Skip to content

gdbinit/kextstat_aslr

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
     _____                              _____
  __| __  |__  ______  __ __   __    __|_    |__  ______  ____    _____
 |  |/ /     ||   ___| \ ` / _|  |_ |    \      ||   ___||    |  |     |
 |     \     ||   ___| /   \|_    _||     \     | `-.`-. |    |_ |     \
 |__|\__\  __||______|/__/\_\ |__|  |__|\__\  __||______||______||__|\__\
    |_____|                            |_____|

Kextstat ASLR

A small util to list OS X kernel extensions with true addresses.
System kextstat util doesn't return info with kernel ASLR slide.
 
(c) fG!, 2012, 2013, 2014 - reverser@put.as - http://reverse.put.as
 
Uses processor_set_tasks() vulnerability or /dev/kmem to 
read kernel memory.

If processor_set_tasks() vuln not available you need to enable /dev/kmem.
Edit /Library/Preferences/SystemConfiguration/com.apple.Boot.plist
add kmem=1 parameter, and reboot!

This version can work with all Mountain Lion/Mavericks versions out of the box.
It should work with any future OS X versions if OSArray class doesn't change.

The license is GPLv3 due to diStorm licensing terms.

Enjoy,
fG!


Change log:

v0.1 - Initial version
v0.2 - Retrieve kaslr slide via kas_info() syscall. Thanks to posixninja for the tip :-)
v0.3 - Cleanups
v1.0 - Use diStorm to find sLoadedKexts so everything is dynamic
       The only dependency is on OSArray class, since we are using fixed offsets
v1.1 - Try to use processor_set_tasks() vulnerability to read kernel memory
       before trying to use /dev/kmem

About

Implementation of kexstat via /dev/kmem with kernel ASLR support

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published