This new version of Hopper is able to decode the mangled Swift names. Hopper can use LLDB or GDB, which lets you debug and analyze the binary in a dynamic way (Intel CPU only).īased on an advanced understanding of the executable Hopper can present a pseudo-code representation of the procedures found in an executable. Hopper is specialized in retrieving Objective-C information in the files you analyze, like selectors, strings and messages sent. Most of the Hopper features can be invoked from Python scripts, giving you the ability to transform a binary in any way you want.Įven if Hopper can disassemble any kind of Intel executable, it does not forget its main platform. Once a procedure has been detected, Hopper displays a graphical representation of the control flow graph. Hopper analyzes function's prologues to extract procedural information such as basic blocks and local variables. With the Hopper SDK, you'll be able to extend Hopper's features, and even write your own file format and CPU support. The macOS version makes full use of the Cocoa framework, and the Linux version makes use of Qt 5. Hopper is perfectly adapted to the environment. Hopper is able to transform the assembly language into a pseudo-code that is easier to understand! You can use its internal Python scripting engine to analyze binaries the way you want (this feature works only with Lion)! Starting from version 2.0, Hopper can even use GDB to debug programs!Īnd, last but not least, unlike all other tools of its kind, Hopper is perfectly integrated into the OS X environment. It will let you disassemble any binary you want, and provide you all the information about its content, like imported symbols, or the control flow graph! Hopper can retrieve procedural information about the disassembled code like the stack variables, and lets you name all the objects you want. If you prefer to read C code, you can get a C-like decompilation of the procedure by pressing Option-Return, or clicking Pseudo Code in the toolbar.Hopper Disassembler is a binary disassembler, decompiler, and debugger for 32-bit and 64-bit executables. You can scroll around, zoom in and out, and even drag the components to different places to get the best view of what's going on. Press the space bar or click Show CFG while in the procedure, and Hopper breaks it into its component pieces and shows it in a separate window: If control flow is what we're interested in, we can get a really nifty graph view of the procedure. Hopper inserts arrows like these to show control flow, which makes it much easier to follow code. If you scroll down a bit, you'll notice a blue arrow pointing from the je 0x10000197A instruction to its target. Select either the symbol name or the first byte underneath it and mark it as a procedure by pressing the P key (again, no Command key) or clicking Mark As Procedure in the toolbar. The contents of this method start off as "unexplored", so they're displayed as raw bytes. The one that starts with objc_sel_ is a symbol for the selector, which is less interesting. The one which starts with methImpl_ is the one we want. Press shift-N (no Command key here, Hopper's key commands are a bit eccentric) to get a symbol search window. It's annoying to scroll around searching for it, but of course Hopper knows all about the symbols in your app. Let's find the initWithName:number: method. Fortunately, it's really easy to tell it how to interpret something. In particular, it doesn't identify Objective-C methods as code. It makes some effort to pick out code and treat it as code, but doesn't get everything right. Fundamentally, some sections of the executable are code and some are data, but you can have Hopper interpret any part in any way. Hopper fundamentally treats all bytes in the executable equally. Tell Hopper to open the executable created from the above code, and it will load it and perform some preliminary analysis: These documents can be saved separately, preserving any comments or annotations you've added from one session to the next.Ĭlick Read Executable in the toolbar or select it from the File menu to get started. Hopper has a concept of documents separate from the binaries you inspect. When you first start Hopper, you get a blank document window. clang -framework Cocoa -fobjc-arc test.m #import M圜lass : NSObject
0 Comments
Leave a Reply. |