mentlerd · March 30, 2022 19:08
diff --git a/monterey_xnu_sdt.hexpat b/monterey_xnu_sdt.hexpat
 # Powered by https://github.com/WerWolv/ImHex
 #
 # /System/Library/Kernels/kernel
 # uname -a -> xnu-8020.101.4

 struct nullstr {
 	char data[while(std::mem::read_unsigned($, 1) != 0x00)];
 };

 struct sdt_entry {
 	u64 addr;
 	u64 provider_addr [[hidden]];
 	u64 name_addr [[hidden]];
 	
 	u8 anchor [[hidden]];
 	
 	$ = provider_addr - 0xffffff8000c8df98 + 11067288;
 	nullstr provider;

 	$ = name_addr - 0xffffff8000c8df98 + 11067288;
 	nullstr name;

 	$ = addressof(anchor);
 } [[format("sdt_format")]];

 fn sdt_format(sdt_entry e) {
    return e.provider.data + " " + e.name.data;
 };

 sdt_entry probes[100] @ 11092120;
	# Powered by https://github.com/WerWolv/ImHex
	#
	# /System/Library/Kernels/kernel
	# uname -a -> xnu-8020.101.4

	struct nullstr {
	char data[while(std::mem::read_unsigned($, 1) != 0x00)];
	};

	struct sdt_entry {
	u64 addr;
	u64 provider_addr [[hidden]];
	u64 name_addr [[hidden]];

	u8 anchor [[hidden]];

	$ = provider_addr - 0xffffff8000c8df98 + 11067288;
	nullstr provider;

	$ = name_addr - 0xffffff8000c8df98 + 11067288;
	nullstr name;

	$ = addressof(anchor);
	} [[format("sdt_format")]];

	fn sdt_format(sdt_entry e) {
	return e.provider.data + " " + e.name.data;
	};

	sdt_entry probes[100] @ 11092120;