dump command fails with exception

[LeoNatan]

Hello,

When attempting to dump headers from system frameworks, extracted by keith/dyld-shared-cache-extractor, the following exception is thrown:

➜  ~ dyld-shared-cache-extractor /System/Library/dyld/dyld_shared_cache_x86_64 ~/Desktop/headers/dyld/
➜  ~ ktool dump --headers --out ~/Desktop/headers ~/Desktop/headers/dyld/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
Traceback (most recent call last):
  File "/usr/local/bin/ktool", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.9/site-packages/ktool/ktool_script.py", line 387, in main
    args.func(args)
  File "/usr/local/lib/python3.9/site-packages/ktool/ktool_script.py", line 915, in dump
    objc_image = ktool.load_objc_metadata(image)
  File "/usr/local/lib/python3.9/site-packages/ktool/ktool.py", line 125, in load_objc_metadata
    return ObjCImage.from_image(image)
  File "/usr/local/lib/python3.9/site-packages/ktool/objc.py", line 130, in from_image
    cat_prot_queue.go()
  File "/usr/local/lib/python3.9/site-packages/ktool/util.py", line 104, in go
    self.returns = [self.process_item(item) for item in self.items]
  File "/usr/local/lib/python3.9/site-packages/ktool/util.py", line 104, in <listcomp>
    self.returns = [self.process_item(item) for item in self.items]
  File "/usr/local/lib/python3.9/site-packages/ktool/util.py", line 94, in process_item
    return item.func(*item.args)
  File "/usr/local/lib/python3.9/site-packages/ktool/objc.py", line 910, in from_image
    loc = objc_image.get_int_at(category_ptr, 8, vm=True)
  File "/usr/local/lib/python3.9/site-packages/ktool/objc.py", line 186, in get_int_at
    return self.image.get_int_at(offset, length, vm, sectname)
  File "/usr/local/lib/python3.9/site-packages/ktool/dyld.py", line 205, in get_int_at
    offset = self.vm.get_file_address(offset, section_name)
  File "/usr/local/lib/python3.9/site-packages/ktool/macho.py", line 289, in get_file_address
    raise ValueError(f'Address {hex(vm_address)} couldn\'t be found in vm address set')
ValueError: Address 0xfffffff8402cc730 couldn't be found in vm address set

It behaves the same whether I extract the arm64 or x64 cache.

Thanks

[0cyn]

use https://github.com/arandomdev/DyldExtractor and let me know if you still have this issue

[LeoNatan]

Hello,

Unfortunately, DyldExtractor does not support macOS dyld cache extraction: arandomdev/DyldExtractor#33 (comment)

Thanks

[0cyn]

ah rip. well I'd need to add support for dyld shared cache processing in ktool, bc Keith's doesn't do it in a way where I can pull headers out.

[LeoNatan]

Thank you! I’ll try building the official tool from the dyld sources, see if that makes a difference. Will update the issue.

[0cyn]

It will not make a difference afaik, official tool doesnt do any repair to the metadata whatsoever

[LeoNatan]

Is the issue that offsets are not corrected when extracting the frameworks from the cache?

[0cyn]

Potentially, can you send me a binary extracted from it?

[LeoNatan]

Sure, here is the extracted AppKit:

AppKit.zip

[0cyn]

So i've done quite a bit of playing, and yeah, I dont think processing this data is going to be easy if even possible. this is an issue with the macos extractor and not my program.

I've added a lot of fail-safes with the latest release:
https://github.com/cxnder/ktool/releases/tag/1.1.4

so you should be able to load and process the Mach-O metadata, but I'm not sure if ever loading objc metadata from these images is possible without a seperate program to repair the images.

[LeoNatan]

That’s a shame 😔

I am trying to revive https://github.com/LeoNatan/Apple-Runtime-Headers/ but it seems I still can’t.

Thank you for taking a look!

[0cyn]

ktool has behind-the-scenes support for "runtime dumping" headers. (aka dlopening them and doing it that way). if I can get it working in the cli tool soon (headache bc of objc/c FFI) i'll let you know. would at least solve the macos one.

[LeoNatan]

Thank you!

[erikng]

I too am looking forward to this!