如何从Mac中的二进制文件中提取硬编码的字符串? [英] How to extract hardcoded strings from a binary in Mac?

问题描述

是否存在可以在Mac(Perl/Python/Cocoa/etc)上运行的任何语言的API，也可以使用命令行工具加载二进制文件(应用程序/捆绑包/框架/等)并提取硬代码中使用的编码字符串?

Is there API available in any language that can run on a Mac (Perl/Python/Cocoa/etc) or command line tools you can use to load a binary (app/bundle/framework/etc) and extract the hard-coded strings used in the code?

背后的原因是我们要检查编译后的二进制文件中是否有任何硬编码的路径.

The reason behind is we want to check if there are any hard-coded paths in our compiled binary.

推荐答案

是的，您可以只使用strings命令行工具:

Yes, you can just use the strings command line tool:

$ man strings

NAME
       strings - find the printable strings in a object, or other binary, file

SYNOPSIS
       strings [ - ] [ -a ] [ -o ] [ -t format ] [ -number ] [ -n number ] [--] [file ...]

DESCRIPTION
       Strings looks for ASCII strings in a binary file or standard input.  Strings is useful for identifying random object files and many other things.  A string
       is any sequence of 4 (the default) or more printing characters ending with a newline or a null.  Unless the - flag is given, strings looks in all  sections
       of the object files except the (__TEXT,__text) section.  If no files are specified standard input is read.

       The file arguments may be of the form libx.a(foo.o), to request information about only that object file and not the entire library.   (Typically this argu-
       ment must be quoted, ``libx.a(foo.o)'', to get it past the shell.)

       The options to strings(1) are:

       -a     This option causes strings to look for strings in all sections of the object file (including the (__TEXT,__text) section.

       -      This option causes strings to look for strings in all bytes of the files (the default for non-object files).

       --     This option causes strings to treat all the following arguments as files.

       -o     Preceded each string by its offset in the file (in decimal).

       -t format
              Write each string preceded by its byte offset from the start of the file.  The format shall be dependent on the single character used as the  format
              option-argument:

       d      The offset shall be written in decimal.

       o      The offset shall be written in octal.

       x      The offset shall be written in hexadecimal.

       -number
              The decimal number is used as the minimum string length rather than the default of 4.

       -n number
              Specify the minimum string length, where the number argument is a positive decimal integer. The default shall be 4.

       -arch arch_type
              Specifies  the  architecture, arch_type, of the file for strings(1) to operate on when the file is a universal file.  (See arch(3) for the currently
              know arch_types.)  The arch_type can be "all" to operate on all architectures in the file, which is the default.

SEE ALSO
       od(1)

BUGS
       The algorithm for identifying strings is extremely primitive.

Apple Computer, Inc.                                                    September 11, 2006                                                              STRINGS(1)

这篇关于如何从Mac中的二进制文件中提取硬编码的字符串?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！