2 posts tagged with "MacOS Internals"

Man is born free, and everywhere he is in chains. - Jean-Jacques Rousseau; The Social Contract

Search for the truth is the noblest occupation of man; its publication is a duty. - Anne Louise Germaine de Staël; De l'Allemagne

Preamble: XNU and the Mach Kernel​

An operating system is a set of system software that acts as a bridge between the application software and the underlying hardware. Among the various software packaged with an operating system is the kernel — a program responsible for communicating with the hardware and managing the system in its entirety. The purpose of this post is to explore the XNU kernel source and understand the core abstractions of the Mach kernel that underpin the macOS kernel architecture. We'll walk through Mach's taxonomy — tasks, threads, IPC ports, processor sets — and examine the XNU-specific implementation details, including pointer authentication and key Mach routines like task_info and mach_task_self.

Tools for Inspecting Process Memory and Object Files​

Before we even step into the world of virtual memory and process address spaces, let's first learn of some tools which might come in handy when dealing with source programs (we'll describe them in lengths later):

1. Object File Inspection. This can be done through various tools such as otool, objdump, and llvm-objdump.
2. Debugger. Tools such as gdb and lldb can be helpful when inspecting how the program executes.
3. Virtual Memory Information. Sometimes, we need to see how a process has arranged its virtual memory space. Tools such as vmmap, leaks, and pmap (also potentially strace) can be used for this purpose.

Other tools can come handy frequently as well. For instance, if we want to list the "files" currently owned by the process, lsof provides useful information.