Down the Rabbit Hole - Reverse Engineering Mac OS X

More documents

Recommendations

Info

Code Injection LeakageWhile the injected thread can stop itself, it can’tdelete itself (it would need to deallocate its own stackand code while running).May be work-arounds, like the injected threadspawning another “normal” cleanup thread.Another solution is to install a permanent “injectionmanager” thread, that would start a Mach server tohandle future injections via IPC.Bonus feature: such an “injection server” wouldeliminate the need to start a new thread perinjection.Monday, February 9, 2009
Code & Doc AvailabilityTwo packages, both written in C:mach_override: Implements function overriding.http://rentzsch.com/mach_overridemach_inject: Implements code injection.http://rentzsch.com/mach_injectCode is hosted by Extendamac (BSD-style license)http://extendamac.sourceforge.netMonday, February 9, 2009
Page 1 and 2: Dynamically Overriding Mac OS XDown
Page 3: What Happened toHow to Hack Mac OS
Page 7 and 8: Function OverridingIdeally, overrid
Page 9 and 10: CFM vs MachExporter-Owned Vector Ta
Page 11 and 12: Function OverridingWhat will work:
Page 13 and 14: Single-Instruction OverwritingRepla
Page 15 and 16: The Branch IslandWe can allocate a
Page 17: Inside the Branch IslandC definitio
Page 21 and 22: Lame Override Animation! Reentry Is
Page 23 and 24: Function Overriding DetailsDiscover
Page 25 and 26: Code Injection OverviewFunction ove
Page 27: Code Injection DetailsAllocate a re

Down the Rabbit Hole - Reverse Engineering Mac OS X

Create successful ePaper yourself

Delete template?

Save as template?