Symbol binding of cached libraries

Questions and Answers about all things *OS (macOS, iOS, tvOS, watchOS)

Symbol binding of cached libraries

Postby liorh » Thu Oct 11, 2018 6:15 am

I am trying to understand the symbol binding procedure of the cache libraries in ARM64e.
I read here viewtopic.php?f=11&t=19557 that dyld decodes the pointers in __auth_got during the library load. However, I checked those values in some libraries in the cache at the beginning of the app execution, and they already have the correct values of the symbols. I also tried to parse the opcodes of a library inside the cache, and I get the exact same opcodes (same memory address) for all of the libraries. The data I get looks like a "trie" structure, and not binding opcodes:
00 01 5F 00 05 00 03 5F 5F 63 72 61 73 68 72 65
70 6F 72 74 65 72 5F 69 6E 66 6F 5F 5F 00 45 6C
69 62 53 79 73 74 65 6D 5F 61 74 66 6F 72 6B 5F
00 4D 6D 61 63 68 5F 69 6E 69 74 5F 72 6F 75 74
69 6E 65 00 79 06 00 E8 E8 BA C2 03 00 00 02 63
68 69 6C 64 00 59 70 00 5E 03 00 BC 39 00 00 02
...

What am I missing? Is the cache handled differently?
Thanks!
liorh
 
Posts: 5
Joined: Wed May 16, 2018 2:03 pm

Re: Symbol binding of cached libraries

Postby morpheus » Thu Oct 11, 2018 11:56 am

The libraries inside the cache are already prelinked (and have always been, not just in A12), so you don't need any binding opcodes anymore. jtool2 can handle this prelinking, which involves either a close jump (if libraries are in same 128MB range) or through a branch island. The only thing that does need modification is local PAC, so pointers are tagged accordingly.
morpheus
Site Admin
 
Posts: 697
Joined: Thu Apr 11, 2013 6:24 pm

Re: Symbol binding of cached libraries

Postby liorh » Thu Oct 11, 2018 1:13 pm

Thanks!!
liorh
 
Posts: 5
Joined: Wed May 16, 2018 2:03 pm


Return to Questions and Answers

Who is online

Users browsing this forum: No registered users and 6 guests