Skip to content

1.1.4
Compare
Choose a tag to compare
@0cyn 0cyn released this 15 Mar 02:52
· 109 commits to master since this release
1.1.4
b197c89

Nothing too crazy, a lot of cleanup/refactoring, a few additions

GUI

  • Structs will now be rendered with an indentation for readability
  • Scrolling now supports PGUP + PGDOWN

Image

.vm_realign() - Computes image alignment (after the imageheader has been loaded) and sets up (or re-sets-up) the proper VM translator for the image.

Slice

CPU subtype now masks out the ABI bits.

VM Address Translation

Added a new VM translator, based on how low-level memory paging works. It is up to 2x faster than the old manual translator.

It falls back to the legacy method whenever images cannot be mapped to 16k/4k pages.

  • Refactor: -> get_file_address() -> translate()
  • New Attribute: .detag_kern_64 - Set this to automatically detag 64 bit kernel pointers being translated
  • New Attribute: .detag_64 - Set this to detag 64 bit pointers (remove chained fixup data)

ObjC

A lot more fallback/safe failure stuff. You can now load a binary extracted using the default dyld_extractor.bundle (although objc data will still not be processable, as the offsets are entirely junk and likely irreperable without access to the entire cache).

Structs

.render_indented() - Return a string similar to str(struct_instance) but with linebreaks and indentation.

Internal:

Struct sizes now actually contain two values; the high 2 bytes represent the type of the field, and the low 2 bytes represent the size of the data in that field.

loading a field as bytes uses the size type_bytes | <size>. loading a field as a string is done with char_t[size]. Unsigned ints now internally use the 0x10000 mask instead of being represented by -<size>

kcache parsing:

  • Added version string parsing
    image
Assets 2
Loading