blackosx Posted April 24, 2020 Author Share Posted April 24, 2020 (edited) @Slice I was comparing the CPU feature flags shown in the output of x86info against the list of features that I see in Intel's MacCPUID and I noticed x86info didn't show the following flags: LAHFSAHF, XSAVEOPT I therefore looked to find any missing flags that could be added to x86info from both MacCPUID and then also the Linux source and came up with the following structures which 'could' be added. /* CPUID 0x00000007 ECX flags */ static const char *intel_cpuid_07_ecx_flags[32] = { "prefetchwt1","avx512vbmi","umip","pku","ospke","waitpkg","avx512_vbmi2", NULL,"gfni","vaes","vpclmulqdq","avx512_vnni","avx512_bitalg","tme", "avx512_vpopcntdq",NULL,NULL,NULL,NULL,NULL,NULL,NULL,"rdpid",NULL,NULL, "cldemote",NULL,"movdiri","movdiri64b",NULL,"sgx_lc",NULL }; static const char *intel_cpuid_07_ecx_flags_desc[32] = { "PREFETCHWT1 instruction", //0 "AVX-512 Vector Bit Manipulation Instructions", //1 "User Mode Instruction Prevention", //2 "Protection Key For User Mode Pages", //3 "OS Protection Keys Enable", //4 "UMONITOR/UMWAIT/TPAUSE Instructions", //5 "Additional AVX512 Vector Bit Manipulation Instructions", //6 NULL, //7 "Galois Field New Instructions", //8 "Vector AES", //9 "Carry-Less Multiplication Double Quadword", //10 "Vector Neural Network Instructions", //11 "Support for VPOPCNT[B,W] and VPSHUF-BITQMB instructions", //12 "Intel Total Memory Encryption", //13 "POPCNT for vectors of DW/QW", //14 NULL, //15 "5-level page tables", //16 NULL, //17 NULL, //18 NULL, //19 NULL, //20 NULL, //21 "RDPID instruction", //22 NULL, //23 NULL, //24 "CLDEMOTE instruction", //25 NULL, //26 "MOVDIRI instruction", //27 "MOVDIR64B instruction", //28 NULL, //29 "Intel Software Guard Extension Launch Configuration", //30 NULL //31 }; /* CPUID 0x00000007 EDX flags */ static const char *intel_cpuid_07_edx_flags[32] = { NULL,NULL,"avx512_4vnniw","avx512_4fmaps","nullfsrm",NULL,NULL,NULL, "nullavx512_vp2intersect",NULL,"nullmd_clear",NULL,NULL, "nulltsx_force_abort",NULL,NULL,NULL,NULL,"nullpconfig",NULL,NULL,NULL, NULL,NULL,NULL,NULL,"nullspec_ctrl","nullintel_stibp","nullflush_l1d", "nullarch_capabilities","nullcore_capabilities","nullspec_ctrl_ssbd" }; static const char *intel_cpuid_07_edx_flags_desc[32] = { NULL, //0 NULL, //1 "AVX-512 Neural Network Instructions", //2 "AVX-512 Multiply Accumulation Single precision", //3 "Fast Short Rep Mov", //4 NULL, //5 NULL, //6 NULL, //7 "AVX-512 Intersect for D/Q", //8 NULL, //9 "VERW clears CPU buffers", //10 NULL, //11 NULL, //12 "TSX_FORCE_ABORT", //13 NULL, //14 NULL, //15 NULL, //16 NULL, //17 "Intel PCONFIG", //18 NULL, //19 NULL, //20 NULL, //21 NULL, //22 NULL, //23 NULL, //24 NULL, //25 "Speculation Control (IBRS + IBPB)", //26 "Single Thread Indirect Branch Predictors", //27 "Flush L1D cache", //28 "IA32_ARCH_CAPABILITIES MSR (Intel)", //29 "IA32_CORE_CAPABILITIES MSR", //30 "Speculative Store Bypass Disable " //31 }; /* CPUID 0x0000000D EAX flags */ static const char *intel_cpuid_0d_edx_flags[32] = { "xsaveopt","xsavec","xg1","xss",NULL,NULL,NULL,NULL,NULL,NULL, NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL, NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL }; static const char *intel_cpuid_0d_edx_flags_desc[32] = { "XSAVEOPT instruction", //0 "XSAVEC instruction", //1 "XGETBV with ECX = 1 instruction", //2 "XSAVES/XRSTORS instructions", //3 NULL, //4 NULL, //5 NULL, //6 NULL, //7 NULL, //8 NULL, //9 NULL, //10 NULL, //11 NULL, //12 NULL, //13 NULL, //14 NULL, //15 NULL, //16 NULL, //17 NULL, //18 NULL, //19 NULL, //20 NULL, //21 NULL, //22 NULL, //23 NULL, //24 NULL, //25 NULL, //26 NULL, //27 NULL, //28 NULL, //29 NULL, //30 NULL, //31 } However, I'm not the best at C and am not sure how this could be correctly 'sticthed' in to the existing code to correctly function so wanted to run it by you to see if they could indeed be included in x86info? I've attached the file containing the additions in case this forum messes with the layout. additions_for_features.c.zip Edited April 24, 2020 by blackosx Link to comment Share on other sites More sharing options...
Alpha22 Posted April 24, 2020 Share Posted April 24, 2020 @blackosx great job thanks Link to comment Share on other sites More sharing options...
Slice Posted April 25, 2020 Share Posted April 25, 2020 23 hours ago, blackosx said: @Slice I was comparing the CPU feature flags shown in the output of x86info against the list of features that I see in Intel's MacCPUID and I noticed x86info didn't show the following flags: LAHFSAHF, XSAVEOPT I therefore looked to find any missing flags that could be added to x86info from both MacCPUID and then also the Linux source and came up with the following structures which 'could' be added. /* CPUID 0x00000007 ECX flags */ static const char *intel_cpuid_07_ecx_flags[32] = { "prefetchwt1","avx512vbmi","umip","pku","ospke","waitpkg","avx512_vbmi2", NULL,"gfni","vaes","vpclmulqdq","avx512_vnni","avx512_bitalg","tme", "avx512_vpopcntdq",NULL,NULL,NULL,NULL,NULL,NULL,NULL,"rdpid",NULL,NULL, "cldemote",NULL,"movdiri","movdiri64b",NULL,"sgx_lc",NULL }; static const char *intel_cpuid_07_ecx_flags_desc[32] = { "PREFETCHWT1 instruction", //0 "AVX-512 Vector Bit Manipulation Instructions", //1 "User Mode Instruction Prevention", //2 "Protection Key For User Mode Pages", //3 "OS Protection Keys Enable", //4 "UMONITOR/UMWAIT/TPAUSE Instructions", //5 "Additional AVX512 Vector Bit Manipulation Instructions", //6 NULL, //7 "Galois Field New Instructions", //8 "Vector AES", //9 "Carry-Less Multiplication Double Quadword", //10 "Vector Neural Network Instructions", //11 "Support for VPOPCNT[B,W] and VPSHUF-BITQMB instructions", //12 "Intel Total Memory Encryption", //13 "POPCNT for vectors of DW/QW", //14 NULL, //15 "5-level page tables", //16 NULL, //17 NULL, //18 NULL, //19 NULL, //20 NULL, //21 "RDPID instruction", //22 NULL, //23 NULL, //24 "CLDEMOTE instruction", //25 NULL, //26 "MOVDIRI instruction", //27 "MOVDIR64B instruction", //28 NULL, //29 "Intel Software Guard Extension Launch Configuration", //30 NULL //31 }; /* CPUID 0x00000007 EDX flags */ static const char *intel_cpuid_07_edx_flags[32] = { NULL,NULL,"avx512_4vnniw","avx512_4fmaps","nullfsrm",NULL,NULL,NULL, "nullavx512_vp2intersect",NULL,"nullmd_clear",NULL,NULL, "nulltsx_force_abort",NULL,NULL,NULL,NULL,"nullpconfig",NULL,NULL,NULL, NULL,NULL,NULL,NULL,"nullspec_ctrl","nullintel_stibp","nullflush_l1d", "nullarch_capabilities","nullcore_capabilities","nullspec_ctrl_ssbd" }; static const char *intel_cpuid_07_edx_flags_desc[32] = { NULL, //0 NULL, //1 "AVX-512 Neural Network Instructions", //2 "AVX-512 Multiply Accumulation Single precision", //3 "Fast Short Rep Mov", //4 NULL, //5 NULL, //6 NULL, //7 "AVX-512 Intersect for D/Q", //8 NULL, //9 "VERW clears CPU buffers", //10 NULL, //11 NULL, //12 "TSX_FORCE_ABORT", //13 NULL, //14 NULL, //15 NULL, //16 NULL, //17 "Intel PCONFIG", //18 NULL, //19 NULL, //20 NULL, //21 NULL, //22 NULL, //23 NULL, //24 NULL, //25 "Speculation Control (IBRS + IBPB)", //26 "Single Thread Indirect Branch Predictors", //27 "Flush L1D cache", //28 "IA32_ARCH_CAPABILITIES MSR (Intel)", //29 "IA32_CORE_CAPABILITIES MSR", //30 "Speculative Store Bypass Disable " //31 }; /* CPUID 0x0000000D EAX flags */ static const char *intel_cpuid_0d_edx_flags[32] = { "xsaveopt","xsavec","xg1","xss",NULL,NULL,NULL,NULL,NULL,NULL, NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL, NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL }; static const char *intel_cpuid_0d_edx_flags_desc[32] = { "XSAVEOPT instruction", //0 "XSAVEC instruction", //1 "XGETBV with ECX = 1 instruction", //2 "XSAVES/XRSTORS instructions", //3 NULL, //4 NULL, //5 NULL, //6 NULL, //7 NULL, //8 NULL, //9 NULL, //10 NULL, //11 NULL, //12 NULL, //13 NULL, //14 NULL, //15 NULL, //16 NULL, //17 NULL, //18 NULL, //19 NULL, //20 NULL, //21 NULL, //22 NULL, //23 NULL, //24 NULL, //25 NULL, //26 NULL, //27 NULL, //28 NULL, //29 NULL, //30 NULL, //31 } However, I'm not the best at C and am not sure how this could be correctly 'sticthed' in to the existing code to correctly function so wanted to run it by you to see if they could indeed be included in x86info? I've attached the file containing the additions in case this forum messes with the layout. additions_for_features.c.zip Great find but it requires me to be deep in the project sources. I am not. I will look if I understand where to insert these sources. 1 Link to comment Share on other sites More sharing options...
blackosx Posted April 25, 2020 Author Share Posted April 25, 2020 Sure. I understand and there’s absolutely no rush. But you have a better skills and knowledge to add them than me 1 Link to comment Share on other sites More sharing options...
blackosx Posted April 30, 2020 Author Share Posted April 30, 2020 (edited) I've removed the previous 3.1.0b2 beta and am now supplying the next beta here for testing. Please note: - The privatise option has still not been checked yet so any new data captured may not be masked. First recent beta included (Changes from 3.0.4 -> 3.0.6b1) - Update RadeonDump and RadeonPCI.kext to 64bit version - Update ioregwv to 64bit version - Update nvram to 64bit version and include more vars to check - Update gfxutil binary to latest v1.80b from acidanthera repo - Update dmidecode binary to latest v3.2b from acidanthera repo - Update Sparkle framework to v1.23.0 - Update lzma to v15.14 - Replace SMC_util3 with 64bit SMC_util_FansOnly for decoding fans - Update iasl to version 20200110 and re-work ACPI dump process - Update list of ACPI table descriptions for HTML report - Add AppleIntelInfo.kext as a separate option - Updated pci.ids.gz to version as of 9th April 2020 - Include extra version of smcutil for listing keys, not fans - Add Mojave and Catalina detection - Included Opencore files in bootloader config files & drivers dump - Fixed config files & drivers dump bug when ESP is already mounted - Update flashrom to v1.2-25 ** Note: Needs work.. ** Second recent beta included(Changes from 3.0.6b1 -> 3.1.0b2) - Changed date format in dump folder name (Thanks IronManJFF) - Revert flashrom back to version 0.97 from previous DarwinDumper - Replace DirectHW.kext with signed version from Slice - Removed older drivers for pre 10.9 - Updated VoodooHDA.kext to version 292 - Updated getdump to version 109 - Added 64bit version of x86info (Thanks Slice) - Moved CPU dump to section not requiring root privileges - DirectHW.framework will be copied to ~/Library/Frameworks (if required) - Updated info pages and html report sub titles and links - Fix incorrect reporting of SIP protected dtrace restriction in html report - Version bump to 3.1 This new beta includes (Changes from 3.1.0b2 -> 3.1.0b3) - Fix missing Unique partition GUID in Disk partition UIDs.txt file - Read disk device UUID from ioreg IOService plane rather than IODeviceTree - Fix missing Disks dir when running disk dumps - Add preliminary APFS detection for improved disk report(s) - Remove deprecated dumpXuid's option from command line - Fix bdisk script block size detection - Add AppleKernelCoreDump to disk partition image in html report - Add notes regarding disk partition dump being affected by SIP filesystem protection - Add detection for OpenCore.efi files and their version for the Bootloader Detect & Boot Sectors dump EDIT: Quick update to 3.1.0b4 because filename could accidentally include the name OpenCore. Please report any issues. Edited May 5, 2020 by blackosx Removed DarwinDumper_v3.1.0b3.zip and DarwinDumper_v3.1.0b4.zip 3 Link to comment Share on other sites More sharing options...
yapan4 Posted May 2, 2020 Share Posted May 2, 2020 (edited) 3.1.0b4 - All options enabled and passed without issues(some longer time on 'Video BIOS', was on 3.0.4 too) Problematic opening final HTML report in browser (Safari and Chrome) Sorry my English (google translated) Thank you. Edited May 2, 2020 by yapan4 Link to comment Share on other sites More sharing options...
blackosx Posted May 2, 2020 Author Share Posted May 2, 2020 Thanks for the report. Not sure why opening the HTML report would be problematic. Can you share the HTML report either here or PM? 1 Link to comment Share on other sites More sharing options...
yapan4 Posted May 3, 2020 Share Posted May 3, 2020 (edited) Sorry, I can't attach files in PM and here size is limited in unknown reason. So i can attach only HTML file instead full dump. P.S. I deleted most larges files from dump, now compressed size is 2.6Mb but I still can't attach Edited May 7, 2020 by yapan4 1 Link to comment Share on other sites More sharing options...
blackosx Posted May 3, 2020 Author Share Posted May 3, 2020 (edited) Thanks. I have the file, please delete your attached file now as it contains lots of information in plain text. But yes, I see what you mean about issue loading the HTML file.. it's 45Mb! I'll take a look today. EDIT: Some of your decompiled ACPI tables are huge, for example the DSDT is 6MB and the OEM4 (CPU CST) table is 2.3MB. I notice your clover boot-log shows 2:773 0:000 DSDT length out of range Clover's FixBiosDsdt only accepts a DSDT up to 400Kb Maybe it's not a good idea for DarwinDumper to include these in the HTML report.. Edited May 3, 2020 by blackosx 1 Link to comment Share on other sites More sharing options...
yapan4 Posted May 3, 2020 Share Posted May 3, 2020 (edited) After unmark "ACPI tables" I got perfect work HTML report in Safari. About size of ACPI tables - yes, now its real size on this server motherboard, for example DSDT.aml is 740Kb and on some C621 MoBo 2Mb! and up. But this is another Theme (for Clover developers or so on). Thank you. Edited May 3, 2020 by yapan4 1 Link to comment Share on other sites More sharing options...
blackosx Posted May 3, 2020 Author Share Posted May 3, 2020 Thanks for confirmation. Out of interest, what mainboard do you have? I haven’t got as far as looking for that in the dumps yet. Link to comment Share on other sites More sharing options...
yapan4 Posted May 3, 2020 Share Posted May 3, 2020 ASUS WS C422 Pro/SE https://www.asus.com/Motherboards/WS-C422-PRO-SE/ 1 Link to comment Share on other sites More sharing options...
blackosx Posted May 5, 2020 Author Share Posted May 5, 2020 (edited) I've removed the previous 3.1.0b4 beta and am now supplying the next beta here for testing. First recent beta included (Changes from 3.0.4 -> 3.0.6b1) - Update RadeonDump and RadeonPCI.kext to 64bit version - Update ioregwv to 64bit version - Update nvram to 64bit version and include more vars to check - Update gfxutil binary to latest v1.80b from acidanthera repo - Update dmidecode binary to latest v3.2b from acidanthera repo - Update Sparkle framework to v1.23.0 - Update lzma to v15.14 - Replace SMC_util3 with 64bit SMC_util_FansOnly for decoding fans - Update iasl to version 20200110 and re-work ACPI dump process - Update list of ACPI table descriptions for HTML report - Add AppleIntelInfo.kext as a separate option - Updated pci.ids.gz to version as of 9th April 2020 - Include extra version of smcutil for listing keys, not fans - Add Mojave and Catalina detection - Included Opencore files in bootloader config files & drivers dump - Fixed config files & drivers dump bug when ESP is already mounted - Update flashrom to v1.2-25 ** Note: Needs work.. ** Second recent beta included(Changes from 3.0.6b1 -> 3.1.0b2) - Changed date format in dump folder name (Thanks IronManJFF) - Revert flashrom back to version 0.97 from previous DarwinDumper - Replace DirectHW.kext with signed version from Slice - Removed older drivers for pre 10.9 - Updated VoodooHDA.kext to version 292 - Updated getdump to version 109 - Added 64bit version of x86info (Thanks Slice) - Moved CPU dump to section not requiring root privileges - DirectHW.framework will be copied to ~/Library/Frameworks (if required) - Updated info pages and html report sub titles and links - Fix incorrect reporting of SIP protected dtrace restriction in html report - Version bump to 3.1 Third recent beta included (Changes from 3.1.0b2 -> 3.1.0b3) - Fix missing Unique partition GUID in Disk partition UIDs.txt file - Read disk device UUID from ioreg IOService plane rather than IODeviceTree - Fix missing Disks dir when running disk dumps - Add preliminary APFS detection for improved disk report(s) - Remove deprecated dumpXuid's option from command line - Fix bdisk script block size detection - Add AppleKernelCoreDump to disk partition image in html report - Add notes regarding disk partition dump being affected by SIP filesystem protection - Add detection for OpenCore.efi files and their version for the Bootloader Detect & Boot Sectors dump Fourth recent beta included (Changes from 3.1.0b3 -> 3.1.0b4) - Fix incorrect assignment of OpenCore in dump filename This new beta includes (Changes from 3.1.0b4 -> 3.1.0b5) - Only include ACPI tables in HTML report if total size of decompiled files is <= 2MB - Fix missing ESP volume from Bootloader Configs scan. - Rename HTML report section from BootloaderConfigs to Bootloader Configuration Files - Add appleRAID option to diskutil list dumps - Include diskutil lists in HTML report - Add dump of 'simple list' of kexts in prelinked kernel - Add a dump status to the UI for some of the dumps that take time. - Update privatise option. EDIT: beta version deleted as newer version posted below Please report any issues. Edited May 15, 2020 by blackosx Deleted attached beta version 2 Link to comment Share on other sites More sharing options...
yapan4 Posted May 7, 2020 Share Posted May 7, 2020 There is a small misunderstanding here - please see the attachment 1 1 Link to comment Share on other sites More sharing options...
blackosx Posted May 7, 2020 Author Share Posted May 7, 2020 Good spot! That’s obviously wrong. Thanks for the report. I’ll take a look when I can. 1 Link to comment Share on other sites More sharing options...
blackosx Posted May 15, 2020 Author Share Posted May 15, 2020 (edited) I've removed the previous 3.1.0b5 beta and am now supplying the next beta here for testing. Almost done before a release. First recent beta included (Changes from 3.0.4 -> 3.0.6b1) - Update RadeonDump and RadeonPCI.kext to 64bit version - Update ioregwv to 64bit version - Update nvram to 64bit version and include more vars to check - Update gfxutil binary to latest v1.80b from acidanthera repo - Update dmidecode binary to latest v3.2b from acidanthera repo - Update Sparkle framework to v1.23.0 - Update lzma to v15.14 - Replace SMC_util3 with 64bit SMC_util_FansOnly for decoding fans - Update iasl to version 20200110 and re-work ACPI dump process - Update list of ACPI table descriptions for HTML report - Add AppleIntelInfo.kext as a separate option - Updated pci.ids.gz to version as of 9th April 2020 - Include extra version of smcutil for listing keys, not fans - Add Mojave and Catalina detection - Included Opencore files in bootloader config files & drivers dump - Fixed config files & drivers dump bug when ESP is already mounted - Update flashrom to v1.2-25 ** Note: Needs work.. ** Second recent beta included(Changes from 3.0.6b1 -> 3.1.0b2) - Changed date format in dump folder name (Thanks IronManJFF) - Revert flashrom back to version 0.97 from previous DarwinDumper - Replace DirectHW.kext with signed version from Slice - Removed older drivers for pre 10.9 - Updated VoodooHDA.kext to version 292 - Updated getdump to version 109 - Added 64bit version of x86info (Thanks Slice) - Moved CPU dump to section not requiring root privileges - DirectHW.framework will be copied to ~/Library/Frameworks (if required) - Updated info pages and html report sub titles and links - Fix incorrect reporting of SIP protected dtrace restriction in html report - Version bump to 3.1 Third recent beta included (Changes from 3.1.0b2 -> 3.1.0b3) - Fix missing Unique partition GUID in Disk partition UIDs.txt file - Read disk device UUID from ioreg IOService plane rather than IODeviceTree - Fix missing Disks dir when running disk dumps - Add preliminary APFS detection for improved disk report(s) - Remove deprecated dumpXuid's option from command line - Fix bdisk script block size detection - Add AppleKernelCoreDump to disk partition image in html report - Add notes regarding disk partition dump being affected by SIP filesystem protection - Add detection for OpenCore.efi files and their version for the Bootloader Detect & Boot Sectors dump Fourth recent beta included (Changes from 3.1.0b3 -> 3.1.0b4) - Fix incorrect assignment of OpenCore in dump filename Fifth beta included (Changes from 3.1.0b4 -> 3.1.0b5) - Only include ACPI tables in HTML report if total size of decompiled files is <= 2MB - Fix missing ESP volume from Bootloader Configs scan. - Rename HTML report section from BootloaderConfigs to Bootloader Configuration Files - Add appleRAID option to diskutil list dumps - Include diskutil lists in HTML report - Add dump of 'simple list' of kexts in prelinked kernel - Add a dump status to the UI for some of the dumps that take time. - Update privatise option. This new beta includes (Changes from 3.1.0b5 -> 3.1.0b6) - Move 'Disk Partition Tables' in to alphabetical order in HTML report. - Rewrite findOpenCore version script - Add detection for OpenCore signature in OpenCore.efi and BOOTx64.efi - Skip APFS volumes when scanning MBR, PBR and bootloaders - Revise output of Bootloader Detect & Boot Sectors dump - Improve identification of config.plist - Widen scan for bootloader .efi files Please report any issues. Edited June 2, 2020 by blackosx Removed previous beta DarwinDumper_v3.1.0b6 4 Link to comment Share on other sites More sharing options...
blackosx Posted June 2, 2020 Author Share Posted June 2, 2020 (edited) I've removed the previous 3.1.0b6 beta and am now supplying the next beta here for testing. Still tweaking before a release..... This new beta includes (Changes from 3.1.0b6 -> 3.1.0b7) - Include SMC RSSN key in privatise option - Update dmidecode to latest build with SMBIOS 3.2 improvements - Add extra command line options for pre-configured dumps using lmza compression - Remove audio codec dump from pre-configured dump options not requiring root-privileges - Remove SIP notification from CPU section of HTML dump when AppleIntelInfo was not run - Don't print empty lines to stdout when converting to html - Add note to user that current SIP settings will prevent memory dump from running - Fix incorrectly discarded file in Bootloader Detect & Boot Sectors dump Please report any issues. Edited June 5, 2020 by blackosx Removed DarwinDumper_v3.1.0b7 1 Link to comment Share on other sites More sharing options...
Slice Posted June 3, 2020 Share Posted June 3, 2020 Tested and see no issues. Just a note ================================================== Master Boot Record: ------------------- MBR: First 512 bytes Code Detected: boot0af (Active First) 00000000: fa31 c08e d0bc f0ff fb8e c08e d8be 007c .1.............| 00000010: bf00 e0fc b900 01f2 a5ea 1ee0 0000 6631 ..............f1 00000020: c066 a300 e4b0 02bb 0010 e827 0172 06be .f.........'.r.. 00000030: be11 e809 00bf a5e1 e84c 01f4 ebfd 817c .........L.....| Why bytes grouped by 2? For me they should be by one: fa 31 c0 8e d0 bc f0 ff or by 4: fa31c08e d0bcf0ff .... 1 Link to comment Share on other sites More sharing options...
blackosx Posted June 3, 2020 Author Share Posted June 3, 2020 (edited) Thanks for testing. Sure, I can change the output. % sudo xxd -l512 -g1 /dev/disk4s1 00000000: eb 58 90 42 53 44 20 20 34 2e 34 00 02 01 20 00 .X.BSD 4.4... . 00000010: 02 00 00 00 00 f0 00 00 20 00 10 00 00 00 00 00 ........ ....... 00000020: 00 40 06 00 4f 0c 00 00 00 00 00 00 02 00 00 00 .@..O........... 00000030: 01 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000040: 00 00 29 ed 17 e3 67 45 46 49 20 20 20 20 20 20 ..)...gEFI 00000050: 20 20 46 41 54 33 32 20 20 20 fa 31 c0 8e d0 bc FAT32 .1.... Done Edited June 3, 2020 by blackosx 2 Link to comment Share on other sites More sharing options...
blackosx Posted June 5, 2020 Author Share Posted June 5, 2020 (edited) I've removed the previous 3.1.0b7 beta and am now supplying the next beta here for testing. Still tweaking before a release..... This new beta includes (Changes from 3.1.0b7 -> 3.1.0b8) - Don't attempt to read MBR and PBR of APFS containers. - Don't attempt to read MBR and PBR of APFS physical stores when SIP File Protection is enabled. - Print hex bytes as single bytes in disk dumps (Thanks slice) - Change writeable path check from command line - Add detection for OpenCore bootstrap.efi - Improve OpenCore detection for when file has been renamed - Add detection for OpenCore log from file, Data Hub or UEFI var Please report any issues. Edited June 11, 2020 by blackosx Removed DarwinDumper_v3.1.0b8 2 Link to comment Share on other sites More sharing options...
blackosx Posted June 11, 2020 Author Share Posted June 11, 2020 (edited) Since working from home during coronavirus lockdown I looked to update DarwinDumper as it hadn't been touched since 2017. It is an old program and is showing it's age, and if I were to do it all again today then it would be a different beast, but of course that's not going to happen. Anyway, lockdown is easing here and my workload is increasing so after 8 weeks of slowly updating, patching and testing I've finally pushed v3.1.0 to hope it can at least stay relevant for a while longer. Download Changelog - Update RadeonDump and RadeonPCI.kext to 64bit version - Update ioregwv to 64bit version - Update nvram to 64bit version and include more vars to check - Update gfxutil binary to latest v1.80b from acidanthera repo - Update dmidecode binary to latest v3.2c from acidanthera repo - Update Sparkle framework to v1.23.0 - Update lzma to v15.14 - Replace SMC_util3 with 64bit SMC_util_FansOnly for decoding fans - Update iasl to version 20200110 and re-work ACPI dump process - Update list of ACPI table descriptions for HTML report - Add AppleIntelInfo.kext as a separate option - Updated pci.ids - Include extra version of smcutil for listing keys, not fans - Add Mojave and Catalina detection - Fixed config files & drivers dump bug when ESP is already mounted - Changed date format in dump folder name (Thanks IronManJFF) - Replace DirectHW.kext with signed version from Slice - Removed older drivers for pre 10.9 - Updated VoodooHDA.kext to version 292 - Updated getdump to version 109 - Added 64bit version of x86info (Thanks Slice) - Moved CPU dump to section not requiring root privileges - DirectHW.framework will be copied to ~/Library/Frameworks (if required) - Updated info pages and html report sub titles and links - Fix incorrect reporting of SIP protected dtrace restriction in html report - Fix missing Unique partition GUID in Disk partition UIDs.txt file - Read disk device UUID from ioreg IOService plane rather than IODeviceTree - Fix missing Disks dir when running disk dumps - Add preliminary APFS detection for improved disk report(s) - Remove deprecated dumpXuid's option from command line - Fix bdisk script block size detection - Add AppleKernelCoreDump to disk partition image in html report - Add notes regarding disk partition dump being affected by SIP filesystem protection - Add detection for OpenCore, it's log and config files - Only include ACPI tables in HTML report if total size of decompiled files is <= 2MB - Fix missing ESP volume from Bootloader Configs scan. - Rename HTML report section from BootloaderConfigs to Bootloader Configuration Files - Add appleRAID option to diskutil list dumps - Include diskutil lists in HTML report - Add dump of 'simple list' of kexts in prelinked kernel - Add a dump status to the UI for some of the dumps that take time - Update privatise option. - Move 'Disk Partition Tables' in to alphabetical order in HTML report - Revise output of Bootloader Detect & Boot Sectors dump - Improve identification of config.plist - Widen scan for bootloader .efi files - Include SMC RSSN key in privatise option - Add extra command line options for pre-configured dumps using lmza compression - Remove audio codec dump from pre-configured dump options not requiring root-privileges - Remove SIP notification from CPU section of HTML dump when AppleIntelInfo was not run - Don't print empty lines to stdout when converting to html - Add warnings that current SIP settings will prevent memory dump from running - Don't attempt to read MBR and PBR of APFS containers - Don't attempt to read MBR and PBR of APFS physical stores when SIP File Protection is enabled - Print hex bytes as single bytes in disk dumps (Thanks slice) - Change writeable path check from command line - Remove old acpiFromMem option - No longer attempt to run Clover genconfig tool as it's bundled with Clover.app - Cleaned output of Kernel boot messages dump - Extended Kernel boot messages dump to show individual processes - Include bootargs in darwindumper log and head of html report Edited June 17, 2020 by blackosx Changed download link to downloads page 5 2 Link to comment Share on other sites More sharing options...
blackosx Posted June 17, 2020 Author Share Posted June 17, 2020 DarwinDumper has been updated to v3.1.1 Download Changelog - Update getcodecid to v2.4 (Thanks Gengik84) - Remove SIP warning and notes for Memory dump - Add further detection for OpenCore (Requires root privileges) 6 Link to comment Share on other sites More sharing options...
Kill.Javascript Posted June 24, 2020 Share Posted June 24, 2020 (edited) thx for your great work aggregating all these tools and integrating them into a very useful tool. much of it is beyond my understanding, even as an 8+ years hackinbox user, but i imagine that many of the issues i've experienced over the years that have caused me to give up and turn a dozen hackinboxes into FreeNAS storage units could've been solved. well, at least elucidated, if I'd found this earlier. UPDATE: Strange. After downloading, installing & running DarwinDumper, I did a routine virus scan last night on my Mac. Dr. Antivirus from TrendMicro identified viruses in both the application and the files it generated. Edited June 24, 2020 by Kill.Javascript saved too soon Link to comment Share on other sites More sharing options...
Slice Posted December 31, 2020 Share Posted December 31, 2020 @blackosx VoodooHDA embedded into DarwinDumper should be updated to version 2.9.6 for BigSur compatibility. Older versions crashed. https://sourceforge.net/projects/voodoohda/files/ 1 Link to comment Share on other sites More sharing options...
blackosx Posted January 6, 2021 Author Share Posted January 6, 2021 Thanks @Slice I'll update VoodooHDA and push and new version soon. I am not running BigSur here on my hack so have not worked any further with DarwinDumper since the last updates back in the summer. 1 Link to comment Share on other sites More sharing options...
Recommended Posts