The lifecycle of a Dynamic Loader from its creation to its termination.
This is the fourth article in the series about debugging Dyld-1122 and analyzing its source code. We will start from the RuntimeLocks function in dyldMain.cpp, which is the exact point where we finished the last article.
Please note that this analysis may contain some errors as I am still learning and working on it alone. No one has checked it for mistakes. Please let me know in the comments or contact me through my social media if you find anything.
Let’s go!
WORKING MAP
As last time, we begin our journey by decompiling the Dyld using a Hopper.
hopper -e '/usr/lib/dyld'We are in the dyld`start after finishing the handleDyldInCache. We chose not to follow the restartWithDyldInCache path using DYLD_IN_CACHE=0 and we eventually escaped the handleDyldInCache and proceeded with the execution to RuntimeLocks.
In this episode, we will start analysing the Memory Manager, beginning from RuntimeLocks and finishing just before EphemeralAllocator.
Dyld GitHub repository:
- Start:
RuntimeLocksin dyld-1122.1 — dyldMain.cpp#L1219 - End:
EphemeralAllocatorin dyld-1122.1 — dyldMain.cpp#L1234
LLDB breakpoints:
# Start - dyld`start+1264
settings set target.env-vars DYLD_IN_CACHE=0
br set -n start -s dyld -R 1264
# END - dyld`start+1480
br set -n start -s dyld -R 1480The next article will start at the exact point where this one finishes.
