Reverse Engineering Asked by Kojuda on May 24, 2021
I am faced with an ambiguity being a novice. I’m trying to reverse an iOS application with LLDB and all the function coming from the app (native) are labeled as unnamed_symbol in the backtrace :
The problem is that several other tools are able to retrieve these native symbols :
nm Application –add-dyldinfo :
Hopper :
Frida-trace with a demangled form :
But MachOView has not these symbols in its Symbol Table or Dynamic Symbol Table but in its sections __TEXT,__objc_methname and __TEXT,__cstring. I really don’t have a clue on what is going on. Is this app really stripped ? If yes, how Hopper and the other softwares are able to make the link between the symbols and the addresses since they aren’t in the symtab.
Thanks for reading.
(Additional newbie question : why are there a lot of symbols coming from external framework in the symtab, aren’t they supposed to be in the dsymtab ? I’m quiet confused.
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP