On Mac with M4 with IDA 9.2, when trying to work on a dyld shared cache with ~50 or more modules loaded, IDA become much more slows, including randoms hangups, long time for renames, …
Is it a known issue? is there a workaround for that? Because IDA can deal with kernelcache with all modules loaded (which is larger, and it runs much faster)
In addition, xrefs work poorly on shared cache. many GOT/STUBS functions has no xrefs, even though there are xrefs. I’m using this script to fix it, but it should probably be fixed.
Hi @yoavst and thanks for raising these issues. To avoid speculative answers, could you open a ticket via our support channel with additional details and reproduction steps?
This is still a major issue when reversing the dyld shared cache. Is there any update on this?
A current dyld shared cache from an iOS firmware contains more than 4,000 images. Loading and analyzing all of them in a single IDB is practically impossible.
The dscu plugin is definitely a major improvement, since most workflows do not require every module to be loaded at once. However, it still does not seem to scale well, regardless of the hardware being used.
Some interactive operations also become very slow. I wonder whether this may be caused by internal data structures or algorithms that do not scale well with the amount of information being loaded.
More broadly, it would be extremely helpful if IDA could make better use of multi-core systems, especially during auto-analysis. I understand that this may be difficult to implement, since some analysis stages likely depend on earlier results, but it seems there should still be room for more parallelism in the analysis pipeline.
On a positive note, idalib has been a great addition. Analyzing binaries without the GUI also seems to provide a noticeable performance improvement.
A quick follow-up: with the 9.4 release, we aim to improve the DSC workflow, and with the upcoming fixes, we expect it to be much leaner.
We’d be happy to invite you to our beta program if you’d like to test it and share some feedback.