Reading Mach-O binary

[eddynaka]

Hi,

I have been trying to read a mach-o binary.

Looking at the tests, I got the segments, for example, and I understood how to fetch the data inside it. But there are things that I couldn't locate:

• is it possible to retrieve the command line?
• is it safe for every segment I use GetData() and from the byte[] convert to string like below? I'm asking this because for some Segments I receive some strange characters.

  byte[] data = segment.GetData();
  string text = Encoding.ASCII.GetString(data);

Just to let you know, I generated a sample using the following command in a Mac:

gcc -Wall -O2 hello.c -g -o hello
gcc -Wall -O2 hello.c -g -dwarf-5 -o hello5

thank you!

[konrad-kruczynski]

Hi Eddy, What do you mean by retrieving a command line? The arguments? Those are generally tied to a given execution, not to the binary per se.

As for the second question: nope, this is not safe in general. Segment can contain a lot different data, strings can only be part of it. To extract strings from a binary file, you can use strings program.

[eddynaka]

HI @konrad-kruczynski , for an ELF binary, if we load it correctly, we can see the command line that generated the binary. My question is: is it possible to do the same in the mach-o?

[konrad-kruczynski]

Ok, that command line. I don't have any knowledge about that though.

[konrad-kruczynski]

I'm closing the issue now, please reopen if necessary.