kernel-extension

问题 In order to achieve better encapsulation and modularity I've decided to split my kernel driver into 2 (can be more) modules where each is responsible for different functionality. However, there are still some data+logic which I'd like to share between those modules (i.e. one module can manage the communication with user-space, while the other uses it as mediator) and I wonder if there's any easy way to do so. For example, I'd like to publish some API from one module to another, which is

问题 I'm trying to build POC that identify file copying activity from kauth based kernel extension that using fileop scope callback. However, it seems that copying file involves two separate authentication operations (open src file from and create new file). My goal is rather simple, detect the new target file creation after it was filled with data, disregarding the nature of the source file (so I'll be able to read it for further analysis) According to my observation, it may possible to achieve

问题 I'm updating the driver of one of my devices and would like to kextunload the old driver and kextload the new one so a restart isn't required anymore. After the installation I try: sudo kextunload /System/Library/Extensions/Driver.kext The error which happens looks like this: (kernel) Can't unload kext com.driver.Driver; classes have instances: (kernel) Kext com.driver.Driver class com_driver_Driver_USBAudioDevice has 1 instance. Failed to unload com.driver.Driver - (libkern/kext) kext is in

问题 I'm updating the driver of one of my devices and would like to kextunload the old driver and kextload the new one so a restart isn't required anymore. After the installation I try: sudo kextunload /System/Library/Extensions/Driver.kext The error which happens looks like this: (kernel) Can't unload kext com.driver.Driver; classes have instances: (kernel) Kext com.driver.Driver class com_driver_Driver_USBAudioDevice has 1 instance. Failed to unload com.driver.Driver - (libkern/kext) kext is in

问题 my fellow developers! I hope very much that at least some of you will not get frightened by the amount of text this question contains (I simply did my best to be as descriptive as humanely possible). :) To those who think I've asked this question to write malware or something. I want to write an application that will allow users to select applications to be launched after the OS will finish launching. The whole idea is to allow user to select these apps BEFORE the OS finished launching by

问题 Seeing an odd issue that's not happening on two other workstations. After a recent reinstall of Yosemite with Xcode and the command line tools, I've found that my /usr/include is not present on this particular workstation. I'm able to build packages with Homebrew at the moment and various other tasks work seemingly fine, but when I went to start building some kernel extensions, to my horror, I found this folder entirely absent. Any thoughts on what may be going on here? 回答1: Interestingly the

问题 I try implement KEXT for USBHID Device. If i am checking on Terminal It able to load KEXT ie Newtok:Desktop Rasheed$ kextutil -nt SampleKextDriver.kext No kernel file specified; using running kernel for linking. SampleKextDriver.kext appears to be loadable (including linkage for on-disk libraries). But Unfortunately I Got the above Message. My plist File is <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0

问题 I've created uninstaller for my driver, that remove its matching plist file from /Library/LaunchDaemons so that it won't be loaded again by launchd on the next boot cycle. However, it doesn't seems to take any effect on my driver that is still being loaded normally after booting the machine. After doing some research in this matter, I've found out that the kextcache is the reason for this behaviour, and in order clean/invalidate it, I need to touch the folder where the installation target

问题 I am writing a Network Kernel Extension on MacOS that is comprised of a Socket Filter and an IP filter. My IP filter works as a kind of fire-wall, i only want to allow packets through that have been previously tagged as ALLOWED by the socket filter. In the socket filter sf_data_out_func function, I successfully tag all the mbufs. However in my ipf_output_func I do not seem to be able to find these tagged packets with a mbuf_tag_find() . I am tagging the packets in the socket filter as follows

问题 I have a user-space process (daemon) that communicates with a Network Kernel Extension using the "Kernel Control API" (https://developer.apple.com/library/archive/documentation/Darwin/Conceptual/NKEConceptual/control/control.html) Specifically, I have an NKE that is responsible for modifying the source address of sockets belonging to specific applications. However the NKE does not have all the information or abilities it needs - and often needs to communicate with a daemon process to perform