Re: String Compare
Re: String Compare
- Subject: Re: String Compare
- From: Dean Reece <email@hidden>
- Date: Mon, 11 Apr 2005 16:29:06 -0700
On Apr 11, 2005, at 10:06, Dean Reece wrote:
There presently isn't an easy way to determine what the export name
is without examining the .exports files in the kernel project (xnu).
I've just learned a new trick, and I thought I would share...
If you run "nm -m" on one of our pseudo-kexts, it lists both the name
that a symbol goes by in the kernel, as well as the name it is
exported under.
For example:
nm -m <SomePseudoKextBinary>
...
(undefined) external _KPISymbol1
(indirect) external _KPISymbol2 (for _KernelSymbol2)
...
This shows two symbols, the first of which is kernel symbols exported
under it's original name "KPISymbol1 ".
The second line shows the kernel symbol "KernelSymbol2 " being
exported under the name "KPISymbol2 ".
Enjoy,
- Dean
On Apr 11, 2005, at 10:06, Dean Reece wrote:
On Apr 11, 2005, at 08:55, Andrew Gallatin wrote:
Carl Smith writes:
Ah I see, said the blind man. Thanks Quinn, understand the concept a
little more.
Ok so I ran the % find /System/Library/Extensions/System.kext/
PlugIns \
-type f -a ! -name "*.plist" | xargs nm | grep strcmp
and I get back:
U _strcmp
U _strcmp
U _strcmp
How does this tell me which KPI exports the symbol, I thought I was
looking for something like, "com.apple.kernel.libkern" and so on?
Try adding -o to nm. Eg:
Thats way better than my grep -r suggestion.
% find /System/Library/Extensions/System.kext/PlugIns -type f -a !
-name "*.plist" | xargs nm -o | grep strncmp
/System/Library/Extensions/System.kext/PlugIns/Libkern.kext/
Libkern: U _strncmp
/System/Library/Extensions/System.kext/PlugIns/Mach.kext/
Mach: U _strncmp
/System/Library/Extensions/System.kext/PlugIns/System6.0.kext/
kernel.6.0: U _strncmp
Note the "U", which means it is importing the symbol...
From some discussions I had off-list, these files generally contain
imported symbols which they also re-export. But not always, and
there isn't a 100% bullet proof way to figure out which "fake"
kext supplies which symbols.
The way this all works, any symbol which is imported by a fake kext
is also exported by it, but it may be exported under a different
name. So, if you see the symbol you want in a fake kext, then you
know it is available, but possibly under a different name. There
presently isn't an easy way to determine what the export name is
without examining the .exports files in the kernel project (xnu).
The good news is that this symbol renaming is very rarely done - it
is primarily used so that we can provide two versions of the same
function in the kernel, say foo_v1() and foo_v2(), which then both
get exported as foo() in the appropriately versioned pseduo-kexts.
In most cases where you would encounter the renaming, you'd still
find the symbol you were looking for, but with a suffix.
Cheers,
- Dean
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden