🩻 Anatomy Of Executables

Apple Mach-O

Binary info otool Using otool we can get general info about the Mach-O file: otool -h [app_name] > Mach header magic cputype cpusubtype caps filetype ncmds sizeofcmds flags 0xfeedfacf 16777228 0 0x00 2 115 11384 0x00218085 Quick refernce on the meaning:

Delphi

This one is particularly tiresome to reverse. Some advice: Set calling convention for fastcall if it’s not set properly (IDA Pro doesn’t, not sure about radare2) Delphi programs have a lot of structures.

Go Malware

When compiled are huge in size. References Expand… Something here

ELF Files

This is about … .

Windows PE

iOS IPA

When installed on the device, *.ipa is unzipped into a corresponding folder. That’s the contents: