search

bazad / ida_kernelcache

An IDA Toolkit for analyzing iOS kernelcaches.
MIT License
284 stars 73 forks source link

Exception on IDA 7.0. iPhone8,1 iOS 12.1.2 #5

Open TrungNguyen1909 opened 5 years ago

TrungNguyen1909 commented 5 years ago

logs:

Possible file format: Mach-O file (EXECUTE). ARM64 (/Applications/IDA Pro 7.0/ida64.app/Contents/MacOS/loaders/macho64.dylib)

  bytes   pages size description
--------- ----- ---- --------------------------------------------
121634816 14848 8192 allocating memory for b-tree...
121634816 14848 8192 allocating memory for virtual array...
   262144    32 8192 allocating memory for name pointers...
-----------------------------------------------------------------
243531776            total memory allocated

Loading file '/Users/trung/ioskernel/kernelcache.dec' into database...
Detected file format: Mach-O file (EXECUTE). ARM64
Loading processor module /Applications/IDA Pro 7.0/ida64.app/Contents/MacOS/procs/arm64.dylib for arm...OK
Autoanalysis subsystem has been initialized.
[IDASkins] v2.0.4 by athre0z (zyantific.com) loaded!
[IDASkins] Skin file successfully applied!
Type library 'macosx64' loaded. Applying types...
Types applied to 0 names.
  0. Creating a new segment  (FFFFFFF007007B80-FFFFFFF00702D6F4) ... ... OK
  1. Creating a new segment  (FFFFFFF00702D6F4-FFFFFFF007075BAA) ... ... OK
  2. Creating a new segment  (FFFFFFF007075BAA-FFFFFFF007077FEC) ... ... OK
  3. Creating a new segment  (FFFFFFF007004000-FFFFFFF007007B80) ... ... OK
  4. Creating a new segment  (FFFFFFF007078000-FFFFFFF007078220) ... ... OK
  5. Creating a new segment  (FFFFFFF007078220-FFFFFFF007078438) ... ... OK
  6. Creating a new segment  (FFFFFFF007078440-FFFFFFF007096D08) ... ... OK
  7. Creating a new segment  (FFFFFFF007098000-FFFFFFF0075C43F4) ... ... OK
  8. Creating a new segment  (FFFFFFF0075C8000-FFFFFFF0075C8008) ... ... OK
  9. Creating a new segment  (FFFFFFF0075CC000-FFFFFFF0075CD7CC) ... ... OK
 10. Creating a new segment  (FFFFFFF0075CD7CC-FFFFFFF0075CDFBB) ... ... OK
 11. Creating a new segment  (FFFFFFF0075CDFC0-FFFFFFF0075CE030) ... ... OK
 12. Creating a new segment  (FFFFFFF0075CE030-FFFFFFF0075CE038) ... ... OK
 13. Creating a new segment  (FFFFFFF0075CE038-FFFFFFF0075CE040) ... ... OK
 14. Creating a new segment  (FFFFFFF0075CE040-FFFFFFF0075CE041) ... ... OK
 15. Creating a new segment  (FFFFFFF0075D0000-FFFFFFF0075FF964) ... ... OK
 16. Creating a new segment  (FFFFFFF0075FF964-FFFFFFF007601E34) ... ... OK
 17. Creating a new segment  (FFFFFFF007602000-FFFFFFF007603778) ... ... OK
 18. Creating a new segment  (FFFFFFF007604000-FFFFFFF007674528) ... ... OK
 19. Creating a new segment  (FFFFFFF007678000-FFFFFFF007690000) ... ... OK
 20. Creating a new segment  (FFFFFFF005C78000-FFFFFFF006118000) ... ... OK
 21. Creating a new segment  (FFFFFFF0077E8000-FFFFFFF0079EC000) ... ... OK
 22. Creating a new segment  (FFFFFFF006118000-FFFFFFF006DF8000) ... ... OK
 23. Creating a new segment  (FFFFFFF0076F4000-FFFFFFF0077E8000) ... ... OK
 24. Creating a new segment  (FFFFFFF006DF8000-FFFFFFF007004000) ... ... OK
Loading prelinked KEXTs
FFFFFFF005C78000: loading com.apple.iokit.IONetworkingFamily
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.iokit.IOTimeSyncFamily
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.corecapture
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.kec.corecrypto
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.IOImageLoader
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleBCMWLANFirmware_Hashstore
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.iokit.IOSlowAdaptiveClockingFamily
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.company.driver.modulename
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.iokit.IOReporting
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleARMPlatform
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleSamsungSPI
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.kext.CoreTrust
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleMobileFileIntegrity
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.iokit.IOHIDFamily
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.yourcompany.driver.AppleEmbeddedLightSensor
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleS5L8920XPWM
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleEmbeddedTempSensor
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.usb.AppleUSBCommon
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleUSBHostMergeProperties
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.iokit.IOUSBDeviceFamily
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.iokit.IOSerialFamily
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.iokit.IOSkywalkFamily
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleOnboardSerial
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.iokit.IOAccessoryManager
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleARMPMU
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleSN2400Charger
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.iokit.IOSurface
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.IODARTFamily
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleM2ScalerCSC
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.iokit.IOHDCPFamily
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.Libm.kext
FFFFFFF006118000: loading com.apple.iokit.IOAudio2Family
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.IOCECFamily
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.iokit.IOAVFamily
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.AUC
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.iokit.IOMobileGraphicsFamily
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleH8ADBE0
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleAVEH8
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleFirmwareUpdateKext
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.ApplePMGR
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.ApplePMGR
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleIPAppender
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleMultitouchSPI
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.iokit.IOPCIFamily
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleEmbeddedPCIE
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleS800xPCIe
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleS8000PCIe
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleBiometricSensor
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.ProvInfoIOKit
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.iokit.IOUSBHostFamily
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.usb.AppleUSBHostPacketFilter
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleS5L8960XDART
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.DiskImages
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.DiskImages.KernelBacked
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.DiskImages.RAMBackingStore
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleJPEGDriver
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.iokit.AppleARMIISAudio
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleEmbeddedAudio
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleCSEmbeddedAudio
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.iokit.IOMikeyBusFamily
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleTriStar
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleEmbeddedMikeyBus
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleMikeyBusAudio
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleS5L8940XI2C
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleEmbeddedUSB
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.iokit.IOCryptoAcceleratorFamily
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.EncryptedBlockStorage
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleEffaceableStorage
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.LightweightVolumeManager
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.usb.networking
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.usb.AppleUSBHostCompositeDevice
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.usb.cdc
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.usb.cdc.ncm
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleUSBEthernetDevice
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.iokit.IO80211Family
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.plugin.IOgPTPPlugin
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.LSKDIOKit
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.FairPlayIOKit
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.LSKDIOKitMSE
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleD5500
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.IOSlaveProcessor
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleA7IOP
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.RTBuddy
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.AppleSMC_Embedded
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleSEPManager
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleSSE
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.ASIOKit
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.AppleS8000DWI
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleCS35L19Amp
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.usb.IOUSBHostHIDDevice
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleUSBDeviceAudioController
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleUSBAudio
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.DiskImages.UDIFDiskImage
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.AppleLMBacklight
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.iokit.IOUserEthernet
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.iokit.IOSCSIArchitectureModelFamily
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.iokit.IOSCSIBlockCommandsDevice
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.iokit.IOUSBMassStorageDriver
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleUSBCardReader
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.ApplePMGR
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.ApplePinotLCD
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.nke.ppp
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.nke.lttp
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleSynopsysOTGDevice
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.drivers.AppleS7002SPU
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.AGXFirmwareKextG5P
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleS8000PMPFirmware
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.AppleARM64ErrorHandler
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.AppleS8000
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.IOTextEncryptionFamily
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.usb.AppleUSBHub
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleH6CameraInterface
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleMobileApNonce
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleUSBMike
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleS8000CLPC
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleSEPKeyStore
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.IOBorealisOwl
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.DiskImages.FileBackingStore
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.ApplePMP
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.iokit.IOStreamFamily
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleS5L8960XNCO
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleChestnutDisplayPMU
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.kec.pthread
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleStockholmControl
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleSamsungSerial
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleBSDKextStarter
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.usb.cdc.ecm
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleBasebandN71
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.filesystems.apfs
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.kext.Match
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleEffaceableBlockDevice
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.AppleS8000AES
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleMesaSEPDriver
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleBluetooth
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.usb.ethernet.asix
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleBasebandPCI
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleCredentialManager
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleS8003PCIe
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleSamsungPKE
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleInterruptController
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleC26Charger
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleAuthCP
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.drivers.AppleS7002SPUSphere
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleS5L8960XGPIOIC
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.security.sandbox
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleHIDKeyboard
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleHDQGasGaugeControl
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleTemperatureSensor
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleAE2Audio
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleNANDConfigAccess
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.iokit.IONVMeFamily
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleDialogPMU
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleD2255PMU
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.usb.AppleUSBEHCI
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleUSBHSIC
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.usb.AppleUSBOHCI
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleEmbeddedUSBHost
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleUSBHostT7000
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.IOAudioCodecs
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.DiskImages.ReadWriteDiskImage
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.AppleFSCompression.AppleFSCompressionTypeZlib
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleBluetoothDebugService
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleBCMWLANCore
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleBCMWLANBusInterfacePCIe
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleUSBDeviceNCM
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.security.AppleImage4
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleCS42L71Audio
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.file-systems.hfs.kext
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleS8000SmartIO
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleM68Buttons
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleUSBDeviceMux
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.nke.pptp
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleBasebandPCIMAVControl
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleS5L8960XWatchDogTimer
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.ApplePinotLCD
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.iokit.IOAcceleratorFamily
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleUSBEthernetHost
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleIDAMInterface
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleBasebandPCIMAVPDP
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleDiagnosticDataAccessReadOnly
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.iokit.IOAcceleratorFamily
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.AGXG5P
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleBiometricServices
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
FFFFFFF006118000: loading com.apple.driver.AppleS5L8960XUSB
entries start past the end of the indirect symbol table (reserved1 field greater than the table size)
DWARF: Looking for Mach-O DWARF file at "/Users/trung/ioskernel/kernelcache.dec.dSYM/Contents/Resources/DWARF/kernelcache.dec"...
DWARF: No.
Marking typical code sequences...
Flushing buffers, please wait...ok
File '/Users/trung/ioskernel/kernelcache.dec' has been successfully loaded into the database.
IDA is analysing the input file...
You may start to explore the input file right now.
Hex-Rays Decompiler plugin has been loaded (v7.0.0.170914)
  License: 54-B0E3-8004-FC Jiang Ying, Personal license (1 user)
  The hotkeys are F5: decompile, Ctrl-F5: decompile all.
  Please check the Edit/Plugins menu for more informaton.
IDAPython Hex-Rays bindings initialized.
[IDASkins] v2.0.4 by athre0z (zyantific.com) loaded!
[IDASkins] Skin file successfully applied!
------------------------------------------------------------------------------------------------------------
Python 2.7.10 (default, Aug 17 2018, 19:45:58) 
[GCC 4.2.1 Compatible Apple LLVM 10.0.0 (clang-1000.0.42)] 
IDAPython 64-bit v1.7.0 final (serial 0) (c) The IDAPython Team <idapython@googlegroups.com>
------------------------------------------------------------------------------------------------------------
Propagating type information...
Function argument information has been propagated
The initial autoanalysis has been finished.
Flushing buffers, please wait...ok
Database has been saved
Python>kc.process_kernelcache()
Traceback (most recent call last):
  File "<string>", line 1, in <module>
AttributeError: 'module' object has no attribute 'process_kernelcache'
Python>kc
<module 'ida_kernelcache' from '/Users/trung/ida_kernelcache/ida_kernelcache/__init__.pyc'>
Python>kc.kernelcache_process()
ida_kernelcache.segment: Renaming kext com.apple.driver.AppleBCMWLANFirmware_Hashstore -> com.apple.driver.AppleBCMWLANFirmware.Hashstore
ida_kernelcache.segment: Renaming kext com.company.driver.modulename -> com.apple.iokit.IOStorageFamily
ida_kernelcache.segment: Renaming kext com.apple.iokit.IOReporting -> com.apple.iokit.IOReportFamily
ida_kernelcache.segment: IDA thinks segment com.apple.driver.AppleARMPlatform:__TEXT.__const fffffff005cb3c00 - fffffff005cb55f8 should be fffffff005cb3c00 - fffffff005cb3f87
ida_kernelcache.segment: IDA thinks segment com.apple.driver.AppleMobileFileIntegrity:__TEXT.__cstring fffffff005cb79c8 - fffffff005cba21f should be fffffff005cb79c8 - fffffff005cb7d18
ida_kernelcache.segment: Renaming kext com.yourcompany.driver.AppleEmbeddedLightSensor -> com.apple.driver.AppleEmbeddedLightSensor
ida_kernelcache.segment: IDA thinks segment com.apple.iokit.IOUSBDeviceFamily:__TEXT.HEADER fffffff005cc5080 - fffffff005cc55e8 should be fffffff005cc5080 - fffffff005cc5150
ida_kernelcache.segment: IDA thinks segment com.apple.driver.IODARTFamily:__TEXT.__cstring fffffff005cdd728 - fffffff005cdf33f should be fffffff005cdd728 - fffffff005cddc65
ida_kernelcache.segment: Renaming kext com.apple.driver.AppleM2ScalerCSC -> com.apple.driver.AppleM2ScalerCSCDriver
ida_kernelcache.segment: IDA thinks segment com.apple.driver.AppleM2ScalerCSCDriver:__TEXT.__const fffffff005cf19e0 - fffffff005d0e540 should be fffffff005cf19e0 - fffffff005cfc430
ida_kernelcache.segment: Renaming kext com.apple.Libm.kext -> com.apple.kec.Libm
ida_kernelcache.segment: Renaming kext com.apple.IOCECFamily -> com.apple.iokit.IOCECFamily
ida_kernelcache.segment: IDA thinks segment com.apple.iokit.IOAVFamily:__TEXT.__cstring fffffff005d1b488 - fffffff005d23325 should be fffffff005d1b488 - fffffff005d213f0
ida_kernelcache.segment: IDA thinks segment com.apple.driver.AppleH8ADBE0:__TEXT.__cstring fffffff005d39d38 - fffffff005d4753e should be fffffff005d39d38 - fffffff005d3b4f3
ida_kernelcache.segment: Renaming kext com.apple.ApplePMGR -> com.apple.driver.ApplePMGR
ida_kernelcache.segment: Renaming kext com.apple.ApplePMGR -> com.apple.driver.AppleS8000PMGR
ida_kernelcache.segment: IDA thinks segment com.apple.driver.AppleS8000PMGR:__TEXT.__cstring fffffff005dde318 - fffffff005ddf9bf should be fffffff005dde318 - fffffff005ddecf4
ida_kernelcache.segment: IDA thinks segment com.apple.driver.AppleEmbeddedPCIE:__TEXT.__cstring fffffff005de7568 - fffffff005ded325 should be fffffff005de7568 - fffffff005dea60b
ida_kernelcache.segment: IDA thinks segment com.apple.driver.AppleBiometricSensor:__TEXT.__os_log fffffff005df1a22 - fffffff005df6bb3 should be fffffff005df1a22 - fffffff005df65c8
ida_kernelcache.segment: IDA thinks segment com.apple.driver.ProvInfoIOKit:__TEXT.__cstring fffffff005df9e40 - fffffff005dfb145 should be fffffff005df9e40 - fffffff005dfa2c4
ida_kernelcache.segment: IDA thinks segment com.apple.iokit.IOUSBHostFamily:__TEXT.__cstring fffffff005dfb788 - fffffff005e0b9e5 should be fffffff005dfb788 - fffffff005e0af2d
ida_kernelcache.segment: IDA thinks segment com.apple.driver.AppleJPEGDriver:__TEXT.__cstring fffffff005e10038 - fffffff005e134e3 should be fffffff005e10038 - fffffff005e1287b
ida_kernelcache.segment: IDA thinks segment com.apple.iokit.IOCryptoAcceleratorFamily:__TEXT.__cstring fffffff005e2a348 - fffffff005e2aae7 should be fffffff005e2a348 - fffffff005e2a5e0
ida_kernelcache.segment: Renaming kext com.apple.EncryptedBlockStorage -> com.apple.iokit.EncryptedBlockStorage
ida_kernelcache.segment: IDA thinks segment com.apple.driver.LightweightVolumeManager:__TEXT.__cstring fffffff005e2d2e8 - fffffff005e2f78a should be fffffff005e2d2e8 - fffffff005e2f149
ida_kernelcache.segment: IDA thinks segment com.apple.iokit.IO80211Family:__TEXT.__cstring fffffff005e36e50 - fffffff005e5b270 should be fffffff005e36e50 - fffffff005e37665
ida_kernelcache.segment: IDA thinks segment com.apple.driver.RTBuddy:__TEXT.__cstring fffffff005ee8ae8 - fffffff005ef30ec should be fffffff005ee8ae8 - fffffff005eeea96
ida_kernelcache.segment: Renaming kext com.apple.AppleSMC_Embedded -> com.apple.driver.AppleSMC
ida_kernelcache.segment: IDA thinks segment com.apple.driver.AppleSEPManager:__TEXT.__cstring fffffff005efb938 - fffffff005f14456 should be fffffff005efb938 - fffffff005f11220
ida_kernelcache.segment: IDA thinks segment com.apple.driver.AppleSEPManager:__TEXT.__const fffffff005f14460 - fffffff005f1488c should be fffffff005f14460 - fffffff005f14662
ida_kernelcache.segment: Renaming kext com.apple.ASIOKit -> com.apple.driver.ASIOKit
ida_kernelcache.segment: Renaming kext com.apple.AppleS8000DWI -> com.apple.driver.AppleS8000DWI
ida_kernelcache.segment: IDA thinks segment com.apple.driver.DiskImages.UDIFDiskImage:__TEXT.__const fffffff005f1d1f0 - fffffff005f1dd28 should be fffffff005f1d1f0 - fffffff005f1d417
ida_kernelcache.segment: Renaming kext com.apple.AppleLMBacklight -> com.apple.driver.AppleLMBacklight
ida_kernelcache.segment: IDA thinks segment com.apple.iokit.IOUSBMassStorageDriver:__TEXT.__const fffffff005f237a8 - fffffff005f239f8 should be fffffff005f237a8 - fffffff005f237e0
ida_kernelcache.segment: Renaming kext com.apple.ApplePMGR -> com.apple.driver.AppleS8000SOCTuner
ida_kernelcache.segment: Renaming kext com.apple.driver.ApplePinotLCD -> com.apple.driver.AppleSynopsysMIPIDSI
ida_kernelcache.segment: Renaming kext com.apple.nke.lttp -> com.apple.nke.l2tp
ida_kernelcache.segment: IDA thinks segment com.apple.driver.AppleSynopsysOTGDevice:__TEXT.__cstring fffffff005f2dc58 - fffffff005f2ff23 should be fffffff005f2dc58 - fffffff005f2f952
ida_kernelcache.segment: Renaming kext com.apple.drivers.AppleS7002SPU -> com.apple.driver.AppleSPU
ida_kernelcache.segment: IDA thinks segment com.apple.AGXFirmwareKextG5P:__TEXT.__const fffffff005f33b78 - fffffff005f51450 should be fffffff005f33b78 - fffffff005f37bd4
ida_kernelcache.segment: Renaming kext com.apple.AppleARM64ErrorHandler -> com.apple.driver.AppleTwisterErrorHandler
ida_kernelcache.segment: Renaming kext com.apple.AppleS8000 -> com.apple.driver.AppleS8000
ida_kernelcache.segment: IDA thinks segment com.apple.driver.AppleS8000:__TEXT.__cstring fffffff005f535e8 - fffffff005f5747b should be fffffff005f535e8 - fffffff005f55f88
ida_kernelcache.segment: IDA thinks segment com.apple.driver.AppleH6CameraInterface:__TEXT.__os_log fffffff005f5dcc8 - fffffff005f632b6 should be fffffff005f5dcc8 - fffffff005f62ba6
ida_kernelcache.segment: Renaming kext com.apple.driver.IOBorealisOwl -> com.apple.audio.IOBorealisOwl
ida_kernelcache.segment: IDA thinks segment com.apple.audio.IOBorealisOwl:__TEXT.__cstring fffffff005f6f750 - fffffff005f796a6 should be fffffff005f6f750 - fffffff005f6fb30
ida_kernelcache.segment: IDA thinks segment com.apple.kec.pthread:__TEXT.__cstring fffffff005f7e6c0 - fffffff005f8045d should be fffffff005f7e6c0 - fffffff005f7f7c9
ida_kernelcache.segment: IDA thinks segment com.apple.filesystems.apfs:__TEXT.__const fffffff005f845b0 - fffffff005f8bf20 should be fffffff005f845b0 - fffffff005f866a7
ida_kernelcache.segment: IDA thinks segment com.apple.filesystems.apfs:__TEXT.__cstring fffffff005f8bf20 - fffffff005faacf9 should be fffffff005f8bf20 - fffffff005f99160
ida_kernelcache.segment: Renaming kext com.apple.kext.Match -> com.apple.kext.AppleMatch
ida_kernelcache.segment: Renaming kext com.apple.AppleS8000AES -> com.apple.driver.AppleS8000AES
ida_kernelcache.segment: IDA thinks segment com.apple.driver.AppleMesaSEPDriver:__TEXT.__cstring fffffff005fb060a - fffffff005fb419b should be fffffff005fb060a - fffffff005fb0c29
ida_kernelcache.segment: IDA thinks segment com.apple.driver.AppleBasebandPCI:__TEXT.__cstring fffffff005fb65e8 - fffffff005fbc825 should be fffffff005fb65e8 - fffffff005fb9fda
ida_kernelcache.segment: Renaming kext com.apple.driver.AppleCredentialManager -> com.apple.driver.AppleSEPCredentialManager
ida_kernelcache.segment: Renaming kext com.apple.drivers.AppleS7002SPUSphere -> com.apple.driver.AppleSPUSphere
ida_kernelcache.segment: IDA thinks segment com.apple.security.sandbox:__TEXT.HEADER fffffff005fc7ac0 - fffffff005fc7fe0 should be fffffff005fc7ac0 - fffffff005fc7ec4
ida_kernelcache.segment: IDA thinks segment com.apple.security.sandbox:__TEXT.__const fffffff005fc7fe0 - fffffff0060476b6 should be fffffff005fc7fe0 - fffffff005fc8108
ida_kernelcache.segment: IDA thinks segment com.apple.iokit.IONVMeFamily:__TEXT.__cstring fffffff006052b78 - fffffff00605ee80 should be fffffff006052b78 - fffffff006056ffa
ida_kernelcache.segment: IDA thinks segment com.apple.iokit.IONVMeFamily:__TEXT.__const fffffff00605ee80 - fffffff00605f388 should be fffffff00605ee80 - fffffff00605eed8
ida_kernelcache.segment: IDA thinks segment com.apple.driver.usb.AppleUSBEHCI:__TEXT.__cstring fffffff006061eb8 - fffffff00606b006 should be fffffff006061eb8 - fffffff00606ad17
ida_kernelcache.segment: IDA thinks segment com.apple.driver.usb.AppleUSBOHCI:__TEXT.__cstring fffffff00606d780 - fffffff00606fdb1 should be fffffff00606d780 - fffffff00606e101
ida_kernelcache.segment: Renaming kext com.apple.driver.AppleUSBHostT7000 -> com.apple.driver.usb.AppleUSBHostT7000
ida_kernelcache.segment: IDA thinks segment com.apple.driver.AppleBCMWLANCore:__TEXT.__cstring fffffff006079140 - fffffff0060b3ba8 should be fffffff006079140 - fffffff00607a9a2
ida_kernelcache.segment: Renaming kext com.apple.file-systems.hfs.kext -> com.apple.filesystems.hfs.kext
ida_kernelcache.segment: IDA thinks segment com.apple.filesystems.hfs.kext:__TEXT.__cstring fffffff0060cbf00 - fffffff0060dd802 should be fffffff0060cbf00 - fffffff0060d15ba
ida_kernelcache.segment: IDA thinks segment com.apple.iokit.IOAcceleratorFamily:__TEXT.__cstring fffffff0060f1548 - fffffff0060f4c33 should be fffffff0060f1548 - fffffff0060f264c
ida_kernelcache.segment: IDA thinks segment com.apple.driver.AppleIDAMInterface:__TEXT.HEADER fffffff0060f7640 - fffffff0060f7ba8 should be fffffff0060f7640 - fffffff0060f76fc
ida_kernelcache.segment: Renaming kext com.apple.iokit.IOAcceleratorFamily -> com.apple.iokit.IOAcceleratorFamily2
ida_kernelcache.segment: IDA thinks segment com.apple.iokit.IOAcceleratorFamily2:__TEXT.__cstring fffffff0060f9bc8 - fffffff0060ff993 should be fffffff0060f9bc8 - fffffff0060faa62
Initializing data offsets
Initializing vtables
ida_kernelcache.collect_classes: Collecting information about OSMetaClass instances
ida_kernelcache.collect_classes: Searching for virtual method tables
ida_kernelcache.collect_classes: Metaclass 0xfffffff00773b160 (AUAEndpointDictionary) has multiple vtables: 0xfffffff006f2bda8, 0xfffffff006f2bf88
ida_kernelcache.collect_classes: Metaclass 0xfffffff007714540 (IosaPrescalerControl) has multiple vtables: 0xfffffff006e6b510, 0xfffffff006e6b740
ida_kernelcache.collect_classes: Metaclass 0xfffffff007716168 (M2ScalerScalingASEControl) has multiple vtables: 0xfffffff006e760c0, 0xfffffff006e76320
ida_kernelcache.collect_classes: Metaclass 0xfffffff00773b188 (AUAUnitDictionary) has multiple vtables: 0xfffffff006f2c440, 0xfffffff006f2c710, 0xfffffff006f2cf80, 0xfffffff006f2cb48, 0xfffffff006f2ce18, 0xfffffff006f2c5a8, 0xfffffff006f2ccb0, 0xfffffff006f2c0f0, 0xfffffff006f2c878, 0xfffffff006f2c9e0, 0xfffffff006f2c2d8, 0xfffffff006f2d0e8
ida_kernelcache.collect_classes: Metaclass 0xfffffff0076f4b08 (CCDataPipeBlob) has multiple vtables: 0xfffffff006e04300, 0xfffffff006e04a68, 0xfffffff006e04b08
ida_kernelcache.collect_classes: Done
ida_kernelcache.ida_utilities: Undefining item 0xfffffff0064a8a48 - 0xfffffff0064a90c0
ida_kernelcache.ida_utilities: Undefining item 0xfffffff0062e2194 - 0xfffffff0062e2198
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff0062e2194 into a function
ida_kernelcache.ida_utilities: Undefining item 0xfffffff0062da6b8 - 0xfffffff0062da730
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff0062da6b8 into a function
ida_kernelcache.ida_utilities: Undefining item 0xfffffff006294508 - 0xfffffff006294550
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff006294508 into a function
ida_kernelcache.ida_utilities: Undefining item 0xfffffff00613c688 - 0xfffffff00613c8d0
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff00613c688 into a function
ida_kernelcache.ida_utilities: Undefining item 0xfffffff006444a84 - 0xfffffff006444a88
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff006444a84 into a function
ida_kernelcache.ida_utilities: Undefining item 0xfffffff00629c6e4 - 0xfffffff00629c6e8
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff00629c6e4 into a function
ida_kernelcache.ida_utilities: Undefining item 0xfffffff00629e5b0 - 0xfffffff00629e6f8
ida_kernelcache.ida_utilities: Trying to restore original function 0xfffffff006363820
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff0063639e0 into a function
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff006124468 into a function
ida_kernelcache.ida_utilities: Undefining item 0xfffffff006318310 - 0xfffffff006318400
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff006318310 into a function
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff00614aed0 into a function
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff0062e2194 into a function
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff0062da6b8 into a function
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff00629c6e4 into a function
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff00629c6e4 into a function
ida_kernelcache.ida_utilities: Undefining item 0xfffffff0062be17c - 0xfffffff0062be180
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff0062be17c into a function
ida_kernelcache.ida_utilities: Undefining item 0xfffffff006dc7fdc - 0xfffffff006dc7fe0
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff006dc7fdc into a function
ida_kernelcache.ida_utilities: Undefining item 0xfffffff006ddcb1c - 0xfffffff006ddcb20
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff006ddcb1c into a function
ida_kernelcache.ida_utilities: Undefining item 0xfffffff006dc8cf0 - 0xfffffff006dc92f0
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff006dc8cf0 into a function
ida_kernelcache.ida_utilities: Undefining item 0xfffffff0061af9b4 - 0xfffffff0061af9b8
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff0061af9b4 into a function
ida_kernelcache.ida_utilities: Undefining item 0xfffffff00611cb88 - 0xfffffff00611ccb0
ida_kernelcache.ida_utilities: Undefining item 0xfffffff0063157dc - 0xfffffff0063157e0
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff0063157dc into a function
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff00629c6e4 into a function
ida_kernelcache.ida_utilities: Undefining item 0xfffffff0063f5c00 - 0xfffffff0063f5d90
ida_kernelcache.ida_utilities: Trying to restore original function 0xfffffff00629e6c4
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff006294508 into a function
ida_kernelcache.ida_utilities: Undefining item 0xfffffff00661fb44 - 0xfffffff00661fb48
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff00661fb44 into a function
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff00629c6e4 into a function
ida_kernelcache.ida_utilities: Undefining item 0xfffffff0063743c0 - 0xfffffff006374410
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff0063743c0 into a function
ida_kernelcache.ida_utilities: Undefining item 0xfffffff00631cf6c - 0xfffffff00631cf70
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff00631cf6c into a function
ida_kernelcache.ida_utilities: Undefining item 0xfffffff0063f5bfc - 0xfffffff0063f5c00
ida_kernelcache.ida_utilities: Undefining item 0xfffffff006cec7b4 - 0xfffffff006cec7b8
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff006cec7b4 into a function
ida_kernelcache.ida_utilities: Undefining item 0xfffffff0062cdad0 - 0xfffffff0062cddb0
ida_kernelcache.ida_utilities: Trying to restore original function 0xfffffff0062a7cb0
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff0062a8014 into a function
ida_kernelcache.ida_utilities: Trying to restore original function 0xfffffff00628c224
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff00628c5f8 into a function
ida_kernelcache.ida_utilities: Trying to restore original function 0xfffffff0063f5bfc
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff0063dd7a0 into a function
ida_kernelcache.ida_utilities: Trying to restore original function 0xfffffff006265634
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff0062657f0 into a function
ida_kernelcache.ida_utilities: Undefining item 0xfffffff0065f6674 - 0xfffffff0065f6678
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff0065f6674 into a function
ida_kernelcache.ida_utilities: Undefining item 0xfffffff0068b4118 - 0xfffffff0068b4120
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff0068b4118 into a function
ida_kernelcache.ida_utilities: Trying to restore original function 0xfffffff006953204
ida_kernelcache.vtable: Could not convert virtual method 0xfffffff006953550 into a function
ida_kernelcache.vtable: Address 0xfffffff007084118 already has name __ZTV8OSObject instead of vtable symbol __ZTV25M2ScalerScalingASEControl
ida_kernelcache.vtable: Could not add vtable symbol for class M2ScalerScalingASEControl at address 0xfffffff007084118
ida_kernelcache.vtable: Address 0xfffffff007084118 already has name __ZTV8OSObject instead of vtable symbol __ZTV19AGXFastRenderTarget
ida_kernelcache.vtable: Could not add vtable symbol for class AGXFastRenderTarget at address 0xfffffff007084118
ida_kernelcache.vtable: Class AGXFamilyGart has no known vtable
ida_kernelcache.vtable: Address 0xfffffff007084118 already has name __ZTV8OSObject instead of vtable symbol __ZTV14CCDataPipeBlob
ida_kernelcache.vtable: Could not add vtable symbol for class CCDataPipeBlob at address 0xfffffff007084118
ida_kernelcache.vtable: Address 0xfffffff007084118 already has name __ZTV8OSObject instead of vtable symbol __ZTV23AGXParameterBufferBlock
ida_kernelcache.vtable: Could not add vtable symbol for class AGXParameterBufferBlock at address 0xfffffff007084118
ida_kernelcache.vtable: Class AGXTAChannelGen1 has no known vtable
ida_kernelcache.vtable: Address 0xfffffff007084118 already has name __ZTV8OSObject instead of vtable symbol __ZTV31AGXFamilySharedGartTableBacking
ida_kernelcache.vtable: Could not add vtable symbol for class AGXFamilySharedGartTableBacking at address 0xfffffff007084118
ida_kernelcache.vtable: Class AGXChannel has no known vtable
ida_kernelcache.vtable: Address 0xfffffff007084118 already has name __ZTV8OSObject instead of vtable symbol __ZTV22AGXParameterManagement
ida_kernelcache.vtable: Could not add vtable symbol for class AGXParameterManagement at address 0xfffffff007084118
ida_kernelcache.vtable: Address 0xfffffff007084118 already has name __ZTV8OSObject instead of vtable symbol __ZTV25AGXSharedGartTableBacking
ida_kernelcache.vtable: Could not add vtable symbol for class AGXSharedGartTableBacking at address 0xfffffff007084118
ida_kernelcache.vtable: Class AGXGart has no known vtable
ida_kernelcache.vtable: Class AGXAccelerator has no known vtable
ida_kernelcache.vtable: Address 0xfffffff007084118 already has name __ZTV8OSObject instead of vtable symbol __ZTV20IosaPrescalerControl
ida_kernelcache.vtable: Could not add vtable symbol for class IosaPrescalerControl at address 0xfffffff007084118
ida_kernelcache.vtable: Class AGX3DChannel has no known vtable
ida_kernelcache.vtable: Address 0xfffffff006f2b5d8 already has name __ZTV17AUAUnitDictionary instead of vtable symbol __ZTV23AppleUSBAudioDictionary
ida_kernelcache.vtable: Could not add vtable symbol for class AppleUSBAudioDictionary at address 0xfffffff006f2b5d8
ida_kernelcache.vtable: Address 0xfffffff006f2b5d8 already has name __ZTV17AUAUnitDictionary instead of vtable symbol __ZTV21AUAEndpointDictionary
ida_kernelcache.vtable: Could not add vtable symbol for class AUAEndpointDictionary at address 0xfffffff006f2b5d8
ida_kernelcache.vtable: Class AGXCLChannel has no known vtable
ida_kernelcache.vtable: Class AGXAcceleratorG5 has no known vtable
ida_kernelcache.vtable: Class AGX3DChannelGen1 has no known vtable
ida_kernelcache.vtable: Address 0xfffffff007084118 already has name __ZTV8OSObject instead of vtable symbol __ZTV21AGXRenderTargetMemory
ida_kernelcache.vtable: Could not add vtable symbol for class AGXRenderTargetMemory at address 0xfffffff007084118
ida_kernelcache.vtable: Address 0xfffffff007084118 already has name __ZTV8OSObject instead of vtable symbol __ZTV17AGXPerfCtrSampler
ida_kernelcache.vtable: Could not add vtable symbol for class AGXPerfCtrSampler at address 0xfffffff007084118
ida_kernelcache.vtable: Class AGXTAChannel has no known vtable
ida_kernelcache.vtable: Class AGXCLChannelGen1 has no known vtable
ida_kernelcache.vtable: Class AGXFamilyAccelerator has no known vtable
Creating offset and stub symbols
ida_kernelcache.ida_utilities: Trying to restore original function 0xfffffff0075af2cc
ida_kernelcache.stub: Stub 0xfffffff00612cdac has target 0xfffffff0070d2764 that is not a function
ida_kernelcache.stub: Stub 0xfffffff0061d2bc0 has target 0xfffffff0070d2764 that is not a function
ida_kernelcache.ida_utilities: Undefining item 0xfffffff00615d6b0 - 0xfffffff00615d7e0
ida_kernelcache.ida_utilities: Undefining item 0xfffffff0068b6dc4 - 0xfffffff0068b6dc8
ida_kernelcache.ida_utilities: Undefining item 0xfffffff006a46264 - 0xfffffff006a46268
ida_kernelcache.stub: Stub 0xfffffff006ad17cc has target 0xfffffff006a46264 that is not a function
ida_kernelcache.ida_utilities: Undefining item 0xfffffff0063217f0 - 0xfffffff006321e50
ida_kernelcache.ida_utilities: Undefining item 0xfffffff00631f490 - 0xfffffff006320490
ida_kernelcache.stub: Stub 0xfffffff006ca19ac has target 0xfffffff0065c0844 that is not a function
ida_kernelcache.ida_utilities: Undefining item 0xfffffff0065bceb8 - 0xfffffff0065bd210
ida_kernelcache.stub: Stub 0xfffffff006ca1a84 has target 0xfffffff0065bd0b4 that is not a function
ida_kernelcache.ida_utilities: Undefining item 0xfffffff0065bceb8 - 0xfffffff0065bcec8
Propagating vtable method symbols
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/Users/trung/ida_kernelcache/ida_kernelcache/__init__.py", line 71, in kernelcache_process
    vtable.initialize_vtable_method_symbols()
  File "/Users/trung/ida_kernelcache/ida_kernelcache/vtable.py", line 413, in initialize_vtable_method_symbols
    _symbolicate_overrides_for_classinfo(classinfo, processed)
  File "/Users/trung/ida_kernelcache/ida_kernelcache/vtable.py", line 382, in _symbolicate_overrides_for_classinfo
    for _, override, original in class_vtable_overrides(classinfo, methods=True):
  File "/Users/trung/ida_kernelcache/ida_kernelcache/vtable.py", line 330, in class_vtable_overrides
    super_vlength=super_vlength, new=new, methods=methods):
  File "/Users/trung/ida_kernelcache/ida_kernelcache/vtable.py", line 261, in vtable_overrides
    super_vlength = vtable_length(super_vtable)
  File "/Users/trung/ida_kernelcache/ida_kernelcache/vtable.py", line 67, in vtable_length
    end = idc.SegEnd(ea)
  File "/Applications/IDA Pro 7.0/ida64.app/Contents/MacOS/python/idc_bc695.py", line 500, in SegEnd
    def SegEnd(ea): return get_segm_attr(ea, SEGATTR_END)
  File "/Applications/IDA Pro 7.0/ida64.app/Contents/MacOS/python/idc.py", line 3504, in get_segm_attr
    seg = ida_segment.getseg(segea)
  File "/Applications/IDA Pro 7.0/ida64.app/Contents/MacOS/python/ida_segment.py", line 469, in getseg
    return _ida_segment.getseg(*args)
TypeError: Expected an ea_t type