www.it-ebooks.info
www.it-ebooks.info
ffirs.indd ii
9/29/2012 5:55:03 PM
MAC OS® X AND iOS INTERNALS
INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxv
PART I
FOR POWER USERS
CHAPTER 1
Darwinism: The Evolution of OS X . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
CHAPTER 2
E Pluribus Unum: Architecture of OS X and iOS . . . . . . . . . . . . . . . . . . . . .17
CHAPTER 3
On the Shoulders of Giants: OS X and iOS Technologies . . . . . . . . . . . 55
CHAPTER 4
Parts of the Process: Mach-O, Process, and Thread Internals . . . . . . . . 91
CHAPTER 5
Non Sequitur: Process Tracing and Debugging . . . . . . . . . . . . . . . . . . . .147
CHAPTER 6
Alone in the Dark: The Boot Process: EFI and iBoot . . . . . . . . . . . . . . . 183
CHAPTER 7
The Alpha and the Omega — launchd . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
PART II
THE KERNEL
CHAPTER 8
Some Assembly Required: Kernel Architectures . . . . . . . . . . . . . . . . . . 261
CHAPTER 9
From the Cradle to the Grave — Kernel Boot and Panics . . . . . . . . . . . 299
CHAPTER 10
The Medium Is the Message: Mach Primitives . . . . . . . . . . . . . . . . . . . . 343
CHAPTER 11
Tempus Fugit — Mach Scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
CHAPTER 12
Commit to Memory: Mach Virtual Memory . . . . . . . . . . . . . . . . . . . . . . . 447
CHAPTER 13
BS”D — The BSD Layer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501
CHAPTER 14
Something Old, Something New: Advanced BSD Aspects . . . . . . . . . 539
CHAPTER 15
Fee, FI-FO, File: File Systems and the VFS . . . . . . . . . . . . . . . . . . . . . . . 565
CHAPTER 16
To B (-Tree) or Not to Be — The HFS+ File Systems . . . . . . . . . . . . . . . . 607
CHAPTER 17
Adhere to Protocol: The Networking Stack . . . . . . . . . . . . . . . . . . . . . . . 649
CHAPTER 18
Modu(lu)s Operandi — Kernel Extensions . . . . . . . . . . . . . . . . . . . . . . . . . 711
CHAPTER 19
Driving Force — I/O Kit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 737
APPENDIX
Welcome to the Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 773
INDEX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 793
www.it-ebooks.info
ffirs.indd i
9/29/2012 5:55:02 PM
www.it-ebooks.info
ffirs.indd ii
9/29/2012 5:55:03 PM
Mac OS® X and iOS Internals
TO THE APPLE’S CORE
Jonathan Levin
www.it-ebooks.info
ffirs.indd iii
9/29/2012 5:55:03 PM
Mac OS® X and iOS Internal
Published by
John Wiley & Sons, Inc.
10475 Crosspoint Boulevard
Indianapolis, IN 46256
www.wiley.com
Copyright © 2013 by Jonathan Levin
Published by John Wiley & Sons, Inc., Indianapolis, Indiana
Published simultaneously in Canada
ISBN: 978-1-11805765-0
ISBN: 978-1-11822225-6 (ebk)
ISBN: 978-1-11823605-5 (ebk)
ISBN: 978-1-11826094-4 (ebk)
Manufactured in the United States of America
10 9 8 7 6 5 4 3 2 1
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means,
electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Sections 107 or 108
of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization
through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA
01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008,
or online at />Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with
respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including
without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or
promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is
sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional
services. If professional assistance is required, the services of a competent professional person should be sought. Neither
the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is
referred to in this work as a citation and/or a potential source of further information does not mean that the author or the
publisher endorses the information the organization or Web site may provide or recommendations it may make. Further,
readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this
work was written and when it is read.
For general information on our other products and services please contact our Customer Care Department within the
United States at (877) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.
Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with
standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media
such as a CD or DVD that is not included in the version you purchased, you may download this material at
. For more information about Wiley products, visit www.wiley.com.
Library of Congress Control Number: 2011945020
Trademarks: Wiley, the Wiley logo, Wrox, the Wrox logo, Wrox Programmer to Programmer, and related trade dress are
trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affi liates, in the United States and other countries, and may not be used without written permission. Mac OS is a registered trademark of Apple, Inc. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc., is not associated with any product or vendor
mentioned in this book.
www.it-ebooks.info
ffirs.indd iv
9/29/2012 5:55:06 PM
To Steven Paul Jobs: From Mac OS’s very first
incarnation, to the present one, wherein the legacy of
NeXTSTEP still lives, his relationship with Apple is
forever entrenched in OS X (and iOS). People focus on
his effect on Apple as a company. No less of an effect,
though hidden to the naked eye, is on its architecture.
I resisted the pixie dust for 25 years, but he
finally made me love Mac OS... Just as soon as I got
my shell prompt.
— Jonathan Levin
www.it-ebooks.info
ffirs.indd v
9/29/2012 5:55:07 PM
CREDITS
ACQUISITIONS EDITOR
BUSINESS MANAGER
Mary James
Amy Knies
SENIOR PROJECT EDITOR
PRODUCTION MANAGER
Adaobi Obi Tulton
Tim Tate
DEVELOPMENT EDITOR
VICE PRESIDENT AND EXECUTIVE GROUP
PUBLISHER
Sydney Argenta
Richard Swadley
TECHNICAL EDITORS
Arie Haenel
Dwight Spivey
VICE PRESIDENT AND EXECUTIVE PUBLISHER
PRODUCTION EDITOR
ASSOCIATE PUBLISHER
Christine Mugnolo
Jim Minatel
COPY EDITORS
PROJECT COORDINATOR, COVER
Paula Lowell
Nancy Rapoport
Katie Crocker
Neil Edde
PROOFREADER
James Saturnio, Word One New York
EDITORIAL MANAGER
Mary Beth Wakefield
INDEXER
FREELANCER EDITORIAL MANAGER
Robert Swanson
Rosemarie Graham
COVER DESIGNER
ASSOCIATE DIRECTOR OF MARKETING
Ryan Sneed
David Mayhew
COVER IMAGE
MARKETING MANAGER
© Matt Jeacock / iStockPhoto
Ashley Zurcher
www.it-ebooks.info
ffirs.indd vi
9/29/2012 5:55:07 PM
ABOUT THE AUTHOR
JONATHAN LEVIN is a seasoned technical trainer and consultant focusing on the internals of the
“Big Three” (Windows, Linux, and Mac OS) as well as their mobile derivatives (Android and iOS).
Jonathan has been spreading the gospel of kernel engineering and hacking for 15 years, and has
given technical talks at DefCON as well as other technical conferences. He is the founder and CTO
of Technologeeks.com, a partnership of expert like-minded individuals, devoted to propagating
knowledge through technical training, and solving tough technical challenges through consulting.
Their areas of expertise cover real-time and other critical aspects of software architectures, system/
kernel-level programming, debugging, reverse engineering, and performance optimizations.
ABOUT THE TECHNICAL EDITORS
ARIE HAENEL is a security and internals expert at NDS Ltd. (now part of Cisco). Mr. Haenel has
vast experience in data and device security across the board. He holds a Bachelor of Science Engineering in Computer Science from the Jerusalem College of Technology, Israel and an MBA from the
University of Poitiers, France. His hobbies include learning Talmud, judo, and solving riddles. He
lives in Jerusalem, Israel.
DWIGHT SPIVEY is the author of several Mac books, including OS X Mountain Lion Portable
Genius and OS X Lion Portable Genius. He is also a product manager for Konica Minolta, where
he has specialized in working with Mac operating systems, applications, and hardware, as well as
color and monochrome laser printers. He teaches classes on Mac usage, writes training and support
materials for Konica Minolta, and is a member of the Apple Developer Program. Dwight lives on
the Gulf Coast of Alabama with his beautiful wife Cindy and their four amazing children, Victoria,
Devyn, Emi, and Reid. He studies theology, draws comic strips, and roots for the Auburn Tigers
(“War Eagle!”) in his ever-decreasing spare time.
www.it-ebooks.info
ffirs.indd vii
9/29/2012 5:55:07 PM
www.it-ebooks.info
ffirs.indd viii
9/29/2012 5:55:07 PM
ACKNOWLEDGMENTS
“Y’KNOW, JOHNNY,” said my friend Yoav, taking a puff from his cigarette on a warm summer night
in Shanghai, “Why don’t you write a book?”
And that’s how it started. It was Yoav (Yobo) Chernitz who planted the seed to write my own book,
for a change, after years of reading others’. From that moment, in the Far, Middle, and US East (and
the countless fl ights in between), the idea began to germinate, and this book took form. I had little
idea it would turn into the magnum opus it has become, at times taking on a life of its own, and
becoming quite the endeavor. With so many unforeseen complications and delays, it’s hard to believe
it is now done. I tried to illuminate the darkest reaches of this monumental edifice, to delineate
them, and leave no stone unturned. Whether or not I have succeeded, you be the judge. But know, I
couldn’t have done it without the following people:
Arie Haenel, my longtime friend — a natural born hacker, and no small genius. Always
among my harshest critics, and an obvious choice for a technical reviewer.
Moshe Kravchik — whose insights and challenging questions as the book’s fi rst reader hopefully made it a lot more readable for all those who follow.
Yuval Navon — from down under in Melbourne, Australia, who has shown me that friendship knows no geographical bounds.
And last, but hardly least, to my darling Amy, who was patient enough to endure my all-too-frequent travels, more than understanding enough to support me to no end, and infi nitely wise enough
to constantly remind me not only of the important deadlines and obligations. I had with this book,
but of the things that are truly the most important in life.
— Jonathan Levin
www.it-ebooks.info
ffirs.indd ix
9/29/2012 5:55:07 PM
www.it-ebooks.info
ffirs.indd x
9/29/2012 5:55:07 PM
CONTENTS
INTRODUCTION
xxv
PART I: FOR POWER USERS
CHAPTER 1: DARWINISM: THE EVOLUTION OF OS X
The Pre-Darwin Era: Mac OS Classic
The Prodigal Son: NeXTSTEP
Enter: OS X
OS X Versions, to Date
10.0 — Cheetah and the First Foray
10.1 — Puma — a Stronger Feline, but . . .
10.2 — Jaguar — Getting Better
10.3 — Panther and Safari
10.4 — Tiger and Intel Transition
10.5 — Leopard and UNIX
10.6 — Snow Leopard
10.7 — Lion
10.8 — Mountain Lion
iOS — OS X Goes Mobile
3
3
4
4
5
5
6
6
6
6
7
7
8
9
10
1.x — Heavenly and the First iPhone
2.x — App Store, 3G and Corporate Features
3.x — Farewell, 1st gen, Hello iPad
4.x — iPhone 4, Apple TV, and the iPad 2
5.x — To the iPhone 4S and Beyond
iOS vs. OS X
The Future of OS X
Summary
References
11
11
11
11
12
12
15
16
16
CHAPTER 2: E PLURIBUS UNUM: ARCHITECTURE OF OS X AND IOS
OS X Architectural Overview
The User Experience Layer
Aqua
Quicklook
Spotlight
17
17
19
19
20
21
www.it-ebooks.info
ftoc.indd xi
9/29/2012 5:55:19 PM
CONTENTS
Darwin — The UNIX Core
The Shell
The File System
22
22
23
UNIX System Directories
24
OS X–Specific Directories
iOS File System Idiosyncrasies
Interlude: Bundles
Applications and Apps
25
25
26
26
Info.plist
Resources
NIB Files
Internationalization with .lproj Files
Icons (.icns)
CodeResources
Frameworks
28
30
30
31
31
31
34
Framework Bundle Format
List of OS X and iOS Public Frameworks
Libraries
Other Application Types
System Calls
34
37
44
46
48
POSIX
Mach System Calls
48
48
A High-Level View of XNU
Mach
The BSD Layer
libkern
I/O Kit
51
51
51
52
52
Summary
References
52
53
CHAPTER 3: ON THE SHOULDERS OF GIANTS: OS X
AND IOS TECHNOLOGIES
BSD Heirlooms
55
55
sysctl
kqueues
Auditing (OS X)
Mandatory Access Control
56
57
59
62
OS X- and iOS-Specific Technologies
65
User and Group Management (OS X)
System Configuration
65
67
xii
www.it-ebooks.info
ftoc.indd xii
9/29/2012 5:55:21 PM
CONTENTS
Logging
Apple Events and AppleScript
FSEvents
Notifications
Additional APIs of interest
OS X and iOS Security Mechanisms
Code Signing
Compartmentalization (Sandboxing)
Entitlements: Making the Sandbox Tighter Still
Enforcing the Sandbox
Summary
References
69
72
74
78
79
79
80
81
83
89
90
90
CHAPTER 4: PARTS OF THE PROCESS: MACH-O,
PROCESS, AND THREAD INTERNALS
91
A Nomenclature Refresher
91
Processes and Threads
The Process Lifecycle
UNIX Signals
91
92
95
Executables
Universal Binaries
98
99
Mach-O Binaries
Load Commands
102
106
Dynamic Libraries
111
Launch-Time Loading of Libraries
Runtime Loading of Libraries
dyld Features
Process Address Space
111
122
124
130
The Process Entry Point
Address Space Layout Randomization
32-Bit (Intel)
64-Bit
32-Bit (iOS)
Experiment: Using vmmap(1) to Peek Inside a Process’s
Address Space
Process Memory Allocation (User Mode)
Heap Allocations
Virtual Memory — The sysadmin Perspective
Threads
130
131
132
132
133
135
138
139
140
143
Unraveling Threads
143
References
146
xiii
www.it-ebooks.info
ftoc.indd xiii
9/29/2012 5:55:21 PM
CONTENTS
CHAPTER 5: NON SEQUITUR:
PROCESS TRACING AND DEBUGGING
DTrace
147
147
The D Language
dtruss
How DTrace Works
147
150
152
Other Profiling mechanisms
The Decline and Fall of CHUD
AppleProfileFamily: The Heir Apparent
Process Information
154
154
155
156
sysctl
proc_info
156
156
Process and System Snapshots
159
system_profiler(8)
sysdiagnose(1)
allmemory(1)
stackshot(1)
The stack_snapshot System Call
159
159
160
160
162
kdebug
165
kdebug-based Utilities
kdebug codes
Writing kdebug messages
Reading kdebug messages
Application Crashes
165
166
168
169
170
Application Hangs and Sampling
Memory Corruption Bugs
Memory Leaks
173
174
176
heap(1)
leaks(1)
malloc_history(1)
177
177
178
Standard UNIX Tools
178
Process listing with ps(1)
System-Wide View with top(1)
File Diagnostics with lsof(1) and fuser(1)
Using GDB
179
179
180
181
GDB Darwin Extensions
GDB on iOS
LLDB
181
182
182
Summary
References and Further Reading
182
182
xiv
www.it-ebooks.info
ftoc.indd xiv
9/29/2012 5:55:21 PM
CONTENTS
CHAPTER 6: ALONE IN THE DARK:
THE BOOT PROCESS: EFI AND IBOOT
183
Traditional Forms of Boot
EFI Demystified
183
185
Basic Concepts of EFI
The EFI Services
NVRAM Variables
186
188
192
OS X and boot.efi
194
Flow of boot.efi
Booting the Kernel
Kernel Callbacks into EFI
Boot.efi Changes in Lion
Boot Camp
Count Your Blessings
Experiment: Running EFI Programs on a Mac
iOS and iBoot
195
201
203
204
204
204
206
210
Precursor: The Boot ROM
Normal Boot
Recovery Mode
Device Firmware Update (DFU) Mode
Downgrade and Replay Attacks
Installation Images
210
211
212
213
213
214
OS X Installation Process
iOS File System Images (.ipsw)
214
219
Summary
References and Further Reading
225
225
CHAPTER 7: THE ALPHA AND THE OMEGA — LAUNCHD
launchd
227
227
Starting launchd
System-Wide Versus Per-User launchd
Daemons and Agents
The Many Faces of launchd
Lists of LaunchDaemons
GUI Shells
227
228
229
229
241
246
Finder (OS X)
SpringBoard (iOS)
247
248
XPC (Lion and iOS)
Summary
References and Further Reading
253
257
258
xv
www.it-ebooks.info
ftoc.indd xv
9/29/2012 5:55:21 PM
CONTENTS
PART II: THE KERNEL
CHAPTER 8: SOME ASSEMBLY REQUIRED:
KERNEL ARCHITECTURES
Kernel Basics
261
261
Kernel Architectures
262
User Mode versus Kernel Mode
Intel Architecture — Rings
ARM Architecture: CPSR
Kernel/User Transition Mechanisms
Trap Handlers on Intel
Voluntary kernel transition
System Call Processing
266
266
267
268
269
278
283
POSIX/BSD System calls
Mach Traps
Machine Dependent Calls
Diagnostic calls
XNU and hardware abstraction
Summary
References
CHAPTER 9: FROM THE CRADLE TO THE GRAVE —
KERNEL BOOT AND PANICS
The XNU Sources
284
287
292
292
295
297
297
299
299
Getting the Sources
Making XNU
One Kernel, Multiple Architectures
The XNU Source Tree
Booting XNU
299
300
302
305
308
The Bird’s Eye View
OS X: vstart
iOS: start
[i386|arm]_init
i386_init_slave()
machine_startup
kernel_bootstrap
kernel_bootstrap_thread
bsd_init
bsdinit_task
Sleeping and Waking Up
309
310
310
311
313
314
314
318
320
325
328
Boot Arguments
329
xvi
www.it-ebooks.info
ftoc.indd xvi
9/29/2012 5:55:21 PM
CONTENTS
Kernel Debugging
332
“Don’t Panic”
Implementation of Panic
Panic Reports
333
334
336
Summary
References
340
341
CHAPTER 10: THE MEDIUM IS THE MESSAGE: MACH PRIMITIVES
Introducing: Mach
343
344
The Mach Design Philosophy
Mach Design Goals
Mach Messages
344
345
346
Simple Messages
Complex messages
Sending Messages
Ports
The Mach Interface Generator (MIG)
IPC, in Depth
346
347
348
349
351
357
Behind the Scenes of Message Passing
359
Synchronization Primitives
360
Lock Group Objects
Mutex Object
Read-Write Lock Object
Spinlock Object
Semaphore Object
Lock Set Object
361
362
363
364
364
366
Machine Primitives
367
Clock Object
Processor Object
Processor Set Object
378
380
384
Summary
References
388
388
CHAPTER 11: TEMPUS FUGIT — MACH SCHEDULING
389
Scheduling Primitives
389
Threads
Tasks
Task and Thread APIs
Task APIs
Thread APIs
390
395
399
399
404
xvii
www.it-ebooks.info
ftoc.indd xvii
9/29/2012 5:55:22 PM
CONTENTS
Scheduling
408
The High-Level View
Priorities
Run Queues
408
409
412
Mach Scheduler Specifics
Asynchronous Software Traps (ASTs)
Scheduling Algorithms
Timer Interrupts
415
423
427
431
Interrupt-Driven Scheduling
Timer Interrupt Processing in XNU
Exceptions
431
432
436
The Mach Exception Model
Implementation Details
Experiment: Mach Exception Handling
Summary
References
436
437
440
446
446
CHAPTER 12: COMMIT TO MEMORY:
MACH VIRTUAL MEMORY
Virtual Memory Architecture
The 30,000-Foot View of Virtual Memory
The Bird’s Eye View
The User Mode View
Physical Memory Management
Mach Zones
The Mach Zone Structure
Zone Setup During Boot
Zone Garbage Collection
Zone Debugging
447
447
448
449
452
462
467
468
470
471
473
Kernel Memory Allocators
473
kernel_memory_allocate()
kmem_alloc() and Friends
kalloc
OSMalloc
473
477
477
479
Mach Pagers
480
The Mach Pager interface
Universal Page Lists
Pager Types
480
484
486
Paging Policy Management
494
The Pageout Daemon
Handling Page Faults
The dynamic_pager(8) (OS X)
495
497
498
xviii
www.it-ebooks.info
ftoc.indd xviii
9/29/2012 5:55:22 PM
CONTENTS
Summary
References
499
500
CHAPTER 13: BS”D — THE BSD LAYER
Introducing BSD
501
501
One Ring to Bind Them
What’s in the POSIX Standard?
Implementing BSD
XNU Is Not Fully BSD
Processes and Threads
502
503
503
504
504
BSD Process Structs
Process Lists and Groups
Threads
Mapping to Mach
504
507
508
510
Process Creation
512
The User Mode Perspective
The Kernel Mode Perspective
Loading and Executing Binaries
Mach-O Binaries
Process Control and Tracing
512
513
516
522
525
ptrace (#26)
proc_info (#336)
Policies
Process Suspension/Resumption
Signals
525
527
527
529
529
The UNIX Exception Handler
Hardware-Generated Signals
Software-Generated Signals
Signal Handling by the Victim
Summary
References
529
534
535
536
536
537
CHAPTER 14: SOMETHING OLD, SOMETHING NEW:
ADVANCED BSD ASPECTS
Memory Management
539
539
POSIX Memory and Page Management System Calls
BSD Internal Memory Functions
Memory Pressure
Jetsam (iOS)
Kernel Address Space Layout Randomization
Work Queues
540
541
545
546
548
550
xix
www.it-ebooks.info
ftoc.indd xix
9/29/2012 5:55:22 PM
CONTENTS
BSD Heirlooms Revisited
552
Sysctl
Kqueues
Auditing (OS X)
Mandatory Access Control
Apple’s Policy Modules
Summary
References
552
555
556
558
560
563
563
CHAPTER 15: FEE, FI-FO, FILE: FILE SYSTEMS AND THE VFS
Prelude: Disk Devices and Partitions
Partitioning Schemes
565
565
567
Generic File System Concepts
Files
Extended Attributes
Permissions
Timestamps
Shortcuts and Links
577
577
577
577
578
578
File Systems in the Apple Ecosystem
Native Apple File Systems
DOS/Windows File Systems
CD/DVD File Systems
Network-Based File Systems
Pseudo File Systems
579
579
580
581
582
583
Mounting File Systems (OS X only)
Disk Image Files
587
589
Booting from a Disk Image (Lion)
590
The Virtual File System Switch
The File System Entry
The Mount Entry
The vnode Object
591
591
592
595
FUSE — File Systems in USEr Space
File I/O from Processes
Summary
References and Further Reading
CHAPTER 16: TO B (-TREE) OR NOT TO BE —
THE HFS+ FILE SYSTEMS
HFS+ File System Concepts
Timestamps
Access Control Lists
597
600
605
605
607
607
607
608
xx
www.it-ebooks.info
ftoc.indd xx
9/29/2012 5:55:22 PM
CONTENTS
Extended Attributes
Forks
Compression
Unicode Support
Finder integration
Case Sensitivity (HFSX)
Journaling
Dynamic Resizing
Metadata Zone
Hot Files
Dynamic Defragmentation
608
611
612
617
617
619
619
620
620
621
622
HFS+ Design Concepts
624
B-Trees: The Basics
624
Components
630
The HFS+ Volume Header
The Catalog File
The Extent Overflow
The Attribute B-Tree
The Hot File B-Tree
The Allocation File
HFS Journaling
631
633
640
640
641
642
642
VFS and Kernel Integration
645
fsctl(2) integration
sysctl(2) integration
File System Status Notifications
Summary
References
645
646
647
647
648
CHAPTER 17: ADHERE TO PROTOCOL: THE NETWORKING STACK
User Mode Revisited
649
650
UNIX Domain Sockets
IPv4 Networking
Routing Sockets
Network Driver Sockets
IPSec Key Management Sockets
IPv6 Networking
System Sockets
Socket and Protocol Statistics
Layer V: Sockets
Socket Descriptors
mbufs
Sockets in Kernel Mode
651
651
652
652
654
654
655
658
660
660
661
667
xxi
www.it-ebooks.info
ftoc.indd xxi
9/29/2012 5:55:22 PM
CONTENTS
Layer IV: Transport Protocols
Domains and Protosws
Initializing Domains
Layer III: Network Protocols
Layer II: Interfaces
Interfaces in OS X and iOS
The Data Link Interface Layer
The ifnet Structure
Case Study: utun
Putting It All Together: The Stack
668
669
673
676
678
678
680
680
682
686
Receiving Data
Sending Data
686
690
Packet Filtering
693
Socket Filters
ipfw(8)
The PF Packet Filter (Lion and iOS)
IP Filters
Interface Filters
The Berkeley Packet Filter
Traffic Shaping and QoS
694
696
697
698
701
701
705
The Integrated Services Model
The Differentiated Services Model
Implementing dummynet
Controlling Parameters from User Mode
Summary
References and Further Reading
CHAPTER 18: MODU(LU)S OPERANDI — KERNEL EXTENSIONS
Extending the Kernel
706
706
706
707
707
708
711
711
Securing Modular Architecture
Kernel Extensions (Kexts)
Kext Structure
Kext Security Requirements
Working with Kernel Extensions
Kernelcaches
Multi-Kexts
A Programmer’s View of Kexts
Kernel Kext Support
Summary
References
712
713
717
718
719
719
723
724
725
735
735
xxii
www.it-ebooks.info
ftoc.indd xxii
9/29/2012 5:55:22 PM
CONTENTS
CHAPTER 19: DRIVING FORCE — I/O KIT
Introducing I/O Kit
737
738
Device Driver Programming Constraints
What I/O Kit Is
What I/O Kit Isn’t
LibKern: The I/O Kit Base Classes
The I/O Registry
I/O Kit from User Mode
I/O Registry Access
Getting/Setting Driver Properties
Plug and Play (Notification Ports)
I/O Kit Power Management
Other I/O Kit Subsystems
I/O Kit Diagnostics
I/O Kit Kernel Drivers
738
738
741
742
743
746
747
749
750
751
753
753
755
Driver Matching
The I/O Kit Families
The I/O Kit Driver Model
The IOWorkLoop
Interrupt Handling
I/O Kit Memory Management
BSD Integration
Summary
References and Further Reading
755
757
761
764
765
769
769
771
771
APPENDIX: WELCOME TO THE MACHINE
773
INDEX
793
xxiii
www.it-ebooks.info
ftoc.indd xxiii
9/29/2012 5:55:23 PM