def kauth_hook(x86_mem_pae, symbol_list, arch, os_version, base_address): kauth_fileop_ptr = symbol_list['_kauth_authorize_fileop'] print '[+] Get an address of caller function : kauth_authorize_fileop, %8x'%kauth_fileop_ptr inline_hook_finder.inline_quick(x86_mem_pae, kauth_fileop_ptr, arch, os_version, base_address)
def kdebug_hook(x86_mem_pae, symbol_list, arch, os_version, base_address): kernel_debug_ptr = symbol_list['_kernel_debug'] print '[+] Get an address of caller function : kernel_debug, %8x' % kernel_debug_ptr #print '' inline_hook_finder.inline_quick(x86_mem_pae, kernel_debug_ptr, arch, os_version, base_address)
def kauth_hook(x86_mem_pae, symbol_list, arch, os_version, base_address): kauth_fileop_ptr = symbol_list['_kauth_authorize_fileop'] print '[+] Get an address of caller function : kauth_authorize_fileop, %8x' % kauth_fileop_ptr inline_hook_finder.inline_quick(x86_mem_pae, kauth_fileop_ptr, arch, os_version, base_address)
def kdebug_hook(x86_mem_pae, symbol_list, arch, os_version, base_address): kernel_debug_ptr = symbol_list['_kernel_debug'] print '[+] Get an address of caller function : kernel_debug, %8x'%kernel_debug_ptr #print '' inline_hook_finder.inline_quick(x86_mem_pae, kernel_debug_ptr, arch, os_version, base_address)