binaryninja-api icon indicating copy to clipboard operation
binaryninja-api copied to clipboard

Published 20 hours ago verified publisher icon Vector35

Add support for `GENTER` and `GEXIT` in AArch64 on Apple platforms

Open jonpalmisc opened this issue 1 year ago • 0 comments

The GXF feature on newer Apple SoCs uses two custom instructions, GENTER and GEXIT. These appear in the iOS kernelcache and SPTM on newer devices.

Their opcodes are:

  • 20 14 20 00: GENTER
  • 00 14 20 00: GEXIT

These instructions are not supported by Binary Ninja, and are disassembled as undefined instructions. This is problematic on its own, but also acts as a barrier to disassembling the rest of a function, making it's impact more annoying than just being an undefined instruction.

jonpalmisc avatar Sep 14 '24 20:09 jonpalmisc