Re: otool addresses
Re: otool addresses
- Subject: Re: otool addresses
- From: "Martin Redington" <email@hidden>
- Date: Mon, 1 Sep 2008 03:57:07 +0100
Thanks very much for the otx tip, and the confirmation that these are
real offsets.
Having thought a little bit more about it, and in the light of your
repy, it occurred to me that this is a FAT binary, and otool is
probably reporting the offsets within the native (i386) binary.
I haven't checked whether the cracker patched "both" binaries, or just
the intel build, but I suspect that with a bit of lipo-suction, I'll
be able to get everything matched up ...
On Mon, Sep 1, 2008 at 3:26 AM, Bill Bumgarner <email@hidden> wrote:
> On Aug 31, 2008, at 7:05 PM, Martin Redington wrote:
>>
>> When I'm looking at the otool output, do the offsets represent
>> absolute offsets within the binary, or to some kind of internal point
>> of reference (e.g. the start of the objective-C segment)?
>>
>> Assuming that they are not absolute offsets (in the otool output), how
>> can I convert from the otool output to actual offsets in the binary,
>> or vice versa.
>
> The offsets you are seeing in the binary are absolute offsets from the
> beginning of the binary. A binary is actually a mach-o file and, thus,
> otool is showing you addresses that are offsets from the beginning of the
> segment being disabled.
>
> First, I'd recommend you get a hold of otx -- http://otx.osxninja.com/ -- as
> it is a wrapper for otool that produces considerably more detailed output.
>
> Secondly, I would recommend that you take the output of otool or the output
> of otx against the two binaries and then diff the two. That will pinpoint
> the changes much more precisely within your app.
>
> b.bum
--
http://www.mildmanneredindustries.com/
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden