Stack Overflow
Stack Overflow

Questions tagged [xnu]

xnu is the name of the operating system kernel that underpins Mac OS X/darwin and iOS.

xnu is the name of the operating system kernel that underpins Darwin, which in turn is the core of Apple's macOS (formerly OS X and Mac OS X), iOS/iPadOS (formerly iPhoneOS), tvOS, and watchOS operating systems. It has its origins in the NeXTStep operating system, and is a combination of parts of the Mach kernel (mainly the virtual memory subsystem and inter-process communication via Mach "ports"), the 4.3BSD kernel (networking, process management, POSIX compatibility, VFS/file system layer) and a device driver subsystem called the I/O Kit, which was developed in C++ specifically for the xnu kernel.

147 questions
1
vote
2 answers

"Failed to bind" while loading a kernel extension on macOS 13 Ventura

I try to build and load a basic kernel extension on macOS 13.2 Ventura on M1 (Apple Silicon). There is a lot of literature online on macOS kext. However, many things have changed in recent versions of macOS regarding kext and most of this literature…
Thierry Lelegard
  • 423
  • 2
  • 11
1
vote
0 answers

Injecting a Dylib into Processes Running Under Rosetta

I need to inject a dynamic library into a process exclusively targeting the x86_64 instruction set. My host architecture is aarch64. I attempted injection using the following C++ code... #define CHKERR(x) if (kr != KERN_SUCCESS) {std::cout << kr <<…
Angelo DeLuca
  • 55
  • 9
1
vote
2 answers

C function for combining an array of strings into a single string in a loop and return the string after freeing the allocated memory

I'm working on a procfs kernel extension for macOS and trying to implement a feature that emulates Linux’s /proc/cpuinfo similar to what FreeBSD does with its linprocfs. Since I'm trying to learn, and since not every bit of FreeBSD code can simply…
Sunneva
  • 13
  • 4
1
vote
1 answer

Kernel debug two physical MacBook pro devices

I'm trying to kernel debug a physical Macbook pro device. When my setup contains a VM, between a host MacOS and guest MacOS, its working with no problem using lldb -o "kdp-remote " my boot-args on my remote (to debug) Macbook…
0xAK
  • 230
  • 2
  • 15
1
vote
1 answer

task_policy_get in a KEXT causing `Failed to bind as could not find a kext which exports this symbol`

I'm attempting to use task_policy_get from a KEXT and am receiving the following error: sudo /usr/bin/kmutil load -p myKext Error Domain=KMErrorDomain Code=31 "Error occurred while building a collection: 1: One or more binaries has an error which…
dmaclach
  • 3,403
  • 1
  • 21
  • 23
1
vote
1 answer

macOS Monitor new forked processes using kevents

I'm trying to monitor all newly created processes using Kevents by monitoring EVFILT_PROC using launchd pid, which is 1: struct kevent ke = { 0 }; const pid_t pid_of_launchd = 1; EV_SET(&ke, pid_of_launchd, EVFILT_PROC, EV_ENABLE | EV_ADD |…
Ted
  • 11
  • 1
1
vote
2 answers

Is there a way to step into kernel code with lldb, or otherwise, on the Mac?

Is there a way to see the code that is being called by a syscall instruction with lldb, or otherwise, on the Mac? I am trying to understand what goes behind the hood when a "write" syscall is called. I have compiled a simple .c program with gcc…
forgodsakehold
  • 870
  • 10
  • 26
1
vote
1 answer

How do i get current processor id in macOS KEXT

I found kern/processor.h files that include current_processor(). But I cannot use current_processor() even i include kern/processor.h file. Is there any methods to get current processor id? Add 030420 : I need any methods that get current processor…
이유찬
  • 43
  • 4
1
vote
1 answer

What are "jetsam priorities"?

Can someone explain what "jetsam priorities" are? They are something that is enforced by launchd. I suspect that they are a way of throttling down the CPU for a particular process, but I don't know for sure.
Kristina
  • 15,859
  • 29
  • 111
  • 181
1
vote
0 answers

lldb affecting rcx value upon EXC_SYSCALL

I noticed that upon an invalid 64bit MacOS syscall xor eax,eax syscall ;lldb stops here after the syscall When lldb stops the process while single stepping on: thread #1, stop reason = EXC_SYSCALL (code=5797, subcode=0x1) The rcx is equal…
Kamil.S
  • 5,205
  • 2
  • 22
  • 51
1
vote
1 answer

How to use atos to properly symbolicate addresses from OSReportWithBacktrace?

I am trying to hunt down retain leaks in an open-source project to support I2C based trackpads (https://github.com/kprinssu/VoodooI2CHID). The reason why I believe that there are retain leaks is because when I attempt to unload the kernel extension…
kprinssu
  • 13
  • 5
1
vote
1 answer

Kauth event upon start process. - prevention capabilities

I'd like to get event in kernel on each new process that starts (fork+execve or posix_spawn), and be able to prevent this operations. The first option would be using Mac framework named mpo_vnode_check_exec by Hooking to this method with function…
Zohar81
  • 4,554
  • 5
  • 29
  • 82
1
vote
2 answers

High Sierra - KDP is not listening for new connections

I created a setup of a guest virtual machine High Sierra which runs by VirtualBox. I KDP on both guest and host. I copied the development version of XNU from the KDP directory into the kernel directory on both guest and host. I read that VirtualBox…
user1341970
  • 449
  • 2
  • 7
  • 15
1
vote
1 answer

Singleton class in IOKit based kext driver

I've got a class that maintain instance from type class IOSharedDataQueue : public IODataQueue which is IOKit object. The class is decoupled and called from various methods of the main class, which is IOKit based class (derived from…
Zohar81
  • 4,554
  • 5
  • 29
  • 82
1
vote
0 answers

Kernel Extensions Fail To Load On Totally Fresh High Sierra Install

I strongly suspect that this is a High Sierra bug but really I don't know. I hope to fix this myself but I don't have a clue. === Edit: I now think this a bug in User-Approved Kernel Extension Loading. The kexts will load when permission is…
Mike Crawford
  • 2,232
  • 2
  • 18
  • 28
1 2 3
9 10