This document covers the command-line capabilities in MachOExplorer, including the new no-GUI analysis mode and existing helper tools.
MachOExplorer now supports two CLI usage styles:
-
MachOExplorer --cli ...Run full analysis without starting the GUI. This reuses the same internal analysis tree (ViewNode) as the desktop app. -
Dedicated helper tools (
moex-*) Focused commands for parser regression, diff, dyld cache listing, and dyld cache extraction.
./build/MachOExplorer --cli [options] <input-file>./build/MachOExplorer --cli --help--cliEnable command-line mode and skip UI startup.--format text|jsonOutput format. Default:text.--output <path>Write output to file (instead of stdout).--max-rows <N>Limit rows printed per table.0means unlimited.--max-depth <N>Limit analysis tree depth.0means unlimited.--include-emptyInclude nodes with no table/binary payload.-h,--helpShow CLI help.
stdoutis used by default.stderris used for errors and invalid arguments.- JSON format is pretty-printed for readability.
0: success1: analysis/runtime failure (parse failure, output file open failure, etc.)2: invalid CLI arguments
The --cli analysis mode traverses the full view tree and includes all currently implemented analysis nodes, for example:
- File kind summary (Mach-O / Fat / Archive / dyld shared cache)
- Mach header and load command views
- Section and section-derived views
- Symbol/string-related views
- Dynamic loader info views (including modern dyld exports/fixups views when present)
- Swift/ObjC related views already exposed by current
ViewNodegraph - Dyld shared cache top-level views (mappings/images)
Notes:
- Coverage is comprehensive with respect to the current
ViewNodearchitecture (same backbone as GUI analysis tree). - UI-only interactions (sorting/filtering/copy operations) are not exported as behaviors; the underlying analyzed data is exported.
./build/MachOExplorer --cli sample/simple./build/MachOExplorer --cli --format json sample/simple./build/MachOExplorer --cli --format json --output /tmp/simple-analysis.json sample/simple./build/MachOExplorer --cli --max-rows 100 --max-depth 4 sample/complex./build/MachOExplorer --cli --format json --include-empty sample/simple./build/MachOExplorer --cli --format json sample/simple | jq '.analysis.name'These tools are also built in build/.
./build/moex-parse <file> [file...]Purpose:
- Quick parser validity check
- Used by regression scripts
./build/moex-diff <fileA> <fileB>Purpose:
- Compare first Mach-O header attributes
- Compare section/symbol set differences
./build/moex-cache-list [--json] [--exact] [--limit=N] [--output=file] <dyld_shared_cache_file> [path-filter]Purpose:
- List dyld shared cache images
- Optional exact/substring filtering
./build/moex-cache-extract [--compact] [--all] [--exact] [--dry-run] [--json] [--max=N] <dyld_shared_cache_file> <image-path-or-substr> <output-macho-or-dir>Purpose:
- Extract one or multiple images from dyld shared cache
- Optional compact rewrite of segment file offsets
tests/regression/run_cli_smoke.shtests/regression/run_all.shfor f in sample/simple sample/complex; do
./build/MachOExplorer --cli --format json --output "/tmp/$(basename "$f").json" "$f"
donecmake -S src -B build -DCMAKE_BUILD_TYPE=Release -DCMAKE_PREFIX_PATH="/Users/eevv/Qt/6.10.2/macos"
cmake --build build -j8- Error:
expected exactly one input fileCause:--climode requires one positional input path. - Error:
unsupported format: ...Cause: onlytextandjsonare supported. - Error:
analysis failed: ...Cause: parse failed or file is malformed/unsupported for given operation. - Error:
cannot open output fileCause: invalid path or missing write permission.