Skip to content

Instantly share code, notes, and snippets.

@Cryptiiiic

Cryptiiiic/How to find OFFSET_ZONE_MAP for v0rtex.md

Created December 9, 2017 19:01
Show Gist options
  • Save Cryptiiiic/d0d64cde0cbd92892f034b6d22d51e2e to your computer and use it in GitHub Desktop.
Save Cryptiiiic/d0d64cde0cbd92892f034b6d22d51e2e to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. Cryptiiiic created this gist Dec 9, 2017.
    9 changes: 9 additions & 0 deletions How to find OFFSET_ZONE_MAP for v0rtex.md
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,9 @@
    1. Open your decompressed kernel in hopper.
    2. Go to the string tab and search for `zone_init: kmem_suballoc failed`
    ![](https://i.imgur.com/IWJyjLu.png)
    3. Click the result that came up. You are going to want to double click on the `DATA XREF=sub_fffffff`.
    ![](https://i.imgur.com/N8xYqgr.png)
    4. Double click on the DATA XREF to the very far right of the location you landed on.
    ![](https://i.imgur.com/yRMyTVJ.png)
    5. The offset will be the first qword above the location you jumped to.
    ![](https://i.imgur.com/oQmcvNf.png)