MOXiI - 2nd Edition - Table of Contents (Part II - Kernel Mode)
N.B If you're ordered this from Amazon: Mac OS X and iOS Internals: To the Apple's Core, Volume 1 User Mode (Wrox Programmer to Programmer)
then cancel your order. Wiley isn't publishing either volume..summary: 5 new chapters, 1 removed chapter, plenty of in-chapter updates, esp. ARM/ARM64 (iOS)
Alone in the Dark: The Boot ProcessBoot, Panic, and Shutdown
Moved from Volume I
- EFI, Demystified
- OS X and boot.efi
- Flow of Boot.efi
- Booting the kernel
- kernel callbacks into EFI
- boot.efi in
LionMavericks - Core-Storage induced changes
- Count your blessings
- Experiment: Running EFI Programs on a Mac
- iOS and iBoot
- Precursor: the Boot ROM
- Normal boot
- Recovery Mode
- DFU Mode
- iOS software images (.ipsw) and OTA images (dydiff, etc)
- iBoot - Structure and flow
- APTickets, SHSHs, etc
Chapter 8: From the Cradle to the Grave - Kernel Boot and Panics
- The XNU Sources
- Getting the Sources
- Making XNU
- One kernel, multiple architectures
- The XNU Source Tree
- Booting XNU
- The bird's eye view
- OS X: vstart
- iOS: start
- [i386|arm]_init
- i386_init_slave()
- machine_startup
- kernel_bootstrap
- kernel_bootstrap_thread
- bsd_init
- bsdinit_task
- Sleeping and Waking Up
- The kernel programming interfaces (KPIs)
- Boot Arguments
- List of boot args in iOS and OS X
- Kernel Debugging
- Experiment: Kernel debugging in a virtual machine
- Don't Panic
- Implementation of Panic
- Panic Reports
- Symbolicating the kernel
- Summary
- References:
Chapter 9: Some Assembly Required: Kernel Architectures
- Kernel Basics
- Kernel Architectures
- User Mode versus Kernel Mode
- Intel Architecture - Rings
- ARM Architecture - CPSR
- ARM 64 Architecture - EL
- Kernel/User Transition Mechanisms
- Trap Handlers on Intel
- Trap Handlers on ARM
- Voluntary kernel transition
- System Call processing
- POSIX/BSD System calls
- Mach Traps
- Machine Dependent Calls
- Diagnostic calls
- XNU and hardware abstraction
- The x86_64 Platform Expert
- The ARM64 Platform Expert
- Summary
- References
Chapter 18: Modu(lu)s Operandi - Kernel Extensions
- Extending the Kernel
- Securing Modular Architecture
- Kernel Extensions (kexts)
- Kext Structure
- KEXT Security Requirements
- Working with Kernel Extensions
- Kernelcaches
- Multi-Kexts
- A Programmer's View of KEXTs
- Kernel Kext Support
- Kext signing
- OSKextLib, in detail
- Kextd, in detail
- Summary
Mach IPC: The internal view
Delves deeper into Mach Messages, after concepts and APIs have already been explored in Volume I- splay trees
- The kernel implementation of ports
- The mach_port MIG functions, in depth
- mach_port_kobject
- Experiment: tracing Mach messages
- Experiment: Mapping ports
New Chapter: Apple's Machinations
Apple's additions to the venerable Mach APIsChapter 11: Tempus Fugit - Mach Scheduling
- Scheduling Primitives
- Run Queues
- Threads
- Tasks
- Task and Thread APIs
- Getting the Current Task and Thread
- Task APIs
- Thread Control APIs
- Thread Creation
- Scheduling
- The High-Level View
- CPU Affinity
- The Mach Implementation
- Mach Scheduling Primitives
- Context Switching in Mach
- Continuations
- Preemption Modes
- Explicit Preemption
- Implicit Preemption
- Asynchronous Software Traps (ASTs)
- Exceptions
- The Mach Exception Model
- Implementation Details
- Exception-Handling Exercises
- Mach Task Scheduling
- Interrupt-Driven Scheduling
- Timer Interrupt Processing in XNU
- Scheduling Algorithms
- Summary
Chapter 12: Commit to Memory - Mach Virtual Memory
- Virtual Memory Architecture
- The 30,000-Ft View of Virtual Memory
- The Bird's Eye view
- The User Mode view
- Physical Memory Management
- Mach Zones
- The Mach Zone structure
- Zone Setup During Boot
- Zone Garbage Collection
- Zone Debugging
- Feng-Shui in kernel memory zones
- Kernel Memory Allocators
- kernel_memory_allocate()
- kmem_alloc() and Friends
- kalloc, zalloc, etc
- OSMalloc
- The PMAP interfaces
- x86_64
- ARM
- ARM64
- Mach Pagers
- The Mach Pager interface
- Universal Page Lists
- Pager Types
- Paging Policy Management
- The Pageout Daemon
- Handling page faults
- Compressed RAM
- Decrypted RAM (Apple Protect Pager)
The dynamic_pager(8) (OS X)
- Summary
Chapter 13: BS"D - The BSD Layer
- Introducing BSD
- BSD and POSIX
- One Ring to Bind Them
- What’s in the POSIX Standard?
- Implementing BSD
- XNU Is Not Fully BSD
- Processes and Threads
- BSD Process Structs
- Process Lists and Groups
- Threads
- Mapping to Mach
- Devices, uio
- Process Creation
- The User Mode Perspective
- The Kernel Mode Persepctive
- Loading and Executing Binaries
- Mach-O Binaries
- Process Control and Tracing
- ptrace (#26)
- proc_info (#336)
- Policies:
- iopolicysys (#322)
- process_policy (#323)
- Process Suspension/Resumption (iOS)
- Signals
- The UNIX Exception Handler
- Hardware Generated Signals
- Software Generated Signals
- Signal Handling by Victim
- Summary
Chapter 14: Something Old, Something New: Advanced BSD Aspects
- Memory Management
- POSIX Memory and Page Management System Calls
- BSD Internal Memory Functions
- Memory Pressure
- Jetsam
- Kernel Address Space Layout Randomization
- sysctl
- Kernel WorkQueues and GCD Internals
- Mandatory Access Control
- MAC Policies
- Apple's policy modules
- KAuth
- References
Chapter 15: Fee, FI-FO, File – File Systems and the VFS
- Prelude: Disk Devices and Partitions
- Partitioning Schemes
- Core Storage
- DMG demystified
- Generic File System Concepts
- Files
- Extended Attributes
- Permissions
- Timestamps
- Shortcuts and Links
- File Systems in the Apple Ecosystem
- Native Apple File Systems
- DOS/Windows File Systems
- CD/DVD File Systems
- Network-Based File Systems
- Pseudo File Systems
- Mounting File Systems (OS X only)
- Disk Image Files
- Booting from a Disk Image (Lion)
- The Virtual File System Switch
- The File System Entry
- The Mount Entry
- The Vnode object
- Experiment: View All File Systems in Kernel
- FUSE—File Systems in USEr Space
- Implementing a simple file system
- File I/O from Processes
- Summary
- References and Further Reading
Chapter 16: To B(-Tree) or not to Be: HFS+
- HFS+ File System Concepts
- Time stamps
- Access Control Lists
- Extended Attributes
- Forks
- Compression
- Unicode Support
- Finder Integration
- Case Sensitivity (HFSX)
- Journaling
- Dynamic Resizing
- Metadata Zone
- Hot Files
- Dynamic Defragmentation
- HFS+ Design Concepts
- HFS+ Components
- The Catalog File
- Catalog Lookup
- Catalog Insertions
- Catalog Deletions
- File and Folder Record Data
- Permissions
- Hard and Soft Links
- Fork Allocation
- The Extent Overflow
- Attribute B-Tree
- Hot-File B-Tree
- Allocation File
- The Extent Overflow
- HFS+ Journaling
Chapter 17: Adhere to Protocol: The Networking Stack
- User mode Revisited
- UNIX Domain Sockets
- IPv4 Networking
- Routing Sockets
- Network Driver Sockets
- IPSec Key Management Sockets
- IPv6 Networking
- Multipath TCP (10.9/7.0) and the x syscalls
- System Sockets
- Socket and protocol statistics
- Layer V: Sockets
- Socket descriptors
- mbufs
- Content filters (cfilstat,cfilutil, net.cfil.*)
- pktap (pktapctl, etc)
- Implementing the Socket API
- Sockets in Kernel Mode
- Layer IV: Transport Protocols 23
- Layer III: Network protocols
- Layer II: Interfaces
- Interfaces in OS X and iOS
- The Data Link Interface Layer (DLIL)
- The ifnet structure
- Case Study: utun
- Putting it all together: The Stack
- Receiving data
- Sending data
- Packet Filtering
- Socket Filters
- ipfw(8)
- Using ipfw and dummynet for bandwidth control
- The PF Packet Filter (Lion and iOS)
- IP Filters
- Interface Filters
- The Berkeley Packet Filter
- Traffic Shaping and QoS
- The Integrated Services Model
- The Differentiated Services Model
- Implementing dummynet
- Controlling Parameters from User Mode
- Summary
- References and Further Reading
Chapter 19: Driving Force - I/O Kit
- Introducing I/O Kit
- The Constraints of Device Driver Programming
- I/O Kit Is..
- I/O Kit isn't
- The I/O Registry, in depth
- LibKern: The I/O Kit Base Classes
- I/O Kit from User Mode
- The io_user_client_trap
- IOUserClients (- note to self: possibly reverse AppleKeyStore or other)
- IOConnectCall, CallStruct, etc..
- Plug and Play (Notification Ports)
- I/O Kit Diagnostics
- I/O Kit Kernel Drivers
- Personalities
- The I/O Kit Families
- The I/O Kit Driver Model
- The IOWorkLoop
- Interrupt Handling
- I/O Kit Memory Management
- IOMemory Descriptors
- I/O Kit Power Management
- Summary
- References and Further Reading
New Chapter: Input devices
- Basic concepts
- OS X: WindowServer
- iOS: backboardd/SpringBoard
- Handling keyboard events
- Handling touch events
New Chapter: Power Management
- Basic concepts
- The IOPower plane
- User mode: powerd
- User mode: caffeinate - with detailed reversing
- Kernel Mode: I/O Kit
- Power Management Assertions (wake locks)
- Hibernation
New Chapter: The Graphics Architecture
- User mode: IOSurface and MobileSurface
- Kernel Mode: I/O Kit
New Chapter: IONetworking
- The IONetworking family
- IO80211Family (and JWifi)
Appendix A: Beat the System
- Table of OS X/iOS System calls - Updated for XNU 3216
- Table of Mach Traps
Appendix B: Welcome to the Machine
- XNU on the Intel Architecture
- XNU on the ARM Architecture
- ARM64