# DYLD Shared Cache Utils

This plugin (nicknamed "dscu" for brevity) is essentially just an extension of the Mach-O loader. It allows you to manually load modules from a dyldcache that were not loaded when first opening the cache in IDA (the plugin is only activated after using the "single module" option for a dyldcache).

For a quick overview of the dscu functionality, see menu File>Load file>DYLD Shared Cache Utils.

## Loading Modules

There are a few ways to manually load a module from the cache:

1\) Use File>Load file>DYLD Shared Cache Utils>Load module... and choose which module to load

2\) Right-click on an unmapped address in the disassembly, and select 'Load module \<module name>'

3\) Programatically:

```
  n = idaapi.netnode()
  n.create("$ dscu")
  n.supset(2, "/usr/lib/libobjc.A.dylib")
  idaapi.load_and_run_plugin("dscu", 1)
```

## Loading Sections

dscu also allows you to load a subset of a given module.

Any section from any of the dyldcache's submodules can be loaded individually. This is especially useful when analyzing Objective-C code, since often times it is convenient to only load Objective-C info from a given module without loading all of its code.

For example, if you see a pointer to a selector string that has not been loaded:

```
  ADRP  X8, #0x1AECFF7F9@PAGE
  ADD   X1, X8, #0x1AECFF7F9@PAGEOFF ; SEL
  MOV   X0, X21 ; id
  BL    _objc_msgSend_0
```

Right-click on "0x1AECFF7F9" and dscu will provide you with two options:

```
  Load UIKitCore:__objc_methname
  Load UIKitCore
```

The UIKitCore module is huge, so perhaps you don't want to load the entire thing, but still want to clean up the disassembly. If you choose "Load UIKitCore:\_\_objc\_methname", dscu will load only these selector strings into the database:

```
  ADRP  X8, #sel_alloc@PAGE ; "alloc"
  ADD   X1, X8, #sel_alloc@PAGEOFF ; SEL
  MOV   X0, X21 ; id
  BL    _objc_msgSend_0
```

This operation is much faster, and still provides a lot of benefit to the analysis.

Sections can also be loaded via:

```
  File>Load file>DYLD Shared Cache Utils>Load section...
```

or programmatically with:

```
  node = idaapi.netnode()
  node.create("$ dscu")
  node.altset(3, 0x1AECFF7F9) # address can be any address in the section
  idaapi.load_and_run_plugin("dscu", 2)
```

See also

* [Objective-C Analysis Plugin](https://docs.hex-rays.com/user-guide/plugins/plugins-shipped-with-ida/objective-c-analysis-plugin)
* [Debugger for macOS](https://docs.hex-rays.com/user-guide/debugger/local-debugging/intel-arm-macos-debugger)
* [Remote iOS debugger](https://docs.hex-rays.com/user-guide/debugger/remote-debugging/remote-ios-debugger)