aleks-mariusz/disassemble.sh

## disassemble.sh
#!/usr/local/bin/bash
#
# this script disassembles a Mac OS X executable binary.  It does some interesting
# translation for Obj C calls (thanks to the leet work done at www.afront.be I
# loosely based this on)

FILE="$1"
TMP="/tmp/.$(basename $0)_$$"

if [ ! -r "$FILE" ]
then
	echo "Cannot open $FILE.."
	exit 0
fi

# disassembly stage
otool -tV "$FILE" > $TMP.s

# obj-c selector name extraction stage
otool -sv __OBJC __message_refs "$FILE" | perl -e 'while (<>) {
	next unless /^([0-9a-f]{8}).(.+)$/;
	$deci = hex($1); @fields = split(/\s+/,$2);
	for($i=0;$i<4;$i++) { printf "%s\t:\t%lx\n", $fields[$i], $deci+4*$i; }
}' > $TMP.refs

# selector offset extraction stage
strings -o "$FILE" | perl -e '$base = 4096; while (<>) {
	($garbage,$offset, $label) = split(/\s+/,$_,3);
	printf "%08lx\t%s\n", $offset+$base, $label;
}' > $TMP.methods

# offset to address name translation generation stage
cat $TMP.refs $TMP.methods | sort | awk 'BEGIN {}
{
	if (NF==2) {
		if(length(key)>=4)
			if(index($2,"/")<=0) {
				lp = substr(key,length(key)-4+1)
				print "s/,0x" lp "(r/,0x" lp " [" $2 "] (r/g"
				key = ""
			}
	} else {
		key = $3;
	}
}' > $TMP.sed

if [ $(otool -tVv "$FILE"|awk '$2 ~ /:/ {print}'|wc -l|awk '{print $1}') -eq 0 ]
then
	# clarify function beginning
	otool -ov "$FILE" | awk 'BEGIN { }
/  super_class 0x/ { superclass = $3 }
/  name 0x/ { class = $3 }
/method_name/ { name = $3 }
/method_types/ { types = $3 }
/method_imp/ { print substr($2,3) "\t FUNC_BEGINNING\t-[" class " " name "]:\t" types }' | sort > $TMP.objc

	cat $TMP.objc $TMP.s | sort | sed -f $TMP.sed | \
	egrep '^[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]'|\
	awk '$2 !~ /FUNC_BEGINNING/ {print $0} $2 ~ /FUNC_BEGINNING/ {print substr($0,26) }'
else
	# functions are already visible, only perform obj-c called address translations
	cat $TMP.s | sed -f $TMP.sed
fi

# what good program doesn't clean up after itself?
rm -f $TMP.{s,sed,methods,refs}
	#!/usr/local/bin/bash
	#
	# this script disassembles a Mac OS X executable binary. It does some interesting
	# translation for Obj C calls (thanks to the leet work done at www.afront.be I
	# loosely based this on)

	FILE="$1"
	TMP="/tmp/.$(basename $0)_$$"

	if [ ! -r "$FILE" ]
	then
	echo "Cannot open $FILE.."
	exit 0
	fi

	# disassembly stage
	otool -tV "$FILE" > $TMP.s

	# obj-c selector name extraction stage
	otool -sv __OBJC __message_refs "$FILE" \| perl -e 'while (<>) {
	next unless /^([0-9a-f]{8}).(.+)$/;
	$deci = hex($1); @fields = split(/\s+/,$2);
	for($i=0;$i<4;$i++) { printf "%s\t:\t%lx\n", $fields[$i], $deci+4*$i; }
	}' > $TMP.refs

	# selector offset extraction stage
	strings -o "$FILE" \| perl -e '$base = 4096; while (<>) {
	($garbage,$offset, $label) = split(/\s+/,$_,3);
	printf "%08lx\t%s\n", $offset+$base, $label;
	}' > $TMP.methods

	# offset to address name translation generation stage
	cat $TMP.refs $TMP.methods \| sort \| awk 'BEGIN {}
	{
	if (NF==2) {
	if(length(key)>=4)
	if(index($2,"/")<=0) {
	lp = substr(key,length(key)-4+1)
	print "s/,0x" lp "(r/,0x" lp " [" $2 "] (r/g"
	key = ""
	}
	} else {
	key = $3;
	}
	}' > $TMP.sed

	if [ $(otool -tVv "$FILE"\|awk '$2 ~ /:/ {print}'\|wc -l\|awk '{print $1}') -eq 0 ]
	then
	# clarify function beginning
	otool -ov "$FILE" \| awk 'BEGIN { }
	/ super_class 0x/ { superclass = $3 }
	/ name 0x/ { class = $3 }
	/method_name/ { name = $3 }
	/method_types/ { types = $3 }
	/method_imp/ { print substr($2,3) "\t FUNC_BEGINNING\t-[" class " " name "]:\t" types }' \| sort > $TMP.objc

	cat $TMP.objc $TMP.s \| sort \| sed -f $TMP.sed \| \
	egrep '^[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]'\|\
	awk '$2 !~ /FUNC_BEGINNING/ {print $0} $2 ~ /FUNC_BEGINNING/ {print substr($0,26) }'
	else
	# functions are already visible, only perform obj-c called address translations
	cat $TMP.s \| sed -f $TMP.sed
	fi

	# what good program doesn't clean up after itself?
	rm -f $TMP.{s,sed,methods,refs}