Otool-ng – a set of small patches to Apple’s otool

Otool-ng – a set of small patches to Apple’s otool

It’s the lazy post season so I present you otool-ng. It’s a fork of Apple’s otool with small modifications for things that I use often or dislike in current otool.

The segment command LC_MAIN was introduced to replace LC_UNIXTHREAD and one information that is lost is the entrypoint address. While ASLR kind of makes it less useful, I still debug a lot of programs and do other stuff, where ASLR is disabled. So I just added that feature back and now the LC_MAIN output also prints the non-ASLRed entrypoint address. The algorithm appears to be LC_SEGMENT.vmaddr plus the file offset described at LC_MAIN. If you use it and find it not working please let me know.

I have also changed all the file offsets information to hexadecimal because I hate to convert when copying & paste to hex editors.

And the last feature for now is the -z flag. It will modify the PIE flag, inverting the current setting (set if removed, remove if set). Again, it’s something I need from time to time and it’s faster to do it from the command line. I was brainwashed in Economics so I like to be efficient (ok ok, lazy!!!).

You can find the code at https://github.com/gdbinit/otool-ng. To compile it, follow my old (and useful since I use it often) post about darwinbuild. You just need to put the tar.gz file inside the Sources folder to avoid downloading from darwinbuild/Apple servers. There’s a small shell “script” to create the package.

Hope you find it useful. As usual send any requests, patches, complaints, etc.

P.S.: I need to nag pancake to get an updated iOS package. The version available at Cydia is too old!