Stack Overflow
Stack Overflow

Questions tagged [xnu]

xnu is the name of the operating system kernel that underpins Mac OS X/darwin and iOS.

xnu is the name of the operating system kernel that underpins Darwin, which in turn is the core of Apple's macOS (formerly OS X and Mac OS X), iOS/iPadOS (formerly iPhoneOS), tvOS, and watchOS operating systems. It has its origins in the NeXTStep operating system, and is a combination of parts of the Mach kernel (mainly the virtual memory subsystem and inter-process communication via Mach "ports"), the 4.3BSD kernel (networking, process management, POSIX compatibility, VFS/file system layer) and a device driver subsystem called the I/O Kit, which was developed in C++ specifically for the xnu kernel.

147 questions
3
votes
1 answer

Retrieve path of process from OSX 10.10/10.11 kernel

I would like to retrieve the path of a process from a PID in a kext, like so: Get name from PID? However, sys/proc_info.h and libproc.h are not available anymore (afaik). Is there any other way to retrieve proc_info for a process struct proc *p from…
Vis
  • 301
  • 1
  • 10
3
votes
0 answers

Find symbol address of Mach-o from mach_header in memory

I have a mach-o file loaded in memory (via mmap) and need to get the address in the binary corresponding to a symbol, say mySym. I found a function called NSLookupSymbolInImage and thought I could use that and then use NSAddressOfSymbol to get the…
C0deH4cker
  • 3,959
  • 1
  • 24
  • 35
3
votes
1 answer

What is the effect of sleep and wakeup process on Kernel extension on OSx

I would like to know what is going on during sleep and wakeup process on OSx Kernel. Does a Kernel extension receive a new address space and start all over again its initialization process or the kernel simply puts the extension back in the same…
mrdvlpr
  • 526
  • 4
  • 20
3
votes
1 answer

Mach vm_read not returning the expected values for OSX 10.8.2

I just recently moved to the UNIX platform and currently doing research on operating systems. Right now, I am particularly interested at the design/implementation of XNU and currently on the topic of processes and memory. I have this code snippet…
iookl
  • 51
  • 3
3
votes
1 answer

XNU Thread States color-coded in Xcode/Instruments

I am doing some analysis of a multi-threaded application using the Apple Instruments tools, which give a lot of information I'm trying to make sense out of. I am trying to find a good resource to describe the thread states which are color-coded in…
jbat100
  • 16,757
  • 4
  • 45
  • 70
2
votes
1 answer

Why does lsyncd require xnu?

I am working through the steps of compiling lsyncd on Mac OS X (10.7.3 to be exact). Finally managed to it get it compiled despite a couple minor syntax errors in the lysncd source code; and I understand from Axel Kittenberger (the developer…
Calvin Cheng
  • 35,640
  • 39
  • 116
  • 167
2
votes
2 answers

Any tool to trace page fault and other related events for a specific file on iOS?

System Usage(Instruments) seems only trace explicit file io calls(open, close, write, read). System Trace(Instruments) trace page fault, but it is organized by call stack, make it hard to filter. So any tool can trace the low level io events for a…
Karl
  • 665
  • 4
  • 19
2
votes
1 answer

Fix kextcache "couldn't find symbol" errors after xnu build

I am trying to build and run an xnu-4570.41.2 kernel for OS X High Sierra 10.13.3. I am locally compiling it according to guides such as ssen's blog and this more recent tutorial. Once I compile the kernel, I load it onto a High Sierra 10.13.3…
eckenrod
  • 519
  • 4
  • 17
2
votes
0 answers

Detect file copying from kernel extension

I'm trying to build POC that identify file copying activity from kauth based kernel extension that using fileop scope callback. However, it seems that copying file involves two separate authentication operations (open src file from and create new…
Zohar81
  • 4,554
  • 5
  • 29
  • 82
2
votes
1 answer

Generic kernel Extension Cannot release OSObject derived class

I've got Generic Kernel Extension which is implemented in C++ example for the start and end routines, whereas all the other logic is stored within a dedicated class inherit from OSObject. it creates the class upon module start routine, and release…
user7256215
2
votes
1 answer

Prevent IOKit driver down in "kextunload" unless some clients remains connected

I've got IOKit base Driver/Deamons project with relationship of one to many (meaning multiple clients attached to single driver). The core driver is an IOKit object derived from IOService and is also the provider of driver clients derived from…
user7256215
2
votes
1 answer

How do you get the current process ID in Mac kernel extension code?

I was initially trying to use getpid() in my kernel module for OS X/macOS, is there a way to get the PID (process ID) of the process in whose context my kext is running in the kernel? Is there an existing function or variable that I can use ?
Anurag
  • 651
  • 4
  • 18
2
votes
0 answers

Kext reference from connected user-space clients

I'm using Kext which provides services to one or more user-space clients that communicate with it using iokit service. I'd like that each such client will take reference on the kext, so that it wouldn't be possible to unload the kext as long as…
Zohar81
  • 4,554
  • 5
  • 29
  • 82
2
votes
1 answer

vnode and file descriptor in xnu, where does the file operation vector is stored

In xnu we have the vnode_t entity which represent the file globally. Each process can access the file (assuming it has right permissions) by setting new file descriptor and set the vnode under fg_data fp->f_fglob->fg_data = vp; the vnode contain a…
user7256215
2
votes
2 answers

Show pointer value in kernel printouts (instead of ) on parallels VM that runs OS X 10.12

I'm working on a Kext that runs under 10.12.4 VM (I use parallels) and I'd like to enable pointer printouts (currently all pointers are hidden and appears on /var/log/system.log as ) Prior to 10.12 there was option to directly put away…
user7256215
1 2
3
9 10