-f universal headers. reformattedotool -f /usr/bin/otool
Fat headers
fat_magic 0xcafebabe Cafe Babe
nfat_arch 2
architecture 0 architecture 1
cputype 16777223 cputype 16777228
cpusubtype 3 cpusubtype 2
capabilities 0x0 capabilities 0x80
offset 16384 offset 98304
size 68832 size 68832
align 2^14 (16384) align 2^14 (16384)
-h Mach header.
Mach header
magic cputype cpusubtype caps filetype ncmds sizeofcmds flags
0xfeedfacf 16777223 3 0x80 2 13 1648 0x00200085
Feed Facf sic
| -l load commands. example
summary:
LC_SEGMENT_64
LC_DYLD_INFO_ONLY
LC_DYSYMTAB
LC_LOAD_DYLINKER
LC_UUID
LC_VERSION_MIN_MACOSX
LC_UNIXTHREAD
LC_LOAD_DYLIB
LC_FUNCTION_STARTSA
| -L names and version numbers of shared libraries the object file uses and the ID
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1197.1.1)
| -D just install name of a shared library.
| -s segname sectname Contents of the section
otool -s __TEXT __text a.out
a.out:
(__TEXT,__text) section
10000 0a00 6a 00 48 89 e5 48 83 e4 f0 48 8b 7d 08 48 8d 75
10000 0a10 10 89 fa 83 c2 01 c1 e2 03 48 01 f2 48 89 d1 eb
10000 0a20 04 48 83 c1 08 48 83 39 00 75 f6 48 83 c1 08 e8
10000 0a30 0c 00 00 00 89 c7 e8 85 03 00 00 f4 90 90 90 90
10000 0a40 55 48 89 e5 48 81 ec 50 01 00 00 89 7d fc 48 89
10000 0a50 75 f0 c7 45 bc 00 10 00 00 30 c0 48 8d 3d 06 04
10000 0a60 00 00 e8 77 03 00 00 8b 4d fc 83 f9 01 89 85 0c
10000 0a70 ff ff ff 7f 1e 48 8d 3d fe 03 00 00 e8 63 03 00
10000 0a80 00 c7 45 e8 01 00 00 00 89 85 08 ff ff ff e9 0e
10000 0a90 03 00 00 8b 45 fc 83 f8 03 75 10 48 8b 45 f0 48
10000 0aa0 8b 78 10 e8 0c 03 00 00 89 45 bc 48 8d b5 28 ff
10000 0ab0 ff ff 48 89 b5 00 ff ff ff 8b 75 bc 30 c0 48 8d
10000 0ac0 3d d1 03 00 00 e8 14 03 00 00 48 8b 7d f0 48 8b
10000 0ad0 7f 08 48 8b b5 00 ff ff ff 89 85 fc fe ff ff e8
10000 0ae0 06 03 00 00 89 45 c0 8b 45 c0 83 f8 00 75 13 0f
10000 0af0 b7 85 2c ff ff ff 25 00 f0 00 00 3d 00 80 00 00
10000 0b00 74 35 48 8b 05 2f 05 00 00 48 8b 4d f0 48 8b 49
10000 0b10 08 48 8b 38 8b 55 c0 30 c0 48 8d 35 90 03 00 00
10000 0b20 e8 a7 02 00 00 c7 45 e8 01 00 00 00 89 85 f8 fe
10000 0b30 ff ff e9 6a 02 00 00 48 8b 45 f0 48 8b 78 08 31
10000 0b40 f6 30 c0 e8 90 02 00 00 89 85 24 ff ff ff 8b 85
10000 0b50 24 ff ff ff 83 f8 ff 75 38 48 8b 05 d8 04 00 00
10000 0b60 48 8b 4d f0 48 8b 49 08 48 8b 38 8b 95 24 ff ff
10000 0b70 ff 30 c0 48 8d 35 6e 03 00 00 e8 4d 02 00 00 c7
10000 0b80 45 e8 01 00 00 00 89 85 f4 fe ff ff e9 10 02 00
10000 0b90 00 48 b8 00 00 00 00 00 00 00 00 ba 02 00 00 00
10000 0ba0 89 95 f0 fe ff ff ba 01 00 00 00 8b bd 24 ff ff
10000 0bb0 ff 48 89 c6 48 89 85 e8 fe ff ff e8 12 02 00 00
10000 0bc0 89 c2 89 55 cc 8b bd 24 ff ff ff 48 8b b5 e8 fe
10000 0bd0 ff ff 8b 95 f0 fe ff ff e8 f5 01 00 00 89 c2 89
10000 0be0 55 c8 8b 75 cc 8b 55 c8 30 c0 48 8d 3d 17 03 00
10000 0bf0 00 e8 e8 01 00 00 48 c7 85 18 ff ff ff 00 00 00
10000 0c00 00 c7 85 14 ff ff ff 01 00 00 00 c7 85 10 ff ff
10000 0c10 ff 01 00 00 00 c7 45 c4 00 00 00 00 89 85 e4 fe
10000 0c20 ff ff e9 aa 00 00 00 ba 00 00 00 00 8b 85 10 ff
10000 0c30 ff ff 83 c0 01 89 85 10 ff ff ff 48 63 75 c4 8b
10000 0c40 bd 24 ff ff ff e8 88 01 00 00 8b bd 24 ff ff ff
10000 0c50 be 31 00 00 00 48 8d 55 d0 48 89 85 d8 fe ff ff
10000 0c60 30 c0 e8 5f 01 00 00 48 8b 55 dc 48 8b 8d 18 ff
10000 0c70 ff ff 48 39 ca 89 85 d4 fe ff ff 74 31 48 8b 45
10000 0c80 dc 48 63 4d bc 48 29 c8 48 8b 8d 18 ff ff ff 48
10000 0c90 39 c8 74 1a 48 8b 75 dc 30 c0 48 8d 3d 7e 02 00
10000 0ca0 00 e8 38 01 00 00 89 85 d0 fe ff ff eb 0f 8b 85
10000 0cb0 14 ff ff ff 83 c0 01 89 85 14 ff ff ff 48 8b 45
10000 0cc0 dc 48 89 85 18 ff ff ff 8b 4d c4 03 4d bc 89 4d
10000 0cd0 c4 8b 45 c8 2b 45 bc 8b 4d c4 39 c8 0f 8f 45 ff
10000 0ce0 ff ff 48 b8 64 00 00 00 00 00 00 00 f2 48 0f 2a
10000 0cf0 c0 8b b5 14 ff ff ff 30 c0 48 8d 3d 25 02 00 00
10000 0d00 f2 0f 11 85 c8 fe ff ff e8 d1 00 00 00 8b b5 10
10000 0d10 ff ff ff 89 85 c4 fe ff ff 30 c0 48 8d 3d 16 02
10000 0d20 00 00 e8 b7 00 00 00 8b b5 10 ff ff ff 2b b5 14
10000 0d30 ff ff ff 89 85 c0 fe ff ff 30 c0 48 8d 3d 03 02
10000 0d40 00 00 e8 97 00 00 00 f3 0f 2a 85 14 ff ff ff f3
10000 0d50 0f 5a c0 f2 0f 10 8d c8 fe ff ff f2 0f 59 c1 f3
10000 0d60 0f 2a 95 10 ff ff ff f3 0f 5a d2 f2 0f 5e c2 89
10000 0d70 85 bc fe ff ff b0 01 48 8d 3d d5 01 00 00 e8 5b
10000 0d80 00 00 00 8b bd 24 ff ff ff 89 85 b8 fe ff ff e8
10000 0d90 26 00 00 00 c7 45 e8 00 00 00 00 89 85 b4 fe ff
10000 0da0 ff 8b 45 e8 89 45 ec 8b 45 ec 48 81 c4 50 01 00
10000 0db0 00 5d c3
If -v is specified, the section is displayed
as its type, unless the type is zero (the section header flags).
Also __OBJC,__protocol,
__OBJC,__string_object and __OBJC,__runtime_setup are displayed symbolically .
| -t __TEXT,__text section.
With -v disassembles the text.
otool -s __TEXT __text -v a.out
a.out:
__TEXT,__text section
start:
10000 0a00 pushq $0x0
10000 0a02 movq %rsp, %rbp
10000 0a05 andq $0xfffffffffffffff0, %rsp
10000 0a09 movq 0x8(%rbp), %rdi
10000 0a0d leaq 0x10(%rbp), %rsi
10000 0a11 movl %edi, %edx
10000 0a13 addl $0x1, %edx
10000 0a16 shll $0x3, %edx
10000 0a19 addq %rsi, %rdx
10000 0a1c movq %rdx, %rcx
10000 0a1f jmp 0x100000a25
10000 0a21 addq $0x8, %rcx
10000 0a25 cmpq $0x0, (%rcx)
10000 0a29 jne 0x100000a21
10000 0a2b addq $0x8, %rcx
10000 0a2f callq 0x100000a40
10000 0a34 movl %eax, %edi
10000 0a36 callq 0x100000dc0
10000 0a3b hlt
10000 0a3c nop
10000 0a3d nop
10000 0a3e nop
10000 0a3f nop
_main:
10000 0a40 pushq %rbp
10000 0a41 movq %rsp, %rbp
10000 0a44 subq $0x150, %rspi …
0100000da7 movl 0xffffffffffffffec(%rbp), %eax
10000 0daa addq $0x150, %rsp
10000 0db1 popq %rbp
10000 0db2 ret
And with -V symbolically disassembles the operands.
…
10000 0a5b leaq 0x406(%rip), %rdi ## literal pool for: fragCheck A00,
10000 0a62 callq 0x100000dde ## symbol stub for: _printf
| -d __DATA,__data
-o __OBJC used by the Objective-C run-time system.
-r relocation entries.
| -c argument strings (argv[] and envp[]) from a core file.
Argument strings on the stack at: 00007fff5fc00000
| -I indirect symbol table.
Indirect symbols for (__TEXT,__stubs) 10 entries
address index
10000 0db4 9
10000 0dba 10
10000 0dc0 11
10000 0dc6 12
10000 0dcc 13
10000 0dd2 14
10000 0dd8 15
10000 0dde 16
10000 0de4 17
10000 0dea 18
Indirect symbols for (__DATA,__nl_symbol_ptr) 2 entries
address index
10000 1028 19
10000 1030 ABSOLUTE
Indirect symbols for (__DATA,__got) 1 entries
address index
10000 1038 8
Indirect symbols for (__DATA,__la_symbol_ptr) 10 entries
address index
10000 1040 9
10000 1048 10
10000 1050 11
10000 1058 12
10000 1060 13
10000 1068 14
10000 1070 15
10000 1078 16
10000 1080 17
10000 1088 18
| -T table of contents for a dynamically linked shared library.
otool -Tv /Volumes/HDIMAGES_2/usr/lib/libSystem.dylib | grep -i "\b_uuid" ????
| -R reference table of a dynamically linked shared library.
| -M module table of a dynamically linked shared library.
| -H two-level namespace hints table.
Two-level namespace hints table (0 hints)
index isub itoc
| -G data in code table.
| -a archive header, if the file is an archive.
| -S contents of the `__.SYMDEF' file, if the file is an archive.
|
The following options may also be given:
| -p name
Used with the -t and -v or -V options to start the disassembly from symbol name and continue to the end of the
(__TEXT,__text) section.
| -v verbosely (symbolically) when possible.
| -V disassembled operands symbolically (this implies the -v option). This is useful with -t
| -X Don't print leading addresses or headers with disassembly of sections.
| -Q Use otool(1)'s disassembler when doing disassembly.
| -q Use the llvm disassembler when doing disassembly, this is available for the x86 and arm architectures. This is the default.
| -mcpu=arg When doing disassembly using the llvm disassembler use the cpu arg.
-arch arch_type architecture of the file to operate on when the file is a universal file.
(See arch(3) for the currently know arch_types.) The arch_type can be all
default host architecture,
| - object file names are not assumed to be in the archive(member) syntax, which allows file names containing parenthesis.
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |