Re: Inspecting kernel memory
Re: Inspecting kernel memory
- Subject: Re: Inspecting kernel memory
- From: email@hidden
- Date: Sun, 06 Mar 2011 20:07:21 +1100
Sure. I'm adapting some code written by Dino Dai Zovi for the 10.5 kernel to scan VM regions and find Mach-O objects loaded into kernel memory as a means of identifying potentially malicious code. It's purely a proof of concept and an exercise in understanding the kernel VM system, not something I'm going to release or expecting to work with future kernel versions.
- snare
On 06/03/2011, at 7:45 PM, Alexander von Below wrote:
> Would you mind explaining it to the rest? I am not saying you are doing something bad, but perhaps something that is prone to break with even a minor update of the core
>
> Alex
>
> Von meinem iPhone gesendet
>
> Am 06.03.2011 um 04:25 schrieb email@hidden:
>
>>> I won't ask what you are trying to do, since there is no legitimate use for inspecting kernel memory.
>>
>> If you say so. I won't explain why you're wrong since you seem convinced I'm doing something bad.
>>
>> - snare.
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Darwin-kernel mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden