Page 1 of 1

Extending XNU Binary Support

PostPosted: Wed Feb 06, 2019 7:30 pm
by MDX8
In the book V1 on page 522 it says "The book’s website has a detailed experiment on extending XNU to recognize other types of binaries." I can't seem to find this anywhere?

Amit Signh seems to have figured out how to do this in the past with XBinary but that is closed source. Primarily I'm interested in doing this with an kernel extension, I can see how this could easily be done with a custom kernel allowing access to another interpreter/loader in the __mac_execve function but an extension seems more difficult. I guess one could try to hook the execve syscall but apple has made this difficult by gutting trace functionality while SIP is enabled and this might be regarded as malware :roll:. Noah linux subsystem project seems to have implemented an ELF loader in user mode, but this requires an explicit call to Noah. Any comments, links, or suggestions would be great.

Re: Extending XNU Binary Support

PostPosted: Thu Apr 11, 2019 8:50 pm
by ccnut
If you want to support this with a custom kernel then just edit the single instance of `struct execsw` in `bsd/kern/kern_exec.c` to call another activation function (that you write) to support loading your binary type. If you want to do this from userspace then you'll have to write your own loader anyway.

Code: Select all
/*
 * Our image activator table; this is the table of the image types we are
 * capable of loading.  We list them in order of preference to ensure the
 * fastest image load speed.
 *
 * XXX hardcoded, for now; should use linker sets
 */
struct execsw {
   int (*ex_imgact)(struct image_params *);
   const char *ex_name;
} execsw[] = {
   { exec_mach_imgact,      "Mach-o Binary" },
   { exec_fat_imgact,      "Fat Binary" },
   { exec_shell_imgact,      "Interpreter Script" },
   { NULL, NULL}
};