Missing Load Commands

Help me find the ones that got away. I never played Pokemon and now I am chasing Load Commands…

Zero The Hero already parses and explains most of the common Load Commands — but some are still out there: untouched, undocumented, unloved.

Below is the hit list of LCs we haven’t yet seen in the wild, or couldn’t implement because no real-world sample ever triggered them. If you have a Mach-O with one of these… I want it.

Currently Missing

  • LC_ATOM_INFO

  • LC_DYLD_ENVIRONMENT

  • LC_DYLD_INFO

  • LC_ENCRYPTION_INFO

  • LC_ENCRYPTION_INFO_64

  • LC_FILESET_ENTRY

  • LC_FVMFILE

  • LC_ID_DYLIB

  • LC_ID_DYLINKER

  • LC_IDENT

  • LC_IDFVMLIB

  • LC_LINKER_OPTIMIZATION_HINT

  • LC_LINKER_OPTION

  • LC_LOADFVMLIB

  • LC_NOTE

  • LC_PREBIND_CKSUM

  • LC_PREBOUND_DYLIB

  • LC_REEXPORT_DYLIB

  • LC_ROUTINES

  • LC_ROUTINES_64

  • LC_SEGMENT

  • LC_SEGMENT_64

  • LC_SUB_CLIENT

  • LC_SUB_FRAMEWORK

  • LC_SUB_LIBRARY

  • LC_SUB_UMBRELLA

  • LC_SYMSEG

  • LC_THREAD

  • LC_TWOLEVEL_HINTS

Recently found Load Commands

When

Who

Which

Where

2025-08-08

Gabriel

LC_DYLIB_CODE_SIGN_DRS

In the malware “Dok/Dok.B”. Thanks to the Objective-See website.

2025-08-08

Gabriel

LC_UNIXTHREAD

In the malware “Covid”. Thanks to the Objective-See website.