Dmitry Rodionov
Dmitry Rodionov
Handoff and Versions by [Sympli](https://sympli.io). Thanks!
There's a new thing in OS X 10.11 called SIP (system integrity protection) aka «Rootless». Basically it takes all privileges away from `root`: you can no longer write to protected...
Things break and I don't know why. It happens on Travis only, not on my machine so it's hard to debug. I also don't think that fixing it is important...
There's a **~ 30 seconds** delay between starting analysis and the moment when an application starts launching (Dock icon appears, windows open, etc).
Checklist: - [ ] Make sure `pt_deny_attach` still works on modern OS X systems. > See: http://www.blendedcocoa.com/blog/2013/02/16/failing-to-update-the-pt_deny_attach-kernel-module-for-mountain-lion/ - [ ] If it doesn't: replace it with something like this: https://github.com/gdbinit/onyx-the-black-cat/blob/master/kext/antidebug.c#L72...
[`task_vaccine`](https://github.com/rodionovd/task_vaccine) is a modern successor of `rd_inject_library()` with lots of improvements (e.g. it supports injection into `i386` targets — #4). TODO list: - [ ] add a demo `i386` target...
Would be nice if we have a function like `unload_library_from_task ()` that calls the remote `dlclose()` with a given handle (return value of `load_library_into_task()`).
For example, neither `-[NSRunningApplication runningApplicationsWithBundleIdentifier:]` or even `LSCopyRunningApplicationArray()` are unable to list Google Chrome's GPU Process because this process was not launched via LaunchServices && don't have a proper Bundle...
The readability and extensibility of the current if-else-if-else-if-else logic really sucks. We need something more elegant, but no third-party libraries please (since we only need basic stuff).