search

coolstar / electra

Electra iOS 11.0 - 11.1.2 jailbreak toolkit based on async_awake
GNU General Public License v3.0
656 stars 163 forks source link

MSGetImageByName & MSFindSymbol cause Segmentation fault: 11 #178

Closed cjsworld closed 6 years ago

cjsworld commented 6 years ago 
MSImageRef lib = MSGetImageByName("/System/Library/PreferenceBundles/VPNPreferences.bundle/VPNPreferences");

Crash:

{"app_name":"vpn-connect","app_version":"","bug_type":"109","timestamp":"2018-03-01 16:06:24.72 +0800","os_version":"iPhone OS 11.0.3 (15A432)","incident_id":"26BD6D25-186D-454F-AB83-73A89A83FBAD","slice_uuid":"252d2e0d-36b2-3f47-be58-b11cf716020a","build_version":"","is_first_party":true,"share_with_app_devs":false,"name":"vpn-connect"}
Incident Identifier: 26BD6D25-186D-454F-AB83-73A89A83FBAD
CrashReporter Key:   cd2e81d5da2b5b01472bc46092497047aa11ee41
Hardware Model:      iPhone7,2
Process:             vpn-connect [1307]
Path:                /usr/bin/vpn-connect
Identifier:          vpn-connect
Version:             ???
Code Type:           ARM-64 (Native)
Role:                Unspecified
Parent Process:      sh [934]
Coalition:           com.openssh.sshd [443]

Date/Time:           2018-03-01 16:06:24.5188 +0800
Launch Time:         2018-03-01 16:06:24.3530 +0800
OS Version:          iPhone OS 11.0.3 (15A432)
Baseband Version:    6.17.00
Report Version:      104

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0xffeeddcc00039350
VM Region Info: 0xffeeddcc00039350 is not in any region.  Bytes after previous region: 18441921384318997329
      REGION TYPE                      START - END             [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      MALLOC_NANO (reserved) 00000001d8000000-00000001e0000000 [128.0M] rw-/rwx SM=NUL  ...(unallocated)
--->
      UNUSED SPACE AT END

Termination Signal: Segmentation fault: 11
Termination Reason: Namespace SIGNAL, Code 0xb
Terminating Process: exc handler [0]
Triggered by Thread:  0

Filtered syslog:
None found

Thread 0 name:  Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0   dyld                            0x000000010119313c 0x10117c000 + 94524
1   libsubstitute.0.dylib           0x0000000100eb4608 0x100eac000 + 34312
2   vpn-connect                     0x0000000100e84464 0x100e7c000 + 33892
3   libobjc.A.dylib                 0x0000000185a1691c 0x185a0c000 + 43292
4   libobjc.A.dylib                 0x0000000185a17a84 0x185a0c000 + 47748
5   dyld                            0x000000010117e170 0x10117c000 + 8560
6   dyld                            0x000000010118ece8 0x10117c000 + 77032
7   dyld                            0x000000010118dd40 0x10117c000 + 73024
8   dyld                            0x000000010118ddfc 0x10117c000 + 73212
9   dyld                            0x000000010117e5e4 0x10117c000 + 9700
10  dyld                            0x0000000101183320 0x10117c000 + 29472
11  dyld                            0x000000010117d21c 0x10117c000 + 4636

Thread 1:
0   libsystem_pthread.dylib         0x000000018612ac2c 0x18612a000 + 3116

Thread 2:
0   libsystem_pthread.dylib         0x000000018612ac2c 0x18612a000 + 3116

Thread 0 crashed with ARM Thread State (64-bit):
    x0: 0xffeeddcc00039300   x1: 0x0000000000000600   x2: 0x0000000100e876c3   x3: 0x0000000000000015
    x4: 0x000000016ef809d0   x5: 0x000000000000002f   x6: 0x0000000000000000   x7: 0x0000000000000260
    x8: 0x000000010119313c   x9: 0xe0dd76dd2e1000e7  x10: 0x0000050000000603  x11: 0x0000000000000040
   x12: 0xffffffffffffffff  x13: 0x0000000000000001  x14: 0x0000060000000600  x15: 0x0000000000000000
   x16: 0x0000000000000000  x17: 0x00000000ffffffff  x18: 0x0000000000000000  x19: 0xffeeddcc00039300
   x20: 0x0000000185a3623f  x21: 0x0000000100ec0060  x22: 0x00000001b56693ea  x23: 0x0000000100f10e20
   x24: 0x0000000100e88e40  x25: 0x0000000100f10e28  x26: 0x0000000100e84408  x27: 0x00000001b5669000
   x28: 0x00000001b5669000   fp: 0x000000016ef81290   lr: 0x0000000100eb4608
    sp: 0x000000016ef81270   pc: 0x000000010119313c cpsr: 0x60000000

Binary Images:
0x100e7c000 - 0x100e87fff vpn-connect arm64  <252d2e0d36b23f47be58b11cf716020a> /usr/bin/vpn-connect
0x100e94000 - 0x100e9bfff CydiaSubstrate arm64  <766a34171a3c362cae719390c6a8d715> /Library/Frameworks/CydiaSubstrate.framework/CydiaSubstrate
0x100eac000 - 0x100ebffff libsubstitute.0.dylib arm64  <42fd5eb6ec6c302b965fb417148d5bf5> /usr/lib/libsubstitute.0.dylib
0x10117c000 - 0x1011bbfff dyld arm64  <113803ec7f6936e6b06abef57a8755fd> /usr/lib/dyld
0x18598e000 - 0x18598ffff libSystem.B.dylib arm64  <140fcf0af41038bcbcc9143449b0cab5> /usr/lib/libSystem.B.dylib
0x185990000 - 0x1859e9fff libc++.1.dylib arm64  <b5750788b63b3612b8bbfb2da1e3dbca> /usr/lib/libc++.1.dylib
0x1859ea000 - 0x185a0afff libc++abi.dylib arm64  <9dc64e3f9d1a31ffbd425695d02c3fea> /usr/lib/libc++abi.dylib
0x185a0c000 - 0x185e03fff libobjc.A.dylib arm64  <d5f3817d3f4e3326b690688e1484ec38> /usr/lib/libobjc.A.dylib
0x185e04000 - 0x185e08fff libcache.dylib arm64  <646be68098ea3b7ea9fe9a99028b19b2> /usr/lib/system/libcache.dylib
0x185e09000 - 0x185e14fff libcommonCrypto.dylib arm64  <df61da1e49933adf97238737fd34f44b> /usr/lib/system/libcommonCrypto.dylib
0x185e15000 - 0x185e18fff libcompiler_rt.dylib arm64  <d269360ab8553644a82a1fb5ce9d9597> /usr/lib/system/libcompiler_rt.dylib
0x185e19000 - 0x185e20fff libcopyfile.dylib arm64  <9ec7f9a0ad703544abc0297192ab7294> /usr/lib/system/libcopyfile.dylib
0x185e21000 - 0x185e83fff libcorecrypto.dylib arm64  <b3ca6ff1dc4d3ad59fe74daec704bfea> /usr/lib/system/libcorecrypto.dylib
0x185e84000 - 0x185ee8fff libdispatch.dylib arm64  <d16541550d403e77967bd529061c87a4> /usr/lib/system/libdispatch.dylib
0x185ee9000 - 0x185f03fff libdyld.dylib arm64  <07ea3edae26b33ccb1e88ef771ff7ee4> /usr/lib/system/libdyld.dylib
0x185f04000 - 0x185f04fff liblaunch.dylib arm64  <a2e68c7089ba360e9fe1c2f71cef033b> /usr/lib/system/liblaunch.dylib
0x185f05000 - 0x185f0afff libmacho.dylib arm64  <f384756091413dc18d540a60b1d78863> /usr/lib/system/libmacho.dylib
0x185f0b000 - 0x185f0cfff libremovefile.dylib arm64  <dec463ad2922349d9447681f0277a592> /usr/lib/system/libremovefile.dylib
0x185f0d000 - 0x185f24fff libsystem_asl.dylib arm64  <efd2bb6daeb832dda9301f476f2b200f> /usr/lib/system/libsystem_asl.dylib
0x185f25000 - 0x185f25fff libsystem_blocks.dylib arm64  <26a917fcb90131d9b897b72c4552d679> /usr/lib/system/libsystem_blocks.dylib
0x185f26000 - 0x185fa3fff libsystem_c.dylib arm64  <8ea1d364be023157b5d8bed8ebc9a313> /usr/lib/system/libsystem_c.dylib
0x185fa4000 - 0x185fa8fff libsystem_configuration.dylib arm64  <8cf0b157c3f03be3b29a508f00a9d3b5> /usr/lib/system/libsystem_configuration.dylib
0x185fa9000 - 0x185faefff libsystem_containermanager.dylib arm64  <8bc89cd3ae6630b685e301fad855596e> /usr/lib/system/libsystem_containermanager.dylib
0x185faf000 - 0x185fb0fff libsystem_coreservices.dylib arm64  <d98d116a800d3f33928bbfc3dd08c31f> /usr/lib/system/libsystem_coreservices.dylib
0x185fb1000 - 0x185fb2fff libsystem_darwin.dylib arm64  <be175cfebf1b31a3b332885778dc6847> /usr/lib/system/libsystem_darwin.dylib
0x185fb3000 - 0x185fb9fff libsystem_dnssd.dylib arm64  <14d0f03f303836c7a7185668ce7b0522> /usr/lib/system/libsystem_dnssd.dylib
0x185fba000 - 0x185ff7fff libsystem_info.dylib arm64  <9dc8ba8705e033cb8d2c02e3bdb2f0bf> /usr/lib/system/libsystem_info.dylib
0x185ff8000 - 0x18601ffff libsystem_kernel.dylib arm64  <05b1da08eba13342b0a776a29ad02c23> /usr/lib/system/libsystem_kernel.dylib
0x186020000 - 0x18604dfff libsystem_m.dylib arm64  <11aee15148e2399eae7bacf96ba51267> /usr/lib/system/libsystem_m.dylib
0x18604e000 - 0x186068fff libsystem_malloc.dylib arm64  <902bc46c74203a2f9f961488f20887a4> /usr/lib/system/libsystem_malloc.dylib
0x186069000 - 0x186108fff libsystem_network.dylib arm64  <79ef5028a0113ab8a0ae20aa77ad9862> /usr/lib/system/libsystem_network.dylib
0x186109000 - 0x186114fff libsystem_networkextension.dylib arm64  <1950c6f6d72e3148a77c04bcfb744592> /usr/lib/system/libsystem_networkextension.dylib
0x186115000 - 0x18611ffff libsystem_notify.dylib arm64  <266f38a610d23eed98864a40a20ccaa8> /usr/lib/system/libsystem_notify.dylib
0x186120000 - 0x186129fff libsystem_platform.dylib arm64  <d622670234e637039351770fbd25a89e> /usr/lib/system/libsystem_platform.dylib
0x18612a000 - 0x186139fff libsystem_pthread.dylib arm64  <79349704b029373da3a4116da895eadc> /usr/lib/system/libsystem_pthread.dylib
0x18613a000 - 0x18613dfff libsystem_sandbox.dylib arm64  <a850a46bf1de3716988bd1b093333387> /usr/lib/system/libsystem_sandbox.dylib
0x18613e000 - 0x186145fff libsystem_symptoms.dylib arm64  <29ef743636383bb9b19a6592a581e279> /usr/lib/system/libsystem_symptoms.dylib
0x186146000 - 0x186159fff libsystem_trace.dylib arm64  <3185cddeca983d5d9ca01a9998e0c5ae> /usr/lib/system/libsystem_trace.dylib
0x18615a000 - 0x18615ffff libunwind.dylib arm64  <1bbecec4400b3fa19f176d1a2c35799e> /usr/lib/system/libunwind.dylib
0x186160000 - 0x186160fff libvminterpose.dylib arm64  <2be4e5790f673386a2329d2ee621d20e> /usr/lib/system/libvminterpose.dylib
0x186161000 - 0x18618afff libxpc.dylib arm64  <a75cf23f010b383aaa4a5a162f4da1f8> /usr/lib/system/libxpc.dylib
0x18618b000 - 0x1863abfff libicucore.A.dylib arm64  <f3544fde32dc3b9790b320e43af949d1> /usr/lib/libicucore.A.dylib
0x1863ac000 - 0x1863bdfff libz.1.dylib arm64  <3d5ad144ebf234f08f8fa6317ed61e38> /usr/lib/libz.1.dylib
0x1863be000 - 0x186751fff CoreFoundation arm64  <89e52e2bd28f3d3ebb800ed0d39a067f> /System/Library/Frameworks/CoreFoundation.framework/CoreFoundation
0x186752000 - 0x186762fff libbsm.0.dylib arm64  <71af2a23cc5b376f9545b56f43ab78c1> /usr/lib/libbsm.0.dylib
0x186763000 - 0x186763fff libenergytrace.dylib arm64  <0462669dfa083154bc08a2d0ca04d6bc> /usr/lib/libenergytrace.dylib
0x186764000 - 0x1867e9fff IOKit arm64  <d8fc36d6ed573990908cf638598ad2cb> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
0x1867ea000 - 0x1868d3fff libxml2.2.dylib arm64  <375572194230337fa5612241c5cc0e70> /usr/lib/libxml2.2.dylib
0x1868d4000 - 0x1868e1fff libbz2.1.0.dylib arm64  <15b80930d08f330fba800e8b567d8dcf> /usr/lib/libbz2.1.0.dylib
0x1868e2000 - 0x1868fafff liblzma.5.dylib arm64  <739cf02ed7013b1d96266ccfef8c4094> /usr/lib/liblzma.5.dylib
0x1868fb000 - 0x186a59fff libsqlite3.dylib arm64  <2482d47050d53820ba2c94e7069eba3c> /usr/lib/libsqlite3.dylib
0x186a5a000 - 0x186a80fff libMobileGestalt.dylib arm64  <41538d7639dd395cbcb878ac0249be34> /usr/lib/libMobileGestalt.dylib
0x186a81000 - 0x186de1fff CFNetwork arm64  <d800884ac3643fd3985b4f9901874f31> /System/Library/Frameworks/CFNetwork.framework/CFNetwork
0x186de2000 - 0x1870dbfff Foundation arm64  <ef884462ca233774a8bdeb9d443acda9> /System/Library/Frameworks/Foundation.framework/Foundation
0x1870dc000 - 0x1871c7fff Security arm64  <ce16b46d20563137b3607153e60bc18c> /System/Library/Frameworks/Security.framework/Security
0x1871c8000 - 0x187234fff SystemConfiguration arm64  <d31a0885e9eb33e887c18f38e9727486> /System/Library/Frameworks/SystemConfiguration.framework/SystemConfiguration
0x187235000 - 0x18726bfff libCRFSuite.dylib arm64  <e5d8881b2eb23a7d8856548df3ad9d42> /usr/lib/libCRFSuite.dylib
0x18726c000 - 0x18726cfff libapple_crypto.dylib arm64  <af92c27fa2b837c189273166be134df6> /usr/lib/libapple_crypto.dylib
0x18726d000 - 0x187283fff libapple_nghttp2.dylib arm64  <4586415f57893ea89f4dee5aa101fa0c> /usr/lib/libapple_nghttp2.dylib
0x187284000 - 0x1872adfff libarchive.2.dylib arm64  <fba52cfa1567328f8dc7e63c6ef28cd4> /usr/lib/libarchive.2.dylib
0x1872ae000 - 0x187357fff libboringssl.dylib arm64  <f755942217a93c34a13a38bf71bc276c> /usr/lib/libboringssl.dylib
0x187358000 - 0x18736ffff libcoretls.dylib arm64  <09e0323cf36e3563abb6fa6b5dbef304> /usr/lib/libcoretls.dylib
0x187370000 - 0x187371fff libcoretls_cfhelpers.dylib arm64  <e1d479c70217395e999d44f1dd68d70f> /usr/lib/libcoretls_cfhelpers.dylib
0x187372000 - 0x187373fff liblangid.dylib arm64  <bf7d0a0f22b83733b6a495859601ba29> /usr/lib/liblangid.dylib
0x187374000 - 0x187445fff libnetwork.dylib arm64  <b5303855f78d348d829f81a1725e052b> /usr/lib/libnetwork.dylib
0x187446000 - 0x187478fff libpcap.A.dylib arm64  <34293864f7e331e284237f1278adcf24> /usr/lib/libpcap.A.dylib
0x187479000 - 0x1874aefff libusrtcp.dylib arm64  <b86ddfb022ed3bea998aeb1d0d339075> /usr/lib/libusrtcp.dylib
0x1874af000 - 0x1874b8fff IOSurface arm64  <2b4efa85ccc8321f88c86f111a5354cb> /System/Library/Frameworks/IOSurface.framework/IOSurface
0x1874b9000 - 0x18755efff libBLAS.dylib arm64  <8eef4271b09c30559e7964cd2a5ea258> /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libBLAS.dylib
0x18755f000 - 0x18788efff libLAPACK.dylib arm64  <f6bb57872aac3aa5897d506b120be14d> /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libLAPACK.dylib
0x18788f000 - 0x187afbfff vImage arm64  <1d02d86de0fa39388148068e1517099c> /System/Library/Frameworks/Accelerate.framework/Frameworks/vImage.framework/vImage
0x187afc000 - 0x187b0dfff libSparseBLAS.dylib arm64  <bc10c7c259e93f2c9e5508b812a969dc> /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libSparseBLAS.dylib
0x187b0e000 - 0x187b32fff libvMisc.dylib arm64  <9744827de4e930b3a9effb653df2d860> /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libvMisc.dylib
0x187b33000 - 0x187b5efff libBNNS.dylib arm64  <af5bb641dca3387e91b6936cc28e3aeb> /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libBNNS.dylib
0x187b5f000 - 0x187b74fff libLinearAlgebra.dylib arm64  <a8348fb8d2c73226b491716566b0210f> /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libLinearAlgebra.dylib
0x187b75000 - 0x187b79fff libQuadrature.dylib arm64  <7469159bd64738dab467d905432295fe> /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libQuadrature.dylib
0x187b7a000 - 0x187bd0fff libSparse.dylib arm64  <bee3a005dcc63eef94da6f43c2a19dd6> /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libSparse.dylib
0x187bd1000 - 0x187c49fff libvDSP.dylib arm64  <f2325f789f4b34cca0862961c3d81aa1> /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libvDSP.dylib
0x187c4a000 - 0x187c4afff vecLib arm64  <1cfa494bc66730d79c6440df00e68a49> /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/vecLib
0x187c4b000 - 0x187c4bfff Accelerate arm64  <4e55f70c680a3eab9d72f569fea9f1f2> /System/Library/Frameworks/Accelerate.framework/Accelerate
0x187c4c000 - 0x187c61fff libcompression.dylib arm64  <bbc80f2c3b5e36268713288c7dde44ca> /usr/lib/libcompression.dylib
0x187c62000 - 0x1881a5fff CoreGraphics arm64  <9c5a4cc9cd6c30b8bd95ebe86faaedd6> /System/Library/Frameworks/CoreGraphics.framework/CoreGraphics
0x1881a6000 - 0x1881aefff IOAccelerator arm64  <e84acc9de34e3e3588d5736aceb0f1b0> /System/Library/PrivateFrameworks/IOAccelerator.framework/IOAccelerator
0x1881af000 - 0x1881b2fff libCoreFSCache.dylib arm64  <dc099a1be9be389fb910578f849d3b3f> /System/Library/Frameworks/OpenGLES.framework/libCoreFSCache.dylib
0x1881b3000 - 0x18824cfff Metal arm64  <32f4a1c23d643777ba2fc542dd9d0f74> /System/Library/Frameworks/Metal.framework/Metal
0x18824d000 - 0x188260fff GraphicsServices arm64  <90fde06d13af38fd9e261fce7d8f90a1> /System/Library/PrivateFrameworks/GraphicsServices.framework/GraphicsServices
0x188261000 - 0x1883b7fff MobileCoreServices arm64  <4ed82a0bc37238b48b208bc9496e9711> /System/Library/Frameworks/MobileCoreServices.framework/MobileCoreServices
0x1883b8000 - 0x1883bafff IOSurfaceAccelerator arm64  <dbd7aeebb43b39c2b06d1a20766d6e6d> /System/Library/PrivateFrameworks/IOSurfaceAccelerator.framework/IOSurfaceAccelerator
0x1883bb000 - 0x1883fcfff AppleJPEG arm64  <7b40250ad3d9310c9dfb3f1c3e4ec3cc> /System/Library/PrivateFrameworks/AppleJPEG.framework/AppleJPEG
0x1883fd000 - 0x1889a8fff ImageIO arm64  <16609f0edb3732f08011d2b05e690f50> /System/Library/Frameworks/ImageIO.framework/ImageIO
0x1889a9000 - 0x188a0dfff BaseBoard arm64  <b72f4e6b8fbd3b328263f1b2421e2604> /System/Library/PrivateFrameworks/BaseBoard.framework/BaseBoard
0x188a0e000 - 0x188a24fff AssertionServices arm64  <a0f1665376003b6db7739d5afe06d356> /System/Library/PrivateFrameworks/AssertionServices.framework/AssertionServices
0x188a25000 - 0x188a2dfff CorePhoneNumbers arm64  <ad77bfdb46823e67a5991e1271f53d76> /System/Library/PrivateFrameworks/CorePhoneNumbers.framework/CorePhoneNumbers
0x188a2e000 - 0x188a72fff AppSupport arm64  <f999256e2a853694b8e47c85a1f07204> /System/Library/PrivateFrameworks/AppSupport.framework/AppSupport
0x188a73000 - 0x188a8bfff CrashReporterSupport arm64  <e66a0237b1353ae79f02410282b6011f> /System/Library/PrivateFrameworks/CrashReporterSupport.framework/CrashReporterSupport
0x188a8c000 - 0x188a91fff AggregateDictionary arm64  <5654167da62a3276a6cdd2f744ff91bc> /System/Library/PrivateFrameworks/AggregateDictionary.framework/AggregateDictionary
0x188a92000 - 0x188b13fff libTelephonyUtilDynamic.dylib arm64  <9608c7a970b33206ada3e665daa6f1c2> /usr/lib/libTelephonyUtilDynamic.dylib
0x188b14000 - 0x188b33fff ProtocolBuffer arm64  <f44c2b8b385a3c98b4c2540234137c92> /System/Library/PrivateFrameworks/ProtocolBuffer.framework/ProtocolBuffer
0x188b34000 - 0x188b5ffff MobileKeyBag arm64  <fa3937700bab3d7ba1eabbfd089b2e6d> /System/Library/PrivateFrameworks/MobileKeyBag.framework/MobileKeyBag
0x188b60000 - 0x188b94fff BackBoardServices arm64  <4a9f74cc50153c7a93c3c0ef137daf08> /System/Library/PrivateFrameworks/BackBoardServices.framework/BackBoardServices
0x188b95000 - 0x188bf0fff FrontBoardServices arm64  <b5ca1c4ec4d73a5bbca449f01c48a5d4> /System/Library/PrivateFrameworks/FrontBoardServices.framework/FrontBoardServices
0x188bf1000 - 0x188c2dfff SpringBoardServices arm64  <ca05f8086f293fdeaabb9aaf5e6c991b> /System/Library/PrivateFrameworks/SpringBoardServices.framework/SpringBoardServices
0x188c2e000 - 0x188c3cfff PowerLog arm64  <e3b5890a70dc3f6baa301612b2e9ddf2> /System/Library/PrivateFrameworks/PowerLog.framework/PowerLog
0x188c3d000 - 0x188c58fff CommonUtilities arm64  <51cca92ec2ee309e9731b5725efab52f> /System/Library/PrivateFrameworks/CommonUtilities.framework/CommonUtilities
0x188c59000 - 0x188c63fff liblockdown.dylib arm64  <24b82bc31836376f865086df944c8760> /usr/lib/liblockdown.dylib
0x188c64000 - 0x188f63fff CoreData arm64  <ecccb7ed0d313484956ec7a05758f1fb> /System/Library/Frameworks/CoreData.framework/CoreData
0x188f64000 - 0x188f6afff TCC arm64  <55df2388deb036d0b40092217b2b1903> /System/Library/PrivateFrameworks/TCC.framework/TCC
0x188f6b000 - 0x188f72fff libcupolicy.dylib arm64  <863be7356df23fea8e73db58d498d891> /usr/lib/libcupolicy.dylib
0x188f73000 - 0x188ffffff CoreTelephony arm64  <caec18b860023ece8f1ddbfd2e9596de> /System/Library/Frameworks/CoreTelephony.framework/CoreTelephony
0x189000000 - 0x189056fff Accounts arm64  <ec6dd32b8fc73c1d83d0a67b14c75c2a> /System/Library/Frameworks/Accounts.framework/Accounts
0x189057000 - 0x189080fff AppleSauce arm64  <edda7e874bba3245af5bf3ff3e38f370> /System/Library/PrivateFrameworks/AppleSauce.framework/AppleSauce
0x189081000 - 0x189089fff DataMigration arm64  <fc7c973cc4343303aad8ffcbcd11b5a4> /System/Library/PrivateFrameworks/DataMigration.framework/DataMigration
0x18908a000 - 0x189090fff Netrb arm64  <eaa621e12412308eaedb3ac12d1fae39> /System/Library/PrivateFrameworks/Netrb.framework/Netrb
0x189091000 - 0x1890c3fff PersistentConnection arm64  <48c45bb47b55361aac1912d8343d6c1a> /System/Library/PrivateFrameworks/PersistentConnection.framework/PersistentConnection
0x1890c4000 - 0x1890d5fff libmis.dylib arm64  <ac4e9e66d0543e709a5b426f597b8027> /usr/lib/libmis.dylib
0x1890d6000 - 0x1891d6fff ManagedConfiguration arm64  <8ee4ecbd34db373ca26e22014ffdc022> /System/Library/PrivateFrameworks/ManagedConfiguration.framework/ManagedConfiguration
0x1891d7000 - 0x1891dcfff libReverseProxyDevice.dylib arm64  <0e91d587438f3526a7883b5275c4abd2> /usr/lib/libReverseProxyDevice.dylib
0x1891dd000 - 0x1891eefff libamsupport.dylib arm64  <1b4623fcf15d3540974499384d8d4e17> /usr/lib/libamsupport.dylib
0x1891ef000 - 0x1891f4fff libCoreVMClient.dylib arm64  <d506df683039393aad2d51e3f49bc2a8> /System/Library/Frameworks/OpenGLES.framework/libCoreVMClient.dylib
0x1891f5000 - 0x1891f6fff libCVMSPluginSupport.dylib arm64  <69b38b8fb77735af846299e0365237f6> /System/Library/Frameworks/OpenGLES.framework/libCVMSPluginSupport.dylib
0x1891f7000 - 0x1891fafff libutil.dylib arm64  <be1fe75d868931caaec05dfb006efa84> /usr/lib/libutil.dylib
0x1891fb000 - 0x18923cfff libGLImage.dylib arm64  <66431dd4255e349ca10e9b35aa8b5e30> /System/Library/Frameworks/OpenGLES.framework/libGLImage.dylib
0x18923d000 - 0x1892aafff APFS arm64  <6067027de8693f50a3f9f1a29294a033> /System/Library/PrivateFrameworks/APFS.framework/APFS
0x1892ab000 - 0x1892dcfff MediaKit arm64  <947c18b9c2fe30549d3a78db490b7672> /System/Library/PrivateFrameworks/MediaKit.framework/MediaKit
0x1892dd000 - 0x1892f5fff libSERestoreInfo.dylib arm64  <65cb04fd57be3e1ab0c8b362b4497624> /usr/lib/updaters/libSERestoreInfo.dylib
0x1892fa000 - 0x189336fff DiskImages arm64  <a6af434ec9d03c2899bb361ce721cbb6> /System/Library/PrivateFrameworks/DiskImages.framework/DiskImages
0x189337000 - 0x189341fff libGFXShared.dylib arm64  <ed9b59b30a263fbcbf091e1df183bab2> /System/Library/Frameworks/OpenGLES.framework/libGFXShared.dylib
0x189342000 - 0x189387fff libauthinstall.dylib arm64  <55cfe0920b1c39869db6581e283f777f> /usr/lib/libauthinstall.dylib
0x189388000 - 0x189390fff IOMobileFramebuffer arm64  <d4bdc326b6e83462ba52571368c29902> /System/Library/PrivateFrameworks/IOMobileFramebuffer.framework/IOMobileFramebuffer
0x189391000 - 0x18939cfff OpenGLES arm64  <f4376050b6b03dacafd5d058682f317f> /System/Library/Frameworks/OpenGLES.framework/OpenGLES
0x18939d000 - 0x189424fff ColorSync arm64  <f8ef482b22ae34019d29478a0132370d> /System/Library/PrivateFrameworks/ColorSync.framework/ColorSync
0x189425000 - 0x18944ffff CoreVideo arm64  <198c8bb37d7a35d2a02be30b4c908b99> /System/Library/Frameworks/CoreVideo.framework/CoreVideo
0x189450000 - 0x189451fff libCTGreenTeaLogger.dylib arm64  <334783661d7435afade90fe1f1957ab9> /usr/lib/libCTGreenTeaLogger.dylib
0x189452000 - 0x1895b3fff CoreAudio arm64  <7a3a3aa8d81b33c2b876941234d2c32e> /System/Library/Frameworks/CoreAudio.framework/CoreAudio
0x1895b4000 - 0x1895e2fff CoreAnalytics arm64  <b4ed424185ba373aba9cc17cb2234223> /System/Library/PrivateFrameworks/CoreAnalytics.framework/CoreAnalytics
0x1895e3000 - 0x1895e6fff UserFS arm64  <65d42759011c3e24a954ffaeb6f4a318> /System/Library/PrivateFrameworks/UserFS.framework/UserFS
0x1895e7000 - 0x18974efff CoreMedia arm64  <5ba648f76a753f938386f7fc9c53681d> /System/Library/Frameworks/CoreMedia.framework/CoreMedia
0x18974f000 - 0x189761fff libprotobuf-lite.dylib arm64  <4c05073cf4463525a12a957ad16b127a> /usr/lib/libprotobuf-lite.dylib
0x189762000 - 0x1897c6fff libprotobuf.dylib arm64  <85e0e9f2debe391fa696cff6a44d1327> /usr/lib/libprotobuf.dylib
0x1897c7000 - 0x189a8bfff libAWDSupportFramework.dylib arm64  <920c7ec7dc5139198b3231cbe48fdd69> /usr/lib/libAWDSupportFramework.dylib
0x189a8c000 - 0x189ad2fff WirelessDiagnostics arm64  <777e8acd47c538179847511d2722e619> /System/Library/PrivateFrameworks/WirelessDiagnostics.framework/WirelessDiagnostics
0x189ad3000 - 0x189b8afff VideoToolbox arm64  <ec06656e1a8d34fd8ae931d7fa91eb87> /System/Library/Frameworks/VideoToolbox.framework/VideoToolbox
0x189b8b000 - 0x189c96fff libFontParser.dylib arm64  <08a9ece78e5b31dba1a68038b19d6a08> /System/Library/PrivateFrameworks/FontServices.framework/libFontParser.dylib
0x189c97000 - 0x189c98fff FontServices arm64  <c6d89c890909333887f2aad4c867bf94> /System/Library/PrivateFrameworks/FontServices.framework/FontServices
0x189c99000 - 0x189de7fff CoreText arm64  <75b98c16a7fb3cb8b81d792f38e2be33> /System/Library/Frameworks/CoreText.framework/CoreText
0x189de8000 - 0x189df7fff IntlPreferences arm64  <e0d895b60f4d33f8b77705bb6579ac0a> /System/Library/PrivateFrameworks/IntlPreferences.framework/IntlPreferences
0x189df8000 - 0x189e00fff RTCReporting arm64  <abe434570bcb31c4a5ba14349a61596e> /System/Library/PrivateFrameworks/RTCReporting.framework/RTCReporting
0x189e01000 - 0x189e6bfff CoreBrightness arm64  <2f0179ebb2b830aba0f9d43bf7af8d47> /System/Library/PrivateFrameworks/CoreBrightness.framework/CoreBrightness
0x189e6c000 - 0x189e76fff libAudioStatistics.dylib arm64  <91e26fa6f7123705a908f845ac1557f8> /usr/lib/libAudioStatistics.dylib
0x189e77000 - 0x18a3befff AudioToolbox arm64  <cccbf1fa6482372587a0c1c552fb768c> /System/Library/Frameworks/AudioToolbox.framework/AudioToolbox
0x18a3bf000 - 0x18a5e8fff QuartzCore arm64  <c92010e1ca3c3cd08eaf82a979c85e5e> /System/Library/Frameworks/QuartzCore.framework/QuartzCore
0x18a5e9000 - 0x18a5f4fff MediaAccessibility arm64  <e1ebd811d69231a3bf0066d4d2929d38> /System/Library/Frameworks/MediaAccessibility.framework/MediaAccessibility
0x18a5f5000 - 0x18a6e7fff libiconv.2.dylib arm64  <e4ef84daa5c63bf5b2f4fcc3bff89257> /usr/lib/libiconv.2.dylib
0x18a6e8000 - 0x18a704fff NetworkStatistics arm64  <48161480032a376693b1058ad3ab7378> /System/Library/PrivateFrameworks/NetworkStatistics.framework/NetworkStatistics
0x18a705000 - 0x18a71afff MPSCore arm64  <1a6f1f3a14c038d9847eb0618c262d16> /System/Library/Frameworks/MetalPerformanceShaders.framework/Frameworks/MPSCore.framework/MPSCore
0x18a71b000 - 0x18a77ffff MPSImage arm64  <8f1697a4f37d3b1e989fc12ce6fde9b8> /System/Library/Frameworks/MetalPerformanceShaders.framework/Frameworks/MPSImage.framework/MPSImage
0x18a780000 - 0x18a79cfff MPSMatrix arm64  <9ecce3f2cbd13588a6dc86f5c15db8d7> /System/Library/Frameworks/MetalPerformanceShaders.framework/Frameworks/MPSMatrix.framework/MPSMatrix
0x18a79d000 - 0x18a7abfff CoreAUC arm64  <308b4eab1c4e331fb34a9fcb2e8ebf87> /System/Library/PrivateFrameworks/CoreAUC.framework/CoreAUC
0x18a7ac000 - 0x18ae15fff MediaToolbox arm64  <8ee61bc4ebb432259a98e84b9f1a39de> /System/Library/Frameworks/MediaToolbox.framework/MediaToolbox
0x18ae16000 - 0x18aed3fff MPSNeuralNetwork arm64  <a098d20479c83d30b7fed1a28326c942> /System/Library/Frameworks/MetalPerformanceShaders.framework/Frameworks/MPSNeuralNetwork.framework/MPSNeuralNetwork
0x18aed4000 - 0x18aed4fff MetalPerformanceShaders arm64  <7dc6fefb28083092a189b14b0392f3ef> /System/Library/Frameworks/MetalPerformanceShaders.framework/MetalPerformanceShaders
0x18aed5000 - 0x18b308fff FaceCore arm64  <a26967046793306cad1f39b875a288c3> /System/Library/PrivateFrameworks/FaceCore.framework/FaceCore
0x18b309000 - 0x18b316fff GraphVisualizer arm64  <5459bc9172ac3c07adb7c6bfb259ee20> /System/Library/PrivateFrameworks/GraphVisualizer.framework/GraphVisualizer
0x18b317000 - 0x18b4bcfff libFosl_dynamic.dylib arm64  <25d51f5194f2358ca71814173143eafe> /usr/lib/libFosl_dynamic.dylib
0x18b4bd000 - 0x18b72dfff CoreImage arm64  <43f016d358be3226b7faa078d5da9ae3> /System/Library/Frameworks/CoreImage.framework/CoreImage
0x18b72e000 - 0x18b917fff CoreMotion arm64  <59997815a7333f018512df3e05612faf> /System/Library/Frameworks/CoreMotion.framework/CoreMotion
0x18b918000 - 0x18b946fff CoreBluetooth arm64  <978e95f94e5938e6a61c38adb9d2a029> /System/Library/Frameworks/CoreBluetooth.framework/CoreBluetooth
0x18b947000 - 0x18b969fff PlugInKit arm64  <6d284e3ad42d38f4987abc0ffb95e471> /System/Library/PrivateFrameworks/PlugInKit.framework/PlugInKit
0x18b96a000 - 0x18bb87fff Celestial arm64  <24513d62c7f934c3a7bba90ababb1590> /System/Library/PrivateFrameworks/Celestial.framework/Celestial
0x18bb88000 - 0x18bc0afff Quagga arm64  <02b31403bd483776998262e860c8d86a> /System/Library/PrivateFrameworks/Quagga.framework/Quagga
0x18bc0b000 - 0x18bcfcfff AVFAudio arm64  <4b3f80ece4ff3aebb7cb594c390667a4> /System/Library/Frameworks/AVFoundation.framework/Frameworks/AVFAudio.framework/AVFAudio
0x18bcfd000 - 0x18bee3fff AVFoundation arm64  <6094de3d584930e38329c0058ffa0207> /System/Library/Frameworks/AVFoundation.framework/AVFoundation
0x18bee4000 - 0x18bf07fff CacheDelete arm64  <a2dca6e349f238e4b420bfba07c378d3> /System/Library/PrivateFrameworks/CacheDelete.framework/CacheDelete
0x18bf08000 - 0x18bf2cfff StreamingZip arm64  <1e61c3a6377134acaa6b3d36d5987e09> /System/Library/PrivateFrameworks/StreamingZip.framework/StreamingZip
0x18bf2d000 - 0x18bf3efff CoreEmoji arm64  <731ddd59cbd33dd797c9075d91b19b81> /System/Library/PrivateFrameworks/CoreEmoji.framework/CoreEmoji
0x18bf3f000 - 0x18bf8dfff CoreLocationProtobuf arm64  <d3e219cc3a5139ad89c784882bcb69c4> /System/Library/PrivateFrameworks/CoreLocationProtobuf.framework/CoreLocationProtobuf
0x18bf8e000 - 0x18bf95fff SymptomDiagnosticReporter arm64  <ac750ae2408634d38a7455f779be8763> /System/Library/PrivateFrameworks/SymptomDiagnosticReporter.framework/SymptomDiagnosticReporter
0x18bf96000 - 0x18c88ffff GeoServices arm64  <669ddbc5046638b7b0db56be719610d2> /System/Library/PrivateFrameworks/GeoServices.framework/GeoServices
0x18c890000 - 0x18c8a6fff MobileAsset arm64  <0e6227d5634c3010a9c989b3cc880e37> /System/Library/PrivateFrameworks/MobileAsset.framework/MobileAsset
0x18c8a7000 - 0x18c8e8fff Lexicon arm64  <d84ea992318b34ac922ac2fdeb533b77> /System/Library/PrivateFrameworks/Lexicon.framework/Lexicon
0x18c8e9000 - 0x18c8f9fff libcmph.dylib arm64  <5e29bb4d8b953091aa4959a30ef58ed4> /usr/lib/libcmph.dylib
0x18c8fa000 - 0x18ca16fff LanguageModeling arm64  <b1062983a8b23dd680954d87c2db9385> /System/Library/PrivateFrameworks/LanguageModeling.framework/LanguageModeling
0x18ca17000 - 0x18ca2efff libmarisa.dylib arm64  <304e0f8f03d934d1b9d7fcaa98098e09> /usr/lib/libmarisa.dylib
0x18ca2f000 - 0x18cac9fff CoreLocation arm64  <2f95d4496d4b3d7a80d69128ec629da9> /System/Library/Frameworks/CoreLocation.framework/CoreLocation
0x18cacb000 - 0x18cad6fff libChineseTokenizer.dylib arm64  <c666d9ab87233fa48219ec0d8d61115c> /usr/lib/libChineseTokenizer.dylib
0x18cad7000 - 0x18cb84fff libmecab_em.dylib arm64  <3b1ea89e0eb634c6b2ec3038c180e466> /usr/lib/libmecab_em.dylib
0x18cb85000 - 0x18cb86fff libThaiTokenizer.dylib arm64  <4dfa551c3d1d3900823d497a8226bd7d> /usr/lib/libThaiTokenizer.dylib
0x18cb87000 - 0x18cb8bfff libgermantok.dylib arm64  <e12d31af36ae3ef4bb982fe7a9c5f1d9> /usr/lib/libgermantok.dylib
0x18cb8c000 - 0x18cbe3fff CoreNLP arm64  <f77b2b832c343587823734628c488bf5> /System/Library/PrivateFrameworks/CoreNLP.framework/CoreNLP
0x18cbe4000 - 0x18cda0fff MobileSpotlightIndex arm64  <5056edfda7af304aa6eb2e7b79e8cf4b> /System/Library/PrivateFrameworks/MobileSpotlightIndex.framework/MobileSpotlightIndex
0x18cda1000 - 0x18cdfefff CoreSpotlight arm64  <7c5d3930260b3cfc83790d16d558f44d> /System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlight
0x18cdff000 - 0x18d7d0fff JavaScriptCore arm64  <fe18b54e53b630f9852dd2004f67d5b1> /System/Library/Frameworks/JavaScriptCore.framework/JavaScriptCore
0x18d7d1000 - 0x18d7d6fff libheimdal-asn1.dylib arm64  <e10f4aa3fcd03564b1f89d7d538d4d09> /usr/lib/libheimdal-asn1.dylib
0x18d7d7000 - 0x18d851fff libate.dylib arm64  <6902c7bab16635ceb8970c235a431a07> /usr/lib/libate.dylib
0x18d85e000 - 0x18d900fff TextureIO arm64  <0ca30eb362163b6fa870fc526558d7ac> /System/Library/PrivateFrameworks/TextureIO.framework/TextureIO
0x18d901000 - 0x18d9cbfff CoreUI arm64  <d8e5e2962f5b3df1ba88e3dab281981b> /System/Library/PrivateFrameworks/CoreUI.framework/CoreUI
0x18d9cc000 - 0x18d9d5fff MobileIcons arm64  <e9969eb339b5389984b679203358cdc8> /System/Library/PrivateFrameworks/MobileIcons.framework/MobileIcons
0x18d9d6000 - 0x18d9e4fff AppleFSCompression arm64  <291c86fc32c832c88c800e67160c1344> /System/Library/PrivateFrameworks/AppleFSCompression.framework/AppleFSCompression
0x18d9e5000 - 0x18da3dfff TextInput arm64  <1ba1753b71053c789c397ec5bba53bb5> /System/Library/PrivateFrameworks/TextInput.framework/TextInput
0x18da3e000 - 0x18da66fff libxslt.1.dylib arm64  <e577e9bd498930f39e6723f3db2d6845> /usr/lib/libxslt.1.dylib
0x18da67000 - 0x18da9cfff DataDetectorsCore arm64  <30ecb03b3c113f8babdb4c64b0e5b8e9> /System/Library/PrivateFrameworks/DataDetectorsCore.framework/DataDetectorsCore
0x18da9d000 - 0x18db2dfff FileProvider arm64  <30007f5c30e3322bb35cd6cd6bdccee6> /System/Library/Frameworks/FileProvider.framework/FileProvider
0x18db2e000 - 0x18dc2dfff NLP arm64  <463d7fa1e5a933be9d00b35ef42cdc88> /System/Library/PrivateFrameworks/NLP.framework/NLP
0x18dc2e000 - 0x18dd06fff ProofReader arm64  <84c1a0d1bb97359fb5ea003413f8f7af> /System/Library/PrivateFrameworks/ProofReader.framework/ProofReader
0x18dd07000 - 0x18dd1afff libAccessibility.dylib arm64  <14ab325d05d23cd2815d2616d523a624> /usr/lib/libAccessibility.dylib
0x18dd1b000 - 0x18e173fff libwebrtc.dylib arm64  <473a5895db0d325996a8dd9fbf7b0cf6> /System/Library/PrivateFrameworks/WebCore.framework/Frameworks/libwebrtc.dylib
0x18e1d4000 - 0x18f574fff WebCore arm64  <bdf4bcce39043de7b49baafec5d063cf> /System/Library/PrivateFrameworks/WebCore.framework/WebCore
0x18f575000 - 0x18f6e7fff WebKitLegacy arm64  <a8f494df4b983520ae5dcf99c53ab6fb> /System/Library/PrivateFrameworks/WebKitLegacy.framework/WebKitLegacy
0x18f7a9000 - 0x18f7fcfff ProtectedCloudStorage arm64  <58dcc57798973bb5b7c3dfe5272b0500> /System/Library/PrivateFrameworks/ProtectedCloudStorage.framework/ProtectedCloudStorage
0x18f7fd000 - 0x18f829fff UserNotifications arm64  <b09aa02f96223e6d8ea7cbc9acc26145> /System/Library/Frameworks/UserNotifications.framework/UserNotifications
0x18f884000 - 0x18f8adfff DictionaryServices arm64  <1da8481356a13780a8e9f3afd3fb1bb6> /System/Library/PrivateFrameworks/DictionaryServices.framework/DictionaryServices
0x18f8ae000 - 0x18f8fffff DocumentManager arm64  <5b9452ae2dbc36d6a9a06ee70cd5630f> /System/Library/Frameworks/UIKit.framework/Frameworks/DocumentManager.framework/DocumentManager
0x18f900000 - 0x190957fff UIKit arm64  <0acb1223824331549d217a9941528bdf> /System/Library/Frameworks/UIKit.framework/UIKit
0x190958000 - 0x190967fff DocumentManagerCore arm64  <608886bd230b3c8a82974f3f6425bd25> /System/Library/PrivateFrameworks/DocumentManagerCore.framework/DocumentManagerCore
0x190968000 - 0x19096bfff HangTracer arm64  <6282fb12e2bd3ad7b8f935db699e6120> /System/Library/PrivateFrameworks/HangTracer.framework/HangTracer
0x19096c000 - 0x1909befff PhysicsKit arm64  <da83a5db0ba43e26a09cf1cefc80f19a> /System/Library/PrivateFrameworks/PhysicsKit.framework/PhysicsKit
0x1909bf000 - 0x1909c1fff StudyLog arm64  <a6f674df17a434a79f3481279611a480> /System/Library/PrivateFrameworks/StudyLog.framework/StudyLog
0x1909c2000 - 0x190aa2fff UIFoundation arm64  <78058fbbe6a23f048a97978c98f951f6> /System/Library/PrivateFrameworks/UIFoundation.framework/UIFoundation
0x190aa3000 - 0x190baefff CloudKit arm64  <2ae56a2bc3553b92a08f7feddc63fc41> /System/Library/Frameworks/CloudKit.framework/CloudKit
0x190baf000 - 0x190baffff IntentsFoundation arm64  <a39a657e8fc33f5b8b7c24d04ca5f571> /System/Library/PrivateFrameworks/IntentsFoundation.framework/IntentsFoundation
0x190bb0000 - 0x190c79fff Network arm64  <a04dd69739603055bda1dc9573de45c3> /System/Library/PrivateFrameworks/Network.framework/Network
0x190c7a000 - 0x190e82fff Intents arm64  <ff3330242b453d52b23d398d95f7edc7> /System/Library/Frameworks/Intents.framework/Intents
0x190e9f000 - 0x190ea1fff CoreDuetDebugLogging arm64  <8ca4aba506a13bf791db41504fbbb21c> /System/Library/PrivateFrameworks/CoreDuetDebugLogging.framework/CoreDuetDebugLogging
0x190ea2000 - 0x190ed6fff libtidy.A.dylib arm64  <16361bb57a073fad94e962775205daec> /usr/lib/libtidy.A.dylib
0x190ed7000 - 0x190ffefff CoreDuet arm64  <f0e6c71e9c453e52a4f3f47c2b947e7c> /System/Library/PrivateFrameworks/CoreDuet.framework/CoreDuet
0x190fff000 - 0x19101dfff CoreDuetContext arm64  <7960a7fc596d3c8dae0fe499dc696688> /System/Library/PrivateFrameworks/CoreDuetContext.framework/CoreDuetContext
0x19101e000 - 0x191032fff CoreDuetDaemonProtocol arm64  <4bf29805b2663cedb03f3a133e5cfddf> /System/Library/PrivateFrameworks/CoreDuetDaemonProtocol.framework/CoreDuetDaemonProtocol
0x191033000 - 0x19109dfff IMFoundation arm64  <f3d09ef374423470ae01e5fb48f09fd3> /System/Library/PrivateFrameworks/IMFoundation.framework/IMFoundation
0x1911d5000 - 0x1911d6fff DiagnosticLogCollection arm64  <2a23554cede030d8a1b61ecba9765697> /System/Library/PrivateFrameworks/DiagnosticLogCollection.framework/DiagnosticLogCollection
0x1911d7000 - 0x1911d8fff Marco arm64  <23760dbb1bde36f7a064314f0842ac90> /System/Library/PrivateFrameworks/Marco.framework/Marco
0x1911d9000 - 0x1911dffff MessageProtection arm64  <9213fc28d35a3e2faed441a5328c5bb2> /System/Library/PrivateFrameworks/MessageProtection.framework/MessageProtection
0x1914d8000 - 0x1914f0fff Engram arm64  <f1b98f6cdba630b6a3cc406b403c08d8> /System/Library/PrivateFrameworks/Engram.framework/Engram
0x1914f1000 - 0x191757fff IDSFoundation arm64  <a14d8a5902ac3002aa57a7802b83b06d> /System/Library/PrivateFrameworks/IDSFoundation.framework/IDSFoundation
0x191758000 - 0x191763fff CaptiveNetwork arm64  <9178e01f056630bdb3daba45b956cdc1> /System/Library/PrivateFrameworks/CaptiveNetwork.framework/CaptiveNetwork
0x191764000 - 0x191792fff EAP8021X arm64  <83f421edac2a30b9938ef506684c8290> /System/Library/PrivateFrameworks/EAP8021X.framework/EAP8021X
0x19186d000 - 0x191884fff ApplePushService arm64  <926a436742913293bbf625a5d493542f> /System/Library/PrivateFrameworks/ApplePushService.framework/ApplePushService
0x191bc0000 - 0x191be2fff MediaServices arm64  <31cbb99a2ce037f386e7d65d9884f5d9> /System/Library/PrivateFrameworks/MediaServices.framework/MediaServices
0x191be3000 - 0x191d0dfff MediaRemote arm64  <e260b5c063b0312c8113a2998f610756> /System/Library/PrivateFrameworks/MediaRemote.framework/MediaRemote
0x191d25000 - 0x191d34fff MobileBluetooth arm64  <8b7a934d21973d8784b68fce9d78901c> /System/Library/PrivateFrameworks/MobileBluetooth.framework/MobileBluetooth
0x191d6b000 - 0x191d90fff FTAWD arm64  <90ba7b1a114a38cb9255a8320687cc69> /System/Library/PrivateFrameworks/FTAWD.framework/FTAWD
0x191d91000 - 0x191de4fff FTServices arm64  <c212058e1a683eaa95189b6190cb9571> /System/Library/PrivateFrameworks/FTServices.framework/FTServices
0x191de5000 - 0x191e37fff WirelessProximity arm64  <5966bcb347e43c7ea217e91ffbad6424> /System/Library/PrivateFrameworks/WirelessProximity.framework/WirelessProximity
0x191e95000 - 0x191ea1fff libnetworkextension.dylib arm64  <62ac536a68f23f54b332d8ecf615c3af> /usr/lib/libnetworkextension.dylib
0x192cac000 - 0x192e41fff NetworkExtension arm64  <c85716051b763949a70515d3abd51657> /System/Library/Frameworks/NetworkExtension.framework/NetworkExtension
0x192e42000 - 0x193245fff SiriTTS arm64  <8398434ef72333a4a71b0ac9ca1b819f> /System/Library/PrivateFrameworks/SiriTTS.framework/SiriTTS
0x193246000 - 0x19329cfff SAObjects arm64  <f4ffb120ba2c3ed38391944a4abc076a> /System/Library/PrivateFrameworks/SAObjects.framework/SAObjects
0x19329d000 - 0x1932d8fff VoiceServices arm64  <8eac26dc05333f8a9782b9bce9ea7778> /System/Library/PrivateFrameworks/VoiceServices.framework/VoiceServices
0x19330a000 - 0x1933d5fff AssistantServices arm64  <07a64fd2c0bf33ab94415c957239c066> /System/Library/PrivateFrameworks/AssistantServices.framework/AssistantServices
0x19357f000 - 0x19358bfff BluetoothManager arm64  <2ec2bbc4c4ca3cf5859dc92ee11d0de6> /System/Library/PrivateFrameworks/BluetoothManager.framework/BluetoothManager
0x194363000 - 0x194369fff libtzupdate.dylib arm64  <a0bd2d251f183eb791cfa62fb79a1892> /usr/lib/libtzupdate.dylib
0x19436a000 - 0x1944bdfff Preferences arm64  <8340fd3be317304b931935041e390c79> /System/Library/PrivateFrameworks/Preferences.framework/Preferences
0x1a4bc0000 - 0x1a4bc5fff VPNUtilities arm64  <ec05273e8a0c3d3c8ed75751cd2ee4dc> /System/Library/PrivateFrameworks/VPNUtilities.framework/VPNUtilities
0x1a6afd000 - 0x1a6b2afff VPNPreferences arm64  <bd5bac9dc4dd312d8393146744ec5020> /System/Library/PreferenceBundles/VPNPreferences.bundle/VPNPreferences
0x1a9ade000 - 0x1a9ae1fff InternationalSupport arm64  <4112de0d2ce03f97af33b982ba453fa7> /System/Library/PrivateFrameworks/InternationalSupport.framework/InternationalSupport
0x1ad7e0000 - 0x1ad811fff libclosured.dylib arm64  <81ab29ce13173b7db7389232701746ef> /usr/lib/closure/libclosured.dylib
0x1ad812000 - 0x1ad864fff libstdc++.6.dylib arm64  <46a456af30713d4d825e7c6c45cd4769> /usr/lib/libstdc++.6.dylib
cjsworld commented 6 years ago 
static void inspect_dyld() {
    const struct dyld_all_image_infos *aii = _dyld_get_all_image_infos();
    const void *dyld_hdr = aii->dyldImageLoadAddress;

    const char *names[2] = { "__ZNK16ImageLoaderMachO8getSlideEv",
                             "__ZNK16ImageLoaderMachO10machHeaderEv" };
    void *syms[2];
    intptr_t dyld_slide = -1;
    find_syms_raw(dyld_hdr, &dyld_slide, names, syms, 2);
    if (!syms[0] || !syms[1])
        substitute_panic("couldn't find ImageLoader methods\n");
    ImageLoaderMachO_getSlide = syms[0];
    ImageLoaderMachO_machHeader = syms[1];
}

/* 'dlhandle' keeps the image alive */
EXPORT
struct substitute_image *substitute_open_image(const char *filename) {
    pthread_once(&dyld_inspect_once, inspect_dyld);

    void *dlhandle = dlopen(filename, RTLD_LAZY | RTLD_LOCAL | RTLD_NOLOAD);
    if (!dlhandle)
        return NULL;

    const void *image_header = ImageLoaderMachO_machHeader(dlhandle);  <<-- Crash here!!
    intptr_t slide = ImageLoaderMachO_getSlide(dlhandle);

    struct substitute_image *im = malloc(sizeof(*im));
    if (!im)
        return NULL;
    im->slide = slide;
    im->dlhandle = dlhandle;
    im->image_header = image_header;
    return im;
}
cjsworld commented 6 years ago

It seems to be fixed in latest version of substitute.