gxpc
gxpc copied to clipboard
Parse raw Mach messages
Some obfuscated applications statically link libxpc, meaning they make all the raw Mach calls directly. This tool will not work on such binaries. More investigation is needed into how to parse the binary representation of XPC messages. The messages appear to start with "CPX@" (@XPC
backwards).