After some pratice, the answer is yes. But we need to take care to build the static lib with kernel stuff such as kernel framework and header files which is something tricky a little bit for new hand...
Post
Replies
Boosts
Views
Activity
Yeah, we know that. But the fact is the kext still can be loaded for the latest release. The problem is happened on a machine with macos 10.14.6 with below message when panic occurs:"build" : "Bridge OS 4.5 (17P5290)", "crashReporterKey" : "c0dec0dec0dec0dec0dec0dec0dec0dec0de0001", "date" : "2020-06-16 03:38:13.18 +0000", "incident" : "B3549D58-E9CD-4D71-9478-D3AD259C8121", "kernel" : "Darwin Kernel Version 19.5.0: Thu Apr 30 23:53:45 PDT 2020; root:xnu-6153.120.31~33\/RELEASE_ARM64_T8010",
The drawback of this method is for those processes launched before your kext be loaded, you don't have the vnode of those processes, so even if you have their pid, you still can't use vn_getpath() to get the full path of those processes...