diff --git a/unidbg-ios/src/main/java/com/github/unidbg/ios/ARM64SyscallHandler.java b/unidbg-ios/src/main/java/com/github/unidbg/ios/ARM64SyscallHandler.java
index cb1512c2a..502d168fc 100644
--- a/unidbg-ios/src/main/java/com/github/unidbg/ios/ARM64SyscallHandler.java
+++ b/unidbg-ios/src/main/java/com/github/unidbg/ios/ARM64SyscallHandler.java
@@ -2834,18 +2834,15 @@ private long mmap(Emulator<?> emulator) {
 
         boolean warning = length >= 0x10000000;
         long base = emulator.getMemory().mmap2(addr == null ? 0 : addr.peer, length, prot, flags, fd, (int) offset);
-        String msg = "mmap addr=" + addr + ", length=" + length + ", prot=0x" + Integer.toHexString(prot) + ", flags=0x" + Integer.toHexString(flags) + ", fd=" + fd + ", offset=" + offset + ", tag=" + tag;
+        String msg = "mmap addr=" + addr + ", base=0x" + Long.toHexString(base) + ", length=" + length + ", prot=0x" + Integer.toHexString(prot) + ", flags=0x" + Integer.toHexString(flags) + ", fd=" + fd + ", offset=" + offset + ", tag=" + tag + ", LR=" + context.getLRPointer();
         if (log.isDebugEnabled() || warning) {
             if (warning) {
                 log.warn(msg);
             } else {
                 log.debug(msg);
             }
-        } else {
-            Log log = LogFactory.getLog("com.github.unidbg.ios.malloc");
-            if (log.isDebugEnabled()) {
-                log.debug(msg + ", base=0x" + Long.toHexString(base));
-            }
+        } else if(LogFactory.getLog("com.github.unidbg.ios.malloc").isDebugEnabled()) {
+            log.debug(msg);
         }
         return base;
     }
diff --git a/unidbg-ios/src/main/java/com/github/unidbg/ios/MachOLoader.java b/unidbg-ios/src/main/java/com/github/unidbg/ios/MachOLoader.java
index c7b3987c5..ec7adf240 100644
--- a/unidbg-ios/src/main/java/com/github/unidbg/ios/MachOLoader.java
+++ b/unidbg-ios/src/main/java/com/github/unidbg/ios/MachOLoader.java
@@ -1739,7 +1739,32 @@ public Module getExecutableModule() {
     public long mmap2(long start, int length, int prot, int flags, int fd, int offset) {
         int aligned = (int) ARM.alignSize(length, emulator.getPageAlign());
 
-        if (((flags & com.github.unidbg.ios.MachO.MAP_ANONYMOUS) != 0) || (start == 0 && fd <= 0 && offset == 0)) {
+        boolean isAnonymous = ((flags & com.github.unidbg.ios.MachO.MAP_ANONYMOUS) != 0) || (start == 0 && fd <= 0 && offset == 0);
+        if ((flags & MAP_FIXED) != 0 && isAnonymous) {
+            if (log.isDebugEnabled()) {
+                log.debug("mmap2 MAP_FIXED start=0x" + Long.toHexString(start) + ", length=" + length + ", prot=" + prot);
+            }
+
+            MemoryMap mapped = null;
+            for (MemoryMap map : memoryMap.values()) {
+                if (start >= map.base && start + aligned <= map.base + map.size) {
+                    mapped = map;
+                }
+            }
+
+            if (mapped != null) {
+                munmap(start, aligned);
+                unicorn.mem_map(start, aligned, prot);
+                if (memoryMap.put(start, new MemoryMap(start, aligned, prot)) != null) {
+                    log.warn("mmap2 replace exists memory map: start=" + Long.toHexString(start));
+                }
+                return start;
+            } else {
+                throw new IllegalStateException("mmap2 MAP_FIXED not found mapped memory: start=0x" + Long.toHexString(start));
+            }
+        }
+
+        if (isAnonymous) {
             long addr = allocateMapAddress(0, aligned);
             if (log.isDebugEnabled()) {
                 log.debug("mmap2 addr=0x" + Long.toHexString(addr) + ", mmapBaseAddress=0x" + Long.toHexString(mmapBaseAddress) + ", start=" + start + ", fd=" + fd + ", offset=" + offset + ", aligned=" + aligned);
diff --git a/unidbg-ios/src/main/native/ios/bootstrap.m b/unidbg-ios/src/main/native/ios/bootstrap.m
index 373b2b0e4..097d64b00 100644
--- a/unidbg-ios/src/main/native/ios/bootstrap.m
+++ b/unidbg-ios/src/main/native/ios/bootstrap.m
@@ -8,6 +8,7 @@
 #import <AVFoundation/AVFoundation.h>
 #import <CommonCrypto/CommonDigest.h>
 #import <CommonCrypto/CommonCryptor.h>
+#include <sys/mman.h>
 #include "test.h"
 
 @interface BootstrapTest : NSObject {}
@@ -228,6 +229,12 @@ static void test_CommonDigest() {
   fprintf(stderr, "\n");
 }
 
+static void test_mmap() {
+  void *addr = mmap(NULL, 0x4000 * 2, 0, 0x1002, -1, 0);
+  void *fix = mmap(addr, 0x4000, 3, 0x1012, -1, 0);
+  NSLog(@"test_mmap addr=%p, fix=%p", addr, fix);
+}
+
 int main(int argc, char *argv[]) {
   setvbuf(stdout, NULL, _IONBF, 0);
   setvbuf(stderr, NULL, _IONBF, 0);
@@ -264,6 +271,7 @@ int main(int argc, char *argv[]) {
     test_CoreGraphics(argv[1]);
   }
   test_CommonDigest();
+  test_mmap();
 
   return 0;
 }
diff --git a/unidbg-ios/src/main/resources/ios/bootstrap_objc b/unidbg-ios/src/main/resources/ios/bootstrap_objc
index af69589e4..91f6206de 100755
Binary files a/unidbg-ios/src/main/resources/ios/bootstrap_objc and b/unidbg-ios/src/main/resources/ios/bootstrap_objc differ