MAJOR
- Added
SnakeXclass - Added
driversandmach_ipcsubdirectories inX. NU/custom- Added IDAPython script
format_externalmethods.py - Added
CommPageParser.c - Added example codes how to communicate with drivers
- Added example kernel extension
- Added IDAPython script
- Added LLDB helper script
set_xpc_breaks.py - Added article about Snake & Apple X.NU
- Added article about Exceptions on macOS
- Added article about MACF on macOS
- Added article about Kernel Extensions on macOS
- Added article about Mach IPC Security on macOS
- Added article about Drivers on macOS
- Added article about XPC Programming on macOS
- Moved all KEXT related functions to XNU from other Snakes.
--dump_prelink_info [(optional) out_name]
Dump "__PRELINK_INFO,__info" to a given file (default: "PRELINK_info.txt")
--dump_prelink_text [(optional) out_name]
Dump "__PRELINK_TEXT,__text" to a given file (default: "PRELINK_text.txt")
--dump_prelink_kext [kext_name]
Dump prelinked KEXT {kext_name} from decompressed Kernel Cache PRELINK_TEXT segment to a
file named: prelinked_{kext_name}.bin
--kext_prelinkinfo [kext_name]
Print _Prelink properties from PRELINK_INFO,__info for a give {kext_name}
--kmod_info kext_name
Parse kmod_info structure for the given {kext_name} from Kernel Cache
--kext_entry kext_name
Calculate the virtual memory address of the __start (entrypoint) for the given {kext_name}
Kernel Extension
--kext_exit kext_name
Calculate the virtual memory address of the __stop (exitpoint) for the given {kext_name}
Kernel Extension
--mig Search for MIG subsystem and prints message handlers
--dump_kext kext_name
Dump the kernel extension binary from the kernelcache.decompressed fileMINOR
- Added MPO parser to XNU.
- Added
extract_sandbox_platform_profiletoSnakeVIII - Added example XPC client-helper app bundle in
App Bundle Extensions/custom/XPC/
Full Changelog: v1.0...v1.1