Skip to content

Instantly share code, notes, and snippets.

View junjie1475's full-sized avatar

junjie1475

74 followers · 30 following
  • Johor Bahru, Malaysia
  • 04:25 (UTC +08:00)
View GitHub Profile
@JJTech0130
JJTech0130 / debugger_jit_improved.m
Last active October 30, 2025 09:09
Improved method of using a debugger for JIT on iOS... Uses split rx/rw regions, and works on iOS 18.4b1
#import <Foundation/Foundation.h>
#import <mach/mach.h>
#import <stdio.h>
#import <stdlib.h>
#import <string.h>
#include <libkern/OSCacheControl.h>
const int REGION_SIZE = 0x4000*1;
void write_instructions(void* page)
@junjie1475
junjie1475 / m3_explore.md
Last active December 3, 2024 13:52
m3_explore

Note: This is for my own educational purpose only(WIP)

Many people have already posted different kinds of microbenchmarking method for testing the size limits of various structures(e.g ROB, PRF). I recommend you to look at Henry Wong's blog post and also Maynard Handley's PDFs first. I got my idea from them and many others!

I found a slightly different variant based on them

Get the tools ready

Testing on Apple platform is always a hassle, and for my method we have to have a way to access the Performance counters directly in our microbenchmark. Dougall made a Kext for this purpose, basically what it does is to provide access to the configuration registers and so we can set the PMCs available for userspace access. And to make my life easier, I made a kext to pin the microbenchmark to

@junjie1475
junjie1475 / A17 pro PMC event key.txt
Last active October 13, 2023 23:42
A17 pro Performance counter key
0000000000000000 NONE
0000000000000001 RETIRE_UOP
0000000000000002 CORE_ACTIVE_CYCLE
0000000000000084 FLUSH_RESTART_OTHER_NONSPEC
000000000000008c INST_ALL
000000000000008d INST_BRANCH
000000000000008e INST_BRANCH_CALL
000000000000008f INST_BRANCH_RET
0000000000000090 INST_BRANCH_TAKEN
0000000000000093 INST_BRANCH_INDIR
@ibireme
ibireme / kpc_demo.c
Last active December 1, 2025 00:45
A demo shows how to read Intel or Apple M1 CPU performance counter in macOS.
// =============================================================================
// XNU kperf/kpc demo
// Available for 64-bit Intel/Apple Silicon, macOS/iOS, with root privileges
//
//
// Demo 1 (profile a function in current thread):
// 1. Open directory '/usr/share/kpep/', find your CPU PMC database.
// M1 (Pro/Max/Ultra): /usr/share/kpep/a14.plist
// M2 (Pro/Max): /usr/share/kpep/a15.plist
// M3: /usr/share/kpep/as1.plist
@bazad
bazad / arm64_sysregs_ios.py
Created July 17, 2020 19:58
Label iOS arm64 system registers in IDA Pro
#
# arm64_sysregs_ios.py
# Brandon Azad
#
# Based on https://github.com/gdelugre/ida-arm-system-highlight by Guillaume Delugre.
#
import idautils
import idc
@isnullxbh
isnullxbh / kern_fstream.cxx
Created August 7, 2018 06:30
Write into file from kernel-space
#include <sys/time.h>
#include <sys/vnode.h>
#include <sys/fcntl.h>
...
static int idx = 0;
char file_name_buf[100];
@nguyen-phillip
nguyen-phillip / proc.c
Last active November 30, 2023 13:01
Using libproc.h
#include <stdio.h>
#include <stdlib.h>
#include <libproc.h>
// Uses proc_pidinfo from libproc.h to find the parent of given pid.
// Call this repeatedly until ppid(pid) == pid to get ancestors.
int ppid(pid_t pid) {
struct proc_bsdinfo info;
proc_pidinfo(pid, PROC_PIDTBSDINFO, 0, &info, sizeof(info));
return info.pbi_ppid;