def kauth_hook(x86_mem_pae, symbol_list, arch, os_version, base_address):
kauth_fileop_ptr = symbol_list['_kauth_authorize_fileop']
print '[+] Get an address of caller function : kauth_authorize_fileop, %8x'%kauth_fileop_ptr
inline_hook_finder.inline_quick(x86_mem_pae, kauth_fileop_ptr, arch, os_version, base_address)
def kdebug_hook(x86_mem_pae, symbol_list, arch, os_version, base_address):
kernel_debug_ptr = symbol_list['_kernel_debug']
print '[+] Get an address of caller function : kernel_debug, %8x' % kernel_debug_ptr
#print ''
inline_hook_finder.inline_quick(x86_mem_pae, kernel_debug_ptr, arch,
os_version, base_address)
def kauth_hook(x86_mem_pae, symbol_list, arch, os_version, base_address):
kauth_fileop_ptr = symbol_list['_kauth_authorize_fileop']
print '[+] Get an address of caller function : kauth_authorize_fileop, %8x' % kauth_fileop_ptr
inline_hook_finder.inline_quick(x86_mem_pae, kauth_fileop_ptr, arch,
os_version, base_address)
def kdebug_hook(x86_mem_pae, symbol_list, arch, os_version, base_address):
kernel_debug_ptr = symbol_list['_kernel_debug']
print '[+] Get an address of caller function : kernel_debug, %8x'%kernel_debug_ptr
#print ''
inline_hook_finder.inline_quick(x86_mem_pae, kernel_debug_ptr, arch, os_version, base_address)