ionicons-v5-d 1.0.0 (d336834b)
Updated on 20/03/2026, 17:35:44.

Mach-O

 API

Introduction

Mach-O binaries can be parsed using the
lief::macho::FatBinary::parse lief.MachO.parse() LIEF::MachO::Parser::parse()
function.

Note

The Mach-O format defines FAT binaries, which can embed different architectures into a single file.
lief::macho::FatBinary::parse lief.MachO.parse() LIEF::MachO::Parser::parse()
always returns a
lief::macho::FatBinary lief.MachO.FatBinary LIEF::MachO::FatBinary
, assuming that a non-FAT Mach-O can be represented as a
lief::macho::FatBinary lief.MachO.FatBinary LIEF::MachO::FatBinary
containing a single architecture.
import lief

# Using filepath
macho: lief.MachO.FatBinary = lief.MachO.parse("/bin/ls")

# Using a Path from pathlib
macho: lief.MachO.FatBinary = lief.MachO.parse(pathlib.Path(r"C:\Users\test.macho"))

# Using a io object
with open("/bin/ssh", 'rb') as f:
  macho: lief.MachO.FatBinary = lief.MachO.parse(f)
This
lief::macho::FatBinary lief.MachO.FatBinary LIEF::MachO::FatBinary
object exposes facilities to either iterate over the different
lief::macho::Binary lief.MachO.Binary LIEF::MachO::Binary
or pick/take a specific one:
fat: lief.MachO.FatBinary

# Iterate
for macho in fat:
    print(macho.entrypoint)
    print(len(macho.commands))

# Pick one at the specified index
macho: lief.MachO.Binary = fat.at(0)

# Pick one based on the architecture
macho: lief.MachO.Binary = fat.take(lief.MachO.Header.CPU_TYPE.ARM64)
After modifying a
lief::macho::Binary lief.MachO.Binary LIEF::MachO::Binary
or
lief::macho::FatBinary lief.MachO.FatBinary LIEF::MachO::FatBinary
object, you can use either
lief::macho::Binary::write lief::macho::Binary::write_with_config lief.MachO.Binary.write() LIEF::MachO::Binary::write()
or
lief.FatBinary.Binary.write() LIEF::FatBinary::Binary::write()
to write it back to a raw Mach-O file.
macho: lief.MachO.FatBinary = ...

macho.at(0).write("fit.macho")
macho.write("fat.macho") # write-back the whole FAT binary
You can also use
lief.MachO.Binary.write_to_bytes() std::unique_ptr LIEF::MachO::Binary::write(std::ostream &) std::unique_ptr LIEF::MachO::Binary::write(std::ostream &, const Builder::config_t &)()
to get the new Mach-O binary as a buffer of bytes:

Note

This API can also take an extra
lief::pe::builder::Config lief.MachO.Builder.config_t LIEF::MachO::Builder::config_t
parameter.
macho: lief.MachO.Binary = ...
new_macho: bytes = macho.write_to_bytes()

Advanced Parsing/Writing

lief::macho::FatBinary::parse lief.MachO.parse() LIEF::MachO::Parser::parse()
can take an extra
lief.MachO.ParserConfig LIEF::MachO::ParserConfig
parameter to specify parts of the Mach-O format to skip during parsing.

Warning

Generally,
lief::macho::Binary::write lief::macho::Binary::write_with_config lief.MachO.Binary.write() LIEF::MachO::Binary::write()
and
lief.FatBinary.Binary.write() LIEF::FatBinary::Binary::write()
require a complete initial parsing of the Mach-O file.
Similarly,
lief::macho::Binary::write lief::macho::Binary::write_with_config lief.MachO.Binary.write() LIEF::MachO::Binary::write()
can also take an extra
lief::pe::builder::Config lief.MachO.Builder.config_t LIEF::MachO::Builder::config_t
to specify which parts of the Mach-O should be rebuilt.
parser_config = lief.MachO.ParserConfig()
parser_config.parse_dyld_bindings = False

macho: lief.MachO.FatBinary = lief.MachO.parse("my.macho", parser_config)

builder_config = lief.MachO.Builder.config_t()
builder_config.linkedit = False

macho.write("new.macho", builder_config)

See also

Binary Abstraction

RPath and Library Path Modification

Sometimes, we need to modify the Mach-O RPath commands or the (absolute) path of a linked library in an executable. When recompiling or linking the executable is not possible, LIEF can be used for these modifications.

For example, let’s consider a binary with the following dependencies:

$ otool -L hello.bin
hello:
      /Users/romain/dev/libmylib.dylib (compatibility version 0.0.0, current version 0.0.0)
      /usr/lib/libc++.1.dylib (compatibility version 1.0.0, current version 1700.255.0)
      /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1345.100.2)

One can change the directory of libmylib.dylib with the following code:

macho = lief.MachO.parse("hello.bin")
lib: lief.MachO.DylibCommand = macho.find_library("libmylib.dylib")
lib.name = "/opt/hombrew/my_package/libmylib.dylib"

macho.write("hello_fixed.bin")

Note

It is worth mentioning that LIEF doesn’t impose restrictions on the length of modified library paths. LIEF manages all internal modifications to support both longer and shorter library paths.

This type of modification can be used in conjunction with the @rpath feature of Mach-O binaries:

  1. We can add an extra LC_RPATH (
    lief::macho::commands::RPath lief.MachO.RPathCommand LIEF::MachO::RPathCommand
    ) command to hello.bin:
macho = lief.MachO.parse("hello.bin")
rpath = lief.MachO.RPathCommand.create("/opt/hombrew/my_package")
macho.add(rpath)

  1. Then, we can change the library path of libmylib.dylib to include the RPath prefix:

lib: lief.MachO.DylibCommand = macho.find_library("libmylib.dylib")
lib.name = "@rpath/libmylib.dylib"

macho.write("hello_fixed.bin")

Objective-C Support

If a Mach-O binary is compiled from Objective-C sources, it may contain metadata represented by the
lief::objc::Metadata lief.objc.Metadata LIEF::objc::Metadata
object.
This metadata can help understand the underlying structures of the binary, and LIEF Extended provides support for accessing this information through
lief::macho::Binary::objc_metadata lief.MachO.Binary.objc_metadata LIEF::MachO::Binary::objc_metadata()
.

For more details, you can check the Obj-C section.