kernel-extension

问题 I am building NKE(Network Kernal Extension) for filtering and modifying the packets on the fly. myipfilter_output_redirect callback gives mbuf_t pointer and based on the researched knowledge it has every information related to the network call. I want to read the html from this mbuf_t and inject one css/html into it. how can I achieve it? static errno_t myipfilter_output(void* cookie, mbuf_t* data, ipf_pktopts_t options) { if (data) log_ip_packet(data, kMyFiltDirOut); return 0; } static errno

问题 I'm exchanging data between a bare-bone Arduino and openFrameworks via a serial UART FTDI connection. I'm using a patched FTDI driver to achieve higher BAUD rates on OSX. FTDIChip calls it "Aliasing VCP Baud Rates". See: http://spin.atomicobject.com/2013/06/23/baud-rates-ftdi-driver-mac/ https://github.com/arminbw/wiretouch/blob/v0.21/perl/modify-ftdi-driver-settings.pl This worked until recently. Since upgrading to OSX 10.10 I have to manually unload and reload the kext to make it work: sudo

问题 Google yields no insight. I wasn't able to figure it out by searching around in the kernel source. I'm using the open source IOProxyVideoFamily to implement a virtual framebuffer. I just replaced a C-style cast to IODeviceMemory with OSDynamicCast, because I suspect that cast will fail. If so I will know how to fix it. But I can't find the KPI library that contains it. IODeviceMemory has been in the OS since 10.0, and is required for PCI card drivers. $ kextlibs -undef-symbols /System/Library

问题 I'm looking for a universal method to configure parameters from userspace agent to kernel since there is no Mac equivalent to windows registry where driver can directly access any key in this table using ZwQueryValueKey command. Therefore, I'd like to pass a dynamic list of variables through CFDictionary . In IOConnectCallMethod there's a way to pass input pointer, but the question is if I can pass a CFDictionary or CFDictionaryRef instead of just a simple struct. I saw that there are some

问题 I'm working on Kext which should have access to struct proc->p_pid field. The problem is the structure is defined in XNU sources only, so I faced incomplete definition of type 'struct proc' error during compilation. From my point of view, to include XNU headers into my own project is a bad smelling solution, but what is the alternative way? Is it to copy and to paste the structure into my own code? 回答1: You're supposed to use proc_pid(proc_t) for this. The structure is meant to be opaque as,

问题 I've got Generic Kernel Extension which is implemented in C++ example for the start and end routines, whereas all the other logic is stored within a dedicated class inherit from OSObject . it creates the class upon module start routine, and release it upon stop routine as can be shown in the code below : class com_my_driver : public OSObject { ... }; ... .. . com_my_driver *gDriver = NULL; extern "C" kern_return_t my_driver_start(kmod_info_t * ki, void *d) { gDriver = new com_my_driver;

问题 I am developing a kernel extension. I require to use wait and signal mechanism to wait for particular events (programming logics). I am trying to use semaphores as part of the kernel extension to implement the wait and signal methodology. The creation of semaphore is causing a kernel panic. Need help in figuring out the right implementation. Let me know if I am using it wrong or if there is any other simpler mechanism to wait and signal for kernel development. The current code which I am

问题 In xnu we have the vnode_t entity which represent the file globally. Each process can access the file (assuming it has right permissions) by setting new file descriptor and set the vnode under fg_data fp->f_fglob->fg_data = vp; the vnode contain a list of basic actions for all relevant operations and is set in according to the file's FS. i.e. HFS+ driver implement such vector and set its vnode accordingly. int (**v_op)(void *); /* vnode operations vector */ this is a vector for function

问题 As some kinds of MacOS developers know, Apple implemented Secure Kernel Extension Loading . Users can approve third party KEXT by clicking Approve button in Security and Privacy . However, once the KEXT is approved, are there any methods for cancelling the approval? Imagine, the case of testing the app with KEXT loading, etc. If there are no way but the clean install, it's very difficult to test apps. 回答1: The information about approvals is stored in sqlite3 database: /var/db

问题 I am trying to write kext for Mac OS X which will get notified when any process is started. In Windows you can do this by calling PsSetLoadImageNotifyRoutine(...) and specify callback which will be called when the process is starting. This is documented way and it works in all Windows starting from Win 2k. Is there anything similar for Mac? It seems like this is possible to achieve using kauth process listeners, but process scope has never been implemented in OS X. Another alternative is to