I want to analysis a Universal macOS Binary, it’s include a multi-arch binary (x64 & ARM), and when I use idalib in python, it’s cannot be select arch manually.
e.g.
import idapro
# copy /System/Applications/Books.app/Contents/MacOS/Books to ./Books
idapro.open_database("./Books", run_auto_analysis=True)
idaapi.auto_wait()
# do something here
idapro.close_database(save=False)
I believe for 9.0 you’ll have to pre-process the binary with lipo to extract the necessary slice. In 9.1 we’ll add a possibility to pass IDA-compatible command-line arguments to open_database(), so you’ll be able to specify -parm or -ppc, which should influence the default slice selection.
Thank you for your quick response!
Hi, when I use -TFat Mach-O File, 2:
idapro.open_database("./Books", True, '-TFat Mach-O File, 2')
an error occurs:
Unknown switch '-T' -> OK
idalib’s args seems not same with ida/idat?
Above response says to use -p, not -T?
-p means processor type (e.g. -parm:armv7a), I think it’s not solution to select File Format 
it’s a official image:
Actually, -p should help with fat Mach-O because the loader pre-selects the slice matching the current processor.
as you say, if I set args -parm, idalib seems not correctly to analysis. Additionally, we can see log message:
Format 'Fat Mach-O file, 1. X86_64 (metapc)' is not compatible with the selected processor ('arm'), disassembly might be erroneous
Thanks for checking. It seems we still have some things to fix…