Re: Need to gain access to unexported symbols
Re: Need to gain access to unexported symbols
- Subject: Re: Need to gain access to unexported symbols
- From: Terry Lambert <email@hidden>
- Date: Wed, 14 Jul 2010 11:22:52 -0700
Hi, I'm the one who rewrote the exec code several times since Panther, including implementing the posix_spawn() code, and adding the execsw[] table, as well as dealing with many of the issues of multithreaded [v]fork() and exec() introduced by GCD.
No data table is likely to become KPI, for the simple reason that data interfaces can't be as easily revised as procedural interfaces, and locking it into a specific data structure design is simply bad engineering practice.
Likewise, any procedural KPI for adding your own entries is unlikely to permit overriding existing entries, which would, in my preference, be in read-only pages whose mappings are not under kernel control, and not accessible by physical address. This would be for security reasons. New entries, if permitted, would most likely go at the end of the table. This would accommodate Evan's PELoader code for the modified COFF executables used for Windows .EXE files, since they don't match the "magic numbers" for existing entries, and things like Amit Singh's ELF loader code, but *NOT* accommodate interposition, for which other KPI would be preferred.
I'm aware of how the execsw[] hacks work in both cases, and the use is, as I've explained before, unsupported, although no one has gone out of their way to explicitly break it, and probably no one will unless there's a compelling reason to change the data structure. But people should be aware of the issues surrounding the use of this type of hack.
If you have a specific request for KPI for this sort of thing, or for other reasons, please file a bug report including your rationale and the problem(s) you are trying to solve.
Without a bug report to hang the code changes off of, we have to arrive at it ourselves as desired feature work, and without a customer, it's not likely to make a product schedule unless it's a blindingly brilliant idea.
-- Terry
On Jul 14, 2010, at 9:46 AM, Antoine Missout wrote:
> I hope Apple will provide an API to add/remove entries in execsw. They could at least leave a few blank entries :P
> We also modify the table for other reasons in a product we'll soon release, and we might conflict if our kext and yours are not unloaded in reverse order of loading.
> Not sure how we can avoid this without official KPIs.
> - Antoine
>
>
> On 2010-07-14, at 10:12 AM, Evan Lojewski wrote:
>
>> I neglected to mention that I've only used this approach on Snow
>> Leopard. When using it on Leopard, I did run into one or two issues.
>> I'll setup a Leopard machine tonight to verify if it works or not.
>>
>> I'd suggest placing the symbol kext inside of your real kext
>> (Contents/PlugIns/MissyingSymbols.kext) rather than placing it in
>> System.kext. I'd also suggest that you don't use com.apple.kpi for the
>> bundle identifier, use your own identifier for this.
>>
>> On Snow Leopard (not sure about leopard), kextstat does report the
>> com.apple.kpi.* and com.apple.kernel.* kexts. When I load the symbol
>> kext it also shows up.
>>
>> If you want to test a kext on Leopard that I know works perfectly on
>> Snow Leopard using this method, this
>> (http://dl.dropbox.com/u/863180/wineHelper.kext.zip) should work,
>> however I haven't tested it on Leopard. This kext just modifies the
>> _execsw variable to cause the kernel to load wine when an .exe file is
>> run.
>>
>> Evan Lojewski
>>
>> On Wed, Jul 14, 2010 at 6:21 AM, Platon Fomichev <email@hidden> wrote:
>>> Dear Evan
>>>
>>> I tried your approach (Leopard 10.5.8) and indeed it sounds like a
>>> salvation. Alas it does not work. I will show my progress:
>>>
>>> 1) Created a 'symbol' kext that has several exports. Placed it into PlugIns,
>>> touched the 'Extensions' and tried to load it.
>>>
>>> iMac:Development stauff$ sudo kextload
>>> /System/Library/Extensions/System.kext/PlugIns/MissingSymbols.kext/
>>> extension
>>> /System/Library/Extensions/System.kext/PlugIns/MissingSymbols.kext/ is a
>>> kernel component
>>>
>>> After reboot it does not show up in kextstat, and probably won't as I
>>> haven't found any traces of system loading PlugIns module, they are
>>> hardcoded into KernelConfigTables.cpp
>>>
>>> 2) Created a 'real' kext that links against 'symbol' kext. Tried loading it.
>>> Here is a log:
>>>
>>> kextload: mapping module file
>>> /System/Library/Extensions/System.kext/PlugIns/System6.0.kext/kernel.6.0
>>> kextload: module file
>>> /System/Library/Extensions/System.kext/PlugIns/System6.0.kext/kernel.6.0 is
>>> already mapped
>>> kextload: mapping module file
>>> /System/Library/Extensions/System.kext/PlugIns/MissingSymbols.kext/MissingSymbols
>>> <-------- Here is symbol kext
>>> kextload: module file
>>> /System/Library/Extensions/System.kext/PlugIns/MissingSymbols.kext/MissingSymbols
>>> is already mapped
>>> kextload: mapping module file
>>> /System/Library/Extensions/System.kext/PlugIns/BSDKernel.kext/BSDKernel
>>> kextload: module file
>>> /System/Library/Extensions/System.kext/PlugIns/BSDKernel.kext/BSDKernel is
>>> already mapped
>>> kextload: mapping module file
>>> /System/Library/Extensions/System.kext/PlugIns/Unsupported.kext/Unsupported
>>> kextload: module file
>>> /System/Library/Extensions/System.kext/PlugIns/Unsupported.kext/Unsupported
>>> is already mapped
>>> kextload: mapping module file
>>> /System/Library/Extensions/System.kext/PlugIns/Libkern.kext/Libkern
>>> kextload: module file
>>> /System/Library/Extensions/System.kext/PlugIns/Libkern.kext/Libkern is
>>> already mapped
>>> kextload: mapping module file
>>> /Users/stauff/cvs/wm/client/osx/build/Development/testnke.kext/Contents/MacOS/testnke
>>> kextload: module file
>>> /Users/stauff/cvs/wm/client/osx/build/Development/testnke.kext/Contents/MacOS/testnke
>>> is already mapped
>>> kextload: patching C++ code in module
>>> /Users/stauff/cvs/wm/client/osx/build/Development/testnke.kext/Contents/MacOS/testnke
>>> kextload: link/loading file
>>> /System/Library/Extensions/System.kext/PlugIns/System6.0.kext/kernel.6.0
>>> kextload: link/loading file
>>> /System/Library/Extensions/System.kext/PlugIns/MissingSymbols.kext/MissingSymbols
>>> <--- It is even loading
>>> kextload: link/loading file
>>> /System/Library/Extensions/System.kext/PlugIns/BSDKernel.kext/BSDKernel
>>> kextload: link/loading file
>>> /System/Library/Extensions/System.kext/PlugIns/Unsupported.kext/Unsupported
>>> kextload: link/loading file
>>> /System/Library/Extensions/System.kext/PlugIns/Libkern.kext/Libkern
>>> kextload: opaque link for
>>> /Users/stauff/cvs/wm/client/osx/build/Development/testnke.kext/Contents/MacOS/testnke
>>> kextload: link/loading file
>>> /Users/stauff/cvs/wm/client/osx/build/Development/testnke.kext/Contents/MacOS/testnke
>>> kextload: allocated 28672 bytes in kernel space at 0x41679000
>>> kextload: using load address of 0x41679000
>>> kextload: kmod name: com.aep.kext.idprint
>>> kextload: kmod start @ 0x4167eeee (offset 0x52ae)
>>> kextload: kmod stop @ 0x4167ef02 (offset 0x52c2)
>>> kextload: module com.aep.kext.idprint created as # 114 at address
>>> 0x41679000, size 28672
>>> kextload: adding reference from com.aep.kext.idprint (114) to
>>> com.apple.kpi.libkern (5)
>>> kextload: adding reference from com.aep.kext.idprint (114) to
>>> com.apple.kpi.unsupported (7)
>>> kextload: adding reference from com.aep.kext.idprint (114) to
>>> com.apple.kpi.bsd (2)
>>> kextload: adding reference from com.aep.kext.idprint (114) to
>>> com.apple.kpi.missingsymbols (0) <--- bad sign?? ID of missing symbols is
>>> zero
>>> kextload: kmod retain failed for com.aep.kext.idprint; destroying kmod
>>> kextload: a link/load error occured for kernel extension testnke.kext/
>>> kextload: clearing all version/dependency relationships among kernel
>>> extensions
>>> link/load failed for extension testnke.kext/
>>> (run kextload with -t for diagnostic output)
>>>
>>> What am I doing wrong, please advise.
>>>
>>> Best regards,
>>> Platon
>>>
>>> _______________________________________________
>>> Do not post admin requests to the list. They will be ignored.
>>> Darwin-kernel mailing list (email@hidden)
>>> Help/Unsubscribe/Update your Subscription:
>>>
>>> This email sent to email@hidden
>>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Darwin-kernel mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Darwin-kernel mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden