Mac Reverse Engineering

johnathon

macrumors newbie
Original poster
Jul 12, 2011
3
0
I'm really stuck on reverse engineering a private framework (it's a c++ one so I can't class dump). I've done a strings dump on it and found the name of the function I want, but I don't know anything about it's arguments. I've got no experience in assembly code and stuff but know a lot about c and objective-c. I just don't really know what to do next
 

chown33

Moderator
Staff member
Aug 9, 2009
8,671
4,943
vertical
If it's a C++ function, I would think it'd be name-mangled to indicate the types of its args. See the man page for the c++filt command. Or post the mangled C++ name so someone else can run c++filt on it.

Beyond that, step one would probably be to learn assembly language. Without that, you're not really in a position to do anything else. After all, if you can't understand assembly language, then reverse engineering from assembly language seems to be precluded.

Step two might be looking at the callers of the function you want, and figuring out what gets pushed on the stack or into arg-passing registers.

I'm assuming this is a private or undocumented function, otherwise an obvious Step zero would be to look in the headers. Even a private framework may have headers.

An alternative for Step one would be to find a decompiler for whatever assembly language your code is in, but they tend to not be both free and good, although I could be wrong.
 
Comment

johnathon

macrumors newbie
Original poster
Jul 12, 2011
3
0
The function name isn't mangled in any way (I disassembled the framework with otool)
 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.