• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: accessing argv on exec
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: accessing argv on exec

  • Subject: Re: accessing argv on exec
  • From: Evan Lojewski <email@hidden>
  • Date: Tue, 11 Nov 2014 16:25:46 -0800


On Tue, Nov 11, 2014 at 10:04 AM, Peter Moody <email@hidden> wrote:

On Tue, Nov 11 2014 at 07:18, Evan Lojewski wrote:
> Hi Pete,
>
> From my (limited) scan through kern_exec.c, it doesn't look like there is a
> good way get access to the full command line. Someone at Apple will
> probably be able to suggest a good option.
>
> *IF* this is a non-production kext, it is possible to update the execsw
> table to allow your kext to get access to this information, however it does
> require using private symbols. If you'd like an example on how to do that
> let me know and I'll send some code, but hopefully Apple has a better
> option that they can reply with first.

Hey Evan,

I'd love to see some code. I don't think I'll be able to convince our
macops team to support it, but seeing how it could be done is still
probably worthwhile.

re auditd: we're actually doing something like that right now, but AIUI
our IR team has found it lacking. I've spent the last year or so
implementing for linux what I'm looking to implement here for the mac,
hence the noobish question.

 Cheers,
 peter


Hi Peter,
Here's some simple code form the days of 10.6. I expect it should still work with minor tweaks (and commenting the printfs).

https://dl.dropboxusercontent.com/u/863180/kextcacheHelper/KextcacheHelper.cpp
https://dl.dropboxusercontent.com/u/863180/kextcacheHelper/kextcacheHelper.zip

Let me know if you have questions.

Evan Lojewski 
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • RE: accessing argv on exec
      • From: "Manu ." <email@hidden>
References: 
 >accessing argv on exec (From: Peter Moody <email@hidden>)
 >Re: accessing argv on exec (From: Evan Lojewski <email@hidden>)
 >Re: accessing argv on exec (From: Peter Moody <email@hidden>)

  • Prev by Date: Re: accessing argv on exec
  • Next by Date: RE: accessing argv on exec
  • Previous by thread: Re: accessing argv on exec
  • Next by thread: RE: accessing argv on exec
  • Index(es):
    • Date
    • Thread