IDA 7.3 and later includes a powerful, improved shared cache toolkit.
IDA 7.3 and greater include the ability to load only data segments on-demand without processing the text segment.Īnalyzing the dyld_shared_cache in IDA Pro 7.3 and later. 
"Segment" or "Module Segment" refers to a specific segment of a framework. "Module" represents a Framework or library located in the dyld_shared_cache. It will block your UI while loading otherwise.Ī majority of the information in this article details the process of reverse engineering using the dyld_shared_cache, as doing such is poorly documented in official documents. If you're on an OS with the ability to create "desktops", it's suggested you give IDA it's own. This means when doing anything remotely intensive, it will appear to freeze. This will waste your time and hurt your analysis. If enabled, it will irreversibly "fix" names by setting them to completely incorrect values. Processing will speed up anywhere from 5x to 100x. When analyzing massive files, close all of the windows inside IDA (IDA View-A, functions, output, etc). Don't do this if you plan on REing anything before the heat death of the universe. Initiating a search in the Functions window while analyzing will slow down IDA to the point of insanity. Close the function window while analyzing to speed up processing about 10 times, typically. 3.3 Simulator Binaries: the recommended solution on older IDA versions. 3.2 Working with pseudocode from the dyld_shared_cache. 3.1.1.3 off_xxxxxxxxx (random hex address prefixed by "off_") in your assembly. 3.1.1 Load the framework you're interested in. 3.1 Analyzing a specific framework from the dyld_shared_cache. 3 Analyzing the dyld_shared_cache in IDA Pro 7.3 and later.
0 kommentar(er)
