Advanced Mac OS X Rootkits.pdf - Reverse Engineering Mac OS X

More documents

Recommendations

Info

MACHIAVELLI DEMO40
Miscellaneous Agent services• Agent must provide initial Mach ports:–host port–task_for_pid() (if pid == 0 => returns kerneltask port)• As OS X is a Mach/Unix hybrid, justcontrolling Mach is not enough–i.e. How to list processes?• Instead of implementing Unix functionalityin Agent, inject Mach RPC server code into41
Page 1 and 2: AdvancedMac OS X RootkitsDino Dai Z
Page 3 and 4: WHAT IS MACH?3
Page 5 and 6: Mac OS X System ArchitectureSUP DAW
Page 7 and 8: Mach Microkernel Abstractions• Ta
Page 9 and 10: Example: Bootstrap server• Tasks
Page 11 and 12: Mach Tasks vs. BSD Processes• Mac
Page 13 and 14: Mach Task/Thread System Calls•Mac
Page 15 and 16: Why Mach-based Rootkits?• Traditi
Page 17 and 18: Injecting Mach Threads• Get acces
Page 19 and 20: Injecting Mach Bundles• Inject th
Page 21 and 22: Hooking and Swizzling• Hooking C
Page 23 and 24: INJECTED BUNDLE DEMO23
Page 25 and 26: NetMessage and NetName servers• N
Page 27 and 28: Machiavelli Architecture• Machiav
Page 29 and 30: Machiavelli Message FlowMachiavelli
Page 35 and 36: Complex Mach Messages• “Complex
Page 37 and 38: Serializing Mach Messages• Serial
Page 39: Machiavelli exampleint main(int arg
Page 43 and 44: MACH IN THE KERNEL43
Page 45 and 46: Uncloaking Kernel Rootkits• Acces
Page 47 and 48: Evasive Maneuvers• Unix system ca
Page 49 and 50: Example: inject_subsystemint inject
Page 51: Conclusion• Mach is a whole lot o

Advanced Mac OS X Rootkits.pdf - Reverse Engineering Mac OS X

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?