« BARcamp Chicago 2007 | Main | PSIG 106 | NSToolbar »
PSIG 105 | Dissasembling on OS X
Thursday, August 2, 2007
(What is PSIG? | PSIG 105 announcement)
Items of Interest
- AJAX Design Patterns
- Mind Performance Hacks
- The Four-Minute Mile
- Million and one nights
- Endless universe
- Pangea Software's Ultimate Game Programming Guide for Mac OS X
- Mac OS X Internals
- Four members showed up with iPhones. There was a large amount of quality iPhone discussion during which I seem to have zoned out. hehe
- We took a brief critical look at Leopard, particularly at how wrong the dock looks when it's on the side, and how the icons unfortunately bounce with their shadows attached.
- WWDC 2007: It seems that this year's was essentially a repeat of last year's.
- HOPL III: "We're still so primitive."
Dissasembling on OS X
Why disassemble?
- To work around bugs
- To learn more about areas where the docs are out-of-date, incomplete, or intentionally missing
- To find ways to interoperate with other software, such as when implementing file format compatibility/interchange or breaking into proprietary tool-chains
Static tools: Hex editors
- OS X ships with three utilities for hex dumping: hexdump, od, and xxd
- HexEdit is one of the oldest mac open source apps, originally created for system 7
- HexFiend is a newer open source Cocoa hex editor with more features
Static tools: General level
- file tells you what kind of file something is, including all the architecture versions
- strings looks in binaries to see if anything's human-readable. Use with standard input, or it'll only look into the version of the file with the same architecture as your system
Static tools: Code
- Otool understands the Mach-O binary format and can tell you an app's dependencies. Apps linking to private frameworks involve Apple's undocumented stuff. Wolf: "It used to be that all the cool stuff was in the private frameworks. The last of the cool stuff pretty much went public by 10.4. So the hunt isn't there anymore."
- otx does enhancements on Otool's output. It intermixes the raw outcodes into the disassembly in case you want to inject your own instructions. You can follow along and see what strings are being referenced. The tool also detects and works around some obfuscation techniques.
- classdump is another tool for dumping Mach-O code. Trivia: AppKit appears to contain a class called NSEvilHacks.
- MagicHat, a recently open-sourced tool, is like classdump except with a hyper-linked interface. You can specify which frameworks you care about. Wolf uses key-value coding to pull out undocumented methods.
- Interface Builder can open up nibs and let you see names in the targets and actions. Make a copy of the app first because IB may leave some stuff in even if you don't save
Runtime Tools
"What's cool about software is you can put your hand up them like a puppet."
- gdb debugger for obj-c.
- BSInspectors, an Xcode plugin that lets you inspect objects
- F-Script scripting for cocoa. F-Script Anywhere allows you to dynamically inject it into any Cocoa app. You can also dynamically look stuff up in the pop-up completer menu. The Object Browser shows you what methods are supported for the selected object. "Select view" button will inspect anything you click on and allow you to directly call the methods.
The rest of the evening was spent doing evil things to the iPhone. Also! I watched in awe as Dave/Wolf worked some fabulous Quartz Composer action into a little Cocoa toy app that I'd been working on ;D
1:21 AM
Comments
Zomg you updated! ^_^ Mac OS is too complicated for me to comprehend...
Posted by Casey at August 3, 2007 4:00 PM
Or, according to MJB: "Macs are too userfriendly." *cheers*
Dang, Hexfiend is fascinating... like, just subtly, I mean. The balanced freshness and its ability to blend an unexpected variety of usability features while retaining its open-source charm is really addictive; I have to highly recommend it. In fact, I'm almost tempted to make a Windows port.
Anyway, remind me to swing by sometime and check out your new and improved cocoa app/toy. :D
Aaand the Yenley picture is kchyuuute with a 'kchy!' My work here is done.
Posted by Weien at August 4, 2007 5:30 PM