Mac OS X Code injection

While trying to reverse Little Snitch I needed to understand the concept of Mach Ports (since I suspect it’s used for communication between the userland programs and the kernel extension) and found some nice articles/code about code injection in Mac OS X.

They are:

Mach Star (old but interesting):

Mach Inject and Mach Override (works for Intel!):

Abusing Mach on Mac OS X:

And this one to enable the needed functions since they were made inactive since 10.4.4 release.

Have fun studying 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *