ilch1
commented
2 years ago Thanks for your question and request.
The ASLR slide is something that is computed at run-time. dwarf2json converts debug information into a format that can be used with volatility3. It is typically not run on the target system that is to be analyzed. Thus, calculating the ASLR slide is outside of its scope.
For your reference, here is the volatility3 code that calculates aslr for mac: https://github.com/volatilityfoundation/volatility3/blob/stable/volatility3/framework/automagic/mac.py#L118. Perhaps, it can be useful in your endeavor.
Best of luck. @ilch1
Thank you for making this tool open, it's helpful for symbolizing iOS crash logs.
While I have not found how to query ASLR slide of a given load/stack address yet. Because of the ASLR slides, I cannot get the correct symbolicated source code.
I have tried editing some source code of the tool but it did not work, I still can not get the ASLR slides, neither the .debug_arange which were told that contains ASLR slides for load/stack address.
Please add such a function or tell me how to. Thank you very much~
References: https://eli.thegreenplace.net/2011/12/26/the-contents-of-dwarf-sections https://bellis1000.medium.com/aslr-the-ios-kernel-how-virtual-address-spaces-are-randomised-d76d14dc7ebb https://en.wikipedia.org/wiki/Address_space_layout_randomization#iOS_(iPhone,_iPod_touch,_iPad)