Mach-O

一、Mach-O简介

Mach-O是Mach object的缩写，是Mac\iOS上用于存储程序、库的标准格式。

二、Mach-O格式的文件类型

#define MH_OBJECT   0x1     /* relocatable object file */
#define MH_EXECUTE  0x2     /* demand paged executable file */
#define MH_FVMLIB   0x3     /* fixed VM shared library file */
#define MH_CORE     0x4     /* core file */
#define MH_PRELOAD  0x5     /* preloaded executable file */
#define MH_DYLIB    0x6     /* dynamically bound shared library */
#define MH_DYLINKER 0x7     /* dynamic link editor */
#define MH_BUNDLE   0x8     /* dynamically bound bundle file */
#define MH_DYLIB_STUB   0x9     /* shared library stub for static */
                    /*  linking only, no section contents */
#define MH_DSYM     0xa     /* companion file with only debug */
                    /*  sections */
#define MH_KEXT_BUNDLE  0xb     /* x86_64 kexts */
#define MH_FILESET  0xc     /* set of mach-o's */

可以在xnu源码中，查看到Mach-O格式的详细定义 xnu源码

三、常见的Mach-O文件类型

1、MH_OBJECT

• 目标文件（.o）
• 静态库文件(.a），静态库其实就是N个.o合并在一起

2、MH_EXECUTE：可执行文件

• .app/xxx

3、MH_DYLIB：动态库文件

• .dylib
• .framework/xx

4、MH_DYLINKER：动态链接编辑器

• /usr/lib/dyld

5、MH_DSYM：存储着二进制文件符号信息的文件

• .dSYM/Contents/Resources/DWARF/xx（常用于分析APP的崩溃信息）

四、窥探Mach-O的结构

1、file：查看Mach-O的文件类型

• file 文件路径

2、otool：查看Mach-O特定部分和段的内容

zydeMacBook-Pro:ppx zy$ otool
Usage: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/otool [-arch arch_type] [-fahlLDtdorSTMRIHGvVcXmqQjCP] [-mcpu=arg] [--version] <object file> ...
    -f print the fat headers
    -a print the archive header
    -h print the mach header
    -l print the load commands
    -L print shared libraries used
    -D print shared library id name
    -t print the text section (disassemble with -v)
    -x print all text sections (disassemble with -v)
    -p <routine name>  start dissassemble from routine name
    -s <segname> <sectname> print contents of section
    -d print the data section
    -o print the Objective-C segment
    -r print the relocation entries
    -S print the table of contents of a library (obsolete)
    -T print the table of contents of a dynamic shared library (obsolete)
    -M print the module table of a dynamic shared library (obsolete)
    -R print the reference table of a dynamic shared library (obsolete)
    -I print the indirect symbol table
    -H print the two-level hints table (obsolete)
    -G print the data in code table
    -v print verbosely (symbolically) when possible
    -V print disassembled operands symbolically
    -c print argument strings of a core file
    -X print no leading addresses or headers
    -m don't use archive(member) syntax
    -B force Thumb disassembly (ARM objects only)
    -q use llvm's disassembler (the default)
    -Q use otool(1)'s disassembler
    -mcpu=arg use `arg' as the cpu for disassembly
    -j print opcode bytes
    -P print the info plist section as strings
    -C print linker optimization hints
    --version print the version of /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/otool

• 1、打印依赖动态库

 otool -L Super

Super:
    /usr/lib/libbz2.1.0.dylib (compatibility version 1.0.0, current version 1.0.8)
    /usr/lib/libc++.1.dylib (compatibility version 1.0.0, current version 1200.3.0)
    /usr/lib/libc++abi.dylib (compatibility version 1.0.0, current version 1200.3.0)
    /usr/lib/libcompression.dylib (compatibility version 1.0.0, current version 1.0.0, weak)
    /usr/lib/libiconv.2.dylib (compatibility version 7.0.0, current version 7.0.0)
    /usr/lib/libicucore.A.dylib (compatibility version 1.0.0, current version 68.2.0)
    /usr/lib/liblzma.5.dylib (compatibility version 6.0.0, current version 6.3.0)
    /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1311.0.0)

• 2、打印头信息

otool -h Super

Super:
Mach header
      magic  cputype cpusubtype  caps    filetype ncmds sizeofcmds      flags
 0xfeedfacf 16777228          0  0x00           2   109      12240 0x00a10085

3、lipo：常用于多架构Mach-O文件的处理

• 查看架构信息：lipo -info 文件路径
• 导出某种特定架构：lipo 文件路径 -thin 架构类型 -output 输出文件路径
• 合并多种架构：lipo 文件路径1 文件路径2 -output 输出文件路径

五、dyld和Mach-O

1.位置

在iOS中，是使用了/usr/lib/dyld程序来加载动态库

2.dyld源码

dyld

3.dyld用于加载以下类型的Mach-O文件

查看源码在方法 (loadPhase6(int fd, const struct stat& stat_buf, const char* path, const LoadContext& context))

// only MH_BUNDLE, MH_DYLIB, and some MH_EXECUTE can be dynamically loaded
        const mach_header* mh = (mach_header*)firstPages;
        switch ( mh->filetype ) {
            case MH_EXECUTE:
            case MH_DYLIB:
            case MH_BUNDLE:
                break;
            default:
                throw "mach-o, but wrong filetype";
        }

六、Mach-O的基本结构

1、官方描述 Mach-O Programming Topics

Mach-O

2、Mach-O文件包含3个主要区域

1、Header

• 文件类型、目标架构类型等

2、Load commands

• 描述文件在虚拟内存中的逻辑结构、布局

3、Raw segment data

• 在Load commands中定义的Segment的原始数据

未完待续。。。。。。。。。