not Found private symbol "_proc_lock" and "_proc_unlock" On Intel hardware for MacOS 12.5

Question

not Found private symbol "_proc_lock" and "_proc_unlock" On Intel hardware for MacOS 12.5

ccp10841054 opened this issue 2 years ago · comments

iFengOoo commented 2 years ago

kernel_dlsym("_proc_lock")

kernel_dlsym("_proc_unlock")

return NULL;

Steven Michaud · Answer 1 · Sat Sep 10 2022 00:55:25 GMT+0800 (China Standard Time)

The macOS 12.5 kernel doesn't contain global symbols with either of these names. So kernel_dlsym() will, of course, return NULL on both of them.

You can only use kernel_dlsym() on symbols that are named in the kernel's symbol table. To get a list of these symbols, do nm -pam /System/Library/Kernels/kernel.

But you shouldn't be altering the HookCase.kext kernel extension's code. You should be writing hook libraries, emulating the example library in https://github.com/steven-michaud/HookCase/tree/master/HookLibraryTemplate. There you can use module_dlsym().