Errors due to mapped memory

[duraki]

Anyone had similar issues? The error message references to mmap() mostly on Google. My memory is free (no apps open), other apps are not recalling the issue with memory. What else can it be?

$ dsdump --arch arm64 -U -vvv ../../../ios-analysis/IPA/Payload/NN.app/NN
0x400000000 is mapped to existing memory, exiting

[DerekSelander]

How I wrote dsdump, I'll mmap the executable into memory, but I needed a way to ensure I don't mix up the load addresses of the binary with dsdump's own address space. I chose 0x400000000 as a place where not a lot of code lives. You can submit a fix via a PR, modify this location if you were to build yourself, or give me the jtool -l of the executable and wait till early 2022 when I should have enough free time to get an updated version of this tool out.

[erikng]

jtool -l -arch x86_64 ./dsdump_beta/dsdump
LC 00: LC_SEGMENT_64          Mem: 0x000000000-0x100000000	__PAGEZERO
LC 01: LC_SEGMENT_64          Mem: 0x100000000-0x10039c000	__TEXT
	Mem: 0x100003ed0-0x10014c1e2		__TEXT.__text	(Normal)
	Mem: 0x10014c1e2-0x10014c58a		__TEXT.__stubs	(Symbol Stubs)
	Mem: 0x10014c58c-0x10014cace		__TEXT.__stub_helper	(Normal)
	Mem: 0x10014cace-0x10014e059		__TEXT.__objc_methname	(C-String Literals)
	Mem: 0x10014e060-0x10016d5a9		__TEXT.__cstring	(C-String Literals)
	Mem: 0x10016d5a9-0x10016d645		__TEXT.__objc_classname	(C-String Literals)
	Mem: 0x10016d645-0x10016ea23		__TEXT.__objc_methtype	(C-String Literals)
	Mem: 0x10016ea30-0x1003988ff		__TEXT.__const
	Mem: 0x100398900-0x10039a6fc		__TEXT.__gcc_except_tab
	Mem: 0x10039a700-0x10039a754		__TEXT.__catfarts
	Mem: 0x10039a754-0x10039bff4		__TEXT.__unwind_info
LC 02: LC_SEGMENT_64          Mem: 0x10039c000-0x100558000	__DATA
	Mem: 0x10039c000-0x10039c008		__DATA.__nl_symbol_ptr	(Non-Lazy Symbol Ptrs)
	Mem: 0x10039c008-0x10039c0c8		__DATA.__got	(Non-Lazy Symbol Ptrs)
	Mem: 0x10039c0c8-0x10039c5a8		__DATA.__la_symbol_ptr	(Lazy Symbol Ptrs)
	Mem: 0x10039c5a8-0x10039c5e0		__DATA.__mod_init_func	(Module Init Function Ptrs)
	Mem: 0x10039c5e0-0x1003eb630		__DATA.__const
	Mem: 0x1003eb630-0x1003eb8f0		__DATA.__cfstring
	Mem: 0x1003eb8f0-0x1003eb908		__DATA.__objc_classlist	(Normal)
	Mem: 0x1003eb908-0x1003eb920		__DATA.__objc_catlist	(Normal)
	Mem: 0x1003eb920-0x1003eb930		__DATA.__objc_nlcatlist	(Normal)
	Mem: 0x1003eb930-0x1003eb940		__DATA.__objc_protolist
	Mem: 0x1003eb940-0x1003eb948		__DATA.__objc_imageinfo
	Mem: 0x1003eb948-0x1003ed318		__DATA.__objc_const
	Mem: 0x1003ed318-0x1003ed748		__DATA.__objc_selrefs	(Literal Pointers)
	Mem: 0x1003ed748-0x1003ed7a8		__DATA.__objc_classrefs	(Normal)
	Mem: 0x1003ed7a8-0x1003ed7c0		__DATA.__objc_superrefs	(Normal)
	Mem: 0x1003ed7c0-0x1003ed940		__DATA.__objc_ivar
	Mem: 0x1003ed940-0x1003edd50		__DATA.__objc_data
	Mem: 0x1003edd50-0x100455d10		__DATA.__data
	Mem: 0x100455d10-0x1005566f9		__DATA.__bss	(Zero Fill)
	Mem: 0x100556700-0x1005568e2		__DATA.__common	(Zero Fill)
LC 03: LC_SEGMENT_64          Mem: 0x100558000-0x100664000	__LINKEDIT
LC 04: LC_DYLD_INFO
LC 05: LC_SYMTAB
	Symbol table is at offset 0x45efa8 (4583336), 23916 entries
	String table is at offset 0x4bcbb0 (4967344), 622608 bytes
LC 06: LC_DYSYMTAB
	23296 local symbols at index     0
	  442 external symbols at index  23296
	  178 undefined symbols at index 23738
	   No TOC
	   No modtab
	  337 Indirect symbols at offset 0x4bc668

LC 07: LC_LOAD_DYLINKER      	/usr/lib/dyld
LC 08: LC_UUID               	UUID: 2956F9CE-0A8F-30EA-A2E9-5CEF800AD98D
LC 09: LC_BUILD_VERSION      	Build Version:           Platform: MacOS 10.14.0
LC 10: LC_SOURCE_VERSION     	Source Version:          0.0.0.0.0
LC 11: LC_MAIN               	Entry Point:             0x1b754 (Mem: 0x10001b754)
LC 12: LC_LOAD_WEAK_DYLIB    	/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
LC 13: LC_LOAD_DYLIB         	/usr/lib/libobjc.A.dylib
LC 14: LC_LOAD_DYLIB         	/usr/lib/libc++.1.dylib
LC 15: LC_LOAD_DYLIB         	/usr/lib/libSystem.B.dylib
LC 16: LC_LOAD_WEAK_DYLIB    	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
LC 17: LC_RPATH              	@executable_path/../Frameworks
LC 18: LC_RPATH              	@loader_path/../Frameworks
LC 19: LC_FUNCTION_STARTS    	Offset: 4577120, Size: 5200 (0x45d760-0x45ebb0)
LC 20: LC_DATA_IN_CODE       	Offset: 4582320, Size: 1016 (0x45ebb0-0x45efa8)
LC 21: LC_CODE_SIGNATURE     	Offset: 5589952, Size: 62432 (0x554bc0-0x563fa0)

[ynyyn]

If you use macOS Monterey (12)+, try to run the old released dsdump (dsdump_compiled.zip, 1a8857e) with env MallocNanoZone=0, it should work to some degree.

$ MallocNanoZone=0 dsdump --objc dsdump

For details, see my comment at #35 (comment).

[duraki]

Hey @ynyyn thanks for the PR! I can confirm your build works fine on x86_64bit Mac architecture:

MallocNanoZone=0 dsdump -s /Applications/x.app/Contents/MacOS/x -a x86_64 | more
 protocol x.NoteEditorViewControllerDelegate // 3 requirements
 protocol x.TransitionHandler // 1 requirements
 protocol x.StateDismissible // 7 requirements
 protocol x.ApplePencilDetectorUsing // 1 requirements