(forgot to reply-all) Hello,
> vnode_iocount() > Used to avoid deadlock, it will call it async if the value is 1, > otherwise call it directly. Frustratingly, hfs source call it without > any magic, but I assume kextloading checks for com.apple and allows > Private.export functions. Not sure I can think of an alternate method, > but I really don't want to ((unsigned long *)vnode)[44] - that is so hacky. I haven't done mac kernel programming in a while, but if it is still possible to read a file from kernel space I could suggest an alternative - parse the symbol table of /System/Library/Kernels/kernel and find the offsets of the symbols you need, then offset them against the current base of the running kernel. One way to find the base of the loaded kernel is to check where a public symbol is located against its offset from the kernel's symbol table. Looks like all the symbols you need are present in the symbol table of 11.1 kernel. This method is still hacky but at least it won't rely on hardcoded offsets. It will break if the declaration of the used symbols changes, though... Best, Alex
_______________________________________________ Do not post admin requests to the list. They will be ignored. Filesystem-dev mailing list (Filesystem-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/filesystem-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
