Golang for Mach-O File Reverse Engineering

title: [Learning Notes][Golang] Reverse Engineering Macho files with Golang by golfing
published: false
date: 2021-07-28 00:00:00 UTC
tags:
canonical_url: http://www.evanlin.com/go-macho/
---

![](https://upload.wikimedia.org/wikipedia/commons/thumb/8/85/ExecutableBinaryIcon.png/256px-ExecutableBinaryIcon.png)

## Preface:

Mach-O (Mach Object file format) is the executable file format used in Darwin, Mac OSX, and iOS systems.

If you want to do Reverse Engineering or a deeper level of execution file parsing. The system originally had an official package [https://pkg.go.dev/debug/macho](https://l.facebook.com/l.php?u=https%3A%2F%2Fpkg.go.dev%2Fdebug%2Fmacho%3Ffbclid%3DIwAR0fy5EaD1PmGRnh0j1hhHCW8MZqo2ceCcYwnZaJMySDrAYtTOoyM_ji0Rc&h=AT1Je1y213lD1LCMPDpIC1_9CAiX4MhEH7cvYiSQt12JIrzVHbgDR-w...

title: [Learning Notes][Golang] Reverse Engineering Macho files with Golang by golfing
published: false
date: 2021-07-28 00:00:00 UTC
tags:
canonical_url: http://www.evanlin.com/go-macho/
---

![](https://upload.wikimedia.org/wikipedia/commons/thumb/8/85/ExecutableBinaryIcon.png/256px-ExecutableBinaryIcon.png)

## Preface:

Mach-O (Mach Object file format) is the executable file format used in Darwin, Mac OSX, and iOS systems.

If you want to do Reverse Engineering or a deeper level of execution file parsing. The system originally had an official package [https://pkg.go.dev/debug/macho](https://l.facebook.com/l.php?u=https%3A%2F%2Fpkg.go.dev%2Fdebug%2Fmacho%3Ffbclid%3DIwAR0fy5EaD1PmGRnh0j1hhHCW8MZqo2ceCcYwnZaJMySDrAYtTOoyM_ji0Rc&h=AT1Je1y213lD1LCMPDpIC1_9CAiX4MhEH7cvYiSQt12JIrzVHbgDR-wDcQfFpq_prIpZ6kWLyvc9LgsbbYcYh8g8UnKf--QdS-S3iuUj4VmToJ2jbZvdRO7MJH6XHLtSVsWT6OM& __tn__ =-UK-R&c%5B0%5D=AT0MT_uxqNy0mlPd7hB3swzeJELrGLy5gtUXUP4JFuwHQFpnpTbzq6xXj_1EVYgT_LvP85AKIEvF0l_6HX6VwJ0Lj3G9RfNBmki8Wpx0WC5gu11DQThWcjOF0hgwj8jeZv1DtBDxBr9N4AnHuohMaBzBjW5u7utby0Q) available for use, but it's not that clear (easy to use). Someone wrote a set [https://github.com/blacktop/go-macho](https://github.com/blacktop/go-macho). I played with it quickly and thought it was pretty good, you can take a look.

## Mach-O:

Mach-O ([Mach](https://en.wikipedia.org/wiki/Mach_kernel) [object](https://en.wikipedia.org/wiki/Object_code) file format) is an executable file format widely used in Darwin, Mac OSX, and iOS. If you need to reverse-parse related information, you can use the official package:

#### Official Package:

- [https://pkg.go.dev/debug/macho](https://pkg.go.dev/debug/macho)

#### Third-party Development Package:

- [https://github.com/blacktop/go-macho](https://github.com/blacktop/go-macho)

**Advantages:**

- Has a clearer summary

#### How to use:

-

File opening can use relative paths or absolute locations. Absolute locations can be obtained through

-

realpath xxx


-

You need to install `realpath` which can be done via `brew install coreutils`

- Of course, you can also use relative paths.

### Example for blacktop/go-macho
<script src="https://gist.github.com/kkdai/7a07f3e7475b8d26794ccb6267b964a0.js"></script>
### Results
<script src="https://gist.github.com/kkdai/f52686939439f221721139e325a5219c.js"></script>
## Related Articles:

-

[Mach-O Chinese wiki](https://zh.wikipedia.org/wiki/Mach-O)

-

[Mach-O English wiki](https://en.wikipedia.org/wiki/Mach-O)

-

[Reverse Engineering Resources](https://pewpewthespells.com/blog/re.html)

Similar Posts