[KernelCache] Place synthetic sections after the cache's address range

bdash · bdash · commit b33cd4b0a3dd · 2025-11-26T00:12:34.000-08:00
This ensures they do not overlap with any images that may later be loaded from the kernel cache. Fixes #7634.
diff --git a/view/kernelcache/core/KernelCacheView.cpp b/view/kernelcache/core/KernelCacheView.cpp
@@ -74,6 +74,11 @@ Ref<Settings> KernelCacheViewType::GetLoadSettingsForData(BinaryView* data)
 			"description" : "Add function starts sourced from the Function Starts tables to the core for analysis."
 			})");
 
+	// Place the synthetic sections well after the kernel cache to ensure they do
+	// not collide with any images that are later loaded from the kernel cache.
+	constexpr uint64_t syntheticSectionsOffset = 256 * 1024 * 1024;
+	settings->UpdateProperty("loader.syntheticSectionBase", "default", viewRef->GetStart() + syntheticSectionsOffset);
+
 	// Merge existing load settings if they exist. This allows for the selection of a specific object file from a Mach-O
 	// Universal file. The 'Universal' BinaryViewType generates a schema with 'loader.universal.architectures'. This
 	// schema contains an appropriate 'Mach-O' load schema for selecting a specific object file. The embedded schema
