search
    
MacOS and *OS Internals - About the Book
View 2nd Edition differences:
X

Show Additions (in red)
Show Updates (in blue :-)
Show Deletions (in grey)

Feedback/Requests Welcome! Click here, or email J@

MOXiI - 2nd Edition - Volume I - Table of Contents


Expected end of 2016 Apr-May 2016 (should have been 2015 there, but , yeah, it's delayed. The bright side I'm updating for 9.3 changes as well).
It's a $%#$%$#% herculean effort, but I'm on it. Bear with me. It'll be worth the wait..

The TOC for Volume II is also out. Requests/Comments welcome.

Note: DO NOT buy this book on Amazon - because it's no longer the right one - I explain here

  1. Prerequisites
    • OS X:
      • XCode and its command line tools
      • 10.11: System Integrity Protection (SIP)
    • iOS:
      • Jailbreaking your device
      • Setting up SSH and authorized_keys
      • Setting up USB port forwarding
      • Completing the iOS Binary command set
      • Compiling with the iOS SDK
    • The Companion Website (http://NewOSXBook.com/)
  2. Chapter 1: Darwinism -The Evolution of OS X
    • The Pre-Darwin Era: Mac OS Classic
    • The Prodigal Son: NeXTSTEP
    • Enter: OS X
    • OS X Versions, to Date
      • 10.0 - Cheetah and the First Foray
      • 10.1 - Puma -a Stronger Feline, but . . .
      • 10.2 - Jaguar - Getting Better
      • 10.3 - Panther and Safari
      • 10.4 - Tiger and Intel Transition
      • 10.5 - Leopard and UNIX
      • 10.6 - Snow Leopard
      • 10.7 - Lion
      • 10.8 - Mountain Lion
      • 10.9 - Mavericks
      • 10.10 - Yosemite
      • 10.11 - El Capitan
    • iOS-OS X Goes Mobile
      • 1.x-Heavenly and the First iPhone
      • 2.x - App Store, 3G and Corporate Features
      • 3.x - Farewell, 1st gen, Hello iPad
      • 4.x - iPhone4, Apple TV, and the iPad 2
      • 5.x - To the iPhone 4S and Beyond
      • 6.x - The iPhone 5 and the first mini
      • 7.x - Sochi - The 5S, and the move to 64-bit
      • 8.x - Okemo - The 6 and 6+
      • 9.x - Monarch - The 6S/6S+, iPad Pro
    • WatchOS
    • TvOS
    • iOS vs. OS X
    • The Future of OS X Obviously in need of an update..
    • References
    • Summary
  3. New chapter: Hardware
    • Mac devices Listing Hardware profiles and KEXts in..
    • i-devices
      • Model Numbers and Code Names
      • Processor Types
    • Hardware Specifications
      • CPU and RAM specifications
      • Retrieving other specifications
        • OS X: Using the SPSupport private framework
        • OS X: Using the System Management BIOS
        • iOS: Using MobileGestalt
        • iOS: Using SysCfg
        • Experiment: Figuring out your device specs
    • Other devices: Time Machine, Airport, AppleTV, the iPod Nano* and the Apple Watch
  4. Chapter 2: E Pluribus Unum: Architecture of OS X and iOS
    • OS X Architectural Overview
    • The User Experience Layer
      • Aqua
      • Quicklook
      • Spotlight
    • Darwin - The UNIX Core
      • The Shell
      • The File System
    • Filesystem Directories:
      • UNIX System Directories
      • OS X Specific Directories
      • iOS File System Idiosyncrasies
    • Interlude: Bundles
    • Applications
      • Info.plist
      • Resources
      • NIB Files
      • Internationalization with .lproj Files
      • Icons (.icns)
      • CodeResources
      • The LaunchServices Framework
        • Installing an Application
        • The LaunchServices Database
        • URL Schemes
        • Universal Type Identifiers (UTIs)
        • Claims
    • Frameworks
      • Framework Bundle Format
      • List of OS X and iOS Public Frameworks
      • List of OS X and iOS Private Frameworks
      • Experiment: Demonstrating but a few of the Private iOS frameworks
    • Libraries Updated
    • Other Application types
      • System Calls
      • POSIX
      • Mach System Calls
    • A High-Level View of XNU
      • Mach
      • The BSD Layer
      • libkern
      • I/O Kit
    • Summary
    • References
  5. Chapter 3: On the Shoulders of Giants - OS X and iOS Technologies
    • BSD heirlooms
      • sysctl new: list of important sysctls
      • kqueues
      • Auditing (OS X) Parsing the audit logs manually + Experiment: Configuring and controlling auditing
      • Mandatory Access Control
    • OS X and iOS Specific Technologies
      • Directory Services
      • User and Group Management (OS X)
      • System Configuration
      • Logging Greatly expanded to cover ASL
      • Apple Events and AppleScript
      • FSEvents
      • Notifications Experiment: Viewing system notifications
    • Additional APIs of interest
    • OS X and iOS Security Mechanisms
    • Code signing
    • Compartmentalization (Sandboxing)
    • Entitlements: Making the Sandbox Tighter Still
    • Enforcing the Sandbox
    • Summary
    • References
  6. Promenade: A tour of OS X and iOS Files and Frameworks
    • Common Directories and Files
    • OS X: The system databases
      • User database
      • Keychains
    • iOS: The system Databases
      • System Logs
      • User Info
        • Accounts
        • Contacts
        • Call, VoiceMail and SMS DBs
        • Mail
        • Safari
        • Springboard settings
        • Location Database
  7. New Chapter: (split from Chapter 4) Mach-O updated for 10.8-10.10, and header patching/editing
    • Executables
    • Universal Binaries
    • Mach-O Binaries
      • The Mach-O header
      • Load commands processed by kernel
        • LC_SEGMENT[_64]
        • LC_UNIXTHREAD
        • LC_MAIN
        • LC_UUID
        • LC_THREAD
        • LC_CODE_SIGNATURE
    • The Dynamic Linker
      • The role of the dynamic linker
      • Load commands processed by the Linker
        • LC_LOAD_DYLIB and friends
        • LC_SYMTAB and LC_DYSYMTAB
        • LC_LOAD_DYLIB
        • LC_RPATH
        • LC_DYLD_INFO
        • LC_SEGMENT_SPLIT_INFO
        • LC_FUNCTION_STARTS
        • LC_DATA_IN_CODE
    • Launch-Time Loading of Libraries Updated for ARM64 stubs
    • Shared Library Caches more info on shared cache format, 32,64
      • Experiment: Extracting files from a shared cache
      • Overriding the Shared Cache
    • Runtime Loading of Libraries
    • dyld Features
    • __LINKEDIT segment
    • dyld opcodes
    • debugging dyld
    • Experiments with JTool
  8. Chapter 4: Parts of the Process: Mach-O Process and Thread Internals
    • A Nomenclature Refresher
    • Processes and threads
    • The Process Lifecycle
    • UNIX Signals
    • Executables
    • Universal Binaries
    • Mach-O Binaries
      • The Mach-O header
    • Dynamic Libraries
    • Launch-Time Loading of Libraries
    • Runtime Loading of Libraries
    • dyld Features
    • Process Address Space
      • The process entry point
      • Address Space Layout Randomization
      • 32-Bit (Intel)
      • 64-Bit (Intel)
      • 32-Bit (iOS)
      • 64-Bit (iOS)
      • Experiment: Using vmmap(1) to Peek Inside a Process' Address Space
    • Process Memory Allocation (User Mode)
    • Memory Pressure and Jetsam
    • Virtual Memory-The sysadmin Perspective
    • Swapping (OS X)
    • Threads
      • Unraveling threads
      • POSIX Thread APIs
      • Not-So-POSIX Thread APIs
    • GCD Internals
    • References
  9. New Chapter: IPC in OS X and iOS
    • Traditional UNIX mechanisms
      • UNIX Domain sockets
      • IP sockets
      • System-V mechanisms
    • Mach messages
      • high level view of messages and ports
      • Bootstrap ports vs. ephemeral
      • mach_msg
      • Experiment: A simple Mach message client and server
    • XPC
      • Theory and design
      • Implementation
      • Integration with GCD
      • Changes in 10.10/8
  10. New chapter: The Runtime Environments
    • Objective-C
      • Theory and rationale
      • Classes, Protocols, etc
      • objc_msgsend()
      • The Mach-O sections
      • Class dumping and reverse engineering
      • Experiment: Deconstructing an Objective-C binary using JTool
    • Swift
      • Theory and rationale
      • Interpreter vs. Compiler
      • Mangling
      • The runtime environment
      • Decompiiling
  11. Chapter 5. Non Sequitur: Process Tracing and Debugging
    • DTrace
      • The D Language
      • dtruss
      • Another example or two of advanced DTrace with OS X specific probes
      • How DTrace Works Updates on DTrace internals, CTF, etc
    • Other Profiling Mechanisms
      • The Decline and Fall of CHUD
      • AppleProfileFamily: Another one bites the dust
      • Kperf
    • Process Information
      • sysctl More on KERN_PROCARGS, etc
      • proc_info Even more on my favorite syscall
      • (Re)Introducing: Process Explorer
    • Process and system snapshots
      • system_profiler(8)
      • sysdiagnose(1) - and the new iOS9 sysdiagnose (w/Host Special Port)
      • systemstats (10.9)
      • allmemory
      • stackshot
      • stack_snapshot Updates for micro-stackshots and 10.11 stackshots
    • KDebug
      • KDebug-Based Utilities
      • kdebug codes
      • Writing kdebug messages
      • Reading kdebug messages
      • KDebug and CoreProfile
      • 10.11/iOS 9 KDebug enhancements
      • Introducing: KDebugView
    • 10.9: Telemetry
    • 10.10: proc_trace_log
    • Application Crashes
      • Application Hangs and Sampling
      • iOS: Jetsam
    • Memory Bugs
      • Memory Corruption Bugs
      • Memory Leaks
        • heap(1)
        • leaks(1)
        • malloc_history
    • Standard UNIX tools
    • Using GDB
    • Using LLDB
    • Summary
    • References
    • Installation Images
    • Software updates
  12. Moved to Volume II
  13. Chapter 6. Alone in the Dark: The Boot ProcessBoot, Panic, and Shutdown
    • EFI, Demystified
    • OS X and boot.efi
      • Flow of Boot.efi
      • Booting the kernel
      • kernel callbacks into EFI
      • boot.efi in LionMavericks
      • Core-Storage induced changes
      • Count your blessings
      • Experiment: Running EFI Programs on a Mac
    • iOS and iBoot
      • Precursor: the Boot ROM
      • Normal boot
      • Recovery Mode
      • DFU Mode
      • iOS software images (.ipsw) and OTA images (dydiff, etc)
      • iBoot - Structure and flow
      • APTickets, SHSHs, etc
    • Hibernation
    • moved to Vol II
  14. Chapter 7. The Alpha and Omega - Launchd and the GUI Shells
    • Launchd
      • Starting Launchd
      • System-Wide vs. per User (pre 10.10/8)
      • Daemons and Agents
      • The Many Faces of Launchd
      • 10.10/8 - Launchd, reborn - updates on new features in launchd
      • Experiment: Using launchctl (10.10/8)
    • Launch Services
    • GUI Environments
      • Finder (OS X)
      • SpringBoard (iOS) Updated to include SB APIs
      • SwitchBoard (and the alleged iOS "prototypes")
      • Handling GUI events
        • Tracing the flow of an event - from hardware to UI Message
        • Intercepting and injecting GUI events
        • Experiment: fun with MultiTouch on OS X and iOS
  15. New Chapter: Daemons
    • A detailed discussion of the key iOS and OS X daemons, including (but not limited to):

    • Apple Push Server (apsd)
    • CoreTelephony (iOS)
    • coreduetd
    • Securityd
    • sharingd
    • wifid
    • and others.. (others like sandboxd/amfid) will be covered in relevant chapters
  16. New Chapter: Up in the Air - iCloud and networking protocols
    • The WiFi stack
    • iCloud
      • Apple's Silver Lining
      • iCloud protocol implementation
      • Behind the scenes of NSDocument cloud
    • Air Protocols
      • AirPlay
      • AirPrint
      • AirDrop
      • Bonjour
    • Apple File Protocol
    • iOS ↔ iTunes Protocol (lockdown)


  17. ... at this rate, this might end up being a mini book of its own.. :-)

  18. New Chapter: OS X and iOS Security
    • OS X and iOS Security Mechanisms
    • The Security framework, in depth
    • MACF
    • KAuth
    • Keychains, Keybags, and more
    • Filesystem Encryption
      • OS X (FileVault 2)
      • iOS
    • Rootless (OS X 10.11, iOS9
    • Patch guard (iOS 9)
    • Code signing (greatly expanded to describe LC_CODE_SIGNATURE, 10.10 mods (csr..)
    • Compartmentalization (Sandboxing)
    • Entitlements: Making the Sandbox Tighter Still
      • The SecTask APIs
      • csops
      • List of known entitlements
    • Device provisioning and Management (MDM)
    • Developer Certificates
    • Enforcing the Sandbox
      • The evolution of sandboxd - from seatbelt (10.5) to 10.10
      • AMFI New content, up to AMFI 130 150 (10.11)
      • System Integrity Protection ("rootless") (10.11)
    • OS X: Vulnerabilities, past and present
      • dyld issues in 10.10.x
      • rootpipe
      • tpwn
    • iOS: Jailbreaking, a history Explanation of iOS Exploits
      • JailBreakMe 1-3
      • The LimeRa1n exploit
      • colorful sn0w
      • evasi0n
      • evasi0n7
      • Pangu
      • Pangu 8
      • Taig (8.1.2)
      • Taig 2
      • Pangu 9!
    • Privacy and TCCd


Forum About the Book Notes News Code Samples Downloads Resources Get the book from Amazon dock