I'm writing a tool in Perl that needs to scan for certain binary patterns inside an executable file on a Mac OSX. To avoid getting very many false positives, I want to restrict my search to the data/text segment of the executable, excluding the code segment and a few other things. How can I accomplish this?
+6
A:
How about using otool?
-t Display the contents of the (__TEXT,__text) section. -d Display the contents of the (__DATA,__data) section.
Sinan Ünür
2009-10-29 19:10:17
A:
You should look at the ELF file format specification. It contains headers and tables that tell you exactly which segments live where. Parsing it is tedious but straightforward.
NXT
2009-10-30 06:59:22