10

I'm currently disassembling a Mach-O executable(the executable runs on Mac OS X, to be specific) in IDA Pro on windows. I have one instruction which I want to change, but it doesn't seem that IDA Pro allows you to do this. So, I tried using otool on OS X to dump the assembly(which it does fine). However, after editing the assembly in otool, I tried to reassemble it using as <file name of modified otool -tV output>. This greets me with a bunch of errors like Junk character 43 (+). What's the easiest way to change just a single instruction in a Mach-O binary on Mac OS X?

Community
  • 1
  • 1
Mike
  • 23,892
  • 18
  • 70
  • 90

2 Answers2

4

I've used both otool and otx to disassemble various binaries, and I've found the easiest way to edit them is to figure out what the assembly of the new code I want is (using nasm or similar), then just use a hex editor (I prefer Hex Fiend) on the binary file.

Tim
  • 59,527
  • 19
  • 156
  • 165
  • 1
    This seems like a horrible solution(though tolerable for small edits), especially considering that x86 has variable-length instructions. Are there no good tools for disassembling and reassembling files on OS X? – Mike Dec 19 '09 at 07:24
  • unfurtunely there are no tools like ollydbg on OS X :( – knoopx Jan 11 '10 at 14:33
1

I use Synalize It!.

You can load also a custom grammar (example for png files, showing header, tags, etc...)

elp
  • 8,021
  • 7
  • 61
  • 120