Mac OS X Code injection

While trying to reverse Little Snitch I needed to understand the concept of Mach Ports (since I suspect it’s used for communication between the userland programs and the kernel extension) and found some nice articles/code about code injection in Mac OS X.

They are:

Mach Star (old but interesting): http://rentzsch.com/mach_star/

Mach Inject and Mach Override (works for Intel!): http://guiheneuf.org/mach%20inject%20for%20intel.html

Abusing Mach on Mac OS X: http://www.uninformed.org/?v=4&a=3&t=sumry

And this one http://guiheneuf.org/cross-task%20control%20on%20intel.html to enable the needed functions since they were made inactive since 10.4.4 release.

Have fun studying 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *