Hack which fixes PT_DENY_ATTACH on OS X Mountain Lion. The kernel module works around the issues presented by Kernel Address Space Layout Randomisation (KASLR) and write-protected memory.
C
Pull request Compare This branch is 12 commits ahead of dwalters:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
English.lproj
pt_deny_attach.xcodeproj
.gitignore
Info.plist
README.md
pt_deny_attach.c
structures.h
version.plist

README.md

pt_deny_attach Kernel Module for Mountain Lion 10.8.3

THIS NOW WORKS :-D !!!! It loads/unloads succesfully on 10.8.4 and successfully patches the ptrace call.

This is a successful attempt to update the pt_deny_attach kernel module (originally by Landon J. Fuller) to work with Mountain Lion.

In order to patch the ptrace call in Mountain Lion it is first necessary to work around the issues presented by Kernel Address Space Layout Randomisation (KASLR). Once this is done it is then necessary to disable write protected memory to allow updating of the sysent table.

The code might provide interest and some useful techniques for dealing with KASLR in other projects.

See Failing to update the pt_deny_attach kernel module for Mountain Lion for more details.