Skip to content

Instantly share code, notes, and snippets.

@leiless

leiless/kext_get_kern_vm_addr.c

Last active September 21, 2018 11:20
Show Gist options
  • Save leiless/b8a43dd1d4b11c7bef2ca682da2501a1 to your computer and use it in GitHub Desktop.
Save leiless/b8a43dd1d4b11c7bef2ca682da2501a1 to your computer and use it in GitHub Desktop.
Download ZIP
How to get XNU kernel vm address and its size
Raw
kext_get_kern_vm_addr.c
#include <mach/mach_types.h>
#include <mach/mach_vm.h>
#include <libkern/libkern.h>
extern vm_map_t kernel_map; /* exported com.apple.kpi.unsupported */
#define UNUSED(arg0, ...) (void) ((void) arg0, ##__VA_ARGS__)
/*
* see:
* keywords: image
* xnu/osfmk/vm/vm_user.c#mach_vm_region
* xnu/bsd/kern/kern_core.c#coredump
* xnu/bsd/kern/mach_loader.c#parse_machfile
*/
kern_return_t kext_start(kmod_info_t *ki, void *d)
{
kern_return_t e;
mach_vm_address_t addr;
mach_vm_size_t size;
vm_region_top_info_data_t idata;
mach_msg_type_number_t cnt = VM_REGION_BASIC_INFO_COUNT_64;
UNUSED(ki, d);
e = mach_vm_region(kernel_map, &addr, &size,
VM_REGION_TOP_INFO, (vm_region_info_t) &idata,
&cnt, NULL);
UNUSED(idata, cnt);
if (e == 0) {
printf("@ kernel_map addr: %#018llx size: %#018llx\n", addr, size);
} else {
printf("@ mach_vm_region() failure errno: %d\n", e);
}
return KERN_SUCCESS;
}
@leiless
Copy link
Author

leiless commented Sep 21, 2018

Sample output:
@ kernel_map addr: 0xffffff803cc78000 size: 0x0000000180000000

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment