Parse raw Mach messages
JJTech0130 opened this issue · comments
Some obfuscated applications statically link libxpc, meaning they make all the raw Mach calls directly. This tool will not work on such binaries. More investigation is needed into how to parse the binary representation of XPC messages. The messages appear to start with "CPX@" (@XPC
backwards).