Notes from iOS 89 and the OS X 10.1010.11 Preview
Jonathan Levin, http://newosxbook.com/ - 06/09/15
0. Changelog
| 6/8/15: | First version |
| 7/28/15: | Boot-args, 64 bit iOS kernel |
Check out @Technologeeks tweets, or the RSS Feed for updates - I'll add more as I go along.. Feel free to shoot any comments/questions to info@.
I'll be covering updated material for OS X 10.11 and iOS 9 at Our iOS/OS X for Reverse Engineers Course on 8/10/2015 in SFO!
I'll be covering updated material for OS X 10.11 and iOS 9 at Our iOS/OS X for Reverse Engineers Course on 8/10/2015 in SFO!
About
Another year, another OS. iOS 9 b1 and OS X 10.11 have been announced. I'm in the process of updating Mac OS X and iOS Internals (MOXII) to its 2nd edition - and this should answer you why I set the release date far into October (or a bit later) - at least this way the book will remain up to date for an entire year..
As usual, you need a password and redemption code to download OS X (or have a registered device for iOS 9), but thanks to the great people out there, both are leaked. This is important, because otherwise you need to be on the Apple Developer Program, and the first rule of the Apple Developer Program is you don't talk about the Apple Developer Program Beta software, nor can you reverse engineer. Once more, I almost got suckered into hitting "OK" with that checkbox, but opted out, and got the IPSW/DMG elsewhere. So - I can share my findings here (and of course much more will be in MOXII 2, soon).
This is a VERY rough listing, which tracks what I do to figure out diffs. Commands are raw and largely unedited. This is not meant to be A) comprehensive B) overly legible. You want a simple explanation of diffs, wait for MOXII 2. You want raw findings, read on. Feedback welcome.
Both (XNU)
- xnu
32163247(!). That's a leap from 2782/3 - New mac checks: expose_task - used by
processor_set_things,mach_port_space_info. also exception port checkes: (_mac_task_check_set_host_exception_port _mac_task_check_set_host_exception_ports _mac_task_check_set_host_special_port), _mac_kext_check_query (ha :-), and _mac_iokit_check_nvram_[get/set/delete] -
#define HOST_SYSDIAGNOSE_PORT (16 + HOST_MAX_SPECIAL_KERNEL_PORT) #define HOST_XPC_EXCEPTION_PORT (17 + HOST_MAX_SPECIAL_KERNEL_PORT) #define HOST_CONTAINERD_PORT (18 + HOST_MAX_SPECIAL_KERNEL_PORT)
- The system call table shows several (not 3, as erroneously tweeted by esser) new syscalls:
- netagent_trigger - q.v. new NetAgent Architecture ( netagent_send_error_response, netagent_send_success_response, netagent_unregister_session_wrapper, netagent_send_trigger, netagent_ctl_send, netagent_handle_register, netagent_handle_update, netagent_handle_get, netagent_handle_assert, netagent_handle_unassert, netagent_create_session)
- stack_snapshot_with_config (:-o!)
- microstackshot (OS X only?)
- grab_pgo_data
- kevent_qos (374)
- kdebug_trace64 and kdebug_trace_string (178,179)
stack_snapshot(#365) is like my 2nd favorite syscall, and kdebug (#180) is probably my 3rd, and it seems like Apple keeps on augmenting the mechanism. proc_infonow properly shows what kqueue/kevent is blocking on!- There are also placeholders for syscalls 494 through 498.
Why? Maybe we'll see in b2..by b7 of OS X there'swork_interval_ctl, as syscall 499.
1. iOS 9
If anyone reading this has, per chance, a 9.0b ARM64 kernel image (unencrypted, of course), I'd *really* appreciate it. I want to update Joker for 64-bit and 9..
- iBoot 2817. Huge leap from 2263 used in 8.x. And they stripped strings!!! (Congrats Apple, and sucks for the free world)
- ARM exception vector: 0x800c7000 - always a good starting point
- Syscalls in iOS 8+ formatted table (note new ones):
morpheus@Zephyr (/tmp)$ ~/Documents/Work/JTool/joker -m kernel.9b.4S.decrypted | more Source Version: 3216.0.0.1.15 This is iOS 9.x, or later ARM Exception Vector is at file offset @0xc6000 (Addr: 0x800c7000) Found iOS 8+ sysent table @3eb684 (Addr: 0x803ec684) Suppressing enosys (0x802c14bd) and old (0x802c14cd) 1. exit 802a0f48 T 2. fork 802a5734 T 3. read 802c14e8 T 4. write 802c1924 T 5. open 800f5344 T 6. close 80290e68 T 7. wait4 802a288c T 9. link 800f5c70 T 10. unlink 800f5d24 T 12. chdir 800f49e0 T 13. fchdir 800f49d0 T 14. mknod 800f57b0 T 15. chmod 800f67d8 T 16. chown 800f69d4 T 18. getfsstat 800f469c T 20. getpid 802aa5cc T 23. setuid 802aa96c T 24. getuid 802aa64c T 25. geteuid 802aa680 T 26. ptrace 802be368 T 27. recvmsg 802ebf64 T 28. sendmsg 802eb818 T 29. recvfrom 802ebe4c T 30. accept 802eacb0 T 31. getpeername 802ecaf8 T 32. getsockname 802eca3c T 33. access 800f6284 T 34. chflags 800f65d4 T 35. fchflags 800f6694 T 36. sync 800f4380 T 37. kill 802af704 T 39. getppid 802aa5d4 T 41. dup 8028e0ec T 42. pipe 802c445c T 43. getegid 802aa798 T 46. sigaction 802ae8a0 T 47. getgid 802aa764 T 48. sigprocmask 802aed78 T 49. getlogin 802abc18 T 50. setlogin 802abca0 T 51. acct 80288e1c T 52. sigpending 802aef54 T 53. sigaltstack 802af644 T 54. ioctl 802c1f2c T 55. reboot 802bd9f8 T 56. revoke 800f7b04 T 57. symlink 800f5cc8 T 58. readlink 800f6598 T 59. execve 8029d138 T 60. umask 800f7acc T 61. chroot 800f49f0 T 65. msync 802a69d4 T 66. vfork 802a451c T 73. munmap 802a6a88 T 74. mprotect 802a6ae0 T 75. madvise 802a6ba0 T 78. mincore 802a6c10 T 79. getgroups 802aa7cc T 80. setgroups 802abbd4 T 81. getpgrp 802aa5dc T 82. setpgid 802aa868 T 83. setitimer 802bd0e0 T 85. swapon 802fe670 T 86. getitimer 802bcf14 T 89. getdtablesize 8028dd04 T 90. dup2 8028e434 T 92. fcntl 8028eb14 T 93. select 802c223c T 95. fsync 800f7228 T 96. setpriority 802ac49c T 97. socket 802ea06c T 98. connect 802eace0 T 100. getpriority 802abff8 T 104. bind 802ea0c8 T 105. setsockopt 802ec66c T 106. listen 802ea358 T 111. sigsuspend 802aef7c T 116. gettimeofday 802bc778 T 117. getrusage 802ad4f8 T 118. getsockopt 802ec850 T 120. readv 802c17e4 T 121. writev 802c1d00 T 122. settimeofday 802bc96c T 123. fchown 800f6a48 T 124. fchmod 800f698c T 126. setreuid 802ab054 T 127. setregid 802ab72c T 128. rename 800f7554 T 131. flock 802922fc T 132. mkfifo 800f5b0c T 133. sendto 802eb70c T 134. shutdown 802ec638 T 135. socketpair 802eb528 T 136. mkdir 800f7678 T 137. rmdir 800f7740 T 138. utimes 800f6b8c T 139. futimes 800f6cb8 T 140. adjtime 802bcaa8 T 142. gethostuuid 802c3db4 T 147. setsid 802aa824 T 151. getpgid 802aa5e4 T 152. setprivexec 802aa5b4 T 153. pread 802c1734 T 154. pwrite 802c1bac T 157. statfs 800f43a0 T 158. fstatfs 800f4494 T 159. unmount 800f36e8 T 165. quotactl 800f439c T 167. mount 800f32b8 T 169. csops 802a8f80 T 170. csops_audittoken 802a8f9c T 173. waitid 802a2ca8 T 178. kdebug_trace_string 80286448 T 179. kdebug_trace64 8028631c T 180. kdebug_trace 802862c8 T 181. setgid 802ab320 T 182. setegid 802ab540 T 183. seteuid 802aae60 T 184. sigreturn 803041e4 T 185. chud 803013f8 T 187. fdatasync 800f7264 T 188. stat 800f62f4 T 189. fstat 8029125c T 190. lstat 800f63ac T 191. pathconf 800f64bc T 192. fpathconf 802912bc T 194. getrlimit 802ad358 T 195. setrlimit 802acc04 T 196. getdirentries 800f79d8 T 197. mmap 802a5e90 T 199. lseek 800f5d90 T 200. truncate 800f6da4 T 201. ftruncate 800f6f08 T 202. __sysctl 802b52d0 T 203. mlock 802a6d84 T 204. munlock 802a6e28 T 205. undelete 800f5cfc T 216. mkcomplex 800f5204 T 220. getattrlist 800d7a24 T 221. setattrlist 800d85d4 T 222. getdirentriesattr 800f7e9c T 223. exchangedata 800f81b4 T 225. searchfs 800f8780 T 226. delete 800f5d00 T 227. copyfile 800f7298 T 228. fgetattrlist 800d7990 T 229. fsetattrlist 800d86c4 T 230. poll 802c2c4c T 231. watchevent 802c363c T 232. waitevent 802c384c T 233. modwatch 802c3a00 T 234. getxattr 800f8d40 T 235. fgetxattr 800f8ef4 T 236. setxattr 800f9048 T 237. fsetxattr 800f918c T 238. removexattr 800f92cc T 239. fremovexattr 800f93c4 T 240. listxattr 800f94b8 T 241. flistxattr 800f95d8 T 242. fsctl 800f8b94 T 243. initgroups 802abbc4 T 244. posix_spawn 8029b460 T 245. ffsctl 800f8c9c T 250. minherit 802a6b6c T 266. shm_open 802f2f4c T 267. shm_unlink 802f37a0 T 268. sem_open 802f2094 T 269. sem_close 802f2ad8 T 270. sem_unlink 802f2858 T 271. sem_wait 802f2bc4 T 272. sem_trywait 802f2cbc T 273. sem_post 802f2d80 T 274. sem_getvalue 802b54b8 T 277. open_extended 800f50b4 T 278. umask_extended 800f7a6c T 279. stat_extended 800f62cc T 280. lstat_extended 800f637c T 281. fstat_extended 8029123c T 282. chmod_extended 800f66e4 T 283. fchmod_extended 800f6890 T 284. access_extended 800f5f34 T 285. settid 802ab9d0 T 286. gettid 802aa6b4 T 287. setsgroups 802abbe4 T 288. getsgroups 802aa81c T 289. setwgroups 802abbe8 T 290. getwgroups 802aa820 T 291. mkfifo_extended 800f5a30 T 292. mkdir_extended 800f75c0 T 294. shared_region_check_np 802ff57c T 296. vm_pressure_monitor 803000c4 T 297. psynch_rw_longrdlock 802f8d64 T 298. psynch_rw_yieldwrlock 802f8e48 T 299. psynch_rw_downgrade 802f8e84 T 300. psynch_rw_upgrade 802f8e80 T 301. psynch_mutexwait 802f8b78 T 302. psynch_mutexdrop 802f8bb4 T 303. psynch_cvbroad 802f8bf0 T 304. psynch_cvsignal 802f8c58 T 305. psynch_cvwait 802f8cc0 T 306. psynch_rw_rdlock 802f8d9c T 307. psynch_rw_wrlock 802f8e10 T 308. psynch_rw_unlock 802f8dd4 T 309. psynch_rw_unlock2 802f8e0c T 310. getsid 802aa610 T 311. settid_with_pid 802abab0 T 312. psynch_cvclrprepost 802f8d28 T 313. aio_fsync 802897cc T 314. aio_return 8028982c T 315. aio_suspend 80289b24 T 316. aio_cancel 802895ac T 317. aio_error 80289710 T 318. aio_read 8028980c T 319. aio_write 80289d28 T 320. lio_listio 80289d48 T 322. iopolicysys 802ad770 T 323. process_policy 802fc2d0 T 324. mlockall 802a6e74 T 325. munlockall 802a6e78 T 327. issetugid 802aa95c T 328. __pthread_kill 802af394 T 329. __pthread_sigmask 802af3ec T 330. __sigwait 802af478 T 331. __disable_threadsignal 802af09c T 332. __pthread_markcancel 802af0b4 T 333. __pthread_canceled 802af0f8 T 334. __semwait_signal 802af284 T 336. proc_info 802f9174 T 338. stat64 800f6320 T 339. fstat64 8029129c T 340. lstat64 800f63e0 T 341. stat64_extended 800f634c T 342. lstat64_extended 800f6418 T 343. fstat64_extended 8029127c T 344. getdirentries64 800f7a24 T 345. statfs64 800f4524 T 346. fstatfs64 800f4614 T 347. getfsstat64 800f4838 T 348. __pthread_chdir 800f49e8 T 349. __pthread_fchdir 800f49d8 T 350. audit 8027d064 T 351. auditon 8027d068 T 353. getauid 8027d06c T 354. setauid 8027d070 T 357. getaudit_addr 8027d074 T 358. setaudit_addr 8027d078 T 359. auditctl 8027d07c T 360. bsdthread_create 802f8a20 T 361. bsdthread_terminate 802f8aa8 T 362. kqueue 80294b84 T 363. kevent 80294b98 T 364. lchown 800f69f4 T 365. stack_snapshot 80287e18 T 366. bsdthread_register 802f8a58 T 367. workq_open 802f8b64 T 368. workq_kernreturn 802f8b2c T 369. kevent64 80294bcc T 370. __old_semwait_signal 802af168 T 371. __old_semwait_signal_nocancel 802af198 T 372. thread_selfid 802f8b18 T 373. ledger 802c3eb0 T 374. kevent_qos 80294c08 T 380. __mac_execve 8029d158 T 381. __mac_syscall 8038b480 T 382. __mac_get_file 8038b198 T 383. __mac_set_file 8038b460 T 384. __mac_get_link 8038b1a8 T 385. __mac_set_link 8038b470 T 386. __mac_get_proc 8038abe0 T 387. __mac_set_proc 8038acb8 T 388. __mac_get_fd 8038aeac T 389. __mac_set_fd 8038b1b8 T 390. __mac_get_pid 8038ab00 T 396. read_nocancel 802c1518 T 397. write_nocancel 802c1954 T 398. open_nocancel 800f5478 T 399. close_nocancel 80290e98 T 400. wait4_nocancel 802a2544 T 401. recvmsg_nocancel 802ebf94 T 402. sendmsg_nocancel 802eb848 T 403. recvfrom_nocancel 802ebe7c T 404. accept_nocancel 802ea4f4 T 405. msync_nocancel 802a6a04 T 406. fcntl_nocancel 8028eb44 T 407. select_nocancel 802c226c T 408. fsync_nocancel 800f725c T 409. connect_nocancel 802ead10 T 410. sigsuspend_nocancel 802af03c T 411. readv_nocancel 802c1814 T 412. writev_nocancel 802c1d30 T 413. sendto_nocancel 802eb73c T 414. pread_nocancel 802c1764 T 415. pwrite_nocancel 802c1bdc T 416. waitid_nocancel 802a28e4 T 417. poll_nocancel 802c2c7c T 420. sem_wait_nocancel 802f2bf4 T 421. aio_suspend_nocancel 80289b54 T 422. __sigwait_nocancel 802af4a8 T 423. __semwait_signal_nocancel 802af2b4 T 424. __mac_mount 800f32d8 T 425. __mac_get_mount 8038b6e4 T 426. __mac_getfsstat 800f46c0 T 427. fsgetpath 800f96ec T 428. audit_session_self 8027d058 T 429. audit_session_join 8027d05c T 430. fileport_makeport 80292408 T 431. fileport_makefd 802925b0 T 432. audit_session_port 8027d060 T 433. pid_suspend 802fedc0 T 434. pid_resume 802fee94 T 435. pid_hibernate 802ff240 T 436. pid_shutdown_sockets 802ff508 T 438. shared_region_map_and_slide_np 802ff670 T 439. kas_info 80300114 T 440. memorystatus_control 802b7b88 T 441. guarded_open_np 80293b7c T 442. guarded_close_np 80293e60 T 443. guarded_kqueue_np 80293e10 T 444. change_fdguard_np 80293ec8 T 446. proc_rlimit_control 802ade1c T 447. proc_connectx 802eaedc T 448. proc_disconnectx 802eb450 T 449. proc_peeloff 802eb2cc T 450. proc_socket_delegate 802ea0a0 T 451. proc_telemetry 802c4274 T 452. proc_uuid_policy 80302fd0 T 453. memorystatus_get_level 802b649c T 454. system_override 802fcb0c T 455. vfs_purge 800f9778 T 456. sfi_ctl 802bc5f4 T 457. sfi_pidctl 802bc648 T 458. coalition 802c6a2c T 459. coalition_info 802c6cd4 T 460. necp_match_policy 8014b000 T 461. getattrlistbulk 800d7bd4 T 463. openat 800f55b4 T 464. openat_nocancel 800f5588 T 465. renameat 800f75a4 T 466. faccessat 800f62a4 T 467. fchmodat 800f682c T 468. fchownat 800f6a14 T 469. fstatat 800f6448 T 470. fstatat64 800f6484 T 471. linkat 800f5c94 T 472. unlinkat 800f5d48 T 473. readlinkat 800f65b8 T 474. symlinkat 800f5ce4 T 475. mkdirat 800f76dc T 476. getattrlistat 800d7af8 T 477. proc_trace_log 802a98c8 T 478. bsdthread_ctl 802f8ae0 T 479. openbyid_np 800f5604 T 480. recvmsg_x 802ec0ac T 481. sendmsg_x 802eb964 T 482. thread_selfusage 802ae024 T 484. guarded_open_dprotected_np 80293c98 T 485. guarded_write_np 80294330 T 486. guarded_pwrite_np 802943e8 T 487. guarded_writev_np 802944d4 T 488. rename_ext 800f7578 T 489. mremap_encrypted 802a6e7c T 490. netagent_trigger 80152f38 T 491. stack_snapshot_with_config 80287fc4 T # No micro_stackshot in iOS, apparently :-( 493. grab_pgo_data 80303030 T
- Sysctls:
morpheus@Zephyr (~)$ ~/Documents/Work/JTool/joker -s kernel.9b.4S.decrypted | grep ^0x 0x804069d8: kern.nbuf Description: 0x80406a10: kern.maxnbuf Description: 0x80406a40: debug.lowpri_throttle_max_iosize Description: 0x80406a70: vfs.nummntops Description: 0x80401444: vfs.generic Description: vfs generic hinge 0x80406aa0: vfs.generic.vfsidlist Description: List of mounted filesystem ids 0x80406ad0: vfs.generic.ctlbyfsid Description: ctlbyfsid 0x80406b00: vfs.generic.noremotehang Description: noremotehang 0x80406b30: vfs.generic.maxtypenum Description: 0x80406b60: vfs.generic.sync_timeout Description: 0x80406b90: vfs.generic.conf Description: 0x80406bc0: vfs.generic.jnl Description: Journal 0x80406bf0: 0x8045a838.kdebug Description: Journal kdebug 0x80406c20: 0x8045a83c.trim Description: Enable kdebug logging for journal TRIM 0x80406c50: kern.jnl_trim_flush Description: number of trimmed extents to cause a journal flush 0x80406c80: debug.lowpri_throttle_tier1_window_msecs Description: 0x80406cb0: debug.lowpri_throttle_tier2_window_msecs Description: 0x80406ce0: debug.lowpri_throttle_tier3_window_msecs Description: 0x80406d10: debug.lowpri_throttle_tier1_io_period_msecs Description: 0x80406d40: debug.lowpri_throttle_tier2_io_period_msecs Description: 0x80406d70: debug.lowpri_throttle_tier3_io_period_msecs Description: 0x80406da0: debug.lowpri_throttle_tier1_io_period_ssd_msecs Description: 0x80406dd0: debug.lowpri_throttle_tier2_io_period_ssd_msecs Description: 0x80406e00: debug.lowpri_throttle_tier3_io_period_ssd_msecs Description: 0x80406e30: debug.lowpri_throttle_enabled Description: 0x80406e60: debug.bpf_bufsize Description: 0x80406e90: debug.bpf_maxbufsize Description: 0x80406ec0: debug.bpf_maxdevices Description: 0x80406ef0: debug.bpf_wantpktap Description: 0x80406f20: debug.bpf_debug Description: 0x80406f50: 0x8045a944.bridge Description: Bridge 0x80406f80: 0x8045a918.inherit_mac Description: Inherit MAC address from the first bridge member 0x80406fb0: 0x8045a918.rtable_prune_period Description: Interval between pruning of routing table 0x80406fe0: 0x8045a918.rtable_hash_size_max Description: Maximum size of the routing hash table 0x80407010: 0x8045a918.hostfilterstats Description: 0x80407040: 0x8045a918.txstart Description: Bridge interface uses TXSTART model 0x80407070: 0x8045a918.debug Description: Bridge debug 0x804070a0: net.link Description: Link layers 0x804070d0: 0x8045a944.generic Description: Generic link-management 0x80407100: 0x8045aa3c.if_verbose Description: 0x80407130: 0x8045aa3c.dlil_lladdr_ckreq Description: Require MACF system info check to expose link-layer address 0x80407160: 0x8045aa3c.dlil_verbose Description: Log DLIL error messages 0x80407190: 0x8045aa3c.sndq_maxlen Description: Default transmit queue max length 0x804071c0: 0x8045aa3c.rcvq_maxlen Description: Default receive queue max length 0x804071f0: 0x8045aa3c.rxpoll_decay Description: ilog2 of EWMA decay rate of avg inbound packets 0x80407220: 0x8045aa3c.rxpoll_freeze_time Description: input poll mode freeze time 0x80407250: 0x8045aa3c.rxpoll_sample_time Description: input poll sampling time 0x80407280: 0x8045aa3c.rxpoll_interval_time Description: input poll interval (time) 0x804072b0: 0x8045aa3c.rxpoll_interval_pkts Description: input poll interval (packets) 0x804072e0: 0x8045aa3c.rxpoll_wakeups_lowat Description: input poll wakeup low watermark 0x80407310: 0x8045aa3c.rxpoll_wakeups_hiwat Description: input poll wakeup high watermark 0x80407340: 0x8045aa3c.rxpoll_max Description: max packets per poll call 0x80407370: 0x8045aa3c.rxpoll Description: enable opportunistic input polling 0x804073a0: 0x8045aa3c.if_bw_smoothing_val Description: 0x804073d0: 0x8045aa3c.if_bw_measure_size Description: 0x80407400: 0x8045aa3c.dlil_input_threads Description: Current number of DLIL input threads 0x80407430: 0x8045aa3c.flow_advisory Description: enable flow-advisory mechanism 0x80407460: 0x8045aa3c.delaybased_queue Description: enable delay based dynamic queue sizing 0x80407490: 0x8045aa3c.hwcksum_in_invalidated Description: inbound packets with invalidated hardware cksum 0x804074c0: 0x8045aa3c.hwcksum_dbg Description: enable hardware cksum debugging 0x804074f0: 0x8045aa3c.start_delayed Description: number of times start was delayed 0x80407520: 0x8045aa3c.start_delay_disabled Description: number of times start was delayed 0x80407550: 0x8045aa3c.hwcksum_dbg_mode Description: hardware cksum debugging mode 0x80407580: 0x8045aa3c.hwcksum_dbg_partial_forced Description: packets forced using partial cksum 0x804075b0: 0x8045aa3c.hwcksum_dbg_partial_forced_bytes Description: bytes forced using partial cksum 0x804075e0: 0x8045aa3c.hwcksum_dbg_partial_rxoff_forced Description: forced partial cksum rx offset 0x80407610: 0x8045aa3c.hwcksum_dbg_partial_rxoff_adj Description: adjusted partial cksum rx offset 0x80407640: 0x8045aa3c.hwcksum_dbg_verified Description: packets verified for having good checksum 0x80407670: 0x8045aa3c.hwcksum_dbg_bad_cksum Description: packets with bad hardware calculated checksum 0x804076a0: 0x8045aa3c.hwcksum_dbg_bad_rxoff Description: packets with invalid rxoff 0x804076d0: 0x8045aa3c.hwcksum_dbg_adjusted Description: packets with rxoff adjusted 0x80407700: 0x8045aa3c.hwcksum_dbg_finalized_hdr Description: finalized headers 0x80407730: 0x8045aa3c.hwcksum_dbg_finalized_data Description: finalized payloads 0x80407760: 0x8045aa3c.hwcksum_tx Description: enable transmit hardware checksum offload 0x80407790: 0x8045aa3c.hwcksum_rx Description: enable receive hardware checksum offload 0x804077c0: 0x8045aa3c.tx_chain_len_stats Description: 0x804077f0: 0x8045aa3c.tx_chain_len_count Description: 0x80407820: 0x8045aa3c.get_ports_used Description: 0x80407850: 0x8045a944.ether Description: Ethernet 0x80407880: 0x8045a944.loopback Description: loopback interface 0x804078b0: 0x8045aa24.bw_sleep_usec Description: 0x804078e0: 0x8045aa24.bw_measure Description: 0x80407910: 0x8045aa24.max_dequeue Description: Maximum number of packets dequeued at a time 0x80407940: 0x8045aa24.sched_model Description: Scheduling model 0x80407970: 0x8045aa24.dequeue_sc Description: Dequeue a specific SC index 0x804079a0: 0x8045a948.system Description: Variables global to all interfaces 0x804079d0: 0x8045aa3c.ifcount Description: Number of configured interfaces 0x80407a00: 0x8045a948.ifdata Description: Interface table 0x80407a30: 0x8045a948.ifalldata Description: Interface table 0x80407a60: net.ndrv_multi_max_count Description: Number of allowed multicast addresses per NRDV socket 0x80407a90: 0x8045aab8.verbose Description: 0x80407ac0: net.routetable Description: 0x80407af0: net.route Description: routing 0x80407b20: net.statistics Description: Collect detailed statistics 0x80407b50: net.statistics_privcheck Description: Entitlement check 0x80407b80: net.stats Description: network statistics 0x80407bb0: 0x8045aac4.debug Description: 0x80407be0: 0x8045aac4.sendspace Description: 0x80407c10: 0x8045aac4.recvspace Description: 0x80407c40: 0x8045aac4.stats Description: 0x80407c70: 0x8045aa3c.if_family_ids Description: Interface Family ID table 0x80407ca0: net.necp Description: NECP 0x80407cd0: 0x8045ab48.pass_loopback Description: 0x80407d00: 0x8045ab48.pass_keepalives Description: 0x80407d30: 0x8045ab48.debug Description: 0x80407d60: 0x8045ab48.drop_all_level Description: 0x80407d90: 0x8045ab48.socket_policy_count Description: 0x80407dc0: 0x8045ab48.socket_non_app_policy_count Description: 0x80407df0: 0x8045ab48.ip_policy_count Description: 0x80407e20: 0x8045ab48.session_count Description: 0x80407e50: net.netagent Description: NetworkAgent 0x80407e80: 0x8045abe0.debug Description: 0x80407eb0: 0x8045abe0.registered_count Description: 0x80407ee0: 0x8045abe0.active_count Description: 0x80407f40: 0x8045a944.iptap Description: iptap virtual interface 0x80407f70: 0x8045ac8c.total_tap_count Description: 0x80407fa0: 0x8045ac8c.log Description: 0x80407fd0: 0x8045a944.pktap Description: pktap virtual interface 0x80408000: 0x8045acac.total_tap_count Description: 0x80408030: 0x8045acac.count_unknown_if_type Description: 0x80408060: 0x8045acac.log Description: 0x80408090: 0x8045aa3c.llreach_info Description: Per-interface tree of source link-layer reachability records 0x804080c0: net.cfil Description: cfil 0x804080f0: 0x8045acf0.log Description: 0x80408120: 0x8045acf0.debug Description: 0x80408150: 0x8045acf0.sock_attached_count Description: 0x80408180: 0x8045acf0.active_count Description: 0x804081b0: 0x8045acf0.close_wait_timeout Description: 0x804081e0: 0x8045acf0.sbtrim Description: 0x80408210: 0x8045acf0.filter_list Description: 0x80408240: 0x8045acf0.sock_list Description: 0x80408270: 0x8045acf0.stats Description: 0x804082a0: net.pktmnglr Description: pktmnglr 0x804082d0: 0x8045ad0c.log Description: 0x80408300: net.classq Description: classq 0x80408330: 0x8045ad3c.verbose Description: Class queue verbosity level 0x80408360: 0x8045ad3c.sfb Description: SFB 0x80408390: 0x8045ad40.holdtime Description: SFB freeze time in nanoseconds 0x804083c0: 0x8045ad40.pboxtime Description: SFB penalty box time in nanoseconds 0x804083f0: 0x8045ad40.hinterval Description: SFB hash interval in nanoseconds 0x80408420: 0x8045ad40.target_qdelay Description: SFB target queue delay in nanoseconds 0x80408450: 0x8045ad40.update_interval Description: SFB update interval 0x80408480: 0x8045ad40.increment Description: SFB increment [d1] 0x804084b0: 0x8045ad40.decrement Description: SFB decrement [d2] 0x804084e0: 0x8045ad40.allocation Description: SFB bin allocation 0x80408510: 0x8045ad40.ratelimit Description: SFB rate limit 0x80408540: net.pktsched Description: pktsched 0x80408570: 0x8045ad5c.verbose Description: Packet scheduler verbosity level 0x804085a0: 0x8045ae38.stats Description: 0x804085d0: 0x8045ae38.v3stats Description: 0x80408600: 0x8045ae38.recvifkludge Description: Rewrite IGMPv1/v2 reports from 0.0.0.0 to contain subnet address 0x80408630: 0x8045ae38.sendra Description: Send IP Router Alert option in IGMPv2/v3 messages 0x80408660: 0x8045ae38.sendlocal Description: Send IGMP membership reports for 224.0.0.0/24 groups 0x80408690: 0x8045ae38.v1enable Description: Enable backwards compatibility with IGMPv1 0x804086c0: 0x8045ae38.v2enable Description: Enable backwards compatibility with IGMPv2 0x804086f0: 0x8045ae38.legacysupp Description: Allow v1/v2 reports to suppress v3 group responses 0x80408720: 0x8045ae38.default_version Description: Default version of IGMP to run on each interface 0x80408750: 0x8045ae38.gsrdelay Description: Rate limit for IGMPv3 Group-and-Source queries in seconds 0x80408780: 0x8045ae38.debug Description: 0x804087b0: 0x8045ae38.ifinfo Description: Per-interface IGMPv3 state 0x804087e0: 0x8045ae28.subnets_are_local Description: 0x80408810: 0x8045aa18.inet Description: 0x80408840: 0x8045adb0.prune_intvl Description: 0x80408870: 0x8045adb0.max_age Description: 0x804088a0: 0x8045adb0.host_down_time Description: 0x804088d0: 0x8045adb0.arp_llreach_base Description: default ARP link-layer reachability max lifetime (in seconds) 0x80408900: 0x8045adb0.arp_unicast_lim Description: number of unicast ARP refresh probes before using broadcast 0x80408930: 0x8045adb0.maxtries Description: 0x80408960: 0x8045adb0.useloopback Description: 0x80408990: 0x8045adb0.proxyall Description: 0x804089c0: 0x8045adb0.sendllconflict Description: 0x804089f0: 0x8045adb0.log_arp_warnings Description: log arp warning messages 0x80408a20: 0x8045adb0.keep_announcements Description: keep arp announcements 0x80408a50: 0x8045adb0.send_conflicting_probes Description: send conflicting link-local arp probes 0x80408a80: 0x8045adb0.verbose Description: 0x80408ab0: 0x8045adb0.stats Description: ARP statistics (struct arpstat, net/if_arp.h) 0x80408ae0: 0x8045ae28.mcast Description: IPv4 multicast 0x80408b10: 0x8045adcc.maxgrpsrc Description: Max source filters per group 0x80408b40: 0x8045adcc.maxsocksrc Description: Max source filters per socket 0x80408b70: 0x8045adcc.loop Description: Loopback multicast datagrams by default 0x80408ba0: 0x8045adcc.filters Description: Per-interface stack-wide source filters 0x80408bd0: 0x8045ae28.portrange Description: IP Ports 0x80408c00: 0x8045adf8.lowfirst Description: 0x80408c30: 0x8045adf8.lowlast Description: 0x80408c60: 0x8045adf8.first Description: 0x80408c90: 0x8045adf8.last Description: 0x80408cc0: 0x8045adf8.hifirst Description: 0x80408cf0: 0x8045adf8.hilast Description: 0x80408d20: net.inet Description: Internet Family 0x80408d50: 0x8045ae24.ip Description: IP 0x80408d80: 0x8045ae24.icmp Description: ICMP 0x80408db0: 0x8045ae24.udp Description: UDP 0x80408de0: 0x8045ae24.tcp Description: TCP 0x80408e10: 0x8045ae24.igmp Description: IGMP 0x80408e40: 0x8045ae24.ipsec Description: IPSEC 0x80408e70: 0x8045ae24.raw Description: RAW 0x80408ea0: 0x8045ae28.rtexpire Description: Default expiration time on dynamically learned routes 0x80408ed0: 0x8045ae28.rtminexpire Description: Minimum time to attempt to hold onto dynamically learned routes 0x80408f00: 0x8045ae28.rtmaxcache Description: Upper limit on dynamically learned routes 0x80408f30: 0x8045ae28.dummynet Description: Dummynet 0x80408f60: 0x8045ae58.hash_size Description: Default hash table size 0x80408f90: 0x8045ae58.curr_time Description: Current tick 0x80408fc0: 0x8045ae58.ready_heap Description: Size of ready heap 0x80408ff0: 0x8045ae58.extract_heap Description: Size of extract heap 0x80409020: 0x8045ae58.searches Description: Number of queue searches 0x80409050: 0x8045ae58.search_steps Description: Number of queue search steps 0x80409080: 0x8045ae58.expire Description: Expire queue if empty 0x804090b0: 0x8045ae58.max_chain_len Description: Max ratio between dynamic queues and buckets 0x804090e0: 0x8045ae58.red_lookup_depth Description: Depth of RED lookup table 0x80409110: 0x8045ae58.red_avg_pkt_size Description: RED Medium packet size 0x80409140: 0x8045ae58.red_max_pkt_size Description: RED Max packet size 0x80409170: 0x8045ae58.debug Description: control debugging printfs 0x804091a0: 0x8045ae2c.stats Description: 0x804091d0: 0x8045ae2c.maskrepl Description: 0x80409200: 0x8045ae2c.timestamp Description: 0x80409230: 0x8045ae2c.drop_redirect Description: 0x80409260: 0x8045ae2c.log_redirect Description: 0x80409290: 0x8045ae2c.icmplim Description: 0x804092c0: 0x8045ae2c.bmcastecho Description: 0x804092f0: 0x8045ae28.random_id_statistics Description: Enable IP ID statistics 0x80409320: 0x8045ae28.random_id_collisions Description: Count of IP ID collisions 0x80409350: 0x8045ae28.random_id_total Description: Count of IP IDs created 0x80409380: 0x8045ae28.forwarding Description: Enable IP forwarding between interfaces 0x804093b0: 0x8045ae28.redirect Description: Enable sending IP redirects 0x804093e0: 0x8045ae28.ttl Description: Maximum TTL on IP packets 0x80409410: 0x8045ae28.sourceroute Description: Enable forwarding source routed IP packets 0x80409440: 0x8045ae28.accept_sourceroute Description: Enable accepting source routed IP packets 0x80409470: 0x8045ae28.sendsourcequench Description: Enable the transmission of source quench packets 0x804094a0: 0x8045ae28.maxfragpackets Description: Maximum number of IPv4 fragment reassembly queue entries 0x804094d0: 0x8045ae28.fragpackets Description: Current number of IPv4 fragment reassembly queue entries 0x80409500: 0x8045ae28.maxfragsperpacket Description: Maximum number of IPv4 fragments allowed per packet 0x80409530: 0x8045ae28.scopedroute Description: Enable IPv4 scoped routing 0x80409560: 0x8045ae28.adj_clear_hwcksum Description: Invalidate hwcksum info when adjusting length 0x80409590: 0x8045ae28.check_interface Description: Verify packet arrives on correct interface 0x804095c0: 0x8045ae28.rx_chaining Description: Do receive side ip address based chaining 0x804095f0: 0x8045ae28.rx_chainsz Description: IP receive side max chaining 0x80409620: 0x8045ae28.input_perf Description: Do time measurement 0x80409650: 0x8045ae28.input_perf_bins Description: bins for chaining performance data histogram 0x80409680: 0x8045ae28.input_perf_data Description: IP input performance data (struct net_perf, net/net_perf.h) 0x804096b0: 0x8045ae28.stats Description: IP statistics (struct ipstat, netinet/ip_var.h) 0x804096e0: 0x8045ae28.linklocal Description: link local 0x80409710: 0x8045aea8.stat Description: Number of link local packets with TTL less than 255 0x80409740: 0x8045aea8.in Description: link local input 0x80409770: 0x8045aeac.allowbadttl Description: Allow incoming link local packets with TTL less than 255 0x804097a0: 0x8045ae28.random_id Description: Randomize IP packets IDs 0x804097d0: 0x8045ae28.maxchainsent Description: use dlil_output_list 0x80409800: 0x8045ae28.select_srcif_debug Description: log source interface selection debug info 0x80409830: 0x8045ae28.output_perf Description: Do time measurement 0x80409860: 0x8045ae28.output_perf_bins Description: bins for chaining performance data histogram 0x80409890: 0x8045ae28.output_perf_data Description: IP output performance data (struct net_perf, net/net_perf.h) 0x804098c0: 0x8045ae40.maxdgram Description: Maximum outgoing raw IP datagram size 0x804098f0: 0x8045ae40.recvspace Description: Maximum incoming raw IP datagram size 0x80409920: 0x8045ae40.pcbcount Description: Number of active PCBs 0x80409950: 0x8045ae40.pcblist Description: List of active raw IP sockets 0x80409980: 0x8045ae40.pcblist_n Description: List of active raw IP sockets 0x804099b0: 0x8045ae34.clear_tfocache Description: Toggle to clear the TFO destination based heuristic cache 0x804099e0: 0x8045ae34.log_in_vain Description: Log all incoming TCP connections 0x80409a10: 0x8045ae34.blackhole Description: Do not send RST when dropping refused connections 0x80409a40: 0x8045ae34.delayed_ack Description: Delay ACK to try and piggyback it onto a data packet 0x80409a70: 0x8045ae34.tcp_lq_overflow Description: Listen Queue Overflow 0x80409aa0: 0x8045ae34.recvbg Description: Receive background 0x80409ad0: 0x8045ae34.drop_synfin Description: Drop TCP packets with SYN+FIN set 0x80409b00: 0x8045ae34.reass Description: TCP Segment Reassembly Queue 0x80409b30: 0x8045af58.overflows Description: Global number of TCP Segment Reassembly Queue Overflows 0x80409b60: 0x8045ae34.slowlink_wsize Description: Maximum advertised window size for slowlink 0x80409b90: 0x8045ae34.maxseg_unacked Description: Maximum number of outstanding segments left unacked 0x80409bc0: 0x8045ae34.rfc3465 Description: 0x80409bf0: 0x8045ae34.rfc3465_lim2 Description: Appropriate bytes counting w/ L=2*SMSS 0x80409c20: 0x8045ae34.recv_allowed_iaj Description: Allowed inter-packet arrival jiter 0x80409c50: 0x8045ae34.acc_iaj_high_thresh Description: Used in calculating maximum accumulated IAJ 0x80409c80: 0x8045ae34.doautorcvbuf Description: Enable automatic socket buffer tuning 0x80409cb0: 0x8045ae34.autorcvbufincshift Description: Shift for increment in receive socket buffer size 0x80409ce0: 0x8045ae34.autorcvbufmax Description: Maximum receive socket buffer size 0x80409d10: 0x8045ae34.lro Description: Used to coalesce TCP packets 0x80409d40: 0x8045ae34.lrodbg Description: Used to debug SW LRO 0x80409d70: 0x8045ae34.lro_startcnt Description: Segments for starting LRO computed as power of 2 0x80409da0: 0x8045ae34.limited_transmit Description: Enable limited transmit 0x80409dd0: 0x8045ae34.early_rexmt Description: Enable Early Retransmit 0x80409e00: 0x8045ae34.sack_ackadv Description: Use SACK with cumulative ack advancement as a dupack 0x80409e30: 0x8045ae34.dsack_enable Description: use DSACK TCP option to report duplicate segments 0x80409e60: 0x8045ae34.obey_ifef_nowindowscale Description: 0x80409e90: 0x8045ae34.rcvsspktcnt Description: packets to be seen before receiver stretches acks 0x80409ec0: 0x8045ae34.stats Description: TCP statistics (struct tcpstat, netinet/tcp_var.h) 0x80409ef0: 0x8045ae34.rexmt_thresh Description: Duplicate ACK Threshold for Fast Retransmit 0x80409f20: 0x8045ae34.path_mtu_discovery Description: Enable Path MTU Discovery 0x80409f50: 0x8045ae34.slowstart_flightsize Description: Slow start flight size 0x80409f80: 0x8045ae34.local_slowstart_flightsize Description: Slow start flight size for local networks 0x80409fb0: 0x8045ae34.tso Description: Enable TCP Segmentation Offload 0x80409fe0: 0x8045ae34.ecn_initiate_out Description: Initiate ECN for outbound connections 0x8040a010: 0x8045ae34.ecn_negotiate_in Description: Allow ECN negotiation for inbound connections 0x8040a040: 0x8045ae34.packetchain Description: Enable TCP output packet chaining 0x8040a070: 0x8045ae34.socket_unlocked_on_output Description: Unlock TCP when sending packets down to IP 0x8040a0a0: 0x8045ae34.rfc3390 Description: Calculate intial slowstart cwnd depending on MSS 0x8040a0d0: 0x8045ae34.min_iaj_win Description: Minimum recv win based on inter-packet arrival jitter 0x8040a100: 0x8045ae34.acc_iaj_react_limit Description: Accumulated IAJ when receiver starts to react 0x8040a130: 0x8045ae34.doautosndbuf Description: Enable send socket buffer auto-tuning 0x8040a160: 0x8045ae34.autosndbufinc Description: Increment in send socket bufffer size 0x8040a190: 0x8045ae34.autosndbufmax Description: Maximum send socket buffer size 0x8040a1c0: 0x8045ae34.ack_prioritize Description: Prioritize pure acks 0x8040a1f0: 0x8045ae34.rtt_recvbg Description: Use RTT for bg recv algorithm 0x8040a220: 0x8045ae34.recv_throttle_minwin Description: Minimum recv win for throttling 0x8040a250: 0x8045ae34.enable_tlp Description: Enable Tail loss probe 0x8040a280: 0x8045ae34.sack Description: Enable/Disable TCP SACK support 0x8040a2b0: 0x8045ae34.sack_maxholes Description: Maximum number of TCP SACK holes allowed per connection 0x8040a2e0: 0x8045ae34.sack_globalmaxholes Description: Global maximum number of TCP SACK holes 0x8040a310: 0x8045ae34.sack_globalholes Description: Global number of TCP SACK holes currently allocated 0x8040a340: 0x8045ae34.detect_reordering Description: 0x8040a370: 0x8045ae34.mssdflt Description: Default TCP Maximum Segment Size 0x8040a3a0: 0x8045ae34.v6mssdflt Description: Default TCP Maximum Segment Size for IPv6 0x8040a3d0: 0x8045ae34.fastopen_key Description: TCP Fastopen key 0x8040a400: 0x8045ae34.fastopen_backlog Description: Backlog queue for half-open TFO connections 0x8040a430: 0x8045ae34.fastopen Description: Enable TCP Fastopen (RFC 7413) 0x8040a460: 0x8045ae34.fastopen_fallback_min Description: Mininum number of trials without TFO when in fallback mode 0x8040a490: 0x8045ae34.minmss Description: Minmum TCP Maximum Segment Size 0x8040a4c0: 0x8045ae34.rfc1323 Description: Enable rfc1323 (high performance TCP) extensions 0x8040a4f0: 0x8045ae34.rfc1644 Description: Enable rfc1644 (TTCP) extensions 0x8040a520: 0x8045ae34.do_tcpdrain Description: Enable tcp_drain routine for extra help when low on mbufs 0x8040a550: 0x8045ae34.pcbcount Description: Number of active PCBs 0x8040a580: 0x8045ae34.tw_pcbcount Description: Number of pcbs in time-wait state 0x8040a5b0: 0x8045ae34.icmp_may_rst Description: Certain ICMP unreachable messages may abort connections in SYN_SENT 0x8040a5e0: 0x8045ae34.strict_rfc1948 Description: Determines if RFC1948 is followed exactly 0x8040a610: 0x8045ae34.isn_reseed_interval Description: Seconds between reseeding of ISN secret 0x8040a640: 0x8045ae34.background_io_enabled Description: Background IO Enabled 0x8040a670: 0x8045ae34.rtt_min Description: min rtt value allowed 0x8040a6a0: 0x8045ae34.rexmt_slop Description: Slop added to retransmit timeout 0x8040a6d0: 0x8045ae34.randomize_ports Description: Randomize TCP port numbers 0x8040a700: 0x8045ae34.win_scale_factor Description: Window scaling factor 0x8040a730: 0x8045ae34.tcbhashsize Description: Size of TCP control-block hashtable 0x8040a760: 0x8045ae34.pcblist Description: List of active TCP connections 0x8040a790: 0x8045ae34.pcblist_n Description: List of active TCP connections 0x8040a7c0: 0x8045ae34.keepinit Description: 0x8040a7f0: 0x8045ae34.keepidle Description: 0x8040a820: 0x8045ae34.keepintvl Description: 0x8040a850: 0x8045ae34.keepcnt Description: number of times to repeat keepalive 0x8040a880: 0x8045ae34.msl Description: Maximum segment lifetime 0x8040a8b0: 0x8045ae34.max_persist_timeout Description: Maximum persistence timeout for ZWP 0x8040a8e0: 0x8045ae34.always_keepalive Description: Assume SO_KEEPALIVE on all TCP connections 0x8040a910: 0x8045ae34.timer_fastmode_idlemax Description: Maximum idle generations in fast mode 0x8040a940: 0x8045ae34.broken_peer_syn_rxmit_thres Description: Number of retransmitted SYNs before TCP disables rfc1323 and rfc1644 during the rest of attempts 0x8040a970: 0x8045ae34.broken_peer_syn_rexmit_thres_local Description: Number of retransmitted SYNs before disabling RFC 1323 options on local connections 0x8040a9a0: 0x8045ae34.tcp_timer_advanced Description: Number of times one of the timers was advanced 0x8040a9d0: 0x8045ae34.tcp_resched_timerlist Description: Number of times timer list was rescheduled as part of processing a packet 0x8040aa00: 0x8045ae34.pmtud_blackhole_detection Description: Path MTU Discovery Black Hole Detection 0x8040aa30: 0x8045ae34.pmtud_blackhole_mss Description: Path MTU Discovery Black Hole Detection lowered MSS 0x8040aa60: 0x8045ae34.info Description: TCP info per tuple 0x8040aa90: 0x8045ae34.sendspace Description: Maximum outgoing TCP datagram size 0x8040aac0: 0x8045ae34.recvspace Description: Maximum incoming TCP datagram size 0x8040aaf0: 0x8045ae34.preconn_sbsz Description: Maximum preconnect space 0x8040ab20: 0x8045ae34.cc_debug Description: Enable debug data collection 0x8040ab50: 0x8045ae34.newreno_sockets Description: Number of sockets using newreno 0x8040ab80: 0x8045ae34.background_sockets Description: Number of sockets using background transport 0x8040abb0: 0x8045ae34.cubic_sockets Description: Number of sockets using cubic 0x8040abe0: 0x8045ae34.use_newreno Description: Use TCP NewReno by default 0x8040ac10: 0x8045ae34.cubic_tcp_friendliness Description: Enable TCP friendliness 0x8040ac40: 0x8045ae34.cubic_fast_convergence Description: Enable fast convergence 0x8040ac70: 0x8045ae34.cubic_use_minrtt Description: use a min of 5 sec rtt 0x8040aca0: 0x8045ae34.lro_sz Description: Max coalescing size 0x8040acd0: 0x8045ae34.lro_time Description: Max coalescing time 0x8040ad00: 0x8045ae34.bg_target_qdelay Description: Target queuing delay 0x8040ad30: 0x8045ae34.bg_allowed_increase Description: Additive constant used to calculate max allowed congestion window 0x8040ad60: 0x8045ae34.bg_tether_shift Description: Tether shift for max allowed congestion window 0x8040ad90: 0x8045ae34.bg_ss_fltsz Description: Initial congestion window for background transport 0x8040adc0: 0x8045ae30.checksum Description: 0x8040adf0: 0x8045ae30.log_in_vain Description: Log all incoming UDP packets 0x8040ae20: 0x8045ae30.blackhole Description: Do not send port unreachables for refused connects 0x8040ae50: 0x8045ae30.stats Description: UDP statistics (struct udpstat, netinet/udp_var.h) 0x8040ae80: 0x8045ae30.pcbcount Description: Number of active PCBs 0x8040aeb0: 0x8045ae30.randomize_ports Description: Randomize UDP port numbers 0x8040aee0: 0x8045ae30.pcblist Description: List of active UDP sockets 0x8040af10: 0x8045ae30.pcblist_n Description: List of active UDP sockets 0x8040af40: 0x8045ae30.recvspace Description: Maximum incoming UDP datagram size 0x8040af70: 0x8045ae30.maxdgram Description: Maximum outgoing UDP datagram size 0x8040afa0: 0x8045b0bc.enable Description: Enable Multipath TCP Support 0x8040afd0: 0x8045b0bc.mptcp_cap_retr Description: Number of MP Capable SYN Retries 0x8040b000: 0x8045b0bc.dss_csum Description: Enable DSS checksum 0x8040b030: 0x8045b0bc.fail Description: Failover threshold 0x8040b060: 0x8045b0bc.keepalive Description: Keepalive in seconds 0x8040b090: 0x8045b0bc.mpprio Description: Enable MP_PRIO option 0x8040b0c0: 0x8045b0bc.remaddr Description: Enable REMOVE_ADDR option 0x8040b0f0: 0x8045b0bc.fastjoin Description: Enable FastJoin Option 0x8040b120: 0x8045b0bc.zerortt_fastjoin Description: Enable Zero RTT Fast Join 0x8040b150: 0x8045b0bc.rwnotify Description: Enable RW notify on resume 0x8040b180: 0x8045b0bc.rtthist Description: Disable RTT History 0x8040b1b0: 0x8045b0bc.rtthist_thresh Description: Rtt threshold 0x8040b1e0: 0x8045b0bc.userto Description: Disable RTO for subflow selection 0x8040b210: 0x8045b0bc.rto_thresh Description: RTO threshold 0x8040b240: 0x8045b0bc.use_peer Description: Use peer 0x8040b270: 0x8045b0bc.peerswitchno Description: Set threshold based on peer's data arrival 0x8040b2a0: 0x8045b0bc.probeto Description: Disable probing by setting to 0 0x8040b2d0: 0x8045b0bc.probecnt Description: Number of probe writes 0x8040b300: 0x8045ae24.mptcp Description: MPTCP 0x8040b330: 0x8045b0bc.dbg_area Description: MPTCP debug area 0x8040b360: 0x8045b0bc.dbg_level Description: MPTCP debug level 0x8040b390: 0x8045b0bc.pcbcount Description: Number of active PCBs 0x8040b3c0: 0x8045b0bc.sk_lim Description: MPTCP socket limit 0x8040b3f0: 0x8045b0bc.delayed Description: MPTCP Delayed Subflow start 0x8040b420: 0x8045b0bc.usesymptoms Description: MPTCP Use SymptomsD 0x8040b450: 0x8045b0bc.pcblist Description: List of active MPTCP connections 0x8040b480: 0x8045b0bc.force_64bit_dsn Description: Force MPTCP 64bit dsn 0x8040b4b0: 0x8045b0bc.rto Description: MPTCP Retransmission Timeout 0x8040b4e0: 0x8045b0bc.nrto Description: MPTCP Retransmissions 0x8040b510: 0x8045b0bc.tw Description: MPTCP Timewait Period 0x8040b540: 0x8045ae3c.stats Description: 0x8040b570: 0x8045ae3c.def_policy Description: 0x8040b5a0: 0x8045ae3c.esp_trans_deflev Description: 0x8040b5d0: 0x8045ae3c.esp_net_deflev Description: 0x8040b600: 0x8045ae3c.ah_trans_deflev Description: 0x8040b630: 0x8045ae3c.ah_net_deflev Description: 0x8040b660: 0x8045ae3c.ah_cleartos Description: 0x8040b690: 0x8045ae3c.ah_offsetmask Description: 0x8040b6c0: 0x8045ae3c.dfbit Description: 0x8040b6f0: 0x8045ae3c.ecn Description: 0x8040b720: 0x8045ae3c.debug Description: 0x8040b750: 0x8045ae3c.esp_randpad Description: 0x8040b780: 0x8045ae3c.bypass Description: 0x8040b7b0: 0x8045ae3c.esp_port Description: 0x8040b7e0: 0x8045b1f8.stats Description: 0x8040b810: 0x8045b1f8.def_policy Description: 0x8040b840: 0x8045b1f8.esp_trans_deflev Description: 0x8040b870: 0x8045b1f8.esp_net_deflev Description: 0x8040b8a0: 0x8045b1f8.ah_trans_deflev Description: 0x8040b8d0: 0x8045b1f8.ah_net_deflev Description: 0x8040b900: 0x8045b1f8.ecn Description: 0x8040b930: 0x8045b1f8.debug Description: 0x8040b960: 0x8045b1f8.esp_randpad Description: 0x8040b990: 0x8045b1e8.maxfragpackets Description: Maximum number of IPv6 fragment reassembly queue entries 0x8040b9c0: 0x8045b1e8.fragpackets Description: Current number of IPv6 fragment reassembly queue entries 0x8040b9f0: 0x8045b1e8.maxfrags Description: Maximum number of IPv6 fragments allowed 0x8040ba20: 0x8045b1e8.scopedroute Description: Enable IPv6 scoped routing 0x8040ba50: 0x8045b1e8.adj_clear_hwcksum Description: Invalidate hwcksum info when adjusting length 0x8040ba80: 0x8045b1e8.input_perf Description: Do time measurement 0x8040bab0: 0x8045b1e8.input_perf_bins Description: bins for chaining performance data histogram 0x8040bae0: 0x8045b1e8.input_perf_data Description: IP6 input performance data (struct net_perf, net/net_perf.h) 0x8040bb10: 0x8045b1e8.output_perf Description: Do time measurement 0x8040bb40: 0x8045b1e8.output_perf_bins Description: bins for chaining performance data histogram 0x8040bb70: 0x8045b1e8.output_perf_data Description: IP6 output performance data (struct net_perf, net/net_perf.h) 0x8040bba0: 0x8045b1e8.select_srcif_debug Description: log source interface selection debug info 0x8040bbd0: 0x8045b1e8.select_srcaddr_debug Description: log source address selection debug info 0x8040bc00: 0x8045b1e8.select_src_expensive_secondary_if Description: allow source interface selection to use expensive secondaries 0x8040bc30: 0x8045b1e8.addrctlpolicy Description: 0x8040bc60: 0x8045b1e8.mcast Description: IPv6 multicast 0x8040bc90: 0x8045b190.maxgrpsrc Description: Max source filters per group 0x8040bcc0: 0x8045b190.maxsocksrc Description: Max source filters per socket 0x8040bcf0: 0x8045b190.loop Description: Loopback multicast datagrams by default 0x8040bd20: 0x8045b190.filters Description: Per-interface stack-wide source filters 0x8040bd50: net.inet6 Description: Internet6 Family 0x8040bd80: 0x8045b1e4.ip6 Description: IP6 0x8040bdb0: 0x8045b1e4.icmp6 Description: ICMP6 0x8040bde0: 0x8045b1e4.udp6 Description: UDP6 0x8040be10: 0x8045b1e4.tcp6 Description: TCP6 0x8040be40: 0x8045b1e4.ipsec6 Description: IPSEC6 0x8040be70: 0x8045b1e8.forwarding Description: 0x8040bea0: 0x8045b1e8.redirect Description: 0x8040bed0: 0x8045b1e8.hlim Description: 0x8040bf00: 0x8045b1e8.stats Description: 0x8040bf30: 0x8045b1e8.accept_rtadv Description: 0x8040bf60: 0x8045b1e8.keepfaith Description: 0x8040bf90: 0x8045b1e8.log_interval Description: 0x8040bfc0: 0x8045b1e8.hdrnestlimit Description: 0x8040bff0: 0x8045b1e8.dad_count Description: 0x8040c020: 0x8045b1e8.auto_flowlabel Description: 0x8040c050: 0x8045b1e8.defmcasthlim Description: 0x8040c080: 0x8045b1e8.gifhlim Description: 0x8040c0b0: 0x8045b1e8.kame_version Description: 0x8040c0e0: 0x8045b1e8.use_deprecated Description: 0x8040c110: 0x8045b1e8.rr_prune Description: 0x8040c140: 0x8045b1e8.use_tempaddr Description: 0x8040c170: 0x8045b1e8.temppltime Description: 0x8040c1a0: 0x8045b1e8.tempvltime Description: 0x8040c1d0: 0x8045b1e8.v6only Description: 0x8040c200: 0x8045b1e8.auto_linklocal Description: 0x8040c230: 0x8045b1e8.rip6stats Description: 0x8040c260: 0x8045b1e8.prefer_tempaddr Description: 0x8040c290: 0x8045b1e8.use_defaultzone Description: 0x8040c2c0: 0x8045b1e8.mcast_pmtu Description: 0x8040c2f0: 0x8045b1e8.neighborgcthresh Description: 0x8040c320: 0x8045b1e8.maxifprefixes Description: 0x8040c350: 0x8045b1e8.maxifdefrouters Description: 0x8040c380: 0x8045b1e8.maxdynroutes Description: 0x8040c3b0: 0x8045b1e8.only_allow_rfc4193_prefixes Description: 0x8040c3e0: 0x8045b1ec.rediraccept Description: 0x8040c410: 0x8045b1ec.redirtimeout Description: 0x8040c440: 0x8045b1ec.stats Description: 0x8040c470: 0x8045b1ec.nd6_prune Description: 0x8040c4a0: 0x8045b1ec.nd6_prune_lazy Description: 0x8040c4d0: 0x8045b1ec.nd6_delay Description: 0x8040c500: 0x8045b1ec.nd6_umaxtries Description: 0x8040c530: 0x8045b1ec.nd6_mmaxtries Description: 0x8040c560: 0x8045b1ec.nd6_useloopback Description: 0x8040c590: 0x8045b1ec.nd6_accept_6to4 Description: 0x8040c5c0: 0x8045b1ec.nodeinfo Description: 0x8040c5f0: 0x8045b1ec.errppslimit Description: 0x8040c620: 0x8045b1ec.rappslimit Description: 0x8040c650: 0x8045b1ec.nd6_debug Description: 0x8040c680: 0x8045b1ec.nd6_onlink_ns_rfc4861 Description: Accept 'on-link' nd6 NS in compliance with RFC 4861. 0x8040c6b0: 0x8045b1ec.nd6_optimistic_dad Description: 0x8040c6e0: 0x8045b1e8.rtexpire Description: 0x8040c710: 0x8045b1e8.rtminexpire Description: 0x8040c740: 0x8045b1e8.rtmaxcache Description: 0x8040c770: 0x8045b1e4.mld Description: IPv6 Multicast Listener Discovery 0x8040c7a0: 0x8045b208.gsrdelay Description: Rate limit for MLDv2 Group-and-Source queries in seconds 0x8040c7d0: 0x8045b208.ifinfo Description: Per-interface MLDv2 state 0x8040c800: 0x8045b208.v1enable Description: Enable fallback to MLDv1 0x8040c830: 0x8045b208.v2enable Description: Enable MLDv2 (debug purposes only) 0x8040c860: 0x8045b208.use_allow Description: Use ALLOW/BLOCK for RFC 4604 SSM joins/leaves 0x8040c890: 0x8045b208.debug Description: 0x8040c8c0: 0x8045b1ec.nd6_drlist Description: 0x8040c8f0: 0x8045b1ec.nd6_prlist Description: 0x8040c920: 0x8045b1e8.maxchainsent Description: use dlil_output_list 0x8040c950: 0x8045b1ec.nd6_llreach_base Description: default ND6 link-layer reachability max lifetime (in seconds) 0x8040c980: 0x8045b1ec.nd6_maxsolstgt Description: maximum number of outstanding solicited targets per prefix 0x8040c9b0: 0x8045b1ec.nd6_maxproxiedsol Description: maximum number of outstanding solicitations per target 0x8040c9e0: 0x8045b1ec.prproxy_cnt Description: total number of proxied prefixes 0x8040ca10: 0x8045b1e4.send Description: IPv6 Secure Neighbor Discovery 0x8040ca40: 0x8045b2b8.opstate Description: current SEND operating state 0x8040ca70: 0x8045b2b8.opmode Description: configured SEND operating mode 0x8040caa0: 0x8045b2b8.cga_parameters Description: 0x8040cad0: 0x8045b340.debug Description: 0x8040cb00: 0x8045b340.spi_trycnt Description: 0x8040cb30: 0x8045b340.spi_minval Description: 0x8040cb60: 0x8045b340.spi_maxval Description: 0x8040cb90: 0x8045b340.int_random Description: 0x8040cbc0: 0x8045b340.larval_lifetime Description: 0x8040cbf0: 0x8045b340.blockacq_count Description: 0x8040cc20: 0x8045b340.blockacq_lifetime Description: 0x8040cc50: 0x8045b340.esp_auth Description: 0x8040cc80: 0x8045b340.esp_keymin Description: 0x8040ccb0: 0x8045b340.ah_keymin Description: 0x8040cce0: 0x8045b340.prefered_oldsa Description: 0x8040cd10: 0x8045b340.natt_keepalive_interval Description: 0x8040cd40: 0x8045b340.pfkeystat Description: 0x8040cd70: net.key Description: Key Family 0x8040cda0: kern.flush_cache_on_write Description: always flush the drive cache on writes to uncached files 0x8040cdd0: vfs.generic.root_unmounted_cleanly Description: Root filesystem was unmounted cleanly 0x8040ce00: vfs.generic.always_do_fullfsync Description: always F_FULLFSYNC when fsync is called 0x8040ce30: vfs.generic.hfs Description: HFS file system 0x8040ce60: 0x8045b3d0.kdebug Description: HFS kdebug 0x8040ce90: 0x8045b3d4.allocation Description: Enable kdebug logging for HFS allocations 0x8040cec0: kern.clockrate Description: 0x8040cef0: vm.cs_force_kill Description: 0x8040cf20: vm.cs_force_hard Description: 0x8040cf50: vm.cs_debug Description: 0x8040cf80: vm.cs_all_vnodes Description: 0x8040cfb0: 0x8045b74c.kevt Description: Kernel event family 0x8040cfe0: 0x8045b528.stats Description: 0x8040d010: 0x8045b528.pcblist Description: 0x8040d040: 0x8045b74c.kctl Description: Kernel control family 0x8040d070: 0x8045b548.stats Description: 0x8040d0a0: 0x8045b548.reg_list Description: 0x8040d0d0: 0x8045b548.pcblist Description: 0x8040d100: 0x8045b548.autorcvbufmax Description: 0x8040d130: 0x8045b548.autorcvbufhigh Description: 0x8040d160: 0x8045b548.debug Description: 0x8040d190: kern.sugid_scripts Description: 0x8040d1c0: debug.lockf_debug Description: 0x8040d1f0: kern.maxprocperuid Description: Maximum processes allowed per userid 0x8040d220: kern.maxfilesperproc Description: Maximum files allowed open per process 0x8040d250: kern.threadname Description: 0x8040d280: kern.sched_stats Description: 0x8040d2b0: kern.sched_stats_enable Description: 0x8040d2e0: debug.sched Description: scheduler debug 0x8040d310: kern.proc Description: 0x8040d340: 0x8045b5c4.all Description: 0x8040d370: 0x8045b5c4.pid Description: 0x8040d3a0: 0x8045b5c4.tty Description: 0x8040d3d0: 0x8045b5c4.pgrp Description: 0x8040d400: 0x8045b5c4.uid Description: 0x8040d430: 0x8045b5c4.ruid Description: 0x8040d460: 0x8045b5c4.lcid Description: 0x8040d490: kern.kdebug Description: 0x8040d4c0: kern.procargs2 Description: 0x8040d4f0: kern.ostype Description: 0x8040d520: kern.osrelease Description: 0x8040d550: kern.osrevision Description: 0x8040d580: kern.version Description: 0x8040d5b0: kern.uuid Description: 0x8040d5e0: kern.osversion Description: 0x8040d610: kern.bootargs Description: bootargs 0x8040d640: kern.maxfiles Description: 0x8040d670: kern.argmax Description: 0x8040d6a0: kern.posix1version Description: 0x8040d6d0: kern.ngroups Description: 0x8040d700: kern.job_control Description: 0x8040d730: kern.saved_ids Description: 0x8040d760: kern.num_files Description: 0x8040d790: kern.num_vnodes Description: 0x8040d7c0: kern.num_tasks Description: 0x8040d7f0: kern.num_threads Description: 0x8040d820: kern.num_taskthreads Description: 0x8040d850: kern.namecache_disabled Description: 0x8040d880: kern.maxvnodes Description: 0x8040d8b0: kern.maxproc Description: 0x8040d8e0: kern.aiomax Description: 0x8040d910: kern.aioprocmax Description: 0x8040d940: kern.aiothreads Description: 0x8040d970: kern.securelevel Description: 0x8040d9a0: kern.nisdomainname Description: 0x8040d9d0: kern.hostid Description: 0x8040da00: kern.hostname Description: 0x8040da30: kern.procname Description: 0x8040da60: kern.speculative_reads_disabled Description: 0x8040da90: kern.ignore_is_ssd Description: 0x8040dac0: kern.root_is_fusion_drive Description: 0x8040daf0: kern.preheat_max_bytes Description: 0x8040db20: kern.preheat_min_bytes Description: 0x8040db50: kern.speculative_prefetch_max Description: 0x8040db80: kern.speculative_prefetch_max_iosize Description: 0x8040dbb0: kern.vm_page_free_target Description: 0x8040dbe0: kern.vm_page_free_min Description: 0x8040dc10: kern.vm_page_free_reserved Description: 0x8040dc40: kern.vm_page_speculative_percentage Description: 0x8040dc70: kern.vm_page_speculative_q_age_ms Description: 0x8040dca0: kern.vm_max_delayed_work_limit Description: 0x8040dcd0: kern.vm_max_batch Description: 0x8040dd00: kern.bootsessionuuid Description: 0x8040dd30: kern.boottime Description: 0x8040dd60: kern.symfile Description: 0x8040dd90: kern.timer Description: timer 0x8040ddc0: 0x8045b5c8.coalescing_enabled Description: 0x8040ddf0: 0x8045b5c8.deadline_tracking_bin_1 Description: 0x8040de20: 0x8045b5c8.deadline_tracking_bin_2 Description: 0x8040de50: 0x8045b5c8.longterm Description: longterm 0x8040de80: 0x8045b5cc.threshold Description: 0x8040deb0: 0x8045b5cc.qlen Description: 0x8040dee0: kern.usrstack Description: 0x8040df10: kern.usrstack64 Description: 0x8040df40: kern.corefile Description: 0x8040df70: kern.coredump Description: 0x8040dfa0: kern.sugid_coredump Description: 0x8040dfd0: kern.delayterm Description: 0x8040e000: kern.rage_vnode Description: 0x8040e030: kern.setthread_cpupercent Description: set thread cpu percentage limit 0x8040e060: kern.check_openevt Description: set the per-process check-open-evt flag 0x8040e090: kern.nx Description: 0x8040e0c0: vm.loadavg Description: 0x8040e0f0: debug.toggle_address_reuse Description: 0x8040e120: vm.swapusage Description: 0x8040e150: vm.freeze_enabled Description: 0x8040e180: kern.shreg_private Description: 0x8040e1b0: sysctl.proc_native Description: proc_native 0x8040e1e0: sysctl.proc_cputype Description: proc_cputype 0x8040e210: kern.safeboot Description: 0x8040e240: kern.singleuser Description: 0x8040e270: kern.minimalboot Description: 0x8040e2a0: kern.affinity_sets_enabled Description: hinting enabled 0x8040e2d0: kern.affinity_sets_mapping Description: mapping policy 0x8040e300: kern.slide Description: 0x8040e330: vm.global_no_user_wire_amount Description: 0x8040e360: vm.global_user_wire_limit Description: 0x8040e390: vm.user_wire_limit Description: 0x8040e3c0: vm.vm_copy_src_not_internal Description: 0x8040e3f0: vm.vm_copy_src_not_symmetric Description: 0x8040e420: vm.vm_copy_src_large Description: 0x8040e450: vm.vm_page_external_count Description: 0x8040e480: vm.vm_page_filecache_min Description: 0x8040e4b0: vm.compressor_input_bytes Description: 0x8040e4e0: vm.compressor_compressed_bytes Description: 0x8040e510: vm.compressor_bytes_used Description: 0x8040e540: vm.compressor_mode Description: 0x8040e570: vm.compressor_is_active Description: 0x8040e5a0: vm.compressor_swapout_target_age Description: 0x8040e5d0: vm.compressor_available Description: 0x8040e600: vm.vm_ripe_target_age_in_secs Description: 0x8040e630: vm.compressor_eval_period_in_msecs Description: 0x8040e660: vm.compressor_sample_min_in_msecs Description: 0x8040e690: vm.compressor_sample_max_in_msecs Description: 0x8040e6c0: vm.compressor_thrashing_threshold_per_10msecs Description: 0x8040e6f0: vm.compressor_thrashing_min_per_10msecs Description: 0x8040e720: vm.compressor_minorcompact_threshold_divisor Description: 0x8040e750: vm.compressor_majorcompact_threshold_divisor Description: 0x8040e780: vm.compressor_unthrottle_threshold_divisor Description: 0x8040e7b0: vm.compressor_catchup_threshold_divisor Description: 0x8040e7e0: vm.swapfileprefix Description: 0x8040e810: kern.ipc_voucher_trace_contents Description: Enable tracing voucher contents 0x8040e840: kern.stack_size Description: Kernel stack size 0x8040e870: kern.stack_depth_max Description: Max kernel stack depth at interrupt or context switch 0x8040e8a0: kern.ipc_portbt Description: 0x8040e8d0: kern.sched Description: Timeshare scheduler implementation 0x8040e900: kern.timer_coalesce_bg_scale Description: 0x8040e930: kern.timer_resort_threshold_ns Description: 0x8040e960: kern.timer_coalesce_bg_ns_max Description: 0x8040e990: kern.timer_coalesce_kt_scale Description: 0x8040e9c0: kern.timer_coalesce_kt_ns_max Description: 0x8040e9f0: kern.timer_coalesce_fp_scale Description: 0x8040ea20: kern.timer_coalesce_fp_ns_max Description: 0x8040ea50: kern.timer_coalesce_ts_scale Description: 0x8040ea80: kern.timer_coalesce_ts_ns_max Description: 0x8040eab0: kern.timer_coalesce_tier0_scale Description: 0x8040eae0: kern.timer_coalesce_tier0_ns_max Description: 0x8040eb10: kern.timer_coalesce_tier1_scale Description: 0x8040eb40: kern.timer_coalesce_tier1_ns_max Description: 0x8040eb70: kern.timer_coalesce_tier2_scale Description: 0x8040eba0: kern.timer_coalesce_tier2_ns_max Description: 0x8040ebd0: kern.timer_coalesce_tier3_scale Description: 0x8040ec00: kern.timer_coalesce_tier3_ns_max Description: 0x8040ec30: kern.timer_coalesce_tier4_scale Description: 0x8040ec60: kern.timer_coalesce_tier4_ns_max Description: 0x8040ec90: kern.timer_coalesce_tier5_scale Description: 0x8040ecc0: kern.timer_coalesce_tier5_ns_max Description: 0x8040ecf0: machdep.user_idle_level Description: User idle level heuristic, 0-128 0x8040ed20: kern.darkboot Description: 0x8040ed50: sysctl.debug Description: 0x8040ed80: sysctl.name Description: 0x8040edb0: sysctl.next Description: 0x8040ede0: sysctl.name2oid Description: 0x8040ee10: sysctl.oidfmt Description: 0x8040ee40: kern.max_task_pmem Description: 0x8040ee70: kern.memorystatus_level Description: 0x8040eea0: kern.memorystatus_early_boot_level Description: 0x8040eed0: kern.memorystatus_vm_pressure_level Description: 0x8040ef00: kern.memorypressure_manual_trigger Description: 0x8040ef30: kern.memorystatus_purge_on_warning Description: 0x8040ef60: kern.memorystatus_purge_on_urgent Description: 0x8040ef90: kern.memorystatus_purge_on_critical Description: 0x8040efc0: children.sysctl Description: Sysctl internal magic 0x8040eff0: children.kern Description: High kernel, proc, limits &c 0x8040f020: children.vm Description: Virtual memory 0x8040f050: children.vfs Description: File system 0x8040f080: children.net Description: Network, (see socket.h) 0x8040f0b0: children.debug Description: Debugging 0x8040f0e0: children.hw Description: hardware 0x8040f110: children.machdep Description: machine dependent 0x8040f140: children.user Description: user-level 0x8040f170: 0x8045b6a0.ncpu Description: 0x8040f1a0: 0x8045b6a0.activecpu Description: 0x8040f1d0: 0x8045b6a0.physicalcpu Description: 0x8040f200: 0x8045b6a0.physicalcpu_max Description: 0x8040f230: 0x8045b6a0.logicalcpu Description: 0x8040f260: 0x8045b6a0.logicalcpu_max Description: 0x8040f290: 0x8045b6a0.byteorder Description: 0x8040f2c0: 0x8045b6a0.cputype Description: 0x8040f2f0: 0x8045b6a0.cpusubtype Description: 0x8040f320: 0x8045b6a0.cpu64bit_capable Description: 0x8040f350: 0x8045b6a0.cpufamily Description: 0x8040f380: 0x8045b6a0.cacheconfig Description: 0x8040f3b0: 0x8045b6a0.cachesize Description: 0x8040f3e0: 0x8045b6a0.pagesize Description: 0x8040f410: 0x8045b6a0.cachelinesize Description: 0x8040f440: 0x8045b6a0.l1icachesize Description: 0x8040f470: 0x8045b6a0.l1dcachesize Description: 0x8040f4a0: 0x8045b6a0.l2cachesize Description: 0x8040f4d0: 0x8045b6a0.l3cachesize Description: 0x8040f500: 0x8045b6a0.tbfrequency Description: 0x8040f530: 0x8045b6a0.memsize Description: 0x8040f560: 0x8045b6a0.packages Description: 0x8040f590: 0x8045b6a0.optional Description: optional features 0x8040f5c0: 0x8045b6a8.floatingpoint Description: 0x8040f5f0: 0x8045b6a0.pagesize_compat Description: 0x8040f620: 0x8045b6a0.cachelinesize_compat Description: 0x8040f650: 0x8045b6a0.l1icachesize_compat Description: 0x8040f680: 0x8045b6a0.l1dcachesize_compat Description: 0x8040f6b0: 0x8045b6a0.l2cachesize_compat Description: 0x8040f6e0: 0x8045b6a0.l3cachesize_compat Description: 0x8040f710: 0x8045b6a0.tbfrequency_compat Description: 0x8040f740: 0x8045b6a0.machine Description: 0x8040f770: 0x8045b6a0.model Description: 0x8040f7a0: 0x8045b6a0.physmem Description: 0x8040f7d0: 0x8045b6a0.usermem Description: 0x8040f800: 0x8045b6a0.epoch Description: 0x8040f830: 0x8045b6a0.vectorunit Description: 0x8040f860: 0x8045b6a0.l2settings Description: 0x8040f890: 0x8045b6a0.l3settings Description: 0x8040f8c0: 0x8045b6a0.cputhreadtype Description: 0x8040f8f0: 0x8045b6a8.watchpoint Description: 0x8040f920: 0x8045b6a8.breakpoint Description: 0x8040f950: 0x8045b6a8.neon Description: 0x8040f980: 0x8045b6a8.neon_hpfp Description: 0x8040f9b0: 0x8045b6a8.vfp_shortvector Description: 0x8040f9e0: 0x8045b6a8.arm64 Description: 0x8040fa10: kern.msgbuf Description: 0x8040fa40: net.systm Description: System domain 0x8040fa70: kern.coalitions Description: coalition ids of a given process 0x8040faa0: kern.coalition_roles Description: coalition roles of a given process 0x8040fad0: kern.coalition_page_count Description: coalition page count of a specified process 0x8040fb00: kern.coalition_pid_list Description: list of PIDS which are members of the coalition of the current process 0x8040fb30: kern.tty Description: TTY 0x8040fb60: 0x8045b760.ptmx_max Description: ptmx_max 0x8040fb90: vm.cs_blob_count Description: Current number of code signature blobs 0x8040fbc0: vm.cs_blob_size Description: Current size of all code signature blobs 0x8040fbf0: vm.cs_blob_count_peak Description: Peak number of code signature blobs 0x8040fc20: vm.cs_blob_size_peak Description: Peak size of code signature blobs 0x8040fc50: vm.cs_blob_size_max Description: Size of biggest code signature blob 0x8040fc80: 0x8045b8e0.mbstat Description: 0x8040fcb0: 0x8045b8e0.mb_stat Description: 0x8040fce0: 0x8045b8e0.mleak_top_trace Description: 0x8040fd10: 0x8045b8e0.mleak_table Description: 0x8040fd40: 0x8045b8e0.mleak_sample_factor Description: 0x8040fd70: 0x8045b8e0.mb_normalized Description: 0x8040fda0: 0x8045b8e0.mb_watchdog Description: 0x8040fdd0: 0x8045b8e0.mb_drain_force Description: Forces the mbuf garbage collection to run 0x8040fe00: 0x8045b8e0.mb_drain_maxint Description: Minimum time interval between garbage collection 0x8040fe30: net.local Description: Local domain 0x8040fe60: 0x8045b888.stream Description: SOCK_STREAM 0x8040fe90: 0x8045b888.dgram Description: SOCK_DGRAM 0x8040fec0: 0x8045b8e0.socket_debug Description: 0x8040fef0: 0x8045b8e0.somaxconn Description: 0x8040ff20: 0x8045b8e0.sosendminchain Description: 0x8040ff50: 0x8045b8e0.sorecvmincopy Description: 0x8040ff80: 0x8045b8e0.sosendjcl Description: 0x8040ffb0: 0x8045b8e0.sosendjcl_ignore_capab Description: 0x8040ffe0: 0x8045b8e0.sosendbigcl_ignore_capab Description: 0x80410010: 0x8045b8e0.sodefunctlog Description: 0x80410040: 0x8045b8e0.sothrottlelog Description: 0x80410070: 0x8045b8e0.sorestrictrecv Description: Enable inbound interface restrictions 0x804100a0: 0x8045b8e0.sorestrictsend Description: Enable outbound interface restrictions 0x804100d0: 0x8045b8e0.soreserveheadroom Description: To allocate contiguous datagram buffers 0x80410100: 0x8045b8e0.maxextbkidleperproc Description: Maximum of extended background idle sockets per process 0x80410130: 0x8045b8e0.extbkidletime Description: Time in seconds to keep extended background idle sockets 0x80410160: 0x8045b8e0.extbkidlestat Description: 0x80410190: 0x8045b8e0.sotcdb Description: 0x804101c0: 0x8045b8e0.throttle_best_effort Description: 0x804101f0: kern.ipc Description: IPC 0x80410220: 0x8045b8e0.maxsockbuf Description: Maximum socket buffer size 0x80410250: 0x8045b8e0.sockbuf_waste_factor Description: 0x80410280: 0x8045b8e0.nmbclusters Description: 0x804102b0: 0x8045b8e0.njcl Description: 0x804102e0: 0x8045b8e0.njclbytes Description: 0x80410310: 0x8045b8e0.soqlimitcompat Description: Enable socket queue limit compatibility 0x80410340: 0x8045b8e0.soqlencomp Description: Listen backlog represents only complete queue 0x80410370: 0x8045b8e0.io_policy Description: network IO policy 0x804103a0: 0x8045b8ec.throttled Description: 0x804103d0: 0x8045b8ec.log Description: 0x80410400: 0x8045b8ec.uuid Description: 0x80410430: 0x8045b8e0.maxsendmsgx Description: 0x80410460: 0x8045b8e0.maxrecvmsgx Description: 0x80410490: 0x8045b88c.sendspace Description: 0x804104c0: 0x8045b88c.recvspace Description: 0x804104f0: 0x8045b88c.tracemdns Description: 0x80410520: 0x8045b890.maxdgram Description: 0x80410550: 0x8045b890.recvspace Description: 0x80410580: 0x8045b888.inflight Description: 0x804105b0: 0x8045b890.pcblist Description: List of active local datagram sockets 0x804105e0: 0x8045b88c.pcblist Description: List of active local stream sockets 0x80410610: kern.posix Description: Posix 0x80410640: 0x8045b944.sem Description: Semaphores 0x80410670: 0x8045b948.max Description: max 0x804106a0: debug.sys_override_enabled Description: 0x804106d0: vm.vm_do_collapse_compressor Description: 0x80410700: vm.vm_do_collapse_compressor_pages Description: 0x80410730: vm.vm_do_collapse_terminate Description: 0x80410760: vm.vm_do_collapse_terminate_failure Description: 0x80410790: vm.vm_should_cow_but_wired Description: 0x804107c0: vm.vm_create_upl_extra_cow Description: 0x804107f0: vm.vm_create_upl_extra_cow_pages Description: 0x80410820: vm.vm_create_upl_lookup_failure_write Description: 0x80410850: vm.vm_create_upl_lookup_failure_copy Description: 0x80410880: vm.vm_debug_events Description: 0x804108b0: vm.shared_region_unnest_logging Description: 0x804108e0: kern.secure_kernel Description: 0x80410910: kern.tfp Description: tfp 0x80410940: 0x8045b9cc.policy Description: policy 0x80410970: vm.shared_region_trace_level Description: 0x804109a0: vm.shared_region_version Description: 0x804109d0: vm.shared_region_persistence Description: 0x80410a00: vm.pagesize Description: vm page size 0x80410a30: vm.vm_page_free_target Description: Pageout daemon free target 0x80410a60: vm.memory_pressure Description: Memory pressure indicator 0x80410a90: vm.page_free_wanted Description: 0x80410ac0: vm.page_purgeable_count Description: Purgeable page count 0x80410af0: vm.page_purgeable_wired_count Description: Wired purgeable page count 0x80410b20: vm.pageout_purged_objects Description: System purged object count 0x80410b50: vm.madvise_free_debug Description: zero-fill on madvise(MADV_FREE*) 0x80410b80: vm.page_reusable_count Description: Reusable page count 0x80410bb0: vm.reusable_success Description: 0x80410be0: vm.reusable_failure Description: 0x80410c10: vm.reusable_shared Description: 0x80410c40: vm.all_reusable_calls Description: 0x80410c70: vm.partial_reusable_calls Description: 0x80410ca0: vm.reuse_success Description: 0x80410cd0: vm.reuse_failure Description: 0x80410d00: vm.all_reuse_calls Description: 0x80410d30: vm.partial_reuse_calls Description: 0x80410d60: vm.can_reuse_success Description: 0x80410d90: vm.can_reuse_failure Description: 0x80410dc0: vm.reusable_reclaimed Description: 0x80410df0: vm.page_free_count Description: 0x80410e20: vm.page_speculative_count Description: 0x80410e50: vm.page_cleaned_count Description: Cleaned queue size 0x80410e80: vm.pageout_inactive_dirty_internal Description: 0x80410eb0: vm.pageout_inactive_dirty_external Description: 0x80410ee0: vm.pageout_inactive_clean Description: 0x80410f10: vm.pageout_speculative_clean Description: 0x80410f40: vm.pageout_inactive_used Description: 0x80410f70: vm.pageout_freed_from_inactive_clean Description: 0x80410fa0: vm.pageout_freed_from_speculative Description: 0x80410fd0: vm.pageout_freed_from_cleaned Description: 0x80411000: vm.pageout_enqueued_cleaned Description: 0x80411030: vm.pageout_enqueued_cleaned_from_inactive_clean Description: 0x80411060: vm.pageout_enqueued_cleaned_from_inactive_dirty Description: 0x80411090: vm.pageout_cleaned Description: Cleaned pages reclaimed 0x804110c0: vm.pageout_cleaned_reactivated Description: Cleaned pages reactivated 0x804110f0: vm.pageout_cleaned_reference_reactivated Description: Cleaned pages reference reactivated 0x80411120: vm.pageout_cleaned_volatile_reactivated Description: Cleaned pages volatile reactivated 0x80411150: vm.pageout_cleaned_fault_reactivated Description: Cleaned pages fault reactivated 0x80411180: vm.pageout_cleaned_commit_reactivated Description: Cleaned pages commit reactivated 0x804111b0: vm.pageout_cleaned_busy Description: Cleaned pages busy (deactivated) 0x804111e0: vm.pageout_cleaned_nolock Description: Cleaned pages no-lock (deactivated) 0x80411210: vm.prefault_nb_pages Description: 0x80411240: vm.prefault_nb_bailout Description: 0x80411270: children.kperf Description: kperf 0x804112a0: 0x8045b9ec.action Description: action 0x804112d0: 0x8045b9f0.count Description: Number of actions 0x80411300: 0x8045b9f0.samplers Description: What to sample what a trigger fires an action 0x80411330: 0x8045b9f0.userdata Description: User data to attribute to action 0x80411360: 0x8045b9f0.filter_by_task Description: Apply a task filter to the action 0x80411390: 0x8045b9f0.filter_by_pid Description: Apply a pid filter to the action 0x804113c0: 0x8045b9ec.timer Description: timer 0x804113f0: 0x8045b9f4.count Description: Number of time triggers 0x80411420: 0x8045b9f4.period Description: Timer number and period 0x80411450: 0x8045b9f4.action Description: Timer number and actionid 0x80411480: 0x8045b9f4.pet_timer Description: Which timer ID does PET 0x804114b0: 0x8045b9ec.sampling Description: Sampling running 0x804114e0: 0x8045b9ec.blessed_pid Description: Blessed pid 0x80411510: 0x8045b9ec.blessed_preempt Description: Blessed preemption 0x80411540: 0x8045b9ec.kdbg_callstacks Description: Generate kdbg callstacks 0x80411570: 0x8045b9ec.kdbg_cswitch Description: Generate context switch info 0x804115a0: 0x8045b9ec.pet_idle_rate Description: Rate at which unscheduled threads are forced to be sampled in PET mode 0x804115d0: 0x8045b9ec.cswitch_action Description: ID of action to trigger on context-switch 0x80411600: 0x8045b9ec.signpost_action Description: ID of action to trigger on signposts 0x80411630: 0x8045b9ec.debug_level Description: debug level 0x80411660: children.kpc Description: kpc 0x80411690: 0x8045ba04.classes Description: Available classes 0x804116c0: 0x8045ba04.counting Description: PMCs counting 0x804116f0: 0x8045ba04.thread_counting Description: Thread accumulation 0x80411720: 0x8045ba04.pmu_version Description: PMU version for hardware 0x80411750: 0x8045ba04.config_count Description: Config count 0x80411780: 0x8045ba04.counter_count Description: Counter count 0x804117b0: 0x8045ba04.sw_inc Description: Software increment 0x804117e0: 0x8045ba04.thread_counters Description: Current thread counters 0x80411810: 0x8045ba04.counters Description: Current counters 0x80411840: 0x8045ba04.shadow_counters Description: Current shadow counters 0x80411870: 0x8045ba04.config Description: Set counter configs 0x804118a0: 0x8045ba04.period Description: Set counter periods 0x804118d0: 0x8045ba04.actionid Description: Set counter actionids 0x80411900: 0x8045ba04.force_all_ctrs Description: Force kperf to allow config of all counters 0x80411960: machdep.alignmenttrap Description: trap on alignment faults (number of alignment faults per trap) 0x80411930: machdep.vfpshortvectortrap Description: trap on VFP short vector faults (number of faults per trap) 0x80411990: machdep.wake_abstime Description: Absolute Time at the last wakeup 0x8045d470: (outside __sysctl_set) 0x804119f0: debug.swd_kext_name Description: 0x80411a20: debug.swd_delay_type Description: 0x80411a50: debug.swd_delay_duration Description: 0x804119c0: kern.pmtimeout Description: Power Management Timeout 0x80411a80: debug.iokit Description: boot_arg io 0x80411ab0: debug.iotrace Description: trace io 0x80411ae0: kern.iokittest Description: 0x80411b70: kern.sleeptime Description: 0x80411ba0: kern.waketime Description: 0x80411bd0: kern.willshutdown Description: 0x80411c00: kern.consoleoptions Description: 0x80411b10: kern.wakereason Description: wakereason 0x80411b40: 0x8045b6a0.targettype Description: targettype 0x80411c30: debug.darkwake Description: 0x80411c90: children.security Description: Security Controls 0x80411cc0: 0x8045bd60.mac Description: TrustedBSD MAC policy controls 0x80411cf0: security.mac.max_slots Description: 0x80411d20: security.mac.labelvnodes Description: Label all vnodes 0x80411d50: security.mac.mmap_revocation Description: Revoke mmap access to files on subject relabel 0x80411d80: security.mac.mmap_revocation_via_cow Description: Revoke mmap access to files via copy-on-write semantics, or by removing all write access 0x80411db0: security.mac.device_enforce Description: Enforce MAC policy on device operations 0x80411de0: security.mac.pipe_enforce Description: Enforce MAC policy on pipe operations 0x80411e10: security.mac.posixsem_enforce Description: Enforce MAC policy on POSIX semaphores 0x80411e40: security.mac.posixshm_enforce Description: Enforce MAC policy on Posix Shared Memory 0x80411e70: security.mac.proc_enforce Description: Enforce MAC policy on process operations 0x80411ea0: security.mac.socket_enforce Description: Enforce MAC policy on socket operations 0x80411ed0: security.mac.system_enforce Description: Enforce MAC policy on system-wide interfaces 0x80411f00: security.mac.sysvmsg_enforce Description: Enforce MAC policy on System V IPC message queues 0x80411f30: security.mac.sysvsem_enforce Description: Enforce MAC policy on System V IPC semaphores 0x80411f60: security.mac.sysvshm_enforce Description: Enforce MAC policy on System V Shared Memory 0x80411f90: security.mac.vm_enforce Description: Enforce MAC policy on VM operations 0x80411fc0: security.mac.vnode_enforce Description: Enforce MAC policy on vnode operations - Kexts (for a 4S - these naturally are a tad different per device type. Looks like Apple has stopped the kec spree that possessed it as of late
morpheus@Zephyr (~)$ ~/Documents/Work/JTool/joker -k kernel.9b.4S.decrypted Source Version: 3216.0.0.1.15 This is iOS 9.x, or later Processing kexts 0x804ba000: Mach Kernel Pseudoextension (com.apple.kpi.mach) 0x804bc000: Unsupported Pseudoextension (com.apple.kpi.unsupported) 0x804bf000: Private Pseudoextension (com.apple.kpi.private) 0x804c5000: I/O Kit Pseudoextension (com.apple.kpi.iokit) 0x804df000: Libkern Pseudoextension (com.apple.kpi.libkern) 0x804e8000: BSD Kernel Pseudoextension (com.apple.kpi.bsd) 0x804ef000: corecrypto (com.apple.kec.corecrypto) 0x80538000: AppleCredentialManager (com.apple.driver.AppleCredentialManager) 0x8054f000: IOSlowAdaptiveClockingFamily (com.apple.iokit.IOSlowAdaptiveClockingFamily) 0x80553000: IOReportFamily (com.apple.iokit.IOReportFamily) 0x80558000: AppleARMPlatform (com.apple.driver.AppleARMPlatform) 0x805a4000: IOSlaveProcessor (com.apple.driver.IOSlaveProcessor) 0x805a9000: AppleA5AE2 (com.apple.driver.AppleA5AE2) 0x805ae000: LSKDIOKit (com.apple.driver.LSKDIOKit) 0x805fc000: IOSurface (com.apple.iokit.IOSurface) 0x8060c000: IODARTFamily (com.apple.driver.IODARTFamily) 0x80618000: Apple M2 Scaler and Color Space Converter Driver (com.apple.driver.AppleM2ScalerCSCDriver) 0x80659000: FairPlayIOKit (com.apple.driver.FairPlayIOKit) 0x806c8000: LSKDIOKitMSE (com.apple.driver.LSKDIOKitMSE) 0x806f6000: AppleVXD390 (com.apple.driver.AppleVXD390) 0x80722000: AppleSamsungSPI (com.apple.driver.AppleSamsungSPI) 0x80726000: MAC Framework Pseudoextension (com.apple.kpi.dsep) 0x80728000: AppleMobileFileIntegrity (com.apple.driver.AppleMobileFileIntegrity) 0x8074a000: IOHIDFamily (com.apple.iokit.IOHIDFamily) 0x80771000: AppleEmbeddedLightSensor (com.apple.driver.AppleEmbeddedLightSensor) 0x80785000: AppleS5L8920XPWM (com.apple.driver.AppleS5L8920XPWM) 0x80788000: I/O Kit Networking Family (com.apple.iokit.IONetworkingFamily) 0x807a1000: AppleIPAppender (com.apple.driver.AppleIPAppender) 0x807a7000: AppleMultitouchSPI (com.apple.driver.AppleMultitouchSPI) 0x807bc000: I/O Kit Storage Family (ID="67">com.apple.iokit.IOStorageFamily) 0x807d2000: AppleDiskImageDriver (com.apple.driver.DiskImages) 0x807de000: AppleDiskImagesKernelBacked (com.apple.driver.DiskImages.KernelBacked) 0x807e9000: AppleDiskImagesRAMBackingStore (com.apple.driver.DiskImages.RAMBackingStore) 0x807ec000: AppleJPEGDriver (com.apple.driver.AppleJPEGDriver) 0x807fd000: IOCryptoAcceleratorFamily (com.apple.iokit.IOCryptoAcceleratorFamily) 0x8080b000: EncryptedBlockStorage (com.apple.iokit.EncryptedBlockStorage) 0x80813000: IOFlashStorage (com.apple.iokit.IOFlashStorage) 0x8082b000: AppleTVOut (com.apple.driver.AppleTVOut) 0x8082f000: I/O Kit Driver for USB Devices (com.apple.driver.AppleUSBHostMergeProperties) 0x80832000: IOKit USB host family (com.apple.iokit.IOUSBHostFamily) 0x80874000: I/O Kit Driver for USB EHCI Controllers (com.apple.driver.usb.AppleUSBEHCI) 0x80899000: I/O Kit Driver for USB OHCI Controllers (com.apple.driver.usb.AppleUSBOHCI) 0x808ab000: AppleEmbeddedUSB (com.apple.driver.AppleEmbeddedUSB) 0x808b4000: I/O Kit Driver for USB Hubs (com.apple.driver.usb.AppleUSBHub) 0x808cf000: I/O Kit Driver for USB Composite Devices (com.apple.driver.usb.AppleUSBHostCompositeDevice) 0x808d3000: AppleEmbeddedUSBHost (com.apple.driver.AppleEmbeddedUSBHost) 0x808df000: Embedded I/O Kit Driver for USB OHCI Controllers (com.apple.driver.AppleUSBOHCIARM) 0x808e5000: AppleUSBHSIC (com.apple.driver.AppleUSBHSIC) 0x808ee000: corecapture (com.apple.driver.corecapture) 0x80906000: IOKit Serial Port Family (com.apple.iokit.IOSerialFamily) 0x80911000: AppleOnboardSerial (com.apple.driver.AppleOnboardSerial) 0x80923000: IO80211Family (com.apple.iokit.IO80211Family) 0x809ac000: Broadcom 802.11 Driver (com.apple.driver.AppleBCMWLANCore) 0x80a61000: AppleBCMWLANBusInterfaceHSICShim (com.apple.driver.AppleBCMWLANBusInterfaceHSICShim) 0x80a66000: Broadcom WLAN HSIC Bus Driver (com.apple.driver.AppleBCMWLANBusInterfaceHSIC) 0x80a81000: AppleH4CameraInterface (com.apple.driver.AppleH4CameraInterface) 0x80a92000: AppleHIDKeyboardEmbedded (com.apple.driver.AppleHIDKeyboardEmbedded) 0x80a92000: IOStreamAudioFamily (com.apple.iokit.IOStreamAudioFamily) 0x80a97000: IOAudio2Family (com.apple.iokit.IOAudio2Family) 0x80aa1000: IOCECFamily (com.apple.iokit.IOCECFamily) 0x80aa6000: IOAVFamily (com.apple.iokit.IOAVFamily) 0x80adf000: IODisplayPortFamily (com.apple.iokit.IODisplayPortFamily) 0x80af3000: AppleSamsungDPTX (com.apple.driver.AppleSamsungDPTX) 0x80b08000: AppleS5L8940XI2C (com.apple.driver.AppleS5L8940XI2C) 0x80b0c000: AppleEffaceableStorage (com.apple.driver.AppleEffaceableStorage) 0x80b13000: LightweightVolumeManager (com.apple.driver.LightweightVolumeManager) 0x80b26000: AppleARMIISAudio (com.apple.iokit.AppleARMIISAudio) 0x80b2e000: HighlandParkAudioDevice (com.apple.driver.HighlandParkAudioDevice) 0x80b5f000: AppleUSBNetworking (com.apple.driver.usb.networking) 0x80b62000: AppleUSBHSICCellular (com.apple.driver.usb.hsic.cellular) 0x80b72000: AppleBasebandAudio (com.apple.driver.AppleBasebandAudio) 0x80b75000: AppleUSBCDC (com.apple.driver.usb.cdc) 0x80b79000: AppleUSBNCM (com.apple.driver.usb.cdc.ncm) 0x80b80000: IOUSBDeviceFamily (com.apple.iokit.IOUSBDeviceFamily) 0x80b90000: AppleUSBEthernetDevice (com.apple.driver.AppleUSBEthernetDevice) 0x80b96000: AppleNANDConfigAccess (com.apple.driver.AppleNANDConfigAccess) 0x80b99000: IOAccessoryManager (com.apple.iokit.IOAccessoryManager) 0x80bba000: IOMikeyBusFamily (com.apple.iokit.IOMikeyBusFamily) 0x80bd0000: AppleEmbeddedAudio (com.apple.driver.AppleEmbeddedAudio) 0x80bf2000: AppleCSEmbeddedAudio (com.apple.driver.AppleCSEmbeddedAudio) 0x80c03000: AppleTS3A8235HeadsetSwitch (com.apple.driver.AppleTS3A8235HeadsetSwitch) 0x80c06000: CoreCaptureResponder (com.apple.driver.CoreCaptureResponder) 0x80c0b000: AppleMultitouchSPIN1F56 (com.apple.driver.AppleMultitouchSPIN1F56) 0x80c0b000: AppleCDMA (com.apple.driver.AppleCDMA) 0x80c12000: AppleNANDFTL (com.apple.driver.AppleNANDFTL) 0x80c1c000: IOUserEthernet (com.apple.iokit.IOUserEthernet) 0x80c24000: AppleUSBDeviceAudioController (com.apple.driver.AppleUSBDeviceAudioController) 0x80c28000: AppleUSBAudio (com.apple.driver.AppleUSBAudio) 0x80c69000: AppleDiskImagesUDIFDiskImage (com.apple.driver.DiskImages.UDIFDiskImage) 0x80c74000: AppleS5L8930XUSB (com.apple.driver.AppleS5L8930XUSB) 0x80c79000: I/O Kit Driver for USB HID Devices (com.apple.driver.usb.IOUSBHostHIDDevice) 0x80c80000: IOMobileGraphicsFamily (com.apple.iokit.IOMobileGraphicsFamily) 0x80c96000: AppleH4PCLCD (com.apple.driver.AppleH4PCLCD) 0x80cbf000: AppleEmbeddedGyro (com.apple.driver.AppleEmbeddedGyro) 0x80cc9000: AppleS5L8930XDART (com.apple.driver.AppleS5L8930XDART) 0x80cce000: AppleEmbeddedGPS (com.apple.driver.AppleEmbeddedGPS) 0x80cd4000: AppleS5L8940X (com.apple.driver.AppleS5L8940X) 0x80cde000: AppleS5L8920X (com.apple.driver.AppleS5L8920X) 0x80ce8000: PPP (com.apple.nke.ppp) 0x80cf2000: L2TP (com.apple.nke.l2tp) 0x80cf8000: AppleEmbeddedAccelerometer (com.apple.driver.AppleEmbeddedAccelerometer) 0x80cfe000: AppleSynopsysOTGDevice (com.apple.driver.AppleSynopsysOTGDevice) 0x80d0e000: IOTextEncryptionFamily (com.apple.IOTextEncryptionFamily) 0x80d13000: IOAcceleratorFamily (com.apple.iokit.IOAcceleratorFamily) 0x80d30000: IMGSGX543 Graphics Kernel Extension (com.apple.driver.IMGSGX543) 0x80d5b000: AppleMobileApNonce (com.apple.driver.AppleMobileApNonce) 0x80d60000: AppleUSBMike (com.apple.driver.AppleUSBMike) 0x80d65000: AppleDiskImagesFileBackingStore (com.apple.driver.DiskImages.FileBackingStore) 0x80d69000: IOStreamFamily (com.apple.iokit.IOStreamFamily) 0x80d6e000: AppleMultitouchSPIC1F58 (com.apple.driver.AppleMultitouchSPIC1F58) 0x80d6e000: Broadcom HSIC Wlan Interface Configurator (com.apple.driver.AppleBCMWLANHSICDevice) 0x80d71000: AppleNANDFirmware (com.apple.driver.AppleNANDFirmware) 0x80d75000: AppleImage3NORAccess (com.apple.driver.AppleImage3NORAccess) 0x80d7d000: AppleSamsungSWI (com.apple.driver.AppleSamsungSWI) 0x80d81000: pthread (com.apple.kec.pthread) 0x80d8a000: AppleIOPFMI (com.apple.driver.AppleIOPFMI) 0x80d9a000: IOFlashNVRAM (com.apple.driver.IOFlashNVRAM) 0x80da0000: AppleSamsungSerial (com.apple.driver.AppleSamsungSerial) 0x80da6000: AppleBSDKextStarter (com.apple.driver.AppleBSDKextStarter) 0x80da9000: AppleUSBECM (com.apple.driver.usb.cdc.ecm) 0x80daf000: AppleSamsungMIPIDSI (com.apple.driver.AppleSamsungMIPIDSI) 0x80db5000: Regular Expression Matching Engine (com.apple.kext.AppleMatch) 0x80db9000: IOP_s5l8940xiop_firmware (com.apple.driver.IOP_s5l8940xiop_firmware) 0x80de0000: AppleMultitouchSPIN1F55 (com.apple.driver.AppleMultitouchSPIN1F55) 0x80de0000: AppleS5L8930XUSBHSIC (com.apple.driver.AppleS5L8930XUSBHSIC) 0x80de4000: Embedded I/O Kit Driver for USB EHCI Controllers (com.apple.driver.AppleUSBEHCIARM) 0x80deb000: AppleS5L8930XUSBEHCI (com.apple.driver.AppleS5L8930XUSBEHCI) 0x80dee000: AppleBluetooth (com.apple.driver.AppleBluetooth) 0x80df1000: AppleUSBEthernet (com.apple.driver.usb.ethernet.asix) 0x80dfd000: AppleBasebandN94 (com.apple.driver.AppleBasebandN94) 0x80e08000: AppleH4PRGBOUT (com.apple.driver.AppleH4PRGBOUT) 0x80e10000: AppleCS42L63Audio (com.apple.driver.AppleCS42L63Audio) 0x80e18000: AppleS5L8930XUSBPhy (com.apple.driver.AppleS5L8930XUSBPhy) 0x80e1c000: AppleEmbeddedTempSensor (com.apple.driver.AppleEmbeddedTempSensor) 0x80e32000: AppleDialogPMU (com.apple.driver.AppleDialogPMU) 0x80e36000: AppleD1881PMU (com.apple.driver.AppleD1881PMU) 0x80e44000: AppleSamsungPKE (com.apple.driver.AppleSamsungPKE) 0x80e48000: AppleInterruptController (com.apple.driver.AppleInterruptController) 0x80e4c000: AppleEffaceableNANDNOR (com.apple.driver.AppleEffaceableNANDNOR) 0x80e50000: Seatbelt sandbox policy (com.apple.security.sandbox) 0x80eca000: AppleHIDKeyboard (com.apple.driver.AppleHIDKeyboard) 0x80ed0000: AppleKeyStore (com.apple.driver.AppleKeyStore) 0x80eeb000: AppleHDQGasGaugeControl (com.apple.driver.AppleHDQGasGaugeControl) 0x80ef5000: AppleAE2Audio (com.apple.driver.AppleAE2Audio) 0x80f06000: I/O Kit HID Event Driver (com.apple.iokit.IOHIDEventDriver) 0x80f06000: IOAudioCodecs (com.apple.driver.IOAudioCodecs) 0x80f5d000: IOP_s5l8940xae2_firmware (com.apple.driver.IOP_s5l8940xae2_firmware) 0x80fbc000: AppleDiskImagesReadWriteDiskImage (com.apple.driver.DiskImages.ReadWriteDiskImage) 0x80fbf000: AppleFSCompressionTypeZlib (com.apple.AppleFSCompression.AppleFSCompressionTypeZlib) 0x80fc5000: EmbeddedIOP (com.apple.driver.EmbeddedIOP) 0x80fcd000: AppleUSBDeviceNCM (com.apple.driver.AppleUSBDeviceNCM) 0x80fd3000: AppleBSDKextStarterVPN (com.apple.driver.AppleBSDKextStarterVPN) 0x80fd3000: AppleS5L8930X (com.apple.driver.AppleS5L8930X) 0x80fdd000: AppleSamsungI2S (com.apple.driver.AppleSamsungI2S) 0x80fe2000: I/O Kit Driver for USB HID Devices (com.apple.driver.usb.IOUSBHostHIDDeviceSafeBoot) 0x80fe2000: AppleM68Buttons (com.apple.driver.AppleM68Buttons) 0x80fe7000: AppleUSBDeviceMux (com.apple.driver.AppleUSBDeviceMux) 0x80fef000: PPTP (com.apple.nke.pptp) 0x80ff4000: AppleSwissPPNFTL (com.apple.driver.AppleSwissPPNFTL) 0x81027000: AppleSongbird (com.apple.driver.AppleSongbird) 0x81034000: H264 Video Encoder (com.apple.driver.AppleVXE380) 0x81093000: ApplePinotLCD (com.apple.driver.ApplePinotLCD) 0x81096000: AppleEmbeddedCompass (com.apple.driver.AppleEmbeddedCompass) 0x810a1000: I/O Kit Driver for USB User Clients (com.apple.iokit.usb.AppleUSBHostUserClient) 0x810a1000: AppleS5L8940XDWI (com.apple.driver.AppleS5L8940XDWI) 0x810a5000: AppleUSBEthernetHost (com.apple.driver.AppleUSBEthernetHost) 0x810ab000: AppleDPRepeater (com.apple.driver.AppleDPRepeater) 0x810d2000: I/O Kit HID Event Driver Safe Boot (com.apple.iokit.IOHIDEventDriverSafeBoot) 0x810d2000: tlsnke (com.apple.nke.tls) 0x810da000: AppleDiagnosticDataAccessReadOnly (com.apple.driver.AppleDiagnosticDataAccessReadOnly) 0x810dd000: AppleA5IOP (com.apple.driver.AppleA5IOP) - new symbols in the kernel: Not too many, as the diff (below) shows. I've annotated the more interesting ones, but the highlights are:
- More code signing (
cs_*) symbols to handle code signing blobs - allocation - kalloc/malloc/etc - are now
_external - pmc and IOKitDiagnostics class removed (but likely kext'ed - haven't looked into this yet
Caveat: Using a diff method on jtool -S (or nm) potentially misses on symbols that were simply stripped, and not necessarily removed.morpheus@Zephyr (~)$ jtool -S /tmp/kernel.8.1.2 | cut -d' ' -f3 > tmp/syms.812 morpheus@Zephyr (~)$ jtool -S /tmp/kernel.9.0b1 | cut -d' ' -f3 > tmp/syms.9 morpheus@Zephyr (~)$ diff /tmp/syms.812 /tmp/syms.9 | c++filt 27d26 < _IOKitResetTime 50,54d48 < _IOMapperIOVMAlloc < _IOMapperIOVMFree < _IOMapperInsertPPNPages < _IOMapperInsertPage < _IOMapperInsertUPLPages 81a76 > _IOSleepWithLeeway # Likely improves on timer coalescing 144a140 > _PE_consistent_debug_register 153a150 > _PE_i_can_has_kernel_configuration # WooHOO! PE_I_can_has_debugger has a brother! 175,176c172,173 < __MALLOC < __MALLOC_ZONE --- > __MALLOC_ZONE_external > __MALLOC_external 192d188 < OSFlushObjectTrackList() 424a421 > IODMACommand::withRefCon(void*) 434a432 > IODMACommand::initWithRefCon(void*) 436a435 > IODMACommand::createCopyBuffer(IODirection, unsigned long long) 437a437 > IODMACommand::withSpecification(bool (*)(IODMACommand*, IODMACommand::Segment64, void*, unsigned long), IODMACommand::SegmentOptions const*, unsigned int, IOMapper*, void*) 438a439 > IODMACommand::getAlignmentLength() 440a442 > IODMACommand::initWithSpecification(bool (*)(IODMACommand*, IODMACommand::Segment64, void*, unsigned long), IODMACommand::SegmentOptions const*, unsigned int, IOMapper*, void*) 441a444 > IODMACommand::prepareWithSpecification(bool (*)(IODMACommand*, IODMACommand::Segment64, void*, unsigned long), IODMACommand::SegmentOptions const*, unsigned int, IOMapper*, unsigned long long, unsigned long long, bool, bool) 443a447 > IODMACommand::getAlignmentInternalSegments() 1016,1028d1019 # IOKit Diagnostics class is no more (but may be in a kext - haven't checked) < IOKitDiagnostics::gMetaClass < IOKitDiagnostics::superClass < IOKitDiagnostics::diagnostics() < IOKitDiagnostics::updateOffset(OSDictionary*, unsigned long, char const*) < IOKitDiagnostics::MetaClass::MetaClass() < IOKitDiagnostics::MetaClass::MetaClass() < IOKitDiagnostics::metaClass < IOKitDiagnostics::IOKitDiagnostics(OSMetaClass const*) < IOKitDiagnostics::IOKitDiagnostics() < IOKitDiagnostics::IOKitDiagnostics(OSMetaClass const*) < IOKitDiagnostics::IOKitDiagnostics() < IOKitDiagnostics::~IOKitDiagnostics() < IOKitDiagnostics::~IOKitDiagnostics() 1160a1152 > IONVRAMController::registerService(unsigned long) 1162d1153 < IONVRAMController::start(IOService*) 1171d1161 < IOPolledInterface::checkAllForWork() 1737a1728 > IOCPU::signalCPUCancel(IOCPU*) 1739a1731 > IOCPU::signalCPUDeferred(IOCPU*) 1835d1826 < IOMapper::allocTable(unsigned long) 1837,1838d1827 < IOMapper::iovmInsert(unsigned int, unsigned long, upl_page_info*, unsigned long) < IOMapper::iovmInsert(unsigned int, unsigned long, unsigned int*, unsigned long) 1840,1842d1828 < IOMapper::NewARTTable(unsigned long, void**, unsigned int*) < IOMapper::FreeARTTable(OSData*, unsigned long) < IOMapper::iovmMapMemory(OSObject*, unsigned int, unsigned int, unsigned int, upl_page_info*, IODMAMapSpecification const*) 1844d1829 < IOMapper::iovmFreeDMACommand(IODMACommand*, unsigned int, unsigned long) 1846d1830 < IOMapper::iovmAllocDMACommand(IODMACommand*, unsigned long) 2216a2201 > OSMetaClass::getClassNameSymbol() const 2230a2216 > IODMACommand::getIOMemoryDescriptor() const 2358,2360d2343 < IOKitDiagnostics::getMetaClass() const < IOKitDiagnostics::MetaClass::alloc() const < IOKitDiagnostics::serialize(OSSerialize*) const 2481d2463 < IOMapper::getBypassMask(unsigned long long*) const 2589d2570 < vtable for IOKitDiagnostics 2671d2651 < vtable for IOKitDiagnostics::MetaClass 2717a2698 > ___llvm_profile_runtime 2739a2721 > _arm_hardware_page_size 2761d2742 < _boot 2850d2830 < _bufattr_cpaddr 2851a2832 > _bufattr_cpx 2865d2845 < _bufattr_setcpaddr 2866a2847 > _bufattr_setcpx 2928a2910,2919 CPX is obviously crypto related. SEP wrapped implies it might be tied to device keys? > _cpx_alloc > _cpx_free > _cpx_is_sep_wrapped_key > _cpx_iv_aes_ctx > _cpx_key > _cpx_key_len > _cpx_set_key_len > _cpx_set_use_offset_for_iv > _cpx_size > _cpx_use_offset_for_iv # These are BOUND to be interesting. AAPL further refining code signing > _cs_debug 2936d2927 < _cs_register_cscsr 2937a2929,2937 > _cs_restricted > _csblob_find_blob_bytes > _csblob_get_cdhash > _csblob_get_entitlements > _csblob_get_flags > _csblob_get_identity > _csblob_get_platform_binary > _csblob_get_teamid > _csfg_get_cdhash 2940a2941 > _csproc_get_blob 2942a2944 > _csvnode_get_blob 2943a2946 > _csvnode_print_debug 3123,3124d3125 < _gOSObjectTrackList < _gOSObjectTrackThread 3134a3136,3137 > _gpu_fceiling_cb_register > _gpu_submission_telemetry 3198c3201 < _ifnet_get_ipsec_offload_frames --- > _ifnet_get_keepalive_offload_frames 3221a3225 > _ifnet_link_status_report 3317c3321 < _kalloc --- > _kalloc_external 3381a3386 > _kern_stack_snapshot_with_reason 3385a3391 > _kernel_debug_string 3394a3401 > _kevent_qos_internal 3396,3397c3403,3405 < _kmem_alloc < _kmem_alloc_kobject --- > _kmem_alloc_external > _kmem_alloc_kobject_external > _kmem_alloc_pageable_external 3403a3412 > _kx_qsort 3495a3505 > _mach_vm_remap 3537a3548 > _mbuf_get_unsent_data_bytes 3680,3681d3690 < _perf_monitor_register_14 < _perf_monitor_unregister 3686,3704d3694 < _pmc_config_set_interrupt_threshold < _pmc_config_set_value < _pmc_create_config < _pmc_find_by_name < _pmc_free_config < _pmc_free_pmc_list < _pmc_get_accessible_core_list < _pmc_get_name < _pmc_get_pmc_list < _pmc_register < _pmc_reservation_free < _pmc_reservation_read < _pmc_reservation_start < _pmc_reservation_stop < _pmc_reservation_write < _pmc_reserve < _pmc_reserve_task < _pmc_reserve_thread < _pmc_unregister 3734a3725 > _proc_set_responsible_pid 3943a3935 > _sysdiagnose_notify_user 4165a4158,4159 > _vm_kernel_addrperm_external > _vm_kernel_unslide_or_perm_external 4171a4166 > _vm_map_create 4179c4174,4176 < _vm_map_wire --- > _vm_map_wire_and_extract_external > _vm_map_wire_external > _vm_page_wire_count
- More code signing (
2. OS X 10.11
- I liked it better when the code names were feline. Seriously. El Capitan. Capitulate and admit the code names are losing it.. While on the subject, 10.11? Why not just call it OS X 11? or OS XI? Oh, brother.
- mac_proc_check_[get/set]lcid is deprecated, as is apparently the entire notion of a login context.
- fbt and sdt providers removed from DTrace
- Daemons: quick diff here:
morpheus@Simulacrum (/Volumes/OS X Base System/System/Library/LaunchDaemons)$ ls -b > /tmp/10.11.ld morpheus@Simulacrum (/Volumes/OS X Base System/System/Library/LaunchDaemons)$ diff /tmp/10.10.ld /tmp/10.11.ld | grep '> ' > com.apple.VoiceOver.plist > com.apple.akd.plist > com.apple.coreservices.sharedfilelistd.plist > com.apple.corestorage.corestoragehelperd.installer.plist > com.apple.icloud.findmydeviced.FMM_recovery.plist > com.apple.imklaunchdaemon.plist > com.apple.install.cd.plist > com.apple.installer.instlogd.plist > com.apple.lsd.plist > com.apple.mDNSResponder.plist > com.apple.mDNSResponderHelper.plist > com.apple.opendirectorydInstaller.plist > com.apple.passwordreset.gui.plist > com.apple.pboard.plist > com.apple.recovery.storeaccountd.plist > com.apple.recovery.storeassetd.plist > com.apple.recovery.storedownloadd.plist > com.apple.recovery.storeuid.plist > com.apple.rootless.init.plist > com.apple.scrod.plist > com.apple.security.agent.login.plist > com.apple.system_installd.plist > com.apple.webcontentfilter.RecoveryOS.plist > com.apple.xpc.uscwoap.plist > org.ntp.sntp.plist
- rootless (
/usr/libexec/rootless-init , which apparently is only some sandbox profile pusher (/System/Library/Sandbox/rootless.compat). Apple calls this "System Integrity Protection". Essentially, it involves a new flag on processes and on files, making them only tamperable (task-for-pid or writable, respectively) if said flag is present. All of Apple's system binaries have this, and files in/System ,/usr/* (save/usr/local ) are thus protected. You can bet AMFI has something to do with it. - Kernel is now in
/System/Library/PrelinkedKernels . As is the custom as of 10.10, the kernel is complzvn compressed. Fortunately, usingkextcachewe can uncompress:Simulacrum:~ morpheus$ kextcache -c prelinkedkernel -uncompressed Simulacrum:~ morpheus$ jtool -l prelinkedkernel Fat binary, big-endian, 1 architectures: x86_64 Specify one of these architectures with -arch switch, or export the ARCH environment variable Simulacrum:~ morpheus$ ARCH=x86_64 jtool -l prelinkedkernel LC 00: LC_SEGMENT_64 Mem: 0xffffff8000200000-0xffffff8000a00000 __TEXT Mem: 0xffffff80002bf000-0xffffff800092fd98 __TEXT.__text (Normal) Mem: 0xffffff800092fda0-0xffffff8000952580 __TEXT.__const Mem: 0xffffff8000952580-0xffffff80009ffc8b __TEXT.__cstrin(C-String Literals) LC 01: LC_SEGMENT_64 Mem: 0xffffff8000a00000-0xffffff8000b1f000 __DATA Mem: 0xffffff8000a00000-0xffffff8000a00028 __DATA.__got Mem: 0xffffff8000a00028-0xffffff8000a00230 __DATA.__mod_init_func (Module Init Function Ptrs) Mem: 0xffffff8000a00230-0xffffff8000a00430 __DATA.__mod_term_func (Module Termination Function Ptrs) Mem: 0xffffff8000a01000-0xffffff8000a29440 __DATA.__const Mem: 0xffffff8000a2a000-0xffffff8000a8dde8 __DATA.__data Mem: 0xffffff8000a8dde8-0xffffff8000a8dfe8 __DATA.__sfi_class_reg Mem: 0xffffff8000a8e000-0xffffff8000a90798 __DATA.__sysctl_set Mem: 0xffffff8000a90798-0xffffff8000a90798 __DATA.__llvm_prf_cnts Mem: 0xffffff8000a90798-0xffffff8000a90798 __DATA.__llvm_prf_data Mem: 0xffffff8000a90798-0xffffff8000a90798 __DATA.__llvm_prf_names Mem: 0xffffff8000a91000-0xffffff8000ad7ce8 __DATA.__bss (Zero Fill) Mem: 0xffffff8000ad8000-0xffffff8000b1e550 __DATA.__common(Zero Fill) LC 02: LC_SEGMENT_64 Mem: 0xffffff8000100000-0xffffff8000113000 __HIB Mem: 0xffffff8000100000-0xffffff8000106000 __HIB.__bootPT Mem: 0xffffff8000106000-0xffffff8000107098 __HIB.__desc Mem: 0xffffff8000108000-0xffffff800010c074 __HIB.__data Mem: 0xffffff800010d000-0xffffff800010f752 __HIB.__text Mem: 0xffffff8000110000-0xffffff8000110100 __HIB.__const Mem: 0xffffff8000111000-0xffffff8000111114 __HIB.__common (Zero Fill) Mem: 0xffffff8000112000-0xffffff8000112200 __HIB.__bss (Zero Fill) LC 03: LC_SEGMENT_64 Mem: 0xffffff8000b1f000-0xffffff8000b20000 __DESC Mem: 0xffffff8000b1f000-0xffffff8000b1f088 __DESC.master_sstk LC 04: LC_SEGMENT_64 Mem: 0xffffff8000b20000-0xffffff8000b21000 __VECTORS Mem: 0xffffff8000b20000-0xffffff8000b200d0 __VECTORS.__recover LC 05: LC_SEGMENT_64 Mem: 0xffffff8000b21000-0xffffff8000b3a000 __KLD Mem: 0xffffff8000b21000-0xffffff8000b32e18 __KLD.__text (Normal) Mem: 0xffffff8000b32e18-0xffffff8000b335e8 __KLD.__cstring(C-String Literals) Mem: 0xffffff8000b33600-0xffffff8000b39698 __KLD.__const Mem: 0xffffff8000b39698-0xffffff8000b396a0 __KLD.__mod_init_func (Module Init Function Ptrs) Mem: 0xffffff8000b396a0-0xffffff8000b396a8 __KLD.__mod_term_func (Module Termination Function Ptrs) Mem: 0xffffff8000b396a8-0xffffff8000b396a9 __KLD.__bss (Zero Fill) LC 06: LC_SEGMENT_64 Mem: 0xffffff8000b3a000-0xffffff8000b3b000 __LAST Mem: 0xffffff8000b3a000-0xffffff8000b3a008 __LAST.__mod_init_func (Module Init Function Ptrs) Mem: 0xffffff8000b3a008-0xffffff8000b3a008 __LAST.__last (Zero Fill) LC 07: LC_SEGMENT_64 Mem: 0xffffff8000c5a000-0xffffff8003420000 __PRELINK_TEXT Mem: 0xffffff8000c5a000-0xffffff8003420000 __PRELINK_TEXT.__text LC 08: LC_SEGMENT_64 Mem: 0xffffff8000b3b000-0xffffff8000b3b000 __PRELINK_STATE Mem: 0xffffff8000b3b000-0xffffff8000b3b000 __PRELINK_STATE.__kernel Mem: 0xffffff8000b3b000-0xffffff8000b3b000 __PRELINK_STATE.__kexts LC 09: LC_SEGMENT_64 Mem: 0xffffff8003420000-0xffffff80036c3000 __PRELINK_INFO Mem: 0xffffff8003420000-0xffffff80036c2b08 __PRELINK_INFO.__info LC 10: LC_SEGMENT_64 Mem: 0xffffff8000b3b000-0xffffff8000c59e48 __LINKEDIT LC 11: LC_SYMTAB Symbol table is at offset 0x95b968 (9812328), 20432 entries String table is at offset 0x9ab668 (10139240), 562992 bytes LC 12: LC_DYSYMTAB No local symbols 20432 external symbols at index 0 No undefined symbols No TOC No modtab No Indirect symbols LC 13: LC_UUID UUID: 3AAEDB95-B171-37A2-89E4-7FB491D855B5 LC 14: LC_VERSION_MIN_MACOSX Minimum OS X version: 10.11.0 LC 15: LC_SOURCE_VERSION Source Version: 3216.0.0.1.13 # Still with UNIXTHREAD - Apple doesn't want to modify boot.efi to read LC_MAIN.. LC 16: LC_UNIXTHREAD Entry Point: 0xffffff800010d000 LC 17: LC_FUNCTION_STARTS Offset: 9785448, Size: 26880 (0x955068-0x95b968) LC 18: LC_SEGMENT_64 Mem: 0xffffff8000b3b000-0xffffff8000b3b000 __CTF Mem: 0xffffff8000b3b000-0xffffff8000b90f4d __CTF.__ctf
Boot-args
Using jtool -d __TEXT.__text kernel.dump | grep PE_parse | grep \" | cut -d\" -f2 | cut -d\" -f1 | sort -u you can get a list of all bootargs (sorted alphabetically and with duplicates suppressed). Comparing the list from a 64-bit iOS 9 kernel with the one yielded by an 8.4 kernel reveals:
Added: -minimalboot -no_corpses -use_hwpagesize arm64_maxoffset arm_maxoffset assertions atm_diagnostic_config cpus_defeatures pmtimeout multiq_drain_ceiling radar_20804515 sched_debug statistics swd_delay_duration swd_delay_type swd_kext_name swd_timeout wql_tsize wqp_tsize wqt_min_free wqt_tbl_size Removed: -vm16k maxoffset multiq_drain_urgent_first
Interestingly, in the 32-bit version the args are a tad different - no mention of "swd", for example (which I'm thinking could be the infamous Kernel Patch Protection) (kpp maybe moved to iBoot or Secure Enclave?):
# Since this is not a diff, these are all the args present in the 32 bit kernel $ jtool -d __TEXT.__text kernel.9b.4S.decrypted 2>/dev/null | grep PE_parse_boo | grep \" | cut -d\" -f2 | cut -d\" -f1 | sort -u -b -disable_atm -l -minimalboot -multiq-deep-drain -no-zp -no_corpses -novfscache -panic_on_exception_triage -progress -qos-policy-allow -s -vnode_cache_defeat -x -zinfop -zp _panicd_corename _panicd_ip _router_ip aks_default_class arm_maxoffset assert assertions atm_diagnostic_config bg_preempt colors debug diag disable_exc_resource fill hwm_user_cores ifa_debug ifnet_debug imp_interactive_receiver inaddr_nhash initmcl io_throttle_period_tier1 io_throttle_period_tier2 io_throttle_period_tier3 io_throttle_window_tier1 io_throttle_window_tier2 io_throttle_window_tier3 jtag kdp_crashdump_pkt_size kdp_match_name kernel_stack_pages lcks lo_txstart longterm max_cpumon_interval max_cpumon_percentage maxmem mbuf_debug mbuf_pool mcache_flags mleak_sample_factor msgbuf mtxspin multiq_drain_band_limit multiq_drain_ceiling multiq_drain_depth_limit nbuf ncl net.inet.ip.scopedroute net.inet6.ip6.scopedroute net_affinity net_rtref net_rxpoll panic_on_cs_killed panicd_port pld preempt qos_override_mode rte_debug sched sched_debug sched_decay_usage_age_factor sched_pri_decay_limit sched_use_combined_fgbg_decay serverperfmode slto_us socket_debug task_policy_suppression_disable task_wakeups_monitor_interval task_wakeups_monitor_rate task_wakeups_monitor_ustackshots_trigger_pct trace trace_panic trace_typefilter trace_wake vm_compression_limit vm_compressor vm_compressor_immediate vm_compressor_threads wfi wql_tsize wqp_tsize wqsize wqt_min_free wqt_tbl_size zalloc_debug zlog zp-factor zp-scale zrecs zsize