Down the Rabbit Hole - Reverse Engineering Mac OS X
Down the Rabbit Hole - Reverse Engineering Mac OS X
Down the Rabbit Hole - Reverse Engineering Mac OS X
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Code Injection LeakageWhile <strong>the</strong> injected thread can stop itself, it can’tdelete itself (it would need to deallocate its own stackand code while running).May be work-arounds, like <strong>the</strong> injected threadspawning ano<strong>the</strong>r “normal” cleanup thread.Ano<strong>the</strong>r solution is to install a permanent “injectionmanager” thread, that would start a <strong>Mac</strong>h server tohandle future injections via IPC.Bonus feature: such an “injection server” wouldeliminate <strong>the</strong> need to start a new thread perinjection.Monday, February 9, 2009