Pangu 9.1 Kernel Dump

Questions and Answers about all things *OS (macOS, iOS, tvOS, watchOS)

Re: Pangu 9.1 Kernel Dump

Postby backendbilly » Fri Mar 25, 2016 9:41 pm

I've added to 00 to both occurrences of 0x10000 as shown:

Code: Select all
// dump this into ios-kern-utils repo as test.c, then run:
// xcrun -sdk iphoneos gcc -arch armv7 -arch arm64 -Ilib/kernel lib/kernel/*.c -o test test.c
// codesign -s - --entitlements misc/ent.xml test
#include <stdio.h>
#include <mach-o/loader.h>
#include "libkern.h"

#if __LP64__
#define MACH_HEADER_MAGIC MH_MAGIC_64
#else
#define MACH_HEADER_MAGIC MH_MAGIC
#endif

int main()
{
    int magic = MACH_HEADER_MAGIC;
    vm_address_t base = get_kernel_base();
    printf("base: " ADDR "\n", base);
    if(base == 0)
    {
        return 1;
    }
    for(vm_address_t off = base - IMAGE_OFFSET; off < base + 0x1000000; ++off)
    {
        off = find_bytes_kern(off, base + 0x1000000, (unsigned char*)&magic, sizeof(int));
        if(off == 0)
            break;
        else
            printf(ADDR "\n", off);
    }
    return 0;
}


Result:

Code: Select all
iPhone:~ root# ./test
Killed: 9
iPhone:~ root#



Testing on 9.0.2 returned:

Code: Select all
iPhone:~ root# ./test2
return value: 268435459
iPhone:~ root#
backendbilly
Site Admin
 
Posts: 132
Joined: Fri May 29, 2015 5:58 pm

Re: Pangu 9.1 Kernel Dump

Postby morpheus » Fri Mar 25, 2016 10:47 pm

I see Siguza is handling this well - but Billy -- and everyone - when you get an instant kill it can be because of either:

A) you're running something without a code sig
or
B) you've updated a code signed binary with another binary, and another signature, *without removing older binary first*.

Particularly B - is important, it was a 0-day up to 9.0, when AAPL patched it silently (enforcing kill). So if you update a binary - any binary, rm it first, then make a new copy.
morpheus
Site Admin
 
Posts: 530
Joined: Thu Apr 11, 2013 6:24 pm

Re: Pangu 9.1 Kernel Dump

Postby Siguza » Fri Mar 25, 2016 11:41 pm

Alright, J already explained the "Killed: 9". Billy, could you simply try again?

And 268435459 looks a lot like MACH_SEND_INVALID_DEST... which I don't exactly know what to make of.
Could it be that host_get_special_port(,,4,) gets you something other than the kernel task on Pangu 9.0?

@J: Well, I'm trying my best...
User avatar
Siguza
Unicorn
 
Posts: 158
Joined: Thu Jan 28, 2016 10:38 am

Re: Pangu 9.1 Kernel Dump

Postby backendbilly » Sat Mar 26, 2016 12:20 am

I will try soon. Thanks for both of your inputs. I'll post when I'm done.
backendbilly
Site Admin
 
Posts: 132
Joined: Fri May 29, 2015 5:58 pm

Re: Pangu 9.1 Kernel Dump

Postby backendbilly » Sat Mar 26, 2016 3:34 am

Thanks for the tip J. That fixed the killed 9. Here is what I got when I added the two 00's (iOS 9.1):

Code: Select all
iPhone:~ root# ./test
base: ffffff8016002000
iPhone:~ root#


running kmap on 9.1:

Code: Select all
iPhone:~ root# ./kmap
ffffff8000000000-ffffff8002000000 [32768K] ---/---
ffffff8002000000-ffffff8002004000 [   16K] r-x/rwx
ffffff8002004000-ffffff8002008000 [   16K] r-x/rwx
ffffff8002008000-ffffff8002010000 [   32K] rw-/rwx
ffffff8002010000-ffffff8002018000 [   32K] rw-/rwx
ffffff8002018000-ffffff800201c000 [   16K] rw-/rwx
ffffff800201c000-ffffff800202c000 [   64K] rw-/rwx
ffffff800202c000-ffffff8002034000 [   32K] rw-/rwx
ffffff8002034000-ffffff8002038000 [   16K] rw-/rwx
ffffff8002038000-ffffff800203c000 [   16K] rw-/rwx
ffffff800203c000-ffffff8002040000 [   16K] rw-/rwx
ffffff8002040000-ffffff8002044000 [   16K] rw-/rwx
ffffff8002044000-ffffff8002048000 [   16K] rw-/rwx
ffffff8002048000-ffffff800204c000 [   16K] rw-/rwx
ffffff800204c000-ffffff8002050000 [   16K] rw-/rwx
ffffff8002050000-ffffff8002054000 [   16K] rw-/rwx
ffffff8002054000-ffffff8002058000 [   16K] rw-/rwx
ffffff8002058000-ffffff800205c000 [   16K] rw-/rwx
ffffff800205c000-ffffff8002060000 [   16K] rw-/rwx
ffffff8002060000-ffffff8002064000 [   16K] rw-/rwx
ffffff8002064000-ffffff8002068000 [   16K] rw-/rwx
ffffff8002068000-ffffff800206c000 [   16K] rw-/rwx
ffffff800206c000-ffffff8002070000 [   16K] rw-/rwx
ffffff8002070000-ffffff8002074000 [   16K] rw-/rwx
ffffff8002074000-ffffff8002078000 [   16K] rw-/rwx
ffffff8002078000-ffffff800207c000 [   16K] rw-/rwx
ffffff800207c000-ffffff8002080000 [   16K] rw-/rwx
ffffff8002080000-ffffff8002084000 [   16K] rw-/rwx
ffffff8002084000-ffffff8002088000 [   16K] rw-/rwx
ffffff8002088000-ffffff800208c000 [   16K] rw-/rwx
ffffff800208c000-ffffff8002090000 [   16K] rw-/rwx
ffffff8002090000-ffffff8002094000 [   16K] rw-/rwx
ffffff8002094000-ffffff8002098000 [   16K] rw-/rwx
ffffff8002098000-ffffff800209c000 [   16K] rw-/rwx
ffffff800209c000-ffffff80020a0000 [   16K] rw-/rwx
ffffff80020a0000-ffffff80020a4000 [   16K] rw-/rwx
ffffff80020a4000-ffffff80020a8000 [   16K] rw-/rwx
ffffff80020a8000-ffffff80020ac000 [   16K] rw-/rwx
ffffff80020ac000-ffffff80020b0000 [   16K] rw-/rwx
ffffff80020b0000-ffffff80020b4000 [   16K] rw-/rwx
ffffff80020b4000-ffffff80020b8000 [   16K] rw-/rwx
ffffff80020b8000-ffffff80020bc000 [   16K] rw-/rwx
ffffff80020bc000-ffffff80020c0000 [   16K] rw-/rwx
ffffff80020c0000-ffffff80020c4000 [   16K] rw-/rwx
ffffff80020c4000-ffffff80020c8000 [   16K] rw-/rwx
ffffff80020c8000-ffffff80020cc000 [   16K] rw-/rwx
ffffff80020cc000-ffffff80020d0000 [   16K] rw-/rwx
ffffff80020d0000-ffffff80020d4000 [   16K] rw-/rwx
ffffff80020d4000-ffffff80020d8000 [   16K] rw-/rwx
ffffff80020d8000-ffffff80020dc000 [   16K] rw-/rwx
ffffff80020dc000-ffffff80020e0000 [   16K] rw-/rwx
ffffff80020e0000-ffffff80020e4000 [   16K] rw-/rwx
ffffff80020e4000-ffffff80020e8000 [   16K] rw-/rwx
ffffff80020e8000-ffffff80020ec000 [   16K] rw-/rwx
ffffff80020ec000-ffffff80020f0000 [   16K] rw-/rwx
ffffff80020f0000-ffffff80020f4000 [   16K] rw-/rwx
ffffff80020f4000-ffffff80020f8000 [   16K] rw-/rwx
ffffff80020f8000-ffffff8002100000 [   32K] rw-/rwx
ffffff8002100000-ffffff8002104000 [   16K] rw-/rwx
ffffff8002104000-ffffff800210c000 [   32K] rw-/rwx
ffffff800210c000-ffffff8002114000 [   32K] rw-/rwx
ffffff8002114000-ffffff800211c000 [   32K] rw-/rwx
ffffff800211c000-ffffff8002124000 [   32K] rw-/rwx
ffffff8002124000-ffffff800212c000 [   32K] rw-/rwx
ffffff800212c000-ffffff8002134000 [   32K] rw-/rwx
ffffff8002134000-ffffff800213c000 [   32K] rw-/rwx
ffffff800213c000-ffffff8002144000 [   32K] rw-/rwx
ffffff8002144000-ffffff800214c000 [   32K] rw-/rwx
ffffff800214c000-ffffff800216c000 [  128K] rw-/rwx
ffffff800216c000-ffffff800218c000 [  128K] rw-/rwx
ffffff800218c000-ffffff8002194000 [   32K] rw-/rwx
ffffff8002194000-ffffff8002198000 [   16K] rw-/rwx
ffffff8002198000-ffffff80021a0000 [   32K] rw-/rwx
ffffff80021a0000-ffffff80021a8000 [   32K] rw-/rwx
ffffff80021a8000-ffffff80021ac000 [   16K] rw-/rwx
ffffff80021ac000-ffffff80021b4000 [   32K] rw-/rwx
ffffff80021b4000-ffffff80021bc000 [   32K] rw-/rwx
ffffff80021bc000-ffffff80021c0000 [   16K] rw-/rwx
ffffff80021c0000-ffffff80021c8000 [   32K] rw-/rwx
ffffff80021c8000-ffffff80021d0000 [   32K] rw-/rwx
ffffff80021d0000-ffffff80021d8000 [   32K] rw-/rwx
ffffff80021d8000-ffffff80021e0000 [   32K] rw-/rwx
ffffff80021e0000-ffffff8005ed8000 [62432K] rw-/rwx
ffffff8005ed8000-ffffff8005fd8000 [ 1024K] ---/---
ffffff8005fd8000-ffffff8005fdc000 [   16K] rw-/rwx
ffffff8005fdc000-ffffff8005fe0000 [   16K] rw-/rwx
ffffff8005fe0000-ffffff8005fe4000 [   16K] rw-/rwx
ffffff8005fe4000-ffffff80060e4000 [ 1024K] rw-/rwx
ffffff80060e4000-ffffff80068e4000 [ 8192K] rw-/rwx
ffffff80068e4000-ffffff80068f0000 [   48K] rw-/rwx
ffffff80068f0000-ffffff80068f4000 [   16K] rw-/rwx
ffffff80068f4000-ffffff8006900000 [   48K] rw-/rwx
ffffff8006900000-ffffff8006904000 [   16K] rw-/rw-
ffffff8006904000-ffffff8006910000 [   48K] rw-/rwx
ffffff8006910000-ffffff8006914000 [   16K] rw-/rwx
ffffff8006914000-ffffff8006920000 [   48K] rw-/rwx
ffffff8006920000-ffffff8006924000 [   16K] rw-/rw-
ffffff8006924000-ffffff8006930000 [   48K] rw-/rwx
ffffff8006930000-ffffff8006934000 [   16K] rw-/rw-
ffffff8006934000-ffffff8006940000 [   48K] rw-/rwx
ffffff8006940000-ffffff8006944000 [   16K] rw-/rw-
ffffff8006944000-ffffff8006950000 [   48K] rw-/rwx
ffffff8006950000-ffffff8006954000 [   16K] rw-/rw-
ffffff8006954000-ffffff8006960000 [   48K] rw-/rwx
ffffff8006960000-ffffff8006964000 [   16K] rw-/rw-
ffffff8006964000-ffffff8006970000 [   48K] rw-/rwx
ffffff8006970000-ffffff800c970000 [98304K] rw-/rwx
ffffff800c970000-ffffff800c974000 [   16K] rw-/rw-
ffffff800c974000-ffffff800c980000 [   48K] rw-/rwx
ffffff800c980000-ffffff800c988000 [   32K] r--/rwx
ffffff800c988000-ffffff800c98c000 [   16K] rw-/rw-
ffffff800c98c000-ffffff800c998000 [   48K] rw-/rwx
ffffff800c998000-ffffff800c99c000 [   16K] rw-/rw-
ffffff800c99c000-ffffff800c9a8000 [   48K] rw-/rwx
ffffff800c9a8000-ffffff800c9ac000 [   16K] rw-/rw-
ffffff800c9ac000-ffffff800c9b8000 [   48K] rw-/rwx
ffffff800c9b8000-ffffff800c9bc000 [   16K] rw-/rw-
ffffff800c9bc000-ffffff800c9c8000 [   48K] rw-/rwx
ffffff800c9c8000-ffffff800c9cc000 [   16K] rw-/rw-
ffffff800c9cc000-ffffff800c9d8000 [   48K] rw-/rwx
ffffff800c9d8000-ffffff800c9dc000 [   16K] rw-/rw-
ffffff800c9dc000-ffffff800c9e8000 [   48K] rw-/rwx
ffffff800c9e8000-ffffff800c9ec000 [   16K] rw-/rw-
ffffff800c9ec000-ffffff800c9f8000 [   48K] rw-/rwx
ffffff800c9f8000-ffffff800c9fc000 [   16K] rw-/rw-
ffffff800c9fc000-ffffff800ca08000 [   48K] rw-/rwx
ffffff800ca08000-ffffff800ca0c000 [   16K] rw-/rw-
ffffff800ca0c000-ffffff800ca18000 [   48K] rw-/rwx
ffffff800ca18000-ffffff800ca1c000 [   16K] rw-/rw-
ffffff800ca1c000-ffffff800ca28000 [   48K] rw-/rwx
ffffff800ca28000-ffffff800ca2c000 [   16K] rw-/rw-
ffffff800ca2c000-ffffff800ca38000 [   48K] rw-/rwx
ffffff800ca38000-ffffff800ca3c000 [   16K] rw-/rw-
ffffff800ca3c000-ffffff800ca48000 [   48K] rw-/rwx
ffffff800ca48000-ffffff800ca4c000 [   16K] rw-/rw-
ffffff800ca4c000-ffffff800ca58000 [   48K] rw-/rwx
ffffff800ca58000-ffffff800ca5c000 [   16K] rw-/rw-
ffffff800ca5c000-ffffff800ca68000 [   48K] rw-/rwx
ffffff800ca68000-ffffff800ca6c000 [   16K] rw-/rw-
ffffff800ca6c000-ffffff800ca78000 [   48K] rw-/rwx
ffffff800ca78000-ffffff800ca7c000 [   16K] rw-/rw-
ffffff800ca7c000-ffffff800ca88000 [   48K] rw-/rwx
ffffff800ca88000-ffffff800ca8c000 [   16K] rw-/rw-
ffffff800ca8c000-ffffff800ca98000 [   48K] rw-/rwx
ffffff800ca98000-ffffff800ca9c000 [   16K] rw-/rw-
ffffff800ca9c000-ffffff800caa8000 [   48K] rw-/rwx
ffffff800caa8000-ffffff800caac000 [   16K] rw-/rw-
ffffff800caac000-ffffff800cab8000 [   48K] rw-/rwx
ffffff800cab8000-ffffff800cabc000 [   16K] rw-/rw-
ffffff800cabc000-ffffff800cac8000 [   48K] rw-/rwx
ffffff800cac8000-ffffff800cacc000 [   16K] rw-/rw-
ffffff800cacc000-ffffff800cad8000 [   48K] rw-/rwx
ffffff800cad8000-ffffff800cadc000 [   16K] rw-/rw-
ffffff800cadc000-ffffff800cae8000 [   48K] rw-/rwx
ffffff800cae8000-ffffff800caec000 [   16K] rw-/rw-
ffffff800caec000-ffffff800caf8000 [   48K] rw-/rwx
ffffff800caf8000-ffffff800cafc000 [   16K] rw-/rw-
ffffff800cafc000-ffffff800cb08000 [   48K] rw-/rwx
ffffff800cb08000-ffffff800cb0c000 [   16K] rw-/rw-
ffffff800cb0c000-ffffff800cb18000 [   48K] rw-/rwx
ffffff800cb18000-ffffff800cb1c000 [   16K] rw-/rw-
ffffff800cb1c000-ffffff800cb28000 [   48K] rw-/rwx
ffffff800cb28000-ffffff800cb2c000 [   16K] rw-/rw-
ffffff800cb2c000-ffffff800cb38000 [   48K] rw-/rwx
ffffff800cb38000-ffffff800cb3c000 [   16K] rw-/rw-
ffffff800cb3c000-ffffff800cb48000 [   48K] rw-/rwx
ffffff800cb48000-ffffff800cb4c000 [   16K] rw-/rw-
ffffff800cb4c000-ffffff800cb58000 [   48K] rw-/rwx
ffffff800cb58000-ffffff800d4a0000 [ 9504K] rw-/rwx
ffffff800d4a0000-ffffff800d5dc000 [ 1264K] rw-/rwx
ffffff800d5dc000-ffffff80115dc000 [65536K] rw-/rwx
ffffff80115dc000-ffffff80115e8000 [   48K] rw-/rwx
ffffff80115e8000-ffffff80115ec000 [   16K] rw-/rw-
ffffff80115ec000-ffffff80115f8000 [   48K] rw-/rwx
ffffff80115f8000-ffffff80115fc000 [   16K] rw-/rw-
ffffff80115fc000-ffffff8011608000 [   48K] rw-/rwx
ffffff8011608000-ffffff801160c000 [   16K] rw-/rw-
ffffff801160c000-ffffff8011618000 [   48K] rw-/rwx
ffffff8011618000-ffffff801161c000 [   16K] rw-/rw-
ffffff801161c000-ffffff8011628000 [   48K] rw-/rwx
ffffff8011628000-ffffff801162c000 [   16K] rw-/rw-
ffffff801162c000-ffffff8011638000 [   48K] rw-/rwx
ffffff8011638000-ffffff801163c000 [   16K] rw-/rw-
ffffff801163c000-ffffff8011648000 [   48K] rw-/rwx
ffffff8011648000-ffffff801164c000 [   16K] rw-/rw-
ffffff801164c000-ffffff8011658000 [   48K] rw-/rwx
ffffff8011658000-ffffff801165c000 [   16K] rw-/rw-
ffffff801165c000-ffffff8011668000 [   48K] rw-/rwx
ffffff8011668000-ffffff801166c000 [   16K] rw-/rw-
ffffff801166c000-ffffff8011678000 [   48K] rw-/rwx
ffffff8011678000-ffffff801167c000 [   16K] rw-/rw-
ffffff801167c000-ffffff8011688000 [   48K] rw-/rwx
ffffff8011688000-ffffff801168c000 [   16K] rw-/rw-
ffffff801168c000-ffffff8011698000 [   48K] rw-/rwx
ffffff8011698000-ffffff801169c000 [   16K] rw-/rwx
ffffff801169c000-ffffff80116a8000 [   48K] rw-/rwx
ffffff80116a8000-ffffff80116ac000 [   16K] rw-/rw-
ffffff80116ac000-ffffff80116b8000 [   48K] rw-/rwx
ffffff80116b8000-ffffff80116bc000 [   16K] rw-/rw-
ffffff80116bc000-ffffff80116c8000 [   48K] rw-/rwx
ffffff80116c8000-ffffff80116cc000 [   16K] rw-/rw-
ffffff80116cc000-ffffff80116d8000 [   48K] rw-/rwx
ffffff80116d8000-ffffff80116dc000 [   16K] rw-/rw-
ffffff80116dc000-ffffff80116e8000 [   48K] rw-/rwx
ffffff80116e8000-ffffff80116ec000 [   16K] rw-/rw-
ffffff80116ec000-ffffff80116f8000 [   48K] rw-/rwx
ffffff80116f8000-ffffff80116fc000 [   16K] rw-/rw-
ffffff80116fc000-ffffff8011708000 [   48K] rw-/rwx
ffffff8011708000-ffffff801170c000 [   16K] rw-/rw-
ffffff801170c000-ffffff8011718000 [   48K] rw-/rwx
ffffff8011718000-ffffff801171c000 [   16K] rw-/rw-
ffffff801171c000-ffffff8011728000 [   48K] rw-/rwx
ffffff8011728000-ffffff801172c000 [   16K] rw-/rw-
ffffff801172c000-ffffff8011738000 [   48K] rw-/rwx
ffffff8011738000-ffffff801173c000 [   16K] rw-/rw-
ffffff801173c000-ffffff8011748000 [   48K] rw-/rwx
ffffff8011748000-ffffff801174c000 [   16K] rw-/rw-
ffffff801174c000-ffffff8011758000 [   48K] rw-/rwx
ffffff8011758000-ffffff801175c000 [   16K] rw-/rw-
ffffff801175c000-ffffff8011768000 [   48K] rw-/rwx
ffffff8011768000-ffffff801176c000 [   16K] rw-/rw-
ffffff801176c000-ffffff8011778000 [   48K] rw-/rwx
ffffff8011778000-ffffff801177c000 [   16K] rw-/rw-
ffffff801177c000-ffffff8011788000 [   48K] rw-/rwx
ffffff8011788000-ffffff801178c000 [   16K] rw-/rwx
ffffff801178c000-ffffff8011798000 [   48K] rw-/rwx
ffffff8011798000-ffffff801179c000 [   16K] rw-/rw-
ffffff801179c000-ffffff80117a8000 [   48K] rw-/rwx
ffffff80117a8000-ffffff80117ac000 [   16K] rw-/rw-
ffffff80117ac000-ffffff80117b8000 [   48K] rw-/rwx
ffffff80117b8000-ffffff80117bc000 [   16K] rw-/rwx
ffffff80117bc000-ffffff80117c8000 [   48K] rw-/rwx
ffffff80117c8000-ffffff80117cc000 [   16K] rw-/rwx
ffffff80117cc000-ffffff80117d8000 [   48K] rw-/rwx
ffffff80117d8000-ffffff80117dc000 [   16K] rw-/rwx
ffffff80117dc000-ffffff80117e8000 [   48K] rw-/rwx
ffffff80117e8000-ffffff80117ec000 [   16K] rw-/rwx
ffffff80117ec000-ffffff80117f8000 [   48K] rw-/rwx
ffffff80117f8000-ffffff80117fc000 [   16K] rw-/rwx
ffffff80117fc000-ffffff8011808000 [   48K] rw-/rwx
ffffff8011808000-ffffff801180c000 [   16K] rw-/rwx
ffffff801180c000-ffffff8011818000 [   48K] rw-/rwx
ffffff8011818000-ffffff801181c000 [   16K] rw-/rwx
ffffff801181c000-ffffff8011828000 [   48K] rw-/rwx
ffffff8011828000-ffffff801182c000 [   16K] rw-/rw-
ffffff801182c000-ffffff8011838000 [   48K] rw-/rwx
ffffff8011838000-ffffff801183c000 [   16K] rw-/rw-
ffffff801183c000-ffffff8011848000 [   48K] rw-/rwx
ffffff8011848000-ffffff801184c000 [   16K] rw-/rw-
ffffff801184c000-ffffff8011858000 [   48K] rw-/rwx
ffffff8011858000-ffffff801185c000 [   16K] rw-/rw-
ffffff801185c000-ffffff8011868000 [   48K] rw-/rwx
ffffff8011868000-ffffff801186c000 [   16K] rw-/rw-
ffffff801186c000-ffffff8011878000 [   48K] rw-/rwx
ffffff8011878000-ffffff801187c000 [   16K] rw-/rw-
ffffff801187c000-ffffff8011888000 [   48K] rw-/rwx
ffffff8011888000-ffffff801188c000 [   16K] rw-/rw-
ffffff801188c000-ffffff8011898000 [   48K] rw-/rwx
ffffff8011898000-ffffff801189c000 [   16K] rw-/rwx
ffffff801189c000-ffffff80118a8000 [   48K] rw-/rwx
ffffff80118a8000-ffffff80118ac000 [   16K] rw-/rw-
ffffff80118ac000-ffffff80118b8000 [   48K] rw-/rwx
ffffff80118b8000-ffffff80118bc000 [   16K] rw-/rw-
ffffff80118bc000-ffffff80118c8000 [   48K] rw-/rwx
ffffff80118c8000-ffffff80118cc000 [   16K] rw-/rw-
ffffff80118cc000-ffffff80118d8000 [   48K] rw-/rwx
ffffff80118d8000-ffffff80118dc000 [   16K] rw-/rw-
ffffff80118dc000-ffffff80118e8000 [   48K] rw-/rwx
ffffff80118e8000-ffffff80119e8000 [ 1024K] rw-/rw-
ffffff80119e8000-ffffff8011ae8000 [ 1024K] rw-/rw-
ffffff8011ae8000-ffffff8011be8000 [ 1024K] rw-/rw-
ffffff8011be8000-ffffff8011bf8000 [   64K] rw-/rw-
ffffff8011bf8000-ffffff8011c08000 [   64K] rw-/rw-
ffffff8011c08000-ffffff8011c10000 [   32K] rw-/rw-
ffffff8011c10000-ffffff8011c18000 [   32K] rw-/rw-
ffffff8011c18000-ffffff8011c20000 [   32K] rw-/rw-
ffffff8011c20000-ffffff8011c28000 [   32K] rw-/rw-
ffffff8011c28000-ffffff8011c30000 [   32K] rw-/rw-
ffffff8011c30000-ffffff8011c34000 [   16K] rw-/rw-
ffffff8011c34000-ffffff8011c40000 [   48K] rw-/rwx
ffffff8011c40000-ffffff8011c44000 [   16K] rw-/rw-
ffffff8011c44000-ffffff8011c50000 [   48K] rw-/rwx
ffffff8011c50000-ffffff8011c64000 [   80K] rw-/rw-
ffffff8011c64000-ffffff8011c78000 [   80K] rw-/rw-
ffffff8011c78000-ffffff8011d78000 [ 1024K] rw-/rw-
ffffff8011d78000-ffffff8012078000 [ 3072K] rw-/rw-
ffffff8012078000-ffffff8012378000 [ 3072K] rw-/rw-
ffffff8012378000-ffffff8012394000 [  112K] rw-/rw-
ffffff8012394000-ffffff80123a4000 [   64K] rw-/rw-
ffffff80123a4000-ffffff80123b4000 [   64K] rw-/rw-
ffffff80123b4000-ffffff80123c0000 [   48K] rw-/rwx
ffffff80123c0000-ffffff80123c4000 [   16K] rw-/rw-
ffffff80123c4000-ffffff80123d0000 [   48K] rw-/rwx
ffffff80123d0000-ffffff80123d4000 [   16K] rw-/rwx
ffffff80123d4000-ffffff80123e0000 [   48K] rw-/rwx
ffffff80123e0000-ffffff80123e4000 [   16K] rw-/rwx
ffffff80123e4000-ffffff80123f0000 [   48K] rw-/rwx
ffffff80123f0000-ffffff80123f4000 [   16K] rw-/rwx
ffffff80123f4000-ffffff8012400000 [   48K] rw-/rwx
ffffff8012400000-ffffff8012404000 [   16K] rw-/rwx
ffffff8012404000-ffffff8012410000 [   48K] rw-/rwx
ffffff8012410000-ffffff8012414000 [   16K] rw-/rwx
ffffff8012414000-ffffff8012420000 [   48K] rw-/rwx
ffffff8012420000-ffffff8012424000 [   16K] rw-/rwx
ffffff8012424000-ffffff8012430000 [   48K] rw-/rwx
ffffff8012430000-ffffff8012434000 [   16K] rw-/rwx
ffffff8012434000-ffffff8012440000 [   48K] rw-/rwx
ffffff8012440000-ffffff8012444000 [   16K] rw-/rw-
ffffff8012444000-ffffff8012450000 [   48K] rw-/rwx
ffffff8012450000-ffffff8012454000 [   16K] rw-/rwx
ffffff8012454000-ffffff8012460000 [   48K] rw-/rwx
ffffff8012460000-ffffff8012464000 [   16K] rw-/rwx
ffffff8012464000-ffffff8012470000 [   48K] rw-/rwx
ffffff8012470000-ffffff8012570000 [ 1024K] rw-/rw-
ffffff8012570000-ffffff8012574000 [   16K] rw-/rwx
ffffff8012574000-ffffff8012580000 [   48K] rw-/rwx
ffffff8012580000-ffffff8012584000 [   16K] rw-/rwx
ffffff8012584000-ffffff8012590000 [   48K] rw-/rwx
ffffff8012590000-ffffff8012594000 [   16K] rw-/rwx
ffffff8012594000-ffffff80125a0000 [   48K] rw-/rwx
ffffff80125a0000-ffffff80126d0000 [ 1216K] rw-/rw-
ffffff80126d0000-ffffff8012750000 [  512K] rw-/rw-
ffffff8012750000-ffffff8012760000 [   64K] rw-/rw-
ffffff8012760000-ffffff8012860000 [ 1024K] rw-/rw-
ffffff8012860000-ffffff8012960000 [ 1024K] rw-/rw-
ffffff8012960000-ffffff8012a60000 [ 1024K] rw-/rw-
ffffff8012a60000-ffffff8012a64000 [   16K] rw-/rw-
ffffff8012a64000-ffffff8012a70000 [   48K] rw-/rwx
ffffff8012a70000-ffffff8012a74000 [   16K] rw-/rw-
ffffff8012a74000-ffffff8012a80000 [   48K] rw-/rwx
ffffff8012a80000-ffffff8012a84000 [   16K] rw-/rwx
ffffff8012a84000-ffffff8012a90000 [   48K] rw-/rwx
ffffff8012a90000-ffffff8012a94000 [   16K] rw-/rwx
ffffff8012a94000-ffffff8012aa0000 [   48K] rw-/rwx
ffffff8012aa0000-ffffff8012aa4000 [   16K] rw-/rwx
ffffff8012aa4000-ffffff8012ab0000 [   48K] rw-/rwx
ffffff8012ab0000-ffffff8012ac0000 [   64K] rw-/rwx
ffffff8012ac0000-ffffff8012ac4000 [   16K] rw-/rwx
ffffff8012ac4000-ffffff8012ad0000 [   48K] rw-/rwx
ffffff8012ad0000-ffffff8012ad4000 [   16K] rw-/rwx
ffffff8012ad4000-ffffff8012ae0000 [   48K] rw-/rwx
ffffff8012ae0000-ffffff8012ae4000 [   16K] rw-/rwx
ffffff8012ae4000-ffffff8012af0000 [   48K] rw-/rwx
ffffff8012af0000-ffffff8012af4000 [   16K] rw-/rwx
ffffff8012af4000-ffffff8012b00000 [   48K] rw-/rwx
ffffff8012b00000-ffffff8012b04000 [   16K] rw-/rw-
ffffff8012b04000-ffffff8012b10000 [   48K] rw-/rwx
ffffff8012b10000-ffffff8012b14000 [   16K] rw-/rw-
ffffff8012b14000-ffffff8012b20000 [   48K] rw-/rwx
ffffff8012b20000-ffffff8012b24000 [   16K] rw-/rw-
ffffff8012b24000-ffffff8012b30000 [   48K] rw-/rwx
ffffff8012b30000-ffffff8012b34000 [   16K] rw-/rw-
ffffff8012b34000-ffffff8012b40000 [   48K] rw-/rwx
ffffff8012b40000-ffffff8012b44000 [   16K] rw-/rw-
ffffff8012b44000-ffffff8012b50000 [   48K] rw-/rwx
ffffff8012b50000-ffffff8012b54000 [   16K] rw-/rwx
ffffff8012b54000-ffffff8012b60000 [   48K] rw-/rwx
ffffff8012b60000-ffffff8012b64000 [   16K] rw-/rwx
ffffff8012b64000-ffffff8012b70000 [   48K] rw-/rwx
ffffff8012b70000-ffffff8012b74000 [   16K] rw-/rwx
ffffff8012b74000-ffffff8012b80000 [   48K] rw-/rwx
ffffff8012b80000-ffffff8012b84000 [   16K] rw-/rwx
ffffff8012b84000-ffffff8012b90000 [   48K] rw-/rwx
ffffff8012b90000-ffffff8012b94000 [   16K] rw-/rwx
ffffff8012b94000-ffffff8012ba0000 [   48K] rw-/rwx
ffffff8012ba0000-ffffff8012ba4000 [   16K] rw-/rwx
ffffff8012ba4000-ffffff8012bb0000 [   48K] rw-/rwx
ffffff8012bb0000-ffffff8012bb4000 [   16K] rw-/rw-
ffffff8012bb4000-ffffff8012bc0000 [   48K] rw-/rwx
ffffff8012bc0000-ffffff8012bc4000 [   16K] rw-/rwx
ffffff8012bc4000-ffffff8012bd0000 [   48K] rw-/rwx
ffffff8012bd0000-ffffff8012bd4000 [   16K] rw-/rwx
ffffff8012bd4000-ffffff8012be0000 [   48K] rw-/rwx
ffffff8012be0000-ffffff8012be4000 [   16K] rw-/rwx
ffffff8012be4000-ffffff8012bf0000 [   48K] rw-/rwx
ffffff8012bf0000-ffffff8012bf4000 [   16K] rw-/rwx
ffffff8012bf4000-ffffff8012c00000 [   48K] rw-/rwx
ffffff8012c00000-ffffff8012c04000 [   16K] rw-/rwx
ffffff8012c04000-ffffff8012c10000 [   48K] rw-/rwx
ffffff8012c10000-ffffff8012c14000 [   16K] rw-/rwx
ffffff8012c14000-ffffff8012c20000 [   48K] rw-/rwx
ffffff8012c20000-ffffff8012c24000 [   16K] rw-/rwx
ffffff8012c24000-ffffff8012c30000 [   48K] rw-/rwx
ffffff8012c30000-ffffff8012c34000 [   16K] rw-/rwx
ffffff8012c34000-ffffff8012c40000 [   48K] rw-/rwx
ffffff8012c40000-ffffff8012c44000 [   16K] rw-/rwx
ffffff8012c44000-ffffff8012c50000 [   48K] rw-/rwx
ffffff8012c50000-ffffff8012c54000 [   16K] rw-/rwx
ffffff8012c54000-ffffff8012c60000 [   48K] rw-/rwx
ffffff8012c60000-ffffff8012c64000 [   16K] rw-/rwx
ffffff8012c64000-ffffff8012c70000 [   48K] rw-/rwx
ffffff8012c70000-ffffff8012c74000 [   16K] rw-/rwx
ffffff8012c74000-ffffff8012c80000 [   48K] rw-/rwx
ffffff8012c80000-ffffff8012c90000 [   64K] rw-/rw-
ffffff8012c90000-ffffff8012ca0000 [   64K] rw-/rw-
ffffff8012ca0000-ffffff8012cb0000 [   64K] rw-/rw-
ffffff8012cb0000-ffffff8012cc0000 [   64K] rw-/rw-
ffffff8012cc0000-ffffff8013cc0000 [16384K] rw-/rw-
ffffff8013cc0000-ffffff8013cc8000 [   32K] rw-/rwx
ffffff8013cc8000-ffffff8013cd8000 [   64K] rw-/rwx
ffffff8013cd8000-ffffff8013ce0000 [   32K] rw-/rw-
ffffff8013ce0000-ffffff8013cf4000 [   80K] rw-/rwx
ffffff8013cf4000-ffffff8013d14000 [  128K] rw-/rwx
ffffff8013d14000-ffffff8013d20000 [   48K] rw-/rwx
ffffff8013d20000-ffffff8013d2c000 [   48K] rw-/rwx
ffffff8013d2c000-ffffff8013d4c000 [  128K] rw-/rwx
ffffff8013d4c000-ffffff8014f40000 [18384K] rw-/rw-
ffffff8014f40000-ffffff8014f48000 [   32K] rw-/rwx
ffffff8014f48000-ffffff8014f7c000 [  208K] rw-/rwx
ffffff8014f7c000-ffffff8014f84000 [   32K] rw-/rw-
ffffff8014f84000-ffffff8014f8c000 [   32K] rw-/rw-
ffffff8014f8c000-ffffff8014f94000 [   32K] rw-/rw-
ffffff8014f94000-ffffff8014f9c000 [   32K] rw-/rw-
ffffff8014f9c000-ffffff8014fa4000 [   32K] rw-/rwx
ffffff8014fa4000-ffffff8014fb4000 [   64K] rw-/rwx
ffffff8014fb4000-ffffff8014fb8000 [   16K] rw-/rwx
ffffff8014fb8000-ffffff8014fcc000 [   80K] rw-/rwx
ffffff8014fcc000-ffffff8014fd0000 [   16K] rw-/rwx
ffffff8014fd0000-ffffff8014fd4000 [   16K] rw-/rwx
ffffff8014fd4000-ffffff8014fd8000 [   16K] rw-/rwx
ffffff8014fd8000-ffffff8014fdc000 [   16K] rw-/rwx
ffffff8014fdc000-ffffff8014fe0000 [   16K] rw-/rwx
ffffff8014fe0000-ffffff8014fe4000 [   16K] rw-/rwx
ffffff8014fe4000-ffffff8014fec000 [   32K] rw-/rwx
ffffff8014fec000-ffffff8014ffc000 [   64K] rw-/rwx
ffffff8014ffc000-ffffff80154fc000 [ 5120K] rw-/rw-
ffffff80154fc000-ffffff80155fc000 [ 1024K] rw-/rw-
ffffff80155fc000-ffffff80156fc000 [ 1024K] rw-/rwx
ffffff80156fc000-ffffff80157fc000 [ 1024K] rw-/rwx
ffffff80157fc000-ffffff80159fc000 [ 2048K] rw-/rwx
ffffff80159fc000-ffffff8015efc000 [ 5120K] rw-/rwx
ffffff8015efc000-ffffff8015f0c000 [   64K] rw-/rw-
ffffff8015f0c000-ffffff8015f10000 [   16K] rw-/rwx
ffffff8015f10000-ffffff8015f14000 [   16K] rw-/rwx
ffffff8015f14000-ffffff8015f18000 [   16K] rw-/rwx
ffffff8015f18000-ffffff8015f1c000 [   16K] rw-/rwx
ffffff8015f1c000-ffffff8015f20000 [   16K] rw-/rwx
ffffff8015f20000-ffffff8015f24000 [   16K] rw-/rwx
ffffff8015f24000-ffffff8015f28000 [   16K] rw-/rwx
ffffff8015f28000-ffffff8015f2c000 [   16K] rw-/rwx
ffffff8015f2c000-ffffff8015f30000 [   16K] rw-/rwx
ffffff8015f30000-ffffff8015f34000 [   16K] rw-/rwx
ffffff8015f34000-ffffff8015f38000 [   16K] rw-/rwx
ffffff8015f38000-ffffff8015f3c000 [   16K] rw-/rwx
ffffff8015f3c000-ffffff8015f40000 [   16K] rw-/rwx
ffffff8015f40000-ffffff8015f44000 [   16K] rw-/rwx
ffffff8015f44000-ffffff8015f54000 [   64K] rw-/rwx
ffffff8015f54000-ffffff8015f60000 [   48K] rw-/rwx
ffffff8015f60000-ffffff8015f80000 [  128K] rw-/rwx
ffffff8015f80000-ffffff8015f84000 [   16K] rw-/rwx
ffffff8015f84000-ffffff8015f88000 [   16K] rw-/rwx
ffffff8015f88000-ffffff8015f8c000 [   16K] rw-/rwx
ffffff8015f8c000-ffffff8015f90000 [   16K] rw-/rwx
ffffff8015f90000-ffffff8015f94000 [   16K] rw-/rwx
ffffff8015f94000-ffffff8015f98000 [   16K] rw-/rwx
ffffff8015f98000-ffffff8015f9c000 [   16K] rw-/rwx
ffffff8015f9c000-ffffff8015fa0000 [   16K] rw-/rwx
ffffff8015fa0000-ffffff8015fa4000 [   16K] rw-/rwx
ffffff8015fa4000-ffffff8015fa8000 [   16K] rw-/rwx
ffffff8015fa8000-ffffff8015fac000 [   16K] rw-/rwx
ffffff8015fac000-ffffff8015fb0000 [   16K] rw-/rwx
ffffff8015fb0000-ffffff8015fb4000 [   16K] rw-/rwx
ffffff8015fb4000-ffffff8015fb8000 [   16K] rw-/rwx
ffffff8015fb8000-ffffff8015fbc000 [   16K] rw-/rwx
ffffff8015fbc000-ffffff8015fc0000 [   16K] rw-/rwx
ffffff8015fc0000-ffffff8015fc4000 [   16K] rw-/rwx
ffffff8015fc4000-ffffff8015fc8000 [   16K] rw-/rwx
ffffff8015fc8000-ffffff8015fcc000 [   16K] rw-/rwx
ffffff8015fcc000-ffffff8015fd0000 [   16K] rw-/rwx
ffffff8015fd0000-ffffff8015fd4000 [   16K] rw-/rwx
ffffff8015fd4000-ffffff8015fd8000 [   16K] rw-/rwx
ffffff8015fd8000-ffffff8015fdc000 [   16K] rw-/rwx
ffffff8015fdc000-ffffff8015fe0000 [   16K] rw-/rwx
ffffff8015fe0000-ffffff8015fe8000 [   32K] rw-/rw-
ffffff8015fe8000-ffffff8015fec000 [   16K] rw-/rwx
ffffff8015fec000-ffffff8015ff0000 [   16K] rw-/rwx
ffffff8015ff0000-ffffff8015ff4000 [   16K] rw-/rwx
ffffff8015ff4000-ffffff8015ff8000 [   16K] rw-/rwx
ffffff8015ff8000-ffffff8016000000 [   32K] rw-/rwx
ffffff8016000000-ffffff8118000000 [ 4128M] ---/---
ffffff8118000000-ffffff8130000000 [  384M] rw-/rwx
ffffff8130000000-ffffff81b5250000 [ 2130M] rw-/rwx
ffffff81b5250000-ffffff81b5544000 [ 3024K] rw-/rwx
ffffff81b5544000-ffffff81b55c4000 [  512K] rw-/rwx
ffffff81b55c4000-ffffff81b5614000 [  320K] rw-/rwx
ffffff81b5614000-ffffff81b5a14000 [ 4096K] rw-/rw-
ffffff81b5a14000-ffffff81b5e14000 [ 4096K] rw-/rwx
ffffff81b5e14000-ffffff81b5e94000 [  512K] rw-/rwx
ffffff81b5e94000-ffffff81b5e9c000 [   32K] rw-/rwx
ffffff81b5e9c000-ffffff81b5ea4000 [   32K] rw-/rwx
ffffff81b5ea4000-ffffff81b5ea8000 [   16K] rw-/rwx
ffffff81b5ea8000-ffffff81b5eb0000 [   32K] rw-/rwx
ffffff81b5eb0000-ffffff81b5eb8000 [   32K] rw-/rwx
ffffff81b5eb8000-ffffff81b5ec0000 [   32K] rw-/rwx
ffffff81b5ec0000-ffffff81b5ec8000 [   32K] rw-/rwx
ffffff81b5ec8000-ffffff81b5ed0000 [   32K] rw-/rwx
ffffff81b5ed0000-ffffff81b5ed4000 [   16K] rw-/rwx
ffffff81b5ed4000-ffffff81b5ed8000 [   16K] rw-/rwx
ffffff81b5ed8000-ffffff81b6080000 [ 1696K] r--/r--
ffffff81b6080000-ffffff81b6084000 [   16K] rw-/rwx
ffffff81b6084000-ffffff81b60c4000 [  256K] rw-/rwx
ffffff81b60c4000-ffffff81b60c8000 [   16K] rw-/rwx
ffffff81b60c8000-ffffff81b60d8000 [   64K] rw-/rwx
ffffff81b60d8000-ffffff81b6564000 [ 4656K] rw-/rwx
ffffff81b6564000-ffffff81b6568000 [   16K] rw-/rw-
ffffff81b6568000-ffffff81b656c000 [   16K] rw-/rw-
ffffff81b656c000-ffffff81b6570000 [   16K] rw-/rwx
ffffff81b6570000-ffffff81b6580000 [   64K] rw-/rwx
ffffff81b6580000-ffffff81b6584000 [   16K] rw-/rwx
ffffff81b6584000-ffffff81b6588000 [   16K] rw-/rwx
ffffff81b6588000-ffffff81b658c000 [   16K] rw-/rwx
ffffff81b658c000-ffffff81b6590000 [   16K] rw-/rwx
ffffff81b6590000-ffffff81b6594000 [   16K] rw-/rwx
ffffff81b6594000-ffffff81b6628000 [  592K] rw-/rwx
ffffff81b6628000-ffffff81b6630000 [   32K] rw-/rwx
ffffff81b6630000-ffffff81b6638000 [   32K] rw-/rwx
ffffff81b6638000-ffffff81b667c000 [  272K] rw-/rwx
ffffff81b667c000-ffffff81b668c000 [   64K] rw-/rwx
ffffff81b668c000-ffffff81b6690000 [   16K] rw-/rwx
ffffff81b6690000-ffffff81b6694000 [   16K] rw-/rwx
ffffff81b6694000-ffffff81b6698000 [   16K] rw-/rwx
ffffff81b669c000-ffffff81b66a0000 [   16K] rw-/rwx
ffffff81b66a0000-ffffff81b66a4000 [   16K] rw-/rwx
ffffff81b66a4000-ffffff81b66a8000 [   16K] rw-/rwx
ffffff81b66a8000-ffffff81b66ac000 [   16K] rw-/rwx
ffffff81b66ac000-ffffff81b66b0000 [   16K] rw-/rwx
ffffff81b66b0000-ffffff81b66b8000 [   32K] rw-/rwx
ffffff81b66b8000-ffffff81b66bc000 [   16K] rw-/rwx
ffffff81b66bc000-ffffff81b66c0000 [   16K] rw-/rwx
ffffff81b66c0000-ffffff81b66c4000 [   16K] rw-/rwx
ffffff81b66c4000-ffffff81b66c8000 [   16K] rw-/rwx
ffffff81b66c8000-ffffff81b66cc000 [   16K] rw-/rwx
ffffff81b66cc000-ffffff81b66d0000 [   16K] rw-/rwx
ffffff81b66d0000-ffffff81b66d4000 [   16K] rw-/rwx
ffffff81b66d4000-ffffff81b78c8000 [18384K] rw-/rwx
ffffff81b78c8000-ffffff81b7b40000 [ 2528K] rw-/rwx
ffffff81b7b40000-ffffff81b7b44000 [   16K] rw-/rwx
ffffff81b7b44000-ffffff81b7b48000 [   16K] rw-/rwx
ffffff81b7b48000-ffffff81b7b4c000 [   16K] rw-/rwx
ffffff81b7b4c000-ffffff81b7b50000 [   16K] rw-/rwx
ffffff81b7b50000-ffffff81b7b54000 [   16K] rw-/rwx
ffffff81b7b54000-ffffff81b7b5c000 [   32K] rw-/rwx
ffffff81b7b5c000-ffffff81b7c3c000 [  896K] rw-/rwx
ffffff81b7c3c000-ffffff81b7d40000 [ 1040K] r--/r--
ffffff81b7d40000-ffffff81b7d44000 [   16K] rw-/rwx
ffffff81b7e20000-ffffff81b7e24000 [   16K] rw-/rwx
ffffff81b7e24000-ffffff81b7e28000 [   16K] rw-/rwx
ffffff81b7e28000-ffffff81b7e2c000 [   16K] rw-/rwx
ffffff81b7e2c000-ffffff81b7e30000 [   16K] rw-/rwx
ffffff81b7e30000-ffffff81b7e34000 [   16K] rw-/rwx
ffffff81b7e34000-ffffff81b7e38000 [   16K] rw-/rwx
ffffff827fef8000-ffffff827fffc000 [ 1040K] ---/---
iPhone:~ root#


Running Bob's tool:

Code: Select all
Got port e03
vm_region returned 0
kernel start
   address = 0xffffff80021e0000, size = 0x3cf8000, info_count = 9
   protection = 3,max protect =7,inheritance=1,shared=0,reserved=1,offset=ffffff80021e0000,behavior=0,wired=0
vm_region returned 0
kernel end
   address = 0xffffff80021e0000, size = 0x3cf8000, info_count = 9
   protection = 3,max protect =7,inheritance=1,shared=0,reserved=1,offset=ffffff80021e0000,behavior=0,wired=0
Kernel size is about 0x0
backendbilly
Site Admin
 
Posts: 132
Joined: Fri May 29, 2015 5:58 pm

Re: Pangu 9.1 Kernel Dump

Postby backendbilly » Sat Mar 26, 2016 4:30 am

Ok I've been cheating :oops:

I modified Bob's tool by modifying startAddress and endAddress as follows:

Code: Select all
vm_address_t startAddress = 0xffffff8130000000;
vm_address_t endAddress = 0xffffff81b5250000;


I got the above address from kmap and did trial and error:

Code: Select all
iPhone:~ root# ./kmap |grep 'M]'
ffffff8016000000-ffffff8118000000 [ 4128M] ---/---
ffffff8118000000-ffffff8130000000 [  384M] rw-/rwx
ffffff8130000000-ffffff81b5250000 [ 2130M] rw-/rwx


Got a hard reboot with the following output:

Code: Select all
Kernel size is about 0x87e34000
kdump-ios9-test(1475,0x19ee53000) malloc: *** mach_vm_map(size=2233794560) failed (error code=3)
*** error: can't allocate region
*** set a breakpoint in malloc_error_break to debug
read 0x1 bytes from the kernel mem
read 0x2f4000 bytes from the kernel mem
read 0x80000 bytes from the kernel mem
read 0x50000 bytes from the kernel mem
read 0x50000 bytes from the kernel mem
read 0x400000 bytes from the kernel mem
read 0x80000 bytes from the kernel mem
read 0x8000 bytes from the kernel mem
read 0x8000 bytes from the kernel mem
read 0x4000 bytes from the kernel mem
read 0x8000 bytes from the kernel mem
read 0x8000 bytes from the kernel mem
read 0x8000 bytes from the kernel mem
read 0x8000 bytes from the kernel mem
read 0x8000 bytes from the kernel mem
read 0x4000 bytes from the kernel mem
read 0x4000 bytes from the kernel mem
read 0x1a8000 bytes from the kernel mem
read 0x4000 bytes from the kernel mem
read 0x40000 bytes from the kernel mem
read 0x4000 bytes from the kernel mem
read 0x10000 bytes from the kernel mem
read 0x48c000 bytes from the kernel mem
Connection to localhost closed by remote host.
Connection to localhost closed.


Got a kernel dump with a bunch of zeros
backendbilly
Site Admin
 
Posts: 132
Joined: Fri May 29, 2015 5:58 pm

Re: Pangu 9.1 Kernel Dump

Postby Siguza » Sat Mar 26, 2016 8:54 am

There's two regions >1GB now? Ugh.
Ok, here goes test3:
Code: Select all
#include <stdio.h>
#include <mach-o/loader.h>
#include <mach/vm_map.h>
#include "libkern.h"

#if __LP64__
#define MACH_HEADER_MAGIC MH_MAGIC_64
#else
#define MACH_HEADER_MAGIC MH_MAGIC
#endif

int main()
{
    int magic = MACH_HEADER_MAGIC;
    kern_return_t ret;
    task_t kernel_task;
    vm_region_submap_info_data_64_t info;
    vm_size_t size;
    mach_msg_type_number_t info_count = VM_REGION_SUBMAP_INFO_COUNT_64;
    unsigned int depth = 0;
    ret = get_kernel_task(&kernel_task);
    if(ret != KERN_SUCCESS)
    {
        printf("Failed to get kernel task\n");
        return 1;
    }
    for(vm_address_t addr = 0; 1; addr += size)
    {
        ret = vm_region_recurse_64(kernel_task, &addr, &size, &depth, (vm_region_info_t)&info, &info_count);
        if(ret != KERN_SUCCESS)
        {
            printf("return value: %u\n", ret);
            break;
        }
        if(size > 1024*1024*1024)
        {
            printf("base: " ADDR "\n", addr);
            for(vm_address_t off = addr; off < addr + 0x1000000; ++off)
            {
                off = find_bytes_kern(off, addr + 0x1000000, (unsigned char*)&magic, sizeof(int));
                if(off == 0)
                    break;
                else
                    printf("    " ADDR "\n", off);
            }
        }
    }
    return 0;
}
User avatar
Siguza
Unicorn
 
Posts: 158
Joined: Thu Jan 28, 2016 10:38 am

Re: Pangu 9.1 Kernel Dump

Postby backendbilly » Sat Mar 26, 2016 2:24 pm

Phone rebooted:

Code: Select all
iPhone:~ root# ./test3
base: ffffff800c000000
    ffffff800c630000
    ffffff800c67c000
Connection to localhost closed by remote host.
Connection to localhost closed.
backendbilly
Site Admin
 
Posts: 132
Joined: Fri May 29, 2015 5:58 pm

Re: Pangu 9.1 Kernel Dump

Postby Siguza » Sat Mar 26, 2016 3:10 pm

Okay then, 0x1000000 is too much. Feel like trying 0x640000?
User avatar
Siguza
Unicorn
 
Posts: 158
Joined: Thu Jan 28, 2016 10:38 am

Re: Pangu 9.1 Kernel Dump

Postby backendbilly » Sat Mar 26, 2016 3:34 pm

phone rebooted:

Code: Select all
iPhone:~ root# ./test3
base: ffffff801a000000
    ffffff801a404000
Connection to localhost closed by remote host.
Connection to localhost closed.


Here is modified test3.c:

Code: Select all
#include <stdio.h>
#include <mach-o/loader.h>
#include <mach/vm_map.h>
#include "libkern.h"

#if __LP64__
#define MACH_HEADER_MAGIC MH_MAGIC_64
#else
#define MACH_HEADER_MAGIC MH_MAGIC
#endif

int main()
{
    int magic = MACH_HEADER_MAGIC;
    kern_return_t ret;
    task_t kernel_task;
    vm_region_submap_info_data_64_t info;
    vm_size_t size;
    mach_msg_type_number_t info_count = VM_REGION_SUBMAP_INFO_COUNT_64;
    unsigned int depth = 0;
    ret = get_kernel_task(&kernel_task);
    if(ret != KERN_SUCCESS)
    {
        printf("Failed to get kernel task\n");
        return 1;
    }
    for(vm_address_t addr = 0; 1; addr += size)
    {
        ret = vm_region_recurse_64(kernel_task, &addr, &size, &depth, (vm_region_info_t)&info, &info_count);
        if(ret != KERN_SUCCESS)
        {
            printf("return value: %u\n", ret);
            break;
        }
        if(size > 1024*1024*1024)
        {
            printf("base: " ADDR "\n", addr);
            for(vm_address_t off = addr; off < addr + 0x640000; ++off)
            {
                off = find_bytes_kern(off, addr + 0x640000, (unsigned char*)&magic, sizeof(int));
                if(off == 0)
                    break;
                else
                    printf("    " ADDR "\n", off);
            }
        }
    }
    return 0;
backendbilly
Site Admin
 
Posts: 132
Joined: Fri May 29, 2015 5:58 pm

PreviousNext

Return to Questions and Answers

Who is online

Users browsing this forum: No registered users and 2 guests