Mach-o可执行文件简述

           iOS上的可执行文件是Mach-O格式。Mach-O文件主要有三部分组成：分别是头部（Header）、加载命令（Load commands）、和段(segment);

下面以个推的GeTuiSdk.o可执行文件为例分别对上述三部分进行实践说明

1、 用otool -h XXXX.o可以查看可执行文件XXXX.o的头部（Header）：

头部的结构体如下：

 1 //32位的
 2 
 3 struct mach_header {
 4     var magic: UInt32  //魔数，0xfeedface代表的是32位，0xfeedfacf代表64位
 5     var cputype: cpu_type_t //cpu的类型
 6     var cpusubtype: cpu_subtype_t//cpu的子类型
 7     var filetype: UInt32//文件类型
 8     var ncmds: UInt32//命令数 即load commands的总数
 9     var sizeofcmds: UInt32//命令所占的总字节大小 即load commands所有命令的总字节数
10     var flags: UInt32//标记
11     init()
12     init(magic magic: UInt32, cputype cputype: cpu_type_t, cpusubtype cpusubtype: cpu_subtype_t, filetype filetype: UInt32, ncmds ncmds: UInt32, sizeofcmds sizeofcmds: UInt32, flags flags: UInt32)
13 }
14 
15 //64位的
16 struct mach_header_64 {
17     var magic: UInt32
18     var cputype: cpu_type_t
19     var cpusubtype: cpu_subtype_t
20     var filetype: UInt32
21     var ncmds: UInt32
22     var sizeofcmds: UInt32
23     var flags: UInt32
24     var reserved: UInt32
25     init()
26     init(magic magic: UInt32, cputype cputype: cpu_type_t, cpusubtype cpusubtype: cpu_subtype_t, filetype filetype: UInt32, ncmds ncmds: UInt32, sizeofcmds sizeofcmds: UInt32, flags flags: UInt32, reserved reserved: UInt32)
27 }

如：otool -h GeTuiSdk.o

➜  GetuiSDK git:(master) otool -h  GeTuiSdk.o
GeTuiSdk.o:
Mach header
      magic cputype cpusubtype  caps    filetype ncmds sizeofcmds      flags
 0xfeedfacf 16777228          0  0x00           1     5       1824 0x00002000

2、用otool -l XXXX.o 查看XXXX可执行文件的 load commands 和section 如： GeTuiSdk.o

➜  GetuiSDK git:(master) otool -l GeTuiSdk.o 
GeTuiSdk.o:
Load command 0         //命令编号
  cmd LC_SEGMENT_64         //cmd 类型
  cmdsize 1752                        //cmdsize 命令所占字节数
  segnale                               //segname 段名字
  vmaddr 0x0000000000000000     // vmaddr段的虚拟内存起始地址
  vmsize 0x000000000000a238       // vmsize 段的虚拟内存大小
  fileoff 1888                                 //fileoff 段在文件中的偏移量
  filesize 41504                               //filesize 段在文件中的大小
  maxprot 0x00000007                  //段页面所需要的最高内存保护（4=r,2=w,1=x）用otool -lv命令时 显示的是rwx
  initprot 0x00000007                     //段页面初始的内存保护
  insects 21                                 //段中包含section的数量
  flags 0x0                                //flags 其他杂项标志位            

PS:也可以用otool -lv XXXX.o 查看XXXX可执行文件的 load commands

3、 section

 1 //32位
 2 struct section {
 3     var sectname: (Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8)//section名
 4     var segname: (Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8)//段名
 5     var addr: UInt32//该section在内存的启始位置
 6     var size: UInt32//该section的大小
 7     var offset: UInt32//该section的文件偏移
 8     var align: UInt32//字节大小对齐
 9     var reloff: UInt32//重定位入口的文件偏移
10     var nreloc: UInt32//需要重定位的入口数量
11     var flags: UInt32//包含section的type和attributes
12     var reserved1: UInt32//保留项
13     var reserved2: UInt32//保留项
14     init()
15     init(sectname sectname: (Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8), segname segname: (Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8), addr addr: UInt32, size size: UInt32, offset offset: UInt32, align align: UInt32, reloff reloff: UInt32, nreloc nreloc: UInt32, flags flags: UInt32, reserved1 reserved1: UInt32, reserved2 reserved2: UInt32)
16 }

//64 位

struct section_64 {
    var sectname: (Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8)
    var segname: (Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8)
    var addr: UInt64
    var size: UInt64
    var offset: UInt32
    var align: UInt32
    var reloff: UInt32
    var nreloc: UInt32
    var flags: UInt32
    var reserved1: UInt32
    var reserved2: UInt32
    var reserved3: UInt32
    init()
    init(sectname sectname: (Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8), segname segname: (Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8, Int8), addr addr: UInt64, size size: UInt64, offset offset: UInt32, align align: UInt32, reloff reloff: UInt32, nreloc nreloc: UInt32, flags flags: UInt32, reserved1 reserved1: UInt32, reserved2 reserved2: UInt32, reserved3 reserved3: UInt32)
}

如： GeTuiSdk.o

Section
  sectname __text
   segname __TEXT
      addr 0x0000000000000000
      size 0x00000000000019ec
    offset 1888
     align 2^2 (4)
    reloff 43392
    nreloc 825
      type S_REGULAR
attributes PURE_INSTRUCTIONS SOME_INSTRUCTIONS
 reserved1 0
 reserved2 0
Section
  sectname __gcc_except_tab
   segname __TEXT
      addr 0x00000000000019ec
      size 0x000000000000058c
    offset 8524
     align 2^2 (4)
    reloff 49992
    nreloc 22
      type S_REGULAR
attributes (none)
 reserved1 0
 reserved2 0