OCDisasm is an interactive Objective C disassembler for PowerPC architecture. It’s very much a work-in-progress, but has been very useful in the development of the Mail Act-On and Mail Tags plugins for Mac OS X Mail.app.
This program is heavily dependent on Steve Nygard’s class-dump program.
Control and data flow are computed and on each disassembled line it’s possible to view the current values of registers, provided they can be statically determined.
Most Objective-C method calls are parsed and the arguments, where possible, are shown with the disassembly.
Uninteresting instructions can be omitted from the disassembly in order to ease the interpretation of the code.
The window shown below demonstrates the disassembly user interface. Most instructions have been omitted, leaving just the method calls and control flow. Checkboxes next to branch instructions permit interactive adjustment of the control (and therefore data flow). Disclosure triangles permit inspection of code that is currently stepped over. The lines in the left-hand column show the targets of branch instructions when they are highlighted.
Variable names are automatically generated to represent the return values of method calls if those values are used later in the disassembly. These variables can be renamed in-line in order to annotate their meaning:
Red coloured disassembly items instructions that are not yet fully supported in the interpreter.
The example below shows disassembly of the following method,
where index is an instance variable:
-(NSString*)naturalDisplayValue
{
return [NSString stringWithFormat: @"arg%d",index];
}
Since the method call stringWithFormat: has a
variable number of arguments, the disassembler didn’t know
how many to show in the Notes field. Instead, you can see the
integer value for the format string in register r6 in the right
hand table view. The reference to an instance variable has been
interpreted and the offset resolved into the name of the field.
Below is the same method showing the instructions that had been
omitted in the example above. Addresses 25490 and 25494 load
references to the NSString class and
stringWithFormat: selector. These loads are annotated
with the string values at the locations.
This program is very much a protoype work-in-progress, and as such contains bugs and some very ugly code.
The source code is available via anonymous Subversion at:
http://www.jpaisley.com/svn/main/ocdisasm/trunk
A binary is also available:
Note that the revision number in the above file corresponds to r14 of the repository. I am currently experimenting with synchronising my local SVK repository with the public SVN repository, so the revision numbers are different.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
Last modified: 2006-07-05