cblichmann
commented
9 months ago BinDiff relies on the disassembler and the respective BinExport plugin to support various executable formats. As such, it supports Mach-O, PE/COFF and many other formats.
Closed Jacky-LinPeng closed 8 months ago
cblichmann
commented
9 months ago BinDiff relies on the disassembler and the respective BinExport plugin to support various executable formats. As such, it supports Mach-O, PE/COFF and many other formats.
Overview of the Mach-O Executable Format
Mach-O is the native executable format of binaries in OS X and is the preferred format for shipping code. An executable format determines the order in which the code and data in a binary file are read into memory. The ordering of code and data has implications for memory usage and paging activity and thus directly affects the performance of your program.
A Mach-O binary is organized into segments. Each segment contains one or more sections. Code or data of different types goes into each section. Segments always start on a page boundary, but sections are not necessarily page-aligned. The size of a segment is measured by the number of bytes in all the sections it contains and rounded up to the next virtual memory page boundary. Thus, a segment is always a multiple of 4096 bytes, or 4 kilobytes, with 4096 bytes being the minimum size.
The segments and sections of a Mach-O executable are named according to their intended use. The convention for segment names is to use all-uppercase letters preceded by double underscores (for example, TEXT); the convention for section names is to use all-lowercase letters preceded by double underscores (for example, text).
There are several possible segments within a Mach-O executable, but only two of them are of interest in relation to performance: the TEXT segment and the DATA segment.
https://developer.apple.com/library/archive/documentation/Performance/Conceptual/CodeFootprint/Articles/MachOOverview.html