kernel-extension | 易学教程

how come osx kernel get so many times of file operations

阅读更多关于 how come osx kernel get so many times of file operations

问题 I create a file in userspace(using touch command), I am expecting to see only one OPEN and one CLOSE file operations, however, I get 2 OPEN and 3 CLOSE operations from kernel notification. the operations sequence is like this: open --> close --> open --> close ---> close.... can anybody give me some hints about this? thanks in advance. 回答1: Kauth vnode and fileop listeners have been working well for me. If you are receiving event notifications that don't make sense to you, I suggest placing a

Developing and Debugging KEXT on mac

阅读更多关于 Developing and Debugging KEXT on mac

问题 I'm developing a KEXT on mac using Xcode, After every compile I'm changing permissions through terminal and load the KEXT, then reading results from console app. Some of the mistakes in development giving system a kernel panic and I have to restart my mac, this is so annoying. I was wondering if there is a better way to develop and debug a KEXT? 回答1: This is too big a topic for an answer, but it is at least well documented, look at these documents from Apple: When Things Go Wrong: Debugging

Writing an OS X kernel extension to implement Linux's SO_BINDTODEVICE socket option

阅读更多关于 Writing an OS X kernel extension to implement Linux's SO_BINDTODEVICE socket option

问题 I want to be able to force a socket through a specific network interface. In Linux the kernel allows a programmer to achieve this by setting said socket option - but in OS X I'm in the dark. And hence my title question - is it possible? Has it been done? I'm not looking into re-implementing the IP stack, just enabling the usage of the bind-to-interface option. 回答1: Use the RFC 3542 interface for selecting outgoing interfaces (IPV6_PKTINFO). http://tools.ietf.org/html/rfc3542#section-6 来源：

Developing and Debugging KEXT on mac

阅读更多关于 Developing and Debugging KEXT on mac

I'm developing a KEXT on mac using Xcode, After every compile I'm changing permissions through terminal and load the KEXT, then reading results from console app. Some of the mistakes in development giving system a kernel panic and I have to restart my mac, this is so annoying. I was wondering if there is a better way to develop and debug a KEXT? This is too big a topic for an answer, but it is at least well documented, look at these documents from Apple: When Things Go Wrong: Debugging the Kernel Debugging a Kernel Extension with GDB Technical Note TN2063: Understanding and Debugging Kernel

codesigned kext But why not load in Yosemite(10.10)

阅读更多关于 codesigned kext But why not load in Yosemite(10.10)

问题 I had a code signing on kext in Yosemite. But kextload is failed. It was version2 codesign. codesign --verify is true. But kextload is failed. Why not load in Yosemite? Here is my log. I have checked with codesign -dvvv ./myKext.kext And It's all right. codesign -dvvv ./myKext.kext returned following: Executable=/Path/to/myKext Identifier=com.myKext.kext.Firewall Format=bundle with Mach-O thin (x86_64) CodeDirectory v=20100 size=317 flags=0x0(none) hashes=9+3 location=embedded Hash type=sha1

Thread should wait for commplete the device request in kext programming

阅读更多关于 Thread should wait for commplete the device request in kext programming

问题 I am developing a device driver on mac. my question is how can we make a device request asynchronous to synchronous. like i send a send encapsulated command to device and get it response using get encapsulated command after getting a notification on interrupt pipe. so how can i make my thread will wait until all above request is not completed (both send and get) . 回答1: You'll probably have to be a bit more specific than that. But in general, if you need a thread to sleep until some function

MacOS High Sierra KEXT Loading - Are there any ways to cancel user approval?

阅读更多关于 MacOS High Sierra KEXT Loading - Are there any ways to cancel user approval?

As some kinds of MacOS developers know, Apple implemented Secure Kernel Extension Loading . Users can approve third party KEXT by clicking Approve button in Security and Privacy . However, once the KEXT is approved, are there any methods for cancelling the approval? Imagine, the case of testing the app with KEXT loading, etc. If there are no way but the clean install, it's very difficult to test apps. The information about approvals is stored in sqlite3 database: /var/db/SystemPolicyConfiguration/KextPolicy The tables you're interested in are: kext_policy and kext_load_history_v3 . E.g. here

Can't sign kext in Mavericks/Yosemite?

阅读更多关于 Can't sign kext in Mavericks/Yosemite?

问题 Goal: to sign my own packages, and my own kernel extensions. "My own" in the context means "that I wrote, or that I picked elsewhere, recompiled myself from their sources, and want to install on my machine. Problem: Mavericks does not accept my signature with Code Signing Failure: code signature is invalid (but loads the kext), Yosemite won't even load it. I have my own CA, and code-signing certs. I've been able to successfully sign code and set up policies that would allow code signed by the

codesigned kext But why not load in Yosemite(10.10)

阅读更多关于 codesigned kext But why not load in Yosemite(10.10)

I had a code signing on kext in Yosemite. But kextload is failed. It was version2 codesign. codesign --verify is true. But kextload is failed. Why not load in Yosemite? Here is my log. I have checked with codesign -dvvv ./myKext.kext And It's all right. codesign -dvvv ./myKext.kext returned following: Executable=/Path/to/myKext Identifier=com.myKext.kext.Firewall Format=bundle with Mach-O thin (x86_64) CodeDirectory v=20100 size=317 flags=0x0(none) hashes=9+3 location=embedded Hash type=sha1 size=20 CDHash=d0ff68bd8b49c650f45349c2d1570d45a8c1f148 Signature size=8544 Authority=Developer ID

Get process creation notification in Mac OS X

阅读更多关于 Get process creation notification in Mac OS X

I am trying to write kext for Mac OS X which will get notified when any process is started. In Windows you can do this by calling PsSetLoadImageNotifyRoutine(...) and specify callback which will be called when the process is starting. This is documented way and it works in all Windows starting from Win 2k. Is there anything similar for Mac? It seems like this is possible to achieve using kauth process listeners, but process scope has never been implemented in OS X. Another alternative is to hook SYS_execve and friends, but this is undocumented and unsupported way. I really don't want to go