Skip to content

1.1.0
Compare
Choose a tag to compare
@0cyn 0cyn released this 05 Mar 03:06
· 129 commits to master since this release
1.1.0
7eb8290

This release mainly adds merged-type kernelcache parsing.

kmacho module

  • Added support for LC_THREAD, LC_UNIXTHREAD, and LC_MAIN
  • Added mapping for LC_LOAD_UPWARD_DYLIB

ktool module

New! ktool.kcache

KernelCache class:
.mach_kernel: Image -> Image representing the Mach Kernel itself
.kexts: List[Kext] -> List of Kext objects embedded in this kernel

Kext class:
.name -> kext name
.version: str -> kext version
.mach_header -> Mach-O Header of the Kext
.image -> Image representing this Kext

_VirtualMemoryMap
  • Added support (and detagging) for 64 bit kernel address space.
Image
  • added .entry_point attribute, which points to the address (in VM Space) of the program's entry point, if an LC_THREAD, LC_UNIXTHREAD, or LC_MAIN was in the header
  • added .thread_state attribute, which holds the entry thread state if an LC_THREAD/LC_UNIXTHREAD was defined
GUI
  • Fix: Window wont crash when a view is empty
Assets 2
Loading