Skip to content

Hack which fixes PT_DENY_ATTACH on OS X Mountain Lion. The kernel module works around the issues presented by Kernel Address Space Layout Randomisation (KASLR) and write-protected memory.

Notifications You must be signed in to change notification settings

mttrb/pt_deny_attach

 
 

Repository files navigation

pt_deny_attach Kernel Module for Mountain Lion 10.8.3

THIS NOW WORKS :-D !!!! It loads/unloads succesfully on 10.8.4 and successfully patches the ptrace call.

This is a successful attempt to update the pt_deny_attach kernel module (originally by Landon J. Fuller) to work with Mountain Lion.

In order to patch the ptrace call in Mountain Lion it is first necessary to work around the issues presented by Kernel Address Space Layout Randomisation (KASLR). Once this is done it is then necessary to disable write protected memory to allow updating of the sysent table.

The code might provide interest and some useful techniques for dealing with KASLR in other projects.

See Failing to update the pt_deny_attach kernel module for Mountain Lion for more details.

About

Hack which fixes PT_DENY_ATTACH on OS X Mountain Lion. The kernel module works around the issues presented by Kernel Address Space Layout Randomisation (KASLR) and write-protected memory.

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages

  • C 100.0%