This is a simple plugin to display Mach-O headers inside IDA, something I miss from time to time. It was a good excuse to mess a little with IDA SDK.
It’s not quite what I had initially in mind but it does the job. I was thinking about something more sophisticated such as allow to display only the segment you wanted and so on. Now I am not sure if it’s worth the effort.
Tested with IDA 6.x in OS X and Windows, 32 and 64 bit. Included are a Makefile and Xcode project for OS X, and Windows DevC++ projects for 32 and 64 bit.
Give a look to the README file for extra information. Too tired and too late to write a long post.
Yeah, the code isn’t beautiful! Anyway I hope it’s useful for you.
Have fun,
fG!
MachOPlugin_v0.2.zip
SHA256(MachOPlugin_v0.2.zip)= aea01470a92a94a67ae29e6eba659b195829e599165265f8dd0fdc80333bc5a7
MachOPlugin_v0.3.zip
SHA256(MachOPlugin_v0.3.zip)= 73ea3471856027d7882b3b89986209f633bd19bc8b2159da7346a3e89c34fa4d
Also available at github.
Update:
v0.3 fixes some bugs/missing stuff and implements a workaround to IDA crashing.
IDA BUGS:
I seem to have found a few bugs in IDA QT GUI implementation.
The most annoying one is that the plugin will crash IDA if called more than once in the same session. What happens is that IDA happilly keeps opening new custom views even if there is code trying to prevent it.
The create_tform() function from the SDK should return a new handle if there is already a form with the same caption. Well this works with the old GUI but fails with the new one (QT). The same happens with find_tform. In this case, it never returns NULL if there’s no form (which is the expected behavior).
I implemented a small workaround, which is to add a number to the form caption. This way each call to the plugin will generate a new custom view and not crash IDA. Not pretty but the other workarounds I tried failed since I can’t find if form exists or not.
The other bugs are described in the README file. If you know a better workaround for this one please tell me.