Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/gdbinit/ExtractMacho2
IDA plugin to extract Mach-O binaries located in the disassembly or data
https://github.com/gdbinit/ExtractMacho2
Last synced: 3 months ago
JSON representation
IDA plugin to extract Mach-O binaries located in the disassembly or data
- Host: GitHub
- URL: https://github.com/gdbinit/ExtractMacho2
- Owner: gdbinit
- Created: 2019-05-09T22:25:31.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2019-05-09T23:01:24.000Z (over 5 years ago)
- Last Synced: 2024-05-22T00:12:41.100Z (6 months ago)
- Language: C++
- Size: 13.7 KB
- Stars: 17
- Watchers: 3
- Forks: 3
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - gdbinit/ExtractMacho2 - IDA plugin to extract Mach-O binaries located in the disassembly or data (C++)
README
Extract Mach-O 2
v1.0
(c) 2019, fG! - [email protected] - https://reverse.put.as
This is a very simple IDA plugin to extract all Mach-O binaries contained anywhere in the disassembly.
It supports 32 and 64bits binaries, and also fat binaries, Intel, PPC and ARM!
The default behavior is to search all the IDA database for Mach-O binaries.
If you position the cursor at a Mach-O binary start address (Mach-O magic values 0xFEEDFACE or 0xFEEDFACF),
it will ask if you want to dump that specific binary. If you say no, it will fallback to default behavior.
Only macOS support on this version. Tested with IDA 7.2.
To compile for OS X use the XCode Project.
You might need to edit the XCode project and set the paths to the IDA SDK.
No default shortcut is set.
Edit IDAP_hotkey at extractmacho.cpp to your own preference if you wish so.
Bug reports, fixes and patches are welcome: [email protected] or github.com/gdbinit/ExtractMacho2
That's it! Enjoy :-)
fG!
v1.0 - Initial refactoring of older Extract Mach-O plugin