3

How does the Hopper disassembler understand what is the function's name?

For example, I have a simple Swift function named function(), and after disassembling the executable with that function Hopper shows me that it's mangled name is __T04file8functionyy. I can find the location of these symbols in the executable file, but I can't find how does it map the address of the function with it's name.

Michael Petch
  • 46,082
  • 8
  • 107
  • 198
alexk
  • 131
  • 1
  • 6
  • Maybe [this](https://github.com/apple/swift/blob/master/docs/ABI/Mangling.rst) helps. – Jester Oct 15 '17 at 21:47
  • did you try Hopper v4? It automatically de-mangles Swift code. So you can see the mangled and de-mangled name together in Hopper. – rustyMagnet Oct 17 '17 at 13:56

2 Answers2

11

You can read the name mangling specs straight from Apple.

If you only want a quick way to demangle the name, type the following in Terminal:

swift demangle __T04file8functionyy

Output:

_T04file8functionyy ---> filefunction empty-list  empty-list

(I'm not sure if the mangled name you provided is valid)

Code Different
  • 90,614
  • 16
  • 144
  • 163
  • Thanks, but I'm not asking how does name mangling work, that's pretty straightforward. I'm interested in where exactly in the executable we can find that a function at a specific address has a specific name, which is stored in the same file. – alexk Oct 16 '17 at 10:51
2

I found this Mach-O file format reference: https://github.com/aidansteele/osx-abi-macho-file-format-reference

So the answer to my question is that there is a special struct called nlist_64, which contains the address of the function in the executable and the index of the mangled name of that function in the symbol table.

alexk
  • 131
  • 1
  • 6