macho_info

information about Apple MachO files.

macho_info returns information about Apple MachO file format. Tt is a list, with items for every 'app' contained, each item of the list contains the following attributes:

  • commands: <list of dictionaries> list of load commands. Every entry contains the following fields:
    • type: <string> command type.
  • info: <dictionary> some basic file attributes about the file.
    • sha256: <string>.
    • filename: <string>.
  • headers: <dictionary> some descriptive metadata about the file.
    • cpu_subtype: <string> processor subtype (i.e. "I386_ALL").
    • cpu_type: <string> general type of processor (i.e. "i386").
    • file_type: <string> file type (i.e. "dynamically bound shared library").
    • flags: <list of strings> file flags (i.e. "DYLDLINK", "NOUNDEFS").
    • magic: <string> magic identifier of this app in hex format.
    • num_cmds: <integer> number of commands.
    • size_cmds: <integer> commands size.
  • libs: <list of strings> libraries used by the file.
  • segments: <list of dictionaries> list of segments of the file. Every entry contains the following fields:
    • fileoff: <string> segment phisical address in hex format.
    • filesize: <string> segment size in hex format.
    • name: <string> segment name.
    • sections: <list of dictionaries> sections of the segment. Every entry contains the following fields:
      • flags: <list of strings> section flags (i.e. "S_8BYTE_LITERALS").
      • name: <string> section name.
      • type: <string> section type.
    • vmaddr: <string> virtual address in hex format.
    • vmsize: <string> virtual address size in hex format.
{
  "data": {
		...
    "attributes" : {
      ...
      "macho_info": [
        {
          "libs": ["<strings>"],
          "info": {
            "sha256": "<string>",
            "filename": "<string>"
          },
          "headers": {
            "cpu_subtype": "<string>",
            "magic": "<string>",
            "size_cmds": <int>,
            "file_type": "<string>",
            "num_cmds": <int>,
            "flags": ["<strings>"],
            "cpu_type": "<string>"
          },
          "commands": [
            {
              "type": "<string>"
            }, ...
          ],
          "segments": [
            {
              "name": "<string>",
              "fileoff": "<string>",
              "vmsize": "<string>",
              "filesize": "<string>",
              "vmaddr": "<string>",
              "sections": [
                {
                  "type": "<string>",
                  "flags": ["<strings>"],
                  "name": "<string>"
                }, ...
              ]
            }, ... 
          ]
        ]
      }
    }
  }
}
{
    "data": {
        "attributes": {
            "macho_info": [
                {
                    "commands": [
                        {
                            "type": "LC_UUID"
                        },
                        {
                            "type": "LC_DYLD_INFO_ONLY"
                        },
                        {
                            "type": "LC_SYMTAB"
                        },
                        {
                            "type": "LC_DYSYMTAB"
                        },
                        {
                            "type": "LC_LOAD_DYLIB"
                        }
                    ],
                    "headers": {
                        "cpu_subtype": "I386_ALL",
                        "cpu_type": "i386",
                        "file_type": "dynamically bound bundle file",
                        "flags": [
                            "DYLDLINK",
                            "NOUNDEFS",
                            "TWOLEVEL"
                        ],
                        "magic": "0xfe4d4ace",
                        "num_cmds": 8,
                        "size_cmds": 1008
                    },
                    "libs": [
                        "/usr/lib/libSystem.B.dylib"
                    ],
                    "segments": [
                        {
                            "fileoff": "0x0",
                            "filesize": "0x6000",
                            "name": "__TEXT",
                            "sections": [
                                {
                                    "flags": [
                                        "SECTION_ATTRIBUTES_USR",
                                        "SECTION_ATTRIBUTES_SYS"
                                    ],
                                    "name": "__text",
                                    "type": "S_REGULAR"
                                },
                                {
                                    "flags": [],
                                    "name": "__cstring",
                                    "type": "S_CSTRING_LITERALS"
                                }
                            ],
                            "vmaddr": "0x0",
                            "vmsize": "0x6000"
                        }
                    ]
                }
            ]
        }
    }
}