devaukz / macho-explorer Goto Github PK
View Code? Open in Web Editor NEWA graphical Mach-O viewer for macOS. Powered by Mach-O Kit.
License: MIT License
macho-explorer's People
Contributors
Stargazers
Watchers
Forkers
shuixi2013 hushifei quding0308 basketwill badheli fengjixuchui kuustudio haidragon lucianopalmeida colemancda xuvw philcai1993 hmyit toanlcgift crackercat minsone-opensource-fork apollonbar liu6x6 bigqiangg mstarlogo milend tcpthecode caivao iphone5s ta01st zhutc mluxe nevinhappy youngshingjun yangboyd codesourse xueyongwei ytfrdfiw houweifeng gratefulheart danboduan elijahdou myhighland fish-lll rhythmcity lk26 vitonzhangtt anrikgwp rong9527 andriitishchenko eterocell mxiris-reverse-engineering-forks lvchenqiangmacho-explorer's Issues
Crash using close shortcut app on 10.15.4
Process: MachOExplorer [3221]
Path: /Applications/MachOExplorer.swift.app/Contents/MacOS/MachOExplorer
Identifier: net.devaukz.macho.explorer
Version: 1.0 (1)
Code Type: X86-64 (Native)
Parent Process: ??? [1]
Responsible: MachOExplorer [3221]
User ID: 501
Date/Time: 2020-05-23 18:42:50.052 +0800
OS Version: Mac OS X 10.15.4 (19E287)
Report Version: 12
Bridge OS Version: 3.0 (14Y908)
Anonymous UUID: A51BFD28-ADEE-66EC-5994-E51EB09BD482
Why are you don't provide binary release???
Instructions in ReadMe.md are ambiguous or out-of-date.
The quick start instructions in ReadMe.md are either ambiguous or out of date; i.e., I attempted to follow them, but could not get it to run. It appears to want some code signing, which seems surprising for something that does not attach to other processes.
Or, I misunderstood the instructions. Assume I never used XCode to build something before today, and notice that there are (at least) two things claiming to be MachOExplorer in the left sidebar, as well as a "Product" named MachOExplorer.app (in an alarming red font) at the bottom of that pane. I do not (to my knowledge) have a "development team", nor do I have a "provisioning profile". Those seem to be required.
I have, OTOH, successfully cloned gdb from sources and built it and run it, including code-signing it.
Same for Delve.
is not work for static framework?
hi, is can open Dynimic library ,but is not work static library
Help!!
never mind i do it
is not working,UINSServiceViewController requires Marzipan
2020-03-19 18:45:43.350509+0800 MachOExplorer[72513:9264819] *** Assertion failure in +[UINSServiceViewController initialize], /BuildRoot/Library/Caches/com.apple.xbs/Sources/ViewBridge/ViewBridge-464.1/UINSServiceViewController.m:203
2020-03-19 18:45:43.350695+0800 MachOExplorer[72513:9264819] [General] UINSServiceViewController requires Marzipan
2020-03-19 18:45:43.353536+0800 MachOExplorer[72513:9264819] [General] (
0 CoreFoundation 0x00007fff38ac38ab __exceptionPreprocess + 250
1 libobjc.A.dylib 0x00007fff6ebe4805 objc_exception_throw + 48
2 CoreFoundation 0x00007fff38aecd10 +[NSException raise:format:arguments:] + 88
3 Foundation 0x00007fff3b1e5241 -[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:] + 191
4 ViewBridge 0x00007fff6b2f4d25 +[UINSServiceViewController initialize] + 175
5 libobjc.A.dylib 0x00007fff6ebe6985 CALLING_SOME_+initialize_METHOD + 17
6 libobjc.A.dylib 0x00007fff6ebe72bc initializeNonMetaClass + 638
7 libobjc.A.dylib 0x00007fff6ebe7991 _ZL24initializeAndMaybeRelockP10objc_classP11objc_objectR8mutex_ttILb0EEb + 214
8 libobjc.A.dylib 0x00007fff6ebd93db lookUpImpOrForward + 969
9 libobjc.A.dylib 0x00007fff6ebd8b99 _objc_msgSend_uncached + 73
10 MachOKit 0x000000010051b1ab +[MKNode subclasses] + 571
11 MachOKit 0x000000010051b425 +[MKNode bestSubclassWithRanking:] + 37
12 MachOKit 0x0000000100498ba3 +[MKLoadCommand classForCommandID:] + 99
13 MachOKit 0x0000000100499454 +[MKLoadCommand loadCommandAtOffset:fromParent:error:] + 500
14 MachOKit 0x00000001004fa62a -[MKMachOImage initWithName:flags:atAddress:inMapping:error:] + 2426
15 MachOExplorer 0x000000010001eb27 $sSo12MKMachOImageC4name5flags9atAddress9inMappingABSPys4Int8VGSg_So0aB5FlagsVs6UInt64VSo11MKMemoryMapCtKcfcTO + 183
16 MachOExplorer 0x000000010001e221 $sSo12MKMachOImageC4name5flags9atAddress9inMappingABSPys4Int8VGSg_So0aB5FlagsVs6UInt64VSo11MKMemoryMapCtKcfC + 81
17 MachOExplorer 0x000000010001d4ab $s13MachOExplorer0A9ODocumentC4read4from6ofTypey10Foundation3URLV_SStKF + 971
18 MachOExplorer 0x000000010001e3bc $s13MachOExplorer0A9ODocumentC4read4from6ofTypey10Foundation3URLV_SStKFTo + 236
19 AppKit 0x00007fff35f4cdb9 -[NSDocument _initWithContentsOfURL:ofType:error:] + 172
20 AppKit 0x00007fff35f4cca2 -[NSDocument initWithContentsOfURL:ofType:error:] + 231
21 AppKit 0x00007fff35fbb68a -[NSDocumentController makeDocumentWithContentsOfURL:ofType:error:] + 619
22 AppKit 0x00007fff361b691c __97-[NSDocumentController makeDocumentWithContentsOfURL:alternateContents:ofType:completionHandler:]_block_invoke + 91
23 AppKit 0x00007fff361b68b6 -[NSDocumentController makeDocumentWithContentsOfURL:alternateContents:ofType:completionHandler:] + 160
24 AppKit 0x00007fff35fba8e2 __80-[NSDocumentController openDocumentWithContentsOfURL:display:completionHandler:]_block_invoke + 839
25 AppKit 0x00007fff361b5ab8 __144-[NSDocumentController _coordinateReadingAndGetAlternateContentsForOpeningDocumentAtURL:resolvingSymlinks:thenContinueOnMainThreadWithAccessor:]_block_invoke_4 + 31
26 AppKit 0x00007fff361b5e0e __144-[NSDocumentController _coordinateReadingAndGetAlternateContentsForOpeningDocumentAtURL:resolvingSymlinks:thenContinueOnMainThreadWithAccessor:]_block_invoke_2.872 + 177
27 AppKit 0x00007fff361b5cf7 __144-[NSDocumentController _coordinateReadingAndGetAlternateContentsForOpeningDocumentAtURL:resolvingSymlinks:thenContinueOnMainThreadWithAccessor:]_block_invoke.871 + 153
28 AppKit 0x00007fff361b5c0b __144-[NSDocumentController _coordinateReadingAndGetAlternateContentsForOpeningDocumentAtURL:resolvingSymlinks:thenContinueOnMainThreadWithAccessor:]_block_invoke.869 + 243
29 AppKit 0x00007fff361c22bf ___NSMainRunLoopPerformBlockInModes_block_invoke + 25
30 CoreFoundation 0x00007fff38a477ab __CFRUNLOOP_IS_CALLING_OUT_TO_A_BLOCK__ + 12
31 CoreFoundation 0x00007fff38a476ed __CFRunLoopDoBlocks + 379
32 CoreFoundation 0x00007fff38a46d30 __CFRunLoopRun + 2792
33 CoreFoundation 0x00007fff38a45bd3 CFRunLoopRunSpecific + 499
34 HIToolbox 0x00007fff3759b65d RunCurrentEventLoopInMode + 292
35 HIToolbox 0x00007fff3759b39d ReceiveNextEventCommon + 600
36 HIToolbox 0x00007fff3759b127 _BlockUntilNextEventMatchingListInModeWithFilter + 64
37 AppKit 0x00007fff35c0bba4 _DPSNextEvent + 990
38 AppKit 0x00007fff35c0a380 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1352
39 AppKit 0x00007fff35bfc09e -[NSApplication run] + 658
40 AppKit 0x00007fff35bce465 NSApplicationMain + 777
41 MachOExplorer 0x0000000100047a8d main + 13
42 libdyld.dylib 0x00007fff6ff527fd start + 1
mac 10.15 Beta not work
mac 10.15 Beta not work
Crashes after closing the window
There are crashes I sometimes catch after closing the MachOExplorer window.
The problem is similar to #10, but the crash log looks different to me.
Here is an example stack trace:
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libobjc.A.dylib 0x00007fff203a0fc2 objc_opt_class + 24
1 com.apple.Foundation 0x00007fff213408c4 _NSKeyValueObservationInfoGetObservances + 246
2 com.apple.Foundation 0x00007fff213317ac -[NSObject(NSKeyValueObservingPrivate) _changeValueForKeys:count:maybeOldValuesDict:maybeNewValuesDict:usingBlock:] + 260
3 com.apple.Foundation 0x00007fff2135cad6 -[NSObject(NSKeyValueObservingPrivate) _changeValueForKey:key:key:usingBlock:] + 68
4 com.apple.Foundation 0x00007fff21379dfb _NSSetObjectValueAndNotify + 269
5 com.apple.AppKit 0x00007fff22e2bcf4 -[NSView removeFromSuperview] + 218
6 com.apple.AppKit 0x00007fff22eab9e6 -[NSView removeFromSuperviewWithoutNeedingDisplay] + 36
7 com.apple.AppKit 0x00007fff22e32215 -[NSView _finalize] + 965
8 com.apple.AppKit 0x00007fff22e31d14 -[NSView dealloc] + 119
9 com.apple.AppKit 0x00007fff2378ebaf -[_NSSplitViewItemViewWrapper dealloc] + 144
10 com.apple.CoreFoundation 0x00007fff205a0953 -[__NSArrayI dealloc] + 73
11 libobjc.A.dylib 0x00007fff203a120f AutoreleasePoolPage::releaseUntil(objc_object**) + 167
12 libobjc.A.dylib 0x00007fff20383e30 objc_autoreleasePoolPop + 161
13 com.apple.AppKit 0x00007fff22eb6ead NSDisplayCycleObserverInvoke + 163
14 com.apple.AppKit 0x00007fff22eb6a30 NSDisplayCycleFlush + 953
15 com.apple.QuartzCore 0x00007fff26d4cc86 CA::Transaction::run_commit_handlers(CATransactionPhase) + 92
16 com.apple.QuartzCore 0x00007fff26d4ba1d CA::Transaction::commit() + 375
17 com.apple.AppKit 0x00007fff22f6686c __62+[CATransaction(NSCATransaction) NS_setFlushesWithDisplayLink]_block_invoke + 285
18 com.apple.AppKit 0x00007fff236bc332 ___NSRunLoopObserverCreateWithHandler_block_invoke + 41
19 com.apple.CoreFoundation 0x00007fff205da671 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 23
20 com.apple.CoreFoundation 0x00007fff205da505 __CFRunLoopDoObservers + 543
21 com.apple.CoreFoundation 0x00007fff205d9998 __CFRunLoopRun + 841
22 com.apple.CoreFoundation 0x00007fff205d8f8c CFRunLoopRunSpecific + 563
23 com.apple.HIToolbox 0x00007fff288211f3 RunCurrentEventLoopInMode + 292
24 com.apple.HIToolbox 0x00007fff28820e26 ReceiveNextEventCommon + 284
25 com.apple.HIToolbox 0x00007fff28820cf3 _BlockUntilNextEventMatchingListInModeWithFilter + 70
26 com.apple.AppKit 0x00007fff22de2172 _DPSNextEvent + 864
27 com.apple.AppKit 0x00007fff22de0945 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1364
28 com.apple.AppKit 0x00007fff22dd2c69 -[NSApplication run] + 586
29 com.apple.AppKit 0x00007fff22da6e6c NSApplicationMain + 816
30 net.devaukz.macho.explorer 0x0000000108288509 0x108281000 + 29961
31 libdyld.dylib 0x00007fff204fef3d start + 1
MachOExplorer_2021-09-14-192202_C02ZV4HGMD6R.crash.txt
MachOExplorer_2021-09-18-221407_C02ZV4HGMD6R.crash.txt
Does not parse LC_UNIXTHREAD
MachO-Explorer seems not to parse LC_UNIXTHREAD load command as in the figure below.
Note that the file to be analyzed is a malware binary.
otool command can parse it.
Mach header
magic cputype cpusubtype caps filetype ncmds sizeofcmds flags
0xfeedfacf 16777223 3 0x80 2 5 496 0x00000085
Load command 0
cmd LC_SEGMENT_64
cmdsize 72
segname __PAGEZERO
vmaddr 0x0000000000000000
vmsize 0x00000000f0000000
fileoff 0
filesize 0
maxprot 0x00000000
initprot 0x00000000
nsects 0
flags 0x0
Load command 1
cmd LC_SEGMENT_64
cmdsize 152
segname __TEXT
vmaddr 0x00000000f0000000
vmsize 0x000000000000b000
fileoff 0
filesize 45056
maxprot 0x00000007
initprot 0x00000005
nsects 1
flags 0x0
Section
sectname __cfstring
segname __TEXT
addr 0x00000000f00008fd
size 0x000000000000a703
offset 2301
align 2^0 (1)
reloff 0
nreloc 0
flags 0x80000400
reserved1 0
reserved2 0
Load command 2
cmd LC_SEGMENT_64
cmdsize 72
segname __LINKEDIT
vmaddr 0x00000000f000b000
vmsize 0x0000000000001000
fileoff 45056
filesize 2888
maxprot 0x00000007
initprot 0x00000005
nsects 0
flags 0x0
Load command 3
cmd LC_VERSION_MIN_MACOSX
cmdsize 16
version 10.6
sdk 10.6
Load command 4
cmd LC_UNIXTHREAD
cmdsize 184
flavor x86_THREAD_STATE64
count x86_THREAD_STATE64_COUNT
rax 0x0000000000000000 rbx 0x0000000000000000 rcx 0x0000000000000000
rdx 0x0000000000000000 rdi 0x0000000000000000 rsi 0x0000000000000000
rbp 0x0000000000000000 rsp 0x0000000000000000 r8 0x0000000000000000
r9 0x0000000000000000 r10 0x0000000000000000 r11 0x0000000000000000
r12 0x0000000000000000 r13 0x0000000000000000 r14 0x0000000000000000
r15 0x0000000000000000 rip 0x00000000f0000e44
rflags 0x0000000000000000 cs 0x0000000000000000 fs 0x0000000000000000
gs 0x0000000000000000
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.