Mach-o可执行文件简述

iOS上的可执行文件是Mach-O格式。Mach-O文件主要有三部分组成：分别是头部（Header）、加载命令（Load commands）、和段(segment);

下面以个推的GeTuiSdk.o可执行文件为例分别对上述三部分进行实践说明

1、 用otool -h XXXX.o可以查看可执行文件XXXX.o的头部（Header）：

头部的结构体如下：

1 //32位的
2
3 struct mach_header {
4     var magic: UInt32  //魔数，0xfeedface代表的是32位，0xfeedfacf代表64位
5     var cputype: cpu_type_t //cpu的类型
6     var cpusubtype: cpu_subtype_t//cpu的子类型
7     var filetype: UInt32//文件类型
8     var ncmds: UInt32//命令数 即load commands的总数
9     var sizeofcmds: UInt32//命令所占的总字节大小 即load commands所有命令的总字节数
10     var flags: UInt32//标记
11     init()
12     init(magic magic: UInt32, cputype cputype: cpu_type_t, cpusubtype cpusubtype: cpu_subtype_t, filetype filetype: UInt32, ncmds ncmds: UInt32, sizeofcmds sizeofcmds: UInt32, flags flags: UInt32)
13 }
14
15 //64位的
16 struct mach_header_64 {
17     var magic: UInt32
18     var cputype: cpu_type_t
19     var cpusubtype: cpu_subtype_t
20     var filetype: UInt32
21     var ncmds: UInt32
22     var sizeofcmds: UInt32
23     var flags: UInt32
24     var reserved: UInt32
25     init()
26     init(magic magic: UInt32, cputype cputype: cpu_type_t, cpusubtype cpusubtype: cpu_subtype_t, filetype filetype: UInt32, ncmds ncmds: UInt32, sizeofcmds sizeofcmds: UInt32, flags flags: UInt32, reserved reserved: UInt32)
27 }

如：otool -h GeTuiSdk.o

➜  GetuiSDK git:(master) otool -h  GeTuiSdk.o
GeTuiSdk.o:
Mach header
magic cputype cpusubtype  caps    filetype ncmds sizeofcmds      flags
0xfeedfacf 16777228          0  0x00           1     5       1824 0x00002000

2、用otool -l XXXX.o 查看XXXX可执行文件的 load commands 和section 如： GeTuiSdk.o

➜  GetuiSDK git:(master) otool -l GeTuiSdk.o
GeTuiSdk.o:
Load command 0         //命令编号
cmd LC_SEGMENT_64         //cmd 类型
cmdsize 1752                        //cmdsize 命令所占字节数
segnale                               //segname 段名字
vmaddr 0x0000000000000000     // vmaddr段的虚拟内存起始地址
vmsize 0x000000000000a238       // vmsize 段的虚拟内存大小
fileoff 1888                                 //fileoff 段在文件中的偏移量
filesize 41504                               //filesize 段在文件中的大小
maxprot 0x00000007                  //段页面所需要的最高内存保护（4=r,2=w,1=x）用otool -lv命令时 显示的是rwx
initprot 0x00000007                     //段页面初始的内存保护
insects 21                                 //段中包含section的数量
flags 0x0                                //flags 其他杂项标志位

PS:也可以用otool -lv XXXX.o 查看XXXX可执行文件的 load commands

3、 section

1 //32位
2 struct section {
3     var sectname: (Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8)//section名
4     var segname: (Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8)//段名
5     var addr: UInt32//该section在内存的启始位置
6     var size: UInt32//该section的大小
7     var offset: UInt32//该section的文件偏移
8     var align: UInt32//字节大小对齐
9     var reloff: UInt32//重定位入口的文件偏移
10     var nreloc: UInt32//需要重定位的入口数量
11     var flags: UInt32//包含section的type和attributes
12     var reserved1: UInt32//保留项
13     var reserved2: UInt32//保留项
14     init()
15     init(sectname sectname: (Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8), segname segname: (Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8), addr addr: UInt32, size size: UInt32, offset offset: UInt32, align align: UInt32, reloff reloff: UInt32, nreloc nreloc: UInt32, flags flags: UInt32, reserved1 reserved1: UInt32, reserved2 reserved2: UInt32)
16 }

//64 位

struct section_64 {
var sectname: (Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8)
var segname: (Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8)
var addr: UInt64
var size: UInt64
var offset: UInt32
var align: UInt32
var reloff: UInt32
var nreloc: UInt32
var flags: UInt32
var reserved1: UInt32
var reserved2: UInt32
var reserved3: UInt32
init()
init(sectname sectname: (Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8), segname segname: (Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8), addr addr: UInt64, size size: UInt64, offset offset: UInt32, align align: UInt32, reloff reloff: UInt32, nreloc nreloc: UInt32, flags flags: UInt32, reserved1 reserved1: UInt32, reserved2 reserved2: UInt32, reserved3 reserved3: UInt32)
}

如： GeTuiSdk.o

Section
sectname __text
segname __TEXT
addr 0x0000000000000000
size 0x00000000000019ec
offset 1888
align 2^2 (4)
reloff 43392
nreloc 825
type S_REGULAR
attributes PURE_INSTRUCTIONS SOME_INSTRUCTIONS
reserved1 0
reserved2 0
Section
sectname __gcc_except_tab
segname __TEXT
addr 0x00000000000019ec
size 0x000000000000058c
offset 8524
align 2^2 (4)
reloff 49992
nreloc 22
type S_REGULAR
attributes (none)
reserved1 0
reserved2 0