mountainstorm / coresymbolication Goto Github PK
View Code? Open in Web Editor NEWReverse engineered headers for Apples CoreSymbolication private framework; plus the set of test cases I used to validate it
coresymbolication's People
Stargazers
Watchers
Forkers
dariaphoebe zorgiepoo ddeveloperuch mitsuhiko alcroito longv2go own2pwn coolstar matthewbauer georghe-crihan andyvand turlodales yolanthecampanella jevinskie bhuntsman nyteshadecoresymbolication's Issues
Incorrect kCSNow
It seems kCSNow is 0x8000000000000000llu instead of 0x80000000u. This makes sense as times are uint64_t.
This can be checked by e.g. disassembling the 64-bit part of /usr/lib/libdtrace.dylib, function symbolOwnerForName:
Source:
CSSymbolOwnerRef symbolOwnerForName(CSSymbolicatorRef symbolicator, const char* name) {
// Check for a.out specifically
if (strcmp(name, "a.out") == 0) {
__block CSSymbolOwnerRef owner = kCSNull;
if (CSSymbolicatorForeachSymbolOwnerWithFlagsAtTime(symbolicator, kCSSymbolOwnerIsAOut, kCSNow, ^(CSSymbolOwnerRef t) { owner = t; }) == 1) {
return owner;
}
return kCSNull;
}
…Disassembly:
_symbolOwnerForName:
000000000003a028 55 pushq %rbp ; XREF=_Pxlookup_by_name+89, _Plmid_to_map+42, _Psymbol_iter_by_addr+95
000000000003a029 4889E5 movq %rsp, %rbp
000000000003a02c 4157 pushq %r15
000000000003a02e 4156 pushq %r14
000000000003a030 4155 pushq %r13
000000000003a032 4154 pushq %r12
000000000003a034 53 pushq %rbx
000000000003a035 4881ECD8000000 subq $0xd8, %rsp
000000000003a03c 4889D3 movq %rdx, %rbx ; const char* name
000000000003a03f 4989F7 movq %rsi, %r15 ; CSSymbolicatorRef symbolicator
000000000003a042 4989FC movq %rdi, %r12
000000000003a045 488D35CC4C0300 leaq %ds:0x6ed18, %rsi ; "a.out", argument "s2" for method imp___stubs__strcmp
000000000003a04c 4889DF movq %rbx, %rdi ; argument "s1" for method imp___stubs__strcmp
000000000003a04f E868F80100 callq $imp___stubs__strcmp
000000000003a054 85C0 testl %eax, %eax
000000000003a056 0F8481010000 jeq $0x3a1dd
000000000003a05c 48C745B000000000 movq $0x0, %ss:var_50(%rbp)
000000000003a064 4C8D6DB0 leaq %ss:var_50(%rbp), %r13
000000000003a068 4C896DB8 movq %r13, %ss:var_48(%rbp)
000000000003a06c C745C000000000 movl $0x0, %ss:var_40(%rbp)
000000000003a073 C745C428000000 movl $0x28, %ss:var_3C(%rbp)
000000000003a07a 48C745D000000000 movq $0x0, %ss:var_30(%rbp)
000000000003a082 48C745C800000000 movq $0x0, %ss:var_38(%rbp)
000000000003a08a 4C8B35778F0300 movq %ds:imp___got___NSConcreteStackBlock, %r14
000000000003a091 4C89B560FFFFFF movq %r14, %ss:var_A0(%rbp)
000000000003a098 C78568FFFFFF00000042 movl $0x42000000, %ss:var_98(%rbp)
000000000003a0a2 C7856CFFFFFF00000000 movl $0x0, %ss:var_94(%rbp)
000000000003a0ac 488D0540020000 leaq %ds:___symbolOwnerForName_block_invoke2, %rax
000000000003a0b3 48898570FFFFFF movq %rax, %ss:var_90(%rbp)
000000000003a0ba 488D051F250400 leaq %ds:___block_descriptor_tmp5, %rax
000000000003a0c1 48898578FFFFFF movq %rax, %ss:var_88(%rbp)
000000000003a0c8 4C896D80 movq %r13, %ss:var_80(%rbp)
000000000003a0cc 4C8D8560FFFFFF leaq %ss:var_A0(%rbp), %r8 ; argument "iterator" for method imp___stubs__CSSymbolicatorForeachSymbolOwnerWithPathAtTime
000000000003a0d3 4C89E7 movq %r12, %rdi ; argument #1 for method imp___stubs__CSSymbolicatorForeachSymbolOwnerWithPathAtTime
000000000003a0d6 4C89FE movq %r15, %rsi ; argument "symbolicator" for method imp___stubs__CSSymbolicatorForeachSymbolOwnerWithPathAtTime
000000000003a0d9 4889DA movq %rbx, %rdx ; argument "name" for method imp___stubs__CSSymbolicatorForeachSymbolOwnerWithPathAtTime
000000000003a0dc 48B90000000000000080 movabsq $0x8000000000000000, %rcx ; argument "time" for method imp___stubs__CSSymbolicatorForeachSymbolOwnerWithPathAtTime
000000000003a0e6 E88DF30100 callq $imp___stubs__CSSymbolicatorForeachSymbolOwnerWithPathAtTime
000000000003a0eb 4885C0 testq %rax, %rax
000000000003a0ee 0F85D2000000 jneq $0x3a1c6
Making Contact
Hi Rich, do you have an email address I can get you on? I have some questions regarding compiling DTrace on OSX.
Thanks
Ray
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.