dermob
Overview
dermob is a mach-o binary analyzer for Unix, see README or the
screenshot for more details.
README
.__ _____.__ .__ __ ____ ____________ .___________
|__| _____/ ____\__| ____ |__|/ |_ ___\ \ / /\_____ \ | \______ \
| |/ \ __\| |/ \| \ __\/ __ \ Y / / | \| || | \
| | | \ | | | | \ || | \ ___/\ / / | \ || ` \
|__|___| /__| |__|___| /__||__| \___ >\___/ \_______ /___/_______ /
\/ \/ \/ \/ \/
dermob -- mach-o binary analyzer
(c) 2006 by Matthias Schmidt
Usage: dermob [-cdhstux]
-c: Display complete header
-d: Display __DATA,__data section
-h: Display mach-o header
-s: Display __TEXT,__csting section
-t: Display __TEXT,__text section
-u: Display universal header
-x: Display hexdump
Requirements
dermob was sucessfully tested under Mac OS X 10.4 (x86, PPC) and FreeBSD 6
(x86). Any Unix like operating system with a hw.machine sysctl(8)
should work and No, Linux won't work. I included support for the following
architectures: x86, PPC (32/64-Bit) and HPPA.Please note that dermob is
a mach-o binary analyzer, so it can't analyze e.g. ELF or PE binaries.
Install
hades!matthias:~ % tar xfj dermob_src.tar.bz2
hades!matthias:~ % cd dermob
hades!matthias:~/dermob % make
gcc -c -Wall -Wno-unused -O2 -fomit-frame-pointer util.c
gcc -c -Wall -Wno-unused -O2 -fomit-frame-pointer dermob.c
gcc -c -Wall -Wno-unused -O2 -fomit-frame-pointer dermob-cli.c
gcc -O2 util.o dermob.o dermob-cli.o -o dermob
hades!matthias:~/dermob % sudo make install
Download
Links
Screenshot
hades!matthias:~ % dermob
Usage: dermob [-cdhstux]
-c: Display complete header
-d: Display __DATA,__data section
-h: Display mach-o header
-s: Display __TEXT,__csting section
-t: Display __TEXT,__text section
-u: Display universal header
-x: Display hexdump
hades!matthias:~ % dermob /bin/sh
- Universal Binary for 2 architectures
- Vaild mach-o binary
+ /usr/lib/libncurses.5.4.dylib
+ /usr/lib/libSystem.B.dylib
+ /usr/lib/libgcc_s.1.dylib
hades!matthias:~ % dermob -u /bin/sh
Magic: 0xcafebabe
Architecture 1
CPU Type: (7) x86
Subtype: 3
Offest: 4096
Size: 494672
Align: 12
Architecture 2
CPU Type: (12) PowerPC
Subtype: 0
Offest: 499712
Size: 565400
Align: 12
hades!matthias:~ % dermob -h /bin/sh
Magic: 0xfeedface
CPU Type: x86
Subtype: 3
Filetype: 0x2
No load cmds: 13 cmds
Size of cmds: 1552 bytes
Flags: 0x00000085
hades!matthias:~ % dermob -c /bin/sh
Magic: 0xcafebabe
Architecture 1
CPU Type: (7) x86
Subtype: 3
Offest: 4096
Size: 494672
Align: 12
Architecture 2
CPU Type: (12) PowerPC
Subtype: 0
Offest: 499712
Size: 565400
Align: 12
Magic: 0xfeedface
CPU Type: x86
Subtype: 3
Filetype: 0x2
No load cmds: 13 cmds
Size of cmds: 1552 bytes
Flags: 0x00000085
- Load command: 1
Command: LC_SEGMENT
Command size: 56 bytes
Name: __PAGEZERO
VM addr: 0x00000000
VM size: 0x00001000
VM size: 0x00001000
File offset: 0x00000000
File size: 0 bytes
Max prot: 0x00000000
Init prot: 0x00000000
No of sects: 0
Flags: 0x00000004
- Load command: 2
Command: LC_SEGMENT
Command size: 464 bytes
Name: __TEXT
VM addr: 0x00001000
VM size: 0x00070000
VM size: 0x00070000
File offset: 0x00000000
File size: 458752 bytes
Max prot: 0x00000007
Init prot: 0x00000005
No of sects: 6
Flags: 0x00000000
+ Section 1
Sectname: __text
VM addr: 0x00001c6c
VM size: 376127 bytes
Offset: 3180
+ Section 2
Sectname: __picsymbol_stub__TEXT
VM addr: 0x0005d9ab
VM size: 0 bytes
Offset: 379307
+ Section 3
Sectname: __symbol_stub
VM addr: 0x0005d9ab
VM size: 0 bytes
Offset: 379307
+ Section 4
Sectname: __cstring
VM addr: 0x0005d9ac
VM size: 61304 bytes
Offset: 379308
+ Section 5
Sectname: __textcoal_nt
VM addr: 0x0006c924
VM size: 4 bytes
Offset: 440612
+ Section 6
Sectname: __const
VM addr: 0x0006c940
VM size: 18112 bytes
Offset: 440640
- Load command: 3
Command: LC_SEGMENT
Command size: 396 bytes
Name: __DATA
VM addr: 0x00071000
VM size: 0x00009000
VM size: 0x00009000
File offset: 0x00070000
File size: 24576 bytes
Max prot: 0x00000003
Init prot: 0x00000003
No of sects: 5
Flags: 0x00000000
+ Section 1
Sectname: __data
VM addr: 0x00071000
VM size: 20500 bytes
Offset: 458752
+ Section 2
Sectname: __dyld
VM addr: 0x00076014
VM size: 28 bytes
Offset: 479252
+ Section 3
Sectname: __const
VM addr: 0x00076040
VM size: 3708 bytes
Offset: 479296
+ Section 4
Sectname: __bss
VM addr: 0x00076ec0
VM size: 6752 bytes
Offset: 0
+ Section 5
Sectname: __common
VM addr: 0x00078920
VM size: 2928 bytes
Offset: 0
- Load command: 4
Command: LC_SEGMENT
Command size: 192 bytes
Name: __IMPORT
VM addr: 0x0007a000
VM size: 0x00001000
VM size: 0x00001000
File offset: 0x00076000
File size: 4096 bytes
Max prot: 0x00000007
Init prot: 0x00000007
No of sects: 2
Flags: 0x00000000
+ Section 1
Sectname: __pointers
VM addr: 0x0007a000
VM size: 1576 bytes
Offset: 483328
+ Section 2
Sectname: __jump_table
VM addr: 0x0007a628
VM size: 820 bytes
Offset: 484904
- Load command: 5
Command: LC_SEGMENT
Command size: 56 bytes
Name: __LINKEDIT
VM addr: 0x0007b000
VM size: 0x00001c50
VM size: 0x00001c50
File offset: 0x00077000
File size: 7248 bytes
Max prot: 0x00000003
Init prot: 0x00000001
No of sects: 0
Flags: 0x00000004
- Load command: 6
Command: LC_LOAD_DYLINKER
Command size: 28 bytes
Name: /usr/lib/dyld
- Load command: 7
Command: LC_LOAD_DYLIB
Command size: 56 bytes
Name: /usr/lib/libncurses.5.4.dylib
Timestamp: Thu Apr 20 04:07:58 2006
Current version: 0x50400
Compat version: 0x50400
- Load command: 8
Command: LC_LOAD_DYLIB
Command size: 52 bytes
Name: /usr/lib/libSystem.B.dylib
Timestamp: Wed Apr 19 00:11:28 2006
Current version: 0x580105
Compat version: 0x10000
- Load command: 9
Command: LC_LOAD_DYLIB
Command size: 52 bytes
Name: /usr/lib/libgcc_s.1.dylib
Timestamp: Fri Jan 13 15:37:00 2006
Current version: 0x10000
Compat version: 0x10000
- Load command: 10
Command: LC_SYMTAB
Command size: 24 bytes
Symbol table offset: 487424 bytes
Symbol table entries: 191
String table offset: 492640 bytes
String table size: 2032 bytes
- Load command: 11
Command: LC_DYSYMTAB
Command size: 80 bytes
ilocalsym: 0
nlocalsym: 0
iextdefsym: 0
nextdefsym: 18
iundefsym: 18
nundefsym: 173
tocoff: 0
ntoc: 0
modtaboff: 0
nmodtab: 0
extrefsymoff: 0
nextrefsyms: 0
indirectsymoff: 490408
nindirectsyms: 558
extreloff: 0
nextrel: 0
locreloff: 0
nlocrel: 0
- Load command: 12
Command: LC_TWOLEVEL_HINTS
Command size: 16 bytes
Offset: 489716
No of 2level hints: 173
- Load command: 13
Command: LC_UNIXTHREAD
Command size: 80 bytes
hades!matthias:~ % dermob -d /bin/sh | head
Starting at address 0x71000 offset 458752 size 20500
00071000 00 00 00 00 00 00 00 00 00 00 00 00 ac d9 05 00 ................
00071010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00071020 00 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 ................
00071030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00071040 f8 d9 05 00 01 00 00 00 dc 6e 07 00 00 00 00 00 .........n......
00071050 00 da 05 00 01 00 00 00 b0 89 07 00 00 00 00 00 ................
00071060 10 da 05 00 01 00 00 00 c0 89 07 00 00 00 00 00 ................
00071070 20 da 05 00 01 00 00 00 f0 6e 07 00 00 00 00 00 ........n......
00071080 28 da 05 00 02 00 00 00 00 00 00 00 40 11 07 00 (...........@...
hades!matthias:~ % dermob -t /bin/sh | head
Starting at address 0x1c6c offset 3180 size 376127
00001c6c 6a 00 89 e5 83 e4 f0 83 ec 10 8b 5d 04 89 5c 24 j..........]..\$
00001c7c 00 8d 4d 08 89 4c 24 04 83 c3 01 c1 e3 02 01 cb ..M..L$.........
00001c8c 89 5c 24 08 e8 01 00 00 00 f4 55 89 e5 57 56 53 .\$.......U..WVS
00001c9c 83 ec 2c e8 80 ac 06 00 8b 45 08 89 83 5c f3 06 ..,......E...\..
00001cac 00 8b 45 0c 89 83 60 f3 06 00 8b 45 10 89 83 64 ..E...`....E...d
00001cbc f3 06 00 8b 83 5c 83 07 00 8b 00 85 c0 74 02 ff .....\.......t..
00001ccc d0 8b 83 64 83 07 00 8b 00 85 c0 74 02 ff d0 e8 ...d.......t....
00001cdc 4d 89 07 00 e8 b0 00 00 00 8d 45 e4 89 44 24 04 M.........E..D$.
00001cec 8d 83 0c bd 05 00 89 04 24 e8 d2 00 00 00 8b 45 ........$......E
hades!matthias:~ % dermob -x /bin/sh | head
Starting at address 0x0 offset 0 size 1065112
00000000 ca fe ba be 00 00 00 02 00 00 00 07 00 00 00 03 ................
00000010 00 00 10 00 00 07 8c 50 00 00 00 0c 00 00 00 12 .......P........
00000020 00 00 00 00 00 07 a0 00 00 08 a0 98 00 00 00 0c ................
00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000080 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
