Alexander Dimitrov via Filesystem-dev wrote:
I haven't done mac kernel programming in a while, but if it is still
possible to read a file from kernel space I could suggest an alternative
- parse the symbol table of /System/Library/Kernels/kernel and find the
offsets of the symbols you need, then offset them against the current
base of the running kernel. One way to find the base of the
loaded kernel is to check where a public symbol is located against its
offset from the kernel's symbol table. Looks like all the symbols you
need are present in the symbol table of 11.1 kernel.
This method is still hacky but at least it won't rely on hardcoded
offsets. It will break if the declaration of the used symbols changes,
though...
It gets complicated with ARM, and the authenticated pointers. I don't
think I can make an authenticated pointer, to then just call a function.
Right?
Lund
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Filesystem-dev mailing list (Filesystem-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/filesystem-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
