In the below example you can see load commands for the file’s segments, dynamic libraries ( dyld), symbols, and file information such as a UUID:Īt a minimum the commands contain a command type and size. The header is followed by a list of variably-sized load commands, which specify information about the executable such as how to load its segments and run it. Here’s a parsed example the iOS ps binary: Magic: 64-bit MachO
The same file also defines the structure of the header, which contains details on the binary. * Constant for the magic field of the mach_header (32-bit architectures) */ #define MH_MAGIC 0xfeedface /* the mach magic number */ #define MH_CIGAMĐxcefaedfe /* NXSwapInt(MH_MAGIC) */ /* Constant for the magic field of the mach_header_64 (64-bit architectures) */ #define MH_MAGIC_64 0xfeedfacf /* the 64-bit mach magic number */ #define MH_CIGAM_64 0xcffaedfe /* NXSwapInt(MH_MAGIC_64) */ The file magics for different kinds of Mach-O files are listed, amongst other places, in open source Apple code Like many files, they start with a header that contains at its very beginning four bytes of (little-Endian) file magic: The diagram below shows the structure of an example Mach-O file Their structure is in three parts: a header, load commands, and segments (which contain sections). Let’s look at that structure in more detail. This is simply done, with a wrapper around two or more Mach-O files in a single binary. This means a single binary can run on both 32 and 64-bit processors, or more topically on both ARM and Intel processors. For example, they are fat binaries, meaning they can contain implementations for multiple architectures in a single binary. Mach-O files have some differences to the other formats, and are unique in some ways. exe) files, Unix has its Executable and Linkable Format, but in the Apple world it’s all about Mach-O files, which is the format for regular executable files, as well as libraries and other supporting file types. We also introduce a new open-source tool we’ve written for parsing interesting information from Mach-O files. This blog provides an overview of the structure of Mach-O binaries, and how they implement code signing and application permissions. Apple code signing has been in the news lately, with the new macOS update having initial problems, as well as adding extra steps for developers building software.Ĭode signing and application permissions on Apple devices both rely on the Mach-O format, which is used for executable files on both macOS and iOS.
0 kommentar(er)
