I'm new to disassembling and reverse engineering binaries, so forgive me if this question is nonsensical or impossible.
我是新手拆解和逆向工程二进制文件,所以请原谅我这个问题是荒谬的还是不可能的。
In the past when I've tried reverse engineering macOS binaries, analyzing the ones written in Objective-C yielded a lot of useful information, because generally all of the Objective-C classes and their method names were easily retrievable, making it a lot easier to figure out what any particular method did.
在过去,当我尝试逆向工程macOS二进制文件时,分析用Objective-C编写的文件会产生很多有用的信息,因为通常所有的Objective-C类及其方法名都很容易检索,这使得它变得容易多了找出任何特定方法的作用。
I'm trying to analyze a binary written in Swift (technically a combination of Swift and Objective-C), and most of the functions now have no symbol. There are some Objective-C methods that I can retrieve as usual, and a few functions that have a Swift-style mangled name, but nearly all of the rest have no symbol. I know a lot of those have to be Swift methods.
我正在尝试分析用Swift编写的二进制文件(技术上是Swift和Objective-C的组合),现在大多数函数都没有符号。我可以像往常一样检索一些Objective-C方法,以及一些具有Swift风格的错位名称的函数,但几乎所有其他函数都没有符号。我知道很多都必须是Swift方法。
Is there anyway to figure out what this binary's Swift classes are and their associated methods like I can with Objective-C?
反正有没有弄清楚这个二进制文件的Swift类是什么以及它们与Objective-C一样的相关方法?
Using a tool like Hopper Disassembler reveals the mangled names of some Swift classes (usually a symbol like _TtC4Something25SomethingElse) and I can get a list of its instance variable names and their offsets, but no method names.
使用像Hopper Disassembler这样的工具会显示一些Swift类的名称(通常是像_TtC4Something25SomethingElse这样的符号),我可以获得它的实例变量名称及其偏移量的列表,但没有方法名称。
Note: the binary in question is an x64 macOS binary, not an iOS binary.
注意:有问题的二进制文件是x64 macOS二进制文件,而不是iOS二进制文件。
1 个解决方案
#1
3
Usually reverse engineeing is the process of extracting meaningful constructs and descriptions from assembly. What you've done so far is usually only the first part of a "normal" reverse engineeing task. This may sometimes be a tedious process, which involves mapping structures and understanding the meaning of functions directly from thier assembly code.
通常,反向工程是从汇编中提取有意义的构造和描述的过程。到目前为止你所做的通常只是“正常”反向工程任务的第一部分。这有时可能是一个繁琐的过程,它涉及映射结构并直接从汇编代码中理解函数的含义。
There are pleanty of reverse engineeing tutorials and other sources, and a good understanding of the relevant assembly language is required. I really recommand this book (it's legally available online, original version is chm released by author) and this cannot easily be covered in a single SO question.
有大量的反向工程教程和其他资源,需要很好地理解相关的汇编语言。我真的推荐这本书(它是合法的在线版本,原版是由作者发布的chm),这在单个SO问题中不能轻易涵盖。
You might also want to get more specific help in the reverse engineeing SE beta.
您可能还希望在反向工程SE beta中获得更具体的帮助。
I hope I pointed you in the right direction.
我希望我指出你正确的方向。
#1
3
Usually reverse engineeing is the process of extracting meaningful constructs and descriptions from assembly. What you've done so far is usually only the first part of a "normal" reverse engineeing task. This may sometimes be a tedious process, which involves mapping structures and understanding the meaning of functions directly from thier assembly code.
通常,反向工程是从汇编中提取有意义的构造和描述的过程。到目前为止你所做的通常只是“正常”反向工程任务的第一部分。这有时可能是一个繁琐的过程,它涉及映射结构并直接从汇编代码中理解函数的含义。
There are pleanty of reverse engineeing tutorials and other sources, and a good understanding of the relevant assembly language is required. I really recommand this book (it's legally available online, original version is chm released by author) and this cannot easily be covered in a single SO question.
有大量的反向工程教程和其他资源,需要很好地理解相关的汇编语言。我真的推荐这本书(它是合法的在线版本,原版是由作者发布的chm),这在单个SO问题中不能轻易涵盖。
You might also want to get more specific help in the reverse engineeing SE beta.
您可能还希望在反向工程SE beta中获得更具体的帮助。
I hope I pointed you in the right direction.
我希望我指出你正确的方向。