Posted on by pete

pt_deny_attach still works

I was concerned that it wasn’t working properly when I was trying a ::tick-100 /execname == “iTunes”/ { @[ustack()] = count() }, which is kind of useless, and all I received was a bunch of errors involving invalid addresses.
However, it seems to be working…

himitsu:/Library/Extensions# gdb --pid=$(ps -fe | grep '[i]Tunes' | grep -v Helper | awk '{print $2}')
GNU gdb 6.3.50-20050815 (Apple version gdb-960) (Sun May 18 18:38:33 UTC 2008)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-apple-darwin".
/Library/Extensions/15971: No such file or directory.
Attaching to process 15971.
zsh: segmentation fault  gdb --pid=15971
himitsu:/Library/Extensions# kextload pt_deny_attach.kext
kextload: pt_deny_attach.kext loaded successfully
himitsu:/Library/Extensions# gdb --pid=$(ps -fe | grep '[i]Tunes' | grep -v Helper | awk '{print $2}')
GNU gdb 6.3.50-20050815 (Apple version gdb-960) (Sun May 18 18:38:33 UTC 2008)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-apple-darwin".
/Library/Extensions/16048: No such file or directory.
Attaching to process 16048.
Reading symbols for shared libraries . done
Reading symbols for shared libraries .................................................................................................................................................... done
0x943114a6 in mach_msg_trap ()
(gdb) quit
The program is running.  Quit anyway (and detach it)? (y or n) y
Detaching from process 16048 thread 0x20b.
himitsu:/Library/Extensions#

CategoriesUncategorizedTags