Techly NewsGet the app

Get the latest tech news

The Anatomy of a Mach-O: Structure, Code Signing, and Pac


The Mach Object (Mach-O) is the binary format used on Apple's operating systems for executables, libraries, and object code.

For example, using a Mach-O viewer on a signed macOS binary (like Safari), you can see the LC_CODE_SIGNATURE pointing to a region at the end of the file, and a hex dump at that offset will show the distinct magic number (e.g., bytes 0xFA 0xDE 0x0C 0x00) indicating the start of the code signature blob. An exception is for Mach-O bundles that aren’t standalone executables; for example, frameworks or plugins can have their code signatures stored in a separate CodeSignature folder next to the binary with a CodeResources or archived-expanded-entitlements.xcent file. For example, proper sign/zero extension, making it a valid, usable address rather than “tag/PAC noise.” In other words, it’s “canonical” when the pointer’s bits outside the configured VA size follow the architecture’s required pattern.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Anatomy

Anatomy

Photo of structure

structure

Photo of pac

pac

Related news:

News photo

007: First Light is so much more than Hitman - with its 'breathing' structure, it looks like the ultimate composite video game

News photo

Anatomy of a Python Loop

News photo

Larry Ellison Gave $1 Million to Pro-Lindsey Graham PAC

« This new Withings smartwatch can tell you when you're getting sick
Snapchat’s new Lens lets you create AI images using text prompts »