dest='main_verbosity',
action='store_const',
const=lief.logging.LOGGING_LEVEL.DEBUG)
verbosity.add_argument('--trace',
dest='main_verbosity',
action='store_const',
const=lief.logging.LOGGING_LEVEL.TRACE)
verbosity.add_argument('--info',
dest='main_verbosity',
action='store_const',
const=lief.logging.LOGGING_LEVEL.INFO)
verbosity.add_argument('--warn',
dest='main_verbosity',
action='store_const',
const=lief.logging.LOGGING_LEVEL.WARNING)
verbosity.add_argument('--err',
dest='main_verbosity',
action='store_const',
const=lief.logging.LOGGING_LEVEL.ERROR)
verbosity.add_argument('--critical',
dest='main_verbosity',
action='store_const',
const=lief.logging.LOGGING_LEVEL.CRITICAL)
parser.set_defaults(main_verbosity=lief.logging.LOGGING_LEVEL.WARNING)
args = parser.parse_args()
lief.logging.set_level(args.main_verbosity)
binaries = None
try:
binaries = MachO.parse(args.binary)
except lief.exception as e:
print(e)
sys.exit(1)
if len(binaries) > 1:
print("Fat Mach-O: {:d} binaries".format(len(binaries)))
for binary in binaries:
print_information(binary)
if args.show_header or args.show_all:
print_header(binary)
if args.show_commands or args.show_all:
print_commands(binary)
if args.show_libraries or args.show_all:
print_libraries(binary)
if args.show_segments or args.show_all:
print_segments(binary)
if args.show_sections or args.show_all:
print_sections(binary)
if args.show_symbols or args.show_all:
print_symbols(binary)
if (args.show_uuid or args.show_all) and binary.has_uuid:
print_uuid(binary)
if (args.show_main or args.show_all) and binary.has_main_command:
print_main_command(binary)
if (args.show_dylinker or args.show_all) and binary.has_dylinker:
print_dylinker(binary)
if (args.show_dyldinfo or args.show_all) and binary.has_dyld_info:
print_dyld_info(binary)
if (args.show_function_starts
or args.show_all) and binary.has_function_starts:
print_function_starts(binary)
if (args.show_source_version
or args.show_all) and binary.has_source_version:
print_source_version(binary)
if (args.show_version_min or args.show_all) and binary.has_version_min:
print_version_min(binary)
if (args.show_relocs or args.show_all) and len(binary.relocations) > 0:
print_relocations(binary)
if (args.show_thread_command
or args.show_all) and binary.has_thread_command:
print_thread_command(binary)
if (args.show_rpath_command or args.show_all) and binary.has_rpath:
print_rpath_command(binary)
if (args.show_symbol_command
or args.show_all) and binary.has_symbol_command:
print_symbol_command(binary)
if (args.show_dynamic_symbol_command
or args.show_all) and binary.has_dynamic_symbol_command:
print_dynamic_symbol_command(binary)
if (args.show_data_in_code
or args.show_all) and binary.has_data_in_code:
print_data_in_code(binary)
if (args.show_segment_split_info
or args.show_all) and binary.has_segment_split_info:
print_segment_split_info(binary)
if (args.show_sub_framework
or args.show_all) and binary.has_sub_framework:
print_sub_framework(binary)
if (args.show_dyld_env
or args.show_all) and binary.has_dyld_environment:
print_dyld_environment(binary)
if (args.show_encrypt_info
or args.show_all) and binary.has_encryption_info:
print_encryption_info(binary)
if (args.show_rpath_command or args.show_all) and binary.has_rpath:
print_rpath_command(binary)
if (args.show_rebase_opcodes
or args.show_opcodes) and binary.has_dyld_info:
print_rebase_opcodes(binary)
if (args.show_bind_opcodes
or args.show_opcodes) and binary.has_dyld_info:
print_bind_opcodes(binary)
if (args.show_weak_bind_opcodes
or args.show_opcodes) and binary.has_dyld_info:
print_weak_bind_opcodes(binary)
if (args.show_lazy_bind_opcodes
or args.show_opcodes) and binary.has_dyld_info:
print_lazy_bind_opcodes(binary)
if (args.show_export_trie
or args.show_opcodes) and binary.has_dyld_info:
print_export_trie(binary)
if args.show_ctor or args.show_all:
print_ctor(binary)
if args.show_ufunctions or args.show_all:
print_unwind_functions(binary)
if args.show_functions or args.show_all:
print_functions(binary)
if (args.show_build_version
or args.show_all) and binary.has_build_version:
print_build_version(binary)
sys.exit(EXIT_STATUS)
def read_macho(path_to_binary):
binaries = MachO.parse(path_to_binary)
#for binary in binaries:
read_fit_binary(binaries[0])