Reading Notebook: 17-May-2012
Comments in italics are mine and express my own views, thoughts and opinions
Mac OS X Internals by A. Singh:
kextstat command (p. 49) - here’s the output from my system:
MacBook-Air:~ DumpAnalysis$ kextstat
Index Refs Address Size Wired Name (Version) <Linked Against>
1 78 0xffffff7f80739000 0x683c 0x683c com.apple.kpi.bsd (11.3.0)
2 6 0xffffff7f807de000 0x3d0 0x3d0 com.apple.kpi.dsep (11.3.0)
3 104 0xffffff7f80744000 0x1b9d8 0x1b9d8 com.apple.kpi.iokit (11.3.0)
4 109 0xffffff7f8072f000 0x9b54 0x9b54 com.apple.kpi.libkern (11.3.0)
5 93 0xffffff7f80740000 0x88c 0x88c com.apple.kpi.mach (11.3.0)
6 37 0xffffff7f80760000 0x4938 0x4938 com.apple.kpi.private (11.3.0)
7 53 0xffffff7f80741000 0x22a0 0x22a0 com.apple.kpi.unsupported (11.3.0)
8 19 0xffffff7f80bc6000 0x7000 0x7000 com.apple.iokit.IOACPIFamily (1.4) <7 6 4 3>
9 27 0xffffff7f80765000 0x1e000 0x1e000 com.apple.iokit.IOPCIFamily (2.6.8) <7 6 5 4 3>
10 2 0xffffff7f81ba4000 0x58000 0x58000 com.apple.driver.AppleACPIPlatform (1.4) <9 8 7 6 5 4 3 1>
11 1 0xffffff7f809cc000 0xc000 0xc000 com.apple.driver.AppleKeyStore (28.18) <7 6 5 4 3 1>
12 9 0xffffff7f807e2000 0x25000 0x25000 com.apple.iokit.IOStorageFamily (1.7) <7 6 5 4 3 1>
13 0 0xffffff7f80c4c000 0x19000 0x19000 com.apple.driver.DiskImages (331.3) <12 7 6 5 4 3 1>
14 0 0xffffff7f818e6000 0x2a000 0x2a000 com.apple.driver.AppleIntelCPUPowerManagement (167.3.0) <7 6 5 4 3 1>
15 0 0xffffff7f807df000 0x3000 0x3000 com.apple.security.TMSafetyNet (7) <7 6 5 4 2 1>
16 2 0xffffff7f80846000 0x4000 0x4000 com.apple.kext.AppleMatch (1.0.0d1) <4 1>
17 1 0xffffff7f8084a000 0x11000 0x11000 com.apple.security.sandbox (177.3) <16 7 6 5 4 3 2 1>
18 0 0xffffff7f8085b000 0x5000 0x5000 com.apple.security.quarantine (1.1) <17 16 7 6 5 4 2 1>
19 0 0xffffff7f81c0b000 0x8000 0x8000 com.apple.nke.applicationfirewall (3.2.30) <7 6 5 4 3 1>
20 0 0xffffff7f818e2000 0x3000 0x3000 com.apple.driver.AppleIntelCPUPowerManagementClient (167.3.0) <7 6 5 4 3 1>
21 0 0xffffff7f81b81000 0x3000 0x3000 com.apple.driver.AppleAPIC (1.5) <4 3>
22 3 0xffffff7f80b62000 0x4000 0x4000 com.apple.iokit.IOSMBusFamily (1.1) <5 4 3>
23 0 0xffffff7f81bfc000 0x7000 0x7000 com.apple.driver.AppleACPIEC (1.4) <22 10 8 5 4 3>
24 0 0xffffff7f816da000 0x4000 0x4000 com.apple.driver.AppleSMBIOS (1.7) <7 4 3>
25 0 0xffffff7f81918000 0x3000 0x3000 com.apple.driver.AppleHPET (1.6) <8 7 5 4 3>
26 0 0xffffff7f816ff000 0x7000 0x7000 com.apple.driver.AppleRTC (1.4) <8 5 4 3 1>
27 6 0xffffff7f809d8000 0x6b000 0x6b000 com.apple.iokit.IOHIDFamily (1.7.1) <11 7 6 5 4 3 2 1>
28 0 0xffffff7f81c05000 0x4000 0x4000 com.apple.driver.AppleACPIButtons (1.4) <27 10 8 7 6 5 4 3 1>
29 1 0xffffff7f81b57000 0x4000 0x4000 com.apple.driver.AppleEFIRuntime (1.5.0) <7 6 5 4 3>
30 13 0xffffff7f80783000 0x4f000 0x4f000 com.apple.iokit.IOUSBFamily (4.5.8) <9 7 5 4 3 1>
32 0 0xffffff7f80a8e000 0x17000 0x17000 com.apple.driver.AppleUSBEHCI (4.5.8) <30 9 7 5 4 3 1>
33 2 0xffffff7f80dc8000 0xa000 0xa000 com.apple.iokit.IOAHCIFamily (2.0.7) <5 4 3 1>
34 0 0xffffff7f81b85000 0x18000 0x18000 com.apple.driver.AppleAHCIPort (2.2.0) <33 9 5 4 3 1>
35 0 0xffffff7f816df000 0x8000 0x8000 com.apple.driver.AppleSmartBatteryManager (161.0.0) <22 8 5 4 3 1>
36 0 0xffffff7f81b5b000 0x7000 0x7000 com.apple.driver.AppleEFINVRAM (1.5.0) <29 7 5 4 3>
37 5 0xffffff7f80986000 0x29000 0x29000 com.apple.iokit.IONetworkingFamily (2.0) <7 6 5 4 3 1>
38 1 0xffffff7f80dfb000 0x38000 0x38000 com.apple.iokit.IO80211Family (412.2) <37 7 5 4 3 1>
39 0 0xffffff7f80e33000 0x1e0000 0x1e0000 com.apple.driver.AirPort.Brcm4331 (513.20.19) <38 37 9 7 5 4 3 1>
40 0 0xffffff7f809c9000 0x3000 0x3000 com.apple.iokit.IOUSBUserClient (4.5.8) <30 7 5 4 3 1>
41 0 0xffffff7f80a79000 0x11000 0x11000 com.apple.driver.AppleUSBHub (4.5.0) <30 5 4 3 1>
42 4 0xffffff7f80ab2000 0x9e000 0x9e000 com.apple.iokit.IOThunderboltFamily (1.7.4) <5 4 3 1>
43 0 0xffffff7f8163e000 0x12000 0x12000 com.apple.driver.AppleThunderboltNHI (1.3.2) <42 9 8 5 4 3 1>
44 0 0xffffff7f80dde000 0x15000 0x15000 com.apple.iokit.IOAHCIBlockStorage (2.0.1) <33 12 5 4 3 1>
45 0 0xffffff7f815b2000 0x4000 0x4000 com.apple.driver.XsanFilter (403) <12 5 4 3 1>
46 0 0xffffff7f81342000 0x9000 0x9000 com.apple.BootCache (33) <7 6 5 4 3 1>
47 0 0xffffff7f81b46000 0x5000 0x5000 com.apple.AppleFSCompression.AppleFSCompressionTypeZlib (1.0.0d1) <6 4 3 2 1>
48 0 0xffffff7f81b4d000 0x5000 0x5000 com.apple.AppleFSCompression.AppleFSCompressionTypeDataless (1.0.0d1) <7 6 4 3 2 1>
49 1 0xffffff7f807d2000 0x6000 0x6000 com.apple.driver.AppleUSBComposite (4.5.8) <30 4 3 1>
50 0 0xffffff7f807d8000 0x6000 0x6000 com.apple.driver.AppleUSBMergeNub (4.5.3) <49 30 4 3 1>
51 3 0xffffff7f80a43000 0x8000 0x8000 com.apple.iokit.IOUSBHIDDriver (4.4.5) <30 27 5 4 3 1>
52 0 0xffffff7f815de000 0x4000 0x4000 com.apple.driver.AppleUSBTCKeyboard (225.2) <51 30 27 7 6 5 4 3 1>
55 2 0xffffff7f80cc1000 0x76000 0x76000 com.apple.iokit.IOBluetoothFamily (4.0.3f12) <7 5 4 3 1>
56 1 0xffffff7f80d57000 0xe000 0xe000 com.apple.driver.AppleUSBBluetoothHCIController (4.0.3f12) <55 30 7 5 4 3>
57 0 0xffffff7f80d6d000 0x9000 0x9000 com.apple.driver.BroadcomUSBBluetoothHCIController (4.0.3f12) <56 55 30 5 4 3>
58 0 0xffffff7f81632000 0x4000 0x4000 com.apple.driver.AppleThunderboltPCIDownAdapter (1.2.1) <42 9 4 3>
59 0 0xffffff7f815e7000 0x13000 0x13000 com.apple.driver.AppleUSBMultitouch (227.1) <51 30 27 6 5 4 3 1>
60 1 0xffffff7f81650000 0x8000 0x8000 com.apple.driver.AppleThunderboltDPAdapterFamily (1.5.9) <42 9 8 5 4 3>
61 0 0xffffff7f81658000 0x4000 0x4000 com.apple.driver.AppleThunderboltDPInAdapter (1.5.9) <60 42 9 8 5 4 3>
62 0 0xffffff7f815e3000 0x3000 0x3000 com.apple.driver.AppleUSBTCButtons (225.2) <51 30 27 7 6 5 4 3 1>
64 3 0xffffff7f80861000 0x2b000 0x2b000 com.apple.iokit.IOSCSIArchitectureModelFamily (3.0.3) <5 4 3 1>
65 1 0xffffff7f809b8000 0x11000 0x11000 com.apple.iokit.IOUSBMassStorageClass (3.0.1) <64 30 12 5 4 3 1>
67 14 0xffffff7f80c02000 0x38000 0x38000 com.apple.iokit.IOGraphicsFamily (2.3.2) <9 7 5 4 3>
68 0 0xffffff7f817a8000 0x3a000 0x3a000 com.apple.driver.AppleIntelSNBGraphicsFB (7.1.8) <67 9 8 7 6 5 4 3 1>
72 7 0xffffff7f80c3a000 0x12000 0x12000 com.apple.iokit.IONDRVSupport (2.3.2) <67 9 7 5 4 3>
73 1 0xffffff7f81b1c000 0x3000 0x3000 com.apple.driver.AppleBacklightExpert (1.0.3) <72 67 9 5 4 3>
74 0 0xffffff7f81b71000 0x5000 0x5000 com.apple.driver.AppleBacklight (170.1.9) <73 72 67 9 5 4 3>
75 1 0xffffff7f81b0a000 0x3000 0x3000 com.apple.driver.AppleGraphicsControl (3.0.16) <72 67 9 8 7 5 4 3 1>
77 0 0xffffff7f8179b000 0x3000 0x3000 com.apple.driver.AppleLPC (1.5.3) <9 5 4 3>
78 0 0xffffff7f816c9000 0x3000 0x3000 com.apple.driver.AppleSMBusPCI (1.0.10d0) <9 5 4 3>
79 1 0xffffff7f80bcd000 0x13000 0x13000 com.apple.driver.IOPlatformPluginFamily (4.7.5d4) <8 7 6 5 4 3>
80 3 0xffffff7f80be0000 0xc000 0xc000 com.apple.driver.AppleSMC (3.1.1d8) <8 7 5 4 3>
81 0 0xffffff7f80bec000 0x11000 0x11000 com.apple.driver.ACPI_SMC_PlatformPlugin (4.7.5d4) <80 79 9 8 7 6 5 4 3>
82 0 0xffffff7f81b0d000 0xf000 0xf000 com.apple.driver.ApplePolicyControl (3.0.16) <75 72 67 9 8 7 5 4 3 1>
83 2 0xffffff7f8135c000 0x6000 0x6000 com.apple.kext.OSvKernDSPLib (1.3) <5 4>
84 4 0xffffff7f81362000 0x2a000 0x2a000 com.apple.iokit.IOAudioFamily (1.8.6fc6) <83 5 4 3 1>
85 0 0xffffff7f8138c000 0x4000 0x4000 com.apple.driver.AudioIPCDriver (1.2.2) <84 5 4 3 1>
86 0 0xffffff7f812a6000 0x5000 0x5000 com.apple.Dont_Steal_Mac_OS_X (7.0.0) <80 7 4 3 1>
87 2 0xffffff7f81931000 0xc000 0xc000 com.apple.iokit.IOHDAFamily (2.1.7f9) <5 4 3 1>
88 1 0xffffff7f8196c000 0x1a000 0x1a000 com.apple.driver.AppleHDAController (2.1.7f9) <87 67 9 6 5 4 3 1>
89 1 0xffffff7f80d76000 0x5000 0x5000 com.apple.iokit.IOEthernetAVBController (1.0.0d5) <37 5 4 3 1>
90 0 0xffffff7f80d7b000 0x9000 0x9000 com.apple.iokit.IOAVBFamily (1.0.0d22) <89 37 5 4 3 1>
91 1 0xffffff7f80b66000 0xe000 0xe000 com.apple.iokit.IOSerialFamily (10.0.5) <7 6 5 4 3 1>
92 0 0xffffff7f80d49000 0xe000 0xe000 com.apple.iokit.IOBluetoothSerialManager (4.0.3f12) <91 7 5 4 3 1>
93 0 0xffffff7f816c2000 0x5000 0x5000 com.apple.driver.AppleSMCLMU (2.0.1d2) <80 67 5 4 3>
94 0 0xffffff7f80b50000 0x12000 0x12000 com.apple.iokit.IOSurface (80.0) <7 5 4 3 1>
95 0 0xffffff7f809af000 0x6000 0x6000 com.apple.iokit.IOUserEthernet (1.0.0d1) <37 6 5 4 3 1>
96 0 0xffffff7f817e2000 0xe1000 0xe1000 com.apple.driver.AppleIntelHD3000Graphics (7.1.8) <72 67 9 7 5 4 3 1>
97 1 0xffffff7f816cc000 0xe000 0xe000 com.apple.driver.AppleSMBusController (1.0.10d0) <22 9 8 5 4 3>
98 0 0xffffff7f81afb000 0xb000 0xb000 com.apple.driver.AGPM (100.12.42) <72 67 9 5 4 3>
100 0 0xffffff7f8174b000 0x4000 0x4000 com.apple.driver.ApplePlatformEnabler (2.0.4d2) <7 5 4 3>
101 0 0xffffff7f81392000 0x5000 0x5000 com.apple.driver.AudioAUUC (1.59) <84 67 9 8 7 5 4 3 1>
102 0 0xffffff7f81b77000 0xa000 0xa000 com.apple.driver.AppleAVBAudio (1.0.0d11) <5 4 3 1>
103 0 0xffffff7f8176c000 0xa000 0xa000 com.apple.driver.AppleMCCSControl (1.0.26) <67 9 7 5 4 3 1>
104 0 0xffffff7f81601000 0x5000 0x5000 com.apple.driver.AppleUpstreamUserClient (3.5.9) <67 9 8 7 5 4 3 1>
105 0 0xffffff7f8193d000 0x22000 0x22000 com.apple.driver.AppleMikeyDriver (2.1.7f9) <97 8 5 4 3 1>
106 1 0xffffff7f81986000 0xa4000 0xa4000 com.apple.driver.DspFuncLib (2.1.7f9) <84 83 5 4 3 1>
107 0 0xffffff7f81a2a000 0xaf000 0xaf000 com.apple.driver.AppleHDA (2.1.7f9) <106 88 87 84 72 67 6 5 4 3 1>
109 0 0xffffff7f81761000 0x3000 0x3000 com.apple.driver.AppleMikeyHIDDriver (122) <27 7 4 3 1>
110 1 0xffffff7f8134c000 0x5000 0x5000 com.apple.kext.triggers (1.0) <7 6 5 4 3 1>
111 0 0xffffff7f81351000 0x9000 0x9000 com.apple.filesystems.autofs (3.0) <110 7 6 5 4 3 1>
116 3 0xffffff7f80b8a000 0xd000 0xd000 com.apple.iokit.IOCDStorageFamily (1.7) <12 5 4 3 1>
117 2 0xffffff7f80b97000 0xb000 0xb000 com.apple.iokit.IODVDStorageFamily (1.7) <116 12 5 4 3 1>
118 1 0xffffff7f80ba2000 0xa000 0xa000 com.apple.iokit.IOBDStorageFamily (1.6) <117 116 12 5 4 3 1>
119 0 0xffffff7f80bac000 0x1a000 0x1a000 com.apple.iokit.IOSCSIMultimediaCommandsDevice (3.0.3) <118 117 116 64 12 5 4 3 1>
121 0 0xffffff7f81911000 0x5000 0x5000 com.apple.driver.AppleHWSensor (1.9.4d0) <5 4 3>
122 7 0xffffff7f81c20000 0x46000 0x46000 com.apple.iokit.AppleProfileFamily (85.2) <9 7 6 5 4 3 1>
123 0 0xffffff7f81c66000 0x7000 0x7000 com.apple.driver.AppleIntelProfile (85.2) <122 6 4 3>
124 0 0xffffff7f81c6f000 0x4000 0x4000 com.apple.driver.AppleProfileCallstackAction (85.2) <122 6 5 4 3 1>
125 0 0xffffff7f81c73000 0x3000 0x3000 com.apple.driver.AppleProfileKEventAction (85.2) <122 4 3 1>
126 0 0xffffff7f81c76000 0x4000 0x4000 com.apple.driver.AppleProfileReadCounterAction (85.2) <122 6 4 3>
127 0 0xffffff7f81c7a000 0x3000 0x3000 com.apple.driver.AppleProfileRegisterStateAction (85.2) <122 4 3 1>
128 0 0xffffff7f81c7d000 0x4000 0x4000 com.apple.driver.AppleProfileThreadInfoAction (85.2) <122 6 4 3 1>
129 0 0xffffff7f81c81000 0x4000 0x4000 com.apple.driver.AppleProfileTimestampAction (85.2) <122 5 4 3 1>
130 0 0xffffff7f80807000 0xc000 0xc000 com.apple.nke.ppp (1.7) <7 6 5 4 3 1>
313 0 0xffffff7f808ff000 0x2000 0x2000 com.apple.driver.AppleUSBODD (3.0.1) <65 64 30 12 5 4 3 1>
315 0 0xffffff7f8147b000 0x35000 0x35000 com.apple.filesystems.udf (2.2) <7 5 4 1>
XNU is not a microkernel (p. 50) - Windows Internals book also mentions that about itself at the beginning
u-area (p. 52) - in Windows the equivalent can be TEB and PEB structures
UBC (p. 52) - looks like in Windows we have the same unification of file cache and virtual memory subsystems