KEXT Debugging on Mac

Copy the kext to temp folder

    sudo cp -r /…xx.kext /tmp/

     cd /tmp

Modify the priviledges

    sudo chown -R root:wheel xx.kext
    sudo chmod -R 775 xx.kext

Load the kext at the starting address where the affected kext loaded. you will get the address from the panic report

    sudo kextload -z -n -a xxx.yyy.kext.zzz@0x47cd1000 -s . xx.kext

Open another terminal and launch the gdb

    gdb -arch i386 /Volumes/KernelDebugKit/mach_kernel

Add debug source symbols
    source  /Volumes/KernelDebugKit/kgmacros

Add system and application symbols

    add-symbol-file /tmp/com.apple.kpi.bsd.sym
    add-symbol-file /tmp/com.apple.kpi.libkern.sym
    add-symbol-file /tmp/com.apple.kpi.iokit.sym
    add-symbol-file /tmp/com.apple.kpi.mach.sym
    add-symbol-file /tmp/xxx.yyy.kext.zzz.sym

Query the symbols

    x/i address

// For remote debugging

As it is exec the following command
    target remote-kdp

Attach to the remote system
    attach ip

Execute the bt to get all the symbols or use x/i to get a particular symbol
    bt   // back trace  , it loads all symbols, otherwise

Blogged with Flock

Tags: , , ,

Manipulate items in privacy tab of spotlight using shell script

First get the permissions.
        sudo chown -R $USER:$GROUP /.Spotlight-V100/
        sudo chmod -R 777 /.Spotlight-V100/

Write items
        sudo defaults write /.Spotlight-V100/Store-V1/Exclusions Exclusions -array-add ‘/Users/xxxx/Downloads’ ‘/Users/xxxx/Documents/’ ‘/System’

Read items
        sudo defaults read /.Spotlight-V100/Store-V1/Exclusions

Delete items
        sudo defaults delete /.Spotlight-V100/Store-V1/Exclusions Exclusions

Revert back the permissions.
        sudo chown -R root:admin /.Spotlight-V100/
        sudo chmod -R 700 /.Spotlight-V100/

Delete specific items

#!/bin/sh
appspre=`sudo defaults read /.Spotlight-V100/Store-V1/Exclusions Exclusions`
appspost=`echo $appspre | sed ‘s/\/xxxx//g’ | sed ‘s/[“(),][“(),]*//g’`

sudo chown -R $USER:$GROUP /.Spotlight-V100/
sudo chmod -R 777 /.Spotlight-V100/
defaults delete /.Spotlight-V100/Store-V1/Exclusions Exclusions
defaults write /.Spotlight-V100/Store-V1/Exclusions Exclusions -array-add $appspost
sudo chown -R root:admin /.Spotlight-V100/
sudo chmod -R 700 /.Spotlight-V100/

Blogged with Flock

Tags: , , , , ,