Struct Macho 

pub struct Macho<'a> {
    pub is64bit: bool,
    pub arch: Architecture,
    pub has_overlay: Option<bool>,
    pub ordering: Ordering,
    pub executable_type: ExecutableType,
    pub os: OperatingSystem,
    pub sections: Option<Vec<Section<'a>>>,
    pub imports: Option<Imports>,
    pub contents: &'a [u8],
}

A struct presenting Mach Objects (Mach-O) files

These are executables or libraries used on macOS, iOS, iPadOS, tvOS, watchOS, etc. They began as the file format for NeXTSTEP.

Because of the different architectures, these files could be bi-endian.

Fields

is64bit: bool

If the program is 64-bit

arch: Architecture

Instruction set architecture for this binary

has_overlay: Option<bool>

If the binary has extra data after the last section, could be used to hide something

ordering: Ordering

Byte ordering for this binary

executable_type: ExecutableType

Executable subtype: Program, Library, or Core file?

os: OperatingSystem

Operating System for this binary, going to be Mac OS or some derivative, could be NeXTSTEP

sections: Option<Vec<Section<'a>>>

Sections of this binary

imports: Option<Imports>

External libraries used by this application or library

contents: &'a [u8]

The array containing the raw bytes used to parse this program

Implementations

impl<'a> Macho<'a>

pub fn from(contents: &'a [u8]) -> Result<Self>

Mach-O parsed from a sequence of bytes

Errors

Returns an error if parsing fails.

Trait Implementations

impl<'a> Clone for Macho<'a>

fn clone(&self) -> Macho<'a>

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl<'a> Debug for Macho<'a>

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Display for Macho<'_>

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl ExecutableFile for Macho<'_>

fn architecture(&self) -> Option<Architecture>

Get the architecture type

fn pointer_size(&self) -> usize

Get the pointer size, 32- or 64-bit

fn operating_system(&self) -> OperatingSystem

Get the operating system type for a binary

fn compiled_timestamp(&self) -> Option<DateTime<Utc>>

Get the compilation timestamp, if available

fn num_sections(&self) -> u32

Number of sections for a binary

fn sections(&self) -> Option<&Vec<Section<'_>>>

Vec of sections for the binary

fn import_hash(&self) -> Option<String>

Import hash of the binary

fn fuzzy_imports(&self) -> Option<String>

SSDeep fuzzy hash of the binary

impl SpecimenFile for Macho<'_>

const MAGIC: &'static [&'static [u8]]

Magic number, the bytes at the beginning of the file, which identify the file format Some file types have more than one possible magic number

fn type_name(&self) -> &'static str

Common name for a specific file type