iOS【查看Mach-O可执行文件命令】

1、在终端输入：otool

返回如下：
-f print the fat headers-a print the archive header
-h print the mach header-l print the load commands
-L print shared libraries used
-D print shared library id name
-t print the text section (disassemble with -v)
-p <routine name>  start dissassemble from routine name
-s <segname> <sectname> print contents of section-d print the data section
-o print the Objective-C segment-r print the relocation entries
-S print the table of contents of a library
-T print the table of contents of a dynamic shared library
-M print the module table of a dynamic shared library
-R print the reference table of a dynamic shared library
-I print the indirect symbol table-
H print the two-level hints table
-G print the data in code table
-v print verbosely (symbolically) when possible
-V print disassembled operands symbolically
-c print argument strings of a core file
-X print no leading addresses or headers
-m don't use archive(member) syntax
-B force Thumb disassembly (ARM objects only)
-q use llvm's disassembler (the default)
-Q use otool(1)'s disassembler-mcpu=arg use `arg' as the cpu for disassembly
-j print opcode bytes-P print the info plist section as strings
-C print linker optimization hints--version print the version of

/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/otool

查看Mach-O头结构 ：otool -h {Mach-O}

MacBook-Pro Desktop % otool -h Zaful
Mach header
      magic cputype cpusubtype  caps    filetype ncmds sizeofcmds      flags
 0xfeedfacf 16777223          3  0x00           2    82       9216 0x00218085

magic（魔数）- 0xfeedfacf
cputype（CPU类型）- 16777223
cpusubtype（CPU子类型）- 3
caps - 0x00
filetype（文件类型） - 2
ncmds - 82
sizeofcmds（加载命令大小） - 9216
flags（动态连接器dyld标志） - 0x00218085

otool -l {Mach-O}
查看系统库、支持的架构信息及版本号

fengqican@fengqicandeMacBook-Pro Desktop % otool -l Zaful     
Zaful:
Mach header
      magic cputype cpusubtype  caps    filetype ncmds sizeofcmds      flags
 0xfeedfacf 16777223          3  0x00           2    82       9216 0x00218085
Load command 0
      cmd LC_SEGMENT_64
  cmdsize 72
  segname __PAGEZERO
   vmaddr 0x0000000000000000
   vmsize 0x0000000100000000
  fileoff 0
 filesize 0
  maxprot 0x00000000
 initprot 0x00000000
   nsects 0
    flags 0x0
Load command 1
      cmd LC_SEGMENT_64
  cmdsize 1832
  segname __TEXT
   vmaddr 0x0000000100000000
   vmsize 0x0000000002b31000
  fileoff 0
 filesize 45289472
  maxprot 0x00000005
 initprot 0x00000005
   nsects 22
    flags 0x0
Section
  sectname __text
   segname __TEXT
      addr 0x0000000100002d00
      size 0x00000000027a4160
    offset 11520
     align 2^8 (256)
    reloff 0
    nreloc 0
     flags 0x80000400
 reserved1 0
 reserved2 0
.....

otool -tV {Mach-O}
查看ARM汇编码

otool -l {Mach-O} | grep -B 2 crypt
查看是否砸壳，cryptid 0-砸壳 1-未砸壳