JTool II: Testers wanted

Used for discussing the various tools in the book as well as encouraging members to share tools

Re: JTool II: Testers wanted

Postby morpheus » Mon Dec 31, 2018 11:13 am

Ok. Updated, jonios - the FAT bugs you found - fixed. Also, from ChangeLog

12/28/2018 (Vic Falls)
------------------
- -vv can now be used for "very verbose" (e.g. print page hashes with --sig, where just -v won't unless they mismatch)
- -fix for code signature page hashes in fat files (thanks, jonios)
- arm64e correctly identified in fat (now properly handling other various subtypes as well - went back to double check arm
v7/s/k as well)
- arm64_32 (Watch Series IV) now identified and disassembled as well (same as ARM64)

Many Jokerlib improvements: (2,260 symbols)
-------------------------------------------

- more joker symbols (for --analyze) including scheduler and some skywalk

- -d __DATA...* now automatically resolves tagged pointers when in a kernelcache!
Value is still displayed tagged, but resolved to untagged symbol

- "-dec" now available (like joker classic) to decompress compressed (lzvn/lzss) kernelcaches,
though you probably won't need it since now jtool2 handles compressed kernelcaches natively.

- integrated with Xn00p

- shows all zones (by tracking zinit, in case you IDA folk are wondering)
- reconstructs IOService object in __DATA_CONST.__const (the rest of the IO Objects will arrive soon)
(and just wait for Vol II coverage :-)




... And a New Year's update:


01/01/2019 (Chobe)
------------------

- Happy New 2019, people!
- Fixed -[lazy/]bind bug I had, especially with ARM64e bindings.. Now tables displayed correctly
- Now resolving all stubs in arm64e binaries. -d works to resolve all functions.
morpheus
Site Admin
 
Posts: 685
Joined: Thu Apr 11, 2013 6:24 pm

Re: JTool II: Testers wanted

Postby scknight » Wed Jan 02, 2019 9:29 pm

Just tried out the latest release of jtool2 and noticed some section/commands not being listed properly. The below output is on 10.14.2

Code: Select all
$ jtool2
Welcome to JTool 2.0 (α 8, Chobe) compiled on Jan  1 2019 16:41:06. Try "--help" for help
$ jtool2 -l /bin/ls
LC 00: LC_SEGMENT_64             Mem: 0x000000000-0x100000000   __PAGEZERO
LC 01: LC_SEGMENT_64             Mem: 0x100000000-0x100005000   __TEXT
   Mem: 0x100000f0c-0x100004420      __TEXT.__text   (Normal)
   Mem: 0x100004420-0x1000045e8      __TEXT.__stubs   (Symbol Stubs)
   Mem: 0x1000045e8-0x1000048f0      __TEXT.__stub_helper   (Normal)
   Mem: 0x1000048f0-0x100004ae8      __TEXT.__const   
   Mem: 0x100004ae8-0x100004f67      __TEXT.__cstring   (C-String Literals)
   Mem: 0x100004f68-0x100004ff8      __TEXT.__unwind_info   
LC 02: LC_SEGMENT_64             Mem: 0x100005000-0x100006000   __DATA
   Mem: 0x100005000-0x100005010      __DATA.__nl_symbol_ptr   (Non-Lazy Symbol Ptrs)
   Mem: 0x100005010-0x100005038      __DATA.__got   (Non-Lazy Symbol Ptrs)
   Mem: 0x100005038-0x100005298      __DATA.__la_symbol_ptr   (Lazy Symbol Ptrs)
   Mem: 0x1000052a0-0x1000054c8      __DATA.__const   
   Mem: 0x1000054d0-0x1000054f8      __DATA.__data   
   Mem: 0x100005500-0x1000055e0      __DATA.__bss   (Zero Fill)
   Mem: 0x1000055e0-0x10000566c      __DATA.__common   (Zero Fill)
LC 03: LC_SEGMENT_64             Mem: 0x100006000-0x10000a000   __LINKEDIT
LC 04: LC_DYLD_INFO             
      Rebase info: 24    bytes at offset 24576 (0x6000-0x6018)
      Bind info:   120   bytes at offset 24600 (0x6018-0x6090)
   No Weak info
      Lazy info:   1376  bytes at offset 24720 (0x6090-0x65f0)
      Export info: 32    bytes at offset 26096 (0x65f0-0x6610)
LC 05: LC_SYMTAB                
LC 06: LC_DYSYMTAB              
       1 local symbols at index     0
       1 external symbols at index  1
      82 undefined symbols at index 2
      No TOC
      No modtab
     159 Indirect symbols at offset 0x6bb0
LC 07: LC_LOAD_DYLINKER         /usr/lib/dyld
LC 08: LC_UUID                  UUID: A488DD5D-6F9A-3917-8D69-B3A83409F9F4
LC 09: LC_BUILD_VERSION         Build Version:           Platform: MacOS 10.14.0 SDK: 10
LC 10: LC_SOURCE_VERSION        Source Version:          272.220.1.0.0
LC 11: LC_MAIN                  Entry Point:             0x11ec (Mem: 0x1000011ec)
LC 12: LC_LOAD_DYLIB            /usr/lib/libutil.dylib
LC 13: LC_LOAD_DYLIB            /usr/lib/libncurses.5.4.dylib
LC 14: LC_LOAD_DYLIB            /usr/lib/libSystem.B.dylib
LC 15: LC_FUNCTION_STARTS       Offset:     26128, Size:     56 (0x6610-0x6648)
LC 16: LC_DATA_IN_CODE          Offset:     26184, Size:     40 (0x6648-0x6670)
LC 17: LC_CODE_SIGNATURE        Offset:     29184, Size:   9520 (0x7200-0x9730)
0xbadbad: Tell J to fix: -   (N == 0 &&ImmS == 63 && ImmR == 40  && Immediate ==  1)
0xbadbad: Tell J to fix: -   (N == 0 &&ImmS == 63 && ImmR == 40  && Immediate ==  1)
0xbadbad: Tell J to fix: -   (N == 1 &&ImmS == 63 && ImmR == 40  && Immediate ==  1)
0xbadbad: Tell J to fix: -   (N == 1 &&ImmS == 63 && ImmR == 40  && Immediate ==  1)
0xbadbad: Tell J to fix: -   (N == 0 &&ImmS == 8 && ImmR == 51  && Immediate ==  1)
0xbadbad: Tell J to fix: -   (N == 0 &&ImmS == 27 && ImmR == 32  && Immediate ==  1)
0xbadbad: Tell J to fix: -   (N == 0 &&ImmS == 8 && ImmR == 51  && Immediate ==  1)
0xbadbad: Tell J to fix: -   (N == 0 &&ImmS == 12 && ImmR == 58  && Immediate ==  1)
0xbadbad: Tell J to fix: -   (N == 0 &&ImmS == 8 && ImmR == 51  && Immediate ==  1)
0xbadbad: Tell J to fix: -   (N == 0 &&ImmS == 12 && ImmR == 48  && Immediate ==  1)
0xbadbad: Tell J to fix: -   (N == 0 &&ImmS == 8 && ImmR == 51  && Immediate ==  1)
0xbadbad: Tell J to fix: -   (N == 0 &&ImmS == 14 && ImmR == 32  && Immediate ==  1)
0xbadbad: Tell J to fix: -   (N == 0 &&ImmS == 11 && ImmR == 50  && Immediate ==  1)


J says: Those actually are listed very properly. It's my fault - I accidentally left a wrong debug message in (Oops :oops: ) fixed in tgz now
scknight
 
Posts: 54
Joined: Thu Nov 10, 2016 1:01 pm

Re: JTool II: Testers wanted

Postby darkknight » Thu Jan 03, 2019 7:00 pm

So one feature I particularly liked in jtool was the -d objc for Mach-O 64-bit executable x86_64. And while you couldn't disassemble, I found it worked in instances where tools like class-dump failed. I noticed that feature is no longer in jtool2
JCOLOR=1 jtool2 -v -d objc "/Applications/...."
'objc' is not an address, segment, section or symbol


Gone in jtool2 then?

J says: HECK, NO! That's MY favorite feature too! I just haven't gotten to it yet because I'm engrossed in Joker work. Speaking of... read further.. :-)
darkknight
 
Posts: 98
Joined: Mon Apr 18, 2016 10:49 pm

JTool II now does IOKit Classes!

Postby morpheus » Tue Jan 15, 2019 4:28 am

After a bit of testing, I have found a way to reliably determine Vtables of all IOKit classes - in 1469 (A12 - iPhone11, iPad8) kernels only:

Code: Select all
root@Qilin (~) #jtool2 --analyze /NewOSXBook/OS/kernelcache.release.ipad8                                           
Analyzing kernelcache..
This is Darwin Kernel Version 18.2.0: Mon Nov 12 20:32:02 PST 2018; root:xnu-4903.232.2~1/RELEASE_ARM64_T8027
-- Processing __TEXT_EXEC.__text..
Disassembling 22550368 bytes from address 0xfffffff007a00000 (offset 0x9fc000):
Done disassembling
Analyzing __DATA_CONST..
processing flows...
Analyzing __DATA_DATA..
Analyzing __DATA.__sysctl_set..
Got 153 IOKit Classes
opened companion file ./kernelcache.release.ipad8.ARM64.743592A6-FD89-3E57-A16C-85224AA2C477
Dumping symbol cache to file
Symbolicated 2565 symbols to ./kernelcache.release.ipad8.ARM64.743592A6-FD89-3E57-A16C-85224AA2C477
root@Qilin (~) #grep TVN ./kernelcache.release.ipad8.ARM64.743592A6-FD89-3E57-A16C-85224AA2C477 | tail                23:27
0xfffffff0077ea290:__ZTVN24IOTimeSyncIntervalFilter9MetaClassE
0xfffffff0077ea3d8:__ZTVN27IOTimeSyncIntervalFilterIIR9MetaClassE
0xfffffff0077ea458:__ZTVN27IOTimeSyncIntervalFilter1289MetaClassE
0xfffffff0077ea5a0:__ZTVN30IOTimeSyncIntervalFilterIIR1289MetaClassE
0xfffffff0077eabc0:__ZTVN17IOTimeSyncService9MetaClassE
0xfffffff0077eacd0:__ZTVN18IOTimeSyncNotifier9MetaClassE
0xfffffff0077eb330:__ZTVN32IOTimeSyncClockManagerUserClient9MetaClassE
0xfffffff0077eb960:__ZTVN29IOTimeSyncUserFilteredService9MetaClassE
0xfffffff0077ebfc0:__ZTVN39IOTimeSyncUserFilteredServiceUserClient9MetaClassE
0xfffffff0077edac0:__ZTVN34AppleMobileFileIntegrityUserClient9MetaClassE


I'm generating the symbols as C++ mangled names - Darwin's c++filt handles them well - for some reason Linux doesn't.

Please help test this and let me know if something doesn't make sense. It might need a fix or two yet.
morpheus
Site Admin
 
Posts: 685
Joined: Thu Apr 11, 2013 6:24 pm

Re: JTool II: Testers wanted

Postby morpheus » Thu Jan 24, 2019 4:29 pm

01/23/2019 (哈尔滨 IV) - joker improvements, Obj-C is coming back soon
----------------------

- Now Beta, no longer Alpha

- Companion file format is now '0x....|_symbol[|comment]' (that is, |-delimited instead of :)
A bit confusing and breaks compatibility with older jtool, but better for upcoming Obj-C
support and more parseable in general. If you want to convert old companion files to new:
tr ':' '|'
will do the trick

- x2.5 faster symbol cache performance:

before (using 1469 kernelcache as test)

morpheus@Zephyr (~/Downloads) %time jtool2 -d ~/Downloads/kernelcache.XS.12.1 > /dev/null
Disassembling 22412880 bytes from address 0xfffffff007a00000 (offset 0x9fc000):
jtool2 -d ~/Downloads/kernelcache.XS.12.1 > /dev/null 426.22s user 1.32s system 99% cpu 7:11.13 total

after:
Disassembling 22412880 bytes from address 0xfffffff007a00000 (offset 0x9fc000):
jtool2 -d ~/Downloads/kernelcache.XS.12.1 > /dev/null 172.82s user 0.57s system 99% cpu 2:53.96 total

And SpringBoard:

morpheus@Zephyr (~/Downloads) % jtool2 --analyze /Volumes/PeaceBSeed16B5084a.D331DeveloperOS/System/Library/CoreServices/SpringBoard.app/SpringBoard
Analyzing file...
Processing __DATA..
opened companion file ./SpringBoard.ARM64.4EAFF7DB-E2E8-32AA-A0E7-0F8A80AEA0D0
Dumping symbol cache to file
Symbolicated 18084 symbols to ./SpringBoard.ARM64.4EAFF7DB-E2E8-32AA-A0E7-0F8A80AEA0D0
morpheus@Zephyr (~/Downloads) % time jtool2 -d /Volumes/PeaceBSeed16B5084a.D331DeveloperOS/System/Library/CoreServices/SpringBoard.app/SpringBoard > /dev/null
opened companion file ./SpringBoard.ARM64.4EAFF7DB-E2E8-32AA-A0E7-0F8A80AEA0D0
Disassembling 7156024 bytes from address 0x100008124 (offset 0x8124):
jtool2 -d > /dev/null 4.28s user 0.10s system 99% cpu 4.405 total


- Analysis is *WAY* faster: x7-10 times!

Before:

morpheus@Zephyr (~/Downloads) %time jtool2 --analyze kernelcache.XS.12.1.1_16C50
Analyzing kernelcache..
...
Symbolicated 4468 symbols to ./kernelcache.XS.12.1.1_16C50.ARM64.557D0BCE-5CB7-351A-88BA-65A0A68390A3
jtool2 --analyze kernelcache.XS.12.1.1_16C50 68.81s user 0.69s system 99% cpu 1:10.08 total

After:

morpheus@Zephyr (~/Downloads) %time jtool2 --analyze kernelcache.XS.12.1.1_16C50
Analyzing kernelcache..
...
Symbolicated 4468 symbols to ./kernelcache.XS.12.1.1_16C50.ARM64.557D0BCE-5CB7-351A-88BA-65A0A68390A3
jtool2 --analyze kernelcache.XS.12.1.1_16C50 6.37s user 0.51s system 99% cpu 6.909 total

- Unleashed full functionality of IOKit classes - now have over 1800+!

- Total symbol count jumped to 4,600 thanks to new IOKit classes AND IOUserClient methods

- bcopy/bzero/kernel_task/etc (for s0rrymybad's tfp0)


Usual location - http://NEwOSXbook.com/tools/jtool2.tgz

If you have your own method(s) of symbolicating kernels - please check your symbols versus mine (with jtool2 --analyze , and then looking at the companion file). I would love to get feedback. Ditto if you need other symbols which I might have not covered and you find useful.
morpheus
Site Admin
 
Posts: 685
Joined: Thu Apr 11, 2013 6:24 pm

Re: JTool II: Testers wanted

Postby matteyeux » Tue Jan 29, 2019 9:46 pm

Hi J,

I'm having some issues with latest build of jtool2 (not tested on other versions) with an iPhone 6S kernelcache (device : n71; version : 12.1)

Code: Select all
jtool --analyze kernelcache.release.n71
jtool: malloc.c:2406: sysmalloc: Assertion `(old_top == initial_top (av) && old_size == 0) || ((unsigned long) (old_size) >= MINSIZE && prev_inuse (old_top) && ((unsigned long) old_end & (pagesize - 1)) == 0)' failed.
[1]    1340 abort      jtool --analyze kernelcache.release.n71


By the way thank you for providing jtool2 to the community, this is an awesome tool !

J Says: You're welcome, and I'll fix this.

Hi J, I have to specify, that I'm running it on a GNU/Linux box (Ubuntu and Debian latest version)
User avatar
matteyeux
 
Posts: 17
Joined: Tue Jan 05, 2016 7:59 pm

Re: JTool II: Testers wanted

Postby morpheus » Fri Feb 15, 2019 12:02 am

So A) matteyeux - your bug should be fixed.
B) new version of jtool2 (same location, http://NewOSXBook.com/tools/jtool2.tgz) with:

02/06/2019 (Cheltenham)
-----------------------

- -D (Decompile!) in really, really, early stage alpha
- Disassembly of 'B' now takes into account a jump to a symbol (but not _func..)
- Accidentally supplying a directory name no longer produces mmap(2) error. I need to update this still to work on apps, though, like jtool1
- Fixed rare crash in cursor logic
- arm64_32 slice now also included in fat
- A few other instructions that were @TODO (namely, UMULL, PACGA) are in


And now also finds _kernproc, _sb_evaluate, _kernel_task and a bunch of my favorite (and highly useful for QiLin) symbols. If you want any specific symbols, please let me know - in theory I can get anything now since I follow both code and data. I absolutely adore the -D feature - please try it on some random ARM64 binaries (for now, on all the binary, not just functions - and use color :-) )
morpheus
Site Admin
 
Posts: 685
Joined: Thu Apr 11, 2013 6:24 pm

Re: JTool II: Testers wanted

Postby zchee » Fri Feb 15, 2019 4:08 pm

Hey, zsh completion also updated to 2.0-beta1 :)

jtool2: support version: 2.0 (beta 1, Cheltenham) flags
- https://github.com/zchee/zsh-completion ... sh/_jtool2

Code: Select all
#compdef jtool2

# -----------------------------------------------------------------------------
# Copyright (c) 2018, Jonathan Levin (@Morpheus______ / http://newosxbook.com)
# All rights reserved.
# -----------------------------------------------------------------------------
#
# jtool2
#   http://newosxbook.com/tools/jtool2.tgz
#
# version: 2.0 (beta 1, Cheltenham) compiled on Feb 14 2019 18:35:15
#
# -----------------------------------------------------------------------------
#
# Usage: jtool [options] _filename_
#
# OTool Compatible Options:
#    -h            Dump Mach-O (or DYLD Shared Cache) header
#    -l            List sections/commands in binary
#    -L            print shared libraries used
#
# JTool (classic) Options:
#    -S            List Symbols (like NM)
#    -v[v]         Toggle verbosity (vv = very verbose)
#    -e            extract fat slice, Mach-O segment/section, dyld shared cache dylib or (NEW) kernelcache kext
#    -q            Quick operation - do not process any symbols in the Mach-O
#    -F            find all occurrences of _string_ in binary
#    -a            Find offset/segment corresponding to virtual address _addr_
#    -o            Find address corresponding to offset _offset_
#    -d            Dump (smart dump, will disassemble text and dump data by autodetecting)
#
# Code Signing Options:
#    --sig         Show code signature in binary (if any)
#    --ent         Show entitlements in binary (if any)
#
# Joker Compatible Options (applicable on kernel caches only):
#    -k            List kexts
#    -K            Kextract™ a kernel extension by its bundle ID
#    -dec          Decompress a kernelcache to /tmp/kernel (no longer necessary since JTool can now operate on compressed caches)
#
# dyldinfo Compatible Options:
#    --bind           print addresses dyld will set based on symbolic lookups
#    --lazy_bind      print addresses dyld will lazily set on first use
#    --opcodes        print opcodes used to generate the rebase and binding information
#    --function_starts   print table of function start addresses
#
# Newer (JTool 2) Options:
#    --analyze     Analyze file and create a companion file
#    --tbd         Create a .tbd file (for *OS private frameworks only - you'll need the dyld shared cache for this)
#    -D            Decompile (totally experimental - would love your feedback if you're reading this)
#
# Environment Variables:
#    ARCH                   Select architecture slice. Set to arm64, arm64e, arm64_32, armv7, armv7k, x86_64 or (not for long) i386
#    JDEBUG                 Enhanced debug output. May be very verbose
#    JCOLOR                 ANSI Colors. Note you'll need 'less -R' if piping output
#    JTOOLDIR               path to search for companion jtool files (default: $PWD).
#          Use this to force create a file, if one does not exist
#    NOPSUP                 Suppress NOPs in disassembly
#
# -----------------------------------------------------------------------------

function _jtool2() {
  local context curcontext=$curcontext state line ret=1
  declare -A opt_args

  local -a otool_compatible_options
  otool_compatible_options=(
  '-h:Dump Mach-O \(or DYLD Shared Cache\) header'
  '-l:List sections/commands in binary'
  '-L:print shared libraries used'
  )

  local -a jtool_classic_options
  jtool_classic_options=(
  '-S:List Symbols \(like NM\)'
  '-v:Toggle verbosity'
  '-vv:Toggle very verbose'
  '-e:extract fat slice, Mach-O segment/section, dyld shared cache dylib or (NEW) kernelcache kext'
  '-q:Quick operation - do not process any symbols in the Mach-O'
  '-F:find all occurrences of _string_ in binary'
  '-a:Find offset/segment corresponding to virtual address _addr_'
  '-o:Find address corresponding to offset _offset_'
  '-d:Dump \(smart dump, will disassemble text and dump data by autodetecting\)'
  )

  local -a code_signing_options
  code_signing_options=(
  '--sig:Show code signature in binary \(if any\)'
  '--ent:Show entitlements in binary \(if any\)'
  )

  local -a joker_compatible_options
  joker_compatible_options=(
  '-k:List kexts'
  '-K:Kextract™ a kernel extension by its bundle ID'
  '-dec:Decompress a kernelcache to /tmp/kernel \(no longer necessary since JTool can now operate on compressed caches\)'
  )

  local -a dyldinfo_compatible_options
  dyldinfo_compatible_options=(
  '--bind:print addresses dyld will set based on symbolic lookups'
  '--lazy_bind:print addresses dyld will lazily set on first use'
  '--opcodes:print opcodes used to generate the rebase and binding information'
  '--function_starts:print table of function start addresses'
  )

  local -a newer_jtool2_options
  newer_jtool2_options=(
  '--analyze:Analyze file and create a companion file'
  "--tbd:Create a .tbd file \(for *OS private frameworks only - you'll need the dyld shared cache for this\)]"
  "-D:Decompile:totally experimental - would love your feedback if you're reading this]"
  )

  _describe -t otool_compatible_options 'OTool Compatible Options' otool_compatible_options
  _describe -t jtool_classic_options 'JTool (classic) Options' jtool_classic_options
  _describe -t code_signing_options 'Code Signing Options' code_signing_options
  _describe -t joker_compatible_options 'Joker Compatible Options (applicable on kernel caches only)' joker_compatible_options
  _describe -t dyldinfo_compatible_options 'dyldinfo Compatible Options' dyldinfo_compatible_options
  _describe -t newer_jtool2_options 'Newer (JTool 2) Options' newer_jtool2_options

  _arguments -C \
    '--help[Show help]' \
    '*:_filename_:_files' \
    && ret=0

  return ret
}

_jtool2 "$*"

# vim:ft=zsh:et:sts=2:sw=2
- zchee
zchee
 
Posts: 7
Joined: Tue Dec 15, 2015 3:39 am

Re: JTool II: Testers wanted

Postby darkknight » Thu Feb 21, 2019 8:28 pm

Hmmmmmm so with jtool I could do :
Code: Select all
jtool -d _setErrorReporter qilin12.o
Disassembling from file offset 0x3240, Address 0x2ee0  to next function
_setErrorReporter:
        2ee0   SUB     SP, SP, 16           ; SP -= 0x10 (stack frame)
        2ee4   ADRP    X8, 0                ; ->R8 = 0x2000
        2ee8   ADD     X8, X8, #0        ; X8 = 0x2000 -|
        2eec   STR     X0, [SP, #8]         ; *(SP + 0x8) = ARG0
        2ef0   LDR     X0, [X31, #8]     ;--R0 = *(SP + 8) = 0x10e41a4ef
        2ef4   STR     X0, [X8, #0]         ;$ *(R8 + 0) = *(0x2000) = R0
= X0  0x10e41a4ef
        2ef8   ADD     X31, SP, #16         ; SP += 0x10 (stack frame)
        2efc   RET                       ;
_setDebugReporter:


However with jtool2 I get :
Code: Select all
./jtool2 -d _setErrorReporter qilin12.o
Address 0x2ee0 not found in file


Am I doing this wrong?
darkknight
 
Posts: 98
Joined: Mon Apr 18, 2016 10:49 pm

Re: JTool II: Testers wanted

Postby acura » Thu Feb 21, 2019 9:11 pm

darkknight wrote:Hmmmmmm so with jtool I could do :
Code: Select all
jtool -d _setErrorReporter qilin12.o
Disassembling from file offset 0x3240, Address 0x2ee0  to next function
_setErrorReporter:
        2ee0   SUB     SP, SP, 16           ; SP -= 0x10 (stack frame)
        2ee4   ADRP    X8, 0                ; ->R8 = 0x2000
        2ee8   ADD     X8, X8, #0        ; X8 = 0x2000 -|
        2eec   STR     X0, [SP, #8]         ; *(SP + 0x8) = ARG0
        2ef0   LDR     X0, [X31, #8]     ;--R0 = *(SP + 8) = 0x10e41a4ef
        2ef4   STR     X0, [X8, #0]         ;$ *(R8 + 0) = *(0x2000) = R0
= X0  0x10e41a4ef
        2ef8   ADD     X31, SP, #16         ; SP += 0x10 (stack frame)
        2efc   RET                       ;
_setDebugReporter:


However with jtool2 I get :
Code: Select all
./jtool2 -d _setErrorReporter qilin12.o
Address 0x2ee0 not found in file


Am I doing this wrong?


I have also seen this. That jtool have some issues with working on object files.
After linking the object file it works just fine.

Code: Select all
jtool2 -d _setErrorReporter a.out
Disassembling 31436 bytes from address 0x100009464 (offset 0x9464):
_setErrorReporter:
100009464   0xd10043ff  SUB      SP, SP, 16                 ;
100009468   0xf0000048  ADRP     X8, 11                     ; R8 = 0x100014000
10000946c   0x91160108  ADD      X8, X8, #1408              ; R8 = R8 + 0x580 = 0x100014580
100009470   0xf90007e0  STR      X0, [SP, #8]               ; *0x8 = R0
100009474   0xf94007e0  LDR      X0, [X31, #8]              ; ...R0 = *(R31 + 8) = *0x8
100009478   0xf9000100  STR      X0, [X8, #0]               ; *0x100014580 = R0
10000947c   0x910043ff  ADD      X31, SP, #16               ; R31 = R31 + 0x10
100009480   0xd65f03c0  RET                                 ; ..



J Says: This is anti-reversing mechanism I built-in to QiLin and JTool :-P (joking - it's obviously a bug, thanks for reporting, will be fixed tonight)
acura
 
Posts: 20
Joined: Thu Feb 15, 2018 9:16 pm

PreviousNext

Return to Tools

Who is online

Users browsing this forum: Google [Bot] and 0 guests

cron