├── .gitignore ├── 16.6 Beta1 Offsets ├── iPad10,2 16.6 20G5026e.h ├── iPad11,2 16.6 20G5026e.h ├── iPad13,1 16.6 20G5026e.h ├── iPad13,10 16.6 20G5026e.h ├── iPad13,16 16.6 20G5026e.h ├── iPad14,2 16.6 20G5026e.h ├── iPad14,3 16.6 20G5026e.h ├── iPad14,4 16.6 20G5026e.h ├── iPad14,5 16.6 20G5026e.h ├── iPad14,6 16.6 20G5026e.h ├── iPad_10.2 16.6 20G5026e.h ├── iPad_Fall_202 16.6 20G5026e.h ├── iPad_Fall_2020 16.6 20G5026e.h ├── iPad_Fall_2022 16.6 20G5026e.h ├── iPad_Pro_Spring_2021 16.6 20G5026e.h ├── iPad_Spring_2022 16.6 20G5026e.h ├── iPhone11,2 16.6 20G5026e.h ├── iPhone11,2,iPhone11,4,iPhone11,6 16.6 20G5026e.h ├── iPhone11,6 16.6 20G5026e.h ├── iPhone11,8 16.6 20G5026e.h ├── iPhone12,1 16.6 20G5026e.h ├── iPhone12,3,iPhone12,5 16.6 20G5026e.h ├── iPhone12,8 16.6 20G5026e.h ├── iPhone13,1 16.6 20G5026e.h ├── iPhone13,2,iPhone13,3 16.6 20G5026e.h ├── iPhone13,4 16.6 20G5026e.h ├── iPhone14,2 16.6 20G5026e.h ├── iPhone14,3 16.6 20G5026e.h ├── iPhone14,4 16.6 20G5026e.h ├── iPhone14,5 16.3 20D47.h ├── iPhone14,5 16.6 20G5026e.h ├── iPhone14,6 16.6 20G5026e.h └── iPhone14,7 16.6 20G5026e.h ├── README.md ├── lpfinstaller.sh ├── offsets ├── iPad11,1 16.1 20B82.h ├── iPad11,1 16.1.1 20B101.h ├── iPad11,1 16.2 20C65.h ├── iPad11,1 16.3 20D47.h ├── iPad11,1 16.3.1 20D67.h ├── iPad11,1 16.4 20E246.h ├── iPad11,1 16.4.1 20E252.h ├── iPad11,1 16.5 20F66.h ├── iPad11,2 16.1 20B82.h ├── iPad11,2 16.1.1 20B101.h ├── iPad11,2 16.2 20C65.h ├── iPad11,2 16.3 20D47.h ├── iPad11,2 16.3.1 20D67.h ├── iPad11,2 16.4 20E246.h ├── iPad11,2 16.4.1 20E252.h ├── iPad11,2 16.5 20F66.h ├── iPad11,3 16.1 20B82.h ├── iPad11,3 16.1.1 20B101.h ├── iPad11,3 16.2 20C65.h ├── iPad11,3 16.3 20D47.h ├── iPad11,3 16.3.1 20D67.h ├── iPad11,3 16.4 20E246.h ├── iPad11,3 16.4.1 20E252.h ├── iPad11,3 16.5 20F66.h ├── iPad11,4 16.1 20B82.h ├── iPad11,4 16.1.1 20B101.h ├── iPad11,4 16.2 20C65.h ├── iPad11,4 16.3 20D47.h ├── iPad11,4 16.3.1 20D67.h ├── iPad11,4 16.4 20E246.h ├── iPad11,4 16.4.1 20E252.h ├── iPad11,4 16.5 20F66.h ├── iPad11,6 16.1 20B82.h ├── iPad11,6 16.1.1 20B101.h ├── iPad11,6 16.2 20C65.h ├── iPad11,6 16.3 20D47.h ├── iPad11,6 16.3.1 20D67.h ├── iPad11,6 16.4 20E246.h ├── iPad11,6 16.4.1 20E252.h ├── iPad11,6 16.5 20F66.h ├── iPad11,7 16.1 20B82.h ├── iPad11,7 16.1.1 20B101.h ├── iPad11,7 16.2 20C65.h ├── iPad11,7 16.3 20D47.h ├── iPad11,7 16.3.1 20D67.h ├── iPad11,7 16.4 20E246.h ├── iPad11,7 16.4.1 20E252.h ├── iPad11,7 16.5 20F66.h ├── iPad12,1 16.1 20B82.h ├── iPad12,1 16.1.1 20B101.h ├── iPad12,1 16.2 20C65.h ├── iPad12,1 16.3 20D47.h ├── iPad12,1 16.3.1 20D67.h ├── iPad12,1 16.4 20E246.h ├── iPad12,1 16.4.1 20E252.h ├── iPad12,1 16.5 20F66.h ├── iPad12,2 16.1 20B82.h ├── iPad12,2 16.1.1 20B101.h ├── iPad12,2 16.2 20C65.h ├── iPad12,2 16.3 20D47.h ├── iPad12,2 16.3.1 20D67.h ├── iPad12,2 16.4 20E246.h ├── iPad12,2 16.4.1 20E252.h ├── iPad12,2 16.5 20F66.h ├── iPad13,1 16.1 20B82.h ├── iPad13,1 16.1.1 20B101.h ├── iPad13,1 16.2 20C65.h ├── iPad13,1 16.3 20D47.h ├── iPad13,1 16.3.1 20D67.h ├── iPad13,1 16.4 20E246.h ├── iPad13,1 16.4.1 20E252.h ├── iPad13,1 16.5 20F66.h ├── iPad13,10 16.1 20B82.h ├── iPad13,10 16.1.1 20B101.h ├── iPad13,10 16.2 20C65.h ├── iPad13,10 16.3 20D47.h ├── iPad13,10 16.3.1 20D67.h ├── iPad13,10 16.4 20E246.h ├── iPad13,10 16.4.1 20E252.h ├── iPad13,10 16.5 20F66.h ├── iPad13,11 16.1 20B82.h ├── iPad13,11 16.1.1 20B101.h ├── iPad13,11 16.2 20C65.h ├── iPad13,11 16.3 20D47.h ├── iPad13,11 16.3.1 20D67.h ├── iPad13,11 16.4 20E246.h ├── iPad13,11 16.4.1 20E252.h ├── iPad13,11 16.5 20F66.h ├── iPad13,16 16.1 20B82.h ├── iPad13,16 16.1.1 20B101.h ├── iPad13,16 16.2 20C65.h ├── iPad13,16 16.3 20D47.h ├── iPad13,16 16.3.1 20D67.h ├── iPad13,16 16.4 20E246.h ├── iPad13,16 16.4.1 20E252.h ├── iPad13,16 16.5 20F66.h ├── iPad13,17 16.1 20B82.h ├── iPad13,17 16.1.1 20B101.h ├── iPad13,17 16.2 20C65.h ├── iPad13,17 16.3 20D47.h ├── iPad13,17 16.3.1 20D67.h ├── iPad13,17 16.4 20E246.h ├── iPad13,17 16.4.1 20E252.h ├── iPad13,17 16.5 20F66.h ├── iPad13,18 16.1 20B82.h ├── iPad13,18 16.1.1 20B101.h ├── iPad13,18 16.2 20C65.h ├── iPad13,18 16.3 20D47.h ├── iPad13,18 16.3.1 20D67.h ├── iPad13,18 16.4 20E246.h ├── iPad13,18 16.4.1 20E252.h ├── iPad13,18 16.5 20F66.h ├── iPad13,19 16.1 20B82.h ├── iPad13,19 16.1.1 20B101.h ├── iPad13,19 16.2 20C65.h ├── iPad13,19 16.3 20D47.h ├── iPad13,19 16.3.1 20D67.h ├── iPad13,19 16.4 20E246.h ├── iPad13,19 16.4.1 20E252.h ├── iPad13,19 16.5 20F66.h ├── iPad13,2 16.1 20B82.h ├── iPad13,2 16.1.1 20B101.h ├── iPad13,2 16.2 20C65.h ├── iPad13,2 16.3 20D47.h ├── iPad13,2 16.3.1 20D67.h ├── iPad13,2 16.4 20E246.h ├── iPad13,2 16.4.1 20E252.h ├── iPad13,2 16.5 20F66.h ├── iPad13,4 16.1 20B82.h ├── iPad13,4 16.1.1 20B101.h ├── iPad13,4 16.2 20C65.h ├── iPad13,4 16.3 20D47.h ├── iPad13,4 16.3.1 20D67.h ├── iPad13,4 16.4 20E246.h ├── iPad13,4 16.4.1 20E252.h ├── iPad13,4 16.5 20F66.h ├── iPad13,5 16.1 20B82.h ├── iPad13,5 16.1.1 20B101.h ├── iPad13,5 16.2 20C65.h ├── iPad13,5 16.3 20D47.h ├── iPad13,5 16.3.1 20D67.h ├── iPad13,5 16.4 20E246.h ├── iPad13,5 16.4.1 20E252.h ├── iPad13,5 16.5 20F66.h ├── iPad13,6 16.1 20B82.h ├── iPad13,6 16.1.1 20B101.h ├── iPad13,6 16.2 20C65.h ├── iPad13,6 16.3 20D47.h ├── iPad13,6 16.3.1 20D67.h ├── iPad13,6 16.4 20E246.h ├── iPad13,6 16.4.1 20E252.h ├── iPad13,6 16.5 20F66.h ├── iPad13,7 16.1 20B82.h ├── iPad13,7 16.1.1 20B101.h ├── iPad13,7 16.2 20C65.h ├── iPad13,7 16.3 20D47.h ├── iPad13,7 16.3.1 20D67.h ├── iPad13,7 16.4 20E246.h ├── iPad13,7 16.4.1 20E252.h ├── iPad13,7 16.5 20F66.h ├── iPad13,8 16.1 20B82.h ├── iPad13,8 16.1.1 20B101.h ├── iPad13,8 16.2 20C65.h ├── iPad13,8 16.3 20D47.h ├── iPad13,8 16.3.1 20D67.h ├── iPad13,8 16.4 20E246.h ├── iPad13,8 16.4.1 20E252.h ├── iPad13,8 16.5 20F66.h ├── iPad13,9 16.1 20B82.h ├── iPad13,9 16.1.1 20B101.h ├── iPad13,9 16.2 20C65.h ├── iPad13,9 16.3 20D47.h ├── iPad13,9 16.3.1 20D67.h ├── iPad13,9 16.4 20E246.h ├── iPad13,9 16.4.1 20E252.h ├── iPad13,9 16.5 20F66.h ├── iPad14,1 16.1 20B82.h ├── iPad14,1 16.1.1 20B101.h ├── iPad14,1 16.2 20C65.h ├── iPad14,1 16.3 20D47.h ├── iPad14,1 16.3.1 20D67.h ├── iPad14,1 16.4 20E246.h ├── iPad14,1 16.4.1 20E252.h ├── iPad14,1 16.5 20F66.h ├── iPad14,2 16.1 20B82.h ├── iPad14,2 16.1.1 20B101.h ├── iPad14,2 16.2 20C65.h ├── iPad14,2 16.3 20D47.h ├── iPad14,2 16.3.1 20D67.h ├── iPad14,2 16.4 20E246.h ├── iPad14,2 16.4.1 20E252.h ├── iPad14,2 16.5 20F66.h ├── iPad14,3 16.1 20B82.h ├── iPad14,3 16.1.1 20B101.h ├── iPad14,3 16.2 20C65.h ├── iPad14,3 16.3 20D47.h ├── iPad14,3 16.3.1 20D67.h ├── iPad14,3 16.4 20E246.h ├── iPad14,3 16.4.1 20E252.h ├── iPad14,3 16.5 20F66.h ├── iPad14,4 16.1 20B82.h ├── iPad14,4 16.1.1 20B101.h ├── iPad14,4 16.2 20C65.h ├── iPad14,4 16.3 20D47.h ├── iPad14,4 16.3.1 20D67.h ├── iPad14,4 16.4 20E246.h ├── iPad14,4 16.4.1 20E252.h ├── iPad14,4 16.5 20F66.h ├── iPad14,5 16.1 20B82.h ├── iPad14,5 16.1.1 20B101.h ├── iPad14,5 16.2 20C65.h ├── iPad14,5 16.3 20D47.h ├── iPad14,5 16.3.1 20D67.h ├── iPad14,5 16.4 20E246.h ├── iPad14,5 16.4.1 20E252.h ├── iPad14,5 16.5 20F66.h ├── iPad14,6 16.1 20B82.h ├── iPad14,6 16.1.1 20B101.h ├── iPad14,6 16.2 20C65.h ├── iPad14,6 16.3 20D47.h ├── iPad14,6 16.3.1 20D67.h ├── iPad14,6 16.4 20E246.h ├── iPad14,6 16.4.1 20E252.h ├── iPad14,6 16.5 20F66.h ├── iPhone11,2 16.0 20A362.h ├── iPhone11,2 16.0.2 20A380.h ├── iPhone11,2 16.0.3 20A392.h ├── iPhone11,2 16.1 20B82.h ├── iPhone11,2 16.1.1 20B101.h ├── iPhone11,2 16.1.2 20B110.h ├── iPhone11,2 16.2 20C65.h ├── iPhone11,2 16.3 20D47.h ├── iPhone11,2 16.3.1 20D67.h ├── iPhone11,2 16.4 20E247.h ├── iPhone11,2 16.4.1 20E252.h ├── iPhone11,2 16.5 20F66.h ├── iPhone11,4 16.0 20A362.h ├── iPhone11,4 16.0.2 20A380.h ├── iPhone11,4 16.0.3 20A392.h ├── iPhone11,4 16.1 20B82.h ├── iPhone11,4 16.1.1 20B101.h ├── iPhone11,4 16.1.2 20B110.h ├── iPhone11,4 16.2 20C65.h ├── iPhone11,4 16.3 20D47.h ├── iPhone11,4 16.3.1 20D67.h ├── iPhone11,4 16.4 20E247.h ├── iPhone11,4 16.4.1 20E252.h ├── iPhone11,4 16.5 20F66.h ├── iPhone11,6 16.0 20A362.h ├── iPhone11,6 16.0.2 20A380.h ├── iPhone11,6 16.0.3 20A392.h ├── iPhone11,6 16.1 20B82.h ├── iPhone11,6 16.1.1 20B101.h ├── iPhone11,6 16.1.2 20B110.h ├── iPhone11,6 16.2 20C65.h ├── iPhone11,6 16.3 20D47.h ├── iPhone11,6 16.3.1 20D67.h ├── iPhone11,6 16.4 20E247.h ├── iPhone11,6 16.4.1 20E252.h ├── iPhone11,6 16.5 20F66.h ├── iPhone11,8 16.0 20A362.h ├── iPhone11,8 16.0.2 20A380.h ├── iPhone11,8 16.0.3 20A392.h ├── iPhone11,8 16.1 20B82.h ├── iPhone11,8 16.1.1 20B101.h ├── iPhone11,8 16.1.2 20B110.h ├── iPhone11,8 16.2 20C65.h ├── iPhone11,8 16.3 20D47.h ├── iPhone11,8 16.3.1 20D67.h ├── iPhone11,8 16.4 20E247.h ├── iPhone11,8 16.4.1 20E252.h ├── iPhone11,8 16.5 20F66.h ├── iPhone12,1 16.0 20A362.h ├── iPhone12,1 16.0.2 20A380.h ├── iPhone12,1 16.0.3 20A392.h ├── iPhone12,1 16.1 20B82.h ├── iPhone12,1 16.1.1 20B101.h ├── iPhone12,1 16.1.2 20B110.h ├── iPhone12,1 16.2 20C65.h ├── iPhone12,1 16.3 20D47.h ├── iPhone12,1 16.3.1 20D67.h ├── iPhone12,1 16.4 20E247.h ├── iPhone12,1 16.4.1 20E252.h ├── iPhone12,1 16.5 20F66.h ├── iPhone12,3 16.0 20A362.h ├── iPhone12,3 16.0.2 20A380.h ├── iPhone12,3 16.0.3 20A392.h ├── iPhone12,3 16.1 20B82.h ├── iPhone12,3 16.1.1 20B101.h ├── iPhone12,3 16.1.2 20B110.h ├── iPhone12,3 16.2 20C65.h ├── iPhone12,3 16.3 20D47.h ├── iPhone12,3 16.3.1 20D67.h ├── iPhone12,3 16.4 20E247.h ├── iPhone12,3 16.4.1 20E252.h ├── iPhone12,3 16.5 20F66.h ├── iPhone12,5 16.0 20A362.h ├── iPhone12,5 16.0.2 20A380.h ├── iPhone12,5 16.0.3 20A392.h ├── iPhone12,5 16.1 20B82.h ├── iPhone12,5 16.1.1 20B101.h ├── iPhone12,5 16.1.2 20B110.h ├── iPhone12,5 16.2 20C65.h ├── iPhone12,5 16.3 20D47.h ├── iPhone12,5 16.3.1 20D67.h ├── iPhone12,5 16.4 20E247.h ├── iPhone12,5 16.4.1 20E252.h ├── iPhone12,5 16.5 20F66.h ├── iPhone12,8 16.0 20A362.h ├── iPhone12,8 16.0.2 20A380.h ├── iPhone12,8 16.0.3 20A392.h ├── iPhone12,8 16.1 20B82.h ├── iPhone12,8 16.1.1 20B101.h ├── iPhone12,8 16.1.2 20B110.h ├── iPhone12,8 16.2 20C65.h ├── iPhone12,8 16.3 20D47.h ├── iPhone12,8 16.3.1 20D67.h ├── iPhone12,8 16.4 20E247.h ├── iPhone12,8 16.4.1 20E252.h ├── iPhone12,8 16.5 20F66.h ├── iPhone13,1 16.0 20A362.h ├── iPhone13,1 16.0.2 20A380.h ├── iPhone13,1 16.0.3 20A392.h ├── iPhone13,1 16.1 20B82.h ├── iPhone13,1 16.1.1 20B101.h ├── iPhone13,1 16.1.2 20B110.h ├── iPhone13,1 16.2 20C65.h ├── iPhone13,1 16.3 20D47.h ├── iPhone13,1 16.3.1 20D67.h ├── iPhone13,1 16.4 20E247.h ├── iPhone13,1 16.4.1 20E252.h ├── iPhone13,1 16.5 20F66.h ├── iPhone13,2 16.0 20A362.h ├── iPhone13,2 16.0.2 20A380.h ├── iPhone13,2 16.0.3 20A392.h ├── iPhone13,2 16.1 20B82.h ├── iPhone13,2 16.1.1 20B101.h ├── iPhone13,2 16.1.2 20B110.h ├── iPhone13,2 16.2 20C65.h ├── iPhone13,2 16.3 20D47.h ├── iPhone13,2 16.3.1 20D67.h ├── iPhone13,2 16.4 20E247.h ├── iPhone13,2 16.4.1 20E252.h ├── iPhone13,2 16.5 20F66.h ├── iPhone13,3 16.0 20A362.h ├── iPhone13,3 16.0.2 20A380.h ├── iPhone13,3 16.0.3 20A392.h ├── iPhone13,3 16.1 20B82.h ├── iPhone13,3 16.1.1 20B101.h ├── iPhone13,3 16.1.2 20B110.h ├── iPhone13,3 16.2 20C65.h ├── iPhone13,3 16.3 20D47.h ├── iPhone13,3 16.3.1 20D67.h ├── iPhone13,3 16.4 20E247.h ├── iPhone13,3 16.4.1 20E252.h ├── iPhone13,3 16.5 20F66.h ├── iPhone13,4 16.0 20A362.h ├── iPhone13,4 16.0.2 20A380.h ├── iPhone13,4 16.0.3 20A392.h ├── iPhone13,4 16.1 20B82.h ├── iPhone13,4 16.1.1 20B101.h ├── iPhone13,4 16.1.2 20B110.h ├── iPhone13,4 16.2 20C65.h ├── iPhone13,4 16.3 20D47.h ├── iPhone13,4 16.3.1 20D67.h ├── iPhone13,4 16.4 20E247.h ├── iPhone13,4 16.4.1 20E252.h ├── iPhone13,4 16.5 20F66.h ├── iPhone14,2 16.0 20A362.h ├── iPhone14,2 16.0.2 20A380.h ├── iPhone14,2 16.0.3 20A392.h ├── iPhone14,2 16.1 20B82.h ├── iPhone14,2 16.1.1 20B101.h ├── iPhone14,2 16.1.2 20B110.h ├── iPhone14,2 16.2 20C65.h ├── iPhone14,2 16.3 20D47.h ├── iPhone14,2 16.3.1 20D67.h ├── iPhone14,2 16.4 20E247.h ├── iPhone14,2 16.4.1 20E252.h ├── iPhone14,2 16.5 20F66.h ├── iPhone14,3 16.0 20A362.h ├── iPhone14,3 16.0.2 20A380.h ├── iPhone14,3 16.0.3 20A392.h ├── iPhone14,3 16.1 20B82.h ├── iPhone14,3 16.1.1 20B101.h ├── iPhone14,3 16.1.2 20B110.h ├── iPhone14,3 16.2 20C65.h ├── iPhone14,3 16.3 20D47.h ├── iPhone14,3 16.3.1 20D67.h ├── iPhone14,3 16.4 20E247.h ├── iPhone14,3 16.4.1 20E252.h ├── iPhone14,3 16.5 20F66.h ├── iPhone14,4 16.0 20A362.h ├── iPhone14,4 16.0.2 20A380.h ├── iPhone14,4 16.0.3 20A392.h ├── iPhone14,4 16.1 20B82.h ├── iPhone14,4 16.1.1 20B101.h ├── iPhone14,4 16.1.2 20B110.h ├── iPhone14,4 16.2 20C65.h ├── iPhone14,4 16.3 20D47.h ├── iPhone14,4 16.3.1 20D67.h ├── iPhone14,4 16.4 20E247.h ├── iPhone14,4 16.4.1 20E252.h ├── iPhone14,4 16.5 20F66.h ├── iPhone14,5 16.0 20A362.h ├── iPhone14,5 16.0.2 20A380.h ├── iPhone14,5 16.0.3 20A392.h ├── iPhone14,5 16.1 20B82.h ├── iPhone14,5 16.1.1 20B101.h ├── iPhone14,5 16.1.2 20B110.h ├── iPhone14,5 16.2 20C65.h ├── iPhone14,5 16.3 20D47.h ├── iPhone14,5 16.3.1 20D67.h ├── iPhone14,5 16.4 20E247.h ├── iPhone14,5 16.4.1 20E252.h ├── iPhone14,5 16.5 20F66.h ├── iPhone14,6 16.0 20A362.h ├── iPhone14,6 16.0.2 20A380.h ├── iPhone14,6 16.0.3 20A392.h ├── iPhone14,6 16.1 20B82.h ├── iPhone14,6 16.1.1 20B101.h ├── iPhone14,6 16.1.2 20B110.h ├── iPhone14,6 16.2 20C65.h ├── iPhone14,6 16.3 20D47.h ├── iPhone14,6 16.3.1 20D67.h ├── iPhone14,6 16.4 20E247.h ├── iPhone14,6 16.4.1 20E252.h ├── iPhone14,6 16.5 20F66.h ├── iPhone14,7 16.0 20A362.h ├── iPhone14,7 16.0.1 20A371.h ├── iPhone14,7 16.0.2 20A380.h ├── iPhone14,7 16.0.3 20A392.h ├── iPhone14,7 16.1 20B82.h ├── iPhone14,7 16.1.1 20B101.h ├── iPhone14,7 16.1.2 20B110.h ├── iPhone14,7 16.2 20C65.h ├── iPhone14,7 16.3 20D47.h ├── iPhone14,7 16.3.1 20D67.h ├── iPhone14,7 16.4 20E247.h ├── iPhone14,7 16.4.1 20E252.h ├── iPhone14,7 16.5 20F66.h ├── iPhone14,8 16.0 20A362.h ├── iPhone14,8 16.0.1 20A371.h ├── iPhone14,8 16.0.2 20A380.h ├── iPhone14,8 16.0.3 20A392.h ├── iPhone14,8 16.1 20B82.h ├── iPhone14,8 16.1.1 20B101.h ├── iPhone14,8 16.1.2 20B110.h ├── iPhone14,8 16.2 20C65.h ├── iPhone14,8 16.3 20D47.h ├── iPhone14,8 16.3.1 20D67.h ├── iPhone14,8 16.4 20E247.h ├── iPhone14,8 16.4.1 20E252.h ├── iPhone14,8 16.5 20F66.h ├── iPhone15,2 16.0 20A362.h ├── iPhone15,2 16.0.1 20A371.h ├── iPhone15,2 16.0.2 20A380.h ├── iPhone15,2 16.0.3 20A392.h ├── iPhone15,2 16.1 20B82.h ├── iPhone15,2 16.1.1 20B101.h ├── iPhone15,2 16.1.2 20B110.h ├── iPhone15,2 16.2 20C65.h ├── iPhone15,2 16.3 20D47.h ├── iPhone15,2 16.3.1 20D67.h ├── iPhone15,2 16.4 20E247.h ├── iPhone15,2 16.4.1 20E252.h ├── iPhone15,2 16.5 20F66.h ├── iPhone15,3 16.0 20A362.h ├── iPhone15,3 16.0.1 20A371.h ├── iPhone15,3 16.0.2 20A380.h ├── iPhone15,3 16.0.3 20A392.h ├── iPhone15,3 16.1 20B82.h ├── iPhone15,3 16.1.1 20B101.h ├── iPhone15,3 16.1.2 20B110.h ├── iPhone15,3 16.2 20C65.h ├── iPhone15,3 16.3 20D47.h ├── iPhone15,3 16.3.1 20D67.h ├── iPhone15,3 16.4 20E247.h ├── iPhone15,3 16.4.1 20E252.h └── iPhone15,3 16.5 20F66.h ├── run.sh └── template_dynamic_info.h /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | .DS_Store 3 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # OffsetFinder 2 | A sh script that finds offsets for you from an IPSW link :) 3 | This can also generate offsets for betas. 4 | 5 | Please note that this can only work with arm64e iOS 16 IPSWs. 6 | 7 | 8 | 9 | ## Use 10 | ``` 11 | ./run.sh [IPSW URL / Txt file contanining IPSW URLs (one per line)] 12 | ``` 13 | You can run the script without any argument but it will ask you for the IPSW URL or the txt file in the process. You won't be able to do anything without installing dependencies. See next section. 14 | 15 | ## Dependencies 16 | If you want to install all the dependencies (building them from source, you can use my [installer script](https://github.com/c22dev/OffsetFinder/blob/main/lpfinstaller.sh) 17 | 18 | If you don't trust it (even if it's fully open sourced), you can attempt to get everything manually : 19 | 20 | 21 | - [libpatchfinder](https://github.com/tihmstar/libpatchfinder) from [tihmstar](https://github.com/tihmstar) installed but MakeFile have to be configured with this command : 22 | ```./configure --with-offsetexporter``` 23 | - [partialZipBrowser](https://github.com/tihmstar/partialZipBrowser) installed to PATH (aka pzb) 24 | - [Python 3](https://formulae.brew.sh/formula/python@3.11) and [PyIMG4](https://github.com/m1stadev/PyIMG4) installed (```brew install python && pip3 install pyimg4```) 25 | - An IPSW (iOS/iPadOS 16.0->16.6b1, arm64e) URL (it can be obtained from [ipsw.me](https://ipsw.me/) or [appledv.dev](https://appledb.dev/)) OR a txt file containing one IPSW URL by line 26 | - An Internet Connection 27 | 28 | Note : 29 | This was only tested on macOS Sonoma and macOS Ventura; you may not be able to run this script on Linux or older versions of macOS (like really old, Monterey and Big Sur should run it fine) 30 | 31 | 32 | ## Distribution and license 33 | Despite the lack of a license on the project, if you plan to use the offsets for distribution purposes, a credit is always verry appreciated :) Simply putting my name (c22dev) in your project credits allows me to continue the project as I can see it's being helpful ! Thanks if you do so ! 34 | 35 | Don't pull request those offsets in an app without editing them (see [this notice](https://github.com/c22dev/OffsetFinder#offsets)). Please also verify those offsets weren't already submited/aren't already existing as this could increase the work for the reviewer without being useful. 36 | 37 | ## Offsets 38 | Some offsets stored in this repository (based off thimstar’s template, which is the issue) are wrong. 39 | These are the wrong ones: 40 | ``` 41 | ._vm_map__hdr__links__prev 42 | ._vm_map__hdr__links__next 43 | ._vm_map__hdr__links__start 44 | ._vm_map__hdr__links__end 45 | ``` 46 | It should be + 0x10 instead of + 0x8. 47 | If you run and obtain the offset by yourself it should already be fixed. 48 | I won’t generate all offsets again but some little patching can be done easily. 49 | 50 | 51 | I'm planning to add even more beta offsets in the upcomming days ! 52 | If you want to help me, try running the script and create a PR. 53 | 54 | The offsets names are in this format `iDevice-Identifier iOS-Version iOS-Build-ID.h` e.g. `iPhone11,8 16.3 20D47.h` 55 | ## Credits 56 | [AppInstallerIOS](https://github.com/BenjaminHornbeck6) - [Base Script](https://www.reddit.com/r/jailbreak/comments/15b0u0b/comment/jtqbzj1/) 57 | 58 | [tihmstar](https://github.com/tihmstar) - [libpatchfinder](https://github.com/tihmstar/libpatchfinder) 59 | 60 | [diyar2137237243](https://github.com/diyar2137237243) - [iPads IPSW URLs for iPadOS 16.6b1](https://cdn.discordapp.com/attachments/1074788546306658365/1135343869492473916/message.txt) 61 | -------------------------------------------------------------------------------- /lpfinstaller.sh: -------------------------------------------------------------------------------- 1 | clear 2 | echo "LibPatchFinderInstaller v0.2 - made by c22dev\nThis should help you install libpatchfinder. Please make sure brew and Xcode Command Line tools are installed.\nThis script needs sudo to work. Please enter your mac password." 3 | sudo echo "Sudoed successfuly !" 4 | echo "Installing autoconf, automake, libtool, pkg-config, openssl" 5 | # Brew some packages (those available) 6 | brew install autoconf 7 | brew install automake 8 | brew install libtool 9 | brew install pkg-config 10 | brew install openssl 11 | read -p "Do you want to uninstall your current Python installation ? The script will install python back. (RECOMMENDED, y or n)" confirm 12 | if [[ "$confirm" == "y" ]]; then 13 | echo "Deleting python install..." 14 | sudo rm -rf /Library/Frameworks/Python.framework/ 15 | sudo rm -rf /usr/local/bin/python3 16 | brew uninstall python --force && brew uninstall python3 --force 17 | echo "Installing python again..." 18 | brew install python 19 | fi 20 | # pyimg4 21 | echo "Installing python dependencies..." 22 | pip3 install pyimg4 23 | 24 | mkdir workingLPFI 25 | cd workingLPFI 26 | echo "Cloning libpatchfinder and dependencies..." 27 | # clone all git repos 28 | git clone --recursive https://github.com/tihmstar/libpatchfinder 29 | git clone --recursive https://github.com/tihmstar/img4tool 30 | git clone --recursive https://github.com/tihmstar/img3tool 31 | git clone --recursive https://github.com/libimobiledevice/libplist 32 | git clone --recursive https://github.com/tihmstar/libgeneral 33 | git clone --recursive https://github.com/tihmstar/libinsn 34 | git clone --recursive https://github.com/tihmstar/libfragmentzip 35 | git clone --recursive https://github.com/tihmstar/partialZipBrowser 36 | # Libgeneral 37 | cd libgeneral 38 | ./autogen.sh 39 | sudo make 40 | sudo make install 41 | cd .. 42 | # Libinsn 43 | cd libinsn 44 | ./autogen.sh 45 | sudo make 46 | sudo make install 47 | cd .. 48 | # Libplist 49 | cd libplist 50 | ./autogen.sh 51 | sudo make 52 | sudo make install 53 | cd .. 54 | # Img4Tool 55 | cd img4tool 56 | ./autogen.sh 57 | sudo make 58 | sudo make install 59 | cd .. 60 | # Img3Tool 61 | cd img3tool 62 | ./autogen.sh 63 | sudo make 64 | sudo make install 65 | cd .. 66 | # libfragmentzip 67 | cd libfragmentzip 68 | ./autogen.sh 69 | sudo make 70 | sudo make install 71 | cd .. 72 | # pzb 73 | cd partialZipBrowser 74 | ./autogen.sh 75 | sudo make 76 | sudo make install 77 | cd .. 78 | # libpatchfinder 79 | cd libpatchfinder 80 | ./autogen.sh 81 | ./configure --with-offsetexporter 82 | sudo make 83 | sudo make install 84 | cd .. 85 | 86 | # Is it installed ? 87 | if command -v offsetexporter &> /dev/null; then 88 | # Clean folder 89 | rm -rf workingLPFI 90 | 91 | echo "Success ! offsetexporter was successfully installed. Please try running run.sh now." 92 | echo "you might need to add your Python bin to PATH." 93 | else 94 | echo "offsetexporter wasn't installed properly. Please contact c22dev on Discord, or try updating script." 95 | fi 96 | echo "Job done !" 97 | -------------------------------------------------------------------------------- /offsets/iPad11,1 16.4 20E246.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. 3 | */ 4 | 5 | #ifndef dynamic_info_h 6 | #define dynamic_info_h 7 | 8 | struct dynamic_info { 9 | const char* kern_version; 10 | // struct fileglob 11 | u64 fileglob__fg_ops; 12 | u64 fileglob__fg_data; 13 | // struct fileops 14 | u64 fileops__fo_kqfilter; 15 | // struct fileproc 16 | // u64 fileproc__fp_iocount; 17 | // u64 fileproc__fp_vflags; 18 | // u64 fileproc__fp_flags; 19 | // u64 fileproc__fp_guard_attrs; 20 | // u64 fileproc__fp_glob; 21 | // u64 fileproc__fp_guard; 22 | // u64 fileproc__object_size; 23 | // struct fileproc_guard 24 | u64 fileproc_guard__fpg_guard; 25 | // struct kqworkloop 26 | u64 kqworkloop__kqwl_state; 27 | u64 kqworkloop__kqwl_p; 28 | u64 kqworkloop__kqwl_owner; 29 | u64 kqworkloop__kqwl_dynamicid; 30 | u64 kqworkloop__object_size; 31 | // struct pmap 32 | u64 pmap__tte; 33 | u64 pmap__ttep; 34 | // struct proc 35 | u64 proc__p_list__le_next; 36 | u64 proc__p_list__le_prev; 37 | u64 proc__p_pid; 38 | u64 proc__p_fd__fd_ofiles; 39 | u64 proc__object_size; 40 | // struct pseminfo 41 | u64 pseminfo__psem_usecount; 42 | u64 pseminfo__psem_uid; 43 | u64 pseminfo__psem_gid; 44 | u64 pseminfo__psem_name; 45 | u64 pseminfo__psem_semobject; 46 | // struct psemnode 47 | // u64 psemnode__pinfo; 48 | // u64 psemnode__padding; 49 | // u64 psemnode__object_size; 50 | // struct semaphore 51 | u64 semaphore__owner; 52 | // struct specinfo 53 | u64 specinfo__si_rdev; 54 | // struct task 55 | u64 task__map; 56 | u64 task__threads__next; 57 | u64 task__threads__prev; 58 | u64 task__itk_space; 59 | u64 task__object_size; 60 | // struct thread 61 | u64 thread__task_threads__next; 62 | u64 thread__task_threads__prev; 63 | u64 thread__map; 64 | u64 thread__thread_id; 65 | u64 thread__object_size; 66 | // struct uthread 67 | u64 uthread__object_size; 68 | // struct vm_map_entry 69 | u64 vm_map_entry__links__prev; 70 | u64 vm_map_entry__links__next; 71 | u64 vm_map_entry__links__start; 72 | u64 vm_map_entry__links__end; 73 | u64 vm_map_entry__store__entry__rbe_left; 74 | u64 vm_map_entry__store__entry__rbe_right; 75 | u64 vm_map_entry__store__entry__rbe_parent; 76 | // struct vnode 77 | u64 vnode__v_un__vu_specinfo; 78 | // struct _vm_map 79 | u64 _vm_map__hdr__links__prev; 80 | u64 _vm_map__hdr__links__next; 81 | u64 _vm_map__hdr__links__start; 82 | u64 _vm_map__hdr__links__end; 83 | u64 _vm_map__hdr__nentries; 84 | u64 _vm_map__hdr__rb_head_store__rbh_root; 85 | u64 _vm_map__pmap; 86 | u64 _vm_map__hint; 87 | u64 _vm_map__hole_hint; 88 | u64 _vm_map__holes_list; 89 | u64 _vm_map__object_size; 90 | // kernelcache static addresses 91 | u64 kernelcache__kernel_base; 92 | u64 kernelcache__cdevsw; 93 | u64 kernelcache__gPhysBase; 94 | u64 kernelcache__gPhysSize; 95 | u64 kernelcache__gVirtBase; 96 | u64 kernelcache__perfmon_devices; 97 | u64 kernelcache__perfmon_dev_open; 98 | u64 kernelcache__ptov_table; 99 | u64 kernelcache__vm_first_phys_ppnum; 100 | u64 kernelcache__vm_pages; 101 | u64 kernelcache__vm_page_array_beginning_addr; 102 | u64 kernelcache__vm_page_array_ending_addr; 103 | u64 kernelcache__vn_kqfilter; 104 | }; 105 | 106 | const struct dynamic_info kern_versions[] = { 107 | { 108 | .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", 109 | .fileglob__fg_ops = 0x28, 110 | .fileglob__fg_data = 0x40 - 8, 111 | .fileops__fo_kqfilter = 0x30, 112 | // .fileproc__fp_iocount = 0x0000, 113 | // .fileproc__fp_vflags = 0x0004, 114 | // .fileproc__fp_flags = 0x0008, 115 | // .fileproc__fp_guard_attrs = 0x000a, 116 | // .fileproc__fp_glob = 0x0010, 117 | // .fileproc__fp_guard = 0x0018, 118 | // .fileproc__object_size = 0x0020, 119 | .fileproc_guard__fpg_guard = 0x8, 120 | .kqworkloop__kqwl_state = 0x10, 121 | .kqworkloop__kqwl_p = 0x18, 122 | .kqworkloop__kqwl_owner = 0xd0, 123 | .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, 124 | .kqworkloop__object_size = 0x108, 125 | .pmap__tte = 0x0, 126 | .pmap__ttep = 0x8, 127 | .proc__p_list__le_next = 0x0, 128 | .proc__p_list__le_prev = 0x8, 129 | .proc__p_pid = 0x60, 130 | .proc__p_fd__fd_ofiles = 0xf8, 131 | .proc__object_size = 0x730, 132 | .pseminfo__psem_usecount = 0x04, 133 | .pseminfo__psem_uid = 0x0c, 134 | .pseminfo__psem_gid = 0x10, 135 | .pseminfo__psem_name = 0x14, 136 | .pseminfo__psem_semobject = 0x38, 137 | // .psemnode__pinfo = 0x0000, 138 | // .psemnode__padding = 0x0008, 139 | // .psemnode__object_size = 0x0010, 140 | .semaphore__owner = 0x28, 141 | .specinfo__si_rdev = 0x18, 142 | .task__map = 0x28, 143 | .task__threads__next = 0x80 - 0x28, 144 | .task__threads__prev = 0x80 - 0x28 + 8, 145 | .task__itk_space = 0x300, 146 | .task__object_size = 0x628, 147 | .thread__task_threads__next = 0x368 - 0x18, 148 | .thread__task_threads__prev = 0x368 - 0x18 + 8, 149 | .thread__map = 0x368, 150 | .thread__thread_id = 0x400, 151 | .thread__object_size = 0x4a8, 152 | .uthread__object_size = 0x200, 153 | .vm_map_entry__links__prev = 0x00, 154 | .vm_map_entry__links__next = 0x08, 155 | .vm_map_entry__links__start = 0x10, 156 | .vm_map_entry__links__end = 0x18, 157 | .vm_map_entry__store__entry__rbe_left = 0x20, 158 | .vm_map_entry__store__entry__rbe_right = 0x28, 159 | .vm_map_entry__store__entry__rbe_parent = 0x30, 160 | .vnode__v_un__vu_specinfo = 0x78, 161 | ._vm_map__hdr__links__prev = 0x00 + 0x8, 162 | ._vm_map__hdr__links__next = 0x08 + 0x8, 163 | ._vm_map__hdr__links__start = 0x10 + 0x8, 164 | ._vm_map__hdr__links__end = 0x18 + 0x8, 165 | ._vm_map__hdr__nentries = 0x30, 166 | ._vm_map__hdr__rb_head_store__rbh_root = 0x38, 167 | ._vm_map__pmap = 0x40, 168 | ._vm_map__hint = 0x90 + 0x08, 169 | ._vm_map__hole_hint = 0x90 + 0x10, 170 | ._vm_map__holes_list = 0x90 + 0x18, 171 | ._vm_map__object_size = 0xc0, 172 | .kernelcache__kernel_base = 0xfffffff007004000, 173 | .kernelcache__cdevsw = 0xfffffff00a2e9208, 174 | .kernelcache__gPhysBase = 0xfffffff0078f3fa0, 175 | .kernelcache__gPhysSize = 0xfffffff0078f3fa0 + 8, 176 | .kernelcache__gVirtBase = 0xfffffff0078f2178, 177 | .kernelcache__perfmon_devices = 0xfffffff00a327500, 178 | .kernelcache__perfmon_dev_open = 0xfffffff007ea5a88, 179 | .kernelcache__ptov_table = 0xfffffff0078a7160, 180 | .kernelcache__vm_first_phys_ppnum = 0xfffffff00a326990, 181 | .kernelcache__vm_pages = 0xfffffff0078a3ea8, 182 | .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078a6110, 183 | .kernelcache__vm_page_array_ending_addr = 0xfffffff00a326988, 184 | .kernelcache__vn_kqfilter = 0xfffffff007ef463c, 185 | }, 186 | }; 187 | 188 | #endif /* dynamic_info_h */ 189 | -------------------------------------------------------------------------------- /offsets/iPad11,1 16.4.1 20E252.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. 3 | */ 4 | 5 | #ifndef dynamic_info_h 6 | #define dynamic_info_h 7 | 8 | struct dynamic_info { 9 | const char* kern_version; 10 | // struct fileglob 11 | u64 fileglob__fg_ops; 12 | u64 fileglob__fg_data; 13 | // struct fileops 14 | u64 fileops__fo_kqfilter; 15 | // struct fileproc 16 | // u64 fileproc__fp_iocount; 17 | // u64 fileproc__fp_vflags; 18 | // u64 fileproc__fp_flags; 19 | // u64 fileproc__fp_guard_attrs; 20 | // u64 fileproc__fp_glob; 21 | // u64 fileproc__fp_guard; 22 | // u64 fileproc__object_size; 23 | // struct fileproc_guard 24 | u64 fileproc_guard__fpg_guard; 25 | // struct kqworkloop 26 | u64 kqworkloop__kqwl_state; 27 | u64 kqworkloop__kqwl_p; 28 | u64 kqworkloop__kqwl_owner; 29 | u64 kqworkloop__kqwl_dynamicid; 30 | u64 kqworkloop__object_size; 31 | // struct pmap 32 | u64 pmap__tte; 33 | u64 pmap__ttep; 34 | // struct proc 35 | u64 proc__p_list__le_next; 36 | u64 proc__p_list__le_prev; 37 | u64 proc__p_pid; 38 | u64 proc__p_fd__fd_ofiles; 39 | u64 proc__object_size; 40 | // struct pseminfo 41 | u64 pseminfo__psem_usecount; 42 | u64 pseminfo__psem_uid; 43 | u64 pseminfo__psem_gid; 44 | u64 pseminfo__psem_name; 45 | u64 pseminfo__psem_semobject; 46 | // struct psemnode 47 | // u64 psemnode__pinfo; 48 | // u64 psemnode__padding; 49 | // u64 psemnode__object_size; 50 | // struct semaphore 51 | u64 semaphore__owner; 52 | // struct specinfo 53 | u64 specinfo__si_rdev; 54 | // struct task 55 | u64 task__map; 56 | u64 task__threads__next; 57 | u64 task__threads__prev; 58 | u64 task__itk_space; 59 | u64 task__object_size; 60 | // struct thread 61 | u64 thread__task_threads__next; 62 | u64 thread__task_threads__prev; 63 | u64 thread__map; 64 | u64 thread__thread_id; 65 | u64 thread__object_size; 66 | // struct uthread 67 | u64 uthread__object_size; 68 | // struct vm_map_entry 69 | u64 vm_map_entry__links__prev; 70 | u64 vm_map_entry__links__next; 71 | u64 vm_map_entry__links__start; 72 | u64 vm_map_entry__links__end; 73 | u64 vm_map_entry__store__entry__rbe_left; 74 | u64 vm_map_entry__store__entry__rbe_right; 75 | u64 vm_map_entry__store__entry__rbe_parent; 76 | // struct vnode 77 | u64 vnode__v_un__vu_specinfo; 78 | // struct _vm_map 79 | u64 _vm_map__hdr__links__prev; 80 | u64 _vm_map__hdr__links__next; 81 | u64 _vm_map__hdr__links__start; 82 | u64 _vm_map__hdr__links__end; 83 | u64 _vm_map__hdr__nentries; 84 | u64 _vm_map__hdr__rb_head_store__rbh_root; 85 | u64 _vm_map__pmap; 86 | u64 _vm_map__hint; 87 | u64 _vm_map__hole_hint; 88 | u64 _vm_map__holes_list; 89 | u64 _vm_map__object_size; 90 | // kernelcache static addresses 91 | u64 kernelcache__kernel_base; 92 | u64 kernelcache__cdevsw; 93 | u64 kernelcache__gPhysBase; 94 | u64 kernelcache__gPhysSize; 95 | u64 kernelcache__gVirtBase; 96 | u64 kernelcache__perfmon_devices; 97 | u64 kernelcache__perfmon_dev_open; 98 | u64 kernelcache__ptov_table; 99 | u64 kernelcache__vm_first_phys_ppnum; 100 | u64 kernelcache__vm_pages; 101 | u64 kernelcache__vm_page_array_beginning_addr; 102 | u64 kernelcache__vm_page_array_ending_addr; 103 | u64 kernelcache__vn_kqfilter; 104 | }; 105 | 106 | const struct dynamic_info kern_versions[] = { 107 | { 108 | .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", 109 | .fileglob__fg_ops = 0x28, 110 | .fileglob__fg_data = 0x40 - 8, 111 | .fileops__fo_kqfilter = 0x30, 112 | // .fileproc__fp_iocount = 0x0000, 113 | // .fileproc__fp_vflags = 0x0004, 114 | // .fileproc__fp_flags = 0x0008, 115 | // .fileproc__fp_guard_attrs = 0x000a, 116 | // .fileproc__fp_glob = 0x0010, 117 | // .fileproc__fp_guard = 0x0018, 118 | // .fileproc__object_size = 0x0020, 119 | .fileproc_guard__fpg_guard = 0x8, 120 | .kqworkloop__kqwl_state = 0x10, 121 | .kqworkloop__kqwl_p = 0x18, 122 | .kqworkloop__kqwl_owner = 0xd0, 123 | .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, 124 | .kqworkloop__object_size = 0x108, 125 | .pmap__tte = 0x0, 126 | .pmap__ttep = 0x8, 127 | .proc__p_list__le_next = 0x0, 128 | .proc__p_list__le_prev = 0x8, 129 | .proc__p_pid = 0x60, 130 | .proc__p_fd__fd_ofiles = 0xf8, 131 | .proc__object_size = 0x730, 132 | .pseminfo__psem_usecount = 0x04, 133 | .pseminfo__psem_uid = 0x0c, 134 | .pseminfo__psem_gid = 0x10, 135 | .pseminfo__psem_name = 0x14, 136 | .pseminfo__psem_semobject = 0x38, 137 | // .psemnode__pinfo = 0x0000, 138 | // .psemnode__padding = 0x0008, 139 | // .psemnode__object_size = 0x0010, 140 | .semaphore__owner = 0x28, 141 | .specinfo__si_rdev = 0x18, 142 | .task__map = 0x28, 143 | .task__threads__next = 0x80 - 0x28, 144 | .task__threads__prev = 0x80 - 0x28 + 8, 145 | .task__itk_space = 0x300, 146 | .task__object_size = 0x628, 147 | .thread__task_threads__next = 0x368 - 0x18, 148 | .thread__task_threads__prev = 0x368 - 0x18 + 8, 149 | .thread__map = 0x368, 150 | .thread__thread_id = 0x400, 151 | .thread__object_size = 0x4a8, 152 | .uthread__object_size = 0x200, 153 | .vm_map_entry__links__prev = 0x00, 154 | .vm_map_entry__links__next = 0x08, 155 | .vm_map_entry__links__start = 0x10, 156 | .vm_map_entry__links__end = 0x18, 157 | .vm_map_entry__store__entry__rbe_left = 0x20, 158 | .vm_map_entry__store__entry__rbe_right = 0x28, 159 | .vm_map_entry__store__entry__rbe_parent = 0x30, 160 | .vnode__v_un__vu_specinfo = 0x78, 161 | ._vm_map__hdr__links__prev = 0x00 + 0x8, 162 | ._vm_map__hdr__links__next = 0x08 + 0x8, 163 | ._vm_map__hdr__links__start = 0x10 + 0x8, 164 | ._vm_map__hdr__links__end = 0x18 + 0x8, 165 | ._vm_map__hdr__nentries = 0x30, 166 | ._vm_map__hdr__rb_head_store__rbh_root = 0x38, 167 | ._vm_map__pmap = 0x40, 168 | ._vm_map__hint = 0x90 + 0x08, 169 | ._vm_map__hole_hint = 0x90 + 0x10, 170 | ._vm_map__holes_list = 0x90 + 0x18, 171 | ._vm_map__object_size = 0xc0, 172 | .kernelcache__kernel_base = 0xfffffff007004000, 173 | .kernelcache__cdevsw = 0xfffffff00a2e9208, 174 | .kernelcache__gPhysBase = 0xfffffff0078f3fa0, 175 | .kernelcache__gPhysSize = 0xfffffff0078f3fa0 + 8, 176 | .kernelcache__gVirtBase = 0xfffffff0078f2178, 177 | .kernelcache__perfmon_devices = 0xfffffff00a327500, 178 | .kernelcache__perfmon_dev_open = 0xfffffff007ea5a88, 179 | .kernelcache__ptov_table = 0xfffffff0078a7160, 180 | .kernelcache__vm_first_phys_ppnum = 0xfffffff00a326990, 181 | .kernelcache__vm_pages = 0xfffffff0078a3ea8, 182 | .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078a6110, 183 | .kernelcache__vm_page_array_ending_addr = 0xfffffff00a326988, 184 | .kernelcache__vn_kqfilter = 0xfffffff007ef463c, 185 | }, 186 | }; 187 | 188 | #endif /* dynamic_info_h */ 189 | -------------------------------------------------------------------------------- /offsets/iPad11,1 16.5 20F66.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. 3 | */ 4 | 5 | #ifndef dynamic_info_h 6 | #define dynamic_info_h 7 | 8 | struct dynamic_info { 9 | const char* kern_version; 10 | // struct fileglob 11 | u64 fileglob__fg_ops; 12 | u64 fileglob__fg_data; 13 | // struct fileops 14 | u64 fileops__fo_kqfilter; 15 | // struct fileproc 16 | // u64 fileproc__fp_iocount; 17 | // u64 fileproc__fp_vflags; 18 | // u64 fileproc__fp_flags; 19 | // u64 fileproc__fp_guard_attrs; 20 | // u64 fileproc__fp_glob; 21 | // u64 fileproc__fp_guard; 22 | // u64 fileproc__object_size; 23 | // struct fileproc_guard 24 | u64 fileproc_guard__fpg_guard; 25 | // struct kqworkloop 26 | u64 kqworkloop__kqwl_state; 27 | u64 kqworkloop__kqwl_p; 28 | u64 kqworkloop__kqwl_owner; 29 | u64 kqworkloop__kqwl_dynamicid; 30 | u64 kqworkloop__object_size; 31 | // struct pmap 32 | u64 pmap__tte; 33 | u64 pmap__ttep; 34 | // struct proc 35 | u64 proc__p_list__le_next; 36 | u64 proc__p_list__le_prev; 37 | u64 proc__p_pid; 38 | u64 proc__p_fd__fd_ofiles; 39 | u64 proc__object_size; 40 | // struct pseminfo 41 | u64 pseminfo__psem_usecount; 42 | u64 pseminfo__psem_uid; 43 | u64 pseminfo__psem_gid; 44 | u64 pseminfo__psem_name; 45 | u64 pseminfo__psem_semobject; 46 | // struct psemnode 47 | // u64 psemnode__pinfo; 48 | // u64 psemnode__padding; 49 | // u64 psemnode__object_size; 50 | // struct semaphore 51 | u64 semaphore__owner; 52 | // struct specinfo 53 | u64 specinfo__si_rdev; 54 | // struct task 55 | u64 task__map; 56 | u64 task__threads__next; 57 | u64 task__threads__prev; 58 | u64 task__itk_space; 59 | u64 task__object_size; 60 | // struct thread 61 | u64 thread__task_threads__next; 62 | u64 thread__task_threads__prev; 63 | u64 thread__map; 64 | u64 thread__thread_id; 65 | u64 thread__object_size; 66 | // struct uthread 67 | u64 uthread__object_size; 68 | // struct vm_map_entry 69 | u64 vm_map_entry__links__prev; 70 | u64 vm_map_entry__links__next; 71 | u64 vm_map_entry__links__start; 72 | u64 vm_map_entry__links__end; 73 | u64 vm_map_entry__store__entry__rbe_left; 74 | u64 vm_map_entry__store__entry__rbe_right; 75 | u64 vm_map_entry__store__entry__rbe_parent; 76 | // struct vnode 77 | u64 vnode__v_un__vu_specinfo; 78 | // struct _vm_map 79 | u64 _vm_map__hdr__links__prev; 80 | u64 _vm_map__hdr__links__next; 81 | u64 _vm_map__hdr__links__start; 82 | u64 _vm_map__hdr__links__end; 83 | u64 _vm_map__hdr__nentries; 84 | u64 _vm_map__hdr__rb_head_store__rbh_root; 85 | u64 _vm_map__pmap; 86 | u64 _vm_map__hint; 87 | u64 _vm_map__hole_hint; 88 | u64 _vm_map__holes_list; 89 | u64 _vm_map__object_size; 90 | // kernelcache static addresses 91 | u64 kernelcache__kernel_base; 92 | u64 kernelcache__cdevsw; 93 | u64 kernelcache__gPhysBase; 94 | u64 kernelcache__gPhysSize; 95 | u64 kernelcache__gVirtBase; 96 | u64 kernelcache__perfmon_devices; 97 | u64 kernelcache__perfmon_dev_open; 98 | u64 kernelcache__ptov_table; 99 | u64 kernelcache__vm_first_phys_ppnum; 100 | u64 kernelcache__vm_pages; 101 | u64 kernelcache__vm_page_array_beginning_addr; 102 | u64 kernelcache__vm_page_array_ending_addr; 103 | u64 kernelcache__vn_kqfilter; 104 | }; 105 | 106 | const struct dynamic_info kern_versions[] = { 107 | { 108 | .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", 109 | .fileglob__fg_ops = 0x28, 110 | .fileglob__fg_data = 0x40 - 8, 111 | .fileops__fo_kqfilter = 0x30, 112 | // .fileproc__fp_iocount = 0x0000, 113 | // .fileproc__fp_vflags = 0x0004, 114 | // .fileproc__fp_flags = 0x0008, 115 | // .fileproc__fp_guard_attrs = 0x000a, 116 | // .fileproc__fp_glob = 0x0010, 117 | // .fileproc__fp_guard = 0x0018, 118 | // .fileproc__object_size = 0x0020, 119 | .fileproc_guard__fpg_guard = 0x8, 120 | .kqworkloop__kqwl_state = 0x10, 121 | .kqworkloop__kqwl_p = 0x18, 122 | .kqworkloop__kqwl_owner = 0xd0, 123 | .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, 124 | .kqworkloop__object_size = 0x108, 125 | .pmap__tte = 0x0, 126 | .pmap__ttep = 0x8, 127 | .proc__p_list__le_next = 0x0, 128 | .proc__p_list__le_prev = 0x8, 129 | .proc__p_pid = 0x60, 130 | .proc__p_fd__fd_ofiles = 0xf8, 131 | .proc__object_size = 0x730, 132 | .pseminfo__psem_usecount = 0x04, 133 | .pseminfo__psem_uid = 0x0c, 134 | .pseminfo__psem_gid = 0x10, 135 | .pseminfo__psem_name = 0x14, 136 | .pseminfo__psem_semobject = 0x38, 137 | // .psemnode__pinfo = 0x0000, 138 | // .psemnode__padding = 0x0008, 139 | // .psemnode__object_size = 0x0010, 140 | .semaphore__owner = 0x28, 141 | .specinfo__si_rdev = 0x18, 142 | .task__map = 0x28, 143 | .task__threads__next = 0x80 - 0x28, 144 | .task__threads__prev = 0x80 - 0x28 + 8, 145 | .task__itk_space = 0x300, 146 | .task__object_size = 0x628, 147 | .thread__task_threads__next = 0x368 - 0x18, 148 | .thread__task_threads__prev = 0x368 - 0x18 + 8, 149 | .thread__map = 0x368, 150 | .thread__thread_id = 0x400, 151 | .thread__object_size = 0x4a8, 152 | .uthread__object_size = 0x200, 153 | .vm_map_entry__links__prev = 0x00, 154 | .vm_map_entry__links__next = 0x08, 155 | .vm_map_entry__links__start = 0x10, 156 | .vm_map_entry__links__end = 0x18, 157 | .vm_map_entry__store__entry__rbe_left = 0x20, 158 | .vm_map_entry__store__entry__rbe_right = 0x28, 159 | .vm_map_entry__store__entry__rbe_parent = 0x30, 160 | .vnode__v_un__vu_specinfo = 0x78, 161 | ._vm_map__hdr__links__prev = 0x00 + 0x8, 162 | ._vm_map__hdr__links__next = 0x08 + 0x8, 163 | ._vm_map__hdr__links__start = 0x10 + 0x8, 164 | ._vm_map__hdr__links__end = 0x18 + 0x8, 165 | ._vm_map__hdr__nentries = 0x30, 166 | ._vm_map__hdr__rb_head_store__rbh_root = 0x38, 167 | ._vm_map__pmap = 0x40, 168 | ._vm_map__hint = 0x90 + 0x08, 169 | ._vm_map__hole_hint = 0x90 + 0x10, 170 | ._vm_map__holes_list = 0x90 + 0x18, 171 | ._vm_map__object_size = 0xc0, 172 | .kernelcache__kernel_base = 0xfffffff007004000, 173 | .kernelcache__cdevsw = 0xfffffff00a2f1288, 174 | .kernelcache__gPhysBase = 0xfffffff0078f80e0, 175 | .kernelcache__gPhysSize = 0xfffffff0078f80e0 + 8, 176 | .kernelcache__gVirtBase = 0xfffffff0078f62b8, 177 | .kernelcache__perfmon_devices = 0xfffffff00a32f500, 178 | .kernelcache__perfmon_dev_open = 0xfffffff007ea9c8c, 179 | .kernelcache__ptov_table = 0xfffffff0078ab160, 180 | .kernelcache__vm_first_phys_ppnum = 0xfffffff00a32e990, 181 | .kernelcache__vm_pages = 0xfffffff0078a7ea8, 182 | .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078aa110, 183 | .kernelcache__vm_page_array_ending_addr = 0xfffffff00a32e988, 184 | .kernelcache__vn_kqfilter = 0xfffffff007ef8ad8, 185 | }, 186 | }; 187 | 188 | #endif /* dynamic_info_h */ 189 | -------------------------------------------------------------------------------- /offsets/iPad11,2 16.4 20E246.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. 3 | */ 4 | 5 | #ifndef dynamic_info_h 6 | #define dynamic_info_h 7 | 8 | struct dynamic_info { 9 | const char* kern_version; 10 | // struct fileglob 11 | u64 fileglob__fg_ops; 12 | u64 fileglob__fg_data; 13 | // struct fileops 14 | u64 fileops__fo_kqfilter; 15 | // struct fileproc 16 | // u64 fileproc__fp_iocount; 17 | // u64 fileproc__fp_vflags; 18 | // u64 fileproc__fp_flags; 19 | // u64 fileproc__fp_guard_attrs; 20 | // u64 fileproc__fp_glob; 21 | // u64 fileproc__fp_guard; 22 | // u64 fileproc__object_size; 23 | // struct fileproc_guard 24 | u64 fileproc_guard__fpg_guard; 25 | // struct kqworkloop 26 | u64 kqworkloop__kqwl_state; 27 | u64 kqworkloop__kqwl_p; 28 | u64 kqworkloop__kqwl_owner; 29 | u64 kqworkloop__kqwl_dynamicid; 30 | u64 kqworkloop__object_size; 31 | // struct pmap 32 | u64 pmap__tte; 33 | u64 pmap__ttep; 34 | // struct proc 35 | u64 proc__p_list__le_next; 36 | u64 proc__p_list__le_prev; 37 | u64 proc__p_pid; 38 | u64 proc__p_fd__fd_ofiles; 39 | u64 proc__object_size; 40 | // struct pseminfo 41 | u64 pseminfo__psem_usecount; 42 | u64 pseminfo__psem_uid; 43 | u64 pseminfo__psem_gid; 44 | u64 pseminfo__psem_name; 45 | u64 pseminfo__psem_semobject; 46 | // struct psemnode 47 | // u64 psemnode__pinfo; 48 | // u64 psemnode__padding; 49 | // u64 psemnode__object_size; 50 | // struct semaphore 51 | u64 semaphore__owner; 52 | // struct specinfo 53 | u64 specinfo__si_rdev; 54 | // struct task 55 | u64 task__map; 56 | u64 task__threads__next; 57 | u64 task__threads__prev; 58 | u64 task__itk_space; 59 | u64 task__object_size; 60 | // struct thread 61 | u64 thread__task_threads__next; 62 | u64 thread__task_threads__prev; 63 | u64 thread__map; 64 | u64 thread__thread_id; 65 | u64 thread__object_size; 66 | // struct uthread 67 | u64 uthread__object_size; 68 | // struct vm_map_entry 69 | u64 vm_map_entry__links__prev; 70 | u64 vm_map_entry__links__next; 71 | u64 vm_map_entry__links__start; 72 | u64 vm_map_entry__links__end; 73 | u64 vm_map_entry__store__entry__rbe_left; 74 | u64 vm_map_entry__store__entry__rbe_right; 75 | u64 vm_map_entry__store__entry__rbe_parent; 76 | // struct vnode 77 | u64 vnode__v_un__vu_specinfo; 78 | // struct _vm_map 79 | u64 _vm_map__hdr__links__prev; 80 | u64 _vm_map__hdr__links__next; 81 | u64 _vm_map__hdr__links__start; 82 | u64 _vm_map__hdr__links__end; 83 | u64 _vm_map__hdr__nentries; 84 | u64 _vm_map__hdr__rb_head_store__rbh_root; 85 | u64 _vm_map__pmap; 86 | u64 _vm_map__hint; 87 | u64 _vm_map__hole_hint; 88 | u64 _vm_map__holes_list; 89 | u64 _vm_map__object_size; 90 | // kernelcache static addresses 91 | u64 kernelcache__kernel_base; 92 | u64 kernelcache__cdevsw; 93 | u64 kernelcache__gPhysBase; 94 | u64 kernelcache__gPhysSize; 95 | u64 kernelcache__gVirtBase; 96 | u64 kernelcache__perfmon_devices; 97 | u64 kernelcache__perfmon_dev_open; 98 | u64 kernelcache__ptov_table; 99 | u64 kernelcache__vm_first_phys_ppnum; 100 | u64 kernelcache__vm_pages; 101 | u64 kernelcache__vm_page_array_beginning_addr; 102 | u64 kernelcache__vm_page_array_ending_addr; 103 | u64 kernelcache__vn_kqfilter; 104 | }; 105 | 106 | const struct dynamic_info kern_versions[] = { 107 | { 108 | .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", 109 | .fileglob__fg_ops = 0x28, 110 | .fileglob__fg_data = 0x40 - 8, 111 | .fileops__fo_kqfilter = 0x30, 112 | // .fileproc__fp_iocount = 0x0000, 113 | // .fileproc__fp_vflags = 0x0004, 114 | // .fileproc__fp_flags = 0x0008, 115 | // .fileproc__fp_guard_attrs = 0x000a, 116 | // .fileproc__fp_glob = 0x0010, 117 | // .fileproc__fp_guard = 0x0018, 118 | // .fileproc__object_size = 0x0020, 119 | .fileproc_guard__fpg_guard = 0x8, 120 | .kqworkloop__kqwl_state = 0x10, 121 | .kqworkloop__kqwl_p = 0x18, 122 | .kqworkloop__kqwl_owner = 0xd0, 123 | .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, 124 | .kqworkloop__object_size = 0x108, 125 | .pmap__tte = 0x0, 126 | .pmap__ttep = 0x8, 127 | .proc__p_list__le_next = 0x0, 128 | .proc__p_list__le_prev = 0x8, 129 | .proc__p_pid = 0x60, 130 | .proc__p_fd__fd_ofiles = 0xf8, 131 | .proc__object_size = 0x730, 132 | .pseminfo__psem_usecount = 0x04, 133 | .pseminfo__psem_uid = 0x0c, 134 | .pseminfo__psem_gid = 0x10, 135 | .pseminfo__psem_name = 0x14, 136 | .pseminfo__psem_semobject = 0x38, 137 | // .psemnode__pinfo = 0x0000, 138 | // .psemnode__padding = 0x0008, 139 | // .psemnode__object_size = 0x0010, 140 | .semaphore__owner = 0x28, 141 | .specinfo__si_rdev = 0x18, 142 | .task__map = 0x28, 143 | .task__threads__next = 0x80 - 0x28, 144 | .task__threads__prev = 0x80 - 0x28 + 8, 145 | .task__itk_space = 0x300, 146 | .task__object_size = 0x628, 147 | .thread__task_threads__next = 0x368 - 0x18, 148 | .thread__task_threads__prev = 0x368 - 0x18 + 8, 149 | .thread__map = 0x368, 150 | .thread__thread_id = 0x400, 151 | .thread__object_size = 0x4a8, 152 | .uthread__object_size = 0x200, 153 | .vm_map_entry__links__prev = 0x00, 154 | .vm_map_entry__links__next = 0x08, 155 | .vm_map_entry__links__start = 0x10, 156 | .vm_map_entry__links__end = 0x18, 157 | .vm_map_entry__store__entry__rbe_left = 0x20, 158 | .vm_map_entry__store__entry__rbe_right = 0x28, 159 | .vm_map_entry__store__entry__rbe_parent = 0x30, 160 | .vnode__v_un__vu_specinfo = 0x78, 161 | ._vm_map__hdr__links__prev = 0x00 + 0x8, 162 | ._vm_map__hdr__links__next = 0x08 + 0x8, 163 | ._vm_map__hdr__links__start = 0x10 + 0x8, 164 | ._vm_map__hdr__links__end = 0x18 + 0x8, 165 | ._vm_map__hdr__nentries = 0x30, 166 | ._vm_map__hdr__rb_head_store__rbh_root = 0x38, 167 | ._vm_map__pmap = 0x40, 168 | ._vm_map__hint = 0x90 + 0x08, 169 | ._vm_map__hole_hint = 0x90 + 0x10, 170 | ._vm_map__holes_list = 0x90 + 0x18, 171 | ._vm_map__object_size = 0xc0, 172 | .kernelcache__kernel_base = 0xfffffff007004000, 173 | .kernelcache__cdevsw = 0xfffffff00a2e9208, 174 | .kernelcache__gPhysBase = 0xfffffff0078f3fa0, 175 | .kernelcache__gPhysSize = 0xfffffff0078f3fa0 + 8, 176 | .kernelcache__gVirtBase = 0xfffffff0078f2178, 177 | .kernelcache__perfmon_devices = 0xfffffff00a327500, 178 | .kernelcache__perfmon_dev_open = 0xfffffff007ea5a88, 179 | .kernelcache__ptov_table = 0xfffffff0078a7160, 180 | .kernelcache__vm_first_phys_ppnum = 0xfffffff00a326990, 181 | .kernelcache__vm_pages = 0xfffffff0078a3ea8, 182 | .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078a6110, 183 | .kernelcache__vm_page_array_ending_addr = 0xfffffff00a326988, 184 | .kernelcache__vn_kqfilter = 0xfffffff007ef463c, 185 | }, 186 | }; 187 | 188 | #endif /* dynamic_info_h */ 189 | -------------------------------------------------------------------------------- /offsets/iPad11,2 16.4.1 20E252.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. 3 | */ 4 | 5 | #ifndef dynamic_info_h 6 | #define dynamic_info_h 7 | 8 | struct dynamic_info { 9 | const char* kern_version; 10 | // struct fileglob 11 | u64 fileglob__fg_ops; 12 | u64 fileglob__fg_data; 13 | // struct fileops 14 | u64 fileops__fo_kqfilter; 15 | // struct fileproc 16 | // u64 fileproc__fp_iocount; 17 | // u64 fileproc__fp_vflags; 18 | // u64 fileproc__fp_flags; 19 | // u64 fileproc__fp_guard_attrs; 20 | // u64 fileproc__fp_glob; 21 | // u64 fileproc__fp_guard; 22 | // u64 fileproc__object_size; 23 | // struct fileproc_guard 24 | u64 fileproc_guard__fpg_guard; 25 | // struct kqworkloop 26 | u64 kqworkloop__kqwl_state; 27 | u64 kqworkloop__kqwl_p; 28 | u64 kqworkloop__kqwl_owner; 29 | u64 kqworkloop__kqwl_dynamicid; 30 | u64 kqworkloop__object_size; 31 | // struct pmap 32 | u64 pmap__tte; 33 | u64 pmap__ttep; 34 | // struct proc 35 | u64 proc__p_list__le_next; 36 | u64 proc__p_list__le_prev; 37 | u64 proc__p_pid; 38 | u64 proc__p_fd__fd_ofiles; 39 | u64 proc__object_size; 40 | // struct pseminfo 41 | u64 pseminfo__psem_usecount; 42 | u64 pseminfo__psem_uid; 43 | u64 pseminfo__psem_gid; 44 | u64 pseminfo__psem_name; 45 | u64 pseminfo__psem_semobject; 46 | // struct psemnode 47 | // u64 psemnode__pinfo; 48 | // u64 psemnode__padding; 49 | // u64 psemnode__object_size; 50 | // struct semaphore 51 | u64 semaphore__owner; 52 | // struct specinfo 53 | u64 specinfo__si_rdev; 54 | // struct task 55 | u64 task__map; 56 | u64 task__threads__next; 57 | u64 task__threads__prev; 58 | u64 task__itk_space; 59 | u64 task__object_size; 60 | // struct thread 61 | u64 thread__task_threads__next; 62 | u64 thread__task_threads__prev; 63 | u64 thread__map; 64 | u64 thread__thread_id; 65 | u64 thread__object_size; 66 | // struct uthread 67 | u64 uthread__object_size; 68 | // struct vm_map_entry 69 | u64 vm_map_entry__links__prev; 70 | u64 vm_map_entry__links__next; 71 | u64 vm_map_entry__links__start; 72 | u64 vm_map_entry__links__end; 73 | u64 vm_map_entry__store__entry__rbe_left; 74 | u64 vm_map_entry__store__entry__rbe_right; 75 | u64 vm_map_entry__store__entry__rbe_parent; 76 | // struct vnode 77 | u64 vnode__v_un__vu_specinfo; 78 | // struct _vm_map 79 | u64 _vm_map__hdr__links__prev; 80 | u64 _vm_map__hdr__links__next; 81 | u64 _vm_map__hdr__links__start; 82 | u64 _vm_map__hdr__links__end; 83 | u64 _vm_map__hdr__nentries; 84 | u64 _vm_map__hdr__rb_head_store__rbh_root; 85 | u64 _vm_map__pmap; 86 | u64 _vm_map__hint; 87 | u64 _vm_map__hole_hint; 88 | u64 _vm_map__holes_list; 89 | u64 _vm_map__object_size; 90 | // kernelcache static addresses 91 | u64 kernelcache__kernel_base; 92 | u64 kernelcache__cdevsw; 93 | u64 kernelcache__gPhysBase; 94 | u64 kernelcache__gPhysSize; 95 | u64 kernelcache__gVirtBase; 96 | u64 kernelcache__perfmon_devices; 97 | u64 kernelcache__perfmon_dev_open; 98 | u64 kernelcache__ptov_table; 99 | u64 kernelcache__vm_first_phys_ppnum; 100 | u64 kernelcache__vm_pages; 101 | u64 kernelcache__vm_page_array_beginning_addr; 102 | u64 kernelcache__vm_page_array_ending_addr; 103 | u64 kernelcache__vn_kqfilter; 104 | }; 105 | 106 | const struct dynamic_info kern_versions[] = { 107 | { 108 | .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", 109 | .fileglob__fg_ops = 0x28, 110 | .fileglob__fg_data = 0x40 - 8, 111 | .fileops__fo_kqfilter = 0x30, 112 | // .fileproc__fp_iocount = 0x0000, 113 | // .fileproc__fp_vflags = 0x0004, 114 | // .fileproc__fp_flags = 0x0008, 115 | // .fileproc__fp_guard_attrs = 0x000a, 116 | // .fileproc__fp_glob = 0x0010, 117 | // .fileproc__fp_guard = 0x0018, 118 | // .fileproc__object_size = 0x0020, 119 | .fileproc_guard__fpg_guard = 0x8, 120 | .kqworkloop__kqwl_state = 0x10, 121 | .kqworkloop__kqwl_p = 0x18, 122 | .kqworkloop__kqwl_owner = 0xd0, 123 | .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, 124 | .kqworkloop__object_size = 0x108, 125 | .pmap__tte = 0x0, 126 | .pmap__ttep = 0x8, 127 | .proc__p_list__le_next = 0x0, 128 | .proc__p_list__le_prev = 0x8, 129 | .proc__p_pid = 0x60, 130 | .proc__p_fd__fd_ofiles = 0xf8, 131 | .proc__object_size = 0x730, 132 | .pseminfo__psem_usecount = 0x04, 133 | .pseminfo__psem_uid = 0x0c, 134 | .pseminfo__psem_gid = 0x10, 135 | .pseminfo__psem_name = 0x14, 136 | .pseminfo__psem_semobject = 0x38, 137 | // .psemnode__pinfo = 0x0000, 138 | // .psemnode__padding = 0x0008, 139 | // .psemnode__object_size = 0x0010, 140 | .semaphore__owner = 0x28, 141 | .specinfo__si_rdev = 0x18, 142 | .task__map = 0x28, 143 | .task__threads__next = 0x80 - 0x28, 144 | .task__threads__prev = 0x80 - 0x28 + 8, 145 | .task__itk_space = 0x300, 146 | .task__object_size = 0x628, 147 | .thread__task_threads__next = 0x368 - 0x18, 148 | .thread__task_threads__prev = 0x368 - 0x18 + 8, 149 | .thread__map = 0x368, 150 | .thread__thread_id = 0x400, 151 | .thread__object_size = 0x4a8, 152 | .uthread__object_size = 0x200, 153 | .vm_map_entry__links__prev = 0x00, 154 | .vm_map_entry__links__next = 0x08, 155 | .vm_map_entry__links__start = 0x10, 156 | .vm_map_entry__links__end = 0x18, 157 | .vm_map_entry__store__entry__rbe_left = 0x20, 158 | .vm_map_entry__store__entry__rbe_right = 0x28, 159 | .vm_map_entry__store__entry__rbe_parent = 0x30, 160 | .vnode__v_un__vu_specinfo = 0x78, 161 | ._vm_map__hdr__links__prev = 0x00 + 0x8, 162 | ._vm_map__hdr__links__next = 0x08 + 0x8, 163 | ._vm_map__hdr__links__start = 0x10 + 0x8, 164 | ._vm_map__hdr__links__end = 0x18 + 0x8, 165 | ._vm_map__hdr__nentries = 0x30, 166 | ._vm_map__hdr__rb_head_store__rbh_root = 0x38, 167 | ._vm_map__pmap = 0x40, 168 | ._vm_map__hint = 0x90 + 0x08, 169 | ._vm_map__hole_hint = 0x90 + 0x10, 170 | ._vm_map__holes_list = 0x90 + 0x18, 171 | ._vm_map__object_size = 0xc0, 172 | .kernelcache__kernel_base = 0xfffffff007004000, 173 | .kernelcache__cdevsw = 0xfffffff00a2e9208, 174 | .kernelcache__gPhysBase = 0xfffffff0078f3fa0, 175 | .kernelcache__gPhysSize = 0xfffffff0078f3fa0 + 8, 176 | .kernelcache__gVirtBase = 0xfffffff0078f2178, 177 | .kernelcache__perfmon_devices = 0xfffffff00a327500, 178 | .kernelcache__perfmon_dev_open = 0xfffffff007ea5a88, 179 | .kernelcache__ptov_table = 0xfffffff0078a7160, 180 | .kernelcache__vm_first_phys_ppnum = 0xfffffff00a326990, 181 | .kernelcache__vm_pages = 0xfffffff0078a3ea8, 182 | .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078a6110, 183 | .kernelcache__vm_page_array_ending_addr = 0xfffffff00a326988, 184 | .kernelcache__vn_kqfilter = 0xfffffff007ef463c, 185 | }, 186 | }; 187 | 188 | #endif /* dynamic_info_h */ 189 | -------------------------------------------------------------------------------- /offsets/iPad11,2 16.5 20F66.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. 3 | */ 4 | 5 | #ifndef dynamic_info_h 6 | #define dynamic_info_h 7 | 8 | struct dynamic_info { 9 | const char* kern_version; 10 | // struct fileglob 11 | u64 fileglob__fg_ops; 12 | u64 fileglob__fg_data; 13 | // struct fileops 14 | u64 fileops__fo_kqfilter; 15 | // struct fileproc 16 | // u64 fileproc__fp_iocount; 17 | // u64 fileproc__fp_vflags; 18 | // u64 fileproc__fp_flags; 19 | // u64 fileproc__fp_guard_attrs; 20 | // u64 fileproc__fp_glob; 21 | // u64 fileproc__fp_guard; 22 | // u64 fileproc__object_size; 23 | // struct fileproc_guard 24 | u64 fileproc_guard__fpg_guard; 25 | // struct kqworkloop 26 | u64 kqworkloop__kqwl_state; 27 | u64 kqworkloop__kqwl_p; 28 | u64 kqworkloop__kqwl_owner; 29 | u64 kqworkloop__kqwl_dynamicid; 30 | u64 kqworkloop__object_size; 31 | // struct pmap 32 | u64 pmap__tte; 33 | u64 pmap__ttep; 34 | // struct proc 35 | u64 proc__p_list__le_next; 36 | u64 proc__p_list__le_prev; 37 | u64 proc__p_pid; 38 | u64 proc__p_fd__fd_ofiles; 39 | u64 proc__object_size; 40 | // struct pseminfo 41 | u64 pseminfo__psem_usecount; 42 | u64 pseminfo__psem_uid; 43 | u64 pseminfo__psem_gid; 44 | u64 pseminfo__psem_name; 45 | u64 pseminfo__psem_semobject; 46 | // struct psemnode 47 | // u64 psemnode__pinfo; 48 | // u64 psemnode__padding; 49 | // u64 psemnode__object_size; 50 | // struct semaphore 51 | u64 semaphore__owner; 52 | // struct specinfo 53 | u64 specinfo__si_rdev; 54 | // struct task 55 | u64 task__map; 56 | u64 task__threads__next; 57 | u64 task__threads__prev; 58 | u64 task__itk_space; 59 | u64 task__object_size; 60 | // struct thread 61 | u64 thread__task_threads__next; 62 | u64 thread__task_threads__prev; 63 | u64 thread__map; 64 | u64 thread__thread_id; 65 | u64 thread__object_size; 66 | // struct uthread 67 | u64 uthread__object_size; 68 | // struct vm_map_entry 69 | u64 vm_map_entry__links__prev; 70 | u64 vm_map_entry__links__next; 71 | u64 vm_map_entry__links__start; 72 | u64 vm_map_entry__links__end; 73 | u64 vm_map_entry__store__entry__rbe_left; 74 | u64 vm_map_entry__store__entry__rbe_right; 75 | u64 vm_map_entry__store__entry__rbe_parent; 76 | // struct vnode 77 | u64 vnode__v_un__vu_specinfo; 78 | // struct _vm_map 79 | u64 _vm_map__hdr__links__prev; 80 | u64 _vm_map__hdr__links__next; 81 | u64 _vm_map__hdr__links__start; 82 | u64 _vm_map__hdr__links__end; 83 | u64 _vm_map__hdr__nentries; 84 | u64 _vm_map__hdr__rb_head_store__rbh_root; 85 | u64 _vm_map__pmap; 86 | u64 _vm_map__hint; 87 | u64 _vm_map__hole_hint; 88 | u64 _vm_map__holes_list; 89 | u64 _vm_map__object_size; 90 | // kernelcache static addresses 91 | u64 kernelcache__kernel_base; 92 | u64 kernelcache__cdevsw; 93 | u64 kernelcache__gPhysBase; 94 | u64 kernelcache__gPhysSize; 95 | u64 kernelcache__gVirtBase; 96 | u64 kernelcache__perfmon_devices; 97 | u64 kernelcache__perfmon_dev_open; 98 | u64 kernelcache__ptov_table; 99 | u64 kernelcache__vm_first_phys_ppnum; 100 | u64 kernelcache__vm_pages; 101 | u64 kernelcache__vm_page_array_beginning_addr; 102 | u64 kernelcache__vm_page_array_ending_addr; 103 | u64 kernelcache__vn_kqfilter; 104 | }; 105 | 106 | const struct dynamic_info kern_versions[] = { 107 | { 108 | .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", 109 | .fileglob__fg_ops = 0x28, 110 | .fileglob__fg_data = 0x40 - 8, 111 | .fileops__fo_kqfilter = 0x30, 112 | // .fileproc__fp_iocount = 0x0000, 113 | // .fileproc__fp_vflags = 0x0004, 114 | // .fileproc__fp_flags = 0x0008, 115 | // .fileproc__fp_guard_attrs = 0x000a, 116 | // .fileproc__fp_glob = 0x0010, 117 | // .fileproc__fp_guard = 0x0018, 118 | // .fileproc__object_size = 0x0020, 119 | .fileproc_guard__fpg_guard = 0x8, 120 | .kqworkloop__kqwl_state = 0x10, 121 | .kqworkloop__kqwl_p = 0x18, 122 | .kqworkloop__kqwl_owner = 0xd0, 123 | .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, 124 | .kqworkloop__object_size = 0x108, 125 | .pmap__tte = 0x0, 126 | .pmap__ttep = 0x8, 127 | .proc__p_list__le_next = 0x0, 128 | .proc__p_list__le_prev = 0x8, 129 | .proc__p_pid = 0x60, 130 | .proc__p_fd__fd_ofiles = 0xf8, 131 | .proc__object_size = 0x730, 132 | .pseminfo__psem_usecount = 0x04, 133 | .pseminfo__psem_uid = 0x0c, 134 | .pseminfo__psem_gid = 0x10, 135 | .pseminfo__psem_name = 0x14, 136 | .pseminfo__psem_semobject = 0x38, 137 | // .psemnode__pinfo = 0x0000, 138 | // .psemnode__padding = 0x0008, 139 | // .psemnode__object_size = 0x0010, 140 | .semaphore__owner = 0x28, 141 | .specinfo__si_rdev = 0x18, 142 | .task__map = 0x28, 143 | .task__threads__next = 0x80 - 0x28, 144 | .task__threads__prev = 0x80 - 0x28 + 8, 145 | .task__itk_space = 0x300, 146 | .task__object_size = 0x628, 147 | .thread__task_threads__next = 0x368 - 0x18, 148 | .thread__task_threads__prev = 0x368 - 0x18 + 8, 149 | .thread__map = 0x368, 150 | .thread__thread_id = 0x400, 151 | .thread__object_size = 0x4a8, 152 | .uthread__object_size = 0x200, 153 | .vm_map_entry__links__prev = 0x00, 154 | .vm_map_entry__links__next = 0x08, 155 | .vm_map_entry__links__start = 0x10, 156 | .vm_map_entry__links__end = 0x18, 157 | .vm_map_entry__store__entry__rbe_left = 0x20, 158 | .vm_map_entry__store__entry__rbe_right = 0x28, 159 | .vm_map_entry__store__entry__rbe_parent = 0x30, 160 | .vnode__v_un__vu_specinfo = 0x78, 161 | ._vm_map__hdr__links__prev = 0x00 + 0x8, 162 | ._vm_map__hdr__links__next = 0x08 + 0x8, 163 | ._vm_map__hdr__links__start = 0x10 + 0x8, 164 | ._vm_map__hdr__links__end = 0x18 + 0x8, 165 | ._vm_map__hdr__nentries = 0x30, 166 | ._vm_map__hdr__rb_head_store__rbh_root = 0x38, 167 | ._vm_map__pmap = 0x40, 168 | ._vm_map__hint = 0x90 + 0x08, 169 | ._vm_map__hole_hint = 0x90 + 0x10, 170 | ._vm_map__holes_list = 0x90 + 0x18, 171 | ._vm_map__object_size = 0xc0, 172 | .kernelcache__kernel_base = 0xfffffff007004000, 173 | .kernelcache__cdevsw = 0xfffffff00a2f1288, 174 | .kernelcache__gPhysBase = 0xfffffff0078f80e0, 175 | .kernelcache__gPhysSize = 0xfffffff0078f80e0 + 8, 176 | .kernelcache__gVirtBase = 0xfffffff0078f62b8, 177 | .kernelcache__perfmon_devices = 0xfffffff00a32f500, 178 | .kernelcache__perfmon_dev_open = 0xfffffff007ea9c8c, 179 | .kernelcache__ptov_table = 0xfffffff0078ab160, 180 | .kernelcache__vm_first_phys_ppnum = 0xfffffff00a32e990, 181 | .kernelcache__vm_pages = 0xfffffff0078a7ea8, 182 | .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078aa110, 183 | .kernelcache__vm_page_array_ending_addr = 0xfffffff00a32e988, 184 | .kernelcache__vn_kqfilter = 0xfffffff007ef8ad8, 185 | }, 186 | }; 187 | 188 | #endif /* dynamic_info_h */ 189 | -------------------------------------------------------------------------------- /offsets/iPad11,3 16.4 20E246.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. 3 | */ 4 | 5 | #ifndef dynamic_info_h 6 | #define dynamic_info_h 7 | 8 | struct dynamic_info { 9 | const char* kern_version; 10 | // struct fileglob 11 | u64 fileglob__fg_ops; 12 | u64 fileglob__fg_data; 13 | // struct fileops 14 | u64 fileops__fo_kqfilter; 15 | // struct fileproc 16 | // u64 fileproc__fp_iocount; 17 | // u64 fileproc__fp_vflags; 18 | // u64 fileproc__fp_flags; 19 | // u64 fileproc__fp_guard_attrs; 20 | // u64 fileproc__fp_glob; 21 | // u64 fileproc__fp_guard; 22 | // u64 fileproc__object_size; 23 | // struct fileproc_guard 24 | u64 fileproc_guard__fpg_guard; 25 | // struct kqworkloop 26 | u64 kqworkloop__kqwl_state; 27 | u64 kqworkloop__kqwl_p; 28 | u64 kqworkloop__kqwl_owner; 29 | u64 kqworkloop__kqwl_dynamicid; 30 | u64 kqworkloop__object_size; 31 | // struct pmap 32 | u64 pmap__tte; 33 | u64 pmap__ttep; 34 | // struct proc 35 | u64 proc__p_list__le_next; 36 | u64 proc__p_list__le_prev; 37 | u64 proc__p_pid; 38 | u64 proc__p_fd__fd_ofiles; 39 | u64 proc__object_size; 40 | // struct pseminfo 41 | u64 pseminfo__psem_usecount; 42 | u64 pseminfo__psem_uid; 43 | u64 pseminfo__psem_gid; 44 | u64 pseminfo__psem_name; 45 | u64 pseminfo__psem_semobject; 46 | // struct psemnode 47 | // u64 psemnode__pinfo; 48 | // u64 psemnode__padding; 49 | // u64 psemnode__object_size; 50 | // struct semaphore 51 | u64 semaphore__owner; 52 | // struct specinfo 53 | u64 specinfo__si_rdev; 54 | // struct task 55 | u64 task__map; 56 | u64 task__threads__next; 57 | u64 task__threads__prev; 58 | u64 task__itk_space; 59 | u64 task__object_size; 60 | // struct thread 61 | u64 thread__task_threads__next; 62 | u64 thread__task_threads__prev; 63 | u64 thread__map; 64 | u64 thread__thread_id; 65 | u64 thread__object_size; 66 | // struct uthread 67 | u64 uthread__object_size; 68 | // struct vm_map_entry 69 | u64 vm_map_entry__links__prev; 70 | u64 vm_map_entry__links__next; 71 | u64 vm_map_entry__links__start; 72 | u64 vm_map_entry__links__end; 73 | u64 vm_map_entry__store__entry__rbe_left; 74 | u64 vm_map_entry__store__entry__rbe_right; 75 | u64 vm_map_entry__store__entry__rbe_parent; 76 | // struct vnode 77 | u64 vnode__v_un__vu_specinfo; 78 | // struct _vm_map 79 | u64 _vm_map__hdr__links__prev; 80 | u64 _vm_map__hdr__links__next; 81 | u64 _vm_map__hdr__links__start; 82 | u64 _vm_map__hdr__links__end; 83 | u64 _vm_map__hdr__nentries; 84 | u64 _vm_map__hdr__rb_head_store__rbh_root; 85 | u64 _vm_map__pmap; 86 | u64 _vm_map__hint; 87 | u64 _vm_map__hole_hint; 88 | u64 _vm_map__holes_list; 89 | u64 _vm_map__object_size; 90 | // kernelcache static addresses 91 | u64 kernelcache__kernel_base; 92 | u64 kernelcache__cdevsw; 93 | u64 kernelcache__gPhysBase; 94 | u64 kernelcache__gPhysSize; 95 | u64 kernelcache__gVirtBase; 96 | u64 kernelcache__perfmon_devices; 97 | u64 kernelcache__perfmon_dev_open; 98 | u64 kernelcache__ptov_table; 99 | u64 kernelcache__vm_first_phys_ppnum; 100 | u64 kernelcache__vm_pages; 101 | u64 kernelcache__vm_page_array_beginning_addr; 102 | u64 kernelcache__vm_page_array_ending_addr; 103 | u64 kernelcache__vn_kqfilter; 104 | }; 105 | 106 | const struct dynamic_info kern_versions[] = { 107 | { 108 | .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", 109 | .fileglob__fg_ops = 0x28, 110 | .fileglob__fg_data = 0x40 - 8, 111 | .fileops__fo_kqfilter = 0x30, 112 | // .fileproc__fp_iocount = 0x0000, 113 | // .fileproc__fp_vflags = 0x0004, 114 | // .fileproc__fp_flags = 0x0008, 115 | // .fileproc__fp_guard_attrs = 0x000a, 116 | // .fileproc__fp_glob = 0x0010, 117 | // .fileproc__fp_guard = 0x0018, 118 | // .fileproc__object_size = 0x0020, 119 | .fileproc_guard__fpg_guard = 0x8, 120 | .kqworkloop__kqwl_state = 0x10, 121 | .kqworkloop__kqwl_p = 0x18, 122 | .kqworkloop__kqwl_owner = 0xd0, 123 | .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, 124 | .kqworkloop__object_size = 0x108, 125 | .pmap__tte = 0x0, 126 | .pmap__ttep = 0x8, 127 | .proc__p_list__le_next = 0x0, 128 | .proc__p_list__le_prev = 0x8, 129 | .proc__p_pid = 0x60, 130 | .proc__p_fd__fd_ofiles = 0xf8, 131 | .proc__object_size = 0x730, 132 | .pseminfo__psem_usecount = 0x04, 133 | .pseminfo__psem_uid = 0x0c, 134 | .pseminfo__psem_gid = 0x10, 135 | .pseminfo__psem_name = 0x14, 136 | .pseminfo__psem_semobject = 0x38, 137 | // .psemnode__pinfo = 0x0000, 138 | // .psemnode__padding = 0x0008, 139 | // .psemnode__object_size = 0x0010, 140 | .semaphore__owner = 0x28, 141 | .specinfo__si_rdev = 0x18, 142 | .task__map = 0x28, 143 | .task__threads__next = 0x80 - 0x28, 144 | .task__threads__prev = 0x80 - 0x28 + 8, 145 | .task__itk_space = 0x300, 146 | .task__object_size = 0x628, 147 | .thread__task_threads__next = 0x368 - 0x18, 148 | .thread__task_threads__prev = 0x368 - 0x18 + 8, 149 | .thread__map = 0x368, 150 | .thread__thread_id = 0x400, 151 | .thread__object_size = 0x4a8, 152 | .uthread__object_size = 0x200, 153 | .vm_map_entry__links__prev = 0x00, 154 | .vm_map_entry__links__next = 0x08, 155 | .vm_map_entry__links__start = 0x10, 156 | .vm_map_entry__links__end = 0x18, 157 | .vm_map_entry__store__entry__rbe_left = 0x20, 158 | .vm_map_entry__store__entry__rbe_right = 0x28, 159 | .vm_map_entry__store__entry__rbe_parent = 0x30, 160 | .vnode__v_un__vu_specinfo = 0x78, 161 | ._vm_map__hdr__links__prev = 0x00 + 0x8, 162 | ._vm_map__hdr__links__next = 0x08 + 0x8, 163 | ._vm_map__hdr__links__start = 0x10 + 0x8, 164 | ._vm_map__hdr__links__end = 0x18 + 0x8, 165 | ._vm_map__hdr__nentries = 0x30, 166 | ._vm_map__hdr__rb_head_store__rbh_root = 0x38, 167 | ._vm_map__pmap = 0x40, 168 | ._vm_map__hint = 0x90 + 0x08, 169 | ._vm_map__hole_hint = 0x90 + 0x10, 170 | ._vm_map__holes_list = 0x90 + 0x18, 171 | ._vm_map__object_size = 0xc0, 172 | .kernelcache__kernel_base = 0xfffffff007004000, 173 | .kernelcache__cdevsw = 0xfffffff00a2e9208, 174 | .kernelcache__gPhysBase = 0xfffffff0078f3fa0, 175 | .kernelcache__gPhysSize = 0xfffffff0078f3fa0 + 8, 176 | .kernelcache__gVirtBase = 0xfffffff0078f2178, 177 | .kernelcache__perfmon_devices = 0xfffffff00a327500, 178 | .kernelcache__perfmon_dev_open = 0xfffffff007ea5a88, 179 | .kernelcache__ptov_table = 0xfffffff0078a7160, 180 | .kernelcache__vm_first_phys_ppnum = 0xfffffff00a326990, 181 | .kernelcache__vm_pages = 0xfffffff0078a3ea8, 182 | .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078a6110, 183 | .kernelcache__vm_page_array_ending_addr = 0xfffffff00a326988, 184 | .kernelcache__vn_kqfilter = 0xfffffff007ef463c, 185 | }, 186 | }; 187 | 188 | #endif /* dynamic_info_h */ 189 | -------------------------------------------------------------------------------- /offsets/iPad11,3 16.4.1 20E252.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. 3 | */ 4 | 5 | #ifndef dynamic_info_h 6 | #define dynamic_info_h 7 | 8 | struct dynamic_info { 9 | const char* kern_version; 10 | // struct fileglob 11 | u64 fileglob__fg_ops; 12 | u64 fileglob__fg_data; 13 | // struct fileops 14 | u64 fileops__fo_kqfilter; 15 | // struct fileproc 16 | // u64 fileproc__fp_iocount; 17 | // u64 fileproc__fp_vflags; 18 | // u64 fileproc__fp_flags; 19 | // u64 fileproc__fp_guard_attrs; 20 | // u64 fileproc__fp_glob; 21 | // u64 fileproc__fp_guard; 22 | // u64 fileproc__object_size; 23 | // struct fileproc_guard 24 | u64 fileproc_guard__fpg_guard; 25 | // struct kqworkloop 26 | u64 kqworkloop__kqwl_state; 27 | u64 kqworkloop__kqwl_p; 28 | u64 kqworkloop__kqwl_owner; 29 | u64 kqworkloop__kqwl_dynamicid; 30 | u64 kqworkloop__object_size; 31 | // struct pmap 32 | u64 pmap__tte; 33 | u64 pmap__ttep; 34 | // struct proc 35 | u64 proc__p_list__le_next; 36 | u64 proc__p_list__le_prev; 37 | u64 proc__p_pid; 38 | u64 proc__p_fd__fd_ofiles; 39 | u64 proc__object_size; 40 | // struct pseminfo 41 | u64 pseminfo__psem_usecount; 42 | u64 pseminfo__psem_uid; 43 | u64 pseminfo__psem_gid; 44 | u64 pseminfo__psem_name; 45 | u64 pseminfo__psem_semobject; 46 | // struct psemnode 47 | // u64 psemnode__pinfo; 48 | // u64 psemnode__padding; 49 | // u64 psemnode__object_size; 50 | // struct semaphore 51 | u64 semaphore__owner; 52 | // struct specinfo 53 | u64 specinfo__si_rdev; 54 | // struct task 55 | u64 task__map; 56 | u64 task__threads__next; 57 | u64 task__threads__prev; 58 | u64 task__itk_space; 59 | u64 task__object_size; 60 | // struct thread 61 | u64 thread__task_threads__next; 62 | u64 thread__task_threads__prev; 63 | u64 thread__map; 64 | u64 thread__thread_id; 65 | u64 thread__object_size; 66 | // struct uthread 67 | u64 uthread__object_size; 68 | // struct vm_map_entry 69 | u64 vm_map_entry__links__prev; 70 | u64 vm_map_entry__links__next; 71 | u64 vm_map_entry__links__start; 72 | u64 vm_map_entry__links__end; 73 | u64 vm_map_entry__store__entry__rbe_left; 74 | u64 vm_map_entry__store__entry__rbe_right; 75 | u64 vm_map_entry__store__entry__rbe_parent; 76 | // struct vnode 77 | u64 vnode__v_un__vu_specinfo; 78 | // struct _vm_map 79 | u64 _vm_map__hdr__links__prev; 80 | u64 _vm_map__hdr__links__next; 81 | u64 _vm_map__hdr__links__start; 82 | u64 _vm_map__hdr__links__end; 83 | u64 _vm_map__hdr__nentries; 84 | u64 _vm_map__hdr__rb_head_store__rbh_root; 85 | u64 _vm_map__pmap; 86 | u64 _vm_map__hint; 87 | u64 _vm_map__hole_hint; 88 | u64 _vm_map__holes_list; 89 | u64 _vm_map__object_size; 90 | // kernelcache static addresses 91 | u64 kernelcache__kernel_base; 92 | u64 kernelcache__cdevsw; 93 | u64 kernelcache__gPhysBase; 94 | u64 kernelcache__gPhysSize; 95 | u64 kernelcache__gVirtBase; 96 | u64 kernelcache__perfmon_devices; 97 | u64 kernelcache__perfmon_dev_open; 98 | u64 kernelcache__ptov_table; 99 | u64 kernelcache__vm_first_phys_ppnum; 100 | u64 kernelcache__vm_pages; 101 | u64 kernelcache__vm_page_array_beginning_addr; 102 | u64 kernelcache__vm_page_array_ending_addr; 103 | u64 kernelcache__vn_kqfilter; 104 | }; 105 | 106 | const struct dynamic_info kern_versions[] = { 107 | { 108 | .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", 109 | .fileglob__fg_ops = 0x28, 110 | .fileglob__fg_data = 0x40 - 8, 111 | .fileops__fo_kqfilter = 0x30, 112 | // .fileproc__fp_iocount = 0x0000, 113 | // .fileproc__fp_vflags = 0x0004, 114 | // .fileproc__fp_flags = 0x0008, 115 | // .fileproc__fp_guard_attrs = 0x000a, 116 | // .fileproc__fp_glob = 0x0010, 117 | // .fileproc__fp_guard = 0x0018, 118 | // .fileproc__object_size = 0x0020, 119 | .fileproc_guard__fpg_guard = 0x8, 120 | .kqworkloop__kqwl_state = 0x10, 121 | .kqworkloop__kqwl_p = 0x18, 122 | .kqworkloop__kqwl_owner = 0xd0, 123 | .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, 124 | .kqworkloop__object_size = 0x108, 125 | .pmap__tte = 0x0, 126 | .pmap__ttep = 0x8, 127 | .proc__p_list__le_next = 0x0, 128 | .proc__p_list__le_prev = 0x8, 129 | .proc__p_pid = 0x60, 130 | .proc__p_fd__fd_ofiles = 0xf8, 131 | .proc__object_size = 0x730, 132 | .pseminfo__psem_usecount = 0x04, 133 | .pseminfo__psem_uid = 0x0c, 134 | .pseminfo__psem_gid = 0x10, 135 | .pseminfo__psem_name = 0x14, 136 | .pseminfo__psem_semobject = 0x38, 137 | // .psemnode__pinfo = 0x0000, 138 | // .psemnode__padding = 0x0008, 139 | // .psemnode__object_size = 0x0010, 140 | .semaphore__owner = 0x28, 141 | .specinfo__si_rdev = 0x18, 142 | .task__map = 0x28, 143 | .task__threads__next = 0x80 - 0x28, 144 | .task__threads__prev = 0x80 - 0x28 + 8, 145 | .task__itk_space = 0x300, 146 | .task__object_size = 0x628, 147 | .thread__task_threads__next = 0x368 - 0x18, 148 | .thread__task_threads__prev = 0x368 - 0x18 + 8, 149 | .thread__map = 0x368, 150 | .thread__thread_id = 0x400, 151 | .thread__object_size = 0x4a8, 152 | .uthread__object_size = 0x200, 153 | .vm_map_entry__links__prev = 0x00, 154 | .vm_map_entry__links__next = 0x08, 155 | .vm_map_entry__links__start = 0x10, 156 | .vm_map_entry__links__end = 0x18, 157 | .vm_map_entry__store__entry__rbe_left = 0x20, 158 | .vm_map_entry__store__entry__rbe_right = 0x28, 159 | .vm_map_entry__store__entry__rbe_parent = 0x30, 160 | .vnode__v_un__vu_specinfo = 0x78, 161 | ._vm_map__hdr__links__prev = 0x00 + 0x8, 162 | ._vm_map__hdr__links__next = 0x08 + 0x8, 163 | ._vm_map__hdr__links__start = 0x10 + 0x8, 164 | ._vm_map__hdr__links__end = 0x18 + 0x8, 165 | ._vm_map__hdr__nentries = 0x30, 166 | ._vm_map__hdr__rb_head_store__rbh_root = 0x38, 167 | ._vm_map__pmap = 0x40, 168 | ._vm_map__hint = 0x90 + 0x08, 169 | ._vm_map__hole_hint = 0x90 + 0x10, 170 | ._vm_map__holes_list = 0x90 + 0x18, 171 | ._vm_map__object_size = 0xc0, 172 | .kernelcache__kernel_base = 0xfffffff007004000, 173 | .kernelcache__cdevsw = 0xfffffff00a2e9208, 174 | .kernelcache__gPhysBase = 0xfffffff0078f3fa0, 175 | .kernelcache__gPhysSize = 0xfffffff0078f3fa0 + 8, 176 | .kernelcache__gVirtBase = 0xfffffff0078f2178, 177 | .kernelcache__perfmon_devices = 0xfffffff00a327500, 178 | .kernelcache__perfmon_dev_open = 0xfffffff007ea5a88, 179 | .kernelcache__ptov_table = 0xfffffff0078a7160, 180 | .kernelcache__vm_first_phys_ppnum = 0xfffffff00a326990, 181 | .kernelcache__vm_pages = 0xfffffff0078a3ea8, 182 | .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078a6110, 183 | .kernelcache__vm_page_array_ending_addr = 0xfffffff00a326988, 184 | .kernelcache__vn_kqfilter = 0xfffffff007ef463c, 185 | }, 186 | }; 187 | 188 | #endif /* dynamic_info_h */ 189 | -------------------------------------------------------------------------------- /offsets/iPad11,3 16.5 20F66.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. 3 | */ 4 | 5 | #ifndef dynamic_info_h 6 | #define dynamic_info_h 7 | 8 | struct dynamic_info { 9 | const char* kern_version; 10 | // struct fileglob 11 | u64 fileglob__fg_ops; 12 | u64 fileglob__fg_data; 13 | // struct fileops 14 | u64 fileops__fo_kqfilter; 15 | // struct fileproc 16 | // u64 fileproc__fp_iocount; 17 | // u64 fileproc__fp_vflags; 18 | // u64 fileproc__fp_flags; 19 | // u64 fileproc__fp_guard_attrs; 20 | // u64 fileproc__fp_glob; 21 | // u64 fileproc__fp_guard; 22 | // u64 fileproc__object_size; 23 | // struct fileproc_guard 24 | u64 fileproc_guard__fpg_guard; 25 | // struct kqworkloop 26 | u64 kqworkloop__kqwl_state; 27 | u64 kqworkloop__kqwl_p; 28 | u64 kqworkloop__kqwl_owner; 29 | u64 kqworkloop__kqwl_dynamicid; 30 | u64 kqworkloop__object_size; 31 | // struct pmap 32 | u64 pmap__tte; 33 | u64 pmap__ttep; 34 | // struct proc 35 | u64 proc__p_list__le_next; 36 | u64 proc__p_list__le_prev; 37 | u64 proc__p_pid; 38 | u64 proc__p_fd__fd_ofiles; 39 | u64 proc__object_size; 40 | // struct pseminfo 41 | u64 pseminfo__psem_usecount; 42 | u64 pseminfo__psem_uid; 43 | u64 pseminfo__psem_gid; 44 | u64 pseminfo__psem_name; 45 | u64 pseminfo__psem_semobject; 46 | // struct psemnode 47 | // u64 psemnode__pinfo; 48 | // u64 psemnode__padding; 49 | // u64 psemnode__object_size; 50 | // struct semaphore 51 | u64 semaphore__owner; 52 | // struct specinfo 53 | u64 specinfo__si_rdev; 54 | // struct task 55 | u64 task__map; 56 | u64 task__threads__next; 57 | u64 task__threads__prev; 58 | u64 task__itk_space; 59 | u64 task__object_size; 60 | // struct thread 61 | u64 thread__task_threads__next; 62 | u64 thread__task_threads__prev; 63 | u64 thread__map; 64 | u64 thread__thread_id; 65 | u64 thread__object_size; 66 | // struct uthread 67 | u64 uthread__object_size; 68 | // struct vm_map_entry 69 | u64 vm_map_entry__links__prev; 70 | u64 vm_map_entry__links__next; 71 | u64 vm_map_entry__links__start; 72 | u64 vm_map_entry__links__end; 73 | u64 vm_map_entry__store__entry__rbe_left; 74 | u64 vm_map_entry__store__entry__rbe_right; 75 | u64 vm_map_entry__store__entry__rbe_parent; 76 | // struct vnode 77 | u64 vnode__v_un__vu_specinfo; 78 | // struct _vm_map 79 | u64 _vm_map__hdr__links__prev; 80 | u64 _vm_map__hdr__links__next; 81 | u64 _vm_map__hdr__links__start; 82 | u64 _vm_map__hdr__links__end; 83 | u64 _vm_map__hdr__nentries; 84 | u64 _vm_map__hdr__rb_head_store__rbh_root; 85 | u64 _vm_map__pmap; 86 | u64 _vm_map__hint; 87 | u64 _vm_map__hole_hint; 88 | u64 _vm_map__holes_list; 89 | u64 _vm_map__object_size; 90 | // kernelcache static addresses 91 | u64 kernelcache__kernel_base; 92 | u64 kernelcache__cdevsw; 93 | u64 kernelcache__gPhysBase; 94 | u64 kernelcache__gPhysSize; 95 | u64 kernelcache__gVirtBase; 96 | u64 kernelcache__perfmon_devices; 97 | u64 kernelcache__perfmon_dev_open; 98 | u64 kernelcache__ptov_table; 99 | u64 kernelcache__vm_first_phys_ppnum; 100 | u64 kernelcache__vm_pages; 101 | u64 kernelcache__vm_page_array_beginning_addr; 102 | u64 kernelcache__vm_page_array_ending_addr; 103 | u64 kernelcache__vn_kqfilter; 104 | }; 105 | 106 | const struct dynamic_info kern_versions[] = { 107 | { 108 | .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", 109 | .fileglob__fg_ops = 0x28, 110 | .fileglob__fg_data = 0x40 - 8, 111 | .fileops__fo_kqfilter = 0x30, 112 | // .fileproc__fp_iocount = 0x0000, 113 | // .fileproc__fp_vflags = 0x0004, 114 | // .fileproc__fp_flags = 0x0008, 115 | // .fileproc__fp_guard_attrs = 0x000a, 116 | // .fileproc__fp_glob = 0x0010, 117 | // .fileproc__fp_guard = 0x0018, 118 | // .fileproc__object_size = 0x0020, 119 | .fileproc_guard__fpg_guard = 0x8, 120 | .kqworkloop__kqwl_state = 0x10, 121 | .kqworkloop__kqwl_p = 0x18, 122 | .kqworkloop__kqwl_owner = 0xd0, 123 | .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, 124 | .kqworkloop__object_size = 0x108, 125 | .pmap__tte = 0x0, 126 | .pmap__ttep = 0x8, 127 | .proc__p_list__le_next = 0x0, 128 | .proc__p_list__le_prev = 0x8, 129 | .proc__p_pid = 0x60, 130 | .proc__p_fd__fd_ofiles = 0xf8, 131 | .proc__object_size = 0x730, 132 | .pseminfo__psem_usecount = 0x04, 133 | .pseminfo__psem_uid = 0x0c, 134 | .pseminfo__psem_gid = 0x10, 135 | .pseminfo__psem_name = 0x14, 136 | .pseminfo__psem_semobject = 0x38, 137 | // .psemnode__pinfo = 0x0000, 138 | // .psemnode__padding = 0x0008, 139 | // .psemnode__object_size = 0x0010, 140 | .semaphore__owner = 0x28, 141 | .specinfo__si_rdev = 0x18, 142 | .task__map = 0x28, 143 | .task__threads__next = 0x80 - 0x28, 144 | .task__threads__prev = 0x80 - 0x28 + 8, 145 | .task__itk_space = 0x300, 146 | .task__object_size = 0x628, 147 | .thread__task_threads__next = 0x368 - 0x18, 148 | .thread__task_threads__prev = 0x368 - 0x18 + 8, 149 | .thread__map = 0x368, 150 | .thread__thread_id = 0x400, 151 | .thread__object_size = 0x4a8, 152 | .uthread__object_size = 0x200, 153 | .vm_map_entry__links__prev = 0x00, 154 | .vm_map_entry__links__next = 0x08, 155 | .vm_map_entry__links__start = 0x10, 156 | .vm_map_entry__links__end = 0x18, 157 | .vm_map_entry__store__entry__rbe_left = 0x20, 158 | .vm_map_entry__store__entry__rbe_right = 0x28, 159 | .vm_map_entry__store__entry__rbe_parent = 0x30, 160 | .vnode__v_un__vu_specinfo = 0x78, 161 | ._vm_map__hdr__links__prev = 0x00 + 0x8, 162 | ._vm_map__hdr__links__next = 0x08 + 0x8, 163 | ._vm_map__hdr__links__start = 0x10 + 0x8, 164 | ._vm_map__hdr__links__end = 0x18 + 0x8, 165 | ._vm_map__hdr__nentries = 0x30, 166 | ._vm_map__hdr__rb_head_store__rbh_root = 0x38, 167 | ._vm_map__pmap = 0x40, 168 | ._vm_map__hint = 0x90 + 0x08, 169 | ._vm_map__hole_hint = 0x90 + 0x10, 170 | ._vm_map__holes_list = 0x90 + 0x18, 171 | ._vm_map__object_size = 0xc0, 172 | .kernelcache__kernel_base = 0xfffffff007004000, 173 | .kernelcache__cdevsw = 0xfffffff00a2f1288, 174 | .kernelcache__gPhysBase = 0xfffffff0078f80e0, 175 | .kernelcache__gPhysSize = 0xfffffff0078f80e0 + 8, 176 | .kernelcache__gVirtBase = 0xfffffff0078f62b8, 177 | .kernelcache__perfmon_devices = 0xfffffff00a32f500, 178 | .kernelcache__perfmon_dev_open = 0xfffffff007ea9c8c, 179 | .kernelcache__ptov_table = 0xfffffff0078ab160, 180 | .kernelcache__vm_first_phys_ppnum = 0xfffffff00a32e990, 181 | .kernelcache__vm_pages = 0xfffffff0078a7ea8, 182 | .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078aa110, 183 | .kernelcache__vm_page_array_ending_addr = 0xfffffff00a32e988, 184 | .kernelcache__vn_kqfilter = 0xfffffff007ef8ad8, 185 | }, 186 | }; 187 | 188 | #endif /* dynamic_info_h */ 189 | -------------------------------------------------------------------------------- /offsets/iPad11,4 16.4 20E246.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. 3 | */ 4 | 5 | #ifndef dynamic_info_h 6 | #define dynamic_info_h 7 | 8 | struct dynamic_info { 9 | const char* kern_version; 10 | // struct fileglob 11 | u64 fileglob__fg_ops; 12 | u64 fileglob__fg_data; 13 | // struct fileops 14 | u64 fileops__fo_kqfilter; 15 | // struct fileproc 16 | // u64 fileproc__fp_iocount; 17 | // u64 fileproc__fp_vflags; 18 | // u64 fileproc__fp_flags; 19 | // u64 fileproc__fp_guard_attrs; 20 | // u64 fileproc__fp_glob; 21 | // u64 fileproc__fp_guard; 22 | // u64 fileproc__object_size; 23 | // struct fileproc_guard 24 | u64 fileproc_guard__fpg_guard; 25 | // struct kqworkloop 26 | u64 kqworkloop__kqwl_state; 27 | u64 kqworkloop__kqwl_p; 28 | u64 kqworkloop__kqwl_owner; 29 | u64 kqworkloop__kqwl_dynamicid; 30 | u64 kqworkloop__object_size; 31 | // struct pmap 32 | u64 pmap__tte; 33 | u64 pmap__ttep; 34 | // struct proc 35 | u64 proc__p_list__le_next; 36 | u64 proc__p_list__le_prev; 37 | u64 proc__p_pid; 38 | u64 proc__p_fd__fd_ofiles; 39 | u64 proc__object_size; 40 | // struct pseminfo 41 | u64 pseminfo__psem_usecount; 42 | u64 pseminfo__psem_uid; 43 | u64 pseminfo__psem_gid; 44 | u64 pseminfo__psem_name; 45 | u64 pseminfo__psem_semobject; 46 | // struct psemnode 47 | // u64 psemnode__pinfo; 48 | // u64 psemnode__padding; 49 | // u64 psemnode__object_size; 50 | // struct semaphore 51 | u64 semaphore__owner; 52 | // struct specinfo 53 | u64 specinfo__si_rdev; 54 | // struct task 55 | u64 task__map; 56 | u64 task__threads__next; 57 | u64 task__threads__prev; 58 | u64 task__itk_space; 59 | u64 task__object_size; 60 | // struct thread 61 | u64 thread__task_threads__next; 62 | u64 thread__task_threads__prev; 63 | u64 thread__map; 64 | u64 thread__thread_id; 65 | u64 thread__object_size; 66 | // struct uthread 67 | u64 uthread__object_size; 68 | // struct vm_map_entry 69 | u64 vm_map_entry__links__prev; 70 | u64 vm_map_entry__links__next; 71 | u64 vm_map_entry__links__start; 72 | u64 vm_map_entry__links__end; 73 | u64 vm_map_entry__store__entry__rbe_left; 74 | u64 vm_map_entry__store__entry__rbe_right; 75 | u64 vm_map_entry__store__entry__rbe_parent; 76 | // struct vnode 77 | u64 vnode__v_un__vu_specinfo; 78 | // struct _vm_map 79 | u64 _vm_map__hdr__links__prev; 80 | u64 _vm_map__hdr__links__next; 81 | u64 _vm_map__hdr__links__start; 82 | u64 _vm_map__hdr__links__end; 83 | u64 _vm_map__hdr__nentries; 84 | u64 _vm_map__hdr__rb_head_store__rbh_root; 85 | u64 _vm_map__pmap; 86 | u64 _vm_map__hint; 87 | u64 _vm_map__hole_hint; 88 | u64 _vm_map__holes_list; 89 | u64 _vm_map__object_size; 90 | // kernelcache static addresses 91 | u64 kernelcache__kernel_base; 92 | u64 kernelcache__cdevsw; 93 | u64 kernelcache__gPhysBase; 94 | u64 kernelcache__gPhysSize; 95 | u64 kernelcache__gVirtBase; 96 | u64 kernelcache__perfmon_devices; 97 | u64 kernelcache__perfmon_dev_open; 98 | u64 kernelcache__ptov_table; 99 | u64 kernelcache__vm_first_phys_ppnum; 100 | u64 kernelcache__vm_pages; 101 | u64 kernelcache__vm_page_array_beginning_addr; 102 | u64 kernelcache__vm_page_array_ending_addr; 103 | u64 kernelcache__vn_kqfilter; 104 | }; 105 | 106 | const struct dynamic_info kern_versions[] = { 107 | { 108 | .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", 109 | .fileglob__fg_ops = 0x28, 110 | .fileglob__fg_data = 0x40 - 8, 111 | .fileops__fo_kqfilter = 0x30, 112 | // .fileproc__fp_iocount = 0x0000, 113 | // .fileproc__fp_vflags = 0x0004, 114 | // .fileproc__fp_flags = 0x0008, 115 | // .fileproc__fp_guard_attrs = 0x000a, 116 | // .fileproc__fp_glob = 0x0010, 117 | // .fileproc__fp_guard = 0x0018, 118 | // .fileproc__object_size = 0x0020, 119 | .fileproc_guard__fpg_guard = 0x8, 120 | .kqworkloop__kqwl_state = 0x10, 121 | .kqworkloop__kqwl_p = 0x18, 122 | .kqworkloop__kqwl_owner = 0xd0, 123 | .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, 124 | .kqworkloop__object_size = 0x108, 125 | .pmap__tte = 0x0, 126 | .pmap__ttep = 0x8, 127 | .proc__p_list__le_next = 0x0, 128 | .proc__p_list__le_prev = 0x8, 129 | .proc__p_pid = 0x60, 130 | .proc__p_fd__fd_ofiles = 0xf8, 131 | .proc__object_size = 0x730, 132 | .pseminfo__psem_usecount = 0x04, 133 | .pseminfo__psem_uid = 0x0c, 134 | .pseminfo__psem_gid = 0x10, 135 | .pseminfo__psem_name = 0x14, 136 | .pseminfo__psem_semobject = 0x38, 137 | // .psemnode__pinfo = 0x0000, 138 | // .psemnode__padding = 0x0008, 139 | // .psemnode__object_size = 0x0010, 140 | .semaphore__owner = 0x28, 141 | .specinfo__si_rdev = 0x18, 142 | .task__map = 0x28, 143 | .task__threads__next = 0x80 - 0x28, 144 | .task__threads__prev = 0x80 - 0x28 + 8, 145 | .task__itk_space = 0x300, 146 | .task__object_size = 0x628, 147 | .thread__task_threads__next = 0x368 - 0x18, 148 | .thread__task_threads__prev = 0x368 - 0x18 + 8, 149 | .thread__map = 0x368, 150 | .thread__thread_id = 0x400, 151 | .thread__object_size = 0x4a8, 152 | .uthread__object_size = 0x200, 153 | .vm_map_entry__links__prev = 0x00, 154 | .vm_map_entry__links__next = 0x08, 155 | .vm_map_entry__links__start = 0x10, 156 | .vm_map_entry__links__end = 0x18, 157 | .vm_map_entry__store__entry__rbe_left = 0x20, 158 | .vm_map_entry__store__entry__rbe_right = 0x28, 159 | .vm_map_entry__store__entry__rbe_parent = 0x30, 160 | .vnode__v_un__vu_specinfo = 0x78, 161 | ._vm_map__hdr__links__prev = 0x00 + 0x8, 162 | ._vm_map__hdr__links__next = 0x08 + 0x8, 163 | ._vm_map__hdr__links__start = 0x10 + 0x8, 164 | ._vm_map__hdr__links__end = 0x18 + 0x8, 165 | ._vm_map__hdr__nentries = 0x30, 166 | ._vm_map__hdr__rb_head_store__rbh_root = 0x38, 167 | ._vm_map__pmap = 0x40, 168 | ._vm_map__hint = 0x90 + 0x08, 169 | ._vm_map__hole_hint = 0x90 + 0x10, 170 | ._vm_map__holes_list = 0x90 + 0x18, 171 | ._vm_map__object_size = 0xc0, 172 | .kernelcache__kernel_base = 0xfffffff007004000, 173 | .kernelcache__cdevsw = 0xfffffff00a2e9208, 174 | .kernelcache__gPhysBase = 0xfffffff0078f3fa0, 175 | .kernelcache__gPhysSize = 0xfffffff0078f3fa0 + 8, 176 | .kernelcache__gVirtBase = 0xfffffff0078f2178, 177 | .kernelcache__perfmon_devices = 0xfffffff00a327500, 178 | .kernelcache__perfmon_dev_open = 0xfffffff007ea5a88, 179 | .kernelcache__ptov_table = 0xfffffff0078a7160, 180 | .kernelcache__vm_first_phys_ppnum = 0xfffffff00a326990, 181 | .kernelcache__vm_pages = 0xfffffff0078a3ea8, 182 | .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078a6110, 183 | .kernelcache__vm_page_array_ending_addr = 0xfffffff00a326988, 184 | .kernelcache__vn_kqfilter = 0xfffffff007ef463c, 185 | }, 186 | }; 187 | 188 | #endif /* dynamic_info_h */ 189 | -------------------------------------------------------------------------------- /offsets/iPad11,4 16.4.1 20E252.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. 3 | */ 4 | 5 | #ifndef dynamic_info_h 6 | #define dynamic_info_h 7 | 8 | struct dynamic_info { 9 | const char* kern_version; 10 | // struct fileglob 11 | u64 fileglob__fg_ops; 12 | u64 fileglob__fg_data; 13 | // struct fileops 14 | u64 fileops__fo_kqfilter; 15 | // struct fileproc 16 | // u64 fileproc__fp_iocount; 17 | // u64 fileproc__fp_vflags; 18 | // u64 fileproc__fp_flags; 19 | // u64 fileproc__fp_guard_attrs; 20 | // u64 fileproc__fp_glob; 21 | // u64 fileproc__fp_guard; 22 | // u64 fileproc__object_size; 23 | // struct fileproc_guard 24 | u64 fileproc_guard__fpg_guard; 25 | // struct kqworkloop 26 | u64 kqworkloop__kqwl_state; 27 | u64 kqworkloop__kqwl_p; 28 | u64 kqworkloop__kqwl_owner; 29 | u64 kqworkloop__kqwl_dynamicid; 30 | u64 kqworkloop__object_size; 31 | // struct pmap 32 | u64 pmap__tte; 33 | u64 pmap__ttep; 34 | // struct proc 35 | u64 proc__p_list__le_next; 36 | u64 proc__p_list__le_prev; 37 | u64 proc__p_pid; 38 | u64 proc__p_fd__fd_ofiles; 39 | u64 proc__object_size; 40 | // struct pseminfo 41 | u64 pseminfo__psem_usecount; 42 | u64 pseminfo__psem_uid; 43 | u64 pseminfo__psem_gid; 44 | u64 pseminfo__psem_name; 45 | u64 pseminfo__psem_semobject; 46 | // struct psemnode 47 | // u64 psemnode__pinfo; 48 | // u64 psemnode__padding; 49 | // u64 psemnode__object_size; 50 | // struct semaphore 51 | u64 semaphore__owner; 52 | // struct specinfo 53 | u64 specinfo__si_rdev; 54 | // struct task 55 | u64 task__map; 56 | u64 task__threads__next; 57 | u64 task__threads__prev; 58 | u64 task__itk_space; 59 | u64 task__object_size; 60 | // struct thread 61 | u64 thread__task_threads__next; 62 | u64 thread__task_threads__prev; 63 | u64 thread__map; 64 | u64 thread__thread_id; 65 | u64 thread__object_size; 66 | // struct uthread 67 | u64 uthread__object_size; 68 | // struct vm_map_entry 69 | u64 vm_map_entry__links__prev; 70 | u64 vm_map_entry__links__next; 71 | u64 vm_map_entry__links__start; 72 | u64 vm_map_entry__links__end; 73 | u64 vm_map_entry__store__entry__rbe_left; 74 | u64 vm_map_entry__store__entry__rbe_right; 75 | u64 vm_map_entry__store__entry__rbe_parent; 76 | // struct vnode 77 | u64 vnode__v_un__vu_specinfo; 78 | // struct _vm_map 79 | u64 _vm_map__hdr__links__prev; 80 | u64 _vm_map__hdr__links__next; 81 | u64 _vm_map__hdr__links__start; 82 | u64 _vm_map__hdr__links__end; 83 | u64 _vm_map__hdr__nentries; 84 | u64 _vm_map__hdr__rb_head_store__rbh_root; 85 | u64 _vm_map__pmap; 86 | u64 _vm_map__hint; 87 | u64 _vm_map__hole_hint; 88 | u64 _vm_map__holes_list; 89 | u64 _vm_map__object_size; 90 | // kernelcache static addresses 91 | u64 kernelcache__kernel_base; 92 | u64 kernelcache__cdevsw; 93 | u64 kernelcache__gPhysBase; 94 | u64 kernelcache__gPhysSize; 95 | u64 kernelcache__gVirtBase; 96 | u64 kernelcache__perfmon_devices; 97 | u64 kernelcache__perfmon_dev_open; 98 | u64 kernelcache__ptov_table; 99 | u64 kernelcache__vm_first_phys_ppnum; 100 | u64 kernelcache__vm_pages; 101 | u64 kernelcache__vm_page_array_beginning_addr; 102 | u64 kernelcache__vm_page_array_ending_addr; 103 | u64 kernelcache__vn_kqfilter; 104 | }; 105 | 106 | const struct dynamic_info kern_versions[] = { 107 | { 108 | .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", 109 | .fileglob__fg_ops = 0x28, 110 | .fileglob__fg_data = 0x40 - 8, 111 | .fileops__fo_kqfilter = 0x30, 112 | // .fileproc__fp_iocount = 0x0000, 113 | // .fileproc__fp_vflags = 0x0004, 114 | // .fileproc__fp_flags = 0x0008, 115 | // .fileproc__fp_guard_attrs = 0x000a, 116 | // .fileproc__fp_glob = 0x0010, 117 | // .fileproc__fp_guard = 0x0018, 118 | // .fileproc__object_size = 0x0020, 119 | .fileproc_guard__fpg_guard = 0x8, 120 | .kqworkloop__kqwl_state = 0x10, 121 | .kqworkloop__kqwl_p = 0x18, 122 | .kqworkloop__kqwl_owner = 0xd0, 123 | .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, 124 | .kqworkloop__object_size = 0x108, 125 | .pmap__tte = 0x0, 126 | .pmap__ttep = 0x8, 127 | .proc__p_list__le_next = 0x0, 128 | .proc__p_list__le_prev = 0x8, 129 | .proc__p_pid = 0x60, 130 | .proc__p_fd__fd_ofiles = 0xf8, 131 | .proc__object_size = 0x730, 132 | .pseminfo__psem_usecount = 0x04, 133 | .pseminfo__psem_uid = 0x0c, 134 | .pseminfo__psem_gid = 0x10, 135 | .pseminfo__psem_name = 0x14, 136 | .pseminfo__psem_semobject = 0x38, 137 | // .psemnode__pinfo = 0x0000, 138 | // .psemnode__padding = 0x0008, 139 | // .psemnode__object_size = 0x0010, 140 | .semaphore__owner = 0x28, 141 | .specinfo__si_rdev = 0x18, 142 | .task__map = 0x28, 143 | .task__threads__next = 0x80 - 0x28, 144 | .task__threads__prev = 0x80 - 0x28 + 8, 145 | .task__itk_space = 0x300, 146 | .task__object_size = 0x628, 147 | .thread__task_threads__next = 0x368 - 0x18, 148 | .thread__task_threads__prev = 0x368 - 0x18 + 8, 149 | .thread__map = 0x368, 150 | .thread__thread_id = 0x400, 151 | .thread__object_size = 0x4a8, 152 | .uthread__object_size = 0x200, 153 | .vm_map_entry__links__prev = 0x00, 154 | .vm_map_entry__links__next = 0x08, 155 | .vm_map_entry__links__start = 0x10, 156 | .vm_map_entry__links__end = 0x18, 157 | .vm_map_entry__store__entry__rbe_left = 0x20, 158 | .vm_map_entry__store__entry__rbe_right = 0x28, 159 | .vm_map_entry__store__entry__rbe_parent = 0x30, 160 | .vnode__v_un__vu_specinfo = 0x78, 161 | ._vm_map__hdr__links__prev = 0x00 + 0x8, 162 | ._vm_map__hdr__links__next = 0x08 + 0x8, 163 | ._vm_map__hdr__links__start = 0x10 + 0x8, 164 | ._vm_map__hdr__links__end = 0x18 + 0x8, 165 | ._vm_map__hdr__nentries = 0x30, 166 | ._vm_map__hdr__rb_head_store__rbh_root = 0x38, 167 | ._vm_map__pmap = 0x40, 168 | ._vm_map__hint = 0x90 + 0x08, 169 | ._vm_map__hole_hint = 0x90 + 0x10, 170 | ._vm_map__holes_list = 0x90 + 0x18, 171 | ._vm_map__object_size = 0xc0, 172 | .kernelcache__kernel_base = 0xfffffff007004000, 173 | .kernelcache__cdevsw = 0xfffffff00a2e9208, 174 | .kernelcache__gPhysBase = 0xfffffff0078f3fa0, 175 | .kernelcache__gPhysSize = 0xfffffff0078f3fa0 + 8, 176 | .kernelcache__gVirtBase = 0xfffffff0078f2178, 177 | .kernelcache__perfmon_devices = 0xfffffff00a327500, 178 | .kernelcache__perfmon_dev_open = 0xfffffff007ea5a88, 179 | .kernelcache__ptov_table = 0xfffffff0078a7160, 180 | .kernelcache__vm_first_phys_ppnum = 0xfffffff00a326990, 181 | .kernelcache__vm_pages = 0xfffffff0078a3ea8, 182 | .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078a6110, 183 | .kernelcache__vm_page_array_ending_addr = 0xfffffff00a326988, 184 | .kernelcache__vn_kqfilter = 0xfffffff007ef463c, 185 | }, 186 | }; 187 | 188 | #endif /* dynamic_info_h */ 189 | -------------------------------------------------------------------------------- /offsets/iPad11,4 16.5 20F66.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. 3 | */ 4 | 5 | #ifndef dynamic_info_h 6 | #define dynamic_info_h 7 | 8 | struct dynamic_info { 9 | const char* kern_version; 10 | // struct fileglob 11 | u64 fileglob__fg_ops; 12 | u64 fileglob__fg_data; 13 | // struct fileops 14 | u64 fileops__fo_kqfilter; 15 | // struct fileproc 16 | // u64 fileproc__fp_iocount; 17 | // u64 fileproc__fp_vflags; 18 | // u64 fileproc__fp_flags; 19 | // u64 fileproc__fp_guard_attrs; 20 | // u64 fileproc__fp_glob; 21 | // u64 fileproc__fp_guard; 22 | // u64 fileproc__object_size; 23 | // struct fileproc_guard 24 | u64 fileproc_guard__fpg_guard; 25 | // struct kqworkloop 26 | u64 kqworkloop__kqwl_state; 27 | u64 kqworkloop__kqwl_p; 28 | u64 kqworkloop__kqwl_owner; 29 | u64 kqworkloop__kqwl_dynamicid; 30 | u64 kqworkloop__object_size; 31 | // struct pmap 32 | u64 pmap__tte; 33 | u64 pmap__ttep; 34 | // struct proc 35 | u64 proc__p_list__le_next; 36 | u64 proc__p_list__le_prev; 37 | u64 proc__p_pid; 38 | u64 proc__p_fd__fd_ofiles; 39 | u64 proc__object_size; 40 | // struct pseminfo 41 | u64 pseminfo__psem_usecount; 42 | u64 pseminfo__psem_uid; 43 | u64 pseminfo__psem_gid; 44 | u64 pseminfo__psem_name; 45 | u64 pseminfo__psem_semobject; 46 | // struct psemnode 47 | // u64 psemnode__pinfo; 48 | // u64 psemnode__padding; 49 | // u64 psemnode__object_size; 50 | // struct semaphore 51 | u64 semaphore__owner; 52 | // struct specinfo 53 | u64 specinfo__si_rdev; 54 | // struct task 55 | u64 task__map; 56 | u64 task__threads__next; 57 | u64 task__threads__prev; 58 | u64 task__itk_space; 59 | u64 task__object_size; 60 | // struct thread 61 | u64 thread__task_threads__next; 62 | u64 thread__task_threads__prev; 63 | u64 thread__map; 64 | u64 thread__thread_id; 65 | u64 thread__object_size; 66 | // struct uthread 67 | u64 uthread__object_size; 68 | // struct vm_map_entry 69 | u64 vm_map_entry__links__prev; 70 | u64 vm_map_entry__links__next; 71 | u64 vm_map_entry__links__start; 72 | u64 vm_map_entry__links__end; 73 | u64 vm_map_entry__store__entry__rbe_left; 74 | u64 vm_map_entry__store__entry__rbe_right; 75 | u64 vm_map_entry__store__entry__rbe_parent; 76 | // struct vnode 77 | u64 vnode__v_un__vu_specinfo; 78 | // struct _vm_map 79 | u64 _vm_map__hdr__links__prev; 80 | u64 _vm_map__hdr__links__next; 81 | u64 _vm_map__hdr__links__start; 82 | u64 _vm_map__hdr__links__end; 83 | u64 _vm_map__hdr__nentries; 84 | u64 _vm_map__hdr__rb_head_store__rbh_root; 85 | u64 _vm_map__pmap; 86 | u64 _vm_map__hint; 87 | u64 _vm_map__hole_hint; 88 | u64 _vm_map__holes_list; 89 | u64 _vm_map__object_size; 90 | // kernelcache static addresses 91 | u64 kernelcache__kernel_base; 92 | u64 kernelcache__cdevsw; 93 | u64 kernelcache__gPhysBase; 94 | u64 kernelcache__gPhysSize; 95 | u64 kernelcache__gVirtBase; 96 | u64 kernelcache__perfmon_devices; 97 | u64 kernelcache__perfmon_dev_open; 98 | u64 kernelcache__ptov_table; 99 | u64 kernelcache__vm_first_phys_ppnum; 100 | u64 kernelcache__vm_pages; 101 | u64 kernelcache__vm_page_array_beginning_addr; 102 | u64 kernelcache__vm_page_array_ending_addr; 103 | u64 kernelcache__vn_kqfilter; 104 | }; 105 | 106 | const struct dynamic_info kern_versions[] = { 107 | { 108 | .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", 109 | .fileglob__fg_ops = 0x28, 110 | .fileglob__fg_data = 0x40 - 8, 111 | .fileops__fo_kqfilter = 0x30, 112 | // .fileproc__fp_iocount = 0x0000, 113 | // .fileproc__fp_vflags = 0x0004, 114 | // .fileproc__fp_flags = 0x0008, 115 | // .fileproc__fp_guard_attrs = 0x000a, 116 | // .fileproc__fp_glob = 0x0010, 117 | // .fileproc__fp_guard = 0x0018, 118 | // .fileproc__object_size = 0x0020, 119 | .fileproc_guard__fpg_guard = 0x8, 120 | .kqworkloop__kqwl_state = 0x10, 121 | .kqworkloop__kqwl_p = 0x18, 122 | .kqworkloop__kqwl_owner = 0xd0, 123 | .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, 124 | .kqworkloop__object_size = 0x108, 125 | .pmap__tte = 0x0, 126 | .pmap__ttep = 0x8, 127 | .proc__p_list__le_next = 0x0, 128 | .proc__p_list__le_prev = 0x8, 129 | .proc__p_pid = 0x60, 130 | .proc__p_fd__fd_ofiles = 0xf8, 131 | .proc__object_size = 0x730, 132 | .pseminfo__psem_usecount = 0x04, 133 | .pseminfo__psem_uid = 0x0c, 134 | .pseminfo__psem_gid = 0x10, 135 | .pseminfo__psem_name = 0x14, 136 | .pseminfo__psem_semobject = 0x38, 137 | // .psemnode__pinfo = 0x0000, 138 | // .psemnode__padding = 0x0008, 139 | // .psemnode__object_size = 0x0010, 140 | .semaphore__owner = 0x28, 141 | .specinfo__si_rdev = 0x18, 142 | .task__map = 0x28, 143 | .task__threads__next = 0x80 - 0x28, 144 | .task__threads__prev = 0x80 - 0x28 + 8, 145 | .task__itk_space = 0x300, 146 | .task__object_size = 0x628, 147 | .thread__task_threads__next = 0x368 - 0x18, 148 | .thread__task_threads__prev = 0x368 - 0x18 + 8, 149 | .thread__map = 0x368, 150 | .thread__thread_id = 0x400, 151 | .thread__object_size = 0x4a8, 152 | .uthread__object_size = 0x200, 153 | .vm_map_entry__links__prev = 0x00, 154 | .vm_map_entry__links__next = 0x08, 155 | .vm_map_entry__links__start = 0x10, 156 | .vm_map_entry__links__end = 0x18, 157 | .vm_map_entry__store__entry__rbe_left = 0x20, 158 | .vm_map_entry__store__entry__rbe_right = 0x28, 159 | .vm_map_entry__store__entry__rbe_parent = 0x30, 160 | .vnode__v_un__vu_specinfo = 0x78, 161 | ._vm_map__hdr__links__prev = 0x00 + 0x8, 162 | ._vm_map__hdr__links__next = 0x08 + 0x8, 163 | ._vm_map__hdr__links__start = 0x10 + 0x8, 164 | ._vm_map__hdr__links__end = 0x18 + 0x8, 165 | ._vm_map__hdr__nentries = 0x30, 166 | ._vm_map__hdr__rb_head_store__rbh_root = 0x38, 167 | ._vm_map__pmap = 0x40, 168 | ._vm_map__hint = 0x90 + 0x08, 169 | ._vm_map__hole_hint = 0x90 + 0x10, 170 | ._vm_map__holes_list = 0x90 + 0x18, 171 | ._vm_map__object_size = 0xc0, 172 | .kernelcache__kernel_base = 0xfffffff007004000, 173 | .kernelcache__cdevsw = 0xfffffff00a2f1288, 174 | .kernelcache__gPhysBase = 0xfffffff0078f80e0, 175 | .kernelcache__gPhysSize = 0xfffffff0078f80e0 + 8, 176 | .kernelcache__gVirtBase = 0xfffffff0078f62b8, 177 | .kernelcache__perfmon_devices = 0xfffffff00a32f500, 178 | .kernelcache__perfmon_dev_open = 0xfffffff007ea9c8c, 179 | .kernelcache__ptov_table = 0xfffffff0078ab160, 180 | .kernelcache__vm_first_phys_ppnum = 0xfffffff00a32e990, 181 | .kernelcache__vm_pages = 0xfffffff0078a7ea8, 182 | .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078aa110, 183 | .kernelcache__vm_page_array_ending_addr = 0xfffffff00a32e988, 184 | .kernelcache__vn_kqfilter = 0xfffffff007ef8ad8, 185 | }, 186 | }; 187 | 188 | #endif /* dynamic_info_h */ 189 | -------------------------------------------------------------------------------- /offsets/iPad11,6 16.4 20E246.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. 3 | */ 4 | 5 | #ifndef dynamic_info_h 6 | #define dynamic_info_h 7 | 8 | struct dynamic_info { 9 | const char* kern_version; 10 | // struct fileglob 11 | u64 fileglob__fg_ops; 12 | u64 fileglob__fg_data; 13 | // struct fileops 14 | u64 fileops__fo_kqfilter; 15 | // struct fileproc 16 | // u64 fileproc__fp_iocount; 17 | // u64 fileproc__fp_vflags; 18 | // u64 fileproc__fp_flags; 19 | // u64 fileproc__fp_guard_attrs; 20 | // u64 fileproc__fp_glob; 21 | // u64 fileproc__fp_guard; 22 | // u64 fileproc__object_size; 23 | // struct fileproc_guard 24 | u64 fileproc_guard__fpg_guard; 25 | // struct kqworkloop 26 | u64 kqworkloop__kqwl_state; 27 | u64 kqworkloop__kqwl_p; 28 | u64 kqworkloop__kqwl_owner; 29 | u64 kqworkloop__kqwl_dynamicid; 30 | u64 kqworkloop__object_size; 31 | // struct pmap 32 | u64 pmap__tte; 33 | u64 pmap__ttep; 34 | // struct proc 35 | u64 proc__p_list__le_next; 36 | u64 proc__p_list__le_prev; 37 | u64 proc__p_pid; 38 | u64 proc__p_fd__fd_ofiles; 39 | u64 proc__object_size; 40 | // struct pseminfo 41 | u64 pseminfo__psem_usecount; 42 | u64 pseminfo__psem_uid; 43 | u64 pseminfo__psem_gid; 44 | u64 pseminfo__psem_name; 45 | u64 pseminfo__psem_semobject; 46 | // struct psemnode 47 | // u64 psemnode__pinfo; 48 | // u64 psemnode__padding; 49 | // u64 psemnode__object_size; 50 | // struct semaphore 51 | u64 semaphore__owner; 52 | // struct specinfo 53 | u64 specinfo__si_rdev; 54 | // struct task 55 | u64 task__map; 56 | u64 task__threads__next; 57 | u64 task__threads__prev; 58 | u64 task__itk_space; 59 | u64 task__object_size; 60 | // struct thread 61 | u64 thread__task_threads__next; 62 | u64 thread__task_threads__prev; 63 | u64 thread__map; 64 | u64 thread__thread_id; 65 | u64 thread__object_size; 66 | // struct uthread 67 | u64 uthread__object_size; 68 | // struct vm_map_entry 69 | u64 vm_map_entry__links__prev; 70 | u64 vm_map_entry__links__next; 71 | u64 vm_map_entry__links__start; 72 | u64 vm_map_entry__links__end; 73 | u64 vm_map_entry__store__entry__rbe_left; 74 | u64 vm_map_entry__store__entry__rbe_right; 75 | u64 vm_map_entry__store__entry__rbe_parent; 76 | // struct vnode 77 | u64 vnode__v_un__vu_specinfo; 78 | // struct _vm_map 79 | u64 _vm_map__hdr__links__prev; 80 | u64 _vm_map__hdr__links__next; 81 | u64 _vm_map__hdr__links__start; 82 | u64 _vm_map__hdr__links__end; 83 | u64 _vm_map__hdr__nentries; 84 | u64 _vm_map__hdr__rb_head_store__rbh_root; 85 | u64 _vm_map__pmap; 86 | u64 _vm_map__hint; 87 | u64 _vm_map__hole_hint; 88 | u64 _vm_map__holes_list; 89 | u64 _vm_map__object_size; 90 | // kernelcache static addresses 91 | u64 kernelcache__kernel_base; 92 | u64 kernelcache__cdevsw; 93 | u64 kernelcache__gPhysBase; 94 | u64 kernelcache__gPhysSize; 95 | u64 kernelcache__gVirtBase; 96 | u64 kernelcache__perfmon_devices; 97 | u64 kernelcache__perfmon_dev_open; 98 | u64 kernelcache__ptov_table; 99 | u64 kernelcache__vm_first_phys_ppnum; 100 | u64 kernelcache__vm_pages; 101 | u64 kernelcache__vm_page_array_beginning_addr; 102 | u64 kernelcache__vm_page_array_ending_addr; 103 | u64 kernelcache__vn_kqfilter; 104 | }; 105 | 106 | const struct dynamic_info kern_versions[] = { 107 | { 108 | .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", 109 | .fileglob__fg_ops = 0x28, 110 | .fileglob__fg_data = 0x40 - 8, 111 | .fileops__fo_kqfilter = 0x30, 112 | // .fileproc__fp_iocount = 0x0000, 113 | // .fileproc__fp_vflags = 0x0004, 114 | // .fileproc__fp_flags = 0x0008, 115 | // .fileproc__fp_guard_attrs = 0x000a, 116 | // .fileproc__fp_glob = 0x0010, 117 | // .fileproc__fp_guard = 0x0018, 118 | // .fileproc__object_size = 0x0020, 119 | .fileproc_guard__fpg_guard = 0x8, 120 | .kqworkloop__kqwl_state = 0x10, 121 | .kqworkloop__kqwl_p = 0x18, 122 | .kqworkloop__kqwl_owner = 0xd0, 123 | .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, 124 | .kqworkloop__object_size = 0x108, 125 | .pmap__tte = 0x0, 126 | .pmap__ttep = 0x8, 127 | .proc__p_list__le_next = 0x0, 128 | .proc__p_list__le_prev = 0x8, 129 | .proc__p_pid = 0x60, 130 | .proc__p_fd__fd_ofiles = 0xf8, 131 | .proc__object_size = 0x730, 132 | .pseminfo__psem_usecount = 0x04, 133 | .pseminfo__psem_uid = 0x0c, 134 | .pseminfo__psem_gid = 0x10, 135 | .pseminfo__psem_name = 0x14, 136 | .pseminfo__psem_semobject = 0x38, 137 | // .psemnode__pinfo = 0x0000, 138 | // .psemnode__padding = 0x0008, 139 | // .psemnode__object_size = 0x0010, 140 | .semaphore__owner = 0x28, 141 | .specinfo__si_rdev = 0x18, 142 | .task__map = 0x28, 143 | .task__threads__next = 0x80 - 0x28, 144 | .task__threads__prev = 0x80 - 0x28 + 8, 145 | .task__itk_space = 0x300, 146 | .task__object_size = 0x628, 147 | .thread__task_threads__next = 0x368 - 0x18, 148 | .thread__task_threads__prev = 0x368 - 0x18 + 8, 149 | .thread__map = 0x368, 150 | .thread__thread_id = 0x400, 151 | .thread__object_size = 0x4a8, 152 | .uthread__object_size = 0x200, 153 | .vm_map_entry__links__prev = 0x00, 154 | .vm_map_entry__links__next = 0x08, 155 | .vm_map_entry__links__start = 0x10, 156 | .vm_map_entry__links__end = 0x18, 157 | .vm_map_entry__store__entry__rbe_left = 0x20, 158 | .vm_map_entry__store__entry__rbe_right = 0x28, 159 | .vm_map_entry__store__entry__rbe_parent = 0x30, 160 | .vnode__v_un__vu_specinfo = 0x78, 161 | ._vm_map__hdr__links__prev = 0x00 + 0x8, 162 | ._vm_map__hdr__links__next = 0x08 + 0x8, 163 | ._vm_map__hdr__links__start = 0x10 + 0x8, 164 | ._vm_map__hdr__links__end = 0x18 + 0x8, 165 | ._vm_map__hdr__nentries = 0x30, 166 | ._vm_map__hdr__rb_head_store__rbh_root = 0x38, 167 | ._vm_map__pmap = 0x40, 168 | ._vm_map__hint = 0x90 + 0x08, 169 | ._vm_map__hole_hint = 0x90 + 0x10, 170 | ._vm_map__holes_list = 0x90 + 0x18, 171 | ._vm_map__object_size = 0xc0, 172 | .kernelcache__kernel_base = 0xfffffff007004000, 173 | .kernelcache__cdevsw = 0xfffffff00a19d208, 174 | .kernelcache__gPhysBase = 0xfffffff0078c3fa0, 175 | .kernelcache__gPhysSize = 0xfffffff0078c3fa0 + 8, 176 | .kernelcache__gVirtBase = 0xfffffff0078c2178, 177 | .kernelcache__perfmon_devices = 0xfffffff00a1db500, 178 | .kernelcache__perfmon_dev_open = 0xfffffff007e55a88, 179 | .kernelcache__ptov_table = 0xfffffff007877160, 180 | .kernelcache__vm_first_phys_ppnum = 0xfffffff00a1da990, 181 | .kernelcache__vm_pages = 0xfffffff007873ea8, 182 | .kernelcache__vm_page_array_beginning_addr = 0xfffffff007876110, 183 | .kernelcache__vm_page_array_ending_addr = 0xfffffff00a1da988, 184 | .kernelcache__vn_kqfilter = 0xfffffff007ea463c, 185 | }, 186 | }; 187 | 188 | #endif /* dynamic_info_h */ 189 | -------------------------------------------------------------------------------- /offsets/iPad11,6 16.4.1 20E252.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. 3 | */ 4 | 5 | #ifndef dynamic_info_h 6 | #define dynamic_info_h 7 | 8 | struct dynamic_info { 9 | const char* kern_version; 10 | // struct fileglob 11 | u64 fileglob__fg_ops; 12 | u64 fileglob__fg_data; 13 | // struct fileops 14 | u64 fileops__fo_kqfilter; 15 | // struct fileproc 16 | // u64 fileproc__fp_iocount; 17 | // u64 fileproc__fp_vflags; 18 | // u64 fileproc__fp_flags; 19 | // u64 fileproc__fp_guard_attrs; 20 | // u64 fileproc__fp_glob; 21 | // u64 fileproc__fp_guard; 22 | // u64 fileproc__object_size; 23 | // struct fileproc_guard 24 | u64 fileproc_guard__fpg_guard; 25 | // struct kqworkloop 26 | u64 kqworkloop__kqwl_state; 27 | u64 kqworkloop__kqwl_p; 28 | u64 kqworkloop__kqwl_owner; 29 | u64 kqworkloop__kqwl_dynamicid; 30 | u64 kqworkloop__object_size; 31 | // struct pmap 32 | u64 pmap__tte; 33 | u64 pmap__ttep; 34 | // struct proc 35 | u64 proc__p_list__le_next; 36 | u64 proc__p_list__le_prev; 37 | u64 proc__p_pid; 38 | u64 proc__p_fd__fd_ofiles; 39 | u64 proc__object_size; 40 | // struct pseminfo 41 | u64 pseminfo__psem_usecount; 42 | u64 pseminfo__psem_uid; 43 | u64 pseminfo__psem_gid; 44 | u64 pseminfo__psem_name; 45 | u64 pseminfo__psem_semobject; 46 | // struct psemnode 47 | // u64 psemnode__pinfo; 48 | // u64 psemnode__padding; 49 | // u64 psemnode__object_size; 50 | // struct semaphore 51 | u64 semaphore__owner; 52 | // struct specinfo 53 | u64 specinfo__si_rdev; 54 | // struct task 55 | u64 task__map; 56 | u64 task__threads__next; 57 | u64 task__threads__prev; 58 | u64 task__itk_space; 59 | u64 task__object_size; 60 | // struct thread 61 | u64 thread__task_threads__next; 62 | u64 thread__task_threads__prev; 63 | u64 thread__map; 64 | u64 thread__thread_id; 65 | u64 thread__object_size; 66 | // struct uthread 67 | u64 uthread__object_size; 68 | // struct vm_map_entry 69 | u64 vm_map_entry__links__prev; 70 | u64 vm_map_entry__links__next; 71 | u64 vm_map_entry__links__start; 72 | u64 vm_map_entry__links__end; 73 | u64 vm_map_entry__store__entry__rbe_left; 74 | u64 vm_map_entry__store__entry__rbe_right; 75 | u64 vm_map_entry__store__entry__rbe_parent; 76 | // struct vnode 77 | u64 vnode__v_un__vu_specinfo; 78 | // struct _vm_map 79 | u64 _vm_map__hdr__links__prev; 80 | u64 _vm_map__hdr__links__next; 81 | u64 _vm_map__hdr__links__start; 82 | u64 _vm_map__hdr__links__end; 83 | u64 _vm_map__hdr__nentries; 84 | u64 _vm_map__hdr__rb_head_store__rbh_root; 85 | u64 _vm_map__pmap; 86 | u64 _vm_map__hint; 87 | u64 _vm_map__hole_hint; 88 | u64 _vm_map__holes_list; 89 | u64 _vm_map__object_size; 90 | // kernelcache static addresses 91 | u64 kernelcache__kernel_base; 92 | u64 kernelcache__cdevsw; 93 | u64 kernelcache__gPhysBase; 94 | u64 kernelcache__gPhysSize; 95 | u64 kernelcache__gVirtBase; 96 | u64 kernelcache__perfmon_devices; 97 | u64 kernelcache__perfmon_dev_open; 98 | u64 kernelcache__ptov_table; 99 | u64 kernelcache__vm_first_phys_ppnum; 100 | u64 kernelcache__vm_pages; 101 | u64 kernelcache__vm_page_array_beginning_addr; 102 | u64 kernelcache__vm_page_array_ending_addr; 103 | u64 kernelcache__vn_kqfilter; 104 | }; 105 | 106 | const struct dynamic_info kern_versions[] = { 107 | { 108 | .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", 109 | .fileglob__fg_ops = 0x28, 110 | .fileglob__fg_data = 0x40 - 8, 111 | .fileops__fo_kqfilter = 0x30, 112 | // .fileproc__fp_iocount = 0x0000, 113 | // .fileproc__fp_vflags = 0x0004, 114 | // .fileproc__fp_flags = 0x0008, 115 | // .fileproc__fp_guard_attrs = 0x000a, 116 | // .fileproc__fp_glob = 0x0010, 117 | // .fileproc__fp_guard = 0x0018, 118 | // .fileproc__object_size = 0x0020, 119 | .fileproc_guard__fpg_guard = 0x8, 120 | .kqworkloop__kqwl_state = 0x10, 121 | .kqworkloop__kqwl_p = 0x18, 122 | .kqworkloop__kqwl_owner = 0xd0, 123 | .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, 124 | .kqworkloop__object_size = 0x108, 125 | .pmap__tte = 0x0, 126 | .pmap__ttep = 0x8, 127 | .proc__p_list__le_next = 0x0, 128 | .proc__p_list__le_prev = 0x8, 129 | .proc__p_pid = 0x60, 130 | .proc__p_fd__fd_ofiles = 0xf8, 131 | .proc__object_size = 0x730, 132 | .pseminfo__psem_usecount = 0x04, 133 | .pseminfo__psem_uid = 0x0c, 134 | .pseminfo__psem_gid = 0x10, 135 | .pseminfo__psem_name = 0x14, 136 | .pseminfo__psem_semobject = 0x38, 137 | // .psemnode__pinfo = 0x0000, 138 | // .psemnode__padding = 0x0008, 139 | // .psemnode__object_size = 0x0010, 140 | .semaphore__owner = 0x28, 141 | .specinfo__si_rdev = 0x18, 142 | .task__map = 0x28, 143 | .task__threads__next = 0x80 - 0x28, 144 | .task__threads__prev = 0x80 - 0x28 + 8, 145 | .task__itk_space = 0x300, 146 | .task__object_size = 0x628, 147 | .thread__task_threads__next = 0x368 - 0x18, 148 | .thread__task_threads__prev = 0x368 - 0x18 + 8, 149 | .thread__map = 0x368, 150 | .thread__thread_id = 0x400, 151 | .thread__object_size = 0x4a8, 152 | .uthread__object_size = 0x200, 153 | .vm_map_entry__links__prev = 0x00, 154 | .vm_map_entry__links__next = 0x08, 155 | .vm_map_entry__links__start = 0x10, 156 | .vm_map_entry__links__end = 0x18, 157 | .vm_map_entry__store__entry__rbe_left = 0x20, 158 | .vm_map_entry__store__entry__rbe_right = 0x28, 159 | .vm_map_entry__store__entry__rbe_parent = 0x30, 160 | .vnode__v_un__vu_specinfo = 0x78, 161 | ._vm_map__hdr__links__prev = 0x00 + 0x8, 162 | ._vm_map__hdr__links__next = 0x08 + 0x8, 163 | ._vm_map__hdr__links__start = 0x10 + 0x8, 164 | ._vm_map__hdr__links__end = 0x18 + 0x8, 165 | ._vm_map__hdr__nentries = 0x30, 166 | ._vm_map__hdr__rb_head_store__rbh_root = 0x38, 167 | ._vm_map__pmap = 0x40, 168 | ._vm_map__hint = 0x90 + 0x08, 169 | ._vm_map__hole_hint = 0x90 + 0x10, 170 | ._vm_map__holes_list = 0x90 + 0x18, 171 | ._vm_map__object_size = 0xc0, 172 | .kernelcache__kernel_base = 0xfffffff007004000, 173 | .kernelcache__cdevsw = 0xfffffff00a19d208, 174 | .kernelcache__gPhysBase = 0xfffffff0078c3fa0, 175 | .kernelcache__gPhysSize = 0xfffffff0078c3fa0 + 8, 176 | .kernelcache__gVirtBase = 0xfffffff0078c2178, 177 | .kernelcache__perfmon_devices = 0xfffffff00a1db500, 178 | .kernelcache__perfmon_dev_open = 0xfffffff007e55a88, 179 | .kernelcache__ptov_table = 0xfffffff007877160, 180 | .kernelcache__vm_first_phys_ppnum = 0xfffffff00a1da990, 181 | .kernelcache__vm_pages = 0xfffffff007873ea8, 182 | .kernelcache__vm_page_array_beginning_addr = 0xfffffff007876110, 183 | .kernelcache__vm_page_array_ending_addr = 0xfffffff00a1da988, 184 | .kernelcache__vn_kqfilter = 0xfffffff007ea463c, 185 | }, 186 | }; 187 | 188 | #endif /* dynamic_info_h */ 189 | -------------------------------------------------------------------------------- /offsets/iPad11,6 16.5 20F66.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. 3 | */ 4 | 5 | #ifndef dynamic_info_h 6 | #define dynamic_info_h 7 | 8 | struct dynamic_info { 9 | const char* kern_version; 10 | // struct fileglob 11 | u64 fileglob__fg_ops; 12 | u64 fileglob__fg_data; 13 | // struct fileops 14 | u64 fileops__fo_kqfilter; 15 | // struct fileproc 16 | // u64 fileproc__fp_iocount; 17 | // u64 fileproc__fp_vflags; 18 | // u64 fileproc__fp_flags; 19 | // u64 fileproc__fp_guard_attrs; 20 | // u64 fileproc__fp_glob; 21 | // u64 fileproc__fp_guard; 22 | // u64 fileproc__object_size; 23 | // struct fileproc_guard 24 | u64 fileproc_guard__fpg_guard; 25 | // struct kqworkloop 26 | u64 kqworkloop__kqwl_state; 27 | u64 kqworkloop__kqwl_p; 28 | u64 kqworkloop__kqwl_owner; 29 | u64 kqworkloop__kqwl_dynamicid; 30 | u64 kqworkloop__object_size; 31 | // struct pmap 32 | u64 pmap__tte; 33 | u64 pmap__ttep; 34 | // struct proc 35 | u64 proc__p_list__le_next; 36 | u64 proc__p_list__le_prev; 37 | u64 proc__p_pid; 38 | u64 proc__p_fd__fd_ofiles; 39 | u64 proc__object_size; 40 | // struct pseminfo 41 | u64 pseminfo__psem_usecount; 42 | u64 pseminfo__psem_uid; 43 | u64 pseminfo__psem_gid; 44 | u64 pseminfo__psem_name; 45 | u64 pseminfo__psem_semobject; 46 | // struct psemnode 47 | // u64 psemnode__pinfo; 48 | // u64 psemnode__padding; 49 | // u64 psemnode__object_size; 50 | // struct semaphore 51 | u64 semaphore__owner; 52 | // struct specinfo 53 | u64 specinfo__si_rdev; 54 | // struct task 55 | u64 task__map; 56 | u64 task__threads__next; 57 | u64 task__threads__prev; 58 | u64 task__itk_space; 59 | u64 task__object_size; 60 | // struct thread 61 | u64 thread__task_threads__next; 62 | u64 thread__task_threads__prev; 63 | u64 thread__map; 64 | u64 thread__thread_id; 65 | u64 thread__object_size; 66 | // struct uthread 67 | u64 uthread__object_size; 68 | // struct vm_map_entry 69 | u64 vm_map_entry__links__prev; 70 | u64 vm_map_entry__links__next; 71 | u64 vm_map_entry__links__start; 72 | u64 vm_map_entry__links__end; 73 | u64 vm_map_entry__store__entry__rbe_left; 74 | u64 vm_map_entry__store__entry__rbe_right; 75 | u64 vm_map_entry__store__entry__rbe_parent; 76 | // struct vnode 77 | u64 vnode__v_un__vu_specinfo; 78 | // struct _vm_map 79 | u64 _vm_map__hdr__links__prev; 80 | u64 _vm_map__hdr__links__next; 81 | u64 _vm_map__hdr__links__start; 82 | u64 _vm_map__hdr__links__end; 83 | u64 _vm_map__hdr__nentries; 84 | u64 _vm_map__hdr__rb_head_store__rbh_root; 85 | u64 _vm_map__pmap; 86 | u64 _vm_map__hint; 87 | u64 _vm_map__hole_hint; 88 | u64 _vm_map__holes_list; 89 | u64 _vm_map__object_size; 90 | // kernelcache static addresses 91 | u64 kernelcache__kernel_base; 92 | u64 kernelcache__cdevsw; 93 | u64 kernelcache__gPhysBase; 94 | u64 kernelcache__gPhysSize; 95 | u64 kernelcache__gVirtBase; 96 | u64 kernelcache__perfmon_devices; 97 | u64 kernelcache__perfmon_dev_open; 98 | u64 kernelcache__ptov_table; 99 | u64 kernelcache__vm_first_phys_ppnum; 100 | u64 kernelcache__vm_pages; 101 | u64 kernelcache__vm_page_array_beginning_addr; 102 | u64 kernelcache__vm_page_array_ending_addr; 103 | u64 kernelcache__vn_kqfilter; 104 | }; 105 | 106 | const struct dynamic_info kern_versions[] = { 107 | { 108 | .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", 109 | .fileglob__fg_ops = 0x28, 110 | .fileglob__fg_data = 0x40 - 8, 111 | .fileops__fo_kqfilter = 0x30, 112 | // .fileproc__fp_iocount = 0x0000, 113 | // .fileproc__fp_vflags = 0x0004, 114 | // .fileproc__fp_flags = 0x0008, 115 | // .fileproc__fp_guard_attrs = 0x000a, 116 | // .fileproc__fp_glob = 0x0010, 117 | // .fileproc__fp_guard = 0x0018, 118 | // .fileproc__object_size = 0x0020, 119 | .fileproc_guard__fpg_guard = 0x8, 120 | .kqworkloop__kqwl_state = 0x10, 121 | .kqworkloop__kqwl_p = 0x18, 122 | .kqworkloop__kqwl_owner = 0xd0, 123 | .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, 124 | .kqworkloop__object_size = 0x108, 125 | .pmap__tte = 0x0, 126 | .pmap__ttep = 0x8, 127 | .proc__p_list__le_next = 0x0, 128 | .proc__p_list__le_prev = 0x8, 129 | .proc__p_pid = 0x60, 130 | .proc__p_fd__fd_ofiles = 0xf8, 131 | .proc__object_size = 0x730, 132 | .pseminfo__psem_usecount = 0x04, 133 | .pseminfo__psem_uid = 0x0c, 134 | .pseminfo__psem_gid = 0x10, 135 | .pseminfo__psem_name = 0x14, 136 | .pseminfo__psem_semobject = 0x38, 137 | // .psemnode__pinfo = 0x0000, 138 | // .psemnode__padding = 0x0008, 139 | // .psemnode__object_size = 0x0010, 140 | .semaphore__owner = 0x28, 141 | .specinfo__si_rdev = 0x18, 142 | .task__map = 0x28, 143 | .task__threads__next = 0x80 - 0x28, 144 | .task__threads__prev = 0x80 - 0x28 + 8, 145 | .task__itk_space = 0x300, 146 | .task__object_size = 0x628, 147 | .thread__task_threads__next = 0x368 - 0x18, 148 | .thread__task_threads__prev = 0x368 - 0x18 + 8, 149 | .thread__map = 0x368, 150 | .thread__thread_id = 0x400, 151 | .thread__object_size = 0x4a8, 152 | .uthread__object_size = 0x200, 153 | .vm_map_entry__links__prev = 0x00, 154 | .vm_map_entry__links__next = 0x08, 155 | .vm_map_entry__links__start = 0x10, 156 | .vm_map_entry__links__end = 0x18, 157 | .vm_map_entry__store__entry__rbe_left = 0x20, 158 | .vm_map_entry__store__entry__rbe_right = 0x28, 159 | .vm_map_entry__store__entry__rbe_parent = 0x30, 160 | .vnode__v_un__vu_specinfo = 0x78, 161 | ._vm_map__hdr__links__prev = 0x00 + 0x8, 162 | ._vm_map__hdr__links__next = 0x08 + 0x8, 163 | ._vm_map__hdr__links__start = 0x10 + 0x8, 164 | ._vm_map__hdr__links__end = 0x18 + 0x8, 165 | ._vm_map__hdr__nentries = 0x30, 166 | ._vm_map__hdr__rb_head_store__rbh_root = 0x38, 167 | ._vm_map__pmap = 0x40, 168 | ._vm_map__hint = 0x90 + 0x08, 169 | ._vm_map__hole_hint = 0x90 + 0x10, 170 | ._vm_map__holes_list = 0x90 + 0x18, 171 | ._vm_map__object_size = 0xc0, 172 | .kernelcache__kernel_base = 0xfffffff007004000, 173 | .kernelcache__cdevsw = 0xfffffff00a1a5288, 174 | .kernelcache__gPhysBase = 0xfffffff0078c80e0, 175 | .kernelcache__gPhysSize = 0xfffffff0078c80e0 + 8, 176 | .kernelcache__gVirtBase = 0xfffffff0078c62b8, 177 | .kernelcache__perfmon_devices = 0xfffffff00a1e3500, 178 | .kernelcache__perfmon_dev_open = 0xfffffff007e59c8c, 179 | .kernelcache__ptov_table = 0xfffffff00787b160, 180 | .kernelcache__vm_first_phys_ppnum = 0xfffffff00a1e2990, 181 | .kernelcache__vm_pages = 0xfffffff007877ea8, 182 | .kernelcache__vm_page_array_beginning_addr = 0xfffffff00787a110, 183 | .kernelcache__vm_page_array_ending_addr = 0xfffffff00a1e2988, 184 | .kernelcache__vn_kqfilter = 0xfffffff007ea8ad8, 185 | }, 186 | }; 187 | 188 | #endif /* dynamic_info_h */ 189 | -------------------------------------------------------------------------------- /offsets/iPad11,7 16.4 20E246.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. 3 | */ 4 | 5 | #ifndef dynamic_info_h 6 | #define dynamic_info_h 7 | 8 | struct dynamic_info { 9 | const char* kern_version; 10 | // struct fileglob 11 | u64 fileglob__fg_ops; 12 | u64 fileglob__fg_data; 13 | // struct fileops 14 | u64 fileops__fo_kqfilter; 15 | // struct fileproc 16 | // u64 fileproc__fp_iocount; 17 | // u64 fileproc__fp_vflags; 18 | // u64 fileproc__fp_flags; 19 | // u64 fileproc__fp_guard_attrs; 20 | // u64 fileproc__fp_glob; 21 | // u64 fileproc__fp_guard; 22 | // u64 fileproc__object_size; 23 | // struct fileproc_guard 24 | u64 fileproc_guard__fpg_guard; 25 | // struct kqworkloop 26 | u64 kqworkloop__kqwl_state; 27 | u64 kqworkloop__kqwl_p; 28 | u64 kqworkloop__kqwl_owner; 29 | u64 kqworkloop__kqwl_dynamicid; 30 | u64 kqworkloop__object_size; 31 | // struct pmap 32 | u64 pmap__tte; 33 | u64 pmap__ttep; 34 | // struct proc 35 | u64 proc__p_list__le_next; 36 | u64 proc__p_list__le_prev; 37 | u64 proc__p_pid; 38 | u64 proc__p_fd__fd_ofiles; 39 | u64 proc__object_size; 40 | // struct pseminfo 41 | u64 pseminfo__psem_usecount; 42 | u64 pseminfo__psem_uid; 43 | u64 pseminfo__psem_gid; 44 | u64 pseminfo__psem_name; 45 | u64 pseminfo__psem_semobject; 46 | // struct psemnode 47 | // u64 psemnode__pinfo; 48 | // u64 psemnode__padding; 49 | // u64 psemnode__object_size; 50 | // struct semaphore 51 | u64 semaphore__owner; 52 | // struct specinfo 53 | u64 specinfo__si_rdev; 54 | // struct task 55 | u64 task__map; 56 | u64 task__threads__next; 57 | u64 task__threads__prev; 58 | u64 task__itk_space; 59 | u64 task__object_size; 60 | // struct thread 61 | u64 thread__task_threads__next; 62 | u64 thread__task_threads__prev; 63 | u64 thread__map; 64 | u64 thread__thread_id; 65 | u64 thread__object_size; 66 | // struct uthread 67 | u64 uthread__object_size; 68 | // struct vm_map_entry 69 | u64 vm_map_entry__links__prev; 70 | u64 vm_map_entry__links__next; 71 | u64 vm_map_entry__links__start; 72 | u64 vm_map_entry__links__end; 73 | u64 vm_map_entry__store__entry__rbe_left; 74 | u64 vm_map_entry__store__entry__rbe_right; 75 | u64 vm_map_entry__store__entry__rbe_parent; 76 | // struct vnode 77 | u64 vnode__v_un__vu_specinfo; 78 | // struct _vm_map 79 | u64 _vm_map__hdr__links__prev; 80 | u64 _vm_map__hdr__links__next; 81 | u64 _vm_map__hdr__links__start; 82 | u64 _vm_map__hdr__links__end; 83 | u64 _vm_map__hdr__nentries; 84 | u64 _vm_map__hdr__rb_head_store__rbh_root; 85 | u64 _vm_map__pmap; 86 | u64 _vm_map__hint; 87 | u64 _vm_map__hole_hint; 88 | u64 _vm_map__holes_list; 89 | u64 _vm_map__object_size; 90 | // kernelcache static addresses 91 | u64 kernelcache__kernel_base; 92 | u64 kernelcache__cdevsw; 93 | u64 kernelcache__gPhysBase; 94 | u64 kernelcache__gPhysSize; 95 | u64 kernelcache__gVirtBase; 96 | u64 kernelcache__perfmon_devices; 97 | u64 kernelcache__perfmon_dev_open; 98 | u64 kernelcache__ptov_table; 99 | u64 kernelcache__vm_first_phys_ppnum; 100 | u64 kernelcache__vm_pages; 101 | u64 kernelcache__vm_page_array_beginning_addr; 102 | u64 kernelcache__vm_page_array_ending_addr; 103 | u64 kernelcache__vn_kqfilter; 104 | }; 105 | 106 | const struct dynamic_info kern_versions[] = { 107 | { 108 | .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", 109 | .fileglob__fg_ops = 0x28, 110 | .fileglob__fg_data = 0x40 - 8, 111 | .fileops__fo_kqfilter = 0x30, 112 | // .fileproc__fp_iocount = 0x0000, 113 | // .fileproc__fp_vflags = 0x0004, 114 | // .fileproc__fp_flags = 0x0008, 115 | // .fileproc__fp_guard_attrs = 0x000a, 116 | // .fileproc__fp_glob = 0x0010, 117 | // .fileproc__fp_guard = 0x0018, 118 | // .fileproc__object_size = 0x0020, 119 | .fileproc_guard__fpg_guard = 0x8, 120 | .kqworkloop__kqwl_state = 0x10, 121 | .kqworkloop__kqwl_p = 0x18, 122 | .kqworkloop__kqwl_owner = 0xd0, 123 | .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, 124 | .kqworkloop__object_size = 0x108, 125 | .pmap__tte = 0x0, 126 | .pmap__ttep = 0x8, 127 | .proc__p_list__le_next = 0x0, 128 | .proc__p_list__le_prev = 0x8, 129 | .proc__p_pid = 0x60, 130 | .proc__p_fd__fd_ofiles = 0xf8, 131 | .proc__object_size = 0x730, 132 | .pseminfo__psem_usecount = 0x04, 133 | .pseminfo__psem_uid = 0x0c, 134 | .pseminfo__psem_gid = 0x10, 135 | .pseminfo__psem_name = 0x14, 136 | .pseminfo__psem_semobject = 0x38, 137 | // .psemnode__pinfo = 0x0000, 138 | // .psemnode__padding = 0x0008, 139 | // .psemnode__object_size = 0x0010, 140 | .semaphore__owner = 0x28, 141 | .specinfo__si_rdev = 0x18, 142 | .task__map = 0x28, 143 | .task__threads__next = 0x80 - 0x28, 144 | .task__threads__prev = 0x80 - 0x28 + 8, 145 | .task__itk_space = 0x300, 146 | .task__object_size = 0x628, 147 | .thread__task_threads__next = 0x368 - 0x18, 148 | .thread__task_threads__prev = 0x368 - 0x18 + 8, 149 | .thread__map = 0x368, 150 | .thread__thread_id = 0x400, 151 | .thread__object_size = 0x4a8, 152 | .uthread__object_size = 0x200, 153 | .vm_map_entry__links__prev = 0x00, 154 | .vm_map_entry__links__next = 0x08, 155 | .vm_map_entry__links__start = 0x10, 156 | .vm_map_entry__links__end = 0x18, 157 | .vm_map_entry__store__entry__rbe_left = 0x20, 158 | .vm_map_entry__store__entry__rbe_right = 0x28, 159 | .vm_map_entry__store__entry__rbe_parent = 0x30, 160 | .vnode__v_un__vu_specinfo = 0x78, 161 | ._vm_map__hdr__links__prev = 0x00 + 0x8, 162 | ._vm_map__hdr__links__next = 0x08 + 0x8, 163 | ._vm_map__hdr__links__start = 0x10 + 0x8, 164 | ._vm_map__hdr__links__end = 0x18 + 0x8, 165 | ._vm_map__hdr__nentries = 0x30, 166 | ._vm_map__hdr__rb_head_store__rbh_root = 0x38, 167 | ._vm_map__pmap = 0x40, 168 | ._vm_map__hint = 0x90 + 0x08, 169 | ._vm_map__hole_hint = 0x90 + 0x10, 170 | ._vm_map__holes_list = 0x90 + 0x18, 171 | ._vm_map__object_size = 0xc0, 172 | .kernelcache__kernel_base = 0xfffffff007004000, 173 | .kernelcache__cdevsw = 0xfffffff00a19d208, 174 | .kernelcache__gPhysBase = 0xfffffff0078c3fa0, 175 | .kernelcache__gPhysSize = 0xfffffff0078c3fa0 + 8, 176 | .kernelcache__gVirtBase = 0xfffffff0078c2178, 177 | .kernelcache__perfmon_devices = 0xfffffff00a1db500, 178 | .kernelcache__perfmon_dev_open = 0xfffffff007e55a88, 179 | .kernelcache__ptov_table = 0xfffffff007877160, 180 | .kernelcache__vm_first_phys_ppnum = 0xfffffff00a1da990, 181 | .kernelcache__vm_pages = 0xfffffff007873ea8, 182 | .kernelcache__vm_page_array_beginning_addr = 0xfffffff007876110, 183 | .kernelcache__vm_page_array_ending_addr = 0xfffffff00a1da988, 184 | .kernelcache__vn_kqfilter = 0xfffffff007ea463c, 185 | }, 186 | }; 187 | 188 | #endif /* dynamic_info_h */ 189 | -------------------------------------------------------------------------------- /offsets/iPad11,7 16.4.1 20E252.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. 3 | */ 4 | 5 | #ifndef dynamic_info_h 6 | #define dynamic_info_h 7 | 8 | struct dynamic_info { 9 | const char* kern_version; 10 | // struct fileglob 11 | u64 fileglob__fg_ops; 12 | u64 fileglob__fg_data; 13 | // struct fileops 14 | u64 fileops__fo_kqfilter; 15 | // struct fileproc 16 | // u64 fileproc__fp_iocount; 17 | // u64 fileproc__fp_vflags; 18 | // u64 fileproc__fp_flags; 19 | // u64 fileproc__fp_guard_attrs; 20 | // u64 fileproc__fp_glob; 21 | // u64 fileproc__fp_guard; 22 | // u64 fileproc__object_size; 23 | // struct fileproc_guard 24 | u64 fileproc_guard__fpg_guard; 25 | // struct kqworkloop 26 | u64 kqworkloop__kqwl_state; 27 | u64 kqworkloop__kqwl_p; 28 | u64 kqworkloop__kqwl_owner; 29 | u64 kqworkloop__kqwl_dynamicid; 30 | u64 kqworkloop__object_size; 31 | // struct pmap 32 | u64 pmap__tte; 33 | u64 pmap__ttep; 34 | // struct proc 35 | u64 proc__p_list__le_next; 36 | u64 proc__p_list__le_prev; 37 | u64 proc__p_pid; 38 | u64 proc__p_fd__fd_ofiles; 39 | u64 proc__object_size; 40 | // struct pseminfo 41 | u64 pseminfo__psem_usecount; 42 | u64 pseminfo__psem_uid; 43 | u64 pseminfo__psem_gid; 44 | u64 pseminfo__psem_name; 45 | u64 pseminfo__psem_semobject; 46 | // struct psemnode 47 | // u64 psemnode__pinfo; 48 | // u64 psemnode__padding; 49 | // u64 psemnode__object_size; 50 | // struct semaphore 51 | u64 semaphore__owner; 52 | // struct specinfo 53 | u64 specinfo__si_rdev; 54 | // struct task 55 | u64 task__map; 56 | u64 task__threads__next; 57 | u64 task__threads__prev; 58 | u64 task__itk_space; 59 | u64 task__object_size; 60 | // struct thread 61 | u64 thread__task_threads__next; 62 | u64 thread__task_threads__prev; 63 | u64 thread__map; 64 | u64 thread__thread_id; 65 | u64 thread__object_size; 66 | // struct uthread 67 | u64 uthread__object_size; 68 | // struct vm_map_entry 69 | u64 vm_map_entry__links__prev; 70 | u64 vm_map_entry__links__next; 71 | u64 vm_map_entry__links__start; 72 | u64 vm_map_entry__links__end; 73 | u64 vm_map_entry__store__entry__rbe_left; 74 | u64 vm_map_entry__store__entry__rbe_right; 75 | u64 vm_map_entry__store__entry__rbe_parent; 76 | // struct vnode 77 | u64 vnode__v_un__vu_specinfo; 78 | // struct _vm_map 79 | u64 _vm_map__hdr__links__prev; 80 | u64 _vm_map__hdr__links__next; 81 | u64 _vm_map__hdr__links__start; 82 | u64 _vm_map__hdr__links__end; 83 | u64 _vm_map__hdr__nentries; 84 | u64 _vm_map__hdr__rb_head_store__rbh_root; 85 | u64 _vm_map__pmap; 86 | u64 _vm_map__hint; 87 | u64 _vm_map__hole_hint; 88 | u64 _vm_map__holes_list; 89 | u64 _vm_map__object_size; 90 | // kernelcache static addresses 91 | u64 kernelcache__kernel_base; 92 | u64 kernelcache__cdevsw; 93 | u64 kernelcache__gPhysBase; 94 | u64 kernelcache__gPhysSize; 95 | u64 kernelcache__gVirtBase; 96 | u64 kernelcache__perfmon_devices; 97 | u64 kernelcache__perfmon_dev_open; 98 | u64 kernelcache__ptov_table; 99 | u64 kernelcache__vm_first_phys_ppnum; 100 | u64 kernelcache__vm_pages; 101 | u64 kernelcache__vm_page_array_beginning_addr; 102 | u64 kernelcache__vm_page_array_ending_addr; 103 | u64 kernelcache__vn_kqfilter; 104 | }; 105 | 106 | const struct dynamic_info kern_versions[] = { 107 | { 108 | .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:48 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8020", 109 | .fileglob__fg_ops = 0x28, 110 | .fileglob__fg_data = 0x40 - 8, 111 | .fileops__fo_kqfilter = 0x30, 112 | // .fileproc__fp_iocount = 0x0000, 113 | // .fileproc__fp_vflags = 0x0004, 114 | // .fileproc__fp_flags = 0x0008, 115 | // .fileproc__fp_guard_attrs = 0x000a, 116 | // .fileproc__fp_glob = 0x0010, 117 | // .fileproc__fp_guard = 0x0018, 118 | // .fileproc__object_size = 0x0020, 119 | .fileproc_guard__fpg_guard = 0x8, 120 | .kqworkloop__kqwl_state = 0x10, 121 | .kqworkloop__kqwl_p = 0x18, 122 | .kqworkloop__kqwl_owner = 0xd0, 123 | .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, 124 | .kqworkloop__object_size = 0x108, 125 | .pmap__tte = 0x0, 126 | .pmap__ttep = 0x8, 127 | .proc__p_list__le_next = 0x0, 128 | .proc__p_list__le_prev = 0x8, 129 | .proc__p_pid = 0x60, 130 | .proc__p_fd__fd_ofiles = 0xf8, 131 | .proc__object_size = 0x730, 132 | .pseminfo__psem_usecount = 0x04, 133 | .pseminfo__psem_uid = 0x0c, 134 | .pseminfo__psem_gid = 0x10, 135 | .pseminfo__psem_name = 0x14, 136 | .pseminfo__psem_semobject = 0x38, 137 | // .psemnode__pinfo = 0x0000, 138 | // .psemnode__padding = 0x0008, 139 | // .psemnode__object_size = 0x0010, 140 | .semaphore__owner = 0x28, 141 | .specinfo__si_rdev = 0x18, 142 | .task__map = 0x28, 143 | .task__threads__next = 0x80 - 0x28, 144 | .task__threads__prev = 0x80 - 0x28 + 8, 145 | .task__itk_space = 0x300, 146 | .task__object_size = 0x628, 147 | .thread__task_threads__next = 0x368 - 0x18, 148 | .thread__task_threads__prev = 0x368 - 0x18 + 8, 149 | .thread__map = 0x368, 150 | .thread__thread_id = 0x400, 151 | .thread__object_size = 0x4a8, 152 | .uthread__object_size = 0x200, 153 | .vm_map_entry__links__prev = 0x00, 154 | .vm_map_entry__links__next = 0x08, 155 | .vm_map_entry__links__start = 0x10, 156 | .vm_map_entry__links__end = 0x18, 157 | .vm_map_entry__store__entry__rbe_left = 0x20, 158 | .vm_map_entry__store__entry__rbe_right = 0x28, 159 | .vm_map_entry__store__entry__rbe_parent = 0x30, 160 | .vnode__v_un__vu_specinfo = 0x78, 161 | ._vm_map__hdr__links__prev = 0x00 + 0x8, 162 | ._vm_map__hdr__links__next = 0x08 + 0x8, 163 | ._vm_map__hdr__links__start = 0x10 + 0x8, 164 | ._vm_map__hdr__links__end = 0x18 + 0x8, 165 | ._vm_map__hdr__nentries = 0x30, 166 | ._vm_map__hdr__rb_head_store__rbh_root = 0x38, 167 | ._vm_map__pmap = 0x40, 168 | ._vm_map__hint = 0x90 + 0x08, 169 | ._vm_map__hole_hint = 0x90 + 0x10, 170 | ._vm_map__holes_list = 0x90 + 0x18, 171 | ._vm_map__object_size = 0xc0, 172 | .kernelcache__kernel_base = 0xfffffff007004000, 173 | .kernelcache__cdevsw = 0xfffffff00a19d208, 174 | .kernelcache__gPhysBase = 0xfffffff0078c3fa0, 175 | .kernelcache__gPhysSize = 0xfffffff0078c3fa0 + 8, 176 | .kernelcache__gVirtBase = 0xfffffff0078c2178, 177 | .kernelcache__perfmon_devices = 0xfffffff00a1db500, 178 | .kernelcache__perfmon_dev_open = 0xfffffff007e55a88, 179 | .kernelcache__ptov_table = 0xfffffff007877160, 180 | .kernelcache__vm_first_phys_ppnum = 0xfffffff00a1da990, 181 | .kernelcache__vm_pages = 0xfffffff007873ea8, 182 | .kernelcache__vm_page_array_beginning_addr = 0xfffffff007876110, 183 | .kernelcache__vm_page_array_ending_addr = 0xfffffff00a1da988, 184 | .kernelcache__vn_kqfilter = 0xfffffff007ea463c, 185 | }, 186 | }; 187 | 188 | #endif /* dynamic_info_h */ 189 | -------------------------------------------------------------------------------- /offsets/iPad11,7 16.5 20F66.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. 3 | */ 4 | 5 | #ifndef dynamic_info_h 6 | #define dynamic_info_h 7 | 8 | struct dynamic_info { 9 | const char* kern_version; 10 | // struct fileglob 11 | u64 fileglob__fg_ops; 12 | u64 fileglob__fg_data; 13 | // struct fileops 14 | u64 fileops__fo_kqfilter; 15 | // struct fileproc 16 | // u64 fileproc__fp_iocount; 17 | // u64 fileproc__fp_vflags; 18 | // u64 fileproc__fp_flags; 19 | // u64 fileproc__fp_guard_attrs; 20 | // u64 fileproc__fp_glob; 21 | // u64 fileproc__fp_guard; 22 | // u64 fileproc__object_size; 23 | // struct fileproc_guard 24 | u64 fileproc_guard__fpg_guard; 25 | // struct kqworkloop 26 | u64 kqworkloop__kqwl_state; 27 | u64 kqworkloop__kqwl_p; 28 | u64 kqworkloop__kqwl_owner; 29 | u64 kqworkloop__kqwl_dynamicid; 30 | u64 kqworkloop__object_size; 31 | // struct pmap 32 | u64 pmap__tte; 33 | u64 pmap__ttep; 34 | // struct proc 35 | u64 proc__p_list__le_next; 36 | u64 proc__p_list__le_prev; 37 | u64 proc__p_pid; 38 | u64 proc__p_fd__fd_ofiles; 39 | u64 proc__object_size; 40 | // struct pseminfo 41 | u64 pseminfo__psem_usecount; 42 | u64 pseminfo__psem_uid; 43 | u64 pseminfo__psem_gid; 44 | u64 pseminfo__psem_name; 45 | u64 pseminfo__psem_semobject; 46 | // struct psemnode 47 | // u64 psemnode__pinfo; 48 | // u64 psemnode__padding; 49 | // u64 psemnode__object_size; 50 | // struct semaphore 51 | u64 semaphore__owner; 52 | // struct specinfo 53 | u64 specinfo__si_rdev; 54 | // struct task 55 | u64 task__map; 56 | u64 task__threads__next; 57 | u64 task__threads__prev; 58 | u64 task__itk_space; 59 | u64 task__object_size; 60 | // struct thread 61 | u64 thread__task_threads__next; 62 | u64 thread__task_threads__prev; 63 | u64 thread__map; 64 | u64 thread__thread_id; 65 | u64 thread__object_size; 66 | // struct uthread 67 | u64 uthread__object_size; 68 | // struct vm_map_entry 69 | u64 vm_map_entry__links__prev; 70 | u64 vm_map_entry__links__next; 71 | u64 vm_map_entry__links__start; 72 | u64 vm_map_entry__links__end; 73 | u64 vm_map_entry__store__entry__rbe_left; 74 | u64 vm_map_entry__store__entry__rbe_right; 75 | u64 vm_map_entry__store__entry__rbe_parent; 76 | // struct vnode 77 | u64 vnode__v_un__vu_specinfo; 78 | // struct _vm_map 79 | u64 _vm_map__hdr__links__prev; 80 | u64 _vm_map__hdr__links__next; 81 | u64 _vm_map__hdr__links__start; 82 | u64 _vm_map__hdr__links__end; 83 | u64 _vm_map__hdr__nentries; 84 | u64 _vm_map__hdr__rb_head_store__rbh_root; 85 | u64 _vm_map__pmap; 86 | u64 _vm_map__hint; 87 | u64 _vm_map__hole_hint; 88 | u64 _vm_map__holes_list; 89 | u64 _vm_map__object_size; 90 | // kernelcache static addresses 91 | u64 kernelcache__kernel_base; 92 | u64 kernelcache__cdevsw; 93 | u64 kernelcache__gPhysBase; 94 | u64 kernelcache__gPhysSize; 95 | u64 kernelcache__gVirtBase; 96 | u64 kernelcache__perfmon_devices; 97 | u64 kernelcache__perfmon_dev_open; 98 | u64 kernelcache__ptov_table; 99 | u64 kernelcache__vm_first_phys_ppnum; 100 | u64 kernelcache__vm_pages; 101 | u64 kernelcache__vm_page_array_beginning_addr; 102 | u64 kernelcache__vm_page_array_ending_addr; 103 | u64 kernelcache__vn_kqfilter; 104 | }; 105 | 106 | const struct dynamic_info kern_versions[] = { 107 | { 108 | .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:51 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8020", 109 | .fileglob__fg_ops = 0x28, 110 | .fileglob__fg_data = 0x40 - 8, 111 | .fileops__fo_kqfilter = 0x30, 112 | // .fileproc__fp_iocount = 0x0000, 113 | // .fileproc__fp_vflags = 0x0004, 114 | // .fileproc__fp_flags = 0x0008, 115 | // .fileproc__fp_guard_attrs = 0x000a, 116 | // .fileproc__fp_glob = 0x0010, 117 | // .fileproc__fp_guard = 0x0018, 118 | // .fileproc__object_size = 0x0020, 119 | .fileproc_guard__fpg_guard = 0x8, 120 | .kqworkloop__kqwl_state = 0x10, 121 | .kqworkloop__kqwl_p = 0x18, 122 | .kqworkloop__kqwl_owner = 0xd0, 123 | .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, 124 | .kqworkloop__object_size = 0x108, 125 | .pmap__tte = 0x0, 126 | .pmap__ttep = 0x8, 127 | .proc__p_list__le_next = 0x0, 128 | .proc__p_list__le_prev = 0x8, 129 | .proc__p_pid = 0x60, 130 | .proc__p_fd__fd_ofiles = 0xf8, 131 | .proc__object_size = 0x730, 132 | .pseminfo__psem_usecount = 0x04, 133 | .pseminfo__psem_uid = 0x0c, 134 | .pseminfo__psem_gid = 0x10, 135 | .pseminfo__psem_name = 0x14, 136 | .pseminfo__psem_semobject = 0x38, 137 | // .psemnode__pinfo = 0x0000, 138 | // .psemnode__padding = 0x0008, 139 | // .psemnode__object_size = 0x0010, 140 | .semaphore__owner = 0x28, 141 | .specinfo__si_rdev = 0x18, 142 | .task__map = 0x28, 143 | .task__threads__next = 0x80 - 0x28, 144 | .task__threads__prev = 0x80 - 0x28 + 8, 145 | .task__itk_space = 0x300, 146 | .task__object_size = 0x628, 147 | .thread__task_threads__next = 0x368 - 0x18, 148 | .thread__task_threads__prev = 0x368 - 0x18 + 8, 149 | .thread__map = 0x368, 150 | .thread__thread_id = 0x400, 151 | .thread__object_size = 0x4a8, 152 | .uthread__object_size = 0x200, 153 | .vm_map_entry__links__prev = 0x00, 154 | .vm_map_entry__links__next = 0x08, 155 | .vm_map_entry__links__start = 0x10, 156 | .vm_map_entry__links__end = 0x18, 157 | .vm_map_entry__store__entry__rbe_left = 0x20, 158 | .vm_map_entry__store__entry__rbe_right = 0x28, 159 | .vm_map_entry__store__entry__rbe_parent = 0x30, 160 | .vnode__v_un__vu_specinfo = 0x78, 161 | ._vm_map__hdr__links__prev = 0x00 + 0x8, 162 | ._vm_map__hdr__links__next = 0x08 + 0x8, 163 | ._vm_map__hdr__links__start = 0x10 + 0x8, 164 | ._vm_map__hdr__links__end = 0x18 + 0x8, 165 | ._vm_map__hdr__nentries = 0x30, 166 | ._vm_map__hdr__rb_head_store__rbh_root = 0x38, 167 | ._vm_map__pmap = 0x40, 168 | ._vm_map__hint = 0x90 + 0x08, 169 | ._vm_map__hole_hint = 0x90 + 0x10, 170 | ._vm_map__holes_list = 0x90 + 0x18, 171 | ._vm_map__object_size = 0xc0, 172 | .kernelcache__kernel_base = 0xfffffff007004000, 173 | .kernelcache__cdevsw = 0xfffffff00a1a5288, 174 | .kernelcache__gPhysBase = 0xfffffff0078c80e0, 175 | .kernelcache__gPhysSize = 0xfffffff0078c80e0 + 8, 176 | .kernelcache__gVirtBase = 0xfffffff0078c62b8, 177 | .kernelcache__perfmon_devices = 0xfffffff00a1e3500, 178 | .kernelcache__perfmon_dev_open = 0xfffffff007e59c8c, 179 | .kernelcache__ptov_table = 0xfffffff00787b160, 180 | .kernelcache__vm_first_phys_ppnum = 0xfffffff00a1e2990, 181 | .kernelcache__vm_pages = 0xfffffff007877ea8, 182 | .kernelcache__vm_page_array_beginning_addr = 0xfffffff00787a110, 183 | .kernelcache__vm_page_array_ending_addr = 0xfffffff00a1e2988, 184 | .kernelcache__vn_kqfilter = 0xfffffff007ea8ad8, 185 | }, 186 | }; 187 | 188 | #endif /* dynamic_info_h */ 189 | -------------------------------------------------------------------------------- /offsets/iPad12,1 16.4 20E246.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. 3 | */ 4 | 5 | #ifndef dynamic_info_h 6 | #define dynamic_info_h 7 | 8 | struct dynamic_info { 9 | const char* kern_version; 10 | // struct fileglob 11 | u64 fileglob__fg_ops; 12 | u64 fileglob__fg_data; 13 | // struct fileops 14 | u64 fileops__fo_kqfilter; 15 | // struct fileproc 16 | // u64 fileproc__fp_iocount; 17 | // u64 fileproc__fp_vflags; 18 | // u64 fileproc__fp_flags; 19 | // u64 fileproc__fp_guard_attrs; 20 | // u64 fileproc__fp_glob; 21 | // u64 fileproc__fp_guard; 22 | // u64 fileproc__object_size; 23 | // struct fileproc_guard 24 | u64 fileproc_guard__fpg_guard; 25 | // struct kqworkloop 26 | u64 kqworkloop__kqwl_state; 27 | u64 kqworkloop__kqwl_p; 28 | u64 kqworkloop__kqwl_owner; 29 | u64 kqworkloop__kqwl_dynamicid; 30 | u64 kqworkloop__object_size; 31 | // struct pmap 32 | u64 pmap__tte; 33 | u64 pmap__ttep; 34 | // struct proc 35 | u64 proc__p_list__le_next; 36 | u64 proc__p_list__le_prev; 37 | u64 proc__p_pid; 38 | u64 proc__p_fd__fd_ofiles; 39 | u64 proc__object_size; 40 | // struct pseminfo 41 | u64 pseminfo__psem_usecount; 42 | u64 pseminfo__psem_uid; 43 | u64 pseminfo__psem_gid; 44 | u64 pseminfo__psem_name; 45 | u64 pseminfo__psem_semobject; 46 | // struct psemnode 47 | // u64 psemnode__pinfo; 48 | // u64 psemnode__padding; 49 | // u64 psemnode__object_size; 50 | // struct semaphore 51 | u64 semaphore__owner; 52 | // struct specinfo 53 | u64 specinfo__si_rdev; 54 | // struct task 55 | u64 task__map; 56 | u64 task__threads__next; 57 | u64 task__threads__prev; 58 | u64 task__itk_space; 59 | u64 task__object_size; 60 | // struct thread 61 | u64 thread__task_threads__next; 62 | u64 thread__task_threads__prev; 63 | u64 thread__map; 64 | u64 thread__thread_id; 65 | u64 thread__object_size; 66 | // struct uthread 67 | u64 uthread__object_size; 68 | // struct vm_map_entry 69 | u64 vm_map_entry__links__prev; 70 | u64 vm_map_entry__links__next; 71 | u64 vm_map_entry__links__start; 72 | u64 vm_map_entry__links__end; 73 | u64 vm_map_entry__store__entry__rbe_left; 74 | u64 vm_map_entry__store__entry__rbe_right; 75 | u64 vm_map_entry__store__entry__rbe_parent; 76 | // struct vnode 77 | u64 vnode__v_un__vu_specinfo; 78 | // struct _vm_map 79 | u64 _vm_map__hdr__links__prev; 80 | u64 _vm_map__hdr__links__next; 81 | u64 _vm_map__hdr__links__start; 82 | u64 _vm_map__hdr__links__end; 83 | u64 _vm_map__hdr__nentries; 84 | u64 _vm_map__hdr__rb_head_store__rbh_root; 85 | u64 _vm_map__pmap; 86 | u64 _vm_map__hint; 87 | u64 _vm_map__hole_hint; 88 | u64 _vm_map__holes_list; 89 | u64 _vm_map__object_size; 90 | // kernelcache static addresses 91 | u64 kernelcache__kernel_base; 92 | u64 kernelcache__cdevsw; 93 | u64 kernelcache__gPhysBase; 94 | u64 kernelcache__gPhysSize; 95 | u64 kernelcache__gVirtBase; 96 | u64 kernelcache__perfmon_devices; 97 | u64 kernelcache__perfmon_dev_open; 98 | u64 kernelcache__ptov_table; 99 | u64 kernelcache__vm_first_phys_ppnum; 100 | u64 kernelcache__vm_pages; 101 | u64 kernelcache__vm_page_array_beginning_addr; 102 | u64 kernelcache__vm_page_array_ending_addr; 103 | u64 kernelcache__vn_kqfilter; 104 | }; 105 | 106 | const struct dynamic_info kern_versions[] = { 107 | { 108 | .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:25 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8030", 109 | .fileglob__fg_ops = 0x28, 110 | .fileglob__fg_data = 0x40 - 8, 111 | .fileops__fo_kqfilter = 0x30, 112 | // .fileproc__fp_iocount = 0x0000, 113 | // .fileproc__fp_vflags = 0x0004, 114 | // .fileproc__fp_flags = 0x0008, 115 | // .fileproc__fp_guard_attrs = 0x000a, 116 | // .fileproc__fp_glob = 0x0010, 117 | // .fileproc__fp_guard = 0x0018, 118 | // .fileproc__object_size = 0x0020, 119 | .fileproc_guard__fpg_guard = 0x8, 120 | .kqworkloop__kqwl_state = 0x10, 121 | .kqworkloop__kqwl_p = 0x18, 122 | .kqworkloop__kqwl_owner = 0xd0, 123 | .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, 124 | .kqworkloop__object_size = 0x108, 125 | .pmap__tte = 0x0, 126 | .pmap__ttep = 0x8, 127 | .proc__p_list__le_next = 0x0, 128 | .proc__p_list__le_prev = 0x8, 129 | .proc__p_pid = 0x60, 130 | .proc__p_fd__fd_ofiles = 0xf8, 131 | .proc__object_size = 0x730, 132 | .pseminfo__psem_usecount = 0x04, 133 | .pseminfo__psem_uid = 0x0c, 134 | .pseminfo__psem_gid = 0x10, 135 | .pseminfo__psem_name = 0x14, 136 | .pseminfo__psem_semobject = 0x38, 137 | // .psemnode__pinfo = 0x0000, 138 | // .psemnode__padding = 0x0008, 139 | // .psemnode__object_size = 0x0010, 140 | .semaphore__owner = 0x28, 141 | .specinfo__si_rdev = 0x18, 142 | .task__map = 0x28, 143 | .task__threads__next = 0x80 - 0x28, 144 | .task__threads__prev = 0x80 - 0x28 + 8, 145 | .task__itk_space = 0x300, 146 | .task__object_size = 0x628, 147 | .thread__task_threads__next = 0x378 - 0x18, 148 | .thread__task_threads__prev = 0x378 - 0x18 + 8, 149 | .thread__map = 0x378, 150 | .thread__thread_id = 0x410, 151 | .thread__object_size = 0x4b8, 152 | .uthread__object_size = 0x200, 153 | .vm_map_entry__links__prev = 0x00, 154 | .vm_map_entry__links__next = 0x08, 155 | .vm_map_entry__links__start = 0x10, 156 | .vm_map_entry__links__end = 0x18, 157 | .vm_map_entry__store__entry__rbe_left = 0x20, 158 | .vm_map_entry__store__entry__rbe_right = 0x28, 159 | .vm_map_entry__store__entry__rbe_parent = 0x30, 160 | .vnode__v_un__vu_specinfo = 0x78, 161 | ._vm_map__hdr__links__prev = 0x00 + 0x8, 162 | ._vm_map__hdr__links__next = 0x08 + 0x8, 163 | ._vm_map__hdr__links__start = 0x10 + 0x8, 164 | ._vm_map__hdr__links__end = 0x18 + 0x8, 165 | ._vm_map__hdr__nentries = 0x30, 166 | ._vm_map__hdr__rb_head_store__rbh_root = 0x38, 167 | ._vm_map__pmap = 0x40, 168 | ._vm_map__hint = 0x90 + 0x08, 169 | ._vm_map__hole_hint = 0x90 + 0x10, 170 | ._vm_map__holes_list = 0x90 + 0x18, 171 | ._vm_map__object_size = 0xc0, 172 | .kernelcache__kernel_base = 0xfffffff007004000, 173 | .kernelcache__cdevsw = 0xfffffff00a361208, 174 | .kernelcache__gPhysBase = 0xfffffff007927ed0, 175 | .kernelcache__gPhysSize = 0xfffffff007927ed0 + 8, 176 | .kernelcache__gVirtBase = 0xfffffff0079260a8, 177 | .kernelcache__perfmon_devices = 0xfffffff00a39f4f0, 178 | .kernelcache__perfmon_dev_open = 0xfffffff007ed73c8, 179 | .kernelcache__ptov_table = 0xfffffff0078db178, 180 | .kernelcache__vm_first_phys_ppnum = 0xfffffff00a39e990, 181 | .kernelcache__vm_pages = 0xfffffff0078d7eb0, 182 | .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078da118, 183 | .kernelcache__vm_page_array_ending_addr = 0xfffffff00a39e988, 184 | .kernelcache__vn_kqfilter = 0xfffffff007f25f7c, 185 | }, 186 | }; 187 | 188 | #endif /* dynamic_info_h */ 189 | -------------------------------------------------------------------------------- /offsets/iPad12,1 16.4.1 20E252.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. 3 | */ 4 | 5 | #ifndef dynamic_info_h 6 | #define dynamic_info_h 7 | 8 | struct dynamic_info { 9 | const char* kern_version; 10 | // struct fileglob 11 | u64 fileglob__fg_ops; 12 | u64 fileglob__fg_data; 13 | // struct fileops 14 | u64 fileops__fo_kqfilter; 15 | // struct fileproc 16 | // u64 fileproc__fp_iocount; 17 | // u64 fileproc__fp_vflags; 18 | // u64 fileproc__fp_flags; 19 | // u64 fileproc__fp_guard_attrs; 20 | // u64 fileproc__fp_glob; 21 | // u64 fileproc__fp_guard; 22 | // u64 fileproc__object_size; 23 | // struct fileproc_guard 24 | u64 fileproc_guard__fpg_guard; 25 | // struct kqworkloop 26 | u64 kqworkloop__kqwl_state; 27 | u64 kqworkloop__kqwl_p; 28 | u64 kqworkloop__kqwl_owner; 29 | u64 kqworkloop__kqwl_dynamicid; 30 | u64 kqworkloop__object_size; 31 | // struct pmap 32 | u64 pmap__tte; 33 | u64 pmap__ttep; 34 | // struct proc 35 | u64 proc__p_list__le_next; 36 | u64 proc__p_list__le_prev; 37 | u64 proc__p_pid; 38 | u64 proc__p_fd__fd_ofiles; 39 | u64 proc__object_size; 40 | // struct pseminfo 41 | u64 pseminfo__psem_usecount; 42 | u64 pseminfo__psem_uid; 43 | u64 pseminfo__psem_gid; 44 | u64 pseminfo__psem_name; 45 | u64 pseminfo__psem_semobject; 46 | // struct psemnode 47 | // u64 psemnode__pinfo; 48 | // u64 psemnode__padding; 49 | // u64 psemnode__object_size; 50 | // struct semaphore 51 | u64 semaphore__owner; 52 | // struct specinfo 53 | u64 specinfo__si_rdev; 54 | // struct task 55 | u64 task__map; 56 | u64 task__threads__next; 57 | u64 task__threads__prev; 58 | u64 task__itk_space; 59 | u64 task__object_size; 60 | // struct thread 61 | u64 thread__task_threads__next; 62 | u64 thread__task_threads__prev; 63 | u64 thread__map; 64 | u64 thread__thread_id; 65 | u64 thread__object_size; 66 | // struct uthread 67 | u64 uthread__object_size; 68 | // struct vm_map_entry 69 | u64 vm_map_entry__links__prev; 70 | u64 vm_map_entry__links__next; 71 | u64 vm_map_entry__links__start; 72 | u64 vm_map_entry__links__end; 73 | u64 vm_map_entry__store__entry__rbe_left; 74 | u64 vm_map_entry__store__entry__rbe_right; 75 | u64 vm_map_entry__store__entry__rbe_parent; 76 | // struct vnode 77 | u64 vnode__v_un__vu_specinfo; 78 | // struct _vm_map 79 | u64 _vm_map__hdr__links__prev; 80 | u64 _vm_map__hdr__links__next; 81 | u64 _vm_map__hdr__links__start; 82 | u64 _vm_map__hdr__links__end; 83 | u64 _vm_map__hdr__nentries; 84 | u64 _vm_map__hdr__rb_head_store__rbh_root; 85 | u64 _vm_map__pmap; 86 | u64 _vm_map__hint; 87 | u64 _vm_map__hole_hint; 88 | u64 _vm_map__holes_list; 89 | u64 _vm_map__object_size; 90 | // kernelcache static addresses 91 | u64 kernelcache__kernel_base; 92 | u64 kernelcache__cdevsw; 93 | u64 kernelcache__gPhysBase; 94 | u64 kernelcache__gPhysSize; 95 | u64 kernelcache__gVirtBase; 96 | u64 kernelcache__perfmon_devices; 97 | u64 kernelcache__perfmon_dev_open; 98 | u64 kernelcache__ptov_table; 99 | u64 kernelcache__vm_first_phys_ppnum; 100 | u64 kernelcache__vm_pages; 101 | u64 kernelcache__vm_page_array_beginning_addr; 102 | u64 kernelcache__vm_page_array_ending_addr; 103 | u64 kernelcache__vn_kqfilter; 104 | }; 105 | 106 | const struct dynamic_info kern_versions[] = { 107 | { 108 | .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:25 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8030", 109 | .fileglob__fg_ops = 0x28, 110 | .fileglob__fg_data = 0x40 - 8, 111 | .fileops__fo_kqfilter = 0x30, 112 | // .fileproc__fp_iocount = 0x0000, 113 | // .fileproc__fp_vflags = 0x0004, 114 | // .fileproc__fp_flags = 0x0008, 115 | // .fileproc__fp_guard_attrs = 0x000a, 116 | // .fileproc__fp_glob = 0x0010, 117 | // .fileproc__fp_guard = 0x0018, 118 | // .fileproc__object_size = 0x0020, 119 | .fileproc_guard__fpg_guard = 0x8, 120 | .kqworkloop__kqwl_state = 0x10, 121 | .kqworkloop__kqwl_p = 0x18, 122 | .kqworkloop__kqwl_owner = 0xd0, 123 | .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, 124 | .kqworkloop__object_size = 0x108, 125 | .pmap__tte = 0x0, 126 | .pmap__ttep = 0x8, 127 | .proc__p_list__le_next = 0x0, 128 | .proc__p_list__le_prev = 0x8, 129 | .proc__p_pid = 0x60, 130 | .proc__p_fd__fd_ofiles = 0xf8, 131 | .proc__object_size = 0x730, 132 | .pseminfo__psem_usecount = 0x04, 133 | .pseminfo__psem_uid = 0x0c, 134 | .pseminfo__psem_gid = 0x10, 135 | .pseminfo__psem_name = 0x14, 136 | .pseminfo__psem_semobject = 0x38, 137 | // .psemnode__pinfo = 0x0000, 138 | // .psemnode__padding = 0x0008, 139 | // .psemnode__object_size = 0x0010, 140 | .semaphore__owner = 0x28, 141 | .specinfo__si_rdev = 0x18, 142 | .task__map = 0x28, 143 | .task__threads__next = 0x80 - 0x28, 144 | .task__threads__prev = 0x80 - 0x28 + 8, 145 | .task__itk_space = 0x300, 146 | .task__object_size = 0x628, 147 | .thread__task_threads__next = 0x378 - 0x18, 148 | .thread__task_threads__prev = 0x378 - 0x18 + 8, 149 | .thread__map = 0x378, 150 | .thread__thread_id = 0x410, 151 | .thread__object_size = 0x4b8, 152 | .uthread__object_size = 0x200, 153 | .vm_map_entry__links__prev = 0x00, 154 | .vm_map_entry__links__next = 0x08, 155 | .vm_map_entry__links__start = 0x10, 156 | .vm_map_entry__links__end = 0x18, 157 | .vm_map_entry__store__entry__rbe_left = 0x20, 158 | .vm_map_entry__store__entry__rbe_right = 0x28, 159 | .vm_map_entry__store__entry__rbe_parent = 0x30, 160 | .vnode__v_un__vu_specinfo = 0x78, 161 | ._vm_map__hdr__links__prev = 0x00 + 0x8, 162 | ._vm_map__hdr__links__next = 0x08 + 0x8, 163 | ._vm_map__hdr__links__start = 0x10 + 0x8, 164 | ._vm_map__hdr__links__end = 0x18 + 0x8, 165 | ._vm_map__hdr__nentries = 0x30, 166 | ._vm_map__hdr__rb_head_store__rbh_root = 0x38, 167 | ._vm_map__pmap = 0x40, 168 | ._vm_map__hint = 0x90 + 0x08, 169 | ._vm_map__hole_hint = 0x90 + 0x10, 170 | ._vm_map__holes_list = 0x90 + 0x18, 171 | ._vm_map__object_size = 0xc0, 172 | .kernelcache__kernel_base = 0xfffffff007004000, 173 | .kernelcache__cdevsw = 0xfffffff00a361208, 174 | .kernelcache__gPhysBase = 0xfffffff007927ed0, 175 | .kernelcache__gPhysSize = 0xfffffff007927ed0 + 8, 176 | .kernelcache__gVirtBase = 0xfffffff0079260a8, 177 | .kernelcache__perfmon_devices = 0xfffffff00a39f4f0, 178 | .kernelcache__perfmon_dev_open = 0xfffffff007ed73c8, 179 | .kernelcache__ptov_table = 0xfffffff0078db178, 180 | .kernelcache__vm_first_phys_ppnum = 0xfffffff00a39e990, 181 | .kernelcache__vm_pages = 0xfffffff0078d7eb0, 182 | .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078da118, 183 | .kernelcache__vm_page_array_ending_addr = 0xfffffff00a39e988, 184 | .kernelcache__vn_kqfilter = 0xfffffff007f25f7c, 185 | }, 186 | }; 187 | 188 | #endif /* dynamic_info_h */ 189 | -------------------------------------------------------------------------------- /offsets/iPad12,1 16.5 20F66.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. 3 | */ 4 | 5 | #ifndef dynamic_info_h 6 | #define dynamic_info_h 7 | 8 | struct dynamic_info { 9 | const char* kern_version; 10 | // struct fileglob 11 | u64 fileglob__fg_ops; 12 | u64 fileglob__fg_data; 13 | // struct fileops 14 | u64 fileops__fo_kqfilter; 15 | // struct fileproc 16 | // u64 fileproc__fp_iocount; 17 | // u64 fileproc__fp_vflags; 18 | // u64 fileproc__fp_flags; 19 | // u64 fileproc__fp_guard_attrs; 20 | // u64 fileproc__fp_glob; 21 | // u64 fileproc__fp_guard; 22 | // u64 fileproc__object_size; 23 | // struct fileproc_guard 24 | u64 fileproc_guard__fpg_guard; 25 | // struct kqworkloop 26 | u64 kqworkloop__kqwl_state; 27 | u64 kqworkloop__kqwl_p; 28 | u64 kqworkloop__kqwl_owner; 29 | u64 kqworkloop__kqwl_dynamicid; 30 | u64 kqworkloop__object_size; 31 | // struct pmap 32 | u64 pmap__tte; 33 | u64 pmap__ttep; 34 | // struct proc 35 | u64 proc__p_list__le_next; 36 | u64 proc__p_list__le_prev; 37 | u64 proc__p_pid; 38 | u64 proc__p_fd__fd_ofiles; 39 | u64 proc__object_size; 40 | // struct pseminfo 41 | u64 pseminfo__psem_usecount; 42 | u64 pseminfo__psem_uid; 43 | u64 pseminfo__psem_gid; 44 | u64 pseminfo__psem_name; 45 | u64 pseminfo__psem_semobject; 46 | // struct psemnode 47 | // u64 psemnode__pinfo; 48 | // u64 psemnode__padding; 49 | // u64 psemnode__object_size; 50 | // struct semaphore 51 | u64 semaphore__owner; 52 | // struct specinfo 53 | u64 specinfo__si_rdev; 54 | // struct task 55 | u64 task__map; 56 | u64 task__threads__next; 57 | u64 task__threads__prev; 58 | u64 task__itk_space; 59 | u64 task__object_size; 60 | // struct thread 61 | u64 thread__task_threads__next; 62 | u64 thread__task_threads__prev; 63 | u64 thread__map; 64 | u64 thread__thread_id; 65 | u64 thread__object_size; 66 | // struct uthread 67 | u64 uthread__object_size; 68 | // struct vm_map_entry 69 | u64 vm_map_entry__links__prev; 70 | u64 vm_map_entry__links__next; 71 | u64 vm_map_entry__links__start; 72 | u64 vm_map_entry__links__end; 73 | u64 vm_map_entry__store__entry__rbe_left; 74 | u64 vm_map_entry__store__entry__rbe_right; 75 | u64 vm_map_entry__store__entry__rbe_parent; 76 | // struct vnode 77 | u64 vnode__v_un__vu_specinfo; 78 | // struct _vm_map 79 | u64 _vm_map__hdr__links__prev; 80 | u64 _vm_map__hdr__links__next; 81 | u64 _vm_map__hdr__links__start; 82 | u64 _vm_map__hdr__links__end; 83 | u64 _vm_map__hdr__nentries; 84 | u64 _vm_map__hdr__rb_head_store__rbh_root; 85 | u64 _vm_map__pmap; 86 | u64 _vm_map__hint; 87 | u64 _vm_map__hole_hint; 88 | u64 _vm_map__holes_list; 89 | u64 _vm_map__object_size; 90 | // kernelcache static addresses 91 | u64 kernelcache__kernel_base; 92 | u64 kernelcache__cdevsw; 93 | u64 kernelcache__gPhysBase; 94 | u64 kernelcache__gPhysSize; 95 | u64 kernelcache__gVirtBase; 96 | u64 kernelcache__perfmon_devices; 97 | u64 kernelcache__perfmon_dev_open; 98 | u64 kernelcache__ptov_table; 99 | u64 kernelcache__vm_first_phys_ppnum; 100 | u64 kernelcache__vm_pages; 101 | u64 kernelcache__vm_page_array_beginning_addr; 102 | u64 kernelcache__vm_page_array_ending_addr; 103 | u64 kernelcache__vn_kqfilter; 104 | }; 105 | 106 | const struct dynamic_info kern_versions[] = { 107 | { 108 | .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:28 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8030", 109 | .fileglob__fg_ops = 0x28, 110 | .fileglob__fg_data = 0x40 - 8, 111 | .fileops__fo_kqfilter = 0x30, 112 | // .fileproc__fp_iocount = 0x0000, 113 | // .fileproc__fp_vflags = 0x0004, 114 | // .fileproc__fp_flags = 0x0008, 115 | // .fileproc__fp_guard_attrs = 0x000a, 116 | // .fileproc__fp_glob = 0x0010, 117 | // .fileproc__fp_guard = 0x0018, 118 | // .fileproc__object_size = 0x0020, 119 | .fileproc_guard__fpg_guard = 0x8, 120 | .kqworkloop__kqwl_state = 0x10, 121 | .kqworkloop__kqwl_p = 0x18, 122 | .kqworkloop__kqwl_owner = 0xd0, 123 | .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, 124 | .kqworkloop__object_size = 0x108, 125 | .pmap__tte = 0x0, 126 | .pmap__ttep = 0x8, 127 | .proc__p_list__le_next = 0x0, 128 | .proc__p_list__le_prev = 0x8, 129 | .proc__p_pid = 0x60, 130 | .proc__p_fd__fd_ofiles = 0xf8, 131 | .proc__object_size = 0x730, 132 | .pseminfo__psem_usecount = 0x04, 133 | .pseminfo__psem_uid = 0x0c, 134 | .pseminfo__psem_gid = 0x10, 135 | .pseminfo__psem_name = 0x14, 136 | .pseminfo__psem_semobject = 0x38, 137 | // .psemnode__pinfo = 0x0000, 138 | // .psemnode__padding = 0x0008, 139 | // .psemnode__object_size = 0x0010, 140 | .semaphore__owner = 0x28, 141 | .specinfo__si_rdev = 0x18, 142 | .task__map = 0x28, 143 | .task__threads__next = 0x80 - 0x28, 144 | .task__threads__prev = 0x80 - 0x28 + 8, 145 | .task__itk_space = 0x300, 146 | .task__object_size = 0x628, 147 | .thread__task_threads__next = 0x378 - 0x18, 148 | .thread__task_threads__prev = 0x378 - 0x18 + 8, 149 | .thread__map = 0x378, 150 | .thread__thread_id = 0x410, 151 | .thread__object_size = 0x4b8, 152 | .uthread__object_size = 0x200, 153 | .vm_map_entry__links__prev = 0x00, 154 | .vm_map_entry__links__next = 0x08, 155 | .vm_map_entry__links__start = 0x10, 156 | .vm_map_entry__links__end = 0x18, 157 | .vm_map_entry__store__entry__rbe_left = 0x20, 158 | .vm_map_entry__store__entry__rbe_right = 0x28, 159 | .vm_map_entry__store__entry__rbe_parent = 0x30, 160 | .vnode__v_un__vu_specinfo = 0x78, 161 | ._vm_map__hdr__links__prev = 0x00 + 0x8, 162 | ._vm_map__hdr__links__next = 0x08 + 0x8, 163 | ._vm_map__hdr__links__start = 0x10 + 0x8, 164 | ._vm_map__hdr__links__end = 0x18 + 0x8, 165 | ._vm_map__hdr__nentries = 0x30, 166 | ._vm_map__hdr__rb_head_store__rbh_root = 0x38, 167 | ._vm_map__pmap = 0x40, 168 | ._vm_map__hint = 0x90 + 0x08, 169 | ._vm_map__hole_hint = 0x90 + 0x10, 170 | ._vm_map__holes_list = 0x90 + 0x18, 171 | ._vm_map__object_size = 0xc0, 172 | .kernelcache__kernel_base = 0xfffffff007004000, 173 | .kernelcache__cdevsw = 0xfffffff00a36d288, 174 | .kernelcache__gPhysBase = 0xfffffff007928010, 175 | .kernelcache__gPhysSize = 0xfffffff007928010 + 8, 176 | .kernelcache__gVirtBase = 0xfffffff0079261e8, 177 | .kernelcache__perfmon_devices = 0xfffffff00a3ab4f0, 178 | .kernelcache__perfmon_dev_open = 0xfffffff007ed75d0, 179 | .kernelcache__ptov_table = 0xfffffff0078db178, 180 | .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3aa990, 181 | .kernelcache__vm_pages = 0xfffffff0078d7eb0, 182 | .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078da118, 183 | .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3aa988, 184 | .kernelcache__vn_kqfilter = 0xfffffff007f2641c, 185 | }, 186 | }; 187 | 188 | #endif /* dynamic_info_h */ 189 | -------------------------------------------------------------------------------- /offsets/iPad12,2 16.4 20E246.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. 3 | */ 4 | 5 | #ifndef dynamic_info_h 6 | #define dynamic_info_h 7 | 8 | struct dynamic_info { 9 | const char* kern_version; 10 | // struct fileglob 11 | u64 fileglob__fg_ops; 12 | u64 fileglob__fg_data; 13 | // struct fileops 14 | u64 fileops__fo_kqfilter; 15 | // struct fileproc 16 | // u64 fileproc__fp_iocount; 17 | // u64 fileproc__fp_vflags; 18 | // u64 fileproc__fp_flags; 19 | // u64 fileproc__fp_guard_attrs; 20 | // u64 fileproc__fp_glob; 21 | // u64 fileproc__fp_guard; 22 | // u64 fileproc__object_size; 23 | // struct fileproc_guard 24 | u64 fileproc_guard__fpg_guard; 25 | // struct kqworkloop 26 | u64 kqworkloop__kqwl_state; 27 | u64 kqworkloop__kqwl_p; 28 | u64 kqworkloop__kqwl_owner; 29 | u64 kqworkloop__kqwl_dynamicid; 30 | u64 kqworkloop__object_size; 31 | // struct pmap 32 | u64 pmap__tte; 33 | u64 pmap__ttep; 34 | // struct proc 35 | u64 proc__p_list__le_next; 36 | u64 proc__p_list__le_prev; 37 | u64 proc__p_pid; 38 | u64 proc__p_fd__fd_ofiles; 39 | u64 proc__object_size; 40 | // struct pseminfo 41 | u64 pseminfo__psem_usecount; 42 | u64 pseminfo__psem_uid; 43 | u64 pseminfo__psem_gid; 44 | u64 pseminfo__psem_name; 45 | u64 pseminfo__psem_semobject; 46 | // struct psemnode 47 | // u64 psemnode__pinfo; 48 | // u64 psemnode__padding; 49 | // u64 psemnode__object_size; 50 | // struct semaphore 51 | u64 semaphore__owner; 52 | // struct specinfo 53 | u64 specinfo__si_rdev; 54 | // struct task 55 | u64 task__map; 56 | u64 task__threads__next; 57 | u64 task__threads__prev; 58 | u64 task__itk_space; 59 | u64 task__object_size; 60 | // struct thread 61 | u64 thread__task_threads__next; 62 | u64 thread__task_threads__prev; 63 | u64 thread__map; 64 | u64 thread__thread_id; 65 | u64 thread__object_size; 66 | // struct uthread 67 | u64 uthread__object_size; 68 | // struct vm_map_entry 69 | u64 vm_map_entry__links__prev; 70 | u64 vm_map_entry__links__next; 71 | u64 vm_map_entry__links__start; 72 | u64 vm_map_entry__links__end; 73 | u64 vm_map_entry__store__entry__rbe_left; 74 | u64 vm_map_entry__store__entry__rbe_right; 75 | u64 vm_map_entry__store__entry__rbe_parent; 76 | // struct vnode 77 | u64 vnode__v_un__vu_specinfo; 78 | // struct _vm_map 79 | u64 _vm_map__hdr__links__prev; 80 | u64 _vm_map__hdr__links__next; 81 | u64 _vm_map__hdr__links__start; 82 | u64 _vm_map__hdr__links__end; 83 | u64 _vm_map__hdr__nentries; 84 | u64 _vm_map__hdr__rb_head_store__rbh_root; 85 | u64 _vm_map__pmap; 86 | u64 _vm_map__hint; 87 | u64 _vm_map__hole_hint; 88 | u64 _vm_map__holes_list; 89 | u64 _vm_map__object_size; 90 | // kernelcache static addresses 91 | u64 kernelcache__kernel_base; 92 | u64 kernelcache__cdevsw; 93 | u64 kernelcache__gPhysBase; 94 | u64 kernelcache__gPhysSize; 95 | u64 kernelcache__gVirtBase; 96 | u64 kernelcache__perfmon_devices; 97 | u64 kernelcache__perfmon_dev_open; 98 | u64 kernelcache__ptov_table; 99 | u64 kernelcache__vm_first_phys_ppnum; 100 | u64 kernelcache__vm_pages; 101 | u64 kernelcache__vm_page_array_beginning_addr; 102 | u64 kernelcache__vm_page_array_ending_addr; 103 | u64 kernelcache__vn_kqfilter; 104 | }; 105 | 106 | const struct dynamic_info kern_versions[] = { 107 | { 108 | .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:25 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8030", 109 | .fileglob__fg_ops = 0x28, 110 | .fileglob__fg_data = 0x40 - 8, 111 | .fileops__fo_kqfilter = 0x30, 112 | // .fileproc__fp_iocount = 0x0000, 113 | // .fileproc__fp_vflags = 0x0004, 114 | // .fileproc__fp_flags = 0x0008, 115 | // .fileproc__fp_guard_attrs = 0x000a, 116 | // .fileproc__fp_glob = 0x0010, 117 | // .fileproc__fp_guard = 0x0018, 118 | // .fileproc__object_size = 0x0020, 119 | .fileproc_guard__fpg_guard = 0x8, 120 | .kqworkloop__kqwl_state = 0x10, 121 | .kqworkloop__kqwl_p = 0x18, 122 | .kqworkloop__kqwl_owner = 0xd0, 123 | .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, 124 | .kqworkloop__object_size = 0x108, 125 | .pmap__tte = 0x0, 126 | .pmap__ttep = 0x8, 127 | .proc__p_list__le_next = 0x0, 128 | .proc__p_list__le_prev = 0x8, 129 | .proc__p_pid = 0x60, 130 | .proc__p_fd__fd_ofiles = 0xf8, 131 | .proc__object_size = 0x730, 132 | .pseminfo__psem_usecount = 0x04, 133 | .pseminfo__psem_uid = 0x0c, 134 | .pseminfo__psem_gid = 0x10, 135 | .pseminfo__psem_name = 0x14, 136 | .pseminfo__psem_semobject = 0x38, 137 | // .psemnode__pinfo = 0x0000, 138 | // .psemnode__padding = 0x0008, 139 | // .psemnode__object_size = 0x0010, 140 | .semaphore__owner = 0x28, 141 | .specinfo__si_rdev = 0x18, 142 | .task__map = 0x28, 143 | .task__threads__next = 0x80 - 0x28, 144 | .task__threads__prev = 0x80 - 0x28 + 8, 145 | .task__itk_space = 0x300, 146 | .task__object_size = 0x628, 147 | .thread__task_threads__next = 0x378 - 0x18, 148 | .thread__task_threads__prev = 0x378 - 0x18 + 8, 149 | .thread__map = 0x378, 150 | .thread__thread_id = 0x410, 151 | .thread__object_size = 0x4b8, 152 | .uthread__object_size = 0x200, 153 | .vm_map_entry__links__prev = 0x00, 154 | .vm_map_entry__links__next = 0x08, 155 | .vm_map_entry__links__start = 0x10, 156 | .vm_map_entry__links__end = 0x18, 157 | .vm_map_entry__store__entry__rbe_left = 0x20, 158 | .vm_map_entry__store__entry__rbe_right = 0x28, 159 | .vm_map_entry__store__entry__rbe_parent = 0x30, 160 | .vnode__v_un__vu_specinfo = 0x78, 161 | ._vm_map__hdr__links__prev = 0x00 + 0x8, 162 | ._vm_map__hdr__links__next = 0x08 + 0x8, 163 | ._vm_map__hdr__links__start = 0x10 + 0x8, 164 | ._vm_map__hdr__links__end = 0x18 + 0x8, 165 | ._vm_map__hdr__nentries = 0x30, 166 | ._vm_map__hdr__rb_head_store__rbh_root = 0x38, 167 | ._vm_map__pmap = 0x40, 168 | ._vm_map__hint = 0x90 + 0x08, 169 | ._vm_map__hole_hint = 0x90 + 0x10, 170 | ._vm_map__holes_list = 0x90 + 0x18, 171 | ._vm_map__object_size = 0xc0, 172 | .kernelcache__kernel_base = 0xfffffff007004000, 173 | .kernelcache__cdevsw = 0xfffffff00a361208, 174 | .kernelcache__gPhysBase = 0xfffffff007927ed0, 175 | .kernelcache__gPhysSize = 0xfffffff007927ed0 + 8, 176 | .kernelcache__gVirtBase = 0xfffffff0079260a8, 177 | .kernelcache__perfmon_devices = 0xfffffff00a39f4f0, 178 | .kernelcache__perfmon_dev_open = 0xfffffff007ed73c8, 179 | .kernelcache__ptov_table = 0xfffffff0078db178, 180 | .kernelcache__vm_first_phys_ppnum = 0xfffffff00a39e990, 181 | .kernelcache__vm_pages = 0xfffffff0078d7eb0, 182 | .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078da118, 183 | .kernelcache__vm_page_array_ending_addr = 0xfffffff00a39e988, 184 | .kernelcache__vn_kqfilter = 0xfffffff007f25f7c, 185 | }, 186 | }; 187 | 188 | #endif /* dynamic_info_h */ 189 | -------------------------------------------------------------------------------- /offsets/iPad12,2 16.4.1 20E252.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. 3 | */ 4 | 5 | #ifndef dynamic_info_h 6 | #define dynamic_info_h 7 | 8 | struct dynamic_info { 9 | const char* kern_version; 10 | // struct fileglob 11 | u64 fileglob__fg_ops; 12 | u64 fileglob__fg_data; 13 | // struct fileops 14 | u64 fileops__fo_kqfilter; 15 | // struct fileproc 16 | // u64 fileproc__fp_iocount; 17 | // u64 fileproc__fp_vflags; 18 | // u64 fileproc__fp_flags; 19 | // u64 fileproc__fp_guard_attrs; 20 | // u64 fileproc__fp_glob; 21 | // u64 fileproc__fp_guard; 22 | // u64 fileproc__object_size; 23 | // struct fileproc_guard 24 | u64 fileproc_guard__fpg_guard; 25 | // struct kqworkloop 26 | u64 kqworkloop__kqwl_state; 27 | u64 kqworkloop__kqwl_p; 28 | u64 kqworkloop__kqwl_owner; 29 | u64 kqworkloop__kqwl_dynamicid; 30 | u64 kqworkloop__object_size; 31 | // struct pmap 32 | u64 pmap__tte; 33 | u64 pmap__ttep; 34 | // struct proc 35 | u64 proc__p_list__le_next; 36 | u64 proc__p_list__le_prev; 37 | u64 proc__p_pid; 38 | u64 proc__p_fd__fd_ofiles; 39 | u64 proc__object_size; 40 | // struct pseminfo 41 | u64 pseminfo__psem_usecount; 42 | u64 pseminfo__psem_uid; 43 | u64 pseminfo__psem_gid; 44 | u64 pseminfo__psem_name; 45 | u64 pseminfo__psem_semobject; 46 | // struct psemnode 47 | // u64 psemnode__pinfo; 48 | // u64 psemnode__padding; 49 | // u64 psemnode__object_size; 50 | // struct semaphore 51 | u64 semaphore__owner; 52 | // struct specinfo 53 | u64 specinfo__si_rdev; 54 | // struct task 55 | u64 task__map; 56 | u64 task__threads__next; 57 | u64 task__threads__prev; 58 | u64 task__itk_space; 59 | u64 task__object_size; 60 | // struct thread 61 | u64 thread__task_threads__next; 62 | u64 thread__task_threads__prev; 63 | u64 thread__map; 64 | u64 thread__thread_id; 65 | u64 thread__object_size; 66 | // struct uthread 67 | u64 uthread__object_size; 68 | // struct vm_map_entry 69 | u64 vm_map_entry__links__prev; 70 | u64 vm_map_entry__links__next; 71 | u64 vm_map_entry__links__start; 72 | u64 vm_map_entry__links__end; 73 | u64 vm_map_entry__store__entry__rbe_left; 74 | u64 vm_map_entry__store__entry__rbe_right; 75 | u64 vm_map_entry__store__entry__rbe_parent; 76 | // struct vnode 77 | u64 vnode__v_un__vu_specinfo; 78 | // struct _vm_map 79 | u64 _vm_map__hdr__links__prev; 80 | u64 _vm_map__hdr__links__next; 81 | u64 _vm_map__hdr__links__start; 82 | u64 _vm_map__hdr__links__end; 83 | u64 _vm_map__hdr__nentries; 84 | u64 _vm_map__hdr__rb_head_store__rbh_root; 85 | u64 _vm_map__pmap; 86 | u64 _vm_map__hint; 87 | u64 _vm_map__hole_hint; 88 | u64 _vm_map__holes_list; 89 | u64 _vm_map__object_size; 90 | // kernelcache static addresses 91 | u64 kernelcache__kernel_base; 92 | u64 kernelcache__cdevsw; 93 | u64 kernelcache__gPhysBase; 94 | u64 kernelcache__gPhysSize; 95 | u64 kernelcache__gVirtBase; 96 | u64 kernelcache__perfmon_devices; 97 | u64 kernelcache__perfmon_dev_open; 98 | u64 kernelcache__ptov_table; 99 | u64 kernelcache__vm_first_phys_ppnum; 100 | u64 kernelcache__vm_pages; 101 | u64 kernelcache__vm_page_array_beginning_addr; 102 | u64 kernelcache__vm_page_array_ending_addr; 103 | u64 kernelcache__vn_kqfilter; 104 | }; 105 | 106 | const struct dynamic_info kern_versions[] = { 107 | { 108 | .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:25 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8030", 109 | .fileglob__fg_ops = 0x28, 110 | .fileglob__fg_data = 0x40 - 8, 111 | .fileops__fo_kqfilter = 0x30, 112 | // .fileproc__fp_iocount = 0x0000, 113 | // .fileproc__fp_vflags = 0x0004, 114 | // .fileproc__fp_flags = 0x0008, 115 | // .fileproc__fp_guard_attrs = 0x000a, 116 | // .fileproc__fp_glob = 0x0010, 117 | // .fileproc__fp_guard = 0x0018, 118 | // .fileproc__object_size = 0x0020, 119 | .fileproc_guard__fpg_guard = 0x8, 120 | .kqworkloop__kqwl_state = 0x10, 121 | .kqworkloop__kqwl_p = 0x18, 122 | .kqworkloop__kqwl_owner = 0xd0, 123 | .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, 124 | .kqworkloop__object_size = 0x108, 125 | .pmap__tte = 0x0, 126 | .pmap__ttep = 0x8, 127 | .proc__p_list__le_next = 0x0, 128 | .proc__p_list__le_prev = 0x8, 129 | .proc__p_pid = 0x60, 130 | .proc__p_fd__fd_ofiles = 0xf8, 131 | .proc__object_size = 0x730, 132 | .pseminfo__psem_usecount = 0x04, 133 | .pseminfo__psem_uid = 0x0c, 134 | .pseminfo__psem_gid = 0x10, 135 | .pseminfo__psem_name = 0x14, 136 | .pseminfo__psem_semobject = 0x38, 137 | // .psemnode__pinfo = 0x0000, 138 | // .psemnode__padding = 0x0008, 139 | // .psemnode__object_size = 0x0010, 140 | .semaphore__owner = 0x28, 141 | .specinfo__si_rdev = 0x18, 142 | .task__map = 0x28, 143 | .task__threads__next = 0x80 - 0x28, 144 | .task__threads__prev = 0x80 - 0x28 + 8, 145 | .task__itk_space = 0x300, 146 | .task__object_size = 0x628, 147 | .thread__task_threads__next = 0x378 - 0x18, 148 | .thread__task_threads__prev = 0x378 - 0x18 + 8, 149 | .thread__map = 0x378, 150 | .thread__thread_id = 0x410, 151 | .thread__object_size = 0x4b8, 152 | .uthread__object_size = 0x200, 153 | .vm_map_entry__links__prev = 0x00, 154 | .vm_map_entry__links__next = 0x08, 155 | .vm_map_entry__links__start = 0x10, 156 | .vm_map_entry__links__end = 0x18, 157 | .vm_map_entry__store__entry__rbe_left = 0x20, 158 | .vm_map_entry__store__entry__rbe_right = 0x28, 159 | .vm_map_entry__store__entry__rbe_parent = 0x30, 160 | .vnode__v_un__vu_specinfo = 0x78, 161 | ._vm_map__hdr__links__prev = 0x00 + 0x8, 162 | ._vm_map__hdr__links__next = 0x08 + 0x8, 163 | ._vm_map__hdr__links__start = 0x10 + 0x8, 164 | ._vm_map__hdr__links__end = 0x18 + 0x8, 165 | ._vm_map__hdr__nentries = 0x30, 166 | ._vm_map__hdr__rb_head_store__rbh_root = 0x38, 167 | ._vm_map__pmap = 0x40, 168 | ._vm_map__hint = 0x90 + 0x08, 169 | ._vm_map__hole_hint = 0x90 + 0x10, 170 | ._vm_map__holes_list = 0x90 + 0x18, 171 | ._vm_map__object_size = 0xc0, 172 | .kernelcache__kernel_base = 0xfffffff007004000, 173 | .kernelcache__cdevsw = 0xfffffff00a361208, 174 | .kernelcache__gPhysBase = 0xfffffff007927ed0, 175 | .kernelcache__gPhysSize = 0xfffffff007927ed0 + 8, 176 | .kernelcache__gVirtBase = 0xfffffff0079260a8, 177 | .kernelcache__perfmon_devices = 0xfffffff00a39f4f0, 178 | .kernelcache__perfmon_dev_open = 0xfffffff007ed73c8, 179 | .kernelcache__ptov_table = 0xfffffff0078db178, 180 | .kernelcache__vm_first_phys_ppnum = 0xfffffff00a39e990, 181 | .kernelcache__vm_pages = 0xfffffff0078d7eb0, 182 | .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078da118, 183 | .kernelcache__vm_page_array_ending_addr = 0xfffffff00a39e988, 184 | .kernelcache__vn_kqfilter = 0xfffffff007f25f7c, 185 | }, 186 | }; 187 | 188 | #endif /* dynamic_info_h */ 189 | -------------------------------------------------------------------------------- /offsets/iPad12,2 16.5 20F66.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. 3 | */ 4 | 5 | #ifndef dynamic_info_h 6 | #define dynamic_info_h 7 | 8 | struct dynamic_info { 9 | const char* kern_version; 10 | // struct fileglob 11 | u64 fileglob__fg_ops; 12 | u64 fileglob__fg_data; 13 | // struct fileops 14 | u64 fileops__fo_kqfilter; 15 | // struct fileproc 16 | // u64 fileproc__fp_iocount; 17 | // u64 fileproc__fp_vflags; 18 | // u64 fileproc__fp_flags; 19 | // u64 fileproc__fp_guard_attrs; 20 | // u64 fileproc__fp_glob; 21 | // u64 fileproc__fp_guard; 22 | // u64 fileproc__object_size; 23 | // struct fileproc_guard 24 | u64 fileproc_guard__fpg_guard; 25 | // struct kqworkloop 26 | u64 kqworkloop__kqwl_state; 27 | u64 kqworkloop__kqwl_p; 28 | u64 kqworkloop__kqwl_owner; 29 | u64 kqworkloop__kqwl_dynamicid; 30 | u64 kqworkloop__object_size; 31 | // struct pmap 32 | u64 pmap__tte; 33 | u64 pmap__ttep; 34 | // struct proc 35 | u64 proc__p_list__le_next; 36 | u64 proc__p_list__le_prev; 37 | u64 proc__p_pid; 38 | u64 proc__p_fd__fd_ofiles; 39 | u64 proc__object_size; 40 | // struct pseminfo 41 | u64 pseminfo__psem_usecount; 42 | u64 pseminfo__psem_uid; 43 | u64 pseminfo__psem_gid; 44 | u64 pseminfo__psem_name; 45 | u64 pseminfo__psem_semobject; 46 | // struct psemnode 47 | // u64 psemnode__pinfo; 48 | // u64 psemnode__padding; 49 | // u64 psemnode__object_size; 50 | // struct semaphore 51 | u64 semaphore__owner; 52 | // struct specinfo 53 | u64 specinfo__si_rdev; 54 | // struct task 55 | u64 task__map; 56 | u64 task__threads__next; 57 | u64 task__threads__prev; 58 | u64 task__itk_space; 59 | u64 task__object_size; 60 | // struct thread 61 | u64 thread__task_threads__next; 62 | u64 thread__task_threads__prev; 63 | u64 thread__map; 64 | u64 thread__thread_id; 65 | u64 thread__object_size; 66 | // struct uthread 67 | u64 uthread__object_size; 68 | // struct vm_map_entry 69 | u64 vm_map_entry__links__prev; 70 | u64 vm_map_entry__links__next; 71 | u64 vm_map_entry__links__start; 72 | u64 vm_map_entry__links__end; 73 | u64 vm_map_entry__store__entry__rbe_left; 74 | u64 vm_map_entry__store__entry__rbe_right; 75 | u64 vm_map_entry__store__entry__rbe_parent; 76 | // struct vnode 77 | u64 vnode__v_un__vu_specinfo; 78 | // struct _vm_map 79 | u64 _vm_map__hdr__links__prev; 80 | u64 _vm_map__hdr__links__next; 81 | u64 _vm_map__hdr__links__start; 82 | u64 _vm_map__hdr__links__end; 83 | u64 _vm_map__hdr__nentries; 84 | u64 _vm_map__hdr__rb_head_store__rbh_root; 85 | u64 _vm_map__pmap; 86 | u64 _vm_map__hint; 87 | u64 _vm_map__hole_hint; 88 | u64 _vm_map__holes_list; 89 | u64 _vm_map__object_size; 90 | // kernelcache static addresses 91 | u64 kernelcache__kernel_base; 92 | u64 kernelcache__cdevsw; 93 | u64 kernelcache__gPhysBase; 94 | u64 kernelcache__gPhysSize; 95 | u64 kernelcache__gVirtBase; 96 | u64 kernelcache__perfmon_devices; 97 | u64 kernelcache__perfmon_dev_open; 98 | u64 kernelcache__ptov_table; 99 | u64 kernelcache__vm_first_phys_ppnum; 100 | u64 kernelcache__vm_pages; 101 | u64 kernelcache__vm_page_array_beginning_addr; 102 | u64 kernelcache__vm_page_array_ending_addr; 103 | u64 kernelcache__vn_kqfilter; 104 | }; 105 | 106 | const struct dynamic_info kern_versions[] = { 107 | { 108 | .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:28 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8030", 109 | .fileglob__fg_ops = 0x28, 110 | .fileglob__fg_data = 0x40 - 8, 111 | .fileops__fo_kqfilter = 0x30, 112 | // .fileproc__fp_iocount = 0x0000, 113 | // .fileproc__fp_vflags = 0x0004, 114 | // .fileproc__fp_flags = 0x0008, 115 | // .fileproc__fp_guard_attrs = 0x000a, 116 | // .fileproc__fp_glob = 0x0010, 117 | // .fileproc__fp_guard = 0x0018, 118 | // .fileproc__object_size = 0x0020, 119 | .fileproc_guard__fpg_guard = 0x8, 120 | .kqworkloop__kqwl_state = 0x10, 121 | .kqworkloop__kqwl_p = 0x18, 122 | .kqworkloop__kqwl_owner = 0xd0, 123 | .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, 124 | .kqworkloop__object_size = 0x108, 125 | .pmap__tte = 0x0, 126 | .pmap__ttep = 0x8, 127 | .proc__p_list__le_next = 0x0, 128 | .proc__p_list__le_prev = 0x8, 129 | .proc__p_pid = 0x60, 130 | .proc__p_fd__fd_ofiles = 0xf8, 131 | .proc__object_size = 0x730, 132 | .pseminfo__psem_usecount = 0x04, 133 | .pseminfo__psem_uid = 0x0c, 134 | .pseminfo__psem_gid = 0x10, 135 | .pseminfo__psem_name = 0x14, 136 | .pseminfo__psem_semobject = 0x38, 137 | // .psemnode__pinfo = 0x0000, 138 | // .psemnode__padding = 0x0008, 139 | // .psemnode__object_size = 0x0010, 140 | .semaphore__owner = 0x28, 141 | .specinfo__si_rdev = 0x18, 142 | .task__map = 0x28, 143 | .task__threads__next = 0x80 - 0x28, 144 | .task__threads__prev = 0x80 - 0x28 + 8, 145 | .task__itk_space = 0x300, 146 | .task__object_size = 0x628, 147 | .thread__task_threads__next = 0x378 - 0x18, 148 | .thread__task_threads__prev = 0x378 - 0x18 + 8, 149 | .thread__map = 0x378, 150 | .thread__thread_id = 0x410, 151 | .thread__object_size = 0x4b8, 152 | .uthread__object_size = 0x200, 153 | .vm_map_entry__links__prev = 0x00, 154 | .vm_map_entry__links__next = 0x08, 155 | .vm_map_entry__links__start = 0x10, 156 | .vm_map_entry__links__end = 0x18, 157 | .vm_map_entry__store__entry__rbe_left = 0x20, 158 | .vm_map_entry__store__entry__rbe_right = 0x28, 159 | .vm_map_entry__store__entry__rbe_parent = 0x30, 160 | .vnode__v_un__vu_specinfo = 0x78, 161 | ._vm_map__hdr__links__prev = 0x00 + 0x8, 162 | ._vm_map__hdr__links__next = 0x08 + 0x8, 163 | ._vm_map__hdr__links__start = 0x10 + 0x8, 164 | ._vm_map__hdr__links__end = 0x18 + 0x8, 165 | ._vm_map__hdr__nentries = 0x30, 166 | ._vm_map__hdr__rb_head_store__rbh_root = 0x38, 167 | ._vm_map__pmap = 0x40, 168 | ._vm_map__hint = 0x90 + 0x08, 169 | ._vm_map__hole_hint = 0x90 + 0x10, 170 | ._vm_map__holes_list = 0x90 + 0x18, 171 | ._vm_map__object_size = 0xc0, 172 | .kernelcache__kernel_base = 0xfffffff007004000, 173 | .kernelcache__cdevsw = 0xfffffff00a36d288, 174 | .kernelcache__gPhysBase = 0xfffffff007928010, 175 | .kernelcache__gPhysSize = 0xfffffff007928010 + 8, 176 | .kernelcache__gVirtBase = 0xfffffff0079261e8, 177 | .kernelcache__perfmon_devices = 0xfffffff00a3ab4f0, 178 | .kernelcache__perfmon_dev_open = 0xfffffff007ed75d0, 179 | .kernelcache__ptov_table = 0xfffffff0078db178, 180 | .kernelcache__vm_first_phys_ppnum = 0xfffffff00a3aa990, 181 | .kernelcache__vm_pages = 0xfffffff0078d7eb0, 182 | .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078da118, 183 | .kernelcache__vm_page_array_ending_addr = 0xfffffff00a3aa988, 184 | .kernelcache__vn_kqfilter = 0xfffffff007f2641c, 185 | }, 186 | }; 187 | 188 | #endif /* dynamic_info_h */ 189 | -------------------------------------------------------------------------------- /offsets/iPad13,1 16.4 20E246.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. 3 | */ 4 | 5 | #ifndef dynamic_info_h 6 | #define dynamic_info_h 7 | 8 | struct dynamic_info { 9 | const char* kern_version; 10 | // struct fileglob 11 | u64 fileglob__fg_ops; 12 | u64 fileglob__fg_data; 13 | // struct fileops 14 | u64 fileops__fo_kqfilter; 15 | // struct fileproc 16 | // u64 fileproc__fp_iocount; 17 | // u64 fileproc__fp_vflags; 18 | // u64 fileproc__fp_flags; 19 | // u64 fileproc__fp_guard_attrs; 20 | // u64 fileproc__fp_glob; 21 | // u64 fileproc__fp_guard; 22 | // u64 fileproc__object_size; 23 | // struct fileproc_guard 24 | u64 fileproc_guard__fpg_guard; 25 | // struct kqworkloop 26 | u64 kqworkloop__kqwl_state; 27 | u64 kqworkloop__kqwl_p; 28 | u64 kqworkloop__kqwl_owner; 29 | u64 kqworkloop__kqwl_dynamicid; 30 | u64 kqworkloop__object_size; 31 | // struct pmap 32 | u64 pmap__tte; 33 | u64 pmap__ttep; 34 | // struct proc 35 | u64 proc__p_list__le_next; 36 | u64 proc__p_list__le_prev; 37 | u64 proc__p_pid; 38 | u64 proc__p_fd__fd_ofiles; 39 | u64 proc__object_size; 40 | // struct pseminfo 41 | u64 pseminfo__psem_usecount; 42 | u64 pseminfo__psem_uid; 43 | u64 pseminfo__psem_gid; 44 | u64 pseminfo__psem_name; 45 | u64 pseminfo__psem_semobject; 46 | // struct psemnode 47 | // u64 psemnode__pinfo; 48 | // u64 psemnode__padding; 49 | // u64 psemnode__object_size; 50 | // struct semaphore 51 | u64 semaphore__owner; 52 | // struct specinfo 53 | u64 specinfo__si_rdev; 54 | // struct task 55 | u64 task__map; 56 | u64 task__threads__next; 57 | u64 task__threads__prev; 58 | u64 task__itk_space; 59 | u64 task__object_size; 60 | // struct thread 61 | u64 thread__task_threads__next; 62 | u64 thread__task_threads__prev; 63 | u64 thread__map; 64 | u64 thread__thread_id; 65 | u64 thread__object_size; 66 | // struct uthread 67 | u64 uthread__object_size; 68 | // struct vm_map_entry 69 | u64 vm_map_entry__links__prev; 70 | u64 vm_map_entry__links__next; 71 | u64 vm_map_entry__links__start; 72 | u64 vm_map_entry__links__end; 73 | u64 vm_map_entry__store__entry__rbe_left; 74 | u64 vm_map_entry__store__entry__rbe_right; 75 | u64 vm_map_entry__store__entry__rbe_parent; 76 | // struct vnode 77 | u64 vnode__v_un__vu_specinfo; 78 | // struct _vm_map 79 | u64 _vm_map__hdr__links__prev; 80 | u64 _vm_map__hdr__links__next; 81 | u64 _vm_map__hdr__links__start; 82 | u64 _vm_map__hdr__links__end; 83 | u64 _vm_map__hdr__nentries; 84 | u64 _vm_map__hdr__rb_head_store__rbh_root; 85 | u64 _vm_map__pmap; 86 | u64 _vm_map__hint; 87 | u64 _vm_map__hole_hint; 88 | u64 _vm_map__holes_list; 89 | u64 _vm_map__object_size; 90 | // kernelcache static addresses 91 | u64 kernelcache__kernel_base; 92 | u64 kernelcache__cdevsw; 93 | u64 kernelcache__gPhysBase; 94 | u64 kernelcache__gPhysSize; 95 | u64 kernelcache__gVirtBase; 96 | u64 kernelcache__perfmon_devices; 97 | u64 kernelcache__perfmon_dev_open; 98 | u64 kernelcache__ptov_table; 99 | u64 kernelcache__vm_first_phys_ppnum; 100 | u64 kernelcache__vm_pages; 101 | u64 kernelcache__vm_page_array_beginning_addr; 102 | u64 kernelcache__vm_page_array_ending_addr; 103 | u64 kernelcache__vn_kqfilter; 104 | }; 105 | 106 | const struct dynamic_info kern_versions[] = { 107 | { 108 | .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:59 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8101", 109 | .fileglob__fg_ops = 0x28, 110 | .fileglob__fg_data = 0x40 - 8, 111 | .fileops__fo_kqfilter = 0x30, 112 | // .fileproc__fp_iocount = 0x0000, 113 | // .fileproc__fp_vflags = 0x0004, 114 | // .fileproc__fp_flags = 0x0008, 115 | // .fileproc__fp_guard_attrs = 0x000a, 116 | // .fileproc__fp_glob = 0x0010, 117 | // .fileproc__fp_guard = 0x0018, 118 | // .fileproc__object_size = 0x0020, 119 | .fileproc_guard__fpg_guard = 0x8, 120 | .kqworkloop__kqwl_state = 0x10, 121 | .kqworkloop__kqwl_p = 0x18, 122 | .kqworkloop__kqwl_owner = 0xd0, 123 | .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, 124 | .kqworkloop__object_size = 0x108, 125 | .pmap__tte = 0x0, 126 | .pmap__ttep = 0x8, 127 | .proc__p_list__le_next = 0x0, 128 | .proc__p_list__le_prev = 0x8, 129 | .proc__p_pid = 0x60, 130 | .proc__p_fd__fd_ofiles = 0xf8, 131 | .proc__object_size = 0x730, 132 | .pseminfo__psem_usecount = 0x04, 133 | .pseminfo__psem_uid = 0x0c, 134 | .pseminfo__psem_gid = 0x10, 135 | .pseminfo__psem_name = 0x14, 136 | .pseminfo__psem_semobject = 0x38, 137 | // .psemnode__pinfo = 0x0000, 138 | // .psemnode__padding = 0x0008, 139 | // .psemnode__object_size = 0x0010, 140 | .semaphore__owner = 0x28, 141 | .specinfo__si_rdev = 0x18, 142 | .task__map = 0x28, 143 | .task__threads__next = 0x80 - 0x28, 144 | .task__threads__prev = 0x80 - 0x28 + 8, 145 | .task__itk_space = 0x300, 146 | .task__object_size = 0x628, 147 | .thread__task_threads__next = 0x378 - 0x18, 148 | .thread__task_threads__prev = 0x378 - 0x18 + 8, 149 | .thread__map = 0x378, 150 | .thread__thread_id = 0x410, 151 | .thread__object_size = 0x4b8, 152 | .uthread__object_size = 0x200, 153 | .vm_map_entry__links__prev = 0x00, 154 | .vm_map_entry__links__next = 0x08, 155 | .vm_map_entry__links__start = 0x10, 156 | .vm_map_entry__links__end = 0x18, 157 | .vm_map_entry__store__entry__rbe_left = 0x20, 158 | .vm_map_entry__store__entry__rbe_right = 0x28, 159 | .vm_map_entry__store__entry__rbe_parent = 0x30, 160 | .vnode__v_un__vu_specinfo = 0x78, 161 | ._vm_map__hdr__links__prev = 0x00 + 0x8, 162 | ._vm_map__hdr__links__next = 0x08 + 0x8, 163 | ._vm_map__hdr__links__start = 0x10 + 0x8, 164 | ._vm_map__hdr__links__end = 0x18 + 0x8, 165 | ._vm_map__hdr__nentries = 0x30, 166 | ._vm_map__hdr__rb_head_store__rbh_root = 0x38, 167 | ._vm_map__pmap = 0x40, 168 | ._vm_map__hint = 0x90 + 0x08, 169 | ._vm_map__hole_hint = 0x90 + 0x10, 170 | ._vm_map__holes_list = 0x90 + 0x18, 171 | ._vm_map__object_size = 0xc0, 172 | .kernelcache__kernel_base = 0xfffffff007004000, 173 | .kernelcache__cdevsw = 0xfffffff00a481208, 174 | .kernelcache__gPhysBase = 0xfffffff007917fc0, 175 | .kernelcache__gPhysSize = 0xfffffff007917fc0 + 8, 176 | .kernelcache__gVirtBase = 0xfffffff007916198, 177 | .kernelcache__perfmon_devices = 0xfffffff00a4bf520, 178 | .kernelcache__perfmon_dev_open = 0xfffffff007f0864c, 179 | .kernelcache__ptov_table = 0xfffffff0078cb188, 180 | .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4be990, 181 | .kernelcache__vm_pages = 0xfffffff0078c7eb8, 182 | .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ca128, 183 | .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4be988, 184 | .kernelcache__vn_kqfilter = 0xfffffff007f57538, 185 | }, 186 | }; 187 | 188 | #endif /* dynamic_info_h */ 189 | -------------------------------------------------------------------------------- /offsets/iPad13,1 16.4.1 20E252.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. 3 | */ 4 | 5 | #ifndef dynamic_info_h 6 | #define dynamic_info_h 7 | 8 | struct dynamic_info { 9 | const char* kern_version; 10 | // struct fileglob 11 | u64 fileglob__fg_ops; 12 | u64 fileglob__fg_data; 13 | // struct fileops 14 | u64 fileops__fo_kqfilter; 15 | // struct fileproc 16 | // u64 fileproc__fp_iocount; 17 | // u64 fileproc__fp_vflags; 18 | // u64 fileproc__fp_flags; 19 | // u64 fileproc__fp_guard_attrs; 20 | // u64 fileproc__fp_glob; 21 | // u64 fileproc__fp_guard; 22 | // u64 fileproc__object_size; 23 | // struct fileproc_guard 24 | u64 fileproc_guard__fpg_guard; 25 | // struct kqworkloop 26 | u64 kqworkloop__kqwl_state; 27 | u64 kqworkloop__kqwl_p; 28 | u64 kqworkloop__kqwl_owner; 29 | u64 kqworkloop__kqwl_dynamicid; 30 | u64 kqworkloop__object_size; 31 | // struct pmap 32 | u64 pmap__tte; 33 | u64 pmap__ttep; 34 | // struct proc 35 | u64 proc__p_list__le_next; 36 | u64 proc__p_list__le_prev; 37 | u64 proc__p_pid; 38 | u64 proc__p_fd__fd_ofiles; 39 | u64 proc__object_size; 40 | // struct pseminfo 41 | u64 pseminfo__psem_usecount; 42 | u64 pseminfo__psem_uid; 43 | u64 pseminfo__psem_gid; 44 | u64 pseminfo__psem_name; 45 | u64 pseminfo__psem_semobject; 46 | // struct psemnode 47 | // u64 psemnode__pinfo; 48 | // u64 psemnode__padding; 49 | // u64 psemnode__object_size; 50 | // struct semaphore 51 | u64 semaphore__owner; 52 | // struct specinfo 53 | u64 specinfo__si_rdev; 54 | // struct task 55 | u64 task__map; 56 | u64 task__threads__next; 57 | u64 task__threads__prev; 58 | u64 task__itk_space; 59 | u64 task__object_size; 60 | // struct thread 61 | u64 thread__task_threads__next; 62 | u64 thread__task_threads__prev; 63 | u64 thread__map; 64 | u64 thread__thread_id; 65 | u64 thread__object_size; 66 | // struct uthread 67 | u64 uthread__object_size; 68 | // struct vm_map_entry 69 | u64 vm_map_entry__links__prev; 70 | u64 vm_map_entry__links__next; 71 | u64 vm_map_entry__links__start; 72 | u64 vm_map_entry__links__end; 73 | u64 vm_map_entry__store__entry__rbe_left; 74 | u64 vm_map_entry__store__entry__rbe_right; 75 | u64 vm_map_entry__store__entry__rbe_parent; 76 | // struct vnode 77 | u64 vnode__v_un__vu_specinfo; 78 | // struct _vm_map 79 | u64 _vm_map__hdr__links__prev; 80 | u64 _vm_map__hdr__links__next; 81 | u64 _vm_map__hdr__links__start; 82 | u64 _vm_map__hdr__links__end; 83 | u64 _vm_map__hdr__nentries; 84 | u64 _vm_map__hdr__rb_head_store__rbh_root; 85 | u64 _vm_map__pmap; 86 | u64 _vm_map__hint; 87 | u64 _vm_map__hole_hint; 88 | u64 _vm_map__holes_list; 89 | u64 _vm_map__object_size; 90 | // kernelcache static addresses 91 | u64 kernelcache__kernel_base; 92 | u64 kernelcache__cdevsw; 93 | u64 kernelcache__gPhysBase; 94 | u64 kernelcache__gPhysSize; 95 | u64 kernelcache__gVirtBase; 96 | u64 kernelcache__perfmon_devices; 97 | u64 kernelcache__perfmon_dev_open; 98 | u64 kernelcache__ptov_table; 99 | u64 kernelcache__vm_first_phys_ppnum; 100 | u64 kernelcache__vm_pages; 101 | u64 kernelcache__vm_page_array_beginning_addr; 102 | u64 kernelcache__vm_page_array_ending_addr; 103 | u64 kernelcache__vn_kqfilter; 104 | }; 105 | 106 | const struct dynamic_info kern_versions[] = { 107 | { 108 | .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:42:59 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8101", 109 | .fileglob__fg_ops = 0x28, 110 | .fileglob__fg_data = 0x40 - 8, 111 | .fileops__fo_kqfilter = 0x30, 112 | // .fileproc__fp_iocount = 0x0000, 113 | // .fileproc__fp_vflags = 0x0004, 114 | // .fileproc__fp_flags = 0x0008, 115 | // .fileproc__fp_guard_attrs = 0x000a, 116 | // .fileproc__fp_glob = 0x0010, 117 | // .fileproc__fp_guard = 0x0018, 118 | // .fileproc__object_size = 0x0020, 119 | .fileproc_guard__fpg_guard = 0x8, 120 | .kqworkloop__kqwl_state = 0x10, 121 | .kqworkloop__kqwl_p = 0x18, 122 | .kqworkloop__kqwl_owner = 0xd0, 123 | .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, 124 | .kqworkloop__object_size = 0x108, 125 | .pmap__tte = 0x0, 126 | .pmap__ttep = 0x8, 127 | .proc__p_list__le_next = 0x0, 128 | .proc__p_list__le_prev = 0x8, 129 | .proc__p_pid = 0x60, 130 | .proc__p_fd__fd_ofiles = 0xf8, 131 | .proc__object_size = 0x730, 132 | .pseminfo__psem_usecount = 0x04, 133 | .pseminfo__psem_uid = 0x0c, 134 | .pseminfo__psem_gid = 0x10, 135 | .pseminfo__psem_name = 0x14, 136 | .pseminfo__psem_semobject = 0x38, 137 | // .psemnode__pinfo = 0x0000, 138 | // .psemnode__padding = 0x0008, 139 | // .psemnode__object_size = 0x0010, 140 | .semaphore__owner = 0x28, 141 | .specinfo__si_rdev = 0x18, 142 | .task__map = 0x28, 143 | .task__threads__next = 0x80 - 0x28, 144 | .task__threads__prev = 0x80 - 0x28 + 8, 145 | .task__itk_space = 0x300, 146 | .task__object_size = 0x628, 147 | .thread__task_threads__next = 0x378 - 0x18, 148 | .thread__task_threads__prev = 0x378 - 0x18 + 8, 149 | .thread__map = 0x378, 150 | .thread__thread_id = 0x410, 151 | .thread__object_size = 0x4b8, 152 | .uthread__object_size = 0x200, 153 | .vm_map_entry__links__prev = 0x00, 154 | .vm_map_entry__links__next = 0x08, 155 | .vm_map_entry__links__start = 0x10, 156 | .vm_map_entry__links__end = 0x18, 157 | .vm_map_entry__store__entry__rbe_left = 0x20, 158 | .vm_map_entry__store__entry__rbe_right = 0x28, 159 | .vm_map_entry__store__entry__rbe_parent = 0x30, 160 | .vnode__v_un__vu_specinfo = 0x78, 161 | ._vm_map__hdr__links__prev = 0x00 + 0x8, 162 | ._vm_map__hdr__links__next = 0x08 + 0x8, 163 | ._vm_map__hdr__links__start = 0x10 + 0x8, 164 | ._vm_map__hdr__links__end = 0x18 + 0x8, 165 | ._vm_map__hdr__nentries = 0x30, 166 | ._vm_map__hdr__rb_head_store__rbh_root = 0x38, 167 | ._vm_map__pmap = 0x40, 168 | ._vm_map__hint = 0x90 + 0x08, 169 | ._vm_map__hole_hint = 0x90 + 0x10, 170 | ._vm_map__holes_list = 0x90 + 0x18, 171 | ._vm_map__object_size = 0xc0, 172 | .kernelcache__kernel_base = 0xfffffff007004000, 173 | .kernelcache__cdevsw = 0xfffffff00a481208, 174 | .kernelcache__gPhysBase = 0xfffffff007917fc0, 175 | .kernelcache__gPhysSize = 0xfffffff007917fc0 + 8, 176 | .kernelcache__gVirtBase = 0xfffffff007916198, 177 | .kernelcache__perfmon_devices = 0xfffffff00a4bf520, 178 | .kernelcache__perfmon_dev_open = 0xfffffff007f0864c, 179 | .kernelcache__ptov_table = 0xfffffff0078cb188, 180 | .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4be990, 181 | .kernelcache__vm_pages = 0xfffffff0078c7eb8, 182 | .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ca128, 183 | .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4be988, 184 | .kernelcache__vn_kqfilter = 0xfffffff007f57538, 185 | }, 186 | }; 187 | 188 | #endif /* dynamic_info_h */ 189 | -------------------------------------------------------------------------------- /offsets/iPad13,1 16.5 20F66.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. 3 | */ 4 | 5 | #ifndef dynamic_info_h 6 | #define dynamic_info_h 7 | 8 | struct dynamic_info { 9 | const char* kern_version; 10 | // struct fileglob 11 | u64 fileglob__fg_ops; 12 | u64 fileglob__fg_data; 13 | // struct fileops 14 | u64 fileops__fo_kqfilter; 15 | // struct fileproc 16 | // u64 fileproc__fp_iocount; 17 | // u64 fileproc__fp_vflags; 18 | // u64 fileproc__fp_flags; 19 | // u64 fileproc__fp_guard_attrs; 20 | // u64 fileproc__fp_glob; 21 | // u64 fileproc__fp_guard; 22 | // u64 fileproc__object_size; 23 | // struct fileproc_guard 24 | u64 fileproc_guard__fpg_guard; 25 | // struct kqworkloop 26 | u64 kqworkloop__kqwl_state; 27 | u64 kqworkloop__kqwl_p; 28 | u64 kqworkloop__kqwl_owner; 29 | u64 kqworkloop__kqwl_dynamicid; 30 | u64 kqworkloop__object_size; 31 | // struct pmap 32 | u64 pmap__tte; 33 | u64 pmap__ttep; 34 | // struct proc 35 | u64 proc__p_list__le_next; 36 | u64 proc__p_list__le_prev; 37 | u64 proc__p_pid; 38 | u64 proc__p_fd__fd_ofiles; 39 | u64 proc__object_size; 40 | // struct pseminfo 41 | u64 pseminfo__psem_usecount; 42 | u64 pseminfo__psem_uid; 43 | u64 pseminfo__psem_gid; 44 | u64 pseminfo__psem_name; 45 | u64 pseminfo__psem_semobject; 46 | // struct psemnode 47 | // u64 psemnode__pinfo; 48 | // u64 psemnode__padding; 49 | // u64 psemnode__object_size; 50 | // struct semaphore 51 | u64 semaphore__owner; 52 | // struct specinfo 53 | u64 specinfo__si_rdev; 54 | // struct task 55 | u64 task__map; 56 | u64 task__threads__next; 57 | u64 task__threads__prev; 58 | u64 task__itk_space; 59 | u64 task__object_size; 60 | // struct thread 61 | u64 thread__task_threads__next; 62 | u64 thread__task_threads__prev; 63 | u64 thread__map; 64 | u64 thread__thread_id; 65 | u64 thread__object_size; 66 | // struct uthread 67 | u64 uthread__object_size; 68 | // struct vm_map_entry 69 | u64 vm_map_entry__links__prev; 70 | u64 vm_map_entry__links__next; 71 | u64 vm_map_entry__links__start; 72 | u64 vm_map_entry__links__end; 73 | u64 vm_map_entry__store__entry__rbe_left; 74 | u64 vm_map_entry__store__entry__rbe_right; 75 | u64 vm_map_entry__store__entry__rbe_parent; 76 | // struct vnode 77 | u64 vnode__v_un__vu_specinfo; 78 | // struct _vm_map 79 | u64 _vm_map__hdr__links__prev; 80 | u64 _vm_map__hdr__links__next; 81 | u64 _vm_map__hdr__links__start; 82 | u64 _vm_map__hdr__links__end; 83 | u64 _vm_map__hdr__nentries; 84 | u64 _vm_map__hdr__rb_head_store__rbh_root; 85 | u64 _vm_map__pmap; 86 | u64 _vm_map__hint; 87 | u64 _vm_map__hole_hint; 88 | u64 _vm_map__holes_list; 89 | u64 _vm_map__object_size; 90 | // kernelcache static addresses 91 | u64 kernelcache__kernel_base; 92 | u64 kernelcache__cdevsw; 93 | u64 kernelcache__gPhysBase; 94 | u64 kernelcache__gPhysSize; 95 | u64 kernelcache__gVirtBase; 96 | u64 kernelcache__perfmon_devices; 97 | u64 kernelcache__perfmon_dev_open; 98 | u64 kernelcache__ptov_table; 99 | u64 kernelcache__vm_first_phys_ppnum; 100 | u64 kernelcache__vm_pages; 101 | u64 kernelcache__vm_page_array_beginning_addr; 102 | u64 kernelcache__vm_page_array_ending_addr; 103 | u64 kernelcache__vn_kqfilter; 104 | }; 105 | 106 | const struct dynamic_info kern_versions[] = { 107 | { 108 | .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:08:42 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8101", 109 | .fileglob__fg_ops = 0x28, 110 | .fileglob__fg_data = 0x40 - 8, 111 | .fileops__fo_kqfilter = 0x30, 112 | // .fileproc__fp_iocount = 0x0000, 113 | // .fileproc__fp_vflags = 0x0004, 114 | // .fileproc__fp_flags = 0x0008, 115 | // .fileproc__fp_guard_attrs = 0x000a, 116 | // .fileproc__fp_glob = 0x0010, 117 | // .fileproc__fp_guard = 0x0018, 118 | // .fileproc__object_size = 0x0020, 119 | .fileproc_guard__fpg_guard = 0x8, 120 | .kqworkloop__kqwl_state = 0x10, 121 | .kqworkloop__kqwl_p = 0x18, 122 | .kqworkloop__kqwl_owner = 0xd0, 123 | .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, 124 | .kqworkloop__object_size = 0x108, 125 | .pmap__tte = 0x0, 126 | .pmap__ttep = 0x8, 127 | .proc__p_list__le_next = 0x0, 128 | .proc__p_list__le_prev = 0x8, 129 | .proc__p_pid = 0x60, 130 | .proc__p_fd__fd_ofiles = 0xf8, 131 | .proc__object_size = 0x730, 132 | .pseminfo__psem_usecount = 0x04, 133 | .pseminfo__psem_uid = 0x0c, 134 | .pseminfo__psem_gid = 0x10, 135 | .pseminfo__psem_name = 0x14, 136 | .pseminfo__psem_semobject = 0x38, 137 | // .psemnode__pinfo = 0x0000, 138 | // .psemnode__padding = 0x0008, 139 | // .psemnode__object_size = 0x0010, 140 | .semaphore__owner = 0x28, 141 | .specinfo__si_rdev = 0x18, 142 | .task__map = 0x28, 143 | .task__threads__next = 0x80 - 0x28, 144 | .task__threads__prev = 0x80 - 0x28 + 8, 145 | .task__itk_space = 0x300, 146 | .task__object_size = 0x628, 147 | .thread__task_threads__next = 0x378 - 0x18, 148 | .thread__task_threads__prev = 0x378 - 0x18 + 8, 149 | .thread__map = 0x378, 150 | .thread__thread_id = 0x410, 151 | .thread__object_size = 0x4b8, 152 | .uthread__object_size = 0x200, 153 | .vm_map_entry__links__prev = 0x00, 154 | .vm_map_entry__links__next = 0x08, 155 | .vm_map_entry__links__start = 0x10, 156 | .vm_map_entry__links__end = 0x18, 157 | .vm_map_entry__store__entry__rbe_left = 0x20, 158 | .vm_map_entry__store__entry__rbe_right = 0x28, 159 | .vm_map_entry__store__entry__rbe_parent = 0x30, 160 | .vnode__v_un__vu_specinfo = 0x78, 161 | ._vm_map__hdr__links__prev = 0x00 + 0x8, 162 | ._vm_map__hdr__links__next = 0x08 + 0x8, 163 | ._vm_map__hdr__links__start = 0x10 + 0x8, 164 | ._vm_map__hdr__links__end = 0x18 + 0x8, 165 | ._vm_map__hdr__nentries = 0x30, 166 | ._vm_map__hdr__rb_head_store__rbh_root = 0x38, 167 | ._vm_map__pmap = 0x40, 168 | ._vm_map__hint = 0x90 + 0x08, 169 | ._vm_map__hole_hint = 0x90 + 0x10, 170 | ._vm_map__holes_list = 0x90 + 0x18, 171 | ._vm_map__object_size = 0x0, 172 | .kernelcache__kernel_base = 0xfffffff007004000, 173 | .kernelcache__cdevsw = 0xfffffff00a48d288, 174 | .kernelcache__gPhysBase = 0xfffffff00791c100, 175 | .kernelcache__gPhysSize = 0xfffffff00791c100 + 8, 176 | .kernelcache__gVirtBase = 0xfffffff00791a2d8, 177 | .kernelcache__perfmon_devices = 0xfffffff00a4cb520, 178 | .kernelcache__perfmon_dev_open = 0xfffffff007f0c84c, 179 | .kernelcache__ptov_table = 0xfffffff0078cf188, 180 | .kernelcache__vm_first_phys_ppnum = 0xfffffff00a4ca990, 181 | .kernelcache__vm_pages = 0xfffffff0078cbeb8, 182 | .kernelcache__vm_page_array_beginning_addr = 0xfffffff0078ce128, 183 | .kernelcache__vm_page_array_ending_addr = 0xfffffff00a4ca988, 184 | .kernelcache__vn_kqfilter = 0xfffffff007f5b9d0, 185 | }, 186 | }; 187 | 188 | #endif /* dynamic_info_h */ 189 | -------------------------------------------------------------------------------- /offsets/iPad13,10 16.4 20E246.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. 3 | */ 4 | 5 | #ifndef dynamic_info_h 6 | #define dynamic_info_h 7 | 8 | struct dynamic_info { 9 | const char* kern_version; 10 | // struct fileglob 11 | u64 fileglob__fg_ops; 12 | u64 fileglob__fg_data; 13 | // struct fileops 14 | u64 fileops__fo_kqfilter; 15 | // struct fileproc 16 | // u64 fileproc__fp_iocount; 17 | // u64 fileproc__fp_vflags; 18 | // u64 fileproc__fp_flags; 19 | // u64 fileproc__fp_guard_attrs; 20 | // u64 fileproc__fp_glob; 21 | // u64 fileproc__fp_guard; 22 | // u64 fileproc__object_size; 23 | // struct fileproc_guard 24 | u64 fileproc_guard__fpg_guard; 25 | // struct kqworkloop 26 | u64 kqworkloop__kqwl_state; 27 | u64 kqworkloop__kqwl_p; 28 | u64 kqworkloop__kqwl_owner; 29 | u64 kqworkloop__kqwl_dynamicid; 30 | u64 kqworkloop__object_size; 31 | // struct pmap 32 | u64 pmap__tte; 33 | u64 pmap__ttep; 34 | // struct proc 35 | u64 proc__p_list__le_next; 36 | u64 proc__p_list__le_prev; 37 | u64 proc__p_pid; 38 | u64 proc__p_fd__fd_ofiles; 39 | u64 proc__object_size; 40 | // struct pseminfo 41 | u64 pseminfo__psem_usecount; 42 | u64 pseminfo__psem_uid; 43 | u64 pseminfo__psem_gid; 44 | u64 pseminfo__psem_name; 45 | u64 pseminfo__psem_semobject; 46 | // struct psemnode 47 | // u64 psemnode__pinfo; 48 | // u64 psemnode__padding; 49 | // u64 psemnode__object_size; 50 | // struct semaphore 51 | u64 semaphore__owner; 52 | // struct specinfo 53 | u64 specinfo__si_rdev; 54 | // struct task 55 | u64 task__map; 56 | u64 task__threads__next; 57 | u64 task__threads__prev; 58 | u64 task__itk_space; 59 | u64 task__object_size; 60 | // struct thread 61 | u64 thread__task_threads__next; 62 | u64 thread__task_threads__prev; 63 | u64 thread__map; 64 | u64 thread__thread_id; 65 | u64 thread__object_size; 66 | // struct uthread 67 | u64 uthread__object_size; 68 | // struct vm_map_entry 69 | u64 vm_map_entry__links__prev; 70 | u64 vm_map_entry__links__next; 71 | u64 vm_map_entry__links__start; 72 | u64 vm_map_entry__links__end; 73 | u64 vm_map_entry__store__entry__rbe_left; 74 | u64 vm_map_entry__store__entry__rbe_right; 75 | u64 vm_map_entry__store__entry__rbe_parent; 76 | // struct vnode 77 | u64 vnode__v_un__vu_specinfo; 78 | // struct _vm_map 79 | u64 _vm_map__hdr__links__prev; 80 | u64 _vm_map__hdr__links__next; 81 | u64 _vm_map__hdr__links__start; 82 | u64 _vm_map__hdr__links__end; 83 | u64 _vm_map__hdr__nentries; 84 | u64 _vm_map__hdr__rb_head_store__rbh_root; 85 | u64 _vm_map__pmap; 86 | u64 _vm_map__hint; 87 | u64 _vm_map__hole_hint; 88 | u64 _vm_map__holes_list; 89 | u64 _vm_map__object_size; 90 | // kernelcache static addresses 91 | u64 kernelcache__kernel_base; 92 | u64 kernelcache__cdevsw; 93 | u64 kernelcache__gPhysBase; 94 | u64 kernelcache__gPhysSize; 95 | u64 kernelcache__gVirtBase; 96 | u64 kernelcache__perfmon_devices; 97 | u64 kernelcache__perfmon_dev_open; 98 | u64 kernelcache__ptov_table; 99 | u64 kernelcache__vm_first_phys_ppnum; 100 | u64 kernelcache__vm_pages; 101 | u64 kernelcache__vm_page_array_beginning_addr; 102 | u64 kernelcache__vm_page_array_ending_addr; 103 | u64 kernelcache__vn_kqfilter; 104 | }; 105 | 106 | const struct dynamic_info kern_versions[] = { 107 | { 108 | .kern_version = "Darwin Kernel Version 22.4.0: Mon Mar 6 20:40:42 PST 2023; root:xnu-8796.102.5~1/RELEASE_ARM64_T8103", 109 | .fileglob__fg_ops = 0x28, 110 | .fileglob__fg_data = 0x40 - 8, 111 | .fileops__fo_kqfilter = 0x30, 112 | // .fileproc__fp_iocount = 0x0000, 113 | // .fileproc__fp_vflags = 0x0004, 114 | // .fileproc__fp_flags = 0x0008, 115 | // .fileproc__fp_guard_attrs = 0x000a, 116 | // .fileproc__fp_glob = 0x0010, 117 | // .fileproc__fp_guard = 0x0018, 118 | // .fileproc__object_size = 0x0020, 119 | .fileproc_guard__fpg_guard = 0x8, 120 | .kqworkloop__kqwl_state = 0x10, 121 | .kqworkloop__kqwl_p = 0x18, 122 | .kqworkloop__kqwl_owner = 0xd0, 123 | .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, 124 | .kqworkloop__object_size = 0x108, 125 | .pmap__tte = 0x0, 126 | .pmap__ttep = 0x8, 127 | .proc__p_list__le_next = 0x0, 128 | .proc__p_list__le_prev = 0x8, 129 | .proc__p_pid = 0x60, 130 | .proc__p_fd__fd_ofiles = 0xf8, 131 | .proc__object_size = 0x730, 132 | .pseminfo__psem_usecount = 0x04, 133 | .pseminfo__psem_uid = 0x0c, 134 | .pseminfo__psem_gid = 0x10, 135 | .pseminfo__psem_name = 0x14, 136 | .pseminfo__psem_semobject = 0x38, 137 | // .psemnode__pinfo = 0x0000, 138 | // .psemnode__padding = 0x0008, 139 | // .psemnode__object_size = 0x0010, 140 | .semaphore__owner = 0x28, 141 | .specinfo__si_rdev = 0x18, 142 | .task__map = 0x28, 143 | .task__threads__next = 0x80 - 0x28, 144 | .task__threads__prev = 0x80 - 0x28 + 8, 145 | .task__itk_space = 0x300, 146 | .task__object_size = 0x628, 147 | .thread__task_threads__next = 0x378 - 0x18, 148 | .thread__task_threads__prev = 0x378 - 0x18 + 8, 149 | .thread__map = 0x378, 150 | .thread__thread_id = 0x410, 151 | .thread__object_size = 0x4b8, 152 | .uthread__object_size = 0x200, 153 | .vm_map_entry__links__prev = 0x00, 154 | .vm_map_entry__links__next = 0x08, 155 | .vm_map_entry__links__start = 0x10, 156 | .vm_map_entry__links__end = 0x18, 157 | .vm_map_entry__store__entry__rbe_left = 0x20, 158 | .vm_map_entry__store__entry__rbe_right = 0x28, 159 | .vm_map_entry__store__entry__rbe_parent = 0x30, 160 | .vnode__v_un__vu_specinfo = 0x78, 161 | ._vm_map__hdr__links__prev = 0x00 + 0x8, 162 | ._vm_map__hdr__links__next = 0x08 + 0x8, 163 | ._vm_map__hdr__links__start = 0x10 + 0x8, 164 | ._vm_map__hdr__links__end = 0x18 + 0x8, 165 | ._vm_map__hdr__nentries = 0x30, 166 | ._vm_map__hdr__rb_head_store__rbh_root = 0x38, 167 | ._vm_map__pmap = 0x40, 168 | ._vm_map__hint = 0x90 + 0x08, 169 | ._vm_map__hole_hint = 0x90 + 0x10, 170 | ._vm_map__holes_list = 0x90 + 0x18, 171 | ._vm_map__object_size = 0xc0, 172 | .kernelcache__kernel_base = 0xfffffe0007004000, 173 | .kernelcache__cdevsw = 0xfffffe000aacd208, 174 | .kernelcache__gPhysBase = 0xfffffe0007a7ffc0, 175 | .kernelcache__gPhysSize = 0xfffffe0007a7ffc0 + 8, 176 | .kernelcache__gVirtBase = 0xfffffe0007a7e198, 177 | .kernelcache__perfmon_devices = 0xfffffe000ab0b520, 178 | .kernelcache__perfmon_dev_open = 0xfffffe00080d03c0, 179 | .kernelcache__ptov_table = 0xfffffe00079cb188, 180 | .kernelcache__vm_first_phys_ppnum = 0xfffffe000ab0a990, 181 | .kernelcache__vm_pages = 0xfffffe00079c7eb8, 182 | .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ca128, 183 | .kernelcache__vm_page_array_ending_addr = 0xfffffe000ab0a988, 184 | .kernelcache__vn_kqfilter = 0xfffffe000811f2b4, 185 | }, 186 | }; 187 | 188 | #endif /* dynamic_info_h */ 189 | -------------------------------------------------------------------------------- /offsets/iPad13,10 16.5 20F66.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Félix Poulin-Bélanger. All rights reserved. 3 | */ 4 | 5 | #ifndef dynamic_info_h 6 | #define dynamic_info_h 7 | 8 | struct dynamic_info { 9 | const char* kern_version; 10 | // struct fileglob 11 | u64 fileglob__fg_ops; 12 | u64 fileglob__fg_data; 13 | // struct fileops 14 | u64 fileops__fo_kqfilter; 15 | // struct fileproc 16 | // u64 fileproc__fp_iocount; 17 | // u64 fileproc__fp_vflags; 18 | // u64 fileproc__fp_flags; 19 | // u64 fileproc__fp_guard_attrs; 20 | // u64 fileproc__fp_glob; 21 | // u64 fileproc__fp_guard; 22 | // u64 fileproc__object_size; 23 | // struct fileproc_guard 24 | u64 fileproc_guard__fpg_guard; 25 | // struct kqworkloop 26 | u64 kqworkloop__kqwl_state; 27 | u64 kqworkloop__kqwl_p; 28 | u64 kqworkloop__kqwl_owner; 29 | u64 kqworkloop__kqwl_dynamicid; 30 | u64 kqworkloop__object_size; 31 | // struct pmap 32 | u64 pmap__tte; 33 | u64 pmap__ttep; 34 | // struct proc 35 | u64 proc__p_list__le_next; 36 | u64 proc__p_list__le_prev; 37 | u64 proc__p_pid; 38 | u64 proc__p_fd__fd_ofiles; 39 | u64 proc__object_size; 40 | // struct pseminfo 41 | u64 pseminfo__psem_usecount; 42 | u64 pseminfo__psem_uid; 43 | u64 pseminfo__psem_gid; 44 | u64 pseminfo__psem_name; 45 | u64 pseminfo__psem_semobject; 46 | // struct psemnode 47 | // u64 psemnode__pinfo; 48 | // u64 psemnode__padding; 49 | // u64 psemnode__object_size; 50 | // struct semaphore 51 | u64 semaphore__owner; 52 | // struct specinfo 53 | u64 specinfo__si_rdev; 54 | // struct task 55 | u64 task__map; 56 | u64 task__threads__next; 57 | u64 task__threads__prev; 58 | u64 task__itk_space; 59 | u64 task__object_size; 60 | // struct thread 61 | u64 thread__task_threads__next; 62 | u64 thread__task_threads__prev; 63 | u64 thread__map; 64 | u64 thread__thread_id; 65 | u64 thread__object_size; 66 | // struct uthread 67 | u64 uthread__object_size; 68 | // struct vm_map_entry 69 | u64 vm_map_entry__links__prev; 70 | u64 vm_map_entry__links__next; 71 | u64 vm_map_entry__links__start; 72 | u64 vm_map_entry__links__end; 73 | u64 vm_map_entry__store__entry__rbe_left; 74 | u64 vm_map_entry__store__entry__rbe_right; 75 | u64 vm_map_entry__store__entry__rbe_parent; 76 | // struct vnode 77 | u64 vnode__v_un__vu_specinfo; 78 | // struct _vm_map 79 | u64 _vm_map__hdr__links__prev; 80 | u64 _vm_map__hdr__links__next; 81 | u64 _vm_map__hdr__links__start; 82 | u64 _vm_map__hdr__links__end; 83 | u64 _vm_map__hdr__nentries; 84 | u64 _vm_map__hdr__rb_head_store__rbh_root; 85 | u64 _vm_map__pmap; 86 | u64 _vm_map__hint; 87 | u64 _vm_map__hole_hint; 88 | u64 _vm_map__holes_list; 89 | u64 _vm_map__object_size; 90 | // kernelcache static addresses 91 | u64 kernelcache__kernel_base; 92 | u64 kernelcache__cdevsw; 93 | u64 kernelcache__gPhysBase; 94 | u64 kernelcache__gPhysSize; 95 | u64 kernelcache__gVirtBase; 96 | u64 kernelcache__perfmon_devices; 97 | u64 kernelcache__perfmon_dev_open; 98 | u64 kernelcache__ptov_table; 99 | u64 kernelcache__vm_first_phys_ppnum; 100 | u64 kernelcache__vm_pages; 101 | u64 kernelcache__vm_page_array_beginning_addr; 102 | u64 kernelcache__vm_page_array_ending_addr; 103 | u64 kernelcache__vn_kqfilter; 104 | }; 105 | 106 | const struct dynamic_info kern_versions[] = { 107 | { 108 | .kern_version = "Darwin Kernel Version 22.5.0: Mon Apr 24 21:10:54 PDT 2023; root:xnu-8796.122.4~1/RELEASE_ARM64_T8103", 109 | .fileglob__fg_ops = 0x28, 110 | .fileglob__fg_data = 0x40 - 8, 111 | .fileops__fo_kqfilter = 0x30, 112 | // .fileproc__fp_iocount = 0x0000, 113 | // .fileproc__fp_vflags = 0x0004, 114 | // .fileproc__fp_flags = 0x0008, 115 | // .fileproc__fp_guard_attrs = 0x000a, 116 | // .fileproc__fp_glob = 0x0010, 117 | // .fileproc__fp_guard = 0x0018, 118 | // .fileproc__object_size = 0x0020, 119 | .fileproc_guard__fpg_guard = 0x8, 120 | .kqworkloop__kqwl_state = 0x10, 121 | .kqworkloop__kqwl_p = 0x18, 122 | .kqworkloop__kqwl_owner = 0xd0, 123 | .kqworkloop__kqwl_dynamicid = 0xd0 + 0x18, 124 | .kqworkloop__object_size = 0x108, 125 | .pmap__tte = 0x0, 126 | .pmap__ttep = 0x8, 127 | .proc__p_list__le_next = 0x0, 128 | .proc__p_list__le_prev = 0x8, 129 | .proc__p_pid = 0x60, 130 | .proc__p_fd__fd_ofiles = 0xf8, 131 | .proc__object_size = 0x730, 132 | .pseminfo__psem_usecount = 0x04, 133 | .pseminfo__psem_uid = 0x0c, 134 | .pseminfo__psem_gid = 0x10, 135 | .pseminfo__psem_name = 0x14, 136 | .pseminfo__psem_semobject = 0x38, 137 | // .psemnode__pinfo = 0x0000, 138 | // .psemnode__padding = 0x0008, 139 | // .psemnode__object_size = 0x0010, 140 | .semaphore__owner = 0x28, 141 | .specinfo__si_rdev = 0x18, 142 | .task__map = 0x28, 143 | .task__threads__next = 0x80 - 0x28, 144 | .task__threads__prev = 0x80 - 0x28 + 8, 145 | .task__itk_space = 0x300, 146 | .task__object_size = 0x628, 147 | .thread__task_threads__next = 0x378 - 0x18, 148 | .thread__task_threads__prev = 0x378 - 0x18 + 8, 149 | .thread__map = 0x378, 150 | .thread__thread_id = 0x410, 151 | .thread__object_size = 0x4b8, 152 | .uthread__object_size = 0x200, 153 | .vm_map_entry__links__prev = 0x00, 154 | .vm_map_entry__links__next = 0x08, 155 | .vm_map_entry__links__start = 0x10, 156 | .vm_map_entry__links__end = 0x18, 157 | .vm_map_entry__store__entry__rbe_left = 0x20, 158 | .vm_map_entry__store__entry__rbe_right = 0x28, 159 | .vm_map_entry__store__entry__rbe_parent = 0x30, 160 | .vnode__v_un__vu_specinfo = 0x78, 161 | ._vm_map__hdr__links__prev = 0x00 + 0x8, 162 | ._vm_map__hdr__links__next = 0x08 + 0x8, 163 | ._vm_map__hdr__links__start = 0x10 + 0x8, 164 | ._vm_map__hdr__links__end = 0x18 + 0x8, 165 | ._vm_map__hdr__nentries = 0x30, 166 | ._vm_map__hdr__rb_head_store__rbh_root = 0x38, 167 | ._vm_map__pmap = 0x40, 168 | ._vm_map__hint = 0x90 + 0x08, 169 | ._vm_map__hole_hint = 0x90 + 0x10, 170 | ._vm_map__holes_list = 0x90 + 0x18, 171 | ._vm_map__object_size = 0x0, 172 | .kernelcache__kernel_base = 0xfffffe0007004000, 173 | .kernelcache__cdevsw = 0xfffffe000aad5288, 174 | .kernelcache__gPhysBase = 0xfffffe0007a84100, 175 | .kernelcache__gPhysSize = 0xfffffe0007a84100 + 8, 176 | .kernelcache__gVirtBase = 0xfffffe0007a822d8, 177 | .kernelcache__perfmon_devices = 0xfffffe000ab13520, 178 | .kernelcache__perfmon_dev_open = 0xfffffe00080d45c0, 179 | .kernelcache__ptov_table = 0xfffffe00079cf188, 180 | .kernelcache__vm_first_phys_ppnum = 0xfffffe000ab12990, 181 | .kernelcache__vm_pages = 0xfffffe00079cbeb8, 182 | .kernelcache__vm_page_array_beginning_addr = 0xfffffe00079ce128, 183 | .kernelcache__vm_page_array_ending_addr = 0xfffffe000ab12988, 184 | .kernelcache__vn_kqfilter = 0xfffffe000812374c, 185 | }, 186 | }; 187 | 188 | #endif /* dynamic_info_h */ 189 | -------------------------------------------------------------------------------- /run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | clear 3 | echo -e "OffsetFinder v0.4 - made by c22dev\nCredits : AppInstallerIOS, tihmstar" 4 | 5 | # Function to process IPSW URL and extract offsets 6 | process_ipsw() { 7 | rm -f BuildManifest.plist 8 | IPSWURL="$1" 9 | echo "Downloading files..." 10 | # Download template file 11 | curl -s -O https://raw.githubusercontent.com/c22dev/OffsetFinder/main/template_dynamic_info.h 12 | # IPSW Info DL 13 | pzb -g BuildManifest.plist "$IPSWURL" > /dev/null 14 | Identifiers=($(/usr/libexec/PlistBuddy -c "print SupportedProductTypes" BuildManifest.plist)) 15 | Version=$(/usr/libexec/PlistBuddy -c "print ProductVersion" BuildManifest.plist) 16 | BuildID=$(/usr/libexec/PlistBuddy -c "print ProductBuildVersion" BuildManifest.plist) 17 | 18 | for Identifier in "${Identifiers[@]}"; do 19 | if [[ "$Identifier" =~ "iPhone".* || "$Identifier" =~ "iPad".* ]]; then 20 | KernelCacheNameList=($(pzb -l --nosubdirs "$IPSWURL" | grep kernelcache.release | sed 's/^.*kernelcache/kernelcache/')) 21 | for ((index=0; index<${#KernelCacheNameList[@]}; index++)); do 22 | KernelCacheName="${KernelCacheNameList[index]}" 23 | pzb -g "$KernelCacheName" "$IPSWURL" > /dev/null 24 | python3 -m pyimg4 im4p extract -i "$KernelCacheName" -o kernel.raw 25 | rm "$KernelCacheName" 26 | offsetexporter -i kernel.raw \ 27 | -t template_dynamic_info.h \ 28 | -o "$Identifier $Version $BuildID $index.h" \ 29 | --get_kernel_version_string %kern_version% \ 30 | --find_struct_offset_for_PACed_member %fileglob__fg_ops% fileglob.fg_ops \ 31 | --find_struct_offset_for_PACed_member %fileglob__fg_vn_data% fileglob.fg_vn_data \ 32 | --static %fileops__fo_kqfilter% 0x30 \ 33 | --static %fileproc_guard__fpg_guard% 0x8 \ 34 | --static %kqworkloop__kqwl_state% 0x10 \ 35 | --static %kqworkloop__kqwl_p% 0x18 \ 36 | --find_struct_kqworkloop_offset_kqwl_owner %kqworkloop__kqwl_owner% \ 37 | --find_elementsize_for_zone %kqworkloop__object_size% "kqueue workloop zone" \ 38 | --static %pmap__tte% 0x0 \ 39 | --static %pmap__ttep% 0x8 \ 40 | --static %proc__p_list__le_next% 0x0 \ 41 | --static %proc__p_list__le_prev% 0x8 \ 42 | --static %proc__p_pid% 0x60 \ 43 | --find_struct_offset_for_PACed_member %proc__p_fd__fd_ofiles% filedesc.fd_ofiles \ 44 | --find_sizeof_struct_proc %proc__object_size% \ 45 | --static %pseminfo__psem_usecount% 0x04 \ 46 | --static %pseminfo__psem_uid% 0x0c \ 47 | --static %pseminfo__psem_gid% 0x10 \ 48 | --static %pseminfo__psem_name% 0x14 \ 49 | --static %pseminfo__psem_semobject% 0x38 \ 50 | --static %semaphore__owner% 0x28 \ 51 | --static %specinfo__si_rdev% 0x18 \ 52 | --find_struct_offset_for_PACed_member %task__map% task.map \ 53 | --find_struct_task_offset_thread_count %task__thread_count% \ 54 | --find_struct_offset_for_PACed_member %task__itk_space% task.itk_space \ 55 | --find_sizeof_struct_task %task__object_size% \ 56 | --find_struct_thread_offset_map %thread__map% \ 57 | --find_struct_thread_offset_thread_id %thread__thread_id% \ 58 | --find_sizeof_struct_thread %thread__object_size% \ 59 | --find_sizeof_struct_uthread %uthread__object_size% \ 60 | --static %vm_map_entry__links__prev% 0x00 \ 61 | --static %vm_map_entry__links__next% 0x08 \ 62 | --static %vm_map_entry__links__start% 0x10 \ 63 | --static %vm_map_entry__links__end% 0x18 \ 64 | --static %vm_map_entry__store__entry__rbe_left% 0x20 \ 65 | --static %vm_map_entry__store__entry__rbe_right% 0x28 \ 66 | --static %vm_map_entry__store__entry__rbe_parent% 0x30 \ 67 | --find_struct_offset_for_PACed_member %vnode__v_un__vu_specinfo% vnode.vu_specinfo \ 68 | --find_struct_offset_for_PACed_member %_vm_map__pmap% _vm_map.pmap \ 69 | --static %_vm_map__hdr__nentries% 0x30 \ 70 | --static %_vm_map__hdr__rb_head_store__rbh_root% 0x38 \ 71 | --find_struct__vm_map_offset_vmu1_lowest_unnestable_start %_vm_map__vmu1_lowest_unnestable_start% \ 72 | --find_sizeof_struct__vm_map %_vm_map__object_size% \ 73 | --find_base %kernelcache__kernel_base% \ 74 | --find_cdevsw %kernelcache__cdevsw% \ 75 | --find_gPhysBase %kernelcache__gPhysBase% \ 76 | --find_gVirtBase %kernelcache__gVirtBase% \ 77 | --find_perfmon_devices %kernelcache__perfmon_devices% \ 78 | --find_bof_with_sting_ref %kernelcache__perfmon_dev_open% "perfmon: attempt to open unsupported source" 0 \ 79 | --find_ptov_table %kernelcache__ptov_table% \ 80 | --find_vm_first_phys_ppnum %kernelcache__vm_first_phys_ppnum% \ 81 | --find_vm_pages %kernelcache__vm_pages% \ 82 | --find_vm_page_array_beginning_addr %kernelcache__vm_page_array_beginning_addr% \ 83 | --find_vm_page_array_ending_addr %kernelcache__vm_page_array_ending_addr% \ 84 | --find_function_vn_kqfilter %kernelcache__vn_kqfilter% \ 85 | rm kernel.raw 86 | done 87 | fi 88 | done 89 | } 90 | 91 | # Argument ? 92 | if [ $# -eq 1 ]; then 93 | input="$1" 94 | else 95 | read -p "Enter the IPSW URL or the path to a text file containing IPSW URLs: " input 96 | fi 97 | 98 | if [[ -f "$input" ]]; then 99 | # Input is a file containing links 100 | while IFS= read -r link || [ -n "$link" ]; do 101 | if [ -n "$link" ]; then 102 | process_ipsw "$link" 103 | fi 104 | done < "$input" 105 | else 106 | # Input is a single IPSW URL 107 | process_ipsw "$input" 108 | fi 109 | 110 | # cleanup time 111 | rm -f *.raw 112 | rm -f template_dynamic_info.h 113 | rm -f BuildManifest.plist 114 | --------------------------------------------------------------------------------