Page 1 of 1

Exporting new functions in XNU

PostPosted: Thu Jun 22, 2017 4:10 pm
by b3ntx
I'm trying to add a function, new_fcn() to XNU, and export it so that it will be available to a kernel extension. In my case, it makes most send to add this function in the BSD subsystem. After I've added the function to the source, I also add it's symbol (_new_fcn) to /xnu-root/config/BSDKernel.exports.

After building XNU, I verified that my symbol is shown in /xnu-root/BUILD/obj/DEV/BSDKernel.symbolset using objdump -t and in the newly compiled kernel itself. I copy the compiled kernel and BSDKernel.symbolset to the target machine. With SIP disabled, I copy BSDKernel.symbolset into /System/Library/Extensions/System.kext/PlugIns/BSDKernel.kext/BSDKernel, and copy the kernel to /S/L/K. I rebuild the kernelcache and reboot with no issues. Naturally I get invalid codesignatures on System.kext and the embedded BSDKernel.kext, but they are ignored because of kext-dev-mode=1.

When I try to load a new kernel extension which uses the exported function, kextlibs and kextutil report that the exported function (referenced within the loading kext) is unresolved and fail to load my kext. Do I need to build/rebuild kexttools? I figured they just queried /S/L/E/System.kext for symbols and nothing was hardcoded in the tools themselves.

Is there something else in the build process I need to account for in order to get this symbol exported. I don't really care if usermode sees it or not, if that makes exporting any easier.

Re: Exporting new functions in XNU

PostPosted: Thu Jun 22, 2017 4:52 pm
by b3ntx
More details:
Using xnu-3247.1.106 (ElCap 10.11.0) as the base kernel source. Compiling DEVELOPMENT kernel.

After installing kernel.development to /S/L/K, I rebuilt the kernelcache. I can see errors stream across while rebuilding /S/L/K/kernel's kernelcache.
Code: Select all
kxld[]: In interface of __kernel__, couldn't find symbol _new_fcn

To me, that makes sense because the stock kernel obviously doesn't have that symbol. However I don't see that error when building the kernelcache against my new kernel, to me, indicating that the symbol _new_fcn WAS found.

Still kextutil refuses to load.

Re: Exporting new functions in XNU

PostPosted: Thu Jun 22, 2017 6:13 pm
by b3ntx
Found my error and figured I'd post it here.

The steps above work as I described. The problem was actually in my kernel extension. When I went to import the function for use in my kernel extension, clang mangled the import because my kernel extension is compiled Cpp. Simply adding "C" in
Code: Select all
extern "C" void new_fcn();
appropriately resolves the symbol from BSDKernel.kext. Without it, the import symbol gets compiled as __Z7new_fcnv instead of _new_fcn.