Reverse Engineering

Discussion in 'Mac Programming' started by johnathon, Jul 12, 2011.

  1. johnathon macrumors newbie

    Jul 12, 2011
    I'm really stuck on reverse engineering a private framework (it's a c++ one so I can't class dump). I've done a strings dump on it and found the name of the function I want, but I don't know anything about it's arguments. I've got no experience in assembly code and stuff but know a lot about c and objective-c. I just don't really know what to do next
  2. chown33 macrumors 604

    Aug 9, 2009
    Sailing beyond the sunset
    If it's a C++ function, I would think it'd be name-mangled to indicate the types of its args. See the man page for the c++filt command. Or post the mangled C++ name so someone else can run c++filt on it.

    Beyond that, step one would probably be to learn assembly language. Without that, you're not really in a position to do anything else. After all, if you can't understand assembly language, then reverse engineering from assembly language seems to be precluded.

    Step two might be looking at the callers of the function you want, and figuring out what gets pushed on the stack or into arg-passing registers.

    I'm assuming this is a private or undocumented function, otherwise an obvious Step zero would be to look in the headers. Even a private framework may have headers.

    An alternative for Step one would be to find a decompiler for whatever assembly language your code is in, but they tend to not be both free and good, although I could be wrong.
  3. johnathon thread starter macrumors newbie

    Jul 12, 2011
    The function name isn't mangled in any way (I disassembled the framework with otool)
  4. Nitrus macrumors member

    Nov 20, 2009
    Personally, I would use IDA Pro.

Share This Page