• Stars
    star
    1,112
  • Rank 41,754 (Top 0.9 %)
  • Language Objective-C++
  • Created over 5 years ago
  • Updated 9 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

An improved nm + Objective-C & Swift class-dump

dsdump

An improved nm + objc/swift class-dump (writeup)

Works great on Objective-C classes img

... and Swift types img

man

dsdump(1)                 BSD General Commands Manual                dsdump(1)

NAME
     dsdump -- An improved nm + objc/swift class-dump

SYNOPSIS
     dsdump [option...] <mach-o-file>

DESCRIPTION
     Provides an "nm-improved" experience when working with Mach-O executa-
     bles. dsdump has 3 "primary" modes: Symbol table (--sym), Objective-C
     (--objc), and Swift (--swift, -s). Omitting all of these options will
     default to the Swift mode.

OPTIONS
     -c, --color
             Adds color to output
    
     -d, --demangle
             Demangle Swift and C++ symbols in print symbol mode

     -l, --library
             Instead of dumping symbols, search all procs for library

     -O, --opcs
             Dump the DYLD opcodes used to bind external symbols at load time

     -f, --filter FilterWord
             Specify classes to filter by (case insensitive, can be used mul-
             tiple times)

     -a, --arch architecture
             Specify the arichtecture if file is FAT. Understands x86_64h,
             x86_64, arm64, arm64e

     -u, --undefined
             Only display undefined (externally referenced) symbols or classes

     -U, --defined
             Only display defined (internally implemented) symbols or classes

     -v, --verbose
             Specifies the verbosity level. The -v option can be used multiple
             times, while the long argument sets the exact level 0-5. Kind of
             like codesign(1)'s verbosity that everyone complains about...

     --objc  Dump the Objective-C classes
     
     -o      Sets mode to Objective-C mode and verbosity to level 4

     --swift
             Dump the Swift type descriptors (classes, structs, enums)

     -s      Sets mode to Swift mode and verbosity to level 4

     -h, --help
             Print out this beautiful, helpful document

EXAMPLES
     List ObjC internal/external classes referenced/implemented by vmmap:
           dsdump --objc $(which vmmap)

     List all alive processes that have the MobileDevice loaded
           sudo dsdump -l /S*/L*/P*/MobileDevice.framework/MobileDevice

     List the Objective-C external classes called by vmmap:
           dsdump --objc $(which vmmap) -u

     List the Objective-C internal classes implemented by vmmap:
           dsdump --objc $(which vmmap) -U

     Perform an Objective-C "class-dump" in color of vmmap
           dsdump --objc $(which vmmap) -U -vvvc

     Thoroughly dump the Swift content in color in the Console app
           dsdump --swift
           /Applications/Utilities/Console.app/Contents/MacOS/Console -cvvvv

VERBOSITY
     dsdump can output a range of verbosity between the 3 different modes
     (--sym, --swift, --objc). The verbosity level can be set by the long form
     (--verbose=3) or by specifying a count via short form (-vvv). The break-
     down of these levels are shown below:

     --sym:
           0. Print symbol
           1. 0 + library path or Mach-O section
           2. 1 + fullpath to library
           3. 2 + nlist struct output
           4. Same as 3... for now
           5. Same as 3... for now

     --swift:
           0. List swift types
           1. 0 + Parent classes
           2. 1 + Protocols
           3. 2 + Swift type dump
           4. 3 + Extended type dump, ObjC bridge methods
           5. 4 + Commenting in methods

     --objc:
           0. List Objective-C classes
           1. 0 + Parent classes & library basename for external
           2. 1 + Fullpath to libraries for external + protocols
           3. 2 + Objective-C class dump
           4. 3 + Print properties
           5. 4 + Print ivars & offsets

ENVIRONMENT
     DSCOLOR Enables color. Alternatively, use -c

     ARCH <arch> Specify the architecture if inspecting a FAT executable,
     Alternatively use --arch

SEE ALSO
     nm(1), objdump(1), vmmap(1)

BUGS
     There's a situation where occassionally dsdump will think the parent
     class is a RO_ROOT where it will in fact won't be. I'll print this out
     for now so I can hunt it down

     ARM64e still needs some luv, especially on the Swift side, especially
     with Protocols... and not crashing

AUTHORS
     Derek Selander @LOLgrep

Darwin                          March 26, 2020                          Darwin

Compiling

Compiling this will be a bit of a pain in the butt on your end. You'll need to clone the Swift language in the same directory. Swift can't be a submodule to this repo since some of their git cloning scripts won't work :|

# cd into the dsdump repo
cd dsdump/

# make a directory called swift-source, yes, name it exactly that
mkdir swift-source

cd swift-source/

# clone the Swift repository into swift-source
git clone https://github.com/apple/swift.git

# checkout 
cd swift
git checkout 75670c17272a993ed798cee7e31c20590e94118b

# Use the Swift update helper script to grab everything else 
 ./swift/utils/update-checkout --clone-with-ssh   --tag swift-5.1.4-RELEASE

Comment out any remaining problematic code after a build, remove methods in Metadata.h as needed (i.e. problematic ARC bridging code on line 700)

I've included the libSwiftDemangling.a static lib that I built into dsdump/dsdump. If you want to build entirely from Swift source, you'll need to build this yourself. Otherwise you should be good to go to build dsdump via Xcode.

Alternatively, you can skip all of this by simply grabbing the compiled dsdump version in the compiled directory found here. Make sure the SHA256 matches below if you're paranoid.

Compiled SHA256

SHA256: 83eebd025b43b58a486235e1bec70a3239995be409605e3ff19bdae07adff917

Credits

TODO list for v1

  • Full ARM64e support
  • M1 support
  • Crashes
  • iOS 15/Monterey support
  • In process support (TODO TODO guess that means a libdsdump.a)
    • Basic dsc listing with options to dlopen from cmdline
  • header files

More Repositories

1

LLDB

A collection of LLDB aliases/regexes and Python scripts to aid in your debugging sessions
Python
1,762
star
2

yacd

Decrypts FairPlay applications on iOS 13.4.1 and lower, no jb required
C
682
star
3

mobdevim

Command line utility that interacts with plugged in iOS devices. Uses Apple's MobileDevice framework
Objective-C
119
star
4

symbol-interposing

C
53
star
5

dynadump

A runtime ObjC class-dump
Objective-C
39
star
6

AirDrop-Hack

Objective-C
38
star
7

ASCIIArtDebugging

Overwrites UIImageView & UIImage's description to print out the image in ASCII Art
Objective-C
34
star
8

dsc_symbols

symbol dumps of iOS shared caches
Shell
32
star
9

LOLzwagon

Significantly bumps up your iOS XCTest code coverage and makes all unit tests pass... by crippling them
Objective-C
31
star
10

SpringBoardPOC

POC for meetup talk.
Python
26
star
11

swiftdizzle

Swift method swizzling/method introspection for Swift instance methods
C
16
star
12

homebrew-funpack

Apple runtime introspection tools
Ruby
16
star
13

lldb_fix

RESOLVED IN XCODE 10.2! Fix for LLDB (in Xcode 10) which incorrectly imports the wrong API headers
C
11
star
14

gcd_internals

Showcases libdispatch lesser known APIs with examples & structs
Objective-C
7
star
15

Meme-Collector

Meme Collector application used in the RayWenderlich Tutorial set. See http://www.raywenderlich.com/45645/ios-app-security-analysis-part-1
Objective-C
5
star
16

dsigner

A Terminal command that doesn't suck at codesigning
C
3
star
17

GoDaddyDebugging

Objective-C
3
star
18

FrameworkFun

Meetup.com Project for Dynamic Libraries
Swift
3
star
19

RE-101

Reverse Engineering 0b101 for https://www.meetup.com/CocoaheadsDenver/
3
star
20

platform_swap

Objective-C
3
star
21

yadsct

placeholder repo for tool accompanying Adv Debgging v4 book.
1
star
22

MultiSelectImagePickerController

UIImagePickerController category that exposes private API for multi selection
Objective-C
1
star