mach-o 工具

工具

command-line tools

• lipo /usr/bin/lipo

能够分析二进制文件的架构，可以拆分和合并二进制文件

• otool /usr/bin/otool

列出Mach-O文件的sections和segments信息，具体使用可以参考otool --help

• pagestuff /usr/bin/pagestuff

展示每一个组成反射(image)的每个逻辑页面的内容，其中包含了sections的名字和每个page里的符号。这个工具不能在有多个架构的包含映射的二进制文件中运行。

• symbol table的展示工具 /usr/bin/nm

允许你查看对象文件符号表的内容

工具的使用

lipo

The lipo command creates or operates on ``universal'' (multi-architec-
ture) files. It only ever produces one output file, and never alters
the input file. The operations that lipo performs are: listing the
architecture types in a universal file; creating a single universal
file from one or more input files; thinning out a single universal file
to one specified architecture type; and extracting, replacing, and/or
removing architectures types from the input file to create a single new
universal output file.
lipo 命令 是用来创建或者是操作一般含有多个结构体的文件。能输出一个文件，但不改变原文件。该命令能查询结构体类型，合并多个结构体文件，或者从多个结构体文件中剥离出来单个结构体。

Only one option can be specified, with the exception of -arch,
-arch_blank, -output, and -segalign, which are used in combination with
other options. The input_file argument is required, and only the -cre-
ate option allows more than one input_file to be specified. The -out-
put flag must be used, except with the -info and -detailed_info flags.

假设我们的moch-0二进制文件名字叫 test .结构体类型是armv7 和 arm64
lipo -info test

Architectures in the fat file: ETCP are: armv7 arm64 

lipo -detailed_info test

Fat header in: test
fat_magic 0xcafebabe
nfat_arch 2
architecture armv7
    cputype CPU_TYPE_ARM
    cpusubtype CPU_SUBTYPE_ARM_V7
    offset 16384
    size 37933760
    align 2^14 (16384)
architecture arm64
    cputype CPU_TYPE_ARM64
    cpusubtype CPU_SUBTYPE_ARM64_ALL
    offset 37961728
    size 43561328
    align 2^14 (16384)

lipo -thin armv7 test -output test.armv7

会在当前目录生成一个 test.armv7 结构体类型是 armv7

lipo -create test.arm64 test.armv7 -output test.all

将test.arm64和 test.armv7结构体 合并在一起输出到 test.all 文件中。

lipo -remove armv7 test.all -output test.arm64-1

将test.all 结构体中的armv7 移除掉

lipo -extract arm64 -output test.arm64-2 test.all

将test.all 结构体中的arm64 结构体输出到 test.arm64-2

lipo -create -arch armv7 test.armv7 -arch arm64 test.arm64 -output test.all

这里是把test.armv7 和 test.arm64 合并到test.all 文件中，-arch 只是用来修饰文件的，并且给文件做限制，必须是not-fat 结构体

otool /usr/bin/otool

The otool command displays specified parts of object files or libraries. If the -m option is not used the file arguments may be of the form libx.a(foo.o), to request information about only that object file and not the entire library. (Typically this argument must be quoted, ``libx.a(foo.o)'', to get it past the shell.) Otool understands both Mach-O (Mach object) files and universal file formats.Otool can display the specified information in either its raw (numeric)form (without the -v flag), or in a symbolic form using macro names of costants, etc. (with the -v or -V flag).

这个工具展示文件或者库的一部分。这个命令明白mach-o 文件和结构体文件。

    -f print the fat headers
    -a print the archive header
    -h print the mach header
    -l print the load commands
    -L print shared libraries used
    -D print shared library id name
    -t print the text section (disassemble with -v)
    -p   start dissassemble from routine name
    -s   print contents of section
    -d print the data section
    -o print the Objective-C segment
    -r print the relocation entries
    -S print the table of contents of a library
    -T print the table of contents of a dynamic shared library
    -M print the module table of a dynamic shared library
    -R print the reference table of a dynamic shared library
    -I print the indirect symbol table
    -H print the two-level hints table
    -G print the data in code table
    -v print verbosely (symbolically) when possible
    -V print disassembled operands symbolically
    -c print argument strings of a core file
    -X print no leading addresses or headers
    -m don't use archive(member) syntax
    -B force Thumb disassembly (ARM objects only)
    -q use llvm's disassembler (the default)
    -Q use otool(1)'s disassembler
    -mcpu=arg use `arg' as the cpu for disassembly
    -j print opcode bytes
    -P print the info plist section as strings
    -C print linker optimization hints

pagestuff

mach-o 分析工具

pagestuff displays information about the specified logical pages of a file conforming to the Mach-O executable format. For each specified page of code, symbols (function and static data structure names) are displayed

命令举例

pagestuff test.arm64 -arch arm64 -a 

symbol table的展示工具

Nm displays the name list (symbol table) of each object file in the argument list. If an argument is an archive, a listing for each object file in the archive will be produced. File can be of the form libx.a(x.o), in which case only symbols from that member of the object file are listed. (The parentheses have to be quoted to get by the shell.) If no file is given, the symbols in a.out are listed.
nm 命令能展示每个文件的信号表

Each  symbol  name  is preceded by its value (blanks if undefined).  Unless the -m option is specified, this value is followed by one of the following characters, representing the  symbol  type:  U (undefined), A (absolute), T (text section symbol), D (data section symbol), B(bss section symbol), C (common symbol), -  (for  debugger  symbol  table  entries;  see  -a below), S (symbol in a section other than those above), or I (indirect symbol).  If the symbol is local (non-external), the symbol's type is instead represented by  the  corresponding lowercase  letter.   A lower case u in a dynamic shared library indicates a undefined reference to a private external in another module in the same library.

If the symbol is a Objective C method, the symbol name is +-[Class_name(category_name) method:name:], where +' is for class methods,-' is for instance methods, and (cate-
gory_name) is present only when the method is in a category.
这个是category 的标示方法

       -t format
              For the -P output, write the numeric value in the specified format. The format  shall
              be dependent on the single character used as the format option-argument:

       d      The value shall be written in decimal (default).

       o      The value shall be written in octal.

       x      The value shall be written in hexadecimal.

       -L     Display  the symbols in the bitcode files in the (__LLVM,__bundle) section if present
              instead of the object's symbol table.  This is the default if the object has no  sym-
              bol table and there is an (__LLVM,__bundle) section.

参数不少

这些工具暂时具体怎么使用还不太懂。只是略作记录，防止忘记。