MOXiI - 2nd Edition Typos

Errare est humanum. Any typos, inaccuracies, editorial mistakes, big or small - please post here.

Re: MOXiI - 2nd Edition Typos

Postby stek29 » Tue Feb 06, 2018 4:24 am

Well, some of these aren't strictly typos, but I thought it'd be better to post them all in one place.

- In the beginning:
- "Contents, at a glance": Darwin 17 is the latest version, not Darwin 16 :)
- "Finally..." = "companion website" and not "companion website" (underline)

- p. 184, top: "dyldbootstrap" everywhere, but "dyldBootStrap" in one place
- p. 186, bottom: __attribute((constructor/destructor)) should be __attribute__
- p. 193, description to SET_TYPE_IMM: type constant values aren't specified (they're 1, 2, 3)
- p. 195, after output 7-19: well, this took me a while. Actually, I wasn't able to understand opcodes fully before I looked into the executable on my own. The main issue is that there's no list of dylibs the binary links to to be found anywhere in chapter, so when you see SET_DYLIB_ORDINAL_IMM(3), you can't understand why that refers to ApplePushService framework. Also, it covers almost each opcode, but somehow "skips" SET_SEGMENT_AND_OFFSET_ULEB(2, 0x10), so the reason why it sets address to 0x1017e1000 + 0x10 isn't clear at first. Would be better if it told reader to refer to output 7-18 to see that segment 2 is __DATA and starts at that offset, and 0x10 is added to it.
The BIND_OPCODE_DONE isn't clear either. At first, I've thought it's a typo for BIND_OPCODE_DO_BIND, since there's no such opcode exists. But only on the next day, going back to it, I realized that sentence is about lack of such opcode at all, and about the fact of opcodes never flushing full state, so it can be reused.
- p. 211 - description of "jitInfo" is just "version". What version? What does that even mean?
Posts: 18
Joined: Sat Oct 07, 2017 12:55 pm

Re: MOXiI - 2nd Edition Typos

Postby jeffball » Sun Feb 11, 2018 7:30 pm

Volume 3 - Chapter 13 - Page 254. "Nonetheless, Apple goes to great lengths to villify and discourage it, with HT20194[2] dedicated..." - It's actually HT201954 (it's correct in the reference section of Chapter 13).
Posts: 6
Joined: Thu Jan 18, 2018 5:44 pm

Re: MOXiI - 2nd Edition Typos

Postby 0xdead10cc » Fri Feb 23, 2018 7:47 pm

Volume 3 - Chapter 8 - Page 165 in my version.

Section about sandbox_suspend:

The book says that "The kext therefore checks if the caller has one of the entitlements in Table 8-28.". This is incorrect. The kext checks that the caller process has the entitlement and that the target process has one of two entitlements, either or

The wording in my copy of the book suggests that any app with the entitlement can call sandbox_suspend directly, which is not true.

J says: absolutely correct, and a sad consequence of using vim as my editor. the entitlements in table are right, but the part about target and caller possession of them was somehow left out, leaving the inaccurate wording. Thank you.
Posts: 5
Joined: Fri Jan 05, 2018 12:00 am

Re: MOXiI - 2nd Edition Typos

Postby rlaguilar » Mon Mar 19, 2018 7:11 pm

In volume 1, page 17, the last word of the first paragraph under the `System images` section is corpocessor. Should be coprocessor.
In page 18, in the 4th paragraph (0-index :D) the first sentence contains the following: "and contains an the support daemons". I think that "an" shouldn't be there.
I know that you write the books in vim, but using a tool for handling this kind of mistakes would be great since it would help you to focus on writing high-quality content and it would take care of those mistakes. I would greatly recommend

J says: Thanks for these - fixed. And re gram marly - The point is not the spell checkin in vim - the point is raw HTML, which all spell checkers find as false positives.. So I kind of gave up on that
Posts: 1
Joined: Tue Dec 26, 2017 8:55 pm

Re: MOXiI - 2nd Edition Typos

Postby 73696e65 » Mon Mar 26, 2018 12:59 pm

Page 39: 5) Undocumentedmachine => 5) Undocumented machine

Page 44, line 6: addrresses -> addresses

Page 57: containing an array corresponding with entries corresponding to the partitions -> containing an array with entries corresponding to the partitions

Page 62: and the hdiutil utility` -> Should end with dot.

Page 63, Output 3-15: `grep -A 4 /tmp/*diskarb*` -> should be `grep -A 4 Program /tmp/*diskarb*`

Page 66, after the table: The two shaded extended attributes .. I don't have a shaded fields in my Table 3-20.

Page 66, third line from bottom: Likewise, any access to that file will first in-memory decompression -> should be 'will be'?

Page 67, Output 3-22: `attr -p` -> should be `xattr -p`

Page 69, second line: This means that it contents -> This means that its contents.

Page 70: `folders` User temporary and cache folders (see below) -> Why below, when it was already mentioned on the previous page? J says: originally table was earlier in book. moved.

Page 76: /S: denotes directory is present only in `/SystemLibrary` -> `/System/Library`

Page 89: and is one of the few few "protected" (`SG_PROTECTED_V1`) -> the few "protected"

Page 89, last line: are rarely used left out of this discussion -> are rarely used and left out of this discussion

Page 90: Table 4-9, third entry - uneven number of brackets

Page 105, Second paragraph: MobileGestalt makes often makes -> only one makes

Page 109, Table 4-34: CFPrerences changes monitor -> CFPreferences

Page 111, below the table: NSFileProtectionClass (by another name, -> bracket is not closed

Page 115, second line from bottom: `/var/MobileAsset/Assets/om_apple...` -> `com_apple_...`

Page 116, fourth line from bottom: as the bought the source code rights -> as they bought the source code rights

Page 122, first paragraph: .siriUIBundles in .../UIPlugIns -> should be UIPlugins I guess.

Page 125, first sentence: vaccuum -> vacuum

Page 125, third sentence: often too low a level -> often too low level J. says: this is actually ok :-)

Page 126, in MacOS Legacy Methods, second paragraph: when dragging and ropping -> when dragging and dropping (this is a nice typo) :)

Page 126, in MacOS Legacy Methods, second paragraph: pacakge -> package

Page 126, in MacOS Legacy Methods, second paragraph: which may downloaded -> which may be downloaded

Page 129, third line from bottom: packgeIdentifiers -> packageIdentifiers

Page 131, first sentence: radically different In the -> radically different in the

Page 131, in the middle: `mobile_install_proxy` -> `mobile_installation_proxy`

Page 143, last sentence has no dot.

Sorry if some of them are duplicates.

J Says: No need to be sorry - this is great! Anything it takes to get those nasty typos out.. Thank you! But it looks like you're only up to pg 143... I'm expecting even more soon, then :-/ ...
Posts: 6
Joined: Mon Apr 04, 2016 9:46 am

Re: MOXiI - 2nd Edition Typos

Postby 73696e65 » Thu Mar 29, 2018 4:30 pm

You are more than welcome :) I started reading in January, but then I stopped to read the first edition and it took me longer that I expected to finish it - still awesome book, especially the second part, it was very interesting to compare everything you mentioned with the current source code and see what Apple already modified. With the current pace I think I'll need 2-3 weeks to finish this one and it's so nicely written, I liked how clearly was the dyld explained. Anyway, my next batch, some of them are not typos or just minor ones - if I reported some you are not interested in (e.g. truncated outputs), please let me know and I'll skip these in the next post:

Page 147, Figure 5-28: CFNotificationCallBack (below Distributed notification occurs) -> CFNotificationCallback

Page 150, second paragraph from the bottom: CFBundleIdentiifer -> CFBundleIdentifier

Page 154, second paragraph: filterBy[Uid/Gid] -> filterBy[UID/GID] (but I suppose this is case insensitive)

Page 155, AdaptiveFirewa .. (AdaptiveFirewa does not fit on page, truncated)

Page 156, Top level <dictionary> element, comprised of one of more <suite> -> of one or more

Page 156, >parameter> -> <parameter>

Page 157, in enumeration: with neither properties nor methods -> this should be using normal fonts and not courier I suppose

Page 157, last paragraph: AppleScriptObjc -> AppleScriptObjC

Page 158, -> (without space)

Page 158, used to restrict Apple Events to specific CFBundleIdentifiers -> to match your previous notation, the last 's' should not be with courier

Page 163, last paragraph: 32-bit world iOS -> 32-bit iOS world

Page 165, in the paragraph starting with Defining __PAGEZERO: entry point to the malcious code -> malicious code

Page 168, you mention in the table that MH_OBJECT was used for 32b kexts. Later you talk about `MH_BUNDLE` instead, when you mention 32b kernel extensions. So I suppose the table should be fixed.

Page 168, last paragraph: The last file type in Table 6-9, is -> The beginning of the sentence should be "The last file type we mention" maybe? Because it's not the last table entry. Also it would sound better for me without comma used before "is".


Page 171, second line: this work artificially splits them into three classes -> strictly speaking, if we count the "Deprecated load commands" it should be four classes. I am not sure what was the intention.

Page 172, picture with segments: sename[16] -> sectname[16]

Page 174, Library Injection: can easily be performed using during load time -> can easily be performed during load time

Page 176: Dylibs are commonly loaded using `LC_LOAD_LIBRARY` -> Dylibs are commonly loaded using `LC_LOAD_DYLIB`

Page 176: The best example of this is libSystem.B.dylib ... which re-exports all the libraries in Table 2-17 -> should be Table 2-19.

Page 176: The latter has dylibs which further reexport others -> Because the picture represents Cocoa, shouldn't be this "The former"?

Page 178, `LC_DYLD_INFO` section: in order to provide dyld with a the offsets -> with the offsets

Page 179, second line: These load commands are listed in Table-infolc -> in Table 6-27.

Page 184, variable MallocNanoZone, column Indicates: q.v. Ch. @MALLOC -> shouldn't be there the chapter number, instead of @MALLOC?

Page 185, The variables of apple[] are passed all programs -> are passed to all programs

Page 185, At that point, the stack points to the set of values shown in Figure x-dss -> Table 7-3 (or something else)

Page 186, Using `DYLD_PRINT_IMAGES=1` -> Maybe `DYLD_PRINT_LIBRARIES` was intended?

Page 187, The same in this page, there is `DYLD_PRINT_IMAGES` instead of `DYLD_PRINT_LIBRARIES`, which was invoked

Page 192, Before the Output 7-14: As was shown in Output 7-14 -> As was shown in Output 6-26

Page 192: Output 7-14 -> after grep -A 5 there is no `LC_DYLD_INFO` visible, truncated output.

Page 192: Lazy info: ... (in `__DATA.__nl_symbol_ptr`) -> (in `__DATA.__la_symbol_ptr`)

Page 194: Segment|Section|Address|Index|Dylib|symbol -> Symbol should be maybe with the capital too?

Page 194, Output 7-17: not visible grep parameters

Page 194, 4 lines from bottom: and Compare that to Output . -> Output 7-15.

Page 196 & 197: My jtool (compiled on Feb 4 2018 18:07:27) doesn't show the rebase opcodes, unlike dyldinfo and `jtool -export` output is empty too. I believe you are aware of this, because this feature isn't implemented in `jtool` binary yet.

Page 202: The cache location differs - in MacOS, it is in `/path/var/db/dylb` -> `/var/db/dyld` (and the last char not 'b' but 'd')

Page 203, Listing 7-29 is truncated, but because it's readable in the dyld source code, I am not sure if it's an issue.

Page 205, again the Listing 7-2 is truncated.

J says: Aside from truncated listings, most of which are just impossible to fit and truncated so as to at least make the reader see what was missing, all the rest of the typo corrections are crucial! Thank you! Your name is now in v1.0.5 :-)
Posts: 6
Joined: Mon Apr 04, 2016 9:46 am

Re: MOXiI - 2nd Edition Typos

Postby 73696e65 » Wed Apr 11, 2018 9:59 am

Thank you, this is a great honor for me! :) But I am progressing more slowly than I thought:

Page 208: `/usr/libexec/closured` served as the "closure daemon". -> this sentence looks redundant, you already mentioned his location two lines above and also specified what it does.

Page 210, Table 7-39: enumerate loaded images -> Enumerate (if you want to match the capitals in Table)

Page 211: but exporting the `dyld_all_image_infos` -> by exporting the `dyld_all_image_infos`

Page 214: Listening 7-46: Not sure if it's worth to fix, but the `uint64_t load_addr` uses different indent than rest of the structure elements.

Page 221: A process will continue to exist until its main thread exits or it is kill(2) -> kill(2)ed?

Page 221, last paragraph: .. `setsid(2)`, after which points all children -> after which point

Page 221:, word "signalled/signaled" .. you have "Grouped processes can be signaled" (here you are using American variation), but in the last sentence on the same page you have "all of them to be appropriately signalled" (British/Canadian variation).

Page 222, footnote: You have two stars instead of just one: ** - Ledgers are a Mach object ..

Page 222: setregid -> setregid(2)

Page 223: `CONFIG_PERSONA` is false -> `CONFIG_PERSONAS` is false

Page 225, above the Table 8-12: although non are suffixed -> none are suffixed

Page 225, last paragraph: Not only tis this a POSIX -> Not only is this a POSIX

Page 227, first sentence: q..v Listing 2-18 -> q.v. Listing 2-18

Page 232: You mention MUTZ in the different Endianness as AXTM in the same sentence.

Page 232: Recall From Chapter 4 that Mach-O objects have .. -> Shouldn't this be Chapter 6, where we mentioned `MH_HAS_TLV_DESCRIPTORS`?

Page 233: I am not sure if I follow here correctly, you mentioned `QOS_CLASS_USER_INTERACTIVE` having priority 46 and later, the Priority paragraph, the interactive QoS class is 48. Why these numbers are not the same?

Page 233: I/O throughput -> I/O Throughput (as in CPU Throughput)

Page 233, CPU Throughput: requeust -> request

Page 233: non-posix -> non-POSIX

Page 233: higher QoS classes are allocated more resources -> higher QoS classes are allocating more resources J says: Here, allocated (by the system)

Page 233: which generally aim to conserve as much energy (..) as much as possible -> which generally aim to conserve as much energy (..) as possible

Page 234, figure 8-24: legend doesn't match the picture, for example instead of the first `data` field I suppose there should be `ident`

Page 236, not typo just redundant: `libdispatch.dylib` is tightly integrated with `libpthread.dylib` .. and later in next paragraph you mention again .. and is tightly integrated with `libpthread`

Page 240, second line from the bottom in the disassembly: MOV X0, X20 ; --X0 = X20 = 0x0 -> why 0x0? X20 contains the `dispatch_q`, so would X0. Also why `--` before X0? J says: Because that was automatic Jtool output..

Page 241: The concrrent mode -> concurrent mode.

Page 242, first paragraph: .. avoiding the need for singletons./p> -> typo in tag

Page 242: Queue attributes subchapter ends with `dqa_overcommit` ... is it intended? J says: No. Missing sentence end..

Page 243: manger thread -> manager thread

Page 243: (specified in arg2 is available -> (specified in arg2) is available (missing bracket)

Page 243: worqueue threads -> workqueue threads

Page 244: The term refers to a a stateless function, which can be be -> a a, be be (both twice)

Page 245, Table 8-37: event source -> Event source (if you want to match the capitals in table)

Page 247, Table 8-40: memory pressure notification -> Memory pressure notification (if you want to match the capitals in table)

Page 249, Listing 8-43: #include <dispatch/dispatch.h> is not visible, because it's interpreted as HTML tag. J says: DAMN! You're good! :-)

Page 251 (discusse in Chapter 15) -> (discussed in Chapter 15)

Page 254: that of malloc(2) and the like -> "and the like" should use normal font

Page 258: thusprovide -> thus provide

Page 259: The memory tag is passed in the fifth parameter -> this should be the 4th parameter

Page 260, Table 9-7: Stnadard -> Standard

Page 262: Mac task port -> Mach task port

Page 263: figure 9-9 -> Figure 9-9

Page 263: following it are more fields* -> there is a star, but nothing explained in the footnote

Page 263, second paragraph: otheriwse -> otherwise

J says: The honor is all mine. I'm glad you are reading it meticulously - and even more so that I can still get to hold on to my few BTC with all these just being annoying typos (so many, though :-)
Posts: 6
Joined: Mon Apr 04, 2016 9:46 am

Re: MOXiI - 2nd Edition Typos

Postby 73696e65 » Mon Apr 30, 2018 9:59 am

Hey, I am sending my last batch of typos. It was very rewarding reading and thanks again for such a great book. I am looking forward for the second part, good luck with your writing! :)

Page 265: but one allocated -> but once allocated

Page 265, Figure 9-13: There is a security "cookie" field, but the comment says "Zone version".

Page 266: Retaining a value increases its reference count until it is `cache_release_value(3)` decreases it. -> there should be no "it is".

Page 266: Here hides the missing footnote referenced from p. 263.

Page 269: 9-18: `os_alloc_once` -> Figure 9-18: `os_alloc_once`

Page 270: A good example of the `_os_alloc_once_usage_pattern` -> A good example of the `_os_alloc_once` usage pattern

Page 270: jumping to 0x4f71 -> jumping to 0x4f6a

Page 270: Listing 9-20: Libnotify-..-> Listing 9-20-a: Libnotify-.. (to match the line above: "show in Listing 9-20-a").

Page 275: The system call is defined in the XNU's `bsd/kern_memorystatus.h` -> `bsd/sys/kern_memorystatus.h`.

Page 276: Technically in header `MEMORYSTATUS_CMD_` should be `MEMORYSTATUS_CMD`, because already use underscore in each command explanation.

Page 276, Table 9-27: Change jetsap -> Change jetsam

Page 284, Table 10-1: `CFBag` A Multitset -> A multiset

Page 285, Table 10-1: `CFMachPortBoost`: .. importance boots -> importance boost (but boots fits here too :)

Page 285, last line in table: `disarbitrationd` -> `diskarbitrationd`

Page 295: Listing 10.11-a and 10.11-b: objective-C -> Objective-C; objective-c -> Objective-C

Page 297, capital instead of a normal letter and missing a period: no quick method to decode, The method .. As -> the method

Page 300: (e.g. in Listing 4-43, 4-54, .. -> Listing 4-43 shows file output and 4-54 does not exist.

Page 302: objective-C rewriting -> Objective-C rewriting

Page 307: Recall from figure objc-init -> from Figure 10-8?

Page 307: Obcjective-C dependency -> Objective-C dependency

Page 309: libwwift[Core]Foundation -> libswift[Core]Foundation

Page 310: The sections in 10-27 do not supersede -> The sections in (Table) 10-26.

Page 314, third paragraph: but a microkernel alone does not a system make -> does not make a system

Page 318, first line: a priori posultate -> a priori postulate

Page 318: `bootstrap_lookup` -> `bootstrap_look_up` (this occurs also on p. 320 and 322, at least)

Page 319, fourth line: `rcpss.exe` -> `rpcss.exe`

Page 322: .. `bootstrap_checkin` -> `bootstrap_check_in`

Page 322, last paragraph: Apple has revamped the the bootstrap -> Apple has revamped the bootstrap

Page 324: 3212 .. Move a port right in our out -> in or out

Page 324: 3232 .. and and send right -> and send right

Page 329, Message Trailers: even if in unused -> even if is unused

Page 331 I have some printing error here, the page is shifted a little up, however everything is readable.

Page 333: assigns it a(n arbitrary) -> assigns it an (arbitrary)

Page 334: having five sections -> there are only four mentioned.

Page 334: .. there is a direct mapping to an an elsewhere -> there is a direct mapping to an elsewhere

Page 340: at the bottom of Listing 11-25 -> at the bottom of Listing 11-24

Page 344: and any number of `SEND` (or `SEND_ONCE` -> (or `SEND_ONCE`)

Page 351, Table 12-7: 3401: destroy target task -> Destroy target task

Page 353: namespace manipulation, Here too -> namespace manipulation, here too

Page 361, last line: (with *OS specific .. no closing bracket

Page 363: In cass where a signal does -> In case where a signal does

Page 366, first paragraph: initiaitive -> initiative

Page 366, third paragraph: is that of version 842[ldlink] -> is that of version 842[1]

Page 366: Table 13-1: Better support ofr -> Better support of

Page 368, in both section headers: exection -> execution

Page 368: whenever a change to or to files in (different font, maybe the sentence could be reformulated too).

Page 371, first paragraph: (launchd is discussed in more detail in Chapter 13) -> we are already in chapter 13, so I am not sure how important is to mention this here.

Page 371, second paragraph: stating the a daemon launched -> "stating that a daemon launched", or "stating the daemon launched"

Page 371: The `UserEventAgent` daemon* functions functions as -> The `UserEventAgent` daemon* functions as

Page 374, last line: on the book's companion website, in the `UserEventAjent` project -> UserEventAgent?

Page 375 mentions that there is a video presentation about agents & daemons from 2015. Where is possible to watch it? I found the slides, but seeing the video could be much better.

Page 376: Listing x shows the services -> Listing 13-13 shows the services

Page 377: Listing 13-14 (cont.): .. of iOS 110.13's launchd -> previously was mentioned 11.1.1, should be the same

Page 378, Listing 13-15: The embedded __TEXT.__bs_plist of iOS 110.13's launchd -> of MacOS 10.13

Page 381: .. or kill -1)* -> there is a star without footnote.

Page 384: For simple service status checks, once can use -> one can use

Page 387: compatible implementation of XPC at the book's companion website -> there is a hyperlink, but without URL it could be rather URL or normal text.

Page 391: `/usr/libexec/xpcroleaccountd` - Darwin 17: -> no description after the colon (unlike `xpchelper`)

Page 392: XPC Object APIs defined .. ( .. ( -> both brackets are not closed.

Page 393, Table 14-7: `xpc_object_hash` - Genereates hash value, for use in dictionaries -> Generates

Page 394: The `Len` argument specifies the size -> The `Size` argument specifies the size (to match the previously mentioned declaration)

Page 394: These predefined types listed in -> These predefined types are listed in

Page 396, last paragraph: `xpc_bootstrap pipe` -> `xpc_bootstrap_pipe`

Page 397: Listing xpc-on-wire demonstrates -> Listing 14-12 demonstrates.

Page 398: The two most common selectors .. are .. _sendInvocation:WithProxy:remoteInterface:withErrorHandler:timeout:userInfo: and _sendInvocation:WithProxy:remoteInterface:withErrorHandler:timeout:userInfo: .. -> both mentioned selectors looks the same.

Page 399, in send_message dtrace there is a line with `execname, pid, arg0, arg1, s` -> I guess 's' shouldn't be here.

Page 401, Table 14-18: I have no shaded region, albeit they are mentioned.

Page 401, Tabel 14-18: specifying -> Specifying

Page 402: - `_SandboxProfile:` - If this -> "If" is with "italic" font

Page 403, third line: As the above shows, XPC can make sue of -> can make use of

Page 404, Figure 14-21: 5) Xpcproxy spawns -> 5) xpcproxy spawns (alike point nr. 4)

Page 406, third line: MacOS presently* uses a single cache -> here is a star after "presently", but no footnote

Pace 407: their public API in the "Energy Efficient Guide" [eeg] -> I guess there should be a reference instead of [eeg]

Page 407, Table 14-25, the same as on page 276, `XPC_ACTIVITY_` already contains the underscore.

Page 407: `_MAY_REBOOT_DEVICE` - A hint indicating task my call -> A hint indicating my task call (?)

Page 408: `` key for this purpose You can -> `` key for this purpose. You can

Page 411: most of these APIS -> most of these APIs

Page 412, second paragraph: not exported to user mode (i.e. declared as .. -> missing ending bracket

Page 416: The idea behind microstackshots is to Microstackshots are enabled through -> The idea behind microstackshots is that (or something similar)

Page 416, third paragraph: has a utility called `systemstats(8)` facility is described later in this chapter -> has a utility called `systemstats(8)`, and his facility (or something similar)

Page 417, footnote: Recall from Table 3-binbins -> Recall from Table 3-binbins -> Recall from Table 3-29

Page 420, third line from the bottom: `[/System/]LibraryPreferences/Logging` folders. -> `[/System/]Library/Preferences/Logging` folders.

Page 423: Apple keeps the format of `.tracev3` proprietary and undocument -> undocumented

Page 432: It then sets up its a trace buffer -> It then sets up its trace buffer
Posts: 6
Joined: Mon Apr 04, 2016 9:46 am


Return to Errata

Who is online

Users browsing this forum: No registered users and 1 guest