Add API endpoints and CLI support for discovering C++ classes and symbolication of kernelcaches, refactor Mach-O handling, and improve symbol collection.
- API: add /kernel/cpp and /kernel/symbolicate routes, request param structs, response types, and openKernel helper. Use cpp scanner and signature parsing to return classes and symbol maps.
- CLI: wire scanner LogStats flag, refactor kernel symbolicate command (schema writer helper, improved signature parsing, and symbol matching logic). Add tests for symbolicator schema and kernel symbol matching.
- Signature pkg: add kernel C++ symbol extraction (pkg/signature/kernel_cpp.go) and SymbolicateMachO to symbolicate already-open Mach-Os; integrate C++ symbols into symbol map and update signature matching/logging behavior.
- Internal: refactor in-memory DB lookups (findMachOByUUID, findSymbolByAddr) to reduce duplication. Improve symbols collection for kernel Mach-Os (collectKernelMachoSymbols, extra kernel symbols from signature/C++), add helpers to append symbols.
- Kernelcache CPP: add LogStats option and conditional logging of scan stats.
- Crashlog/ips: update wording to reflect kernel symbols are from kernel analysis and store KernelSymbols earlier in processing; parse signatures only when configured.
Also add unit tests for new symbolication helpers and kernel C++ signature handling. Overall this consolidates kernel symbol discovery, improves reuse, and surfaces C++-derived symbols in symbol maps.
Update all disassembly code to use new cgo-based decoder API with
stack-allocated instruction structs instead of heap-allocated
pointers. Add instruction filtering to skip decoding operations that
register tracking doesn't care about, avoiding expensive CGo calls.
Key changes:
- Replace Decompose with DecomposeInto using stack allocation
- Add mayBeTrackedInstruction filter for common tracked ops
- Introduce helper functions for safe operand/register access
- Fix metaclass pointer index to use caller index for efficiency
- Remove root file special-casing in pointer index builder
- Add comprehensive unit tests for tracking options and helpers
- Introduced `types.go` to define core structures and configurations for the scanner.
- Implemented the `Scanner` type for discovering classes in kernelcache Mach-O files.
- Added methods for scanning, resolving vtables, and handling class metadata.
- Created `vtable.go` to manage vtable-related functionalities, including detection and resolution of vtables.
- Implemented various utility functions for class name recovery and symbol handling.
- Established mechanisms for deduplication of discovered classes and handling of potential virtual function stubs.
blacktop