Memory Management Unit and Instruction Decoding
This post continues the series about writing a snapshot fuzzer for iOS. We will take a look at the memory management unit and instruction decoding. MMU layout Many modern processors contain a Memory Management Unit (MMU). It is responsible to translate virtual memory addresses to physical memory addresses. When we took a core dump of a process, the Mach-O header contained metadata including the virtual addresses of the memory segments. These virtual addresses indicated at which address the memory segments were loaded.
Snapshot Fuzzing Basics
Snapshot Fuzzing In our previous post, we looked at how to take a core dump. I quickly mentioned that the core dump will be used as a snapshot for fuzzing. This snapshot contains the complete memory state and the general-purpose registers of the program at a specific time of execution. But why would you use snapshot fuzzing? First, we take a look at a hypothetical scenario with a little bit of napkin math.
A Deep Dive into Core Dumps on iOS
Core Dump Basics A core dump is a file that contains the complete memory state and general purpose registers of a process at a specific point in time. The main use for core dumps is usually debugging. Debuggers like gdb and lldb can load core dumps and inspect the program’s memory including its stack trace, registers, and more. Some systems generate core dumps automatically if certain exceptions occur and the process crashes.