Stack Overflow
Stack Overflow

Questions tagged [xnu]

xnu is the name of the operating system kernel that underpins Mac OS X/darwin and iOS.

xnu is the name of the operating system kernel that underpins Darwin, which in turn is the core of Apple's macOS (formerly OS X and Mac OS X), iOS/iPadOS (formerly iPhoneOS), tvOS, and watchOS operating systems. It has its origins in the NeXTStep operating system, and is a combination of parts of the Mach kernel (mainly the virtual memory subsystem and inter-process communication via Mach "ports"), the 4.3BSD kernel (networking, process management, POSIX compatibility, VFS/file system layer) and a device driver subsystem called the I/O Kit, which was developed in C++ specifically for the xnu kernel.

147 questions
14
votes
2 answers

What is required for a Mach-O executable to load?

I am attempting to hand-write a Mach-O executable. There are three load commands: LC_SEGMENT_64 loading __PAGEZERO LC_SEGMENT_64 loading __TEXT, with a single __text section LC_UNIXTHREAD with an appropriately-set rip Every command matches the…
wirelyre
  • 145
  • 1
  • 7
14
votes
1 answer

Risks and rewards of using /dev/autofs_nowait on OS X

Throughout the CoreFoundation framework source, POSIX filesystem API calls (e.g. open(), stat(), et al…) are wrapped in an idiom wherein a descriptor on /dev/autofs_nowait is acquired – with open(…, 0) – before the POSIX calls are made; afterwards…
fish2000
  • 4,289
  • 2
  • 37
  • 76
8
votes
1 answer

What is the Non UI role in crash reports

When analysing crash reports, I'm seeing a Non UI role that I have never seen before. I am trying to understand what state of the app it corresponds to. Hardware Model: iPhone7,2 Code Type: ARM-64 (Native) Role: Non…
deadbeef
  • 5,409
  • 2
  • 17
  • 47
6
votes
2 answers

Porting a kernel to a different architecture?

I want to port the xnu kernel to the ARM architecture, with the ultimate goal of being able to run a full kernel inside Qemu. While I do realise that this is a very difficult task, I still want to have a go at it. As far as I know, you're meant to…
Kristina
  • 15,859
  • 29
  • 111
  • 181
6
votes
1 answer

Locate __proc_info symbol in XNU project

I'd like to figure out how does VMMAP process operates. After running this executable with dtrace, it seems that the method proc_regionfilename that extract the address space of each section in the virtual memory. So, I dug a little deeper, and…
Zohar81
  • 4,554
  • 5
  • 29
  • 82
5
votes
1 answer

How does OS X generate a crash report?

The material available from web, mail-list, books like Mac OS X Internals, and even source code is quite limited. Now I know that xnu kernel raise an EXC_CRASH, which notify launched to start "Problem Reporter.app" (prior is Crash Reporter.app). Is…
Middleware
  • 330
  • 2
  • 13
5
votes
1 answer

How do I allocate memory buffers which may be reclaimed by the OS for caching in a Mac OS X kernel extension?

Based on documentation and xnu source I've read, I understand that Mac OS X caches file I/O using the Unified Buffer Cache (UBC). The UBC grows as big as it can based on available RAM, but UBC pages are some of the first to be sacrificed when memory…
pmdj
  • 22,018
  • 3
  • 52
  • 103
5
votes
2 answers

sending IOKit command with dynamic length

I'm using IOKit framework to communicate with my driver using IOConnectCallMethod from the user-space client and IOExternalMethodDispatch on the driver side. So far I was able to send fixed length commands, and now I wish to send a varied size…
Zohar81
  • 4,554
  • 5
  • 29
  • 82
5
votes
1 answer

OS X kernel panic diagnostics. How to translate backtrace addresses

I'm debugging a driver that cause kernel dump on my mac. It shows long backtrace composed out of series of addresses: panic(cpu 6 caller 0xffffff8004dc9986): trying to interlock destroyed mutex (0xffffff8049deedb0) Backtrace (CPU 6), Frame :…
Zohar81
  • 4,554
  • 5
  • 29
  • 82
4
votes
1 answer

Using Mach semaphores as a replacement of inter-process anonymous semaphores

I want to use anonymous semaphores in shared memory to synchronise multiple processes. While multiple POSIX operating systems provide anonymous semaphores (through sem_init and associated functions), macOS doesn't support them. I discovered that the…
Pop Flamingo
  • 3,023
  • 2
  • 26
  • 64
4
votes
1 answer

Where are the OSX (XNU) syscalls actually documented?

I'm looking through the syscalls.master file here but it isn't at all documented. Does documentation for the syscalls exist? If not, why not? By documentation I mean an actual explanation of what each syscall does and the meanings of the arguments…
ubadub
  • 3,571
  • 21
  • 32
4
votes
1 answer

Setting up two-machine kernel debugging over network

I'd like to check the option to debug my kernel driver installed over remote physical machine (since I don't have firewire cables). Reading the relevant documentation, I haven't seen any limitation about remote physical debugging medium, so I…
Zohar81
  • 4,554
  • 5
  • 29
  • 82
4
votes
1 answer

IOKit driver is loaded but not started

I've got IOKit base driver that is non-hardware triggered and derives from IOResources. it also provides to user-space client class using IOServiceOpen but I think it's irrelevant for my problem... The main driver has IOKit dependency as mentioned…
user7256215
4
votes
1 answer

SIDT opcode return address to malformed IDT structure

My goal is to access the IDT from a MacOS kernel module. I'm running macOS 10.13.2 under VMFusion 10.0.1, and it seems like the sidt assembly command points to corrupted table structure. This opcode should return the address to "Interrupt…
Zohar81
  • 4,554
  • 5
  • 29
  • 82
4
votes
2 answers

Authenticate client from kext upon socket connection

I'm building a kext for an extra layer of security on OS X (built around KAtuh). I'm using a client in userspace that connects to the kext over sockets (as advised by Apple), and basically controls the kext. Because the product is supposed to…
Vis
  • 301
  • 1
  • 10
1
2 3
9 10