• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: String Compare
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: String Compare

  • Subject: Re: String Compare
  • From: Dean Reece <email@hidden>
  • Date: Mon, 11 Apr 2005 10:06:37 -0700
On Apr 11, 2005, at 08:55, Andrew Gallatin wrote: 
Carl Smith writes:

Ah I see, said the blind man. Thanks Quinn, understand the concept a
little more.

Ok so I ran the % find /System/Library/Extensions/System.kext/ PlugIns \
-type f -a ! -name "*.plist" | xargs nm | grep strcmp

and I get back:
U _strcmp
U _strcmp
U _strcmp

How does this tell me which KPI exports the symbol, I thought I was
looking for something like, "com.apple.kernel.libkern" and so on?

Try adding -o to nm. Eg: 

Thats way better than my grep -r suggestion.

% find /System/Library/Extensions/System.kext/PlugIns -type f -a ! - name "*.plist" | xargs nm -o | grep strncmp
/System/Library/Extensions/System.kext/PlugIns/Libkern.kext/ Libkern: U _strncmp
/System/Library/Extensions/System.kext/PlugIns/Mach.kext/ Mach: U _strncmp
/System/Library/Extensions/System.kext/PlugIns/System6.0.kext/ kernel.6.0: U _strncmp

Note the "U", which means it is importing the symbol...

From some discussions I had off-list, these files generally contain
imported symbols which they also re-export. But not always, and there isn't a 100% bullet proof way to figure out which "fake" kext supplies which symbols.

The way this all works, any symbol which is imported by a fake kext is also exported by it, but it may be exported under a different name. So, if you see the symbol you want in a fake kext, then you know it is available, but possibly under a different name. There presently isn't an easy way to determine what the export name is without examining the .exports files in the kernel project (xnu).

The good news is that this symbol renaming is very rarely done - it is primarily used so that we can provide two versions of the same function in the kernel, say foo_v1() and foo_v2(), which then both get exported as foo() in the appropriately versioned pseduo-kexts. In most cases where you would encounter the renaming, you'd still find the symbol you were looking for, but with a suffix.

Cheers,
 - Dean
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: String Compare

      • From: Dean Reece <email@hidden>
      • 

    • Re: String Compare

      • From: Andrew Gallatin <email@hidden>
      • 





References: 


 >re: String Compare (From: "Carl Smith" <email@hidden>)


 >re: String Compare (From: Andrew Gallatin <email@hidden>)






    

  • Prev by Date:
Re: String Compare

    • 

  • Next by Date:
Re: String Compare

    • 

  • Previous by thread:
re: String Compare

    • 

  • Next by thread:
Re: String Compare

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •