MachO.bt

Quick template for parsing Mach-o binaries, including Mac OS X executables, .o and .dylib files.

- Authors:	Tim "diff" Strazzere, Harli Aquino
- Category:	Executable
- Version:	1.9
- File Mask:	,.o,*.dylib
- ID Bytes:	CF FA ED FE, CE FA ED FE, BE BA FE CA, CA FE BA BE

Download File

Available Versions

Version

Date

Author

Changes

Download

1.9

2023-09-12

Harli Aquino <harli@varist.com/d34ddr34m3r@gmail.com>

add indirect symbols parsing - parsed strings from string related sections - moved macho header and load command structs into an macho object struct - added symbol table and indirect symbols parser - added export trie parser

Download

1.8

2022-07-19

Minyoung Sim

Add code signature

Download

1.7

2019-03-06

D.Miller

Fixed ARM64, Added CpuType enum, Changed Load Handling to MAIN, MAIN|DYLD - Changed load command handling to always seek to orig offset + command size after switch

Download

1.6

2019-02-20

nathan@lanza.io

LC_MAIN is 0x28 | REQ_DYLD - adjust this template accordingly and implement in switch

Download

1.5

2018-11-09

swigger at gmail.com

support LC_BUILD_VERSION load command.

Download

1.4

2017-03-16

swigger at gmail.com

enable encryption segment 64.

Download

1.3

2016-06-09

N Moinvaziri

Fixed definition of section_64. Offset should have been uint64 and reserved3 missing.

Download

1.2

2016-02-19

SweetScape Software

Updated header for repository submission.

Download

Return to the Template Repository