Skip to content

Instantly share code, notes, and snippets.

@blacktop

blacktop/mappings.md

Last active June 22, 2021 02:03
Show Gist options
  • Save blacktop/185b54518bcea552375e2f554f6ce1fb to your computer and use it in GitHub Desktop.
Save blacktop/185b54518bcea552375e2f554f6ce1fb to your computer and use it in GitHub Desktop.
Download ZIP
iOS 15/macOS 12 dyld_shared_cache [RESEARCH]
Raw
mappings.md

Header

Magic             = "dyld_v1  arm64e"
UUID              = F5097CDC-9388-382F-8D13-AAE184497224
Platform          = iOS
Max Slide         = 0x036F8000 (ASLR entropy: 12-bits)
Num SubCaches     = 1
SubCache Group ID = 0x25228
Sym SubCache UUID = 2C153791-3C17-3CB4-9AC0-5999740689AA

Local Symbols (nlist array):     97MB, offset:  0x0869A1D40 -> 0x08CB0EBE0
Local Symbols (string pool):    339MB, offset:  0x08CB0EBE0 -> 0x0A1F05624
Code Signature:                   2MB, offset:  0x05C4BC000 -> 0x05C7A0000
ImagesText Info (2359 entries):  73KB, offset:  0x000000468 -> 0x000012B48
Patch Info:                       1MB, address: 0x211EED4D0 -> 0x21204FAF0
Closures:                         8MB, address: 0x212102258 -> 0x21297F7F8
Closures Trie:                   61KB, address: 0x21297F7F8 -> 0x21298EF98
Shared Region:                    2GB, address: 0x180000000 -> 0x212990000

Mappings

|     SEG      | INITPROT | MAXPROT |        SIZE         |   ADDRESS   | FILE OFFSET |  SLIDE INFO (V3) OFFSET  | FLAGS |
|--------------|----------|---------|---------------------|-------------|-------------|--------------------------|-------|
| __TEXT       | r-x      | r-x     | 0x4fd2c000 (1.3 GB) | 0x180000000 | 0x00000000  |                          | 0     |
| __DATA_CONST | r--      | rw-     | 0x02f88000 (50 MB)  | 0x1d1d2c000 | 0x4fd2c000  | 0x5c48c000 -> 0x5c494000 | 4     |
| __DATA       | rw-      | rw-     | 0x0351c000 (56 MB)  | 0x1d6cb4000 | 0x52cb4000  | 0x5c498000 -> 0x5c4a0000 | 0     |
| __AUTH       | rw-      | rw-     | 0x027a8000 (42 MB)  | 0x1da1d0000 | 0x561d0000  | 0x5c4a4000 -> 0x5c4ac000 | 1     |
| __AUTH_CONST | r--      | rw-     | 0x03b14000 (62 MB)  | 0x1dc978000 | 0x58978000  | 0x5c4b0000 -> 0x5c4b8000 | 5     |
| __LINKEDIT   | r--      | r--     | 0x00030000 (197 kB) | 0x1e248c000 | 0x5c48c000  |                          | 0     |
| __TEXT       | r-x      | r-x     | 0x1a44c000 (441 MB) | 0x1e24bc000 | 0x5c4bc000  |                          | 0     |
| __DATA_CONST | r--      | rw-     | 0x009d4000 (10 MB)  | 0x1fe908000 | 0x76908000  | 0x7a870000 -> 0x7a874000 | 4     |
| __DATA       | rw-      | rw-     | 0x01edc000 (32 MB)  | 0x2012dc000 | 0x772dc000  | 0x7a878000 -> 0x7a87c000 | 0     |
| __AUTH       | rw-      | rw-     | 0x00a0c000 (10 MB)  | 0x2031b8000 | 0x791b8000  | 0x7a880000 -> 0x7a884000 | 1     |
| __AUTH_CONST | r--      | rw-     | 0x00cac000 (13 MB)  | 0x203bc4000 | 0x79bc4000  | 0x7a888000 -> 0x7a88c000 | 5     |
| __LINKEDIT   | r--      | r--     | 0x0c120000 (202 MB) | 0x206870000 | 0x7a870000  |                          | 0     |
| __TEXT       | r-x      | r-x     | 0x00004000 (16 kB)  | 0x00000000  | 0x86990000  |                          | 0     |
Raw
mmap.md 
           /* TID 0x103 */
dyld_shared_cache_arm64e           
"(I think frida missed the first mmap)"
  2908 ms  munmap(addr=0x102298000, len=0x5c7a0000)
  __TEXT
  2909 ms  mmap(addr=0x280000000, len=0x4fd2c000, prot=0x1, flags=0x12, fd=0x3, offset=0x0)
  __DATA_CONST
  2924 ms  mmap(addr=0x2d1d2c000, len=0x2f88000, prot=0x1, flags=0x12, fd=0x3, offset=0x4fd2c000)
  __DATA
  2927 ms  mmap(addr=0x2d6cb4000, len=0x351c000, prot=0x1, flags=0x12, fd=0x3, offset=0x52cb4000)
  __AUTH
  2929 ms  mmap(addr=0x2da1d0000, len=0x27a8000, prot=0x1, flags=0x12, fd=0x3, offset=0x561d0000)
  __AUTH_CONST
  2930 ms  mmap(addr=0x2dc978000, len=0x3b14000, prot=0x1, flags=0x12, fd=0x3, offset=0x58978000)
  __LINKEDIT
  2932 ms  mmap(addr=0x2e248c000, len=0x30000, prot=0x1, flags=0x12, fd=0x3, offset=0x5c48c000)
  
dyld_shared_cache_arm64e.1  
  2934 ms  mmap(addr=0x0, len=0x2a628000, prot=0x1, flags=0x2, fd=0x3, offset=0x0)
  4455 ms  munmap(addr=0x102298000, len=0x2a628000)
  4457 ms  mmap(addr=0x2e24bc000, len=0x1a44c000, prot=0x1, flags=0x12, fd=0x3, offset=0x0)
  4463 ms  mmap(addr=0x2fe908000, len=0x9d4000, prot=0x1, flags=0x12, fd=0x3, offset=0x1a44c000)
  4464 ms  mmap(addr=0x3012dc000, len=0x1edc000, prot=0x1, flags=0x12, fd=0x3, offset=0x1ae20000)
  4464 ms  mmap(addr=0x3031b8000, len=0xa0c000, prot=0x1, flags=0x12, fd=0x3, offset=0x1ccfc000)
  4464 ms  mmap(addr=0x303bc4000, len=0xcac000, prot=0x1, flags=0x12, fd=0x3, offset=0x1d708000)
  4465 ms  mmap(addr=0x306870000, len=0xc120000, prot=0x1, flags=0x12, fd=0x3, offset=0x1e3b4000)
  
dyld_shared_cache_arm64e.symbols  
  4467 ms  mmap(addr=0x0, len=0x1b654000, prot=0x1, flags=0x2, fd=0x3, offset=0x0)
  4467 ms  munmap(addr=0x102298000, len=0x1b654000)
  4468 ms  mmap(addr=0x0, len=0x1b654000, prot=0x1, flags=0x2, fd=0x3, offset=0x0)

before exit  
 10210 ms  munmap(addr=0x102298000, len=0x1b654000)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment