Fix early instrumentation on macOS 13 and iOS 16

oleavr · hsorbo · oleavr · commit 73ac5eab9e69 · 2022-11-22T16:50:46.000+01:00
Co-authored-by: Håvard Sørbø &lt;havard@hsorbo.no&gt;
diff --git a/src/darwin/frida-helper-backend-glue.m b/src/darwin/frida-helper-backend-glue.m
@@ -21,6 +21,7 @@
 #endif
 #include <gum/gum.h>
 #include <gum/gumdarwin.h>
+#include <mach-o/dyld_images.h>
 #include <mach-o/loader.h>
 #include <mach/exc.h>
 #include <mach/mach.h>
@@ -177,6 +178,11 @@
   mach_vm_address_t dyld_data;
 
   GumAddress modern_entry_address;
+
+  /* V4+ */
+  GumAddress info_ptr_address;
+
+  /* V3- */
   GumAddress dlopen_address;
   GumAddress cf_initialize_address;
   GumAddress info_address;
@@ -374,6 +380,7 @@
 
 static void frida_spawn_instance_on_server_recv (void * context);
 static gboolean frida_spawn_instance_handle_breakpoint (FridaSpawnInstance * self, FridaBreakpoint * breakpoint, GumDarwinUnifiedThreadState * state);
+static gboolean frida_spawn_instance_handle_dyld_restart (FridaSpawnInstance * self);
 static gboolean frida_spawn_instance_handle_modinit (FridaSpawnInstance * self, GumDarwinUnifiedThreadState * state, GumAddress pc);
 static void frida_spawn_instance_receive_breakpoint_request (FridaSpawnInstance * self);
 static void frida_spawn_instance_send_breakpoint_response (FridaSpawnInstance * self);
@@ -1838,6 +1845,10 @@ static void frida_darwin_helper_backend_launch_using_sbs (NSString * identifier,
   {
     instance->modern_entry_address = modern_entry_address;
     legacy_entry_address = 0;
+
+    instance->info_ptr_address = gum_darwin_module_resolve_symbol_address (dyld, "_gProcessInfo");
+    if (instance->info_ptr_address == 0)
+      goto dyld_probe_failed;
   }
   else
   {
@@ -1903,6 +1914,13 @@ static void frida_darwin_helper_backend_launch_using_sbs (NSString * identifier,
     frida_spawn_instance_set_nth_breakpoint (instance, i++, legacy_entry_address, FRIDA_BREAKPOINT_REPEAT_ALWAYS);
   if (modern_entry_address != 0)
     frida_spawn_instance_set_nth_breakpoint (instance, i++, modern_entry_address, FRIDA_BREAKPOINT_REPEAT_ALWAYS);
+  if (instance->dyld_flavor == FRIDA_DYLD_V4_PLUS)
+  {
+    GumAddress restart_with_dyld_in_cache = gum_darwin_module_resolve_symbol_address (dyld,
+        "__ZN5dyld422restartWithDyldInCacheEPKNS_10KernelArgsEPKN5dyld39MachOFileEPv");
+    if (restart_with_dyld_in_cache != 0)
+      frida_spawn_instance_set_nth_breakpoint (instance, i++, restart_with_dyld_in_cache, FRIDA_BREAKPOINT_REPEAT_NEVER);
+  }
 
   kr = frida_set_debug_state (child_thread, &instance->breakpoint_debug_state, instance->cpu_type);
   CHECK_MACH_RESULT (kr, ==, KERN_SUCCESS, "frida_set_debug_state");
@@ -2829,7 +2847,10 @@ static void frida_darwin_helper_backend_launch_using_sbs (NSString * identifier,
   {
     if (self->dyld_flavor == FRIDA_DYLD_V4_PLUS)
     {
-      self->breakpoint_phase = FRIDA_BREAKPOINT_SET_LIBDYLD_INITIALIZE_CALLER_BREAKPOINT;
+      if (pc == self->modern_entry_address)
+        self->breakpoint_phase = FRIDA_BREAKPOINT_SET_LIBDYLD_INITIALIZE_CALLER_BREAKPOINT;
+      else
+        return frida_spawn_instance_handle_dyld_restart (self);
     }
     else
     {
@@ -3054,6 +3075,49 @@ static void frida_darwin_helper_backend_launch_using_sbs (NSString * identifier,
   }
 }
 
+static gboolean
+frida_spawn_instance_handle_dyld_restart (FridaSpawnInstance * self)
+{
+  gboolean handled = FALSE;
+  GumAddress * info_ptr;
+  struct dyld_all_image_infos * info = NULL;
+  GumDarwinModule * dyld = NULL;
+  GumAddress entry_address;
+
+  info_ptr = (GumAddress *) gum_darwin_read (self->task, self->info_ptr_address, sizeof (GumAddress), NULL);
+  if (info_ptr == NULL)
+    goto beach;
+
+  info = (struct dyld_all_image_infos *) gum_darwin_read (self->task, *info_ptr, sizeof (struct dyld_all_image_infos), NULL);
+  if (info == NULL)
+    goto beach;
+
+  dyld = gum_darwin_module_new_from_memory ("/usr/lib/dyld", self->task, GUM_ADDRESS (info->dyldImageLoadAddress),
+      GUM_DARWIN_MODULE_FLAGS_NONE, NULL);
+  if (dyld == NULL)
+    goto beach;
+
+  entry_address = gum_darwin_module_resolve_symbol_address (dyld, "__ZN5dyld44APIs19_libdyld_initializeEPKNS_16LibSystemHelpersE");
+  if (entry_address == 0)
+    goto beach;
+
+  self->modern_entry_address = entry_address;
+
+  g_object_unref (self->dyld);
+  self->dyld = g_steal_pointer (&dyld);
+
+  frida_spawn_instance_set_nth_breakpoint (self, 0, entry_address, FRIDA_BREAKPOINT_REPEAT_ALWAYS);
+
+  handled = TRUE;
+
+beach:
+  g_clear_object (&dyld);
+  g_free (info);
+  g_free (info_ptr);
+
+  return handled;
+}
+
 static gboolean
 frida_spawn_instance_handle_modinit (FridaSpawnInstance * self, GumDarwinUnifiedThreadState * state, GumAddress pc)
 {
diff --git a/src/fruity/helpers/symbol-fetcher.c b/src/fruity/helpers/symbol-fetcher.c
@@ -49,6 +49,8 @@ frida_fetch_dyld_symbols (char * output_buffer, const void * dyld_load_address)
     const char * name = strings + sym->n_un.n_strx;
 
     if (frida_str_contains (name, "libdyld_initialize") ||
+        frida_str_contains (name, "restartWithDyldInCache") ||
+        frida_str_equals (name, "_gProcessInfo") ||
         frida_str_contains (name, "launchWithClosure") ||
         frida_str_contains (name, "initializeMainExecutable") ||
         frida_str_contains (name, "registerThreadHelpers") ||
@@ -165,6 +167,9 @@ frida_append_uint64 (char ** output, uint64_t val)
       *cursor++ = nibble_to_hex_char[nibble];
   }
 
+  if (!found_first_nonzero)
+    *cursor++ = '0';
+
   *output = cursor;
 }
 
diff --git a/src/fruity/injector.vala b/src/fruity/injector.vala
@@ -146,7 +146,7 @@ namespace Frida.Fruity.Injector {
 			jit_page = yield lldb.allocate (page_size, "rx", cancellable);
 			scratch_page = yield lldb.allocate (page_size, "rw", cancellable);
 
-			dyld_fields = yield lldb.get_apple_dyld_fields (cancellable);
+			dyld_fields = yield lldb.get_apple_dyld_fields (ALLOW_CACHE, cancellable);
 			libsystem_initialized = yield lldb.read_bool (dyld_fields.libsystem_initialized, cancellable);
 			if (libsystem_initialized) {
 				dyld_base = yield lldb.read_pointer (dyld_fields.dyld_load_address, cancellable);
@@ -837,14 +837,48 @@ namespace Frida.Fruity.Injector {
 
 		private async void ensure_libsystem_initialized_for_dyld_v4_and_above (uint64 libdyld_initialize,
 				Cancellable? cancellable) throws GLib.Error {
+			uint64? process_info_ptr = dyld_symbols["_gProcessInfo"];
+			if (process_info_ptr == null)
+				throw new Error.UNSUPPORTED ("Missing gProcessInfo");
+
 			LLDB.Breakpoint init_breakpoint = yield lldb.add_breakpoint (libdyld_initialize, cancellable);
 
+			LLDB.Breakpoint? restart_breakpoint = null;
+			uint64? restart_with_dyld_in_cache = dyld_symbols["__ZN5dyld422restartWithDyldInCacheEPKNS_10KernelArgsEPKN5dyld39MachOFileEPv"];
+			if (restart_with_dyld_in_cache != null)
+				restart_breakpoint = yield lldb.add_breakpoint (restart_with_dyld_in_cache, cancellable);
+
 			var exception = yield lldb.continue_until_exception (cancellable);
 
 			LLDB.Breakpoint? hit_breakpoint = exception.breakpoint;
 			if (hit_breakpoint == null)
 				throw new Error.UNSUPPORTED ("Unexpected exception");
 
+			if (hit_breakpoint == restart_breakpoint) {
+				uint64 process_info = yield lldb.read_pointer (process_info_ptr, cancellable);
+				uint64 dyld_image_load_address = yield lldb.read_pointer (process_info + 0x20, cancellable);
+
+				var rebased_symbols = new Gee.HashMap<string, uint64?> ();
+				foreach (var e in dyld_symbols.entries)
+					rebased_symbols[e.key] = dyld_image_load_address + (e.value - dyld_base);
+
+				dyld_base = dyld_image_load_address;
+				dyld_symbols = rebased_symbols;
+
+				yield restart_breakpoint.remove (cancellable);
+				yield init_breakpoint.remove (cancellable);
+				uint64 real_libdyld_initialize = dyld_symbols["__ZN5dyld44APIs19_libdyld_initializeEPKNS_16LibSystemHelpersE"];
+				init_breakpoint = yield lldb.add_breakpoint (real_libdyld_initialize, cancellable);
+
+				exception = yield lldb.continue_until_exception (cancellable);
+
+				hit_breakpoint = exception.breakpoint;
+				if (hit_breakpoint == null)
+					throw new Error.UNSUPPORTED ("Unexpected exception");
+
+				dyld_fields = yield lldb.get_apple_dyld_fields (BYPASS_CACHE, cancellable);
+			}
+
 			assert (hit_breakpoint == init_breakpoint);
 			yield init_breakpoint.remove (cancellable);
 
@@ -1133,53 +1167,57 @@ namespace Frida.Fruity.Injector {
 		private const uint8[] SYMBOL_FETCHER_CODE = {
 			0xff, 0xc3, 0x01, 0xd1, 0xfc, 0x6f, 0x01, 0xa9, 0xfa, 0x67, 0x02, 0xa9, 0xf8, 0x5f, 0x03, 0xa9, 0xf6, 0x57, 0x04,
 			0xa9, 0xf4, 0x4f, 0x05, 0xa9, 0xfd, 0x7b, 0x06, 0xa9, 0xfd, 0x83, 0x01, 0x91, 0xf4, 0x03, 0x01, 0xaa, 0xe0, 0x07,
-			0x00, 0xf9, 0x13, 0x00, 0x80, 0xd2, 0x19, 0x00, 0x80, 0xd2, 0x38, 0x80, 0x00, 0x91, 0x3a, 0x10, 0x40, 0xb9, 0x75,
-			0x1a, 0x00, 0x10, 0x1f, 0x20, 0x03, 0xd5, 0x56, 0x1a, 0x00, 0x70, 0x1f, 0x20, 0x03, 0xd5, 0xfa, 0x03, 0x00, 0x34,
+			0x00, 0xf9, 0x13, 0x00, 0x80, 0xd2, 0x19, 0x00, 0x80, 0xd2, 0x38, 0x80, 0x00, 0x91, 0x3a, 0x10, 0x40, 0xb9, 0xd5,
+			0x1c, 0x00, 0x30, 0x1f, 0x20, 0x03, 0xd5, 0xd6, 0x1c, 0x00, 0x10, 0x1f, 0x20, 0x03, 0xd5, 0xfa, 0x03, 0x00, 0x34,
 			0x08, 0x03, 0x40, 0xb9, 0x1f, 0x09, 0x00, 0x71, 0x80, 0x01, 0x00, 0x54, 0x1f, 0x2d, 0x00, 0x71, 0x80, 0x01, 0x00,
 			0x54, 0x1f, 0x65, 0x00, 0x71, 0x61, 0x01, 0x00, 0x54, 0x17, 0x23, 0x00, 0x91, 0xe0, 0x03, 0x17, 0xaa, 0xe1, 0x03,
-			0x15, 0xaa, 0x97, 0x00, 0x00, 0x94, 0x60, 0x01, 0x00, 0x34, 0x13, 0x0f, 0x40, 0xf9, 0x04, 0x00, 0x00, 0x14, 0xfc,
+			0x15, 0xaa, 0x9b, 0x00, 0x00, 0x94, 0x60, 0x01, 0x00, 0x34, 0x13, 0x0f, 0x40, 0xf9, 0x04, 0x00, 0x00, 0x14, 0xfc,
 			0x03, 0x18, 0xaa, 0x02, 0x00, 0x00, 0x14, 0xfb, 0x03, 0x18, 0xaa, 0x08, 0x07, 0x40, 0xb9, 0x18, 0x03, 0x08, 0x8b,
 			0x5a, 0x07, 0x00, 0x51, 0x9a, 0xfd, 0xff, 0x35, 0x09, 0x00, 0x00, 0x14, 0xe0, 0x03, 0x17, 0xaa, 0xe1, 0x03, 0x16,
-			0xaa, 0x89, 0x00, 0x00, 0x94, 0x00, 0xff, 0xff, 0x34, 0x08, 0x0f, 0x40, 0xf9, 0x09, 0x17, 0x40, 0xf9, 0x19, 0x01,
+			0xaa, 0x8d, 0x00, 0x00, 0x94, 0x00, 0xff, 0xff, 0x34, 0x08, 0x0f, 0x40, 0xf9, 0x09, 0x17, 0x40, 0xf9, 0x19, 0x01,
 			0x09, 0xcb, 0xf4, 0xff, 0xff, 0x17, 0x88, 0x02, 0x13, 0xcb, 0x28, 0x03, 0x08, 0x8b, 0x89, 0x0b, 0x40, 0xb9, 0x19,
-			0x01, 0x09, 0x8b, 0x89, 0x13, 0x40, 0xb9, 0x13, 0x01, 0x09, 0x8b, 0x78, 0x0b, 0x40, 0xb9, 0xd6, 0x15, 0x00, 0x10,
-			0x1f, 0x20, 0x03, 0xd5, 0xf7, 0x07, 0x40, 0xf9, 0x68, 0x0f, 0x40, 0xb9, 0x1f, 0x03, 0x08, 0x6b, 0x40, 0x09, 0x00,
+			0x01, 0x09, 0x8b, 0x89, 0x13, 0x40, 0xb9, 0x13, 0x01, 0x09, 0x8b, 0x78, 0x0b, 0x40, 0xb9, 0x36, 0x18, 0x00, 0x10,
+			0x1f, 0x20, 0x03, 0xd5, 0xf7, 0x07, 0x40, 0xf9, 0x68, 0x0f, 0x40, 0xb9, 0x1f, 0x03, 0x08, 0x6b, 0x00, 0x0b, 0x00,
 			0x54, 0xf5, 0x03, 0x18, 0x2a, 0xa8, 0xee, 0x7c, 0xd3, 0x28, 0x6b, 0x68, 0xb8, 0x7c, 0x02, 0x08, 0x8b, 0xe0, 0x03,
-			0x1c, 0xaa, 0x81, 0x0f, 0x00, 0x10, 0x1f, 0x20, 0x03, 0xd5, 0x4d, 0x00, 0x00, 0x94, 0x80, 0x04, 0x00, 0x37, 0xe0,
-			0x03, 0x1c, 0xaa, 0x61, 0x0f, 0x00, 0x70, 0x1f, 0x20, 0x03, 0xd5, 0x48, 0x00, 0x00, 0x94, 0xe0, 0x03, 0x00, 0x37,
-			0xe0, 0x03, 0x1c, 0xaa, 0x61, 0x0f, 0x00, 0x30, 0x1f, 0x20, 0x03, 0xd5, 0x43, 0x00, 0x00, 0x94, 0x40, 0x03, 0x00,
-			0x37, 0xe0, 0x03, 0x1c, 0xaa, 0x81, 0x0f, 0x00, 0x50, 0x1f, 0x20, 0x03, 0xd5, 0x3e, 0x00, 0x00, 0x94, 0xa0, 0x02,
-			0x00, 0x37, 0xe0, 0x03, 0x1c, 0xaa, 0xa1, 0x0f, 0x00, 0x10, 0x1f, 0x20, 0x03, 0xd5, 0x51, 0x00, 0x00, 0x94, 0x00,
-			0x02, 0x00, 0x37, 0xe0, 0x03, 0x1c, 0xaa, 0x41, 0x0f, 0x00, 0x10, 0x1f, 0x20, 0x03, 0xd5, 0x4c, 0x00, 0x00, 0x94,
-			0x60, 0x01, 0x00, 0x37, 0xe0, 0x03, 0x1c, 0xaa, 0xe1, 0x0e, 0x00, 0x10, 0x1f, 0x20, 0x03, 0xd5, 0x2f, 0x00, 0x00,
-			0x94, 0xc0, 0x00, 0x00, 0x37, 0xe0, 0x03, 0x1c, 0xaa, 0xc1, 0x0e, 0x00, 0x70, 0x1f, 0x20, 0x03, 0xd5, 0x2a, 0x00,
-			0x00, 0x94, 0x80, 0x03, 0x00, 0x34, 0x7a, 0x00, 0x00, 0x34, 0x48, 0x01, 0x80, 0x52, 0xe8, 0x16, 0x00, 0x38, 0x08,
-			0x00, 0x80, 0x52, 0x29, 0x13, 0x15, 0x8b, 0x29, 0x05, 0x40, 0xf9, 0x89, 0x02, 0x09, 0x8b, 0x8a, 0x07, 0x80, 0x52,
-			0x5f, 0x11, 0x00, 0x31, 0x60, 0x01, 0x00, 0x54, 0x2b, 0x25, 0xca, 0x9a, 0x6b, 0x0d, 0x40, 0x92, 0x7f, 0x01, 0x00,
-			0x71, 0xec, 0x07, 0x9f, 0x1a, 0x08, 0x01, 0x0c, 0x2a, 0x68, 0x00, 0x00, 0x36, 0xcb, 0x6a, 0x6b, 0x38, 0xeb, 0x16,
-			0x00, 0x38, 0x4a, 0x11, 0x00, 0x51, 0xf5, 0xff, 0xff, 0x17, 0x28, 0x01, 0x80, 0x52, 0xe8, 0x16, 0x00, 0x38, 0x88,
-			0x03, 0x40, 0x39, 0x68, 0x00, 0x00, 0x34, 0x9c, 0x07, 0x00, 0x91, 0xfc, 0xff, 0xff, 0x17, 0x5a, 0x07, 0x00, 0x11,
-			0x18, 0x07, 0x00, 0x11, 0xb5, 0xff, 0xff, 0x17, 0xe8, 0x07, 0x40, 0xf9, 0xe0, 0x02, 0x08, 0xcb, 0xff, 0x02, 0x00,
-			0x39, 0xfd, 0x7b, 0x46, 0xa9, 0xf4, 0x4f, 0x45, 0xa9, 0xf6, 0x57, 0x44, 0xa9, 0xf8, 0x5f, 0x43, 0xa9, 0xfa, 0x67,
-			0x42, 0xa9, 0xfc, 0x6f, 0x41, 0xa9, 0xff, 0xc3, 0x01, 0x91, 0xc0, 0x03, 0x5f, 0xd6, 0xf6, 0x57, 0xbd, 0xa9, 0xf4,
-			0x4f, 0x01, 0xa9, 0xfd, 0x7b, 0x02, 0xa9, 0xfd, 0x83, 0x00, 0x91, 0xf4, 0x03, 0x01, 0xaa, 0xf3, 0x03, 0x00, 0xaa,
-			0x35, 0x00, 0x40, 0x39, 0x68, 0x02, 0x40, 0x39, 0x28, 0x01, 0x00, 0x34, 0x1f, 0x01, 0x15, 0x6b, 0xa1, 0x00, 0x00,
-			0x54, 0xe0, 0x03, 0x13, 0xaa, 0xe1, 0x03, 0x14, 0xaa, 0x0b, 0x00, 0x00, 0x94, 0x80, 0x00, 0x00, 0x37, 0x73, 0x06,
-			0x00, 0x91, 0xf7, 0xff, 0xff, 0x17, 0x13, 0x00, 0x80, 0xd2, 0x7f, 0x02, 0x00, 0xf1, 0xe0, 0x07, 0x9f, 0x1a, 0xfd,
-			0x7b, 0x42, 0xa9, 0xf4, 0x4f, 0x41, 0xa9, 0xf6, 0x57, 0xc3, 0xa8, 0xc0, 0x03, 0x5f, 0xd6, 0x28, 0x00, 0x40, 0x39,
-			0xe8, 0x00, 0x00, 0x34, 0x21, 0x04, 0x00, 0x91, 0x09, 0x14, 0x40, 0x38, 0x3f, 0x01, 0x08, 0x6b, 0x60, 0xff, 0xff,
-			0x54, 0x00, 0x00, 0x80, 0x52, 0xc0, 0x03, 0x5f, 0xd6, 0x20, 0x00, 0x80, 0x52, 0xc0, 0x03, 0x5f, 0xd6, 0x08, 0x00,
-			0x40, 0x39, 0x29, 0x00, 0x40, 0x39, 0x1f, 0x01, 0x09, 0x6b, 0xc1, 0x00, 0x00, 0x54, 0x00, 0x04, 0x00, 0x91, 0x21,
-			0x04, 0x00, 0x91, 0x48, 0xff, 0xff, 0x35, 0x20, 0x00, 0x80, 0x52, 0xc0, 0x03, 0x5f, 0xd6, 0x00, 0x00, 0x80, 0x52,
-			0xc0, 0x03, 0x5f, 0xd6, 0x6c, 0x69, 0x62, 0x64, 0x79, 0x6c, 0x64, 0x5f, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c,
-			0x69, 0x7a, 0x65, 0x00, 0x6c, 0x61, 0x75, 0x6e, 0x63, 0x68, 0x57, 0x69, 0x74, 0x68, 0x43, 0x6c, 0x6f, 0x73, 0x75,
-			0x72, 0x65, 0x00, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4d, 0x61, 0x69, 0x6e, 0x45, 0x78,
-			0x65, 0x63, 0x75, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x00, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x54, 0x68,
-			0x72, 0x65, 0x61, 0x64, 0x48, 0x65, 0x6c, 0x70, 0x65, 0x72, 0x73, 0x00, 0x5f, 0x64, 0x6c, 0x6f, 0x70, 0x65, 0x6e,
-			0x00, 0x5f, 0x73, 0x74, 0x72, 0x63, 0x6d, 0x70, 0x00, 0x64, 0x6f, 0x4d, 0x6f, 0x64, 0x49, 0x6e, 0x69, 0x74, 0x46,
-			0x75, 0x6e, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x00, 0x64, 0x6f, 0x47, 0x65, 0x74, 0x44, 0x4f, 0x46, 0x53, 0x65,
-			0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x00, 0x5f, 0x5f, 0x54, 0x45, 0x58, 0x54, 0x00, 0x5f, 0x5f, 0x4c, 0x49, 0x4e,
-			0x4b, 0x45, 0x44, 0x49, 0x54, 0x00, 0x00, 0x00, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61,
+			0x1c, 0xaa, 0xc1, 0x10, 0x00, 0x10, 0x1f, 0x20, 0x03, 0xd5, 0x5b, 0x00, 0x00, 0x94, 0xc0, 0x05, 0x00, 0x37, 0xe0,
+			0x03, 0x1c, 0xaa, 0xa1, 0x10, 0x00, 0x70, 0x1f, 0x20, 0x03, 0xd5, 0x56, 0x00, 0x00, 0x94, 0x20, 0x05, 0x00, 0x37,
+			0xe0, 0x03, 0x1c, 0xaa, 0xc1, 0x10, 0x00, 0x50, 0x1f, 0x20, 0x03, 0xd5, 0x69, 0x00, 0x00, 0x94, 0x80, 0x04, 0x00,
+			0x37, 0xe0, 0x03, 0x1c, 0xaa, 0xa1, 0x10, 0x00, 0x10, 0x1f, 0x20, 0x03, 0xd5, 0x4c, 0x00, 0x00, 0x94, 0xe0, 0x03,
+			0x00, 0x37, 0xe0, 0x03, 0x1c, 0xaa, 0x81, 0x10, 0x00, 0x50, 0x1f, 0x20, 0x03, 0xd5, 0x47, 0x00, 0x00, 0x94, 0x40,
+			0x03, 0x00, 0x37, 0xe0, 0x03, 0x1c, 0xaa, 0xa1, 0x10, 0x00, 0x70, 0x1f, 0x20, 0x03, 0xd5, 0x42, 0x00, 0x00, 0x94,
+			0xa0, 0x02, 0x00, 0x37, 0xe0, 0x03, 0x1c, 0xaa, 0xc1, 0x10, 0x00, 0x30, 0x1f, 0x20, 0x03, 0xd5, 0x5d, 0x00, 0x00,
+			0x94, 0x00, 0x02, 0x00, 0x37, 0xe0, 0x03, 0x1c, 0xaa, 0x61, 0x10, 0x00, 0x30, 0x1f, 0x20, 0x03, 0xd5, 0x58, 0x00,
+			0x00, 0x94, 0x60, 0x01, 0x00, 0x37, 0xe0, 0x03, 0x1c, 0xaa, 0x01, 0x10, 0x00, 0x30, 0x1f, 0x20, 0x03, 0xd5, 0x33,
+			0x00, 0x00, 0x94, 0xc0, 0x00, 0x00, 0x37, 0xe0, 0x03, 0x1c, 0xaa, 0x01, 0x10, 0x00, 0x10, 0x1f, 0x20, 0x03, 0xd5,
+			0x2e, 0x00, 0x00, 0x94, 0x00, 0x04, 0x00, 0x34, 0x7a, 0x00, 0x00, 0x34, 0x48, 0x01, 0x80, 0x52, 0xe8, 0x16, 0x00,
+			0x38, 0x08, 0x00, 0x80, 0x52, 0x29, 0x13, 0x15, 0x8b, 0x29, 0x05, 0x40, 0xf9, 0x89, 0x02, 0x09, 0x8b, 0x8a, 0x07,
+			0x80, 0x52, 0x5f, 0x11, 0x00, 0x31, 0x80, 0x01, 0x00, 0x54, 0x2b, 0x25, 0xca, 0x9a, 0x6b, 0x0d, 0x00, 0x72, 0x0c,
+			0x01, 0x00, 0x12, 0x80, 0x19, 0x40, 0x7a, 0x08, 0x15, 0x9f, 0x1a, 0x88, 0x00, 0x00, 0x36, 0x6b, 0x1d, 0x40, 0x92,
+			0xcb, 0x6a, 0x6b, 0x38, 0xeb, 0x16, 0x00, 0x38, 0x4a, 0x11, 0x00, 0x51, 0xf4, 0xff, 0xff, 0x17, 0x68, 0x00, 0x00,
+			0x37, 0x08, 0x06, 0x80, 0x52, 0xe8, 0x16, 0x00, 0x38, 0x28, 0x01, 0x80, 0x52, 0xe8, 0x16, 0x00, 0x38, 0x88, 0x03,
+			0x40, 0x39, 0x68, 0x00, 0x00, 0x34, 0x9c, 0x07, 0x00, 0x91, 0xfc, 0xff, 0xff, 0x17, 0x5a, 0x07, 0x00, 0x11, 0x18,
+			0x07, 0x00, 0x11, 0xa7, 0xff, 0xff, 0x17, 0xe8, 0x07, 0x40, 0xf9, 0xe0, 0x02, 0x08, 0xcb, 0xff, 0x02, 0x00, 0x39,
+			0xfd, 0x7b, 0x46, 0xa9, 0xf4, 0x4f, 0x45, 0xa9, 0xf6, 0x57, 0x44, 0xa9, 0xf8, 0x5f, 0x43, 0xa9, 0xfa, 0x67, 0x42,
+			0xa9, 0xfc, 0x6f, 0x41, 0xa9, 0xff, 0xc3, 0x01, 0x91, 0xc0, 0x03, 0x5f, 0xd6, 0xf6, 0x57, 0xbd, 0xa9, 0xf4, 0x4f,
+			0x01, 0xa9, 0xfd, 0x7b, 0x02, 0xa9, 0xfd, 0x83, 0x00, 0x91, 0xf4, 0x03, 0x01, 0xaa, 0xf3, 0x03, 0x00, 0xaa, 0x35,
+			0x00, 0x40, 0x39, 0x68, 0x02, 0x40, 0x39, 0x28, 0x01, 0x00, 0x34, 0x1f, 0x01, 0x15, 0x6b, 0xa1, 0x00, 0x00, 0x54,
+			0xe0, 0x03, 0x13, 0xaa, 0xe1, 0x03, 0x14, 0xaa, 0x13, 0x00, 0x00, 0x94, 0x80, 0x00, 0x00, 0x37, 0x73, 0x06, 0x00,
+			0x91, 0xf7, 0xff, 0xff, 0x17, 0x13, 0x00, 0x80, 0xd2, 0x7f, 0x02, 0x00, 0xf1, 0xe0, 0x07, 0x9f, 0x1a, 0xfd, 0x7b,
+			0x42, 0xa9, 0xf4, 0x4f, 0x41, 0xa9, 0xf6, 0x57, 0xc3, 0xa8, 0xc0, 0x03, 0x5f, 0xd6, 0x08, 0x14, 0x40, 0x38, 0x29,
+			0x14, 0x40, 0x38, 0x1f, 0x01, 0x00, 0x71, 0x00, 0x11, 0x49, 0x7a, 0x80, 0xff, 0xff, 0x54, 0x1f, 0x01, 0x09, 0x6b,
+			0xe0, 0x17, 0x9f, 0x1a, 0xc0, 0x03, 0x5f, 0xd6, 0x28, 0x00, 0x40, 0x39, 0xa8, 0x00, 0x00, 0x34, 0x21, 0x04, 0x00,
+			0x91, 0x09, 0x14, 0x40, 0x38, 0x3f, 0x01, 0x08, 0x6b, 0x60, 0xff, 0xff, 0x54, 0x1f, 0x01, 0x00, 0x71, 0xe0, 0x17,
+			0x9f, 0x1a, 0xc0, 0x03, 0x5f, 0xd6, 0x6c, 0x69, 0x62, 0x64, 0x79, 0x6c, 0x64, 0x5f, 0x69, 0x6e, 0x69, 0x74, 0x69,
+			0x61, 0x6c, 0x69, 0x7a, 0x65, 0x00, 0x72, 0x65, 0x73, 0x74, 0x61, 0x72, 0x74, 0x57, 0x69, 0x74, 0x68, 0x44, 0x79,
+			0x6c, 0x64, 0x49, 0x6e, 0x43, 0x61, 0x63, 0x68, 0x65, 0x00, 0x5f, 0x67, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73,
+			0x49, 0x6e, 0x66, 0x6f, 0x00, 0x6c, 0x61, 0x75, 0x6e, 0x63, 0x68, 0x57, 0x69, 0x74, 0x68, 0x43, 0x6c, 0x6f, 0x73,
+			0x75, 0x72, 0x65, 0x00, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x4d, 0x61, 0x69, 0x6e, 0x45,
+			0x78, 0x65, 0x63, 0x75, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x00, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x54,
+			0x68, 0x72, 0x65, 0x61, 0x64, 0x48, 0x65, 0x6c, 0x70, 0x65, 0x72, 0x73, 0x00, 0x5f, 0x64, 0x6c, 0x6f, 0x70, 0x65,
+			0x6e, 0x00, 0x5f, 0x73, 0x74, 0x72, 0x63, 0x6d, 0x70, 0x00, 0x64, 0x6f, 0x4d, 0x6f, 0x64, 0x49, 0x6e, 0x69, 0x74,
+			0x46, 0x75, 0x6e, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x00, 0x64, 0x6f, 0x47, 0x65, 0x74, 0x44, 0x4f, 0x46, 0x53,
+			0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x00, 0x5f, 0x5f, 0x54, 0x45, 0x58, 0x54, 0x00, 0x5f, 0x5f, 0x4c, 0x49,
+			0x4e, 0x4b, 0x45, 0x44, 0x49, 0x54, 0x00, 0x00, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61,
 			0x62, 0x63, 0x64, 0x65, 0x66
 		};
 
diff --git a/src/fruity/lldb.vala b/src/fruity/lldb.vala
@@ -56,6 +56,11 @@ namespace Frida.LLDB {
 			CLOSED
 		}
 
+		public enum CachePolicy {
+			ALLOW_CACHE,
+			BYPASS_CACHE
+		}
+
 		private enum AckMode {
 			SEND_ACKS,
 			SKIP_ACKS
@@ -211,7 +216,7 @@ namespace Frida.LLDB {
 
 			var process = yield probe_target (cancellable);
 
-			var dyld_fields = yield get_apple_dyld_fields (cancellable);
+			var dyld_fields = yield get_apple_dyld_fields (ALLOW_CACHE, cancellable);
 			bool libsystem_initialized = yield read_bool (dyld_fields.libsystem_initialized, cancellable);
 
 			process.observed_state = libsystem_initialized
@@ -683,8 +688,9 @@ namespace Frida.LLDB {
 				breakpoint_exception = null;
 		}
 
-		public async AppleDyldFields get_apple_dyld_fields (Cancellable? cancellable = null) throws Error, IOError {
-			if (cached_dyld_fields != null)
+		public async AppleDyldFields get_apple_dyld_fields (CachePolicy cache_policy = ALLOW_CACHE, Cancellable? cancellable = null)
+				throws Error, IOError {
+			if (cache_policy == ALLOW_CACHE && cached_dyld_fields != null)
 				return cached_dyld_fields;
 
 			var response = yield _query_simple ("qShlibInfoAddr", cancellable);
