While trying to reverse Little Snitch I needed to understand the concept of Mach Ports (since I suspect it’s used for communication between the userland programs and the kernel extension) and found some nice articles/code about code injection in Mac OS X.
Mach Star (old but interesting): http://rentzsch.com/mach_star/
Mach Inject and Mach Override (works for Intel!): http://guiheneuf.org/mach%20inject%20for%20intel.html
Abusing Mach on Mac OS X: http://www.uninformed.org/?v=4&a=3&t=sumry
And this one http://guiheneuf.org/cross-task%20control%20on%20intel.html to enable the needed functions since they were made inactive since 10.4.4 release.
Have fun studying 🙂