Kernel Symbols

From The iPhone Wiki
Revision as of 03:37, 25 February 2012 by Morpheus (talk | contribs)
Jump to: navigation, search

iOS's XNU is largely stripped, and contains fewer and fewer symbols with its newer versions. Whereas in pre 3.0 most symbols were visible, nowadays only symbols required for KExt linkage remain so.

This page is started in the hopes of bringing together efforts of the various JBers so as to pool already symbolified sections of the kernel. Because addresses change along with the different builds, please add the symbols under the right kernel version (i.e. release + device). If not 100% sure about a symbol, indicate the level of confidence.

Started with iPod Touch 4G, because this is the main kernel the author has largely (>80%) symbolicated. Please add your own. Even if your build is different, the address space doesn't change that much. Bear in mind that - if Mountain Lion is any indication - iOS will soon introduce kernel level ASLR, as well.



symbol5.0.[0-1] iPodTouch 4GNotes
_exception_triage80016C34The Mach exception processing logic. Same address on iOS 5.0.1
sysent0x802CCBACThrough this you can obtain all of XNU's 438 system calls, e.g. _exit @0x8019DE04
syscall_names0x802D2C6CThe char[][] containing the textual names of all system calls
AppleMobileFileIntegrity_Start0x805E499CInitialization of AMFI, the kext responsible for sandbox policies and entitlements
ExceptionVectorsBase0x80078000Address of CPU exception handlers in kernel space: fleh_reset, fleh_undef, fleh_swi, fleh_prefabt, _fleh_dataabt, _fleh_addrexc and fleh_irq can be obtained from here

Note: For most of the above symbols, a fairly decent source code can be obtained from the public open source XNU at opensource.apple. Bear in mind that ml_, PE_ and other machine specific functions will naturally be implemented quite differently. (but, it's a start!)