I am trying to read constant (or initialization) strings from the iPhone Mach-O binary. I understand that 3 relevant segments. _TEXT._cstring _TEXT._ustring and _DATA._cfstring. However, although I know that the string information is stored in these three blocks of data that I extracted, I cannot understand it, and it all looks like garbage - I do not see any recognizable character strings. Can someone shed some light on this and give me an idea of ββwhat steps you need to take to read the string data?
I looked at some code (GetAddrOfConstantCFString () from http://llvm.org/svn/llvm-project/cfe/trunk/lib/CodeGen/CodeGenModule.cpp ), but again could not associate it with the fact that I see in the binaries.
In my case, the sizes of the sections in question are:
__TEXT.__cstring (99 K-bytes) __TEXT.__ustring (<200 bytes) __DATA.__cfstring (29 K-bytes)
To give you an idea, the first 32 bytes of the __cfstring section, which even contain the actual strings, look like this:
Dump _DATA._cfstring
00 00 00 00 c8 07 00 00 74 02 0d 00 15 00 00 00 00 00 00 00 c8 07 00 00 8c 02 0d 00 01 00 00 00 ...
Many thanks for your help!
source share