|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Kernel Symbols"
(added some symbols from 6.0gm and 6.0.1) |
|||
| Line 12: | Line 12: | ||
!5.1 [[N81ap|iPod touch 4G]] |
!5.1 [[N81ap|iPod touch 4G]] |
||
!6.0b1 [[N81ap|iPod touch 4G]] |
!6.0b1 [[N81ap|iPod touch 4G]] |
||
| + | !6.0 [[N81ap|iPod touch 4G]] |
||
| + | !6.0.1 [[N81ap|iPod touch 4G]] |
||
!Notes |
!Notes |
||
|- |
|- |
||
| Line 19: | Line 21: | ||
| ... |
| ... |
||
| ... |
| ... |
||
| + | |0x80018774 |
||
| + | |0x80018774 |
||
|The Mach exception processing logic. |
|The Mach exception processing logic. |
||
|- |
|- |
||
| Line 25: | Line 29: | ||
|0x802CBBAC |
|0x802CBBAC |
||
|0x802CCBAC |
|0x802CCBAC |
||
| + | |0x802F00B8 |
||
| + | |0x802F00B8 |
||
|0x802F00B8 |
|0x802F00B8 |
||
|Through this you can obtain all of XNU's 438 system calls, e.g. _exit @0x8019DE04 on iPod, 0x8019D278 on iPhone 4S, etc. |
|Through this you can obtain all of XNU's 438 system calls, e.g. _exit @0x8019DE04 on iPod, 0x8019D278 on iPhone 4S, etc. |
||
| Line 33: | Line 39: | ||
|0x802D2C5C-0x802D4338 |
|0x802D2C5C-0x802D4338 |
||
|0x802A6538-0x802A7540 |
|0x802A6538-0x802A7540 |
||
| + | |0x802E8FB0-0x802E969C |
||
| + | |0x802E8FB0-0x802E969C |
||
|The char[][] containing the textual names of all system calls |
|The char[][] containing the textual names of all system calls |
||
|- |
|- |
||
| Line 39: | Line 47: | ||
| ??? |
| ??? |
||
|0x805D5B94 |
|0x805D5B94 |
||
| + | | ... |
||
| + | | ... |
||
| ... |
| ... |
||
|Initialization of AMFI, the kext responsible for [[sandbox]] policies and entitlements |
|Initialization of AMFI, the kext responsible for [[sandbox]] policies and entitlements |
||
| Line 46: | Line 56: | ||
| ??? |
| ??? |
||
|0x802B8A24 |
|0x802B8A24 |
||
| + | | ... |
||
|0x802B85B4 |
|0x802B85B4 |
||
| + | |0x802B9618 |
||
|BSD layer initialization logic. Branches out to initialize virtually every BSD subsystem. Same as OS X XNU, with minor exception (e.g. kernel_memorystatus/jetsam, iptap..) |
|BSD layer initialization logic. Branches out to initialize virtually every BSD subsystem. Same as OS X XNU, with minor exception (e.g. kernel_memorystatus/jetsam, iptap..) |
||
|- |
|- |
||
| Line 53: | Line 65: | ||
|0x80078000 |
|0x80078000 |
||
|0x80078000 |
|0x80078000 |
||
| + | | ... |
||
| + | | ... |
||
| ... |
| ... |
||
|Address of CPU exception handlers in kernel space: fleh_reset, fleh_undef, fleh_swi, fleh_prefabt, _fleh_dataabt, _fleh_addrexc and fleh_irq can be obtained from here |
|Address of CPU exception handlers in kernel space: fleh_reset, fleh_undef, fleh_swi, fleh_prefabt, _fleh_dataabt, _fleh_addrexc and fleh_irq can be obtained from here |
||
Revision as of 22:20, 13 November 2012
iOS's XNU is largely stripped, and contains fewer and fewer symbols with its newer versions. Whereas in pre 3.0 most symbols were visible, nowadays only symbols required for KExt linkage remain so.
This page is started in the hopes of bringing together efforts of the various jailbreakers so as to pool already symbolified sections of the kernel. Because addresses change along with the different builds, please add the symbols under the right kernel version (i.e. release + device). If not 100% sure about a symbol, indicate the level of confidence.
Started with iPod touch 4G, because this is the main kernel the author has largely (>80%) symbolicated. Please add your own. Even if your build is different, the address space doesn't change that much. Bear in mind that - if Mountain Lion is any indication - iOS will soon introduce kernel level ASLR, as well.
| symbol | 5.0.x iPod touch 4G | 5.0.1 iPhone 4S | 5.1 iPod touch 4G | 6.0b1 iPod touch 4G | 6.0 iPod touch 4G | 6.0.1 iPod touch 4G | Notes |
|---|---|---|---|---|---|---|---|
| _exception_triage | 0x80016C34 | ??? | ... | ... | 0x80018774 | 0x80018774 | The Mach exception processing logic. |
| sysent | 0x802CCBAC | 0x802CBBAC | 0x802CCBAC | 0x802F00B8 | 0x802F00B8 | 0x802F00B8 | Through this you can obtain all of XNU's 438 system calls, e.g. _exit @0x8019DE04 on iPod, 0x8019D278 on iPhone 4S, etc. |
| syscall_names | 0x802D2C6C | 0x802D1C6C-0x802D2340 | 0x802D2C5C-0x802D4338 | 0x802A6538-0x802A7540 | 0x802E8FB0-0x802E969C | 0x802E8FB0-0x802E969C | The char[][] containing the textual names of all system calls |
| AppleMobileFileIntegrity_Start | 0x805E499C | ??? | 0x805D5B94 | ... | ... | ... | Initialization of AMFI, the kext responsible for sandbox policies and entitlements |
| bsd_init | 0x802B77C0 | ??? | 0x802B8A24 | ... | 0x802B85B4 | 0x802B9618 | BSD layer initialization logic. Branches out to initialize virtually every BSD subsystem. Same as OS X XNU, with minor exception (e.g. kernel_memorystatus/jetsam, iptap..) |
| ExceptionVectorsBase | 0x80078000 | 0x80078000 | 0x80078000 | ... | ... | ... | Address of CPU exception handlers in kernel space: fleh_reset, fleh_undef, fleh_swi, fleh_prefabt, _fleh_dataabt, _fleh_addrexc and fleh_irq can be obtained from here |
Note: For most of the above symbols, a fairly decent source code can be obtained from the public open source XNU at opensource.apple. Bear in mind that ml_, PE_ and other machine specific functions will naturally be implemented quite differently. (but, it's a start!).
