Difference between revisions of "Kernel Symbols"

Revision as of 03:20, 25 February 2012

iOS's XNU is largely stripped, and contains fewer and fewer symbols with its newer versions. Whereas in pre 3.0 most symbols were visible, nowadays only symbols required for KExt linkage remain so.

This page is started in the hopes of bringing together efforts of the various JBers so as to pool already symbolified sections of the kernel. Because addresses change along with the different builds, please add the symbols under the right kernel version (i.e. release + device). If not 100% sure about a symbol, indicate the level of confidence.

symbol	5.0.0 iPodT 4G	Notes
sysent	0x802CCBAC	Through this you can obtain all of XNU's 438 system calls, e.g. _exit @0x8019DE04
syscall_names	0x802D2C6C	The char[][] containing the textual names of all system calls
AppleMobileFileIntegrity_Start	0x805E499C	Initialization of AMFI, the kext responsible for sandbox policies and entitlements
ExceptionVectorsBase	0x80078000	Address of CPU exception handlers in kernel space: fleh_reset, fleh_undef, fleh_swi, fleh_prefabt, _fleh_dataabt, _fleh_addrexc and fleh_irq can be obtained from here

@@ Line 14: / Line 14: @@
 <tr>
 <td>syscall_names</td><td>0x802D2C6C</td><td>The char[][] containing the textual names of all system calls </td>
+</tr>
+<tr>
+<td>AppleMobileFileIntegrity_Start</td><td>0x805E499C</td><td>Initialization of AMFI, the kext responsible for sandbox policies and entitlements</td>
+</tr>
+<tr>
+<td>ExceptionVectorsBase</td><td>0x80078000</td><td>Address of CPU exception handlers in kernel space: fleh_reset, fleh_undef, fleh_swi, fleh_prefabt, _fleh_dataabt, _fleh_addrexc and fleh_irq can be obtained from here</td>
 </tr>
 </table>

Difference between revisions of "Kernel Symbols"

Revision as of 03:20, 25 February 2012

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Miscellaneous

Tools