|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Kernelcache"
(dump of kernel cache) |
|||
| Line 3: | Line 3: | ||
[[Category:Filesystem]] |
[[Category:Filesystem]] |
||
| − | The joker tool, from http://newosxbook.com/ can be used to dump information from a decrypted kernelcache - including system call and Mach trap addresses (in the kernel) as well as a list of all the KEXTs contained therein and their load addresses. The output from a 6.1. |
+ | The joker tool, from http://newosxbook.com/ can be used to dump information from a decrypted kernelcache - including system call and Mach trap addresses (in the kernel) as well as a list of all the KEXTs contained therein and their load addresses. The output from a 6.1.3 kernelcache (iPod 4,1) is as follows: |
<pre> |
<pre> |
||
Revision as of 00:08, 9 April 2013
The kernelcache is basically the kernel itself as well as all of its extensions (AppleImage3NORAccess, IOAESAccelerator, IOPKEAccelerator, etc.) into one file, then packed/encrypted in an IMG3 (iOS 2.0 and above) or 8900 (iOS 1.0 through 1.1.4) container.
The joker tool, from http://newosxbook.com/ can be used to dump information from a decrypted kernelcache - including system call and Mach trap addresses (in the kernel) as well as a list of all the KEXTs contained therein and their load addresses. The output from a 6.1.3 kernelcache (iPod 4,1) is as follows:
Kext: MAC Framework Pseudoextension @0x8039600(com.apple.kpi.dsep) Kext: Private Pseudoextension @0x8039700(com.apple.kpi.private) Kext: I/O Kit Pseudoextension @0x8039c00(com.apple.kpi.iokit) Kext: Libkern Pseudoextension @0x803b300(com.apple.kpi.libkern) Kext: BSD Kernel Pseudoextension @0x803bb00(com.apple.kpi.bsd) Kext: AppleFSCompressionTypeZlib @0x803c100(com.apple.AppleFSCompression.AppleFSCompressionTypeZlib) Kext: Mach Kernel Pseudoextension @0x803c600(com.apple.kpi.mach) Kext: Unsupported Pseudoextension @0x803c700(com.apple.kpi.unsupported) Kext: I/O Kit USB Family @0x803c900(com.apple.iokit.IOUSBFamily) Kext: I/O Kit Driver for USB User Clients @0x803f900(com.apple.iokit.IOUSBUserClient) Kext: I/O Kit Storage Family @0x803fc00(com.apple.iokit.IOStorageFamily) Kext: AppleDiskImageDriver @0x8041400(com.apple.driver.DiskImages) Kext: AppleDiskImagesKernelBacked @0x8042000(com.apple.driver.DiskImages.KernelBacked) Kext: FairPlayIOKit @0x8042c00(com.apple.driver.FairPlayIOKit) Kext: LSKDIOKit @0x8048c00(com.apple.driver.LSKDIOKit) Kext: AppleARMPlatform @0x804aa00(com.apple.driver.AppleARMPlatform) Kext: AppleVXD375 @0x804e400(com.apple.driver.AppleVXD375) Kext: IOSlaveProcessor @0x8050000(com.apple.driver.IOSlaveProcessor) Kext: IOP_s5l8930x_firmware @0x8050500(com.apple.driver.IOP_s5l8930x_firmware) Kext: AppleDiskImagesUDIFDiskImage @0x8053200(com.apple.driver.DiskImages.UDIFDiskImage) Kext: IOStreamFamily @0x8053900(com.apple.iokit.IOStreamFamily) Kext: IOAudio2Family @0x8053e00(com.apple.iokit.IOAudio2Family) Kext: IOAVFamily @0x8054800(com.apple.iokit.IOAVFamily) Kext: IODisplayPortFamily @0x8057d00(com.apple.iokit.IODisplayPortFamily) Kext: AppleSamsungDPTX @0x8059300(com.apple.driver.AppleSamsungDPTX) Kext: IOUSBDeviceFamily @0x805b000(com.apple.iokit.IOUSBDeviceFamily) Kext: AppleUSBDeviceMux @0x805bd00(com.apple.driver.AppleUSBDeviceMux) Kext: PPP @0x805c500(com.apple.nke.ppp) Kext: L2TP @0x805cf00(com.apple.nke.l2tp) Kext: I/O Kit Networking Family @0x805d500(com.apple.iokit.IONetworkingFamily) Kext: IO80211Family @0x805ef00(com.apple.iokit.IO80211Family) Kext: IOKit Serial Port Family @0x8063e00(com.apple.iokit.IOSerialFamily) Kext: AppleOnboardSerial @0x8064800(com.apple.driver.AppleOnboardSerial) Kext: Broadcom 802.11 Driver @0x8065600(com.apple.driver.AppleBCMWLANCore) Kext: AppleSamsungSPI @0x806c400(com.apple.driver.AppleSamsungSPI) Kext: I/O Kit Driver for USB Composite Devices @0x806c800(com.apple.driver.AppleUSBComposite) Kext: I/O Kit Driver for USB Devices @0x806cd00(com.apple.driver.AppleUSBMergeNub) Kext: AppleEmbeddedUSBHost @0x806d200(com.apple.driver.AppleEmbeddedUSBHost) Kext: AppleUSBEthernetHost @0x806d700(com.apple.driver.AppleUSBEthernetHost) Kext: AppleARM7M @0x806dc00(com.apple.driver.AppleARM7M) Kext: corecrypto @0x806e000(com.apple.kec.corecrypto) Kext: IOTextEncryptionFamily @0x8070b00(com.apple.IOTextEncryptionFamily) Kext: IOCryptoAcceleratorFamily @0x8071000(com.apple.iokit.IOCryptoAcceleratorFamily) Kext: AppleMobileFileIntegrity @0x8071e00(com.apple.driver.AppleMobileFileIntegrity) Kext: Regular Expression Matching Engine @0x8073500(com.apple.kext.AppleMatch) Kext: Seatbelt sandbox policy @0x8073900(com.apple.security.sandbox) Kext: AppleProfileFamily @0x8074400(com.apple.iokit.AppleProfileFamily) Kext: AppleProfileTimestampAction @0x8076f00(com.apple.driver.AppleProfileTimestampAction) Kext: AppleNANDConfigAccess @0x8077300(com.apple.driver.AppleNANDConfigAccess) Kext: AppleDiagnosticDataAccessReadOnly @0x8077600(com.apple.driver.AppleDiagnosticDataAccessReadOnly) Kext: IOMobileGraphicsFamily @0x8077900(com.apple.iokit.IOMobileGraphicsFamily) Kext: IODARTFamily @0x8078800(com.apple.driver.IODARTFamily) Kext: Apple M2 Scaler and Color Space Converter Driver @0x8079300(com.apple.driver.AppleM2ScalerCSCDriver) Kext: IOAcceleratorFamily @0x807a700(com.apple.iokit.IOAcceleratorFamily) Kext: EncryptedBlockStorage @0x807c400(com.apple.iokit.EncryptedBlockStorage) Kext: IOFlashStorage @0x807cc00(com.apple.iokit.IOFlashStorage) Kext: AppleNANDFTL @0x807e500(com.apple.driver.AppleNANDFTL) Kext: ApplePPNFTL @0x807ee00(com.apple.driver.ApplePPNFTL) Kext: AppleDiskImagesRAMBackingStore @0x8081b00(com.apple.driver.DiskImages.RAMBackingStore) Kext: IOHIDFamily @0x8081e00(com.apple.iokit.IOHIDFamily) Kext: I/O Kit Driver for USB HID Devices @0x8083e00(com.apple.iokit.IOUSBHIDDriver) Kext: AppleS5L8920X @0x8084400(com.apple.driver.AppleS5L8920X) Kext: AppleARMPL192VIC @0x8085100(com.apple.driver.AppleARMPL192VIC) Kext: AppleBluetooth @0x8085400(com.apple.driver.AppleBluetooth) Kext: I/O Kit Driver for USB EHCI Controllers @0x8085700(com.apple.driver.AppleUSBEHCI) Kext: I/O Kit Driver for USB OHCI Controllers @0x8086d00(com.apple.driver.AppleUSBOHCI) Kext: AppleEmbeddedUSB @0x8087900(com.apple.driver.AppleEmbeddedUSB) Kext: Embedded I/O Kit Driver for USB OHCI Controllers @0x8088200(com.apple.driver.AppleUSBOHCIARM) Kext: AppleNANDFirmware @0x8088700(com.apple.driver.AppleNANDFirmware) Kext: AppleEmbeddedCompass @0x8088b00(com.apple.driver.AppleEmbeddedCompass) Kext: AppleD1815PMU @0x8089300(com.apple.driver.AppleD1815PMU) Kext: AppleProfileThreadInfoAction @0x808aa00(com.apple.driver.AppleProfileThreadInfoAction) Kext: AppleEmbeddedGyro @0x808ae00(com.apple.driver.AppleEmbeddedGyro) Kext: AppleSynopsysOTGDevice @0x808b700(com.apple.driver.AppleSynopsysOTGDevice) Kext: AppleEmbeddedLightSensor @0x808c100(com.apple.driver.AppleEmbeddedLightSensor) Kext: AppleSamsungSerial @0x808cd00(com.apple.driver.AppleSamsungSerial) Kext: AppleUSBMike @0x808d100(com.apple.driver.AppleUSBMike) Kext: AppleNANDLegacyFTL @0x808d500(com.apple.driver.AppleNANDLegacyFTL) Kext: AppleSamsungMIPIDSI @0x8090300(com.apple.driver.AppleSamsungMIPIDSI) Kext: I/O Kit HID Event Driver Safe Boot @0x8090800(com.apple.driver.AppleBSDKextStarter) Kext: AppleHIDKeyboard @0x8090b00(com.apple.driver.AppleHIDKeyboard) Kext: IOKit SDIO Family @0x8090e00(com.apple.iokit.IOSDIOFamily) Kext: AppleIOPSDIO @0x8091e00(com.apple.driver.AppleIOPSDIO) Kext: AppleLTC4099Charger @0x8092600(com.apple.driver.AppleLTC4099Charger) Kext: I/O Kit Driver for USB HID Devices @0x8092a00(com.apple.driver.AppleCDMA) Kext: AppleProfileReadCounterAction @0x8093100(com.apple.driver.AppleProfileReadCounterAction) Kext: AppleSamsungSWI @0x8093500(com.apple.driver.AppleSamsungSWI) Kext: IOUserEthernet @0x8093900(com.apple.iokit.IOUserEthernet) Kext: AppleUSBHSIC @0x8094100(com.apple.driver.AppleUSBHSIC) Kext: Embedded I/O Kit Driver for USB EHCI Controllers @0x8094900(com.apple.driver.AppleUSBEHCIARM) Kext: AppleAMC_r2 @0x8095000(com.apple.driver.AppleAMC_r2) Kext: EmbeddedIOP @0x809c900(com.apple.driver.EmbeddedIOP) Kext: ApplePinotLCD @0x809d100(com.apple.driver.ApplePinotLCD) Kext: IOSurface @0x809d400(com.apple.iokit.IOSurface) Kext: AppleDisplayPipe @0x809e200(com.apple.driver.AppleDisplayPipe) Kext: AppleCLCD @0x809f200(com.apple.driver.AppleCLCD) Kext: AppleS5L8930XDART @0x80a0000(com.apple.driver.AppleS5L8930XDART) Kext: I/O Kit Driver for USB Hubs @0x80a0500(com.apple.driver.AppleUSBHub) Kext: AppleKernelStorage @0x80a0e00(com.apple.platform.AppleKernelStorage) Kext: AppleM68Buttons @0x80a1100(com.apple.driver.AppleM68Buttons) Kext: AppleUSBEthernetDevice @0x80a1500(com.apple.driver.AppleUSBEthernetDevice) Kext: AppleUSBHIDKeyboard @0x80a1a00(com.apple.driver.AppleUSBHIDKeyboard) Kext: BasebandSPI @0x80a1d00(com.apple.driver.BasebandSPI) Kext: AppleEffaceableStorage @0x80a3700(com.apple.driver.AppleEffaceableStorage) Kext: LightweightVolumeManager @0x80a4100(com.apple.driver.LightweightVolumeManager) Kext: IMGSGX535 Graphics Kernel Extension @0x80a4b00(com.apple.IMGSGX535) Kext: I/O Kit HID Event Driver @0x80a7800(com.apple.driver.AppleIOPFMI) Kext: AppleTetheredDevice @0x80a8800(com.apple.driver.AppleTetheredDevice) Kext: AppleProfileKEventAction @0x80a8b00(com.apple.driver.AppleProfileKEventAction) Kext: AppleRGBOUT @0x80a8f00(com.apple.driver.AppleRGBOUT) Kext: IOFlashNVRAM @0x80a9700(com.apple.driver.IOFlashNVRAM) Kext: AppleS5L8930XUSB @0x80a9d00(com.apple.driver.AppleS5L8930XUSB) Kext: AppleDPRepeater @0x80aa100(com.apple.driver.AppleDPRepeater) Kext: AppleARMPL080DMAC @0x80ad000(com.apple.driver.AppleARMPL080DMAC) Kext: AppleAC3Passthrough @0x80ad400(com.apple.driver.AppleAC3Passthrough) Kext: AppleIntegratedProxALSSensor @0x80ada00(com.apple.driver.AppleIntegratedProxALSSensor) Kext: AppleDiskImagesFileBackingStore @0x80ae400(com.apple.driver.DiskImages.FileBackingStore) Kext: AppleUSBAudio @0x80ae800(com.apple.driver.AppleUSBAudio) Kext: AppleTVOut @0x80b1800(com.apple.driver.AppleTVOut) Kext: tlsnke @0x80b1c00(com.apple.nke.tls) Kext: AppleS5L8930XUSBPhy @0x80b2200(com.apple.driver.AppleS5L8930XUSBPhy) Kext: AppleProfileRegisterStateAction @0x80b2600(com.apple.driver.AppleProfileRegisterStateAction) Kext: IOAccessoryManager @0x80b2a00(com.apple.iokit.IOAccessoryManager) Kext: AppleS5L8930X @0x80b3e00(com.apple.driver.AppleS5L8930X) Kext: AppleBSDKextStarterVPN @0x80b4800(com.apple.driver.DiskImages.ReadWriteDiskImage) Kext: AppleARMIISAudio @0x80b4b00(com.apple.iokit.AppleARMIISAudio) Kext: AppleEmbeddedProx @0x80b5200(com.apple.driver.AppleEmbeddedProx) Kext: AppleMultitouchSPI @0x80b5a00(com.apple.driver.AppleMultitouchSPI) Kext: H3 H264 Video Encoder @0x80b6e00(com.apple.driver.H2H264VideoEncoderDriver) Kext: Broadcom WLAN SDIO Bus Driver @0x80b8f00(com.apple.driver.AppleBCMWLANBusInterfaceSDIO) Kext: AppleUSBEthernet @0x80ba000(com.apple.driver.AppleUSBEthernet) Kext: PPTP @0x80ba900(com.apple.nke.pptp) Kext: AppleJPEGDriver @0x80bae00(com.apple.driver.AppleJPEGDriver) Kext: AppleSamsungI2S @0x80bb800(com.apple.driver.AppleSamsungI2S) Kext: AppleEmbeddedAccelerometer @0x80bbc00(com.apple.driver.AppleEmbeddedAccelerometer) Kext: IOMikeyBusFamily @0x80bc200(com.apple.iokit.IOMikeyBusFamily) Kext: AppleEmbeddedAudio @0x80bd400(com.apple.driver.AppleEmbeddedAudio) Kext: AppleLM48557Amp @0x80bf500(com.apple.driver.AppleLM48557Amp) Kext: AppleProfileCallstackAction @0x80bf800(com.apple.driver.AppleProfileCallstackAction) Kext: AppleMultitouchSPIN1F55 @0x80bfc00(com.apple.driver.AppleCD3282Mikey) Kext: AppleMultitouchSPIZ2F13 @0x80c0000(com.apple.driver.AppleImage3NORAccess) Kext: AppleH3CameraInterface @0x80c0800(com.apple.driver.AppleH3CameraInterface) Kext: AppleSamsungPKE @0x80c2700(com.apple.driver.AppleSamsungPKE) Kext: AppleKeyStore @0x80c2b00(com.apple.driver.AppleKeyStore) Kext: AppleHIDKeyboardEmbedded @0x80c3800(com.apple.driver.AppleCS42L59Audio)
