XNU Kernel Debug - GDB Helper Functions
To ease kernel debugging for our project we'd developed some gdb scripts that will help us along the way. Here listed what had been implemented already, just use find to search for information that you looking for, if it is not here - PR it :)
This is an open source project! Feel more than welcome to contribute! Lets bring the iOS on QEMU up and running :)
Important Note
Those scripts works on the kernel version presented in our work. Some of the functionality was availeble only after reversing the relevant code of specific kernelcashe. Scripts do not support debugging of kernelcache that runs with KSLR!
Install
After completing all steps described here, copy this project to your project directory (or any other place), run gdb, connect to the QEMU server (target remote :1234) and run:
$ source load.pyAlso, run it after any edit of the scripts for the change to take effect
Use
Show list of all threads
$ xnu-threads globalShow list of all tasks
$ xnu-tasksShow list of all user threads
$ xnu-threads userShow list of current's task threads
$ xnu-threadsShow threads of specific task
$ xnu-threads ${TASK_PTR}Show all parsed info of specific thread
$ xnu-thread-info ${THREAD_PTR}Show all parsed info of specific task
$ xnu-task-info ${TASK_PTR}Print the metadata of all the kernel allocation zones
$ xnu-zonesShow is_table of itk_space of specific task/space
$ xnu-ipc_entry-list -task ${TASK_PTR}
$ xnu-ipc_entry-list -space ${SPACE_PTR}Show parsed info of ipc_port
$ xnu-ipc-port-info ${IPC_PORT_PTR}Show ipc_voucher info of specific thread
$ xnu-voucher-info ${THREAD_PTR}