- Open Terminal and run
nm kernelcache.dec | grep _kernproc
In this example, 0xfffffff0075d50a0 is our kernproc address.(iPhone6S on 11.3.1)
- Drag your kernelcache.dec into ida and stringsearch for
fStampMapping[kAGXHostMemoryTimestamp]
This should take you tocom.apple.AGXG5P:__cstring
section. - Double click on the first text:FFFFFFF...
- Scroll down all the way until you see something like this.
- Double click on unk_FFFFFFF... which is located at the second ADRP.