mach-o

问题 I've been trying to learn 64-bit assembly on both Mac-OS and Windows using NASM. My code is extern _printf section .data msg db "Hello World!", 10, 0 section .text global _main _main: mov rax, 0 mov rdi, msg call _printf mov rax, 0x2000001 mov rdi, 0 syscall and I compile it with nasm -f macho64 -o main.o main.asm gcc -o main main.o While trying to call _printf , I got the error Segmentation fault: 11 When I remove the call to _printf , my code runs fine. Why does the call to _printf cause a

问题 I am trying to extract libraries from the Dyld_shared_cache, and need to fix in external references. For example, the pointers in the __DATA.__objc_selrefs section usually point to data outside the mach-o file, to fix that I would have to copy the corresponding c-string from the dyld and append it to the __TEXT.__objc_methname section. Though from my understanding of the Mach-O file format, this extension of the __TEXT.__objc_methname would shift all the sections after it and would force me

问题 How can I move sections out of the __TEXT segment and into a new segment for a mach-o binary? The reason I'm asking is that I'm trying to make my iPhone app smaller, and the iOS App Store encrypts the __TEXT segment of it prior to compression so that it doesn't compress at all. If I can move all the non-executable sections out of that segment and into a new read-only segment, then I can trim the size of my app by about 9%. 回答1: On linker level As already mentioned in @meisel answer this can

问题 I have a program that generates self-modifying code (see https://tigress.wtf/selfModify.html in case you're interested). It runs on x86 Darwin and Linux. On Darwin, I compile with gcc -g -segprot __TEXT rwx rwx self_modifying.c -o self_modifying.exe Recently, this seems not to work, I get dyld: malformed mach-o image: __TEXT segment maps start of file but is writable when I run the program. I'm running clang version 6.0.1 on MacOS 10.15.3. Any help would be appreciated. 回答1: @AlexDenisov is

问题 In runtime I'm trying to recover an address of a function that is not exported but is available through shared library's symbols table and therefore is visible to the debugger. I'm working on advanced debugging procedure that needs to capture certain events and manipulate runtime. One of the actions requires knowledge of an address of a private function (just the address) which is used as a key elsewhere. My current solution calculates offset of that private function relative to a known

问题 Well, i am trying to get the baseadresses for Loaded OSX Dylibs in running Proccesses on run time since a longtime now. Ive dumped all attached Dylibs on runtime using dyld_all_image_infos after using task_info, got there name and ImageLoadADDRESS,mach_header and segment_command. But i can't get there Baseaddress On runtime.. Everything works great except that i'm confused on how to get the actual Baseaddress of the requested Image in runtime! Also my Magic number which i got after Getting

问题 Well, i am trying to get the baseadresses for Loaded OSX Dylibs in running Proccesses on run time since a longtime now. Ive dumped all attached Dylibs on runtime using dyld_all_image_infos after using task_info, got there name and ImageLoadADDRESS,mach_header and segment_command. But i can't get there Baseaddress On runtime.. Everything works great except that i'm confused on how to get the actual Baseaddress of the requested Image in runtime! Also my Magic number which i got after Getting

问题 I have an error at compile time. Seems to be weird. it worked as detail view application, but using single view doesn't seem to work. this is the error details: Undefined symbols for architecture i386: "_OBJC_CLASS_$_RssArticle", referenced from: objc-class-ref in RssXmlParser.o ld: symbol(s) not found for architecture i386 clang: error: linker command failed with exit code 1 (use -v to see invocation) 回答1: Try these steps: Open your project in XCode. In left side window/panel of XCode click

问题 My app crashes when I launch it in iOS 7.1 but works fine in iOS 8.1 The error I get is this: dyld: Library not loaded: /System/Library/Frameworks/AVKit.framework/AVKit Referenced from: MY APP Reason: no suitable image found. Did find: /System/Library/Frameworks/AVKit.framework/AVKit: mach-o, but wrong architecture (lldb) I also noticed a similar error but with the UIKit mentioned instead of AVKit a few edits ago. Does anyone know how to resolve this? I'm using Xcode 6.1. I really don't want

问题 Is it possible to alter the way that an existing x86-64 binary references and/or calls one particular function. Specifically, is it possible to alter the binary such nothing happens (similar to a nop ) at the times when that function would normally have executed? I realize that there are powerful speciality tools out there (ie decompilers/disassemblers) for just this sort of task, but what I'm really wondering is if the executable formats are human-readable "enough" to be able to do this sort