Re: Inspecting kernel memory
site_archiver@lists.apple.com Delivered-To: Darwin-kernel@lists.apple.com Sure. I'm adapting some code written by Dino Dai Zovi for the 10.5 kernel to scan VM regions and find Mach-O objects loaded into kernel memory as a means of identifying potentially malicious code. It's purely a proof of concept and an exercise in understanding the kernel VM system, not something I'm going to release or expecting to work with future kernel versions. - snare On 06/03/2011, at 7:45 PM, Alexander von Below wrote:
Would you mind explaining it to the rest? I am not saying you are doing something bad, but perhaps something that is prone to break with even a minor update of the core
Alex
Von meinem iPhone gesendet
Am 06.03.2011 um 04:25 schrieb snare+darwin-kernel@ragequ.it:
I won't ask what you are trying to do, since there is no legitimate use for inspecting kernel memory.
If you say so. I won't explain why you're wrong since you seem convinced I'm doing something bad.
- snare. _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/below%40mac.com
This email sent to below@mac.com
_______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.a... This email sent to site_archiver@lists.apple.com
participants (1)
-
snare+darwin-kernel@ragequ.it