Extending XNU Binary Support

Questions and Answers about all things *OS (macOS, iOS, tvOS, watchOS)

Extending XNU Binary Support

Postby MDX8 » Wed Feb 06, 2019 7:30 pm

In the book V1 on page 522 it says "The book’s website has a detailed experiment on extending XNU to recognize other types of binaries." I can't seem to find this anywhere?

Amit Signh seems to have figured out how to do this in the past with XBinary but that is closed source. Primarily I'm interested in doing this with an kernel extension, I can see how this could easily be done with a custom kernel allowing access to another interpreter/loader in the __mac_execve function but an extension seems more difficult. I guess one could try to hook the execve syscall but apple has made this difficult by gutting trace functionality while SIP is enabled and this might be regarded as malware :roll:. Noah linux subsystem project seems to have implemented an ELF loader in user mode, but this requires an explicit call to Noah. Any comments, links, or suggestions would be great.
MDX8
 
Posts: 1
Joined: Wed Feb 06, 2019 7:42 am

Re: Extending XNU Binary Support

Postby ccnut » Thu Apr 11, 2019 8:50 pm

If you want to support this with a custom kernel then just edit the single instance of `struct execsw` in `bsd/kern/kern_exec.c` to call another activation function (that you write) to support loading your binary type. If you want to do this from userspace then you'll have to write your own loader anyway.

Code: Select all
/*
 * Our image activator table; this is the table of the image types we are
 * capable of loading.  We list them in order of preference to ensure the
 * fastest image load speed.
 *
 * XXX hardcoded, for now; should use linker sets
 */
struct execsw {
   int (*ex_imgact)(struct image_params *);
   const char *ex_name;
} execsw[] = {
   { exec_mach_imgact,      "Mach-o Binary" },
   { exec_fat_imgact,      "Fat Binary" },
   { exec_shell_imgact,      "Interpreter Script" },
   { NULL, NULL}
};
ccnut
 
Posts: 6
Joined: Fri Mar 15, 2019 5:11 pm


Return to Questions and Answers

Who is online

Users browsing this forum: No registered users and 2 guests

cron