You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
dyld-shared-cache-extractor and Hopper.app extract different addresses in data.
For example, in the CoreDisplay framework extracted by dyld-shared-cache-extractor, I see the following:
There's a string literal here:
aDsctargetbpp:
00007ff8025e80f2 db "dscTargetBPP", 0
which is used in a cfstring here:
00007ff840505778 dq 0x0000040043146b28, 0x00000000000007c8, 0x00000400025e80f2, 0x000000000000000c ; DATA XREF=_CGXMappedDisplayStart+3905
however, the addresses in the cfstring have 00000400 instead of 00007ff8 for the upper 32-bits. I don't know why.
Maybe it's an issue with the disassembler. I'm using Hopper.app but otool shows the same addresses and data. I guess that makes sense since they're both looking at the same extracted binary.
I tried the "Read File From DYLD Cache..." command in Hopper.app and it produces better results:
aDsctargetbpp:
00007ff8025e80f2 db "dscTargetBPP", 0 ; DATA XREF=cfstring_dscTargetBPP
dyld-shared-cache-extractor and Hopper.app extract different addresses in data.
For example, in the CoreDisplay framework extracted by dyld-shared-cache-extractor, I see the following:
There's a string literal here:
which is used in a cfstring here:
however, the addresses in the cfstring have 00000400 instead of 00007ff8 for the upper 32-bits. I don't know why.
Maybe it's an issue with the disassembler. I'm using Hopper.app but otool shows the same addresses and data. I guess that makes sense since they're both looking at the same extracted binary.
I tried the "Read File From DYLD Cache..." command in Hopper.app and it produces better results:
The text was updated successfully, but these errors were encountered: