Down the Rabbit Hole - Reverse Engineering Mac OS X

More documents

Recommendations

Info

Lame Override Animation! Escape Island AtomicallyEngagedreentry islandmyMallocescape islandmallocmalloc clientMonday, February 9, 2009
Function Overriding DetailsDiscover the function’s address. Use_dyld_lookup_and_bind[with_hint]()and NSIsSymbolNameDefined[WithHint]().Test the waters. Watch out for functions that start withthe mfctr instruction.Make the original function writable. vm_protect().Allocate the escape island. Use vm_allocate().Target the escape island and make it executable. Usemsync().Monday, February 9, 2009
Page 1 and 2: Dynamically Overriding Mac OS XDown
Page 3: What Happened toHow to Hack Mac OS
Page 7 and 8: Function OverridingIdeally, overrid
Page 9 and 10: CFM vs MachExporter-Owned Vector Ta
Page 11 and 12: Function OverridingWhat will work:
Page 13 and 14: Single-Instruction OverwritingRepla
Page 15 and 16: The Branch IslandWe can allocate a
Page 17: Inside the Branch IslandC definitio
Page 21: Lame Override Animation! Reentry Is
Page 25 and 26: Code Injection OverviewFunction ove
Page 27 and 28: Code Injection DetailsAllocate a re
Page 29 and 30: Code & Doc AvailabilityTwo packages

Down the Rabbit Hole - Reverse Engineering Mac OS X

Create successful ePaper yourself

Delete template?

Save as template?