From 23dd400d370e12b422fe1843d88c86d306ed8023 Mon Sep 17 00:00:00 2001
From: eugeneyang <yangjun>
Date: Fri, 10 Feb 2017 01:06:10 +0800
Subject: [PATCH] ida block search script add x64_86(mac binary) support

---
 search_oc_block/ida_search_block.py | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/search_oc_block/ida_search_block.py b/search_oc_block/ida_search_block.py
index 02d22d6..9acc155 100644
--- a/search_oc_block/ida_search_block.py
+++ b/search_oc_block/ida_search_block.py
@@ -11,6 +11,9 @@
 
 IS32BIT = not idaapi.get_inf_structure().is_64bit()
 
+IS_MAC = 'X86_64' in idaapi.get_file_type_name()
+
+print "Start analyze binary for " + ("Mac" if IS_MAC else "iOS")
 
 
 def isInText(x):
@@ -84,7 +87,10 @@ def superFuncForStackBlock(block_func):
     if len(superFuncs) != 1:
         return None
     super_func_addr = superFuncs[0]
-    return super_func_addr | GetReg(super_func_addr, "T") # thumb
+    if IS_MAC:
+        return super_func_addr
+    else:
+        return super_func_addr | GetReg(super_func_addr, "T") # thumb
 
 
 def superFuncForBlockFunc(block_func):
@@ -110,8 +116,9 @@ def findBlockName(block_func):
     superBlockFuncAddr = superFuncForBlockFunc(block_func)
     if superBlockFuncAddr == None:
         return "";
-
-    superBlockFuncAddr = superBlockFuncAddr | GetReg(superBlockFuncAddr, "T") # thumb
+    if not IS_MAC:
+        superBlockFuncAddr = superBlockFuncAddr | GetReg(superBlockFuncAddr, "T") # thumb
+        
     superBlockName = findBlockName(superBlockFuncAddr)
 
     if len(superBlockName) == 0: