calderpwn

Exporting Procedure Names from Hopper Disassembler (When the UI Won’t Help)

, , ,
, , ,

Hopper has been one of my favorite tools for static analysis and reverse engineering—especially for iOS and macOS binaries. But like any tool, it has its quirks. One that recently got in my way? There’s no built-in feature to export a clean list of procedures or named symbols directly from the UI.

This post is a quick walkthrough of how I solved that with a simple script, and how you can use it to export function names (and their addresses) from any loaded binary in Hopper.

The Problem

When working with a large binary—especially a Swift-based one—you often want to export all the procedure names for quick lookup, documentation, or comparison. Unfortunately, Hopper doesn’t offer an option to do this directly through the GUI.

But Hopper has a scripting engine and fantastic user support. And if it has a scripting engine, we can make it do what we need.

The Script

Here’s the Python script I used inside Hopper’s built-in scripting console to extract all named addresses (procedures, symbols, etc.) from every segment in the current document. I was stuck while writing it, but their user support was more than helpful, providing a bug fix that affected Hopper with newer versions of Python and the following code snippet that worked like a charm:

doc = Document.getCurrentDocument()

for s in doc.getSegmentsList():
    for a in s.getNamedAddresses():
        n = s.getNameAtAddress(a)
        print(f"0x{a:x} : {n}")

What It Does

  • doc = Document.getCurrentDocument() gets the active binary you’re working on.
  • Loops through all segments in the binary.
  • For each segment, it finds named addresses (where Hopper has assigned a label).
  • It retrieves the name at each address.
  • It prints each address and symbol name in a readable format.

How to Use It

  1. Open your binary in Hopper.
  2. Go to the Scripts > Script Editor.
  3. Paste in the script.
  4. Click Run.
  5. You’ll see the output printed in Hopper’s console window.

Example Output

0x1045a3f80 : _$s12CryptoModule16AESKeyGeneratorC11generateKeySaysF
0x1045a7d10 : __swift_FORCE_LOAD_$_swiftSecurity
0x1045904c0 : _$s14NetworkToolkit14HTTPRequesterC10sendRequest_10CompletionySS_yyc_tF

If you want to save it, just right-click the output and copy it, or redirect it to a file if you’re running the script externally with Hopper’s command-line tools.

Why This Is Useful

  • You can build cross-references or mapping tables.
  • Easily grep for specific keywords, Swift symbols and demangle them if needed.
  • Helpful for documenting your analysis, especially for larger binaries with hundreds or thousands of procedures.

Final Thoughts

Sometimes the tools we use don’t offer the features we need—at least not directly. But with a little scripting, Hopper becomes far more flexible and can support deeper workflows, especially in reverse engineering iOS apps.

I’ll be sharing more scripts like this as I continue to build automation into my analysis process. If you’re diving deep into reverse engineering, or just want to speed up your Hopper workflows, stay tuned.

Happy reversing 👾

Leave a comment

cat /etc/about-me

@calderpwn spends peaceful days in Cozumel, a beautiful island in the Caribbean, working on remote projects, learning new technologies, developing new tools, or simply enjoying the beach.

Join the mailing list

Stay updated with the latest tips and other news of my developments by joining the newsletter. It is very low volume, I promise :)

Categories

Tags

802.11 android azure ble book books calderpwn catsniffer Conferences cozumel General GSoC hopper infosec ios iot iot hacking iot security mexico mobile security nmap nordic nostarch iot hacking oneplus owasp owasp latam tour owasp mstg owasp riviera maya Publications Research reversing scripting source code auditing sql injection tips Tutorials wifi windows wireshark

Recent Posts

Favs

DragonJAR

PWNLAB

Websec

ThreatPatrol