Jtool2 --analyze errors on iPhone 6 12.2 kernelcache

Used for discussing the various tools in the book as well as encouraging members to share tools

Jtool2 --analyze errors on iPhone 6 12.2 kernelcache

Postby charm3le0n » Wed Aug 07, 2019 10:23 pm

I recently ran jtool2 --analyze on a 12.2 kernelcache for an iPhone 6 and received the following output

Code: Select all
jtool2 --analyze ~/Downloads/iPhone_4.7_12.2_16E227_Restore.ipsw/kernelcache.release.iphone7
Analyzing kernelcache..
This is a new-style A8 kernelcache (Darwin Kernel Version 18.5.0: Tue Mar  5 19:52:15 PST 2019; root:xnu-4903.252.2~1/RELEASE_ARM64_T7000)
-- Processing __TEXT_EXEC.__text..
Disassembling 19496088 bytes from address 0xfffffff007664000 (offset 0x660000):
__ZN11OSMetaClassC2EPKcPKS_j is 0xfffffff007ca9354 (OSMetaClass)
Analyzing __DATA.__data..
Warning: Address 0xfffffff008b641b4 falls outside mapped range!
Analyzing __DATA.__sysctl_set..
Analyzing fuctions...
FOUND ops at 0xfffffff0076b719c!
Analyzing __DATA_CONST.. (1st pass)
*** Got non zero value (0xfffffff0076d5614) for non-pointer in sched struct - Please Tell J!
LAST ARG0 : fffffff007614c30 , fffffff007157630, 0
Expected to get bcopy @0xfffffff007669500 but got 87,87,87,95 not  86,86,86,98
processing flows...
Analyzing __DATA_CONST.. (2nd pass)
*** Got non zero value (0xfffffff0076d5614) for non-pointer in sched struct - Please Tell J!
Expected to get bcopy @0xfffffff007669500 but got 87,87,87,95 not  86,86,86,98
Got 1712 IOKit Classes
opened companion file ./kernelcache.release.iphone7.ARM64.7805CC40-8C01-386B-9BBB-ED91E0D2169D
Dumping symbol cache to file
Symbolicated 8565 symbols and 63646 functions


This was run with the jtool2 version that I just downloaded from your link today. Thought I would make morpheus aware per the messages in the output :)

ipsw link: http://updates-http.cdn-apple.com/2019S ... store.ipsw
charm3le0n
 
Posts: 1
Joined: Wed Aug 07, 2019 2:56 pm

Re: Jtool2 --analyze errors on iPhone 6 12.2 kernelcache

Postby morpheus » Thu Aug 08, 2019 5:55 am

Yep. Well aware of those. Thank you. Basically, AAPL changed structures in 12.2 (and 13) and I've hadn't a chance to update yet. Thank you for letting me know. More changes to --analyze coming soon!
morpheus
Site Admin
 
Posts: 723
Joined: Thu Apr 11, 2013 6:24 pm


Return to Tools

Who is online

Users browsing this forum: Google [Bot] and 0 guests