While trying to reverse Little Snitch I needed to understand the concept of mach ports (since I suspect it’s used for communication between the userland programs and the kernel extension) and found some nice articles and code about code injection in Mac OS X.
They are:
Mach Star (old but interesting): https://github.com/rentzsch/mach_star
Mach Inject and Mach Override (works for Intel!): http://guiheneuf.org/mach%20inject%20for%20intel.html
Abusing Mach on Mac OS X: http://www.uninformed.org/?v=4&a=3&t=sumry
http://guiheneuf.org/cross-task%20control%20on%20intel.html to enable the needed functions since they were made inactive since 10.4.4 release.
Have fun studying :-)