wtf is otx?
otx stands for "object tool extended". It uses otool (object tool) to disassemble a Mach-O executable file, then enhances the disassembled output. Simple enhancements include adding the machine code of each instruction and the offset of each instruction from the beginning of a function. More complicated enhancements include displaying the names and data types of Objective-C methods even if symbols have been stripped, and adding comments that describe member variables, function calls, static data and more.
otx users should have Apple's developer tools installed. The otx distribution includes both a GUI application and a command line utility, for your convenience. You can use either or both, as you see fit.
otool is good at disassembling an entire executable, but its disassembly doesn't include much symbolic information. gdb is good at providing symbolic information in its disassembly, but it's a PITA when you want to disassemble an entire executable.
otx offers the best of both worlds.
There are several ways to open an executable file with otx. You can drop a file onto the main window, or onto otx's icon either in the Finder or Dock. You can also use the "Open…" command in otx's File menu. If you drop a package (.app, .menu, .plugin etc.) onto otx, it will open the package's main executable file. However, if you want to open secondary executable files inside an application package, such as frameworks, they must be located and opened manually.
otx can open almost any Mach-O executable file you're likely to use- PPC or x86, single architecture or universal binary. When you open a universal binary, the popup menu shown above allows you to select which architecture to disassemble. If you have lipo installed (included in Apple's developer tools), you can easily create a new executable from the selected architecture with the "Thin" button.
If you have obfuscated your code, you may find that otool's disassembly is less than desirable. To assist you, otx includes a very basic deobfuscator. By using the "Verify" button shown above, you can verify that otool will be able to correctly disassemble your executable. If this verification fails, otx will ask if you would like to save a deobfuscated copy of your executable. Should you choose to do so, the deobfuscated copy will be automatically opened for further processing. Currently, deobfuscation is only necessary for x86 executables.
Show local offsets
+196 00002c44 3c5f0002 addis r2,r31,0x2or
Separate logical blocks
+52 000033d4 384bffd0 addi r2,r11,0xffd0 +56 000033d8 5440063e rlwinm r0,r2,0,24,31 +60 000033dc 2b800009 cmplwi cr7,r0,0x9 +64 000033e0 409d0014 ble cr7,0x33f4 +68 000033e4 380bffbf addi r0,r11,0xffbf +72 000033e8 5400063e rlwinm r0,r0,0,24,31 +76 000033ec 2b800019 cmplwi cr7,r0,0x19 +80 000033f0 419d0098 bgt cr7,0x3488 +84 000033f4 39200000 li r9,0x0 +88 000033f8 4800000c b 0x3404or
Show data sections
Show md5 checksum
Show method types
Note: The data type of an Objective-C method is currently only displayed at the method's definition, not at each call site.-(unsigned int)[CDropBox draggingEntered:]or
Show verbose msgSends
+1300 00019f64 4bfeff03 bla 0xfffeff00 _objc_msgSend_rtpor
Show variable types
+100 00003564 807f0068 lwz r3,0x68(r31) (NSString)mOutputFileNameor
Open file with application