from utils import *
import xnudefines
from process import *
+import macho
# Macro: memstats
@lldb_command('memstats')
"""
try:
print "memorystatus_level: {: >10d}".format(kern.globals.memorystatus_level)
- except ValueError:
- pass
- try:
print "memorystatus_available_pages: {: >10d}".format(kern.globals.memorystatus_available_pages)
+ print "inuse_ptepages_count: {: >10d}".format(kern.globals.inuse_ptepages_count)
except ValueError:
pass
print "vm_page_throttled_count: {: >10d}".format(kern.globals.vm_page_throttled_count)
print "vm_page_purgeable_count: {: >10d}".format(kern.globals.vm_page_purgeable_count)
print "vm_page_inactive_target: {: >10d}".format(kern.globals.vm_page_inactive_target)
print "vm_page_free_target: {: >10d}".format(kern.globals.vm_page_free_target)
- print "inuse_ptepages_count: {: >10d}".format(kern.globals.inuse_ptepages_count)
+
print "vm_page_free_reserved: {: >10d}".format(kern.globals.vm_page_free_reserved)
@xnudebug_test('test_memstats')
# EndMacro: showmemorystatus
+def GetRealMetadata(meta):
+ """ Get real metadata for a given metadata pointer
+ """
+ try:
+ if unsigned(meta.zindex) != 255:
+ return meta
+ else:
+ return kern.GetValueFromAddress(unsigned(meta) - unsigned(meta.real_metadata_offset), "struct zone_page_metadata *")
+ except:
+ return 0
+
+def GetFreeList(meta):
+ """ Get the free list pointer for a given metadata pointer
+ """
+ global kern
+ zone_map_min_address = kern.GetGlobalVariable('zone_map_min_address')
+ zone_map_max_address = kern.GetGlobalVariable('zone_map_max_address')
+ try:
+ if unsigned(meta.freelist_offset) == unsigned(0xffffffff):
+ return 0
+ else:
+ if (unsigned(meta) >= unsigned(zone_map_min_address)) and (unsigned(meta) < unsigned(zone_map_max_address)):
+ page_index = ((unsigned(meta) - unsigned(kern.GetGlobalVariable('zone_metadata_region_min'))) / sizeof('struct zone_page_metadata'))
+ return (unsigned(zone_map_min_address) + (kern.globals.page_size * (page_index))) + meta.freelist_offset
+ else:
+ return (unsigned(meta) + meta.freelist_offset)
+ except:
+ return 0
+
+@lldb_type_summary(['zone_page_metadata'])
+@header("{:<18s} {:<18s} {:>8s} {:>8s} {:<18s} {:<20s}".format('ZONE_METADATA', 'FREELIST', 'PG_CNT', 'FREE_CNT', 'ZONE', 'NAME'))
+def GetZoneMetadataSummary(meta):
+ """ Summarize a zone metadata object
+ params: meta - obj representing zone metadata in the kernel
+ returns: str - summary of the zone metadata
+ """
+ out_str = ""
+ global kern
+ zinfo = 0
+ try:
+ out_str += 'Metadata Description:\n' + GetZoneMetadataSummary.header + '\n'
+ meta = kern.GetValueFromAddress(meta, "struct zone_page_metadata *")
+ if unsigned(meta.zindex) == 255:
+ out_str += "{:#018x} {:#018x} {:8d} {:8d} {:#018x} {:s}\n".format(meta, 0, 0, 0, 0, '(fake multipage meta)')
+ meta = GetRealMetadata(meta)
+ if meta == 0:
+ return ""
+ zinfo = kern.globals.zone_array[unsigned(meta.zindex)]
+ out_str += "{:#018x} {:#018x} {:8d} {:8d} {:#018x} {:s}".format(meta, GetFreeList(meta), meta.page_count, meta.free_count, addressof(zinfo), zinfo.zone_name)
+ return out_str
+ except:
+ out_str = ""
+ return out_str
+
+@header("{:<18s} {:>18s} {:>18s} {:<18s}".format('ADDRESS', 'TYPE', 'OFFSET_IN_PG', 'METADATA'))
+def WhatIs(addr):
+ """ Information about kernel pointer
+ """
+ out_str = ""
+ global kern
+ pagesize = kern.globals.page_size
+ zone_map_min_address = kern.GetGlobalVariable('zone_map_min_address')
+ zone_map_max_address = kern.GetGlobalVariable('zone_map_max_address')
+ if (unsigned(addr) >= unsigned(zone_map_min_address)) and (unsigned(addr) < unsigned(zone_map_max_address)):
+ zone_metadata_region_min = kern.GetGlobalVariable('zone_metadata_region_min')
+ zone_metadata_region_max = kern.GetGlobalVariable('zone_metadata_region_max')
+ if (unsigned(addr) >= unsigned(zone_metadata_region_min)) and (unsigned(addr) < unsigned(zone_metadata_region_max)):
+ metadata_offset = (unsigned(addr) - unsigned(zone_metadata_region_min)) % sizeof('struct zone_page_metadata')
+ page_offset_str = "{:d}/{:d}".format((unsigned(addr) - (unsigned(addr) & ~(pagesize - 1))), pagesize)
+ out_str += WhatIs.header + '\n'
+ out_str += "{:#018x} {:>18s} {:>18s} {:#018x}\n\n".format(unsigned(addr), "Metadata", page_offset_str, unsigned(addr) - metadata_offset)
+ out_str += GetZoneMetadataSummary((unsigned(addr) - metadata_offset)) + '\n\n'
+ else:
+ page_index = ((unsigned(addr) & ~(pagesize - 1)) - unsigned(zone_map_min_address)) / pagesize
+ meta = unsigned(zone_metadata_region_min) + (page_index * sizeof('struct zone_page_metadata'))
+ meta = kern.GetValueFromAddress(meta, "struct zone_page_metadata *")
+ page_meta = GetRealMetadata(meta)
+ if page_meta != 0:
+ zinfo = kern.globals.zone_array[unsigned(page_meta.zindex)]
+ page_offset_str = "{:d}/{:d}".format((unsigned(addr) - (unsigned(addr) & ~(pagesize - 1))), pagesize)
+ out_str += WhatIs.header + '\n'
+ out_str += "{:#018x} {:>18s} {:>18s} {:#018x}\n\n".format(unsigned(addr), "Element", page_offset_str, page_meta)
+ out_str += GetZoneMetadataSummary(unsigned(page_meta)) + '\n\n'
+ else:
+ out_str += "Unmapped address within the zone_map ({:#018x}-{:#018x})".format(zone_map_min_address, zone_map_max_address)
+ else:
+ out_str += "Address {:#018x} is outside the zone_map ({:#018x}-{:#018x})\n".format(addr, zone_map_min_address, zone_map_max_address)
+ print out_str
+ return
+
+@lldb_command('whatis')
+def WhatIsHelper(cmd_args=None):
+ """ Routine to show information about a kernel pointer
+ Usage: whatis <address>
+ """
+ if not cmd_args:
+ raise ArgumentError("No arguments passed")
+ addr = kern.GetValueFromAddress(cmd_args[0], 'void *')
+ WhatIs(addr)
+ print "Hexdump:\n"
+ try:
+ data_array = kern.GetValueFromAddress(unsigned(addr) - 16, "uint8_t *")
+ print_hex_data(data_array[0:48], unsigned(addr) - 16, "")
+ except:
+ pass
+ return
+
# Macro: zprint
@lldb_type_summary(['zone','zone_t'])
-@header("{:^18s} {:>10s} {:>10s} {:>10s} {:>10s} {:>10s} {:>10s} {:>10s}({:>6s} {:>6s} {:>6s}) {:^14s} {:<20s}".format(
-'ZONE', 'TOT_SZ', 'PAGE_COUNT', 'ALLOC_ELTS', 'FREE_ELTS', 'FREE_SZ', 'ELT_SZ', 'ALLOC', 'ELTS', 'PGS', 'SLK', 'FLAGS', 'NAME'))
+@header("{:^18s} {:>10s} {:>10s} {:>10s} {:>10s} {:>10s} {:>10s} {:>10s} {:>10s}({:>6s} {:>6s} {:>6s}) {:^15s} {:<20s}".format(
+'ZONE', 'TOT_SZ', 'PAGE_COUNT', 'ALLOC_ELTS', 'FREE_ELTS', 'FREE_SZ', 'ALL_FREE_PGS', 'ELT_SZ', 'ALLOC', 'ELTS', 'PGS', 'WASTE', 'FLAGS', 'NAME'))
def GetZoneSummary(zone):
""" Summarize a zone with important information. See help zprint for description of each field
params:
str - summary of the zone
"""
out_string = ""
- format_string = '{:#018x} {:10d} {:10d} {:10d} {:10d} {:10d} {:10d} {:10d} {:6d} {:6d} {:6d} {markings} {name:s} '
- pagesize = 4096
+ format_string = '{:#018x} {:10d} {:10d} {:10d} {:10d} {:10d} {:10d} {:10d} {:6d} {:6d} {:6d} {markings} {name:s} '
+ pagesize = kern.globals.page_size
- free_elements = (zone.cur_size / zone.elem_size) - zone.count
+ free_elements = zone.countfree
free_size = free_elements * zone.elem_size
- alloc_count = zone.alloc_size / zone.elem_size
alloc_pages = zone.alloc_size / pagesize
- alloc_slack = zone.alloc_size % zone.elem_size
+ alloc_count = zone.alloc_size / zone.elem_size
+ alloc_waste = zone.alloc_size % zone.elem_size
+
marks = [
- ["collectable", "C"],
- ["expandable", "X"],
- ["noencrypt", "$"],
- ["caller_acct", "@"],
- ["exhaustible", "H"],
- ["allows_foreign", "F"],
- ["async_prio_refill", "R"],
- ["no_callout", "O"],
- ["zleak_on", "L"],
- ["doing_alloc", "A"],
- ["waiting", "W"],
- ["doing_gc", "G"]
+ ["collectable", "C"],
+ ["expandable", "X"],
+ ["noencrypt", "$"],
+ ["caller_acct", "@"],
+ ["exhaustible", "H"],
+ ["allows_foreign", "F"],
+ ["async_prio_refill", "R"],
+ ["no_callout", "O"],
+ ["zleak_on", "L"],
+ ["doing_alloc_without_vm_priv", "A"],
+ ["doing_alloc_with_vm_priv", "S"],
+ ["waiting", "W"]
]
if kern.arch == 'x86_64':
marks.append(["gzalloc_exempt", "M"])
else:
markings+=" "
out_string += format_string.format(zone, zone.cur_size, zone.page_count,
- zone.count, free_elements, free_size,
+ zone.count, free_elements, free_size, zone.count_all_free_pages,
zone.elem_size, zone.alloc_size, alloc_count,
- alloc_pages, alloc_slack, name = zone.zone_name, markings=markings)
+ alloc_pages, alloc_waste, name = zone.zone_name, markings=markings)
if zone.exhaustible :
out_string += "(max: {:d})".format(zone.max_size)
R - will be refilled when below low water mark
O - does not allow refill callout to fill zone on noblock allocation
N - zone requires alignment (avoids padding this zone for debugging)
- A - currently trying to allocate more backing memory from kernel_memory_allocate
+ A - currently trying to allocate more backing memory from kernel_memory_allocate without VM priv
+ S - currently trying to allocate more backing memory from kernel_memory_allocate with VM priv
W - another thread is waiting for more memory
L - zone is being monitored by zleaks
G - currently running GC
while ShowZfreeList.elts_found < zlimit:
ShowZfreeList.elts_found += 1
znext = dereference(Cast(current, 'vm_offset_t *'))
+ znext = (unsigned(znext) ^ unsigned(kern.globals.zp_nopoison_cookie))
+ znext = kern.GetValueFromAddress(znext, 'vm_offset_t *')
backup_ptr = kern.GetValueFromAddress((unsigned(Cast(current, 'vm_offset_t')) + unsigned(zone.elem_size) - sizeof('vm_offset_t')), 'vm_offset_t *')
backup_val = dereference(backup_ptr)
n_unobfuscated = (unsigned(backup_val) ^ unsigned(kern.globals.zp_nopoison_cookie))
zlimit = ArgumentStringToInt(cmd_args[1])
ShowZfreeListHeader(zone)
- if unsigned(zone.use_page_list) == 1:
- if unsigned(zone.allows_foreign) == 1:
- for free_page_meta in IterateQueue(zone.pages.any_free_foreign, 'struct zone_page_metadata *', 'pages'):
- if ShowZfreeList.elts_found == zlimit:
- break
- zfirst = Cast(free_page_meta.elements, 'void *')
- if unsigned(zfirst) != 0:
- ShowZfreeListChain(zone, zfirst, zlimit)
- for free_page_meta in IterateQueue(zone.pages.intermediate, 'struct zone_page_metadata *', 'pages'):
+ if unsigned(zone.allows_foreign) == 1:
+ for free_page_meta in IterateQueue(zone.pages.any_free_foreign, 'struct zone_page_metadata *', 'pages'):
if ShowZfreeList.elts_found == zlimit:
break
- zfirst = Cast(free_page_meta.elements, 'void *')
+ zfirst = kern.GetValueFromAddress(GetFreeList(free_page_meta), 'void *')
if unsigned(zfirst) != 0:
ShowZfreeListChain(zone, zfirst, zlimit)
- for free_page_meta in IterateQueue(zone.pages.all_free, 'struct zone_page_metadata *', 'pages'):
- if ShowZfreeList.elts_found == zlimit:
- break
- zfirst = Cast(free_page_meta.elements, 'void *')
- if unsigned(zfirst) != 0:
- ShowZfreeListChain(zone, zfirst, zlimit)
- else:
- zfirst = Cast(zone.free_elements, 'void *')
+ for free_page_meta in IterateQueue(zone.pages.intermediate, 'struct zone_page_metadata *', 'pages'):
+ if ShowZfreeList.elts_found == zlimit:
+ break
+ zfirst = kern.GetValueFromAddress(GetFreeList(free_page_meta), 'void *')
+ if unsigned(zfirst) != 0:
+ ShowZfreeListChain(zone, zfirst, zlimit)
+ for free_page_meta in IterateQueue(zone.pages.all_free, 'struct zone_page_metadata *', 'pages'):
+ if ShowZfreeList.elts_found == zlimit:
+ break
+ zfirst = kern.GetValueFromAddress(GetFreeList(free_page_meta), 'void *')
if unsigned(zfirst) != 0:
ShowZfreeListChain(zone, zfirst, zlimit)
# EndMacro: showzfreelist
+# Macro: zstack_showzonesbeinglogged
+
+@lldb_command('zstack_showzonesbeinglogged')
+def ZstackShowZonesBeingLogged(cmd_args=None):
+ """
+ """
+ global kern
+ for zval in kern.zones:
+ if zval.zlog_btlog:
+ print "Zone: %s with its BTLog at: 0x%lx" % (zval.zone_name, zval.zlog_btlog)
+
+# EndMacro: zstack_showzonesbeinglogged
+
# Macro: zstack
@lldb_command('zstack')
def Zstack(cmd_args=None):
- """ Zone leak debugging: Print the stack trace of log element at <index>. If a <count> is supplied, it prints <count> log elements starting at <index>.
- Usage: zstack <index> [<count>]
+ """ Zone leak debugging: Print the stack trace logged at <index> in the stacks list. If a <count> is supplied, it prints <count> stacks starting at <index>.
+ Usage: zstack <btlog addr> <index> [<count>]
- The suggested usage is to look at indexes below zcurrent and look for common stack traces.
- The stack trace that occurs the most is probably the cause of the leak. Find the pc of the
- function calling into zalloc and use the countpcs command to find out how often that pc occurs in the log.
- The pc occuring in a high percentage of records is most likely the source of the leak.
-
- The findoldest command is also useful for leak debugging since it identifies the oldest record
- in the log, which may indicate the leaker.
+ The suggested usage is to look at stacks with high percentage of refs (maybe > 25%).
+ The stack trace that occurs the most is probably the cause of the leak. Use zstack_findleak for that.
"""
if not cmd_args:
print Zstack.__doc__
if int(kern.globals.log_records) == 0:
print "Zone logging not enabled. Add 'zlog=<zone name>' to boot-args."
return
- if int(kern.globals.zlog_btlog) == 0:
- print "Zone logging enabled, but zone has not been initialized yet."
- return
+ btlog_ptr = kern.GetValueFromAddress(cmd_args[0], 'btlog_t *')
+ btrecords_total_size = unsigned(btlog_ptr.btlog_buffersize)
+ btrecord_size = unsigned(btlog_ptr.btrecord_size)
+ btrecords = unsigned(btlog_ptr.btrecords)
+ btlog_size = unsigned(sizeof('struct btlog'))
+ depth = unsigned(btlog_ptr.btrecord_btdepth)
+ zstack_index = ArgumentStringToInt(cmd_args[1])
count = 1
- if len(cmd_args) >= 2:
- count = ArgumentStringToInt(cmd_args[1])
- zstack_index = unsigned(cmd_args[0])
+ if len(cmd_args) >= 3:
+ count = ArgumentStringToInt(cmd_args[2])
+
+ max_count = ((btrecords_total_size - btlog_size)/btrecord_size)
+
+ if (zstack_index + count) > max_count:
+ count = max_count - zstack_index
+
while count and (zstack_index != 0xffffff):
- zstack_record_offset = zstack_index * unsigned(kern.globals.zlog_btlog.btrecord_size)
- zstack_record = kern.GetValueFromAddress(unsigned(kern.globals.zlog_btlog.btrecords) + zstack_record_offset, 'btlog_record_t *')
- ShowZStackRecord(zstack_record, zstack_index)
- zstack_index = zstack_record.next
+ zstack_record_offset = zstack_index * btrecord_size
+ zstack_record = kern.GetValueFromAddress(btrecords + zstack_record_offset, 'btlog_record_t *')
+ if int(zstack_record.ref_count)!=0:
+ ShowZStackRecord(zstack_record, zstack_index, depth, unsigned(btlog_ptr.active_element_count))
+ zstack_index += 1
count -= 1
# EndMacro : zstack
-# Macro: findoldest
+# Macro: zstack_inorder
-@lldb_command('findoldest')
-def FindOldest(cmd_args=None):
- """ Zone leak debugging: find and print the oldest record in the log.
-
- Once it prints a stack trace, find the pc of the caller above all the zalloc, kalloc and
- IOKit layers. Then use the countpcs command to see how often this caller has allocated
- memory. A caller with a high percentage of records in the log is probably the leaker.
+@lldb_command('zstack_inorder')
+def ZstackInOrder(cmd_args=None):
+ """ Zone leak debugging: Print the stack traces starting from head to the tail.
+ Usage: zstack_inorder <btlog addr>
"""
- if int(kern.globals.log_records) == 0:
- print FindOldest.__doc__
+ if not cmd_args:
+ print "Zone leak debugging: Print the stack traces starting from head to the tail. \nUsage: zstack_inorder <btlog addr>"
return
- if int(kern.globals.zlog_btlog) == 0:
- print "Zone logging enabled, but zone has not been initialized yet."
+ if int(kern.globals.log_records) == 0:
+ print "Zone logging not enabled. Add 'zlog=<zone name>' to boot-args."
return
- index = kern.globals.zlog_btlog.head
- if unsigned(index) != 0xffffff:
- print "Oldest record is at log index: {0: <d}".format(index)
- Zstack([index])
- else:
- print "No Records Present"
+ btlog_ptr = kern.GetValueFromAddress(cmd_args[0], 'btlog_t *')
+ btrecords_total_size = unsigned(btlog_ptr.btlog_buffersize)
+ btrecord_size = unsigned(btlog_ptr.btrecord_size)
+ btrecords = unsigned(btlog_ptr.btrecords)
+ btlog_size = unsigned(sizeof('struct btlog'))
+ depth = unsigned(btlog_ptr.btrecord_btdepth)
+ zstack_head = unsigned(btlog_ptr.head)
+ zstack_index = zstack_head
+ zstack_tail = unsigned(btlog_ptr.tail)
+ count = ((btrecords_total_size - btlog_size)/btrecord_size)
+
+ while count and (zstack_index != 0xffffff):
+ zstack_record_offset = zstack_index * btrecord_size
+ zstack_record = kern.GetValueFromAddress(btrecords + zstack_record_offset, 'btlog_record_t *')
+ ShowZStackRecord(zstack_record, zstack_index, depth, unsigned(btlog_ptr.active_element_count))
+ zstack_index = zstack_record.next
+ count -= 1
+
+# EndMacro : zstack_inorder
+
+# Macro: findoldest
+
+@lldb_command('findoldest')
+def FindOldest(cmd_args=None):
+ """
+ """
+ print "***** DEPRECATED ***** use 'zstack_findleak' macro instead."
+ return
# EndMacro : findoldest
-# Macro: countpcs
+# Macro : zstack_findleak
-@lldb_command('countpcs')
-def Countpcs(cmd_args=None):
- """ Zone leak debugging: search the log and print a count of all log entries that contain the given <pc>
+@lldb_command('zstack_findleak')
+def zstack_findleak(cmd_args=None):
+ """ Zone leak debugging: search the log and print the stack with the most active references
in the stack trace.
- Usage: countpcs <pc>
+ Usage: zstack_findleak <btlog address>
- This is useful for verifying a suspected <pc> as being the source of
- the leak. If a high percentage of the log entries contain the given <pc>, then it's most
- likely the source of the leak. Note that this command can take several minutes to run.
+ This is useful for verifying a suspected stack as being the source of
+ the leak.
"""
- if not cmd_args:
- print Countpcs.__doc__
- return
- if int(kern.globals.log_records) == 0:
- print "Zone logging not enabled. Add 'zlog=<zone name>' to boot-args."
- return
- if int(kern.globals.zlog_btlog) == 0:
- print "Zone logging enabled, but zone has not been initialized yet."
- return
-
- cpcs_index = unsigned(kern.globals.zlog_btlog.head)
- target_pc = unsigned(kern.GetValueFromAddress(cmd_args[0], 'void *'))
- found = 0
- depth = unsigned(kern.globals.zlog_btlog.btrecord_btdepth)
+ btlog_ptr = kern.GetValueFromAddress(cmd_args[0], 'btlog_t *')
+ btrecord_size = unsigned(btlog_ptr.btrecord_size)
+ btrecords = unsigned(btlog_ptr.btrecords)
+
+ cpcs_index = unsigned(btlog_ptr.head)
+ depth = unsigned(btlog_ptr.btrecord_btdepth)
+ highref = 0
+ highref_index = 0
+ highref_record = 0
while cpcs_index != 0xffffff:
- cpcs_record_offset = cpcs_index * unsigned(kern.globals.zlog_btlog.btrecord_size)
- cpcs_record = kern.GetValueFromAddress(unsigned(kern.globals.zlog_btlog.btrecords) + cpcs_record_offset, 'btlog_record_t *')
- frame = 0
- while frame < depth:
- frame_pc = unsigned(cpcs_record.bt[frame])
- if frame_pc == target_pc:
- found += 1
- break
- frame += 1
+ cpcs_record_offset = cpcs_index * btrecord_size
+ cpcs_record = kern.GetValueFromAddress(btrecords + cpcs_record_offset, 'btlog_record_t *')
+ if cpcs_record.ref_count > highref:
+ highref_record = cpcs_record
+ highref = cpcs_record.ref_count
+ highref_index = cpcs_index
cpcs_index = cpcs_record.next
- print "Occured {0: <d} times in log ({1: <d}{2: <s} of records)".format(found, (found * 100)/unsigned(kern.globals.zlog_btlog.activecount), '%')
+ ShowZStackRecord(highref_record, highref_index, depth, unsigned(btlog_ptr.active_element_count))
-# EndMacro: countpcs
+# EndMacro: zstack_findleak
# Macro: findelem
@lldb_command('findelem')
def FindElem(cmd_args=None):
- """ Zone corruption debugging: search the log and print out the stack traces for all log entries that
+ """
+ """
+ print "***** DEPRECATED ***** use 'zstack_findelem' macro instead."
+ return
+# EndMacro: findelem
+
+@lldb_command('zstack_findelem')
+def ZStackFindElem(cmd_args=None):
+ """ Zone corruption debugging: search the zone log and print out the stack traces for all log entries that
refer to the given zone element.
- Usage: findelem <elem addr>
+ Usage: zstack_findelem <btlog addr> <elem addr>
When the kernel panics due to a corrupted zone element, get the
element address and use this command. This will show you the stack traces of all logged zalloc and
double-frees readily apparent.
"""
if not cmd_args:
- print FindElem.__doc__
- return
- if int(kern.globals.log_records) == 0:
- print "Zone logging not enabled. Add 'zlog=<zone name>' to boot-args."
+ print ZStackFindElem.__doc__
return
- if int(kern.globals.zlog_btlog) == 0:
- print "Zone logging enabled, but zone has not been initialized yet."
+ if int(kern.globals.log_records) == 0 or unsigned(kern.globals.corruption_debug_flag) == 0:
+ print "Zone logging with corruption detection not enabled. Add '-zc zlog=<zone name>' to boot-args."
return
- target_element = unsigned(kern.GetValueFromAddress(cmd_args[0], 'void *'))
- index = unsigned(kern.globals.zlog_btlog.head)
- prev_op = -1
+ btlog_ptr = kern.GetValueFromAddress(cmd_args[0], 'btlog_t *')
+ target_element = unsigned(kern.GetValueFromAddress(cmd_args[1], 'void *'))
- while index != 0xffffff:
- findelem_record_offset = index * unsigned(kern.globals.zlog_btlog.btrecord_size)
- findelem_record = kern.GetValueFromAddress(unsigned(kern.globals.zlog_btlog.btrecords) + findelem_record_offset, 'btlog_record_t *')
- if unsigned(findelem_record.element) == target_element:
- Zstack([index])
- if int(findelem_record.operation) == prev_op:
+ btrecord_size = unsigned(btlog_ptr.btrecord_size)
+ btrecords = unsigned(btlog_ptr.btrecords)
+ depth = unsigned(btlog_ptr.btrecord_btdepth)
+
+ prev_op = -1
+ scan_items = 0
+ hashelem = cast(btlog_ptr.elem_linkage_un.element_hash_queue.tqh_first, 'btlog_element_t *')
+ if (target_element >> 32) != 0:
+ target_element = target_element ^ 0xFFFFFFFFFFFFFFFF
+ else:
+ target_element = target_element ^ 0xFFFFFFFF
+ while hashelem != 0:
+ if unsigned(hashelem.elem) == target_element:
+ recindex = hashelem.recindex
+ recoffset = recindex * btrecord_size
+ record = kern.GetValueFromAddress(btrecords + recoffset, 'btlog_record_t *')
+ out_str = ('-' * 8)
+ if record.operation == 1:
+ out_str += "OP: ALLOC. "
+ else:
+ out_str += "OP: FREE. "
+ out_str += "Stack Index {0: <d} {1: <s}\n".format(recindex, ('-' * 8))
+ print out_str
+ print GetBtlogBacktrace(depth, record)
+ print " \n"
+ if int(record.operation) == prev_op:
print "{0: <s} DOUBLE OP! {1: <s}".format(('*' * 8), ('*' * 8))
- prev_op = int(findelem_record.operation)
- index = findelem_record.next
+ return
+ prev_op = int(record.operation)
+ scan_items = 0
+ hashelem = cast(hashelem.element_hash_link.tqe_next, 'btlog_element_t *')
+ scan_items += 1
+ if scan_items % 100 == 0:
+ print "Scanning is ongoing. {0: <d} items scanned since last check." .format(scan_items)
-# EndMacro: findelem
+# EndMacro: zstack_findelem
# Macro: btlog_find
@lldb_command('btlog_find', "AS")
def BtlogFind(cmd_args=None, cmd_options={}):
- """ Search the btlog_t for entries corresponding to the given element.
- Use -A flag to print all entries.
- Use -S flag to summarize the count of records
- Usage: btlog_find <btlog_t> <element>
- Usage: btlog_find <btlog_t> -A
- Note: Backtraces will be in chronological order, with oldest entries aged out in FIFO order as needed.
"""
- if not cmd_args:
- raise ArgumentError("Need a btlog_t parameter")
- btlog = kern.GetValueFromAddress(cmd_args[0], 'btlog_t *')
- printall = False
- summarize = False
- summary_cache = {}
- target_elem = 0xffffffff
-
- if "-A" in cmd_options:
- printall = True
- else:
- if not printall and len(cmd_args) < 2:
- raise ArgumentError("<element> is missing in args. Need a search pointer.")
- target_elem = unsigned(kern.GetValueFromAddress(cmd_args[1], 'void *'))
-
- if "-S" in cmd_options:
- summarize = True
-
- index = unsigned(btlog.head)
- progress = 0
- record_size = unsigned(btlog.btrecord_size)
- try:
- while index != 0xffffff:
- record_offset = index * record_size
- record = kern.GetValueFromAddress(unsigned(btlog.btrecords) + record_offset, 'btlog_record_t *')
- if printall or unsigned(record.element) == target_elem:
- _s = '{0: <s} {2: <#0x} OP {1: <d} {3: <s}'.format(('-' * 8), record.operation, unsigned(record.element), ('-' * 8))
- _s += GetBtlogBacktrace(btlog.btrecord_btdepth, record)
- if summarize:
- if _s not in summary_cache:
- summary_cache[_s] = 1
- else:
- summary_cache[_s] += 1
- else :
- print _s
- index = record.next
- progress += 1
- if (progress % 1000) == 0: print '{0: <d} entries searched!\n'.format(progress)
- except ValueError, e:
- pass
-
- if summarize:
- print "=================== SUMMARY =================="
- for (k,v) in summary_cache.iteritems():
- print "Count: %d %s \n " % (v, k)
+ """
+ print "***** DEPRECATED ***** use 'zstack_findelem' macro instead."
return
#EndMacro: btlog_find
frame += 1
return out_str
-def ShowZStackRecord(zstack_record, zstack_index):
+def ShowZStackRecord(zstack_record, zstack_index, btrecord_btdepth, elements_count):
""" Helper routine for printing a single zstack record
params:
zstack_record:btlog_record_t * - A BTLog record
"""
out_str = ('-' * 8)
if zstack_record.operation == 1:
- out_str += "ALLOC "
+ out_str += "ALLOC. "
else:
- out_str += "FREE "
- out_str += "{0: <#0x} : Index {1: <d} {2: <s}\n".format(zstack_record.element, zstack_index, ('-' * 8))
+ out_str += "FREE. "
+ out_str += "Stack Index {0: <d} with active refs {1: <d} of {2: <d} {3: <s}\n".format(zstack_index, zstack_record.ref_count, elements_count, ('-' * 8))
print out_str
- print GetBtlogBacktrace(kern.globals.zlog_btlog.btrecord_btdepth, zstack_record)
+ print GetBtlogBacktrace(btrecord_btdepth, zstack_record)
+ print " \n"
# Macro: showioalloc
# EndMacro: showioalloc
+# Macro: showselectmem
+@lldb_command('showselectmem', "S:")
+def ShowSelectMem(cmd_args=None, cmd_options={}):
+ """ Show memory cached by threads on calls to select.
+
+ usage: showselectmem [-v]
+ -v : print each thread's memory
+ (one line per thread with non-zero select memory)
+ -S {addr} : Find the thread whose thread-local select set
+ matches the given address
+ """
+ verbose = False
+ opt_wqs = 0
+ if config['verbosity'] > vHUMAN:
+ verbose = True
+ if "-S" in cmd_options:
+ opt_wqs = unsigned(kern.GetValueFromAddress(cmd_options["-S"], 'uint64_t *'))
+ if opt_wqs == 0:
+ raise ArgumentError("Invalid waitq set address: {:s}".format(cmd_options["-S"]))
+ selmem = 0
+ if verbose:
+ print "{:18s} {:10s} {:s}".format('Task', 'Thread ID', 'Select Mem (bytes)')
+ for t in kern.tasks:
+ for th in IterateQueue(t.threads, 'thread *', 'task_threads'):
+ uth = Cast(th.uthread, 'uthread *');
+ wqs = 0
+ if hasattr(uth, 'uu_allocsize'): # old style
+ thmem = uth.uu_allocsize
+ wqs = uth.uu_wqset
+ elif hasattr(uth, 'uu_wqstate_sz'): # new style
+ thmem = uth.uu_wqstate_sz
+ wqs = uth.uu_wqset
+ else:
+ print "What kind of uthread is this?!"
+ return
+ if opt_wqs and opt_wqs == unsigned(wqs):
+ print "FOUND: {:#x} in thread: {:#x} ({:#x})".format(opt_wqs, unsigned(th), unsigned(th.thread_id))
+ if verbose and thmem > 0:
+ print "{:<#18x} {:<#10x} {:d}".format(unsigned(t), unsigned(th.thread_id), thmem)
+ selmem += thmem
+ print '-'*40
+ print "Total: {:d} bytes ({:d} kbytes)".format(selmem, selmem/1024)
+# Endmacro: showselectmem
# Macro: showtaskvme
def ShowTaskVmeHelper(cmd_args=None, cmd_options={}):
""" Display a summary list of the specified vm_map's entries
Usage: showtaskvme <task address> (ex. showtaskvme 0x00ataskptr00 )
+ Use -S flag to show VM object shadow chains
+ Use -P flag to show pager info (mapped file, compressed pages, ...)
"""
show_pager_info = False
show_all_shadows = False
def ShowAllVMStats(cmd_args=None):
""" Print a summary of vm statistics in a table format
"""
+ page_size = kern.globals.page_size
vmstats = lambda:None
vmstats.wired_count = 0
vmstats.resident_count = 0
if vmstats.new_resident_count +vmstats.reusable != vmstats.resident_count:
vmstats.error += '*'
- print entry_format.format(p=proc, m=vmmap, vsize=(unsigned(vmmap.size) >> 12), t=task, s=vmstats)
+ print entry_format.format(p=proc, m=vmmap, vsize=(unsigned(vmmap.size) / page_size), t=task, s=vmstats)
def ShowTaskVMEntries(task, show_pager_info, show_all_shadows):
vm_size = uint64_t(vmmap.size).value
resident_pages = 0
if vmmap.pmap != 0: resident_pages = int(vmmap.pmap.stats.resident_count)
- out_string += format_string.format(vmmap, vmmap.pmap, vm_size, vmmap.hdr.nentries, resident_pages, vmmap.hint, vmmap.first_free)
+ first_free = 0
+ if int(vmmap.holelistenabled) == 0: first_free = vmmap.f_s.first_free
+ out_string += format_string.format(vmmap, vmmap.pmap, vm_size, vmmap.hdr.nentries, resident_pages, vmmap.hint, first_free)
return out_string
@lldb_type_summary(['vm_map_entry'])
@header("{0: <20s} {1: <20s} {2: <5s} {3: >7s} {4: <20s} {5: <20s}".format("entry", "start", "prot", "#page", "object", "offset"))
def GetVMEntrySummary(vme):
""" Display vm entry specific information. """
+ page_size = kern.globals.page_size
out_string = ""
format_string = "{0: <#020x} {1: <#20x} {2: <1x}{3: <1x}{4: <3s} {5: >7d} {6: <#020x} {7: <#020x}"
vme_protection = int(vme.protection)
vme_extra_info_str +="s"
elif int(vme.needs_copy) != 0 :
vme_extra_info_str +="n"
- num_pages = (unsigned(vme.links.end) - unsigned(vme.links.start)) >> 12
- out_string += format_string.format(vme, vme.links.start, vme_protection, vme_max_protection, vme_extra_info_str, num_pages, vme.object.vm_object, vme.offset)
+ num_pages = (unsigned(vme.links.end) - unsigned(vme.links.start)) / page_size
+ out_string += format_string.format(vme, vme.links.start, vme_protection, vme_max_protection, vme_extra_info_str, num_pages, vme.vme_object.vmo_object, vme.vme_offset)
return out_string
# EndMacro: showtaskvme
print "Invalid argument", ShowMapWired.__doc__
return
map_val = kern.GetValueFromAddress(cmd_args[0], 'vm_map_t')
-
+
@lldb_type_summary(['kmod_info_t *'])
-@header("{0: <20s} {1: <20s} {2: <20s} {3: >3s} {4: >5s} {5: >20s} {6: <30s}".format('kmod_info', 'address', 'size', 'id', 'refs', 'version', 'name'))
+@header("{0: <20s} {1: <20s} {2: <20s} {3: >3s} {4: >5s} {5: <20s} {6: <20s} {7: >20s} {8: <30s}".format('kmod_info', 'address', 'size', 'id', 'refs', 'TEXT exec', 'size', 'version', 'name'))
def GetKextSummary(kmod):
""" returns a string representation of kext information
"""
out_string = ""
- format_string = "{0: <#020x} {1: <#020x} {2: <#020x} {3: >3d} {4: >5d} {5: >20s} {6: <30s}"
- out_string += format_string.format(kmod, kmod.address, kmod.size, kmod.id, kmod.reference_count, kmod.version, kmod.name)
+ format_string = "{0: <#020x} {1: <#020x} {2: <#020x} {3: >3d} {4: >5d} {5: <#020x} {6: <#020x} {7: >20s} {8: <30s}"
+ segments, sections = GetAllSegmentsAndSectionsFromDataInMemory(unsigned(kmod.address), unsigned(kmod.size))
+ text_segment = macho.get_text_segment(segments)
+ if not text_segment:
+ text_segment = segments[0]
+ out_string += format_string.format(kmod, kmod.address, kmod.size, kmod.id, kmod.reference_count, text_segment.vmaddr, text_segment.vmsize, kmod.version, kmod.name)
return out_string
@lldb_type_summary(['uuid_t'])
"""Display a summary listing of all loaded kexts (alias: showallkmods)
"""
kmod_val = kern.globals.kmod
+ kextuuidinfo = GetKextLoadInformation(show_progress=(config['verbosity'] > vHUMAN))
print "{: <36s} ".format("UUID") + GetKextSummary.header
- kextuuidinfo = GetKextLoadInformation()
for kval in IterateLinkedList(kmod_val, 'next'):
uuid = "........-....-....-....-............"
kaddr = unsigned(kval.address)
+ found_kext_summary = None
for l in kextuuidinfo :
- if kaddr == int(l[1],16):
+ if kaddr == int(l[3],16):
uuid = l[0]
+ found_kext_summary = l
break
- print uuid + " " + GetKextSummary(kval)
+ if found_kext_summary:
+ _ksummary = GetKextSummary(found_kext_summary[7])
+ else:
+ _ksummary = GetKextSummary(kval)
+ print uuid + " " + _ksummary
+
+def GetKmodWithAddr(addr):
+ """ Go through kmod list and find one with begin_addr as addr
+ returns: None if not found. else a cvalue of type kmod
+ """
+ kmod_val = kern.globals.kmod
+ for kval in IterateLinkedList(kmod_val, 'next'):
+ if addr == unsigned(kval.address):
+ return kval
+ return None
-def GetKextLoadInformation(addr=0):
+def GetAllSegmentsAndSectionsFromDataInMemory(address, size):
+ """ reads memory at address and parses mach_header to get segment and section information
+ returns: Tuple of (segments_list, sections_list) like ([MachOSegment,...], [MachOSegment, ...])
+ where MachOSegment has fields like 'name vmaddr vmsize fileoff filesize'
+ if TEXT segment is not found a dummy segment & section with address, size is returned.
+ """
+ cache_hash = "kern.kexts.segments.{}.{}".format(address, size)
+ cached_result = caching.GetDynamicCacheData(cache_hash,())
+ if cached_result:
+ return cached_result
+
+ defval = macho.MachOSegment('__TEXT', address, size, 0, size)
+ if address == 0 or size == 0:
+ return ([defval], [defval])
+
+ # if int(kern.globals.gLoadedKextSummaries.version) <= 2:
+ # until we have separate version. we will pay penalty only on arm64 devices
+ if kern.arch not in ('arm64',):
+ return ([defval], [defval])
+
+ restrict_size_to_read = 1536
+ machoObject = None
+ while machoObject is None:
+ err = lldb.SBError()
+ size_to_read = min(size, restrict_size_to_read)
+ data = LazyTarget.GetProcess().ReadMemory(address, size_to_read, err)
+ if not err.Success():
+ print "Failed to read memory at {} and size {}".format(address, size_to_read)
+ return ([defval], [defval])
+ try:
+ m = macho.MemMacho(data, len(data))
+ machoObject = m
+ except Exception as e:
+ if str(e.message).find('unpack requires a string argument') >= 0:
+ # this may be due to short read of memory. Lets do double read size.
+ restrict_size_to_read *= 2
+ debuglog("Bumping mach header read size to {}".format(restrict_size_to_read))
+ continue
+ else:
+ print "Failed to read MachO for address {} errormessage: {}".format(address, e.message)
+ return ([defval], [defval])
+ # end of while loop. We have machoObject defined
+ segments = machoObject.get_segments_with_name('')
+ sections = machoObject.get_sections_with_name('')
+ rval = (segments, sections)
+ caching.SaveDynamicCacheData(cache_hash, rval)
+ return rval
+
+def GetKextLoadInformation(addr=0, show_progress=False):
""" Extract the kext uuid and load address information from the kernel data structure.
params:
addr - int - optional integer that is the address to search for.
- returns:
- [] - array with each entry of format ( 'UUID', 'Hex Load Address')
+ returns:
+ [] - array with each entry of format
+ ( 'UUID', 'Hex Load Address of __TEXT or __TEXT_EXEC section', 'name',
+ 'addr of macho header', [macho.MachOSegment,..], [MachoSection,...], kext, kmod_obj)
"""
- # because of <rdar://problem/12683084>, we can't find summaries directly
+ cached_result = caching.GetDynamicCacheData("kern.kexts.loadinformation", [])
+ # if specific addr is provided then ignore caching
+ if cached_result and not addr:
+ return cached_result
+
+ # because of <rdar://problem/12683084>, we can't find summaries directly
#addr = hex(addressof(kern.globals.gLoadedKextSummaries.summaries))
baseaddr = unsigned(kern.globals.gLoadedKextSummaries) + 0x10
summaries_begin = kern.GetValueFromAddress(baseaddr, 'OSKextLoadedKextSummary *')
entry_size = int(kern.globals.gLoadedKextSummaries.entry_size)
retval = []
for i in range(total_summaries):
+ if show_progress:
+ print "progress: {}/{}".format(i, total_summaries)
tmpaddress = unsigned(summaries_begin) + (i * entry_size)
current_kext = kern.GetValueFromAddress(tmpaddress, 'OSKextLoadedKextSummary *')
+ # code to extract macho information
+ segments, sections = GetAllSegmentsAndSectionsFromDataInMemory(unsigned(current_kext.address), unsigned(current_kext.size))
+ seginfo = macho.get_text_segment(segments)
+ if not seginfo:
+ seginfo = segments[0]
+ kmod_obj = GetKmodWithAddr(unsigned(current_kext.address))
if addr != 0 :
- if addr == unsigned(current_kext.address):
- retval.append((GetUUIDSummary(current_kext.uuid) , hex(current_kext.address), str(current_kext.name) ))
- else:
- retval.append((GetUUIDSummary(current_kext.uuid) , hex(current_kext.address), str(current_kext.name) ))
-
+ if addr == unsigned(current_kext.address) or addr == seginfo.vmaddr:
+ return [(GetUUIDSummary(current_kext.uuid) , hex(seginfo.vmaddr).rstrip('L'), str(current_kext.name), hex(current_kext.address), segments, seginfo, current_kext, kmod_obj)]
+ retval.append((GetUUIDSummary(current_kext.uuid) , hex(seginfo.vmaddr).rstrip('L'), str(current_kext.name), hex(current_kext.address), segments, seginfo, current_kext, kmod_obj))
+
+ if not addr:
+ caching.SaveDynamicCacheData("kern.kexts.loadinformation", retval)
return retval
lldb_alias('showallkexts', 'showallkmods')
def GetOSKextVersion(version_num):
""" returns a string of format 1.2.3x from the version_num
params: version_num - int
- return: str
+ return: str
"""
if version_num == -1 :
return "invalid"
print "%d kexts in sKextsByID:" % kext_count
print "{0: <20s} {1: <20s} {2: >5s} {3: >20s} {4: <30s}".format('OSKEXT *', 'load_addr', 'id', 'version', 'name')
format_string = "{0: <#020x} {1: <20s} {2: >5s} {3: >20s} {4: <30s}"
-
+
while index < kext_count:
kext_dict = GetObjectAtIndexFromArray(kext_dictionary, index)
kext_name = str(kext_dict.key.string)
version = GetOSKextVersion(version_num)
print format_string.format(osk, load_addr, id, version, kext_name)
index += 1
-
+
return
@lldb_command('showkmodaddr')
def ShowKmodAddr(cmd_args=[]):
- """ Given an address, print the offset and name for the kmod containing it
+ """ Given an address, print the offset and name for the kmod containing it
Syntax: (lldb) showkmodaddr <addr>
"""
if len(cmd_args) < 1:
raise ArgumentError("Insufficient arguments")
addr = ArgumentStringToInt(cmd_args[0])
- kmod_val = kern.globals.kmod
- for kval in IterateLinkedList(kmod_val, 'next'):
- if addr >= unsigned(kval.address) and addr <= (unsigned(kval.address) + unsigned(kval.size)):
- print GetKextSummary.header
- print GetKextSummary(kval) + " offset = {0: #0x}".format((addr - unsigned(kval.address)))
- return True
+ all_kexts_info = GetKextLoadInformation()
+ found_kinfo = None
+ found_segment = None
+ for kinfo in all_kexts_info:
+ s = macho.get_segment_with_addr(kinfo[4], addr)
+ if s:
+ found_segment = s
+ found_kinfo = kinfo
+ break
+ if found_kinfo:
+ print GetKextSummary.header
+ print GetKextSummary(found_kinfo[7]) + " segment: {} offset = {:#0x}".format(found_segment.name, (addr - found_segment.vmaddr))
+ return True
return False
+
@lldb_command('addkext','AF:N:')
def AddKextSyms(cmd_args=[], cmd_options={}):
""" Add kext symbols into lldb.
This command finds symbols for a uuid and load the required executable
- Usage:
+ Usage:
addkext <uuid> : Load one kext based on uuid. eg. (lldb)addkext 4DD2344C0-4A81-3EAB-BDCF-FEAFED9EB73E
addkext -F <abs/path/to/executable> <load_address> : Load kext executable at specified load address
addkext -N <name> : Load one kext that matches the name provided. eg. (lldb) addkext -N corecrypto
addkext -N <name> -A: Load all kext that matches the name provided. eg. to load all kext with Apple in name do (lldb) addkext -N Apple -A
- addkext all : Will load all the kext symbols - SLOW
+ addkext all : Will load all the kext symbols - SLOW
"""
-
+
if "-F" in cmd_options:
exec_path = cmd_options["-F"]
raise ArgumentError("Path is {:s} not a filepath. \nPlease check that path points to executable.\
\nFor ex. path/to/Symbols/IOUSBFamily.kext/Contents/PlugIns/AppleUSBHub.kext/Contents/MacOS/AppleUSBHub.\
\nNote: LLDB does not support adding kext based on directory paths like gdb used to.".format(exec_path))
- if not os.access(exec_full_path, os.X_OK):
- raise ArgumentError("Path is {:s} not an executable file".format(exec_path))
slide_value = None
if cmd_args:
if k[0].lower() == uuid_str.lower():
slide_value = k[1]
debuglog("found the slide %s for uuid %s" % (k[1], k[0]))
-
if slide_value is None:
raise ArgumentError("Unable to find load address for module described at %s " % exec_full_path)
load_cmd = "target modules load --file %s --slide %s" % (exec_full_path, str(slide_value))
print load_cmd
- print lldb_run_command(load_cmd)
+ print lldb_run_command(load_cmd)
kern.symbolicator = None
return True
all_kexts_info = GetKextLoadInformation()
-
+
if "-N" in cmd_options:
kext_name = cmd_options["-N"]
kext_name_matches = GetLongestMatchOption(kext_name, [str(x[2]) for x in all_kexts_info], True)
if info and 'DBGSymbolRichExecutable' in info:
print "Adding dSYM ({0:s}) for {1:s}".format(cur_uuid, info['DBGSymbolRichExecutable'])
addDSYM(cur_uuid, info)
- loadDSYM(cur_uuid, int(x[1],16))
+ loadDSYM(cur_uuid, int(x[1],16), x[4])
else:
print "Failed to get symbol info for {:s}".format(cur_uuid)
break
load_all_kexts = False
if uuid == "all":
load_all_kexts = True
-
+
if not load_all_kexts and len(uuid_regex.findall(uuid)) == 0:
raise ArgumentError("Unknown argument {:s}".format(uuid))
if info and 'DBGSymbolRichExecutable' in info:
print "Adding dSYM (%s) for %s" % (cur_uuid, info['DBGSymbolRichExecutable'])
addDSYM(cur_uuid, info)
- loadDSYM(cur_uuid, int(k_info[1],16))
+ loadDSYM(cur_uuid, int(k_info[1],16), k_info[4])
else:
print "Failed to get symbol info for %s" % cur_uuid
#end of for loop
kern.symbolicator = None
return True
-
+
lldb_alias('showkmod', 'showkmodaddr')
lldb_alias('showkext', 'showkmodaddr')
vnode_lock_output += ("{: <8s}").format('prov')
if lockf_flags & 0x10:
vnode_lock_output += ("{: <4s}").format('W')
+ if lockf_flags & 0x400:
+ vnode_lock_output += ("{: <8s}").format('ofd')
else:
vnode_lock_output += ("{: <4s}").format('.')
return "Invalid lock value: 0x0"
if kern.arch == "x86_64":
- out_str = "Lock Type\t\t: MUTEX\n"
- mtxd = mtx.lck_mtx_sw.lck_mtxd
- out_str += "Owner Thread\t\t: {:#x}\n".format(mtxd.lck_mtxd_owner)
- cmd_str = "p/d ((lck_mtx_t*){:#x})->lck_mtx_sw.lck_mtxd.".format(mtx)
- cmd_out = lldb_run_command(cmd_str + "lck_mtxd_waiters")
- out_str += "Number of Waiters\t: {:s}\n".format(cmd_out.split()[-1])
- cmd_out = lldb_run_command(cmd_str + "lck_mtxd_ilocked")
- out_str += "ILocked\t\t\t: {:s}\n".format(cmd_out.split()[-1])
- cmd_out = lldb_run_command(cmd_str + "lck_mtxd_mlocked")
- out_str += "MLocked\t\t\t: {:s}\n".format(cmd_out.split()[-1])
- cmd_out = lldb_run_command(cmd_str + "lck_mtxd_promoted")
- out_str += "Promoted\t\t: {:s}\n".format(cmd_out.split()[-1])
- cmd_out = lldb_run_command(cmd_str + "lck_mtxd_spin")
- out_str += "Spin\t\t\t: {:s}\n".format(cmd_out.split()[-1])
+ out_str = "Lock Type : MUTEX\n"
+ if mtx.lck_mtx_tag == 0x07ff1007 :
+ out_str += "Tagged as indirect, printing ext lock at: {:#x}\n".format(mtx.lck_mtx_ptr)
+ mtx = Cast(mtx.lck_mtx_ptr, 'lck_mtx_t *')
+
+ if mtx.lck_mtx_tag == 0x07fe2007 :
+ out_str += "*** Tagged as DESTROYED ({:#x}) ***\n".format(mtx.lck_mtx_tag)
+
+ out_str += "Owner Thread : {mtx.lck_mtx_owner:#x}\n".format(mtx=mtx)
+ out_str += "Number of Waiters : {mtx.lck_mtx_waiters:#x}\n".format(mtx=mtx)
+ out_str += "ILocked : {mtx.lck_mtx_ilocked:#x}\n".format(mtx=mtx)
+ out_str += "MLocked : {mtx.lck_mtx_mlocked:#x}\n".format(mtx=mtx)
+ out_str += "Promoted : {mtx.lck_mtx_promoted:#x}\n".format(mtx=mtx)
+ out_str += "Pri : {mtx.lck_mtx_pri:#x}\n".format(mtx=mtx)
+ out_str += "Spin : {mtx.lck_mtx_spin:#x}\n".format(mtx=mtx)
+ out_str += "Ext : {mtx.lck_mtx_is_ext:#x}\n".format(mtx=mtx)
+ if mtx.lck_mtxd_pad32 == 0xFFFFFFFF :
+ out_str += "Canary (valid) : {mtx.lck_mtxd_pad32:#x}\n".format(mtx=mtx)
+ else:
+ out_str += "Canary (INVALID) : {mtx.lck_mtxd_pad32:#x}\n".format(mtx=mtx)
return out_str
out_str = "Lock Type\t\t: MUTEX\n"
- out_str += "Owner Thread\t\t: {:#x}\n".format(mtx.lck_mtx_hdr.lck_mtxd_data & ~0x3)
- out_str += "Number of Waiters\t: {:d}\n".format(mtx.lck_mtx_sw.lck_mtxd.lck_mtxd_waiters)
+ out_str += "Owner Thread\t\t: {:#x}".format(mtx.lck_mtx_data & ~0x3)
+ if (mtx.lck_mtx_data & ~0x3) == 0xfffffff0:
+ out_str += " Held as spinlock"
+ out_str += "\nNumber of Waiters\t: {:d}\n".format(mtx.lck_mtx_waiters)
out_str += "Flags\t\t\t: "
- if mtx.lck_mtx_hdr.lck_mtxd_data & 0x1:
+ if mtx.lck_mtx_data & 0x1:
out_str += "[Interlock Locked] "
- if mtx.lck_mtx_hdr.lck_mtxd_data & 0x2:
+ if mtx.lck_mtx_data & 0x2:
out_str += "[Wait Flag]"
- if (mtx.lck_mtx_hdr.lck_mtxd_data & 0x3) == 0:
- out_str += "None"
return out_str
@lldb_type_summary(['lck_spin_t *'])
out_str += "Interlock\t\t: {:#x}\n".format(spinlock.interlock)
return out_str
- out_str += "Owner Thread\t\t: {:#x}\n".format(spinlock.lck_spin_data & ~0x3)
- out_str += "Flags\t\t\t: "
- if spinlock.lck_spin_data & 0x1:
- out_str += "[Interlock Locked] "
- if spinlock.lck_spin_data & 0x2:
- out_str += "[Wait Flag]"
- if (spinlock.lck_spin_data & 0x3) == 0:
- out_str += "None"
+ lock_data = spinlock.hwlock.lock_data
+ if lock_data == 1:
+ out_str += "Invalid state: interlock is locked but no owner\n"
+ return out_str
+ out_str += "Owner Thread\t\t: "
+ if lock_data == 0:
+ out_str += "None\n"
+ else:
+ out_str += "{:#x}\n".format(lock_data & ~0x1)
+ if (lock_data & 1) == 0:
+ out_str += "Invalid state: owned but interlock bit is not set\n"
return out_str
@lldb_command('showlock', 'MS')
summary_str = GetMutexLockSummary(lock_mtx)
lock_spin = Cast(lock, 'lck_spin_t*')
- if lock_spin.lck_spin_type == 0x11:
+ if lock_spin.type == 0x11:
summary_str = GetSpinLockSummary(lock_spin)
if summary_str == "":
returns:
None
"""
+ page_size = kern.globals.page_size
if object.purgable == 0:
purgable = "N"
elif object.purgable == 1:
compressor_pager = Cast(object.pager, 'compressor_pager *')
compressed_count = compressor_pager.cpgr_num_slots_occupied
- print "{:>6d}/{:<6d} {:#018x} {:1s} {:>6d} {:>16d} {:>10d} {:>10d} {:>10d} {:#018x} {:>6d} {:<20s}\n".format(idx,queue_len,object,purgable,object.ref_count,object.vo_un1.vou_size/kern.globals.page_size,object.resident_page_count,object.wired_page_count,compressed_count, object.vo_un2.vou_purgeable_owner,GetProcPIDForTask(object.vo_un2.vou_purgeable_owner),GetProcNameForTask(object.vo_un2.vou_purgeable_owner))
+ print "{:>6d}/{:<6d} {:#018x} {:1s} {:>6d} {:>16d} {:>10d} {:>10d} {:>10d} {:#018x} {:>6d} {:<20s}\n".format(idx,queue_len,object,purgable,object.ref_count,object.vo_un1.vou_size/page_size,object.resident_page_count,object.wired_page_count,compressed_count, object.vo_un2.vou_purgeable_owner,GetProcPIDForTask(object.vo_un2.vou_purgeable_owner),GetProcNameForTask(object.vo_un2.vou_purgeable_owner))
nonvolatile_total.objects += 1
- nonvolatile_total.vsize += object.vo_un1.vou_size/kern.globals.page_size
+ nonvolatile_total.vsize += object.vo_un1.vou_size/page_size
nonvolatile_total.rsize += object.resident_page_count
nonvolatile_total.wsize += object.wired_page_count
nonvolatile_total.csize += compressed_count
if object.vo_un2.vou_purgeable_owner == 0:
nonvolatile_total.disowned_objects += 1
- nonvolatile_total.disowned_vsize += object.vo_un1.vou_size/kern.globals.page_size
+ nonvolatile_total.disowned_vsize += object.vo_un1.vou_size/page_size
nonvolatile_total.disowned_rsize += object.resident_page_count
nonvolatile_total.disowned_wsize += object.wired_page_count
nonvolatile_total.disowned_csize += compressed_count
# diff=" !="
# else:
# diff=" "
+ page_size = kern.globals.page_size
if object.purgable == 0:
purgable = "N"
elif object.purgable == 1:
else:
compressor_pager = Cast(object.pager, 'compressor_pager *')
compressed_count = compressor_pager.cpgr_num_slots_occupied
-# print "{:>6d} {:#018x} {:1s} {:>6d} {:>16d} {:>10d} {:>10d} {:>10d} {:#018x} {:>6d} {:<20s} {:#018x} {:>6d} {:<20s} {:s}\n".format(idx,object,purgable,object.ref_count,object.vo_un1.vou_size/kern.globals.page_size,object.resident_page_count,object.wired_page_count,compressed_count,object.vo_un2.vou_purgeable_owner,GetProcPIDForTask(object.vo_un2.vou_purgeable_owner),GetProcNameForTask(object.vo_un2.vou_purgeable_owner),object.vo_purgeable_volatilizer,GetProcPIDForTask(object.vo_purgeable_volatilizer),GetProcNameForTask(object.vo_purgeable_volatilizer),diff)
- print "{:>6d} {:#018x} {:1s} {:>6d} {:>16d} {:>10d} {:>10d} {:>10d} {:#018x} {:>6d} {:<20s}\n".format(idx,object,purgable,object.ref_count,object.vo_un1.vou_size/kern.globals.page_size,object.resident_page_count,object.wired_page_count,compressed_count, object.vo_un2.vou_purgeable_owner,GetProcPIDForTask(object.vo_un2.vou_purgeable_owner),GetProcNameForTask(object.vo_un2.vou_purgeable_owner))
+# print "{:>6d} {:#018x} {:1s} {:>6d} {:>16d} {:>10d} {:>10d} {:>10d} {:#018x} {:>6d} {:<20s} {:#018x} {:>6d} {:<20s} {:s}\n".format(idx,object,purgable,object.ref_count,object.vo_un1.vou_size/page_size,object.resident_page_count,object.wired_page_count,compressed_count,object.vo_un2.vou_purgeable_owner,GetProcPIDForTask(object.vo_un2.vou_purgeable_owner),GetProcNameForTask(object.vo_un2.vou_purgeable_owner),object.vo_purgeable_volatilizer,GetProcPIDForTask(object.vo_purgeable_volatilizer),GetProcNameForTask(object.vo_purgeable_volatilizer),diff)
+ print "{:>6d} {:#018x} {:1s} {:>6d} {:>16d} {:>10d} {:>10d} {:>10d} {:#018x} {:>6d} {:<20s}\n".format(idx,object,purgable,object.ref_count,object.vo_un1.vou_size/page_size,object.resident_page_count,object.wired_page_count,compressed_count, object.vo_un2.vou_purgeable_owner,GetProcPIDForTask(object.vo_un2.vou_purgeable_owner),GetProcNameForTask(object.vo_un2.vou_purgeable_owner))
volatile_total.objects += 1
- volatile_total.vsize += object.vo_un1.vou_size/kern.globals.page_size
+ volatile_total.vsize += object.vo_un1.vou_size/page_size
volatile_total.rsize += object.resident_page_count
volatile_total.wsize += object.wired_page_count
volatile_total.csize += compressed_count
if object.vo_un2.vou_purgeable_owner == 0:
volatile_total.disowned_objects += 1
- volatile_total.disowned_vsize += object.vo_un1.vou_size/kern.globals.page_size
+ volatile_total.disowned_vsize += object.vo_un1.vou_size/page_size
volatile_total.disowned_rsize += object.resident_page_count
volatile_total.disowned_wsize += object.wired_page_count
volatile_total.disowned_csize += compressed_count
# compressor_slot += 1
# return compressed_pages
-@lldb_command('showallvme', "-PS")
-def ShowAllVME(cmd_args=None, cmd_options={}):
- """ Routine to print a summary listing of all the vm map entries
- Go Through each task in system and show the vm info
- """
- show_pager_info = False
- show_all_shadows = False
- if "-P" in cmd_options:
- show_pager_info = True
- if "-S" in cmd_options:
- show_all_shadows = True
- for task in kern.tasks:
- ShowTaskVMEntries(task, show_pager_info, show_all_shadows)
-
def ShowTaskVMEntries(task, show_pager_info, show_all_shadows):
""" Routine to print out a summary listing of all the entries in a vm_map
params:
def ShowMapVME(cmd_args=None, cmd_options={}):
"""Routine to print out info about the specified vm_map and its vm entries
usage: showmapvme <vm_map>
+ Use -S flag to show VM object shadow chains
+ Use -P flag to show pager info (mapped file, compressed pages, ...)
"""
if cmd_args == None or len(cmd_args) < 1:
print "Invalid argument.", ShowMap.__doc__
showmapvme(map, show_pager_info, show_all_shadows)
def showmapvme(map, show_pager_info, show_all_shadows):
+ page_size = kern.globals.page_size
vnode_pager_ops = kern.globals.vnode_pager_ops
vnode_pager_ops_addr = unsigned(addressof(vnode_pager_ops))
rsize = 0
if map.pmap != 0:
rsize = int(map.pmap.stats.resident_count)
- print "{:<18s} {:<18s} {:<18s} {:>10s} {:>10s} {:>18s}:{:<18s}".format("vm_map","pmap","size","#ents","rsize","start","end")
- print "{:#018x} {:#018x} {:#018x} {:>10d} {:>10d} {:#018x}:{:#018x}".format(map,map.pmap,(map.size/4096),map.hdr.nentries,rsize,map.hdr.links.start,map.hdr.links.end)
+ print "{:<18s} {:<18s} {:<18s} {:>10s} {:>18s} {:>18s}:{:<18s}".format("vm_map","pmap","size","#ents","rsize","start","end")
+ print "{:#018x} {:#018x} {:#018x} {:>10d} {:>18d} {:#018x}:{:#018x}".format(map,map.pmap,unsigned(map.size),map.hdr.nentries,rsize,map.hdr.links.start,map.hdr.links.end)
vme_list_head = map.hdr.links
vme_ptr_type = GetType('vm_map_entry *')
- print "{:<18s} {:>18s}:{:<18s} {:>10s} {:>3s} {:<10s} {:<18s} {:<18s}".format("entry","start","end","#pgs","tag","prot&flags","object","offset")
- last_end = map.hdr.links.start
+ print "{:<18s} {:>18s}:{:<18s} {:>10s} {:<8s} {:<10s} {:<18s} {:<18s}".format("entry","start","end","#pgs","tag.kmod","prot&flags","object","offset")
+ last_end = unsigned(map.hdr.links.start)
for vme in IterateQueue(vme_list_head, vme_ptr_type, "links"):
- if vme.links.start != last_end:
- print "{:18s} {:#018x}:{:#018x} {:>10d}".format("------------------",last_end,vme.links.start,(vme.links.start-last_end)/4096)
- last_end = vme.links.end
+ if unsigned(vme.links.start) != last_end:
+ print "{:18s} {:#018x}:{:#018x} {:>10d}".format("------------------",last_end,vme.links.start,(unsigned(vme.links.start) - last_end)/page_size)
+ last_end = unsigned(vme.links.end)
+ size = unsigned(vme.links.end) - unsigned(vme.links.start)
+ object = vme.vme_object.vmo_object
+ if object == 0:
+ object_str = "{:<#018x}".format(object)
+ elif vme.is_sub_map:
+ if object == kern.globals.bufferhdr_map:
+ object_str = "BUFFERHDR_MAP"
+ elif object == kern.globals.mb_map:
+ object_str = "MB_MAP"
+ elif object == kern.globals.bsd_pageable_map:
+ object_str = "BSD_PAGEABLE_MAP"
+ elif object == kern.globals.ipc_kernel_map:
+ object_str = "IPC_KERNEL_MAP"
+ elif object == kern.globals.ipc_kernel_copy_map:
+ object_str = "IPC_KERNEL_COPY_MAP"
+ elif object == kern.globals.kalloc_map:
+ object_str = "KALLOC_MAP"
+ elif object == kern.globals.zone_map:
+ object_str = "ZONE_MAP"
+ elif hasattr(kern.globals, 'compressor_map') and object == kern.globals.compressor_map:
+ object_str = "COMPRESSOR_MAP"
+ elif hasattr(kern.globals, 'gzalloc_map') and object == kern.globals.gzalloc_map:
+ object_str = "GZALLOC_MAP"
+ elif hasattr(kern.globals, 'g_kext_map') and object == kern.globals.g_kext_map:
+ object_str = "G_KEXT_MAP"
+ elif hasattr(kern.globals, 'vector_upl_submap') and object == kern.globals.vector_upl_submap:
+ object_str = "VECTOR_UPL_SUBMAP"
+ else:
+ object_str = "submap:{:<#018x}".format(object)
+ else:
+ if object == kern.globals.kernel_object:
+ object_str = "KERNEL_OBJECT"
+ elif object == kern.globals.vm_submap_object:
+ object_str = "VM_SUBMAP_OBJECT"
+ elif object == kern.globals.compressor_object:
+ object_str = "COMPRESSOR_OBJECT"
+ else:
+ object_str = "{:<#018x}".format(object)
+ offset = unsigned(vme.vme_offset) & ~0xFFF
+ tag = unsigned(vme.vme_offset & 0xFFF)
vme_flags = ""
if vme.is_sub_map:
vme_flags += "s"
- print "{:#018x} {:#018x}:{:#018x} {:>10d} {:>3d} {:1d}{:1d}{:<8s} {:#018x} {:<#18x}".format(vme,vme.links.start,vme.links.end,(vme.links.end-vme.links.start)/4096,vme.alias,vme.protection,vme.max_protection,vme_flags,vme.object.vm_object,vme.offset)
- if show_pager_info and vme.is_sub_map == 0 and vme.object.vm_object != 0:
- object = vme.object.vm_object
+ if vme.needs_copy:
+ vme_flags += "n"
+ if vme.is_sub_map and vme.use_pmap:
+ vme_flags += "p"
+ tagstr = ""
+ if map.pmap == kern.globals.kernel_pmap:
+ xsite = Cast(kern.globals.vm_allocation_sites[tag],'OSKextAccount *')
+ if xsite and xsite.site.flags & 2:
+ tagstr = ".{:<3d}".format(xsite.loadTag)
+ print "{:#018x} {:#018x}:{:#018x} {:>10d} {:>3d}{:<4s} {:1d}{:1d}{:<8s} {:<18s} {:<#18x}".format(vme,vme.links.start,vme.links.end,(unsigned(vme.links.end)-unsigned(vme.links.start))/page_size,tag,tagstr,vme.protection,vme.max_protection,vme_flags,object_str,offset)
+ if (show_pager_info or show_all_shadows) and vme.is_sub_map == 0 and vme.vme_object.vmo_object != 0:
+ object = vme.vme_object.vmo_object
else:
object = 0
depth = 0
- offset = unsigned(vme.offset)
- size = vme.links.end - vme.links.start
while object != 0:
depth += 1
if show_all_shadows == False and depth != 1 and object.shadow != 0:
else:
internal = "external"
pager_string = ""
- if show_pager_info and object.pager != 0:
+ pager = object.pager
+ if show_pager_info and pager != 0:
if object.internal:
pager_string = "-> compressed:{:d}".format(GetCompressedPagesForObject(object))
+ elif unsigned(pager.mo_pager_ops) == vnode_pager_ops_addr:
+ vnode_pager = Cast(pager,'vnode_pager *')
+ pager_string = "-> " + GetVnodePath(vnode_pager.vnode_handle)
else:
- vnode_pager = Cast(object.pager,'vnode_pager *')
- if unsigned(vnode_pager.pager_ops) == vnode_pager_ops_addr:
- pager_string = "-> " + GetVnodePath(vnode_pager.vnode_handle)
- print "{:>18d} {:#018x}:{:#018x} {:#018x} ref:{:<6d} ts:{:1d} strat:{:1s} {:s} ({:d} {:d} {:d}) {:s}".format(depth,offset,offset+size,object,object.ref_count,object.true_share,copy_strategy,internal,unsigned(object.vo_un1.vou_size)/4096,object.resident_page_count,object.wired_page_count,pager_string)
-# print " #{:<5d} obj {:#018x} ref:{:<6d} ts:{:1d} strat:{:1s} {:s} size:{:<10d} wired:{:<10d} resident:{:<10d} reusable:{:<10d}".format(depth,object,object.ref_count,object.true_share,copy_strategy,internal,object.vo_un1.vou_size/4096,object.wired_page_count,object.resident_page_count,object.reusable_page_count)
+ pager_string = "-> {:s}:{:#018x}".format(pager.mo_pager_ops.memory_object_pager_name, pager.mo_pager_ops)
+ print "{:>18d} {:#018x}:{:#018x} {:#018x} ref:{:<6d} ts:{:1d} strat:{:1s} {:s} ({:d} {:d} {:d}) {:s}".format(depth,offset,offset+size,object,object.ref_count,object.true_share,copy_strategy,internal,unsigned(object.vo_un1.vou_size)/page_size,object.resident_page_count,object.wired_page_count,pager_string)
+# print " #{:<5d} obj {:#018x} ref:{:<6d} ts:{:1d} strat:{:1s} {:s} size:{:<10d} wired:{:<10d} resident:{:<10d} reusable:{:<10d}".format(depth,object,object.ref_count,object.true_share,copy_strategy,internal,object.vo_un1.vou_size/page_size,object.wired_page_count,object.resident_page_count,object.reusable_page_count)
offset += unsigned(object.vo_un2.vou_shadow_offset)
object = object.shadow
+ if unsigned(map.hdr.links.end) > last_end:
+ print "{:18s} {:#018x}:{:#018x} {:>10d}".format("------------------",last_end,map.hdr.links.end,(unsigned(map.hdr.links.end) - last_end)/page_size)
return None
+def CountMapTags(map, tagcounts, slow):
+ page_size = unsigned(kern.globals.page_size)
+ vme_list_head = map.hdr.links
+ vme_ptr_type = GetType('vm_map_entry *')
+ for vme in IterateQueue(vme_list_head, vme_ptr_type, "links"):
+ object = vme.vme_object.vmo_object
+ tag = vme.vme_offset & 0xFFF
+ if object == kern.globals.kernel_object:
+ count = 0
+ if not slow:
+ count = unsigned(vme.links.end - vme.links.start) / page_size
+ else:
+ addr = unsigned(vme.links.start)
+ while addr < unsigned(vme.links.end):
+ hash_id = _calc_vm_page_hash(object, addr)
+ page_list = kern.globals.vm_page_buckets[hash_id].page_list
+ page = _vm_page_unpack_ptr(page_list)
+ while (page != 0):
+ vmpage = kern.GetValueFromAddress(page, 'vm_page_t')
+ if (addr == unsigned(vmpage.offset)) and (object == vm_object_t(_vm_page_unpack_ptr(vmpage.vm_page_object))):
+ if (not vmpage.local) and (vmpage.wire_count > 0):
+ count += 1
+ break
+ page = _vm_page_unpack_ptr(vmpage.next_m)
+ addr += page_size
+ tagcounts[tag] += count
+ elif vme.is_sub_map:
+ CountMapTags(Cast(object,'vm_map_t'), tagcounts, slow)
+ return None
+
+def CountWiredObject(object, tagcounts):
+ tagcounts[unsigned(object.wire_tag)] += object.wired_page_count
+ return None
+
+def CountWiredPurgeableGroup(qhead, tagcounts):
+ for object in IterateQueue(qhead, 'struct vm_object *', 'objq'):
+ CountWiredObject(object, tagcounts)
+ return None
+
+def CountWiredPurgeableQueue(qhead, tagcounts):
+ CountWiredPurgeableGroup(qhead.objq[0], tagcounts)
+ CountWiredPurgeableGroup(qhead.objq[1], tagcounts)
+ CountWiredPurgeableGroup(qhead.objq[2], tagcounts)
+ CountWiredPurgeableGroup(qhead.objq[3], tagcounts)
+ CountWiredPurgeableGroup(qhead.objq[4], tagcounts)
+ CountWiredPurgeableGroup(qhead.objq[5], tagcounts)
+ CountWiredPurgeableGroup(qhead.objq[6], tagcounts)
+ CountWiredPurgeableGroup(qhead.objq[7], tagcounts)
+
+def GetKmodIDName(kmod_id):
+ kmod_val = kern.globals.kmod
+ for kmod in IterateLinkedList(kmod_val, 'next'):
+ if (kmod.id == kmod_id):
+ return "{:<50s}".format(kmod.name)
+ return "??"
+
+def GetVMKernName(tag):
+ if 1 == tag:
+ return "VM_KERN_MEMORY_OSFMK"
+ elif 2 == tag:
+ return "VM_KERN_MEMORY_BSD"
+ elif 3 == tag:
+ return "VM_KERN_MEMORY_IOKIT"
+ elif 4 == tag:
+ return "VM_KERN_MEMORY_LIBKERN"
+ elif 5 == tag:
+ return "VM_KERN_MEMORY_OSKEXT"
+ elif 6 == tag:
+ return "VM_KERN_MEMORY_KEXT"
+ elif 7 == tag:
+ return "VM_KERN_MEMORY_IPC"
+ elif 8 == tag:
+ return "VM_KERN_MEMORY_STACK"
+ elif 9 == tag:
+ return "VM_KERN_MEMORY_CPU"
+ elif 10 == tag:
+ return "VM_KERN_MEMORY_PMAP"
+ elif 11 == tag:
+ return "VM_KERN_MEMORY_PTE"
+ elif 12 == tag:
+ return "VM_KERN_MEMORY_ZONE"
+ elif 13 == tag:
+ return "VM_KERN_MEMORY_KALLOC"
+ elif 14 == tag:
+ return "VM_KERN_MEMORY_COMPRESSOR"
+ elif 15 == tag:
+ return "VM_KERN_MEMORY_COMPRESSED_DATA"
+ elif 16 == tag:
+ return "VM_KERN_MEMORY_PHANTOM_CACHE"
+ elif 17 == tag:
+ return "VM_KERN_MEMORY_WAITQ"
+ elif 18 == tag:
+ return "VM_KERN_MEMORY_DIAG"
+ elif 19 == tag:
+ return "VM_KERN_MEMORY_LOG"
+ elif 20 == tag:
+ return "VM_KERN_MEMORY_FILE"
+ elif 21 == tag:
+ return "VM_KERN_MEMORY_MBUF"
+ elif 22 == tag:
+ return "VM_KERN_MEMORY_UBC"
+ elif 23 == tag:
+ return "VM_KERN_MEMORY_SECURITY"
+ elif 24 == tag:
+ return "VM_KERN_MEMORY_MLOCK"
+ return "??"
+
+
+@lldb_command("showvmtags", "S")
+def showvmtags(cmd_args=None, cmd_options={}):
+ """Routine to print out info about kernel wired page allocations
+ usage: showvmtags
+ iterates kernel map and vm objects totaling allocations by tag.
+ usage: showvmtags -S
+ also iterates kernel object pages individually - slow.
+ """
+ slow = False
+ if "-S" in cmd_options:
+ slow = True
+ page_size = unsigned(kern.globals.page_size)
+ tagcounts = []
+ for tag in range(256):
+ tagcounts.append(0)
+
+ queue_head = kern.globals.vm_objects_wired
+ for object in IterateQueue(queue_head, 'struct vm_object *', 'objq'):
+ if object != kern.globals.kernel_object:
+ CountWiredObject(object, tagcounts)
+
+ queue_head = kern.globals.purgeable_nonvolatile_queue
+ for object in IterateQueue(queue_head, 'struct vm_object *', 'objq'):
+ CountWiredObject(object, tagcounts)
+
+ purgeable_queues = kern.globals.purgeable_queues
+ CountWiredPurgeableQueue(purgeable_queues[0], tagcounts)
+ CountWiredPurgeableQueue(purgeable_queues[1], tagcounts)
+ CountWiredPurgeableQueue(purgeable_queues[2], tagcounts)
+
+ CountMapTags(kern.globals.kernel_map, tagcounts, slow)
+
+ total = 0
+ print " {:<8s} {:>7s} {:<50s}".format("tag.kmod","size","name")
+ for tag in range(256):
+ if tagcounts[tag]:
+ total += tagcounts[tag]
+ tagstr = ""
+ sitestr = ""
+ if (tag <= 24):
+ sitestr = GetVMKernName(tag)
+ else:
+ site = kern.globals.vm_allocation_sites[tag]
+ if site:
+ if site.flags & 2:
+ xsite = Cast(site,'OSKextAccount *')
+ tagstr = ".{:<3d}".format(xsite.loadTag)
+ sitestr = GetKmodIDName(xsite.loadTag)
+ else:
+ sitestr = kern.Symbolicate(site)
+ print " {:>3d}{:<4s} {:>7d}K {:<50s}".format(tag,tagstr,tagcounts[tag]*page_size / 1024,sitestr)
+ print "Total: {:>7d}K".format(total*page_size / 1024)
+ return None
+
+
def FindVMEntriesForVnode(task, vn):
""" returns an array of vme that have the vnode set to defined vnode
each entry in array is of format (vme, start_addr, end_address, protection)
vme_ptr_type = gettype('vm_map_entry *')
for vme in IterateQueue(vme_list_head, vme_ptr_type, 'links'):
#print vme
- if unsigned(vme.is_sub_map) == 0 and unsigned(vme.object.vm_object) != 0:
- obj = vme.object.vm_object
+ if unsigned(vme.is_sub_map) == 0 and unsigned(vme.vme_object.vmo_object) != 0:
+ obj = vme.vme_object.vmo_object
else:
continue
end_addr = m[2]
#print "Load address: %s" % hex(m[1])
print print_format.format(load_addr, end_addr, libname, uuid_out_string, filepath)
- return None
+ return None
+
+@header("{0: <20s} {1: <20s} {2: <20s}".format("vm_page_t", "offset", "object"))
+@lldb_command('vmpagelookup')
+def VMPageLookup(cmd_args=None):
+ """ Print the pages in the page bucket corresponding to the provided object and offset.
+ Usage: (lldb)vmpagelookup <vm_object_t> <vm_offset_t>
+ """
+ if cmd_args == None or len(cmd_args) < 2:
+ raise ArgumentError("Please specify an object and offset.")
+ format_string = "{0: <#020x} {1: <#020x} {2: <#020x}\n"
+
+ obj = kern.GetValueFromAddress(cmd_args[0],'unsigned long long')
+ off = kern.GetValueFromAddress(cmd_args[1],'unsigned long long')
+
+ hash_id = _calc_vm_page_hash(obj, off)
+
+ page_list = kern.globals.vm_page_buckets[hash_id].page_list
+ print("hash_id: 0x%x page_list: 0x%x\n" % (unsigned(hash_id), unsigned(page_list)))
+
+ print VMPageLookup.header
+ page = _vm_page_unpack_ptr(page_list)
+ while (page != 0) :
+ pg_t = kern.GetValueFromAddress(page, 'vm_page_t')
+ print format_string.format(page, pg_t.offset, _vm_page_unpack_ptr(pg_t.vm_page_object))
+ page = _vm_page_unpack_ptr(pg_t.next_m)
+
+
+
+@lldb_command('vmpage_get_phys_page')
+def VmPageGetPhysPage(cmd_args=None):
+ """ return the physical page for a vm_page_t
+ usage: vm_page_get_phys_page <vm_page_t>
+ """
+ if cmd_args == None or len(cmd_args) < 1:
+ print "Please provide valid vm_page_t. Type help vm_page_get_phys_page for help."
+ return
+
+ page = kern.GetValueFromAddress(cmd_args[0], 'vm_page_t')
+ phys_page = _vm_page_get_phys_page(page)
+ print("phys_page = 0x%x\n" % phys_page)
+
+
+def _vm_page_get_phys_page(page):
+ if kern.arch == 'x86_64':
+ return page.phys_page
+
+ if page == 0 :
+ return 0
+
+ m = unsigned(page)
+ if m >= unsigned(kern.globals.vm_page_array_beginning_addr) and m < unsigned(kern.globals.vm_page_array_ending_addr) :
+ return (m - unsigned(kern.globals.vm_page_array_beginning_addr)) / sizeof('struct vm_page') + unsigned(kern.globals.vm_first_phys_ppnum)
+
+ page_with_ppnum = Cast(page, 'uint32_t *')
+ ppnum_offset = sizeof('struct vm_page') / sizeof('uint32_t')
+ return page_with_ppnum[ppnum_offset]
+
+
+@lldb_command('vmpage_unpack_ptr')
+def VmPageUnpackPtr(cmd_args=None):
+ """ unpack a pointer
+ usage: vm_page_unpack_ptr <packed_ptr>
+ """
+ if cmd_args == None or len(cmd_args) < 1:
+ print "Please provide valid packed pointer argument. Type help vm_page_unpack_ptr for help."
+ return
+
+ packed = kern.GetValueFromAddress(cmd_args[0],'unsigned long')
+ unpacked = _vm_page_unpack_ptr(packed)
+ print("unpacked pointer = 0x%x\n" % unpacked)
+
+
+def _vm_page_unpack_ptr(page):
+ if kern.ptrsize == 4 :
+ return page
+
+ if page == 0 :
+ return page
+
+ min_addr = kern.globals.vm_min_kernel_and_kext_address
+ ptr_shift = kern.globals.vm_packed_pointer_shift
+ ptr_mask = kern.globals.vm_packed_from_vm_pages_array_mask
+ #INTEL - min_addr = 0xffffff7f80000000
+ #ARM - min_addr = 0x80000000
+ #ARM64 - min_addr = 0xffffff8000000000
+ if unsigned(page) & unsigned(ptr_mask) :
+ masked_page = (unsigned(page) & ~ptr_mask)
+ return (unsigned(addressof(kern.globals.vm_pages[masked_page])))
+ return ((unsigned(page) << unsigned(ptr_shift)) + unsigned(min_addr))
+
+@lldb_command('calcvmpagehash')
+def CalcVMPageHash(cmd_args=None):
+ """ Get the page bucket corresponding to the provided object and offset.
+ Usage: (lldb)calcvmpagehash <vm_object_t> <vm_offset_t>
+ """
+ if cmd_args == None or len(cmd_args) < 2:
+ raise ArgumentError("Please specify an object and offset.")
+
+ obj = kern.GetValueFromAddress(cmd_args[0],'unsigned long long')
+ off = kern.GetValueFromAddress(cmd_args[1],'unsigned long long')
+
+ hash_id = _calc_vm_page_hash(obj, off)
+
+ print("hash_id: 0x%x page_list: 0x%x\n" % (unsigned(hash_id), unsigned(kern.globals.vm_page_buckets[hash_id].page_list)))
+ return None
+
+def _calc_vm_page_hash(obj, off):
+ bucket_hash = (int) (kern.globals.vm_page_bucket_hash)
+ hash_mask = (int) (kern.globals.vm_page_hash_mask)
+
+ one = (obj * bucket_hash) & 0xFFFFFFFF
+ two = off >> unsigned(kern.globals.page_shift)
+ three = two ^ bucket_hash
+ four = one + three
+ hash_id = four & hash_mask
+
+ return hash_id
+
+VM_PAGE_IS_WIRED = 1
+
+@header("{0: <10s} of {1: <10s} {2: <20s} {3: <20s} {4: <20s} {5: <10s} {6: <5s}\t {7: <28s}\t{8: <50s}".format("index", "total", "vm_page_t", "offset", "next", "phys_page", "wire#", "first bitfield", "second bitfield"))
+@lldb_command('vmobjectwalkpages', 'SBNQP:')
+def VMObjectWalkPages(cmd_args=None, cmd_options={}):
+ """ Print the resident pages contained in the provided object. If a vm_page_t is provided as well, we
+ specifically look for this page, highlighting it in the output or noting if it was not found. For
+ each page, we confirm that it points to the object. We also keep track of the number of pages we
+ see and compare this to the object's resident page count field.
+ Usage:
+ vmobjectwalkpages <vm_object_t> : Walk and print all the pages for a given object (up to 4K pages by default)
+ vmobjectwalkpages <vm_object_t> -B : Walk and print all the pages for a given object (up to 4K pages by default), traversing the memq backwards
+ vmobjectwalkpages <vm_object_t> -N : Walk and print all the pages for a given object, ignore the page limit
+ vmobjectwalkpages <vm_object_t> -Q : Walk all pages for a given object, looking for known signs of corruption (i.e. q_state == VM_PAGE_IS_WIRED && wire_count == 0)
+ vmobjectwalkpages <vm_object_t> -P <vm_page_t> : Walk all the pages for a given object, annotate the specified page in the output with ***
+ vmobjectwalkpages <vm_object_t> -P <vm_page_t> -S : Walk all the pages for a given object, stopping when we find the specified page
+
+ """
+
+ if (cmd_args == None or len(cmd_args) < 1):
+ raise ArgumentError("Please specify at minimum a vm_object_t and optionally a vm_page_t")
+
+ out_string = ""
+
+ obj = kern.GetValueFromAddress(cmd_args[0], 'vm_object_t')
+
+ page = 0
+ if "-P" in cmd_options:
+ page = kern.GetValueFromAddress(cmd_options['-P'], 'vm_page_t')
+
+ stop = 0
+ if "-S" in cmd_options:
+ if page == 0:
+ raise ArgumentError("-S can only be passed when a page is specified with -P")
+ stop = 1
+
+ walk_backwards = False
+ if "-B" in cmd_options:
+ walk_backwards = True
+
+ quiet_mode = False
+ if "-Q" in cmd_options:
+ quiet_mode = True
+
+ if not quiet_mode:
+ print VMObjectWalkPages.header
+ format_string = "{0: <#10d} of {1: <#10d} {2: <#020x} {3: <#020x} {4: <#020x} {5: <#010x} {6: <#05d}\t"
+ first_bitfield_format_string = "{0: <#2d}:{1: <#1d}:{2: <#1d}:{3: <#1d}:{4: <#1d}:{5: <#1d}:{6: <#1d}:{7: <#1d}\t"
+ second_bitfield_format_string = "{0: <#1d}:{1: <#1d}:{2: <#1d}:{3: <#1d}:{4: <#1d}:{5: <#1d}:{6: <#1d}:"
+ second_bitfield_format_string += "{7: <#1d}:{8: <#1d}:{9: <#1d}:{10: <#1d}:{11: <#1d}:{12: <#1d}:"
+ second_bitfield_format_string += "{13: <#1d}:{14: <#1d}:{15: <#1d}:{16: <#1d}:{17: <#1d}:{18: <#1d}:{19: <#1d}:"
+ second_bitfield_format_string += "{20: <#1d}:{21: <#1d}:{22: <#1d}:{23: <#1d}:{24: <#1d}:{25: <#1d}:{26: <#1d}\n"
+
+ limit = 4096 #arbitrary limit of number of pages to walk
+ ignore_limit = 0
+ if "-N" in cmd_options:
+ ignore_limit = 1
+
+ page_count = 0
+ res_page_count = unsigned(obj.resident_page_count)
+ page_found = False
+ pages_seen = set()
+
+ for vmp in IterateQueue(obj.memq, "vm_page_t", "listq", walk_backwards, unpack_ptr_fn=_vm_page_unpack_ptr):
+ page_count += 1
+ out_string = ""
+ if (page != 0 and not(page_found) and vmp == page):
+ out_string += "******"
+ page_found = True
+
+ if page != 0 or quiet_mode:
+ if (page_count % 1000) == 0:
+ print "traversed %d pages ...\n" % (page_count)
+ else:
+ out_string += format_string.format(page_count, res_page_count, vmp, vmp.offset, _vm_page_unpack_ptr(vmp.listq.next), _vm_page_get_phys_page(vmp), vmp.wire_count)
+ out_string += first_bitfield_format_string.format(vmp.vm_page_q_state, vmp.vm_page_in_background, vmp.vm_page_on_backgroundq, vmp.gobbled, vmp.laundry, vmp.no_cache,
+ vmp.private, vmp.reference)
+
+ out_string += second_bitfield_format_string.format(vmp.busy, vmp.wanted, vmp.tabled, vmp.hashed, vmp.fictitious, vmp.clustered,
+ vmp.pmapped, vmp.xpmapped, vmp.wpmapped, vmp.free_when_done, vmp.absent,
+ vmp.error, vmp.dirty, vmp.cleaning, vmp.precious, vmp.overwriting,
+ vmp.restart, vmp.unusual, vmp.encrypted, vmp.encrypted_cleaning,
+ vmp.cs_validated, vmp.cs_tainted, vmp.cs_nx, vmp.reusable, vmp.lopage, vmp.slid,
+ vmp.written_by_kernel)
+
+ if (vmp in pages_seen):
+ print out_string + "cycle detected! we've seen vm_page_t: " + "{0: <#020x}".format(unsigned(vmp)) + " twice. stopping...\n"
+ return
+
+ if (_vm_page_unpack_ptr(vmp.vm_page_object) != unsigned(obj)):
+ print out_string + " vm_page_t: " + "{0: <#020x}".format(unsigned(vmp)) + " points to different vm_object_t: " + "{0: <#020x}".format(unsigned(_vm_page_unpack_ptr(vmp.vm_page_object)))
+ return
+
+ if (vmp.vm_page_q_state == VM_PAGE_IS_WIRED) and (vmp.wire_count == 0):
+ print out_string + " page in wired state with wire_count of 0\n"
+ print "vm_page_t: " + "{0: <#020x}".format(unsigned(vmp)) + "\n"
+ print "stopping...\n"
+ return
+
+ if ((vmp.__unused_pageq_bits != 0) or (vmp.__unused_object_bits != 0)):
+ print out_string + " unused bits not zero for vm_page_t: " + "{0: <#020x}".format(unsigned(vmp)) + " unused__pageq_bits: %d unused_object_bits : %d\n" % (vmp.__unused_pageq_bits,
+ vmp.__unused_object_bits)
+ print "stopping...\n"
+ return
+
+ pages_seen.add(vmp)
+
+ if False:
+ hash_id = _calc_vm_page_hash(obj, vmp.offset)
+ hash_page_list = kern.globals.vm_page_buckets[hash_id].page_list
+ hash_page = _vm_page_unpack_ptr(hash_page_list)
+ hash_page_t = 0
+
+ while (hash_page != 0):
+ hash_page_t = kern.GetValueFromAddress(hash_page, 'vm_page_t')
+ if hash_page_t == vmp:
+ break
+ hash_page = _vm_page_unpack_ptr(hash_page_t.next_m)
+
+ if (unsigned(vmp) != unsigned(hash_page_t)):
+ print out_string + "unable to find page: " + "{0: <#020x}".format(unsigned(vmp)) + " from object in kernel page bucket list\n"
+ print lldb_run_command("vm_page_info %s 0x%x" % (cmd_args[0], unsigned(vmp.offset)))
+ return
+
+ if (page_count >= limit and not(ignore_limit)):
+ print out_string + "Limit reached (%d pages), stopping..." % (limit)
+ return
+
+ print out_string
+
+ if page_found and stop:
+ print("Object reports resident page count of: %d we stopped after traversing %d and finding the requested page.\n" % (unsigned(obj.res_page_count), unsigned(page_count)))
+ return
+
+ if (page != 0):
+ print("page found? : %s\n" % page_found)
+
+ print("Object reports resident page count of %d, we saw %d pages when we walked the resident list.\n" % (unsigned(obj.resident_page_count), unsigned(page_count)))
+
+
+@lldb_command("show_all_apple_protect_pagers")
+def ShowAllAppleProtectPagers(cmd_args=None):
+ """Routine to print all apple_protect pagers
+ usage: show_all_apple_protect_pagers
+ """
+ print "{:>3s} {:<3s} {:<18s} {:>5s} {:>5s} {:>6s} {:<18s} {:<18s} {:<18s} {:<18s} {:<18s} {:<18s}\n".format("#", "#", "pager", "refs", "ready", "mapped", "mo_control", "object", "offset", "crypto_offset", "crypto_start", "crypto_end")
+ qhead = kern.globals.apple_protect_pager_queue
+ qtype = GetType('apple_protect_pager *')
+ qcnt = kern.globals.apple_protect_pager_count
+ idx = 0
+ for pager in IterateQueue(qhead, qtype, "pager_queue"):
+ idx = idx + 1
+ show_apple_protect_pager(pager, qcnt, idx)
+
+@lldb_command("show_apple_protect_pager")
+def ShowAppleProtectPager(cmd_args=None):
+ """Routine to print out info about an apple_protect pager
+ usage: show_apple_protect_pager <pager>
+ """
+ if cmd_args == None or len(cmd_args) < 1:
+ print "Invalid argument.", ShowMap.__doc__
+ return
+ pager = kern.GetValueFromAddress(cmd_ars[0], 'apple_protect_pager_t')
+ show_apple_protect_pager(pager, 1, 1)
+
+def show_apple_protect_pager(pager, qcnt, idx):
+ object = pager.backing_object
+ shadow = object.shadow
+ while shadow != 0:
+ object = shadow
+ shadow = object.shadow
+ vnode_pager = Cast(object.pager,'vnode_pager *')
+ filename = GetVnodePath(vnode_pager.vnode_handle)
+ print "{:>3}/{:<3d} {:#018x} {:>5d} {:>5d} {:>6d} {:#018x} {:#018x} {:#018x} {:#018x} {:#018x} {:#018x}\n\tcrypt_info:{:#018x} <decrypt:{:#018x} end:{:#018x} ops:{:#018x} refs:{:<d}>\n\tvnode:{:#018x} {:s}\n".format(idx, qcnt, pager, pager.ref_count, pager.is_ready, pager.is_mapped, pager.pager_control, pager.backing_object, pager.backing_offset, pager.crypto_backing_offset, pager.crypto_start, pager.crypto_end, pager.crypt_info, pager.crypt_info.page_decrypt, pager.crypt_info.crypt_end, pager.crypt_info.crypt_ops, pager.crypt_info.crypt_refcnt, vnode_pager.vnode_handle, filename)
+
+@lldb_command("show_console_ring")
+def ShowConsoleRingData(cmd_args=None):
+ """ Print console ring buffer stats and data
+ """
+ cr = kern.globals.console_ring
+ print "console_ring = {:#018x} buffer = {:#018x} length = {:<5d} used = {:<5d} read_ptr = {:#018x} write_ptr = {:#018x}".format(addressof(cr), cr.buffer, cr.len, cr.used, cr.read_ptr, cr.write_ptr)
+ pending_data = []
+ for i in range(unsigned(cr.used)):
+ idx = ((unsigned(cr.read_ptr) - unsigned(cr.buffer)) + i) % unsigned(cr.len)
+ pending_data.append("{:c}".format(cr.buffer[idx]))
+
+ if pending_data:
+ print "Data:"
+ print "".join(pending_data)
+
+# Macro: showjetsamsnapshot
+
+@lldb_command("showjetsamsnapshot", "DA")
+def ShowJetsamSnapshot(cmd_args=None, cmd_options={}):
+ """ Dump entries in the jetsam snapshot table
+ usage: showjetsamsnapshot [-D] [-A]
+ Use -D flag to print extra physfootprint details
+ Use -A flag to print all entries (regardless of valid count)
+ """
+
+ # Not shown are uuid, user_data, cpu_time
+
+ global kern
+ if kern.arch == 'x86_64':
+ print "Snapshots are not supported.\n"
+ return
+
+ show_footprint_details = False
+ show_all_entries = False
+
+ if "-D" in cmd_options:
+ show_footprint_details = True
+
+ if "-A" in cmd_options:
+ show_all_entries = True
+
+ valid_count = kern.globals.memorystatus_jetsam_snapshot_count
+ max_count = kern.globals.memorystatus_jetsam_snapshot_max
+
+ if (show_all_entries == True):
+ count = max_count
+ else:
+ count = valid_count
+
+ print "{:s}".format(valid_count)
+ print "{:s}".format(max_count)
+
+ if int(count) == 0:
+ print "The jetsam snapshot is empty."
+ print "Use -A to force dump all entries (regardless of valid count)"
+ return
+
+ # Dumps the snapshot header info
+ print lldb_run_command('p *memorystatus_jetsam_snapshot')
+
+ hdr_format = "{0: >32s} {1: >5s} {2: >4s} {3: >6s} {4: >6s} {5: >20s} {6: >20s} {7: >20s} {8: >5s} {9: >10s} {10: >6s} {11: >6s} {12: >10s} {13: >15s} {14: >15s} {15: >15s} {16: >15s}"
+ if (show_footprint_details == True):
+ hdr_format += "{17: >15s} {18: >15s} {19: >12s} {20: >12s} {21: >17s} {22: >10s} {23: >13s} {24: >10s}"
+
+
+ if (show_footprint_details == False):
+ print hdr_format.format('command', 'index', 'pri', 'cid', 'pid', 'starttime', 'killtime', 'idletime', 'kill', '#ents', 'fds', 'gen', 'state', 'footprint', 'max', 'purgeable', 'lifetimeMax')
+ print hdr_format.format('', '', '', '', '', '(abs)', '(abs)', '(abs)', 'cause', '', '', 'Count', '', '(pages)', '(pages)', '(pages)', '(pages)')
+ else:
+ print hdr_format.format('command', 'index', 'pri', 'cid', 'pid', 'starttime', 'killtime', 'idletime', 'kill', '#ents', 'fds', 'gen', 'state', 'footprint', 'max', 'purgeable', 'lifetimeMax', '|| internal', 'internal_comp', 'iokit_mapped', 'purge_nonvol', 'purge_nonvol_comp', 'alt_acct', 'alt_acct_comp', 'page_table')
+ print hdr_format.format('', '', '', '', '', '(abs)', '(abs)', '(abs)', 'cause', '', '', 'Count', '', '(pages)', '(pages)', '(pages)', '(pages)', '(pages)', '(pages)', '(pages)', '(pages)', '(pages)', '(pages)', '(pages)', '(pages)')
+
+
+ entry_format = "{e.name: >32s} {index: >5d} {e.priority: >4d} {e.jse_coalition_jetsam_id: >6d} {e.pid: >6d} "\
+ "{e.jse_starttime: >20d} {e.jse_killtime: >20d} "\
+ "{e.jse_idle_delta: >20d} {e.killed: >5d} {e.jse_memory_region_count: >10d} "\
+ "{e.fds: >6d} {e.jse_gencount: >6d} {e.state: >10x} {e.pages: >15d} {e.max_pages: >15d} "\
+ "{e.purgeable_pages: >15d} {e.max_pages_lifetime: >15d}"
+
+ if (show_footprint_details == True):
+ entry_format += "{e.jse_internal_pages: >15d} "\
+ "{e.jse_internal_compressed_pages: >15d} "\
+ "{e.jse_iokit_mapped_pages: >12d} "\
+ "{e.jse_purgeable_nonvolatile_pages: >12d} "\
+ "{e.jse_purgeable_nonvolatile_compressed_pages: >17d} "\
+ "{e.jse_alternate_accounting_pages: >10d} "\
+ "{e.jse_alternate_accounting_compressed_pages: >13d} "\
+ "{e.jse_page_table_pages: >10d}"
+
+ snapshot_list = kern.globals.memorystatus_jetsam_snapshot.entries
+ idx = 0
+ while idx < count:
+ current_entry = Cast(snapshot_list[idx], 'jetsam_snapshot_entry')
+ print entry_format.format(index=idx, e=current_entry)
+ idx +=1
+ return
+
+# EndMacro: showjetsamsnapshot
projects / apple / xnu.git / blobdiff