OCDisasm is an interactive Objective C disassembler for PowerPC
architecture.
It’s very much a work-in-progress, but has been very useful
in the development
of the Mail Act-On and Mail Tags
plugins for
Mac OS X Mail.app.
This program is heavily dependent on Steve Nygard’s class-dump program.
Control and data flow are computed and on each disassembled line
it’s possible
to view the current values of registers, provided they can be
statically determined.
Most Objective-C method calls are parsed and the arguments,
where possible, are shown
with the disassembly.
Uninteresting instructions can be omitted from the disassembly
in order to
ease the interpretation of the code.
The window shown below demonstrates the disassembly user
interface. Most instructions
have been omitted, leaving just the method calls and control flow.
Checkboxes
next to branch instructions permit interactive adjustment of the
control (and
therefore data flow). Disclosure triangles permit inspection of
code that is
currently stepped over. The lines in the left-hand column show the
targets
of branch instructions when they are highlighted.
Variable names are automatically generated to represent the
return values of
method calls if those values are used later in the disassembly.
These variables
can be renamed in-line in order to annotate their meaning:
Red coloured disassembly items instructions that are not
yet
fully supported in the interpreter.
The example below shows disassembly of the following method,
where index
is an instance variable:
-(NSString*)naturalDisplayValue
{
return [NSString stringWithFormat: @"arg%d",index];
}
Since the method call stringWithFormat: has a
variable number of arguments, the disassembler
didn’t know how many to show in the Notes field. Instead, you
can see the
integer value for the format string in register r6 in the right
hand table view.
The reference to an instance variable has been interpreted and the
offset resolved
into the name of the field.
Below is the same method showing the instructions that had been
omitted in the example above.
Addresses 25490 and 25494 load references to the
NSString class
and stringWithFormat: selector. These loads are
annotated with the
string values at the locations.
This program is very much a prototype work-in-progress,
and as such contains bugs and some very ugly code.
The source code is now available at Google Code:
http://code.google.com/p/ocdisasm/source/checkout
A binary is also available:
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
Last modified: 2009-04-18