Memory profiler/analyzer for macOS kext

Questions and Answers about all things *OS (macOS, iOS, tvOS, watchOS)

Memory profiler/analyzer for macOS kext

Postby adam81 » Mon Oct 09, 2017 8:41 pm


I'm looking for a code based profiler which used as a wrapper for malloc/free and may detect the source of leaked memory.
Unfortunately, an external profiler such as instrumentation doesn't support debugging kernel modules but only user-space processes.

the profiler may wrap malloc and free in the following manner :

1. on every malloc it record where you allocated the memory (file/line)
2. on every free, it remove this meta data (along with the memory itself).
3. on tear-down, it scans for all left dynamic memory regions
and prints them out (along with their corresponding meta-data).
This analysis may be called when unloading the driver, which is the point
where all memory should be free.

Here's an implementation option using doubly linked list, that upon alloc request with some input size, the actual malloc is made for size + overhead where the second part is intended to contain links to previous allocation and next allocation, and the meta data itself (getting filename using FILE macro and code line using LINE macro and maybe more info), the return address is the offset of overhead from the actual allocation, so that the user may handle the read data only.

Upon free, we use the input address - offset as the actual input to free since this is the original allocated memory, but before the freeing itself, the item should be properly removed from the linked list.

Upon analysis, we iterate the list and print each element.

Notice that there are some implementation details such as supporting multi-threaded environment by locking the code section and insert/remove item from the linked list in case of parallel memory operations.

Alternatively, perhaps there's a GDB/LLDB plug-in that scanned for all dynamically allocated memory (and prints its size)...


In windows there's such module called driver verifier which gives your kernel module the abilities stated above, and you don't need to re-compile anything (it's activated on run-time flag)... is there any such tool on macOS ?
Posts: 27
Joined: Mon Jan 25, 2016 9:26 am

Re: Memory profiler/analyzer for macOS kext

Postby morpheus » Tue Oct 10, 2017 4:27 pm

This is exactly the kind of stuff we can do at Tg. We actually have a kernel memory/zone debugger/inspector already in user mode (Xnoop), and we can certainly provide something like this. Talk to info@tg for this.
Site Admin
Posts: 687
Joined: Thu Apr 11, 2013 6:24 pm

Return to Questions and Answers

Who is online

Users browsing this forum: No registered users and 1 guest