Errors due to mapped memory

[duraki]

Anyone had similar issues? The error message references to mmap() mostly on Google. My memory is free (no apps open), other apps are not recalling the issue with memory. What else can it be?

$ dsdump --arch arm64 -U -vvv ../../../ios-analysis/IPA/Payload/NN.app/NN
0x400000000 is mapped to existing memory, exiting

[DerekSelander]

How I wrote dsdump, I'll mmap the executable into memory, but I needed a way to ensure I don't mix up the load addresses of the binary with dsdump's own address space. I chose 0x400000000 as a place where not a lot of code lives. You can submit a fix via a PR, modify this location if you were to build yourself, or give me the jtool -l of the executable and wait till early 2022 when I should have enough free time to get an updated version of this tool out.

[erikng]

jtool -l -arch x86_64 ./dsdump_beta/dsdump
LC 00: LC_SEGMENT_64          Mem: 0x000000000-0x100000000  __PAGEZERO
LC 01: LC_SEGMENT_64          Mem: 0x100000000-0x10039c000  __TEXT
    Mem: 0x100003ed0-0x10014c1e2        __TEXT.__text   (Normal)
    Mem: 0x10014c1e2-0x10014c58a        __TEXT.__stubs  (Symbol Stubs)
    Mem: 0x10014c58c-0x10014cace        __TEXT.__stub_helper    (Normal)
    Mem: 0x10014cace-0x10014e059        __TEXT.__objc_methname  (C-String Literals)
    Mem: 0x10014e060-0x10016d5a9        __TEXT.__cstring    (C-String Literals)
    Mem: 0x10016d5a9-0x10016d645        __TEXT.__objc_classname (C-String Literals)
    Mem: 0x10016d645-0x10016ea23        __TEXT.__objc_methtype  (C-String Literals)
    Mem: 0x10016ea30-0x1003988ff        __TEXT.__const
    Mem: 0x100398900-0x10039a6fc        __TEXT.__gcc_except_tab
    Mem: 0x10039a700-0x10039a754        __TEXT.__catfarts
    Mem: 0x10039a754-0x10039bff4        __TEXT.__unwind_info
LC 02: LC_SEGMENT_64          Mem: 0x10039c000-0x100558000  __DATA
    Mem: 0x10039c000-0x10039c008        __DATA.__nl_symbol_ptr  (Non-Lazy Symbol Ptrs)
    Mem: 0x10039c008-0x10039c0c8        __DATA.__got    (Non-Lazy Symbol Ptrs)
    Mem: 0x10039c0c8-0x10039c5a8        __DATA.__la_symbol_ptr  (Lazy Symbol Ptrs)
    Mem: 0x10039c5a8-0x10039c5e0        __DATA.__mod_init_func  (Module Init Function Ptrs)
    Mem: 0x10039c5e0-0x1003eb630        __DATA.__const
    Mem: 0x1003eb630-0x1003eb8f0        __DATA.__cfstring
    Mem: 0x1003eb8f0-0x1003eb908        __DATA.__objc_classlist (Normal)
    Mem: 0x1003eb908-0x1003eb920        __DATA.__objc_catlist   (Normal)
    Mem: 0x1003eb920-0x1003eb930        __DATA.__objc_nlcatlist (Normal)
    Mem: 0x1003eb930-0x1003eb940        __DATA.__objc_protolist
    Mem: 0x1003eb940-0x1003eb948        __DATA.__objc_imageinfo
    Mem: 0x1003eb948-0x1003ed318        __DATA.__objc_const
    Mem: 0x1003ed318-0x1003ed748        __DATA.__objc_selrefs   (Literal Pointers)
    Mem: 0x1003ed748-0x1003ed7a8        __DATA.__objc_classrefs (Normal)
    Mem: 0x1003ed7a8-0x1003ed7c0        __DATA.__objc_superrefs (Normal)
    Mem: 0x1003ed7c0-0x1003ed940        __DATA.__objc_ivar
    Mem: 0x1003ed940-0x1003edd50        __DATA.__objc_data
    Mem: 0x1003edd50-0x100455d10        __DATA.__data
    Mem: 0x100455d10-0x1005566f9        __DATA.__bss    (Zero Fill)
    Mem: 0x100556700-0x1005568e2        __DATA.__common (Zero Fill)
LC 03: LC_SEGMENT_64          Mem: 0x100558000-0x100664000  __LINKEDIT
LC 04: LC_DYLD_INFO
LC 05: LC_SYMTAB
    Symbol table is at offset 0x45efa8 (4583336), 23916 entries
    String table is at offset 0x4bcbb0 (4967344), 622608 bytes
LC 06: LC_DYSYMTAB
    23296 local symbols at index     0
      442 external symbols at index  23296
      178 undefined symbols at index 23738
       No TOC
       No modtab
      337 Indirect symbols at offset 0x4bc668

LC 07: LC_LOAD_DYLINKER         /usr/lib/dyld
LC 08: LC_UUID                  UUID: 2956F9CE-0A8F-30EA-A2E9-5CEF800AD98D
LC 09: LC_BUILD_VERSION         Build Version:           Platform: MacOS 10.14.0
LC 10: LC_SOURCE_VERSION        Source Version:          0.0.0.0.0
LC 11: LC_MAIN                  Entry Point:             0x1b754 (Mem: 0x10001b754)
LC 12: LC_LOAD_WEAK_DYLIB       /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
LC 13: LC_LOAD_DYLIB            /usr/lib/libobjc.A.dylib
LC 14: LC_LOAD_DYLIB            /usr/lib/libc++.1.dylib
LC 15: LC_LOAD_DYLIB            /usr/lib/libSystem.B.dylib
LC 16: LC_LOAD_WEAK_DYLIB       /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
LC 17: LC_RPATH                 @executable_path/../Frameworks
LC 18: LC_RPATH                 @loader_path/../Frameworks
LC 19: LC_FUNCTION_STARTS       Offset: 4577120, Size: 5200 (0x45d760-0x45ebb0)
LC 20: LC_DATA_IN_CODE          Offset: 4582320, Size: 1016 (0x45ebb0-0x45efa8)
LC 21: LC_CODE_SIGNATURE        Offset: 5589952, Size: 62432 (0x554bc0-0x563fa0)

[ynyyn]

If you use macOS Monterey (12)+, try to run the old released dsdump (dsdump_compiled.zip, https://github.com/DerekSelander/dsdump/commit/1a8857e447d1f2e683c4a6b376ba5918cdd419ee) with env MallocNanoZone=0, it should work to some degree.

$ MallocNanoZone=0 dsdump --objc dsdump

For details, see my comment at https://github.com/DerekSelander/dsdump/issues/35#issuecomment-1179083296.

[duraki]

Hey @ynyyn thanks for the PR! I can confirm your build works fine on x86_64bit Mac architecture:

MallocNanoZone=0 dsdump -s /Applications/x.app/Contents/MacOS/x -a x86_64 | more
 protocol x.NoteEditorViewControllerDelegate // 3 requirements
 protocol x.TransitionHandler // 1 requirements
 protocol x.StateDismissible // 7 requirements
 protocol x.ApplePencilDetectorUsing // 1 requirements