macOS 11.4 breaks HookCase #28
Comments
|
New security updates for macOS 10.15.7 and 10.14.6 also came out at the same time as macOS 11.4. As with #27, HookCase is not effected by these. |
|
For the record: Apple fixed 5
|
Yup. I've found a change in the kernel's |
|
I just released another new version of HookCase to fix this problem. I hope Apple's behavior with macOS 11.3 and 11.4 isn't a sign of things to come with 11.5 and 11.6. But I can only wait to find out. It's probably a good idea to disable loading |
Could you please elaborate on this, What do you think is coming? |
|
I'm afraid that macOS 11.5 and 11.6 will contain further changes to kernel structures that HookCase accesses directly. This will always cause some kind of breakage. It may be that it just stops working. Or (more likely) there will be kernel panics when you load a hook library, or even In the past these kinds of changes happened mostly (though not always) in new major releases -- for example of macOS 11 or 10.15 or 10.14. It's true that 11.3 and 11.4 both contained significant kernel changes. So maybe that explains it. Or maybe Apple is now changing its behavior, and in the future important kernel structures will routinely be changed in "point" releases (like 11.3 and 11.4), as distinct from "point point" releases (like 11.2.3 and 11.3.1). Only time will tell. In the meantime I strongly suggest you disable loading at boot before upgrading to a "point" release (like 11.5 or 11.6). If |
|
Thanks for the information. 🙏🏼
The way I load
So reboot within 10 minutes will disable the extension. |
|
Actually, you'll still have trouble if What do you mean by "disables the daemon" and "enables the daemon"? Edit: I misunderstood what you said. It's the daemon that gets loaded at boot. Still, though, it won't be able to disable itself if |
|
Oops sorry, I made a mistake explaining the logic, actually the wrapper gets loaded by root daemon and:
This is the root daemon: <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EnvironmentVariables</key>
<dict>
<key>PATH</key>
<string>/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin</string>
</dict>
<key>Label</key>
<string>hookcase</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/sbin/HookCase_Wrapper.sh</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>And this is the wrapper: #!/bin/sh
export PATH="/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin"
defaults write /var/db/com.apple.xpc.launchd/disabled.plist "hookcase" 1
chmod 644 /var/db/com.apple.xpc.launchd/disabled.plist
defaults write /Library/LaunchDaemons/hookcase.plist Disabled -bool TRUE
chmod 644 /Library/LaunchDaemons/hookcase.plist
kmutil load -p /usr/local/sbin/HookCase.kext
sleep 300
defaults write /var/db/com.apple.xpc.launchd/disabled.plist "hookcase" 0
chmod 644 /var/db/com.apple.xpc.launchd/disabled.plist
defaults delete /Library/LaunchDaemons/hookcase.plist Disabled
chmod 644 /Library/LaunchDaemons/hookcase.plistLet me know what you think. |
It looks fine to me. You've thought it all out very carefully. |
Deal with breakage caused by macOS 11.4 (fixes issue steven-michaud#28)
HookCase.kextloads correctly. But I got a kernel panic when I tried to load the "events" example hook library into Safari. There was an error message displayed at the top of the kernel panic report:This is presumably #27 over again. I'll be working on this. In the meantime don't use HookCase on macOS 11.4.
The text was updated successfully, but these errors were encountered: