init

.gitignore

@@ -0,0 +1,5 @@
+.DS_Store 
+SwiftDump/SwiftDump.xcodeproj/project.xcworkspace/xcuserdata/*
+SwiftDump/SwiftDump.xcodeproj/xcuserdata/*
+
+

Demo/result.txt

@@ -0,0 +1,35 @@
+enum MyEnum {
+    // <0x52, enum, isUnique, version 0, kindSpecificFlags 0x0>
+    // Access Function at 0x21c0 
+    case red
+    case blue
+    case yellow
+}
+
+struct BaseStruct {
+    // <0x51, struct, isUnique, version 0, kindSpecificFlags 0x0>
+    // Access Function at 0x25a0 
+    let bbname: String;
+}
+
+struct MyStruct {
+    // <0x51, struct, isUnique, version 0, kindSpecificFlags 0x0>
+    // Access Function at 0x29b0 
+    let sid: Int;
+    let sname: String;
+}
+
+class BaseClass {
+    // <0x80000050, class, isUnique, version 0, kindSpecificFlags 0x8000>
+    // Access Function at 0x29c0 
+    let bcname: String;
+}
+
+class MyClass : BaseClass {
+    // <0x40000050, class, isUnique, version 0, kindSpecificFlags 0x4000>
+    // Access Function at 0x2a00 
+    let cid: Int;
+    let cname: String;
+    let st: MyStruct?;
+}
+

Demo/test.swift

@@ -0,0 +1,28 @@
+enum MyEnum {
+	case red
+	case blue
+	case yellow
+}
+
+struct BaseStruct  {
+	var bbname: String = "BaseStruct"
+}
+
+
+struct MyStruct  {
+	var sid: Int = 123;
+	var sname: String = "hello"
+}
+
+
+class BaseClass {
+	var bcname: String = "BaseClass"
+}
+
+
+final class MyClass : BaseClass  {
+
+	var cid: Int = 456;
+	var cname: String = "world"
+	var st: MyStruct? = nil;
+}

LICENSE

@@ -0,0 +1,22 @@
+(The MIT License)
+
+Copyright (c) 2020 neilwu (https://github.com/neil-wu)
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,80 @@
+
+#### SwiftDump
+
+##### [中文文档](./README_zh.md)
+
+SwiftDump is a command-line tool for retriving the Swift Object info from Mach-O file. Similar to [class-dump](https://github.com/nygard/class-dump/), but the difference is that SwiftDump focus on swift 5 objects. For Mach-O files mixed with Objective-C and swift, you can combine class-dump with SwiftDump.
+
+There is alos a [Frida](https://www.frida.re/) version named [FridaSwiftDump](https://github.com/neil-wu/FridaSwiftDump/).
+
+You can either use`SwiftDump` for a Mach-O file or `FridaSwiftDump` for a foreground running app.
+
+If you are curious about the Mach-O format, check the image at the bottom of this article.
+
+![demo](./Doc/img_demo_result.jpg)
+
+#### Usage
+
+``` Text
+USAGE: SwiftDump [--debug] [--arch <arch>] <file> [--version]
+
+ARGUMENTS:
+  <file>                  MachO File
+
+OPTIONS:
+  -d, --debug             Show debug log.
+  -a, --arch <arch>       Choose architecture from a fat binary (only support x86_64/arm64).
+                          (default: arm64)
+  -v, --version           Version
+  -h, --help              Show help information.
+```
+
+* SwiftDump ./TestMachO > result.txt
+* SwiftDump -a x86_64 ./TestMachO > result.txt
+
+#### Features
+
+* Written entirely in swift, the project is tiny
+* Dump swift 5 struct/class/enum/protocol
+* Parse enum with payload case
+* Support inheritance and protocol
+* Since it is written in swift, the mangled names are demangled by swift's runtime function, such as `swift_getTypeByMangledNameInContext` and `swift_demangle_getDemangledName`. 
+
+Thanks to the runtime function, SwiftDump can demangle complex type, such as RxSwift variable. For example, 
+`RxSwift.Queue<(eventTime: Foundation.Date, event: RxSwift.Event<A.RxSwift.ObserverType.Element>)>`
+
+#### TODO
+
+* Parse swift function address
+* More
+
+#### Compile
+
+1. Clone the repo
+2. Open SwiftDump.xcodeproj with Xcode
+3. Modify 'Signing & Capabilities' to use your own id
+4. Build & Run
+
+The default Mach-O file path is `Demo/test`, you can change it in `Xcode - Product - Scheme - Edit Scheme - Arguments`
+
+(Tested on Xcode Version 11.5 (11E608c), MacOS 10.15.5)
+
+#### Credit
+
+* [Machismo](https://github.com/g-Off/Machismo) : Parsing of Mach-O binaries using swift.
+* [swift-argument-parser](https://github.com/apple/swift-argument-parser) : Straightforward, type-safe argument parsing for Swift.
+* [Swift metadata](https://knight.sc/reverse%20engineering/2019/07/17/swift-metadata.html) : High level description of all the Swift 5 sections that can show up in a Swift binary.
+
+
+#### License
+
+MIT
+
+
+#### Mach-O File Format
+
+The following image shows how SwiftDump parse swift types from file `Demo/test`. You can open this file with [MachOView](https://github.com/gdbinit/MachOView).
+
+![demo](./Doc/macho.jpg)
+
+

README_zh.md

@@ -0,0 +1,77 @@
+
+#### SwiftDump
+
+SwiftDump是从Mach-O文件中获取swift对象定义的命令行工具，类似大家都用过的OC类dump工具[class-dump](https://github.com/nygard/class-dump/)，SwiftDump专注于处理swift对象(当前只支持swift 5)。对于采用OC/Swift混编的Mach-O文件，你可以将 class-dump 和 SwiftDump结合起来使用。
+
+同时，我在[Frida](https://www.frida.re/)中实现了一个简单版本 [FridaSwiftDump](https://github.com/neil-wu/FridaSwiftDump/)。
+
+你可以根据需要选择使用，`SwiftDump`可以解析处理Mach-O文件，而`FridaSwiftDump`可以对一个前台运行的app进行解析。
+
+如果你对解析Mach-O的过程感兴趣，请查看该文档最后的配图。
+
+![demo](./Doc/img_demo_result.jpg)
+
+#### 用法
+
+``` Text
+USAGE: SwiftDump [--debug] [--arch <arch>] <file> [--version]
+
+ARGUMENTS:
+  <file>                  MachO File
+
+OPTIONS:
+  -d, --debug             Show debug log.
+  -a, --arch <arch>       Choose architecture from a fat binary (only support x86_64/arm64).
+                          (default: arm64)
+  -v, --version           Version
+  -h, --help              Show help information.
+```
+
+* SwiftDump ./TestMachO > result.txt
+* SwiftDump -a x86_64 ./TestMachO > result.txt
+
+#### 特点
+
+* 完全使用swift编写，项目小巧
+* 支持 dump swift 5 的 struct/class/enum/protocol
+* 支持解析 enum with payload case
+* 支持解析 swift类继承 和 protocol
+* 由于采用swift编写，所以借助于swift的运行时函数来还原修饰符(demangle) 比如，`swift_getTypeByMangledNameInContext` 和 `swift_demangle_getDemangledName`
+
+受益于swift运行时函数, SwiftDump可以还原复杂的数据类型, 比如某个使用RxSwift声明的变量类型能达到如下的解析效果： 
+`RxSwift.Queue<(eventTime: Foundation.Date, event: RxSwift.Event<A.RxSwift.ObserverType.Element>)>`
+
+#### TODO
+
+* 考虑添加导出函数地址
+* 待定
+
+#### Compile
+
+1. Clone the repo
+2. Open SwiftDump.xcodeproj with Xcode
+3. Modify 'Signing & Capabilities' to use your own id
+4. Build & Run
+
+默认输入参数使用目录`Demo/test`的Mach-O文件, 你可以在Xcode里修改输入参数： `Xcode - Product - Scheme - Edit Scheme - Arguments`
+
+(Xcode Version 11.5 (11E608c), MacOS 10.15.5 测试通过)
+
+#### 感谢
+
+* [Machismo](https://github.com/g-Off/Machismo) : 使用swift来读取Mach-O文件
+* [swift-argument-parser](https://github.com/apple/swift-argument-parser) : 解析命令行参数
+* [Swift metadata](https://knight.sc/reverse%20engineering/2019/07/17/swift-metadata.html) : High level description of all the Swift 5 sections that can show up in a Swift binary.
+
+
+#### License
+
+MIT
+
+
+#### Mach-O File Format
+
+下图展示了 SwiftDump 是如何从测试文件 `Demo/test` 解析 swift 类型的，你可以使用 [MachOView](https://github.com/gdbinit/MachOView) 打开这个测试文件，对照下图查看。
+
+![demo](./Doc/macho.jpg)
+