Advanced Mac OS X Rootkits.pdf - Reverse Engineering Mac OS X
Advanced Mac OS X Rootkits.pdf - Reverse Engineering Mac OS X
Advanced Mac OS X Rootkits.pdf - Reverse Engineering Mac OS X
- No tags were found...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Interposing on Kernel <strong>Mac</strong>h RPC• <strong>Mac</strong>h system calls allow <strong>Mac</strong>h RPC to in-kernelservers which perform task, thread, and VMoperations• RPC routines are stored in the mig_buckets hashtable by subsystem id + subroutine id• Analogous to sysent table for Unix system calls• Incoming <strong>Mac</strong>h messages sent to a kernel-ownedport are dispatched through mig_buckets• We can interpose on these function calls or injectnew RPC servers by modifying this hash table48