Why is __LINKEDIT sometimes 0x1000 off?

Parsing an already-loaded Mach-O binary in memory...

Sometimes the string table, symbol table, etc, are where they should be, and sometimes they're 0x1000 off.

For example, I might run my program and baseOffset + cmd->symoff is accurate. Then I'll unit test and baseOffset + cmd->symoff + 0x1000 is accurate. baseOffset is always valid and pointing to a valid Mach header.

Solution

I figured it out by looking at dyld source code... It's not guarenteed to be 0x1000 off, however, the link edit offset is: baseImageOffset + linkedit.vmaddr - linkedit.fileoff. Most of the time this difference is 0, but sometimes it is not.

This impacts LC_FUNCTION_STARTS (cmd->dataoff) and LC_SYMTAB (cmd->stroff and cmd->symoff)

scipy 1.14.1 breaks statsmodels 0.14.2
Selenium gives "selenium.common.exceptions.WebDriverException: Message: unknown error: cannot find Chrome binary" on Mac
How can I sed two curly braces on two lines and add a coma between them on a Mac?
Bash to rename files to append folder name
Cannot get lldb to read file input through redirect
Xcode build system crashes with "unexpected service error" on iPhone 16 simulator
Why doesn't VS Code auto update on macOS?
Use OpenMP on M2 Mac with R and data.table
Xcode 10.2 unable to launch simulator
How to export structured notes (image + text) from a Next.js app to Apple Notes?
MacOS Sequoia keyboard shortcut to move a window between different screens
Focus-follows-mouse (plus auto-raise) on Mac OS X
error: linking with `cc` failed: exit code: 1
How to set JAVA_HOME environment variable on Mac OS X 10.9?
Warning: The post-install step did not complete successfully when trying to install mysql using brew in Mac OS High Sierra
Installing MongoDB with Homebrew
Unable to use Screen efficiently in Mac's Terminal
error while build iOS app in Xcode : Sandbox: rsync.samba (13105) deny(1) file-write-create, Flutter failed to write to a file
MariaDB update causes client connection problem : mariadb.OperationalError: TLS/SSL error: SSL is required, but the server does not support it
Skim displayline only bring the pdf in foreground
UNNotificationSound doesn't play on macOS. Same file works on iOS
Open document with default OS application in Python, both in Windows and Mac OS
Flutter Error: 'UnmodifiableUint8ListView' is restricted and can't be extended or implemented
How do I change the color of a NSButton checkbox?
Is there any way to make a Python program that has the user use the terminal (NO GUI) into a stand-alone for Mac?
Can't use mongo command, shows command not found on mac
D compiler DMD doesn't link object files
How can I turn off Finder's icon preview for my app's document type?
SocketException: Connection failed (OS Error: Operation not permitted, errno = 1) with flutter app on macOS
NPM install node-rdkafka fails with node-gyp rebuild error