Re: Obtaining non-exported symbol from kernel on runtime (without the debug symbols)
Re: Obtaining non-exported symbol from kernel on runtime (without the debug symbols)
- Subject: Re: Obtaining non-exported symbol from kernel on runtime (without the debug symbols)
- From: "John D." <email@hidden>
- Date: Sun, 14 Dec 2008 17:13:37 +0100
That's just messed up. This is a KEXT, I can't force people to rebuild
the kernel or patch it right away.
I guess I will have to search memory with a function hash of sorts,
but seems like a hack. I don't know why Apple decided to stop
exporting some really useful API (namely some kauth and proc
functions), plus restricting access to proc structure definitions by
providing a crippled public one.
My KEXT project is related with collecting statistics of processes so
the non exported API is a bummer.
John.
On Sat, Dec 13, 2008 at 5:35 AM, Michael Smith <email@hidden> wrote:
>
> On Dec 12, 2008, at 8:15 PM, John D. wrote:
>
>> I'm working on a college project and I would like to access some
>> non-exported API. For example chgproccnt and kld_file_lookupsymbol. I
>> want to be able to obtain a symbol address from a kernel extension,
>> say, of the mach_kernel file. This could come handy but apparently
>> none of the useful API is available to extensions. Has anyone done
>> anything similar or can provide a suggestion to access
>> kld_file_lookupsymbol() without using static addresses (to avoid
>> version-specific builds, since Apple can change it anytime).
>
> You will need to build your own kernel.
>
> = Mike
>
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden