Home

Awesome

   _____                .__     ____________   ____.__               
  /     \ _____    ____ |  |__  \_____  \   \ /   /|__| ______  _  __
 /  \ /  \\__  \ _/ ___\|  |  \  /   |   \   Y   / |  |/ __ \ \/ \/ /
/    Y    \/ __ \\  \___|   Y  \/    |    \     /  |  \  ___/\     / 
\____|__  (____  /\___  >___|  /\_______  /\___/   |__|\___  >\/\_/  
        \/     \/     \/     \/         \/                 \/        

A fork from MachOView to update and fix some bugs, mostly Mountain Lion & iOS 6 related. Also some small changes to the original behaviour.

Original MachOView by psaghelyi at http://sourceforge.net/projects/machoview/. Thanks to psaghelyi for his great work :-)

Latest versions are Lion+ only. The LLVM disassembler was replaced with Capstone. This eliminates Clang/LLVM packages requirements. The downside is that Capstone stops disassembling on bad instructions which means that for now data in code and jump tables data will create problems and __text section disassembly might be incomplete in binaries that contain such data. Capstone improved disassembly on error but data in code locations are available in header so this can and should be improved.

A static Capstone library extracted from the official DMG is included in the repo. If you want to be safe you should download Capstone and compile it yourself.

Now features the attach option to analyse headers of a running process. To use this feature you will need to codesign the binary. Follow this LLDB guide to create the certificate and then codesign MachOView binary. https://llvm.org/svn/llvm-project/lldb/trunk/docs/code-signing.txt The necessary entitlements are already added to Info.plist.

Be warned that this allows MachOView to have task_for_pid() privs under current under and control every process from user running it. The whole Mach-O parsing code needs to be reviewed and made more robust.

Enjoy, fG!

*** MythKiven's branch


Modified on the basis of the fork version: V2.4.9121, the current version: V2.5.9276. The changes are as follows:

1. When first opened, the initial interface will be displayed, and the Mach-O file can be dragged directly to the interface;
2. The maximum number of files to be dragged each time is 3 files;
1.error: 'string' file not found
Modify the program: C++ standard library modified to libc++

2.error: fwrite writes a null value crash
Modify the program: judge whether it is null or not
1. Part of KVC increases whether the judgment is an empty string;
2. The progress bar update code is placed in the main thread;
3. Fix code that may have a memory leak.

Note: A pkg (Version:2.5.9276) file can be directly installed, no need to compile itself, Click here to download MachOView

md5:d218e9a42e2e891b47f205f4bcdc388f

sha1:7cb343666b4995c2d64781259a6a0522888c6498

skills:

The quickest way to open (in terminal or Alfred)
$open -a MachOView XX
$open -b MachOView XX

Followed by
$open -b/-a MachOView or Alfred or click icon
Then drag the Mach-O file onto the open initial page or the icon in the Dock


在fork的版本:V2.4.9121 基础之上进行修改,目前版本:V2.5.9276。修改内容如下:

1、首次打开时,会显示初始界面,可直接往界面上拖动Mach-O文件;
2、每次拖动文件的最大数量是3个文件;
1、报错:'string' file not found
修改方案:C++标准库修改为libc++

2、crash: fwrite写入空值crash
修改方案:判空即可
1、部分 KVC 增加判空处理;
2、进度条更新代码放入主线程中;
3、修复可能存在内存泄漏的代码。

注:已生成一个可直接安装的pkg(Version:2.5.9276)文件,无需再自行编译,点此下载MachOView

md5:d218e9a42e2e891b47f205f4bcdc388f

sha1:7cb343666b4995c2d64781259a6a0522888c6498

使用技巧

最快捷的打开方式(在终端或Alfred)
$open -a MachOView XX
$open -b MachOView XX

其次是
$open -b/-a MachOView 或 Alfred 或 点击图标
然后拖动Mach-O文件到已打开的初始页面上或程序坞(Dock)中的图标上