Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
XNUQEMUScripts/macos11/bootit.gdbscript
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
31 lines (31 sloc)
970 Bytes
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # addresses are for macOS 11 developer beta 3, with a boot kext collection generated using build_arm64e_kcache.sh | |
| target remote :1234 | |
| # break on kprintf; enable kprintf | |
| # fffffe00079938fc S _kprintf | |
| # plus the kernelcache offset (+0x5c8000) | |
| # set the flag it checks (disable_serial_output2) to false | |
| # since the debug bootarg only sets disable_serial_output which is or'd together with this | |
| b *0xfffffe0007f5b8fc | |
| command | |
| print *((char*)0xfffffe00099f48c0)=0 | |
| dis 1 | |
| c | |
| end | |
| # break in bsd_init just before IOKitInitializeTime | |
| # skip the call since it tries to wait 30s for IORTC | |
| # but the timer emulation doesn't work so it freezes | |
| # Look for "Failed to allocate bsd pageable map" and the call is around there | |
| b *0xfffffe0007ca0e8c | |
| command | |
| print $pc=$pc+4 | |
| c | |
| end | |
| # break in check_for_signature, make it return true | |
| # so that it allows the invalidly signed iOS launchd to run | |
| # look for "CS Platform Exec Logging" | |
| b *0xfffffe0007cd7728 | |
| command | |
| print $pc=$lr | |
| print $x0=0 | |
| c | |
| end |