Dyld Shared Cache¶

API

Introduction¶

LIEF’s dyld shared cache support allows the inspection and extraction of libraries from Apple dyld shared cache.

One can load a shared cache using the function:

import lief

dyld_cache: lief.dsc.DylibSharedCache = lief.dsc.load("macos-15.0.1/")

#include <LIEF/DyldSharedCache.hpp>

std::unique_ptr<LIEF::dsc::DyldSharedCache> dyld_cache = LIEF::dsc::load("macos-15.0.1/")

let dyld_cache = lief::dsc::load_from_path("macos-15.0.1/", "");

Warning

takes as input either a directory for loading the whole shared cache or a set of files to load a subset of the cache.

From this object, we can inspect the embedded as follows:

dyld_cache: lief.dsc.DylibSharedCache = ...

for dylib in dyld_cache.libraries:
    print("0x{:016x}: {}".format(dylib.address, dylib.path))

std::unique_ptr<LIEF::dsc::DyldSharedCache> dyld_cache;
for (std::unique_ptr<LIEF::dsc::Dylib> dylib : dyld_cache->libraries()) {
  std::cout << dylib->address() << ' ' << dylib->path() << '\n';
}

let dyld_cache: lief::dsc::DyldSharedCache;

for dylib in dyld_cache.libraries() {
    println!("0x{:016x}: {}", dylib.address(), dylib.path());
}

It is worth mentioning that exposes the method which can be used to extract a instance from a dyld shared cache libraries:

dyld_cache: lief.dsc.DylibSharedCache = ...

liblockdown = dyld_cache.find_lib_from_name("liblockdown.dylib")

macho: lief.MachO.Binary = liblockdown.get()

for segment in macho.segments:
    print(segment.name)

std::unique_ptr<LIEF::dsc::DyldSharedCache> dyld_cache;
std::unique_ptr<Dylib> liblockdown = dyld_cache->find_lib_from_name("liblockdown.dylib");

std::unique_ptr<LIEF::MachO::Binary> macho = liblockdown.get();
for (const LIEF::MachO::SegmentCommand& segment : macho->segments()) {
  std::cout << segment.name() << '\n';
}

let dyld_cache: lief::dsc::DyldSharedCache;

let liblockdown = dyld_cache.find_lib_from_name("liblockdown.dylib").unwrap();

let macho = liblockdown.get().unwrap();

for segment in macho.segments() {
    println!("{}", segment.name());
}

Finally, we can leverage the function to write back the object:

liblockdown = dyld_cache.find_lib_from_name("liblockdown.dylib")

macho: lief.MachO.Binary = liblockdown.get()
macho.write("on-disk-liblockdown.dylib")

std::unique_ptr<LIEF::dsc::DyldSharedCache> dyld_cache;
std::unique_ptr<Dylib> liblockdown = dyld_cache->find_lib_from_name("liblockdown.dylib");

std::unique_ptr<LIEF::MachO::Binary> macho = liblockdown.get();
macho->write("on-disk-liblockdown.dylib");

let liblockdown = dyld_cache.find_lib_from_name("liblockdown.dylib").unwrap();
let macho = liblockdown.get().unwrap();

macho.write("on-disk-liblockdown.dylib");

Warning

By default, LIEF does not remove dyld shared cache optimizations. To remove some of these optimizations, you can check the structure.

Performance Considerations¶

Dyld shared cache files are pretty large which means that they can’t be processed in the same way as other regular or binaries.

The dyld shared cache support in LIEF follows the principle: don’t pay overhead for what you don’t access. This is the opposite of the implementation of , and .

Note

These functions parse all the format structures (with decent performances) because:

Most of the binary’s sizes are less than gigabytes.
A complete representation is required for modifying binaries.

From a technical perspective, LIEF is using a LIEF::FileStream to access (on-demand) dyld shared cache structures. Thus, the in-memory consumption is limited to the size of the structures being accessed. The drawback of this FileStream is that since this is a file-based access, it takes more time compared to a LIEF::VectorStream.

Additionally, LIEF’s dyld shared cache implementation heavily relies on the iterator pattern to follow the principle: don’t pay overhead for what you don’t access.

For instance, is returning an iterator over the . Therefore, if you don’t iterate, you don’t pay for the access and the parsing of the objects.

When it is possible, LIEF implements the trait of a random access iterator [1] so that we can programmatically do:

dyld_cache: lief.dsc.DyldSharedCache = ...

# No cost
libraries = cache.libraries

# O(1) cost
first_lib = libraries[0]

# O(len(libraries)) cost
for lib in libraries:
    print(lib.path)

std::unique_ptr<LIEF::dsc::DyldSharedCache> dyld_cache;

// No cost
auto libraries = dyld_cache.libraries();

// O(1) cost
std::unique_ptr<Dylib> first_lib = libraries[0];

// O(libraries.size()) cost
for (const auto& dylib : libraries) {
  std::cout << dylib.path() << '\n';
}

When extracting a from a object with , the extraction can a substantial amount of time, especially if some deoptimizations are turned on (c.f. ).

For instance, could require to iterate over the dyld shared cache’s stub islands several times. To improve overall performances, LIEF provides a cache-based optimization that can be enabled and configured with:

When you should turn caching on?

You can skip LIEF’s caching if:

You don’t plan to extract libraries from the shared cache.
You plan to extract only one library from the shared cache and only once
You don’t want to have LIEF cache artifacts on your system.

For all other situations, you should turn on .

By default, the cache mechanism is not enabled.

References¶

Python API

C++ API

Rust API: lief::dsc