Skip to content

Instantly share code, notes, and snippets.

@kconner
kconner / macOS Internals.md
Last active July 2, 2025 14:28
macOS Internals

macOS Internals

Understand your Mac and iPhone more deeply by tracing the evolution of Mac OS X from prelease to Swift. John Siracusa delivers the details.

Starting Points

How to use this gist

You've got two main options:

@knightsc
knightsc / build-xnu-6153.11.26.sh
Created February 18, 2020 15:08
A script to build XNU version 6153.11.26 (macOS Catalina 10.15).
#! /bin/bash
#
# build-xnu-6153.11.26.sh
# Scott Knight
#
# Based on the script by Brandon Azad
# https://gist.github.com/bazad/654959120a423b226dc564073b435453
#
# A script showing how to build XNU version 6153.11.26 on macOS Catalina
# 10.15 with Xcode 11.13.1.
@Omar-Ikram
Omar-Ikram / EndpointSecurityDemo.m
Last active May 24, 2025 14:26
A demo of using Apple's EndpointSecurity framework - tested on macOS Monterey 12.2.1 (21D62)
//
// main.m
// EndpointSecurityDemo
//
// Created by Omar Ikram on 17/06/2019 - macOS Catalina 10.15 Beta 1 (19A471t)
// Updated by Omar Ikram on 15/08/2019 - macOS Catalina 10.15 Beta 5 (19A526h)
// Updated by Omar Ikram on 01/12/2019 - macOS Catalina 10.15 (19A583)
// Updated by Omar Ikram on 31/01/2021 - macOS Big Sur 11.1 (20C69)
// Updated by Omar Ikram on 07/05/2021 - macOS Big Sur 11.3.1 (20E241)
// Updated by Omar Ikram on 04/07/2021 - macOS Monterey 12 Beta 2 (21A5268h)
@knightsc
knightsc / main.m
Last active March 24, 2020 22:20
An example of using the libEndpointSecurity.dylib in Catalina
#import <Foundation/Foundation.h>
#import <EndpointSecurity/EndpointSecurity.h>
#import <os/log.h>
#import <bsm/libbsm.h>
/*
In the beta 1 seed it's not straight forward to create an EndpointSecurity extension.
You can use libEndpointSecurity.dylib directly as long as you set the following things:
1. Disable SIP
@knightsc
knightsc / hijack.c
Created February 26, 2019 21:20
Example of how to hijack a thread on macOS to run code in a remote process
#include <stdio.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <unistd.h>
#include <mach/mach.h>
#include <mach/mach_vm.h>
#include <dlfcn.h>
#include <objc/runtime.h>
@openfirmware
openfirmware / instructions.md
Created November 7, 2018 06:07
QEMU with Mac OS 9 guest *and working audio*

QEMU Mac OS 9 Instructions

Here is a short guide on how to build QEMU to run Mac OS 9 with working audio. These instructions work for MacOS High Sierra as the host OS, although with some tweaking they may run under Linux/Windows. You should be comfortable compiling software from source before attempting.

Clone QEMU fork

Adapted from instructions from Cat_7

You may need to install XCode and/or the XCode command line tools. If you do not have them, then this process may prompt you to install them (MacOS will do that).

@knightsc
knightsc / debug.h
Last active June 24, 2021 13:18
macOS Debug boot-args
/* Debug boot-args */
#define DB_HALT 0x1
//#define DB_PRT 0x2 -- obsolete
#define DB_NMI 0x4
#define DB_KPRT 0x8
#define DB_KDB 0x10
#define DB_ARP 0x40
#define DB_KDP_BP_DIS 0x80
//#define DB_LOG_PI_SCRN 0x100 -- obsolete
#define DB_KDP_GETC_ENA 0x200
@jessepeterson
jessepeterson / mk_pkg_manifest.py
Created April 13, 2016 15:55
Create an Apple software distribution manifest for an Apple pkg installer (see http://help.apple.com/deployment/osx/#/ior5df10f73a)
#!/usr/bin/python
# create a "wireless manifest" for Apple pkg installers. for details
# on the manifest see: http://help.apple.com/deployment/osx/#/ior5df10f73a
import subprocess
from tempfile import mkdtemp
import os
from xml.dom.minidom import parse, parseString
from hashlib import md5
@sergiitk
sergiitk / osx-terminal.md
Last active August 7, 2024 15:43
OSX terminal tips an tricks

OS X terminal tips an tricks

Shell tools

System

  • sw_vers — Print Mac OS X operating system version information
  • system_profiler — Reports system hardware and software configuration.
  • system_profiler SPHardwareDataType — Hardware overview.
  • hostinfo — Host information.
  • nvram -p — Print all of the firmware variables.
  • getconf DARWIN_USER_CACHE_DIR — Retrieve standard configuration variables
  • /usr/libexec/path_helper — Helper for constructing PATH environment variable