Page 1 of 1

Understanding dyld and indirect symbol table

PostPosted: Mon Jul 04, 2016 4:05 pm
by TheDarkKnight
Hi J,

I'm following your examples of using jtool to better understand dyld from your website post
http://www.newosxbook.com/articles/DYLD.html

The info for the indirect symbol table is shown: -
LC 06: LC_DYSYMTAB
1 local symbols at index 0
1 external symbols at index 1
81 undefined symbols at index 2
No TOC
No modtab
157 Indirect symbols at offset 0x6bf4
..


Followed by
Dumping the indirect symbol table is straightforward with jtool, by specifying an offset (or address) inside the table:


Where the example then uses

Code: Select all
jtool -do 0x6bf8 /bin/ls


If the indirect symbols are at offset 0x6bf4, why is jtool called with offset 0x6bf8?
I don't see any other references to this address, is it a mistake, or am I missing the obvious here?

Thanks ;O)

Re: Understanding dyld and indirect symbol table

PostPosted: Tue Jul 05, 2016 5:50 am
by morpheus
you didn't. It's a typo :-) I must've been using a different version of the binary then! At any rate, try -v -S because it shows it much nicer (and didnt exist then, I think)

Re: Understanding dyld and indirect symbol table

PostPosted: Tue Jul 05, 2016 7:55 am
by TheDarkKnight
Thanks for confirming the typo. I still think I'm missing something here.
Using 10.10, I can't seem to dump the indirect symbol table for /bin/ls.

I find the Indirect table offset

Code: Select all
#jtool -l -v /bin/ls | grep Indirect
    163 Indirect symbols at offset 0x6bd8

Then try to dump the table

Code: Select all
#jtool -do 0x6bd8 /bin/ls
    Warning: companion file /bin/ls.x86_64.1B048642-B490-356E-B8E0-AAE268796C5A not found
    Offset 0x6bd8 doesn't appear to belong to any segment

Re: Understanding dyld and indirect symbol table

PostPosted: Thu Mar 16, 2017 1:53 am
by morpheus
That's a(nother) unhandled case in jtool. I always dump segments, so I never bothered to check out of segments. I'll add that next revision. Thank you.