Giters

gdbinit / bruteforcesysent

Small util to discover OS X sysent via bruteforce

Home Page:http://reverse.put.as/2012/02/14/a-small-improvement-to-os-x-rootkitery-bruteforcing-sysent-discovery-fast-easy/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Bruteforce Sysent

A small util to bruteforce sysent address with a dynamic approach It is very fast and appears to be very reliable, even when implemented in a kernel extension.

Compatible with OS X 10.6, 10.7, 10.8, 10.9.

(c) 2012, 2013, 2014 fG! - reverser@put.as - http://reverse.put.as

Note: This requires kmem/mem devices to be enabled

Edit /Library/Preferences/SystemConfiguration/com.apple.Boot.plist, add kmem=1 parameter, and reboot!

v0.1 - Initial version, 32 and 64 bits support

v0.2 - Bug fixing and code cleanup

v0.3 - Mavericks support.

About

Small util to discover OS X sysent via bruteforce

http://reverse.put.as/2012/02/14/a-small-improvement-to-os-x-rootkitery-bruteforcing-sysent-discovery-fast-easy/

Languages

Language:C 100.0%