Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
Failed to load latest commit information.
_____ _____ __| __ |__ ______ __ __ __ __|_ |__ ______ ____ _____ | |/ / || ___| \ ` / _| |_ | \ || ___|| | | | | \ || ___| / \|_ _|| \ | `-.`-. | |_ | \ |__|\__\ __||______|/__/\_\ |__| |__|\__\ __||______||______||__|\__\ |_____| |_____| Kextstat ASLR A small util to list OS X kernel extensions with true addresses. System kextstat util doesn't return info with kernel ASLR slide. (c) fG!, 2012, 2013, 2014 - email@example.com - http://reverse.put.as Uses processor_set_tasks() vulnerability or /dev/kmem to read kernel memory. If processor_set_tasks() vuln not available you need to enable /dev/kmem. Edit /Library/Preferences/SystemConfiguration/com.apple.Boot.plist add kmem=1 parameter, and reboot! This version can work with all Mountain Lion/Mavericks versions out of the box. It should work with any future OS X versions if OSArray class doesn't change. The license is GPLv3 due to diStorm licensing terms. Enjoy, fG! Change log: v0.1 - Initial version v0.2 - Retrieve kaslr slide via kas_info() syscall. Thanks to posixninja for the tip :-) v0.3 - Cleanups v1.0 - Use diStorm to find sLoadedKexts so everything is dynamic The only dependency is on OSArray class, since we are using fixed offsets v1.1 - Try to use processor_set_tasks() vulnerability to read kernel memory before trying to use /dev/kmem