Stack Overflow
Stack Overflow

Questions tagged [xnu]

xnu is the name of the operating system kernel that underpins Mac OS X/darwin and iOS.

xnu is the name of the operating system kernel that underpins Darwin, which in turn is the core of Apple's macOS (formerly OS X and Mac OS X), iOS/iPadOS (formerly iPhoneOS), tvOS, and watchOS operating systems. It has its origins in the NeXTStep operating system, and is a combination of parts of the Mach kernel (mainly the virtual memory subsystem and inter-process communication via Mach "ports"), the 4.3BSD kernel (networking, process management, POSIX compatibility, VFS/file system layer) and a device driver subsystem called the I/O Kit, which was developed in C++ specifically for the xnu kernel.

147 questions
1
vote
1 answer

Is there a way to log a stack trace with symbols from a kext on osx?

I would like to use it to debug kernel drivers but I would try to avoid to add logging to all functions. OSReportWithBacktrace seems to work but I need symbols.
Gabor Forgacs
  • 495
  • 1
  • 7
  • 16
1
vote
0 answers

KextManagerLoadKextWithIdentifier fail to load kext.

I'm trying to load my kext with the user-space method KextManagerLoadKextWithIdentifier which failed for the following reasons. default 06:45:47.223261 -0700 kernel CODE SIGNING: cs_invalid_page(0x1030b8000): p=827[client] final status…
Zohar81
  • 4,554
  • 5
  • 29
  • 82
1
vote
1 answer

What is wrong with mmap system-call on Mac OS X?

I am trying to write a simple application on Mac OS X using only syscalls, no standard library. main.c #define PROT_READ 0x1 #define PROT_WRITE 0x2 #define MAP_ANONYMOUS 0x20 #define MAP_PRIVATE 0x02 #define PAGE_SIZE 4096 #define NULL 0 #define…
saferif
  • 187
  • 10
1
vote
1 answer

Mach pager loading file to memory in mmap file

following my question here, I've extended my research about the actual read/write from file to memory and vice versa when calling file mmap. unlike READ and WRITE syscalls, the MMAP case is different, as it can be shown in the backtrace…
user7256215
1
vote
2 answers

Can I find the library that created a named OSMallocTag?

I use the allocations instrument to measure heap usage in my iOS app. I find that a significant amount of memory is allocated in a region with the tag name "Memory Tag 70", and I would like to know who is responsible for that so I can chase…
user23743
1
vote
1 answer

Kext driver cannot find symbol OSPrintBacktrace

I'm using the following function when one of my iokit commands is being called. it defined in extern void OSPrintBacktrace(void); however, my kext seems that my kext fail to load since it couldn't find this symbol.. 12/26/16 10:02:53.000 AM…
user7256215
1
vote
0 answers

OSX using FSevents or Kernel queues to catch open for non-existent file

I'd like build a user-space tool that monitor any attempt to open non-existent file with specific path+name (it doesn't appear in filesystem). Looking at the the available option, the one that is closest to my need is using kevent framework. Here's…
Zohar81
  • 4,554
  • 5
  • 29
  • 82
1
vote
0 answers

`uname -m` differs from `arch` after deployed an El Capitan VM with Virtualbox (5.x)

I am going to get an El Capitan virtual machine. I have a VirtualBox v5.1.6 which runs on a CentOS-7.2/i5-6042P x64 machine. I followed the steps 'https://techsviewer.com/how-to-install-mac-os-x-el-capitan-on-pc-on-virtualbox/', which finally helps…
Sid Moore
  • 11
  • 2
1
vote
3 answers

Check sender when listening to unix socket

I've got process that listen to unix socket. However, before i read, i'd like to check some meta data about this incoming message such as it's source process (say i'd like to drop messages from non trusted senders). is there any syscall that…
Zohar81
  • 4,554
  • 5
  • 29
  • 82
1
vote
1 answer

Race: callbacks and removing callbacks during unload of kext in OSX

There doesn't appear to be synchronization between establishing/removing callbacks (e.g. kauth_unlisten_scope) and the callbacks themselves (in the xnu codebase, yes, I know, it's dated). This puts the burden of tracking/draining callbacks and…
MJZ
  • 1,074
  • 6
  • 12
1
vote
1 answer

Coredump size different than process virtual memory space

I'm working on OS X 10.11, and generated dump file in the following manner : 1. ulimit -c unlimited 2. kill -10 5228 (process pid) and got dump file with the rolling attributes : 642M Jun 26 15:00 core.5228 Right before that, I checked the process…
Zohar81
  • 4,554
  • 5
  • 29
  • 82
1
vote
1 answer

Difference between GetWorkLoop()->runAction and GetCommandGate()->runAction?

This has been confusing me for a long time. In my IOkit driver,I registered interrupt event source, timer event source to workloop. and I use GetWorkLoop()->runAction(pAction) for hardware access. so, all hardware access from interrupt handler and…
Song
  • 97
  • 7
1
vote
2 answers

Run Linux exectuable on another POSIX kernel

Is it theoretically possible to execute built for one POSIX kernel (Linux for example) on second (Darwin's XNU for example) And why it isn't possible? If it's because of libraries and/or shared objects, maybe it's possible to leave just kernel and…
stek29
  • 395
  • 4
  • 14
1
vote
2 answers

XNU: getting process startup and cleanup notifications in kext

What is the best way to be notified when a process has been launched & exited in an kernel extension? I know that I can use KAuth to subscribe for a process creation (KAUTH_VNODE_EXECUTE). How about subscribing to a process cleanup?
antonone
  • 2,045
  • 1
  • 25
  • 35
1
vote
1 answer

How can I find the xnu version that corresponds to a particular OS X release?

I'm attempting to find the list of supported syscalls in an old version of OS X. For each version of the XNU kernel, there is a syscalls.master file that gives me what I want (for example, here is one for XNU 2782.20.48). I can see my current XNU…
jacobsa
  • 5,719
  • 1
  • 28
  • 60
1 2 3
9 10