Load a Mac binary as a dynamic library

Question

I am doing some reverse engineering with a binary executable without sources. On Windows what I can do is load an executable file (EXE) with LoadLibrary, just as it was a DLL fi

Answer 1

OK, so I did some experiments, and see this. File "bin1.c" contains:

#include <stdio.h>
int main() {
    printf("I am bin1.\n");
    return 0;
}

and "bin2.c" is:

#include <stdio.h>
#include <dlfcn.h>
int main() {
    printf("I am bin2.\n");

    void *l = dlopen("bin1", RTLD_NOW);
    if (l == NULL) {
        printf("dlopen failed: %s\n", dlerror());
        return -1;
    }

    void *f = dlsym(l, "main");
    if (f == NULL) {
        printf("dlsym failed: %s\n", dlerror());
        return -1;
    }

    int (*main)() = f;
    main();

    return 0;
}

On my Mac, all compiles fine and indeed loads the other executable as it was a loadable library, and I can call the main function in the other binary:

Johanka:Desktop newacc$ uname -a
Darwin Johanka.local 11.3.0 Darwin Kernel Version 11.3.0: Thu Jan 12 18:47:41 PST 2012; root:xnu-1699.24.23~1/RELEASE_X86_64 x86_64
Johanka:Desktop newacc$ gcc bin1.c -o bin1 && ./bin1
I am bin1.
Johanka:Desktop newacc$ gcc bin2.c -o bin2 && ./bin2
I am bin2.
I am bin1.

Not sure though, whether there are limitations on this and if this can be done with non-relocatable binaries. But this example show that at least in some cases, it's possible.