While trying to reverse Little Snitch I needed to understand the concept of mach ports (since I suspect it’s used for communication between the userland programs and the kernel extension) and found some nice articles and code about code injection in Mac OS X.
Mach Star (old but interesting): https://github.com/rentzsch/mach_star
Mach Inject and Mach Override (works for Intel!): http://guiheneuf.org/mach%20inject%20for%20intel.html
Abusing Mach on Mac OS X: http://www.uninformed.org/?v=4&a=3&t=sumry
http://guiheneuf.org/cross-task%20control%20on%20intel.html to enable the needed functions since they were made inactive since 10.4.4 release.
Have fun studying :-)