Post

Replies

Boosts

Views

Activity

Ventura/Sonoma Silicon no signal when null dereference
Ventura 13.2.1 M1 Sonoma 14.2.1 M2 In my app I have a signal handler. When testing it with null-dereference I see that in previous MacOs versions like Monterey 12.0 x86 the signal handler is called. However, on my Silicon Ventura/Sonoma machines its not called. Tried with SIP enabled and disabled So I created a binary with code: #include <iostream> int main() { int *ptr = nullptr; std::cout << *ptr; // Dereference null pointer return 0; } Compiled it with: g++ null.cpp -o null.bin And executed it with and without sudo. The app indeed crashes because of the null dereference (and core dump is created when SIP disabled). However, no signal is recived. I am able to prove it with DTrace . DTrace script: #pragma D option quiet proc:::signal-send { @[execname, stringof(args[1]->pr_fname), args[2]] = count(); } END { printf("%20s %20s %12s %s\n", "SENDER", "RECIPIENT", "SIG", "COUNT"); printa("%20s %20s %12d %@d\n", @); } Here is the output. In the left terminal I executed the binary. In the right terminal the script output. On top of DTrace I created and MacOS endpoint-security app and subscribed to ES_EVENT_TYPE_NOTIFY_SIGNAL. Same there, no signal. Did anything change with signals on M1/M2 MacOS 13.0 ?
1
0
473
Apr ’24
Extract and run binary out of .app
We have a huge project. Until today we didn't use an .app but now we must in order to use Endpoint security and other stuff. Until today our binary sat in /opt/XYZ/binary.bin Now because of the .app, looks like it will have to be /opt/XYZ/Cool.app/Content/MacOs/binary.bin This change really breaks our code and will cause a massive code change. If I extract the binary from the app and place it in /opt/XYZ/binary.bin and run it, the process is killed. Is there a way to extract it from the app and run it from /opt/XYZ ? any tool, command, resource, etc' will be great.
1
0
687
Mar ’24
Endpoint security - In what thread does the client run
I have an app that uses Endpoint security. I have 1 client that registered many AUTH and NOTIFY event types. When I I recive an Endpoint Security message (event) and my handler is called. Which thread does it use? If I have 1 client will it always just use the same 1 thread? If not, can it ever happen that I register 1 client, and he will handle more then 1 event in the same time? regardless of the event type or any thing else
1
0
492
Mar ’24
Endpoint security inherited mute
I am developing an app that uses the Endpoint Security API. I need to mute a few processes like: my own process, xcode, etc' ... However, if the muted processes create child processes, I want these processes to be muted as well. The full process tree under muted processes should be muted. How can that be done? Cant see in docs and can't find an example. If it can't be done, whats the closest thing to that I can implement. Thanks!
1
0
488
Mar ’24