Why Gemfury?
Push, build, and install
RubyGems
npm packages
Python packages
Maven artifacts
PHP packages
Go Modules
Debian packages
RPM packages
NuGet packages
Repository URL to install this package:
|
Version:
9.0~240925-3.fc42 ▾
|
// from idp.hpp
#define PLFM_386 0 // Intel 80x86 (and x86_64/AMD64)
#define PLFM_ARM 13 // Advanced RISC Machines
// format of the entries:
// "user description":
// [
// <IDA Platform ID>,
// <0 for little-endian/1 for big-endian>,
// <address size>,
// <required processor-specific flags>,
// <IDA processor name>,
// <GDB architecture name>,
// <root XML file name with register layout>,
// <hex bytes of the software breakpoint instruction>,
// <use stub's support for single-stepping, if available> (override with SINGLE_STEP)
// ],
CONFIGURATIONS =
{
// description platform bigendian addrsize reqflags processor archictecture xmlfile softbpt ss
"VMWare-x64" : [ PLFM_386, 0, 8, 0, "metapc", "i386:x86-64", "xnu-x64.xml", "CC", 1 ],
"Corellium-ARM64" : [ PLFM_ARM, 0, 8, 0, "arm", "arm64", "xnu-arm64.xml", "D4200020", 1 ]
}
// Default configuration for instant debugging (without database)
DEFAULT_CONFIG = "VMWare-x64";
// Specify the min/max possible virtual addresses for the kernel.
//
// The XNU debugger will use this to determine the proper debugging environment after attaching to the OS.
//
// There are two scenarios after the initial attach:
//
// 1. RIP points within the given range of kernel addresses.
//
// In this case the debugger will try to detect the kernel image and prepare to debug the Mach-O kernel and KEXTs (also see KEXT_POLICY below).
//
// The lower bound will also be used to search for the kernel's lowGlo structure, which facilitates detection of the kernel base address.
//
// 2. RIP points outside the range of kernel addresses.
//
// In this case the debugger will try to detect the EFI_BOOT_SERVICES table and prepare to debug PE EFI firmware (also see DEBUG_UEFI below).
//
// If execution is later suspended in the kernel, then the debugger will unload EFI debugging and prepare for kernel debugging on-the-fly.
KERNEL_BOUNDS =
{
#ifdef __EA64__
// config name kernel_min kernel_max
"VMWare-x64" : [ 0xFFFFFF8000000000, 0xFFFFFFFFFFFFEFFF ],
"Corellium-ARM64" : [ 0xFFFFFFF000000000, 0xFFFFFFF3FFFFFFFF ]
#endif
}
// Path to a Kernel Debug Kit on the local filesystem.
//
// If you have already installed a KDK from Apple, you can point IDA to it using this option. For example:
//
// KDK_PATH = "/Library/Developer/KDKs/KDK_10.13.6_17G4015.kdk";
//
// This will allow IDA to load DWARF info for the XNU kernel at runtime.
//
// Also note that a KDK can heavily speed up debugging, since it allows IDA to load debug info
// from the KDK files on disk (i.e. segment names, symbols names, DWARF info, etc.),
// rather than download this information from the remote gdb stub.
//
// If there is no KDK available (typically the case for iOS), you can still create your own KDK
// by copying the kernelcache from your device:
//
// 1. mkdir ~/MyKDK
// 2. scp root@iphone:/System/Library/Caches/com.apple.kernelcaches/kernelcache /tmp
// 3. lzssdec -o HEADER_OFF < /tmp/kernelcache > ~/MyKDK/kernelcache.decompressed
// 4. KDK_PATH = "~/MyKDK";
//
// Now whenever the debugger must extract information from the kernel or kexts,
// it will parse the kernelcache instead of the images in remote memory.
//
// This should be noticeably faster.
KDK_PATH = "";
// Detect kernel extensions in memory and load them as separate Modules.
//
// For flexibility, the debugger recognizes the following values for KEXT_POLICY:
//
// 0 = don't bother with KEXTs at all.
//
// 1 = load only the KEXTs that are present in the KDK (see KDK_PATH above).
// this is the suggested approach, and is the default behavior in lldb.
//
// 2 = load all KEXTs found in kernel memory.
// there can be hundreds of them, so this option has the potential to be slow.
KEXT_POLICY = 0
// Detect when firmware images are loaded into memory and process them as separate Modules.
//
// This option is useful for detecting when important drivers are about to be invoked. For instance, this is how you can
// break just before the entry point of the OSX bootloader:
//
// 1. set DEBUG_UEFI to YES
//
// 2. add this line to your VM's .vmx file:
//
// monitor.debugOnStartGuest64 = "TRUE"
//
// 3. power on the VM, and attach the debugger in IDA
//
// 4. in Debugger>Debugger options, check "Suspend on library load/unload"
//
// 5. set the "Event condition" field to:
//
// get_event_id() == LIB_LOADED && get_event_module_name() == "boot"
//
// (on some older versions of OSX the bootloader will be named "boot.sys")
//
// Now resume the process, and wait for IDA to suspend the OS once the bootloader is loaded.
DEBUG_UEFI = YES
// Path to a directory on the local filesystem that contains DWARF information for EFI images.
//
// Typically EFI modules built on OSX are first compiled as Mach-O, and then converted
// to PE .efi before they are installed and run. For example, if you have an EFI build that
// produces the following binaries:
//
// MyDriver.efi
// MyDriver.dll
// MyDriver.dll.dSYM
//
// you can copy the *.dll* files to the directory pointed to by UEFI_SYMBOLS.
//
// This allows the debugger to load DWARF info for the MyDriver.efi image at runtime.
UEFI_SYMBOLS = "";
// Default timeout for remote stub responses (milliseconds)
REMOTE_TIMEOUT = 1000
// Maximum packet size supported by remote stub.
//
// If not set, IDA will detect the maximum packet size as follows:
// - use value specified by PacketSize response to qSupported (if available)
// - use size of 'g' packet response
// - use min size of 399 bytes
// MAXPACKETSIZE = 399
// Architecture name given by the <architecture> tag.
ARCH_MAP =
{ // cpu is_64 is_be flags
"i386:x86-64": [ PLFM_386, 1, 0, -1 ],
"arm64": [ PLFM_ARM, 1, 0, -1 ]
}
// Feature name given by the <feature> tags' "name" attribute.
FEATURE_MAP =
{ // cpu is_64 is_be flags
"org.gnu.gdb.i386.core": [ PLFM_386, 1, 0, -1 ],
"com.corellium.gdb.arm64.general": [ PLFM_ARM, 1, 0, -1 ],
"com.apple.debugserver.arm64.general": [ PLFM_ARM, 1, 0, -1 ]
}
IDA_FEATURES =
{
"i386:x86-64":
{
// VMWARE
"org.gnu.gdb.i386.core":
{
"title": "General registers",
"rename": { "eflags": "EFL" },
"code_ptr": "rip",
"stack_ptr": "rsp",
"frame_ptr": "rbp",
"data_ptr":
[
"rax", "rbx", "rcx", "rdx", "rsi", "rdi",
"r8", "r9", "r10", "r11", "r12", "r13", "r14", "r15"
]
},
"org.gnu.gdb.i386.seg":
{
"title": "Segment Registers"
},
"org.gnu.gdb.i386.fp":
{
"title": "Floating Point Registers"
},
"org.gnu.gdb.i386.sse":
{
"title": "XMM Registers"
}
},
"arm64":
{
// Corellium
"com.corellium.gdb.arm64.general":
{
"title": "General Registers",
"rename":
{
"cpsr": "psr",
"fp": "x29",
"lr": "x30"
},
"stack_ptr": "sp",
"code_ptr": "pc",
"frame_ptr": "x29",
"data_ptr":
[
"x0", "x1", "x2", "x3", "x4", "x5", "x6", "x7",
"x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15",
"x16", "x17", "x18", "x19", "x20", "x21", "x22", "x23",
"x24", "x25", "x26", "x27", "x28", "x29", "x30"
],
"bitfields":
{
"psr":
{
"SPSEL": [ 0, 0 ],
"EL": [ 2, 3 ],
"NRW": [ 4, 4 ],
"F": [ 6, 6 ],
"I": [ 7, 7 ],
"A": [ 8, 8 ],
"D": [ 9, 9 ],
"IL": [ 20, 20 ],
"SS": [ 21, 21 ],
"V": [ 28, 28 ],
"C": [ 29, 29 ],
"Z": [ 30, 30 ],
"N": [ 31, 31 ]
}
}
},
"com.corellium.gdb.arm64.single":
{
"title": "Floating Point Registers (Single Precision)"
},
"com.corellium.gdb.arm64.double":
{
"title": "Floating Point Registers (Double Precision)"
},
"com.corellium.gdb.arm64.neon":
{
"title": "NEON Registers"
},
"com.corellium.gdb.arm64.state":
{
"title": "FP/Exception State Registers"
},
// KTRW
"com.apple.debugserver.arm64.general":
{
"title": "General Registers",
"rename":
{
"cpsr": "psr",
"fp": "x29",
"lr": "x30"
},
"stack_ptr": "sp",
"code_ptr": "pc",
"frame_ptr": "x29",
"data_ptr":
[
"x0", "x1", "x2", "x3", "x4", "x5", "x6", "x7",
"x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15",
"x16", "x17", "x18", "x19", "x20", "x21", "x22", "x23",
"x24", "x25", "x26", "x27", "x28", "x29", "x30"
],
"bitfields":
{
"psr":
{
"M": [ 0, 4 ],
"F": [ 6, 6 ],
"I": [ 7, 7 ],
"A": [ 8, 8 ],
"D": [ 9, 9 ],
"IL": [ 20, 20 ],
"SS": [ 21, 21 ],
"PAN": [ 22, 22 ],
"UAO": [ 23, 23 ],
"DIT": [ 24, 24 ],
"V": [ 28, 28 ],
"C": [ 29, 29 ],
"Z": [ 30, 30 ],
"N": [ 31, 31 ]
}
}
},
"com.apple.debugserver.arm64.low":
{
"title": "General Registers (32-bit)"
},
"com.apple.debugserver.arm64.single":
{
"title": "Floating Point Registers (Single Precision)"
},
"com.apple.debugserver.arm64.double":
{
"title": "Floating Point Registers (Double Precision)"
},
"com.apple.debugserver.arm64.neon":
{
"title": "NEON Registers"
},
"com.apple.debugserver.arm64.state":
{
"title": "FP/Exception State Registers"
}
}
}