Archive for the ‘Notes on Mac OS X Internals’ Category

Reading Notebook: 17-May-2012

Friday, May 18th, 2012

Comments in italics are mine and express my own views, thoughts and opinions

Mac OS X Internals by A. Singh:

kextstat command (p. 49) - here’s the output from my system:

MacBook-Air:~ DumpAnalysis$ kextstat
Index Refs Address            Size       Wired      Name (Version) <Linked Against>
1   78 0xffffff7f80739000 0x683c     0x683c     com.apple.kpi.bsd (11.3.0)
2    6 0xffffff7f807de000 0x3d0      0x3d0      com.apple.kpi.dsep (11.3.0)
3  104 0xffffff7f80744000 0x1b9d8    0x1b9d8    com.apple.kpi.iokit (11.3.0)
4  109 0xffffff7f8072f000 0x9b54     0x9b54     com.apple.kpi.libkern (11.3.0)
5   93 0xffffff7f80740000 0x88c      0x88c      com.apple.kpi.mach (11.3.0)
6   37 0xffffff7f80760000 0x4938     0x4938     com.apple.kpi.private (11.3.0)
7   53 0xffffff7f80741000 0x22a0     0x22a0     com.apple.kpi.unsupported (11.3.0)
8   19 0xffffff7f80bc6000 0x7000     0x7000     com.apple.iokit.IOACPIFamily (1.4) <7 6 4 3>
9   27 0xffffff7f80765000 0x1e000    0x1e000    com.apple.iokit.IOPCIFamily (2.6.8) <7 6 5 4 3>
10    2 0xffffff7f81ba4000 0x58000    0x58000    com.apple.driver.AppleACPIPlatform (1.4) <9 8 7 6 5 4 3 1>
11    1 0xffffff7f809cc000 0xc000     0xc000     com.apple.driver.AppleKeyStore (28.18) <7 6 5 4 3 1>
12    9 0xffffff7f807e2000 0x25000    0x25000    com.apple.iokit.IOStorageFamily (1.7) <7 6 5 4 3 1>
13    0 0xffffff7f80c4c000 0x19000    0x19000    com.apple.driver.DiskImages (331.3) <12 7 6 5 4 3 1>
14    0 0xffffff7f818e6000 0x2a000    0x2a000    com.apple.driver.AppleIntelCPUPowerManagement (167.3.0) <7 6 5 4 3 1>
15    0 0xffffff7f807df000 0x3000     0x3000     com.apple.security.TMSafetyNet (7) <7 6 5 4 2 1>
16    2 0xffffff7f80846000 0x4000     0x4000     com.apple.kext.AppleMatch (1.0.0d1) <4 1>
17    1 0xffffff7f8084a000 0x11000    0x11000    com.apple.security.sandbox (177.3) <16 7 6 5 4 3 2 1>
18    0 0xffffff7f8085b000 0x5000     0x5000     com.apple.security.quarantine (1.1) <17 16 7 6 5 4 2 1>
19    0 0xffffff7f81c0b000 0x8000     0x8000     com.apple.nke.applicationfirewall (3.2.30) <7 6 5 4 3 1>
20    0 0xffffff7f818e2000 0x3000     0x3000     com.apple.driver.AppleIntelCPUPowerManagementClient (167.3.0) <7 6 5 4 3 1>
21    0 0xffffff7f81b81000 0x3000     0x3000     com.apple.driver.AppleAPIC (1.5) <4 3>
22    3 0xffffff7f80b62000 0x4000     0x4000     com.apple.iokit.IOSMBusFamily (1.1) <5 4 3>
23    0 0xffffff7f81bfc000 0x7000     0x7000     com.apple.driver.AppleACPIEC (1.4) <22 10 8 5 4 3>
24    0 0xffffff7f816da000 0x4000     0x4000     com.apple.driver.AppleSMBIOS (1.7) <7 4 3>
25    0 0xffffff7f81918000 0x3000     0x3000     com.apple.driver.AppleHPET (1.6) <8 7 5 4 3>
26    0 0xffffff7f816ff000 0x7000     0x7000     com.apple.driver.AppleRTC (1.4) <8 5 4 3 1>
27    6 0xffffff7f809d8000 0x6b000    0x6b000    com.apple.iokit.IOHIDFamily (1.7.1) <11 7 6 5 4 3 2 1>
28    0 0xffffff7f81c05000 0x4000     0x4000     com.apple.driver.AppleACPIButtons (1.4) <27 10 8 7 6 5 4 3 1>
29    1 0xffffff7f81b57000 0x4000     0x4000     com.apple.driver.AppleEFIRuntime (1.5.0) <7 6 5 4 3>
30   13 0xffffff7f80783000 0x4f000    0x4f000    com.apple.iokit.IOUSBFamily (4.5.8) <9 7 5 4 3 1>
32    0 0xffffff7f80a8e000 0x17000    0x17000    com.apple.driver.AppleUSBEHCI (4.5.8) <30 9 7 5 4 3 1>
33    2 0xffffff7f80dc8000 0xa000     0xa000     com.apple.iokit.IOAHCIFamily (2.0.7) <5 4 3 1>
34    0 0xffffff7f81b85000 0x18000    0x18000    com.apple.driver.AppleAHCIPort (2.2.0) <33 9 5 4 3 1>
35    0 0xffffff7f816df000 0x8000     0x8000     com.apple.driver.AppleSmartBatteryManager (161.0.0) <22 8 5 4 3 1>
36    0 0xffffff7f81b5b000 0x7000     0x7000     com.apple.driver.AppleEFINVRAM (1.5.0) <29 7 5 4 3>
37    5 0xffffff7f80986000 0x29000    0x29000    com.apple.iokit.IONetworkingFamily (2.0) <7 6 5 4 3 1>
38    1 0xffffff7f80dfb000 0x38000    0x38000    com.apple.iokit.IO80211Family (412.2) <37 7 5 4 3 1>
39    0 0xffffff7f80e33000 0x1e0000   0x1e0000   com.apple.driver.AirPort.Brcm4331 (513.20.19) <38 37 9 7 5 4 3 1>
40    0 0xffffff7f809c9000 0x3000     0x3000     com.apple.iokit.IOUSBUserClient (4.5.8) <30 7 5 4 3 1>
41    0 0xffffff7f80a79000 0x11000    0x11000    com.apple.driver.AppleUSBHub (4.5.0) <30 5 4 3 1>
42    4 0xffffff7f80ab2000 0x9e000    0x9e000    com.apple.iokit.IOThunderboltFamily (1.7.4) <5 4 3 1>
43    0 0xffffff7f8163e000 0x12000    0x12000    com.apple.driver.AppleThunderboltNHI (1.3.2) <42 9 8 5 4 3 1>
44    0 0xffffff7f80dde000 0x15000    0x15000    com.apple.iokit.IOAHCIBlockStorage (2.0.1) <33 12 5 4 3 1>
45    0 0xffffff7f815b2000 0x4000     0x4000     com.apple.driver.XsanFilter (403) <12 5 4 3 1>
46    0 0xffffff7f81342000 0x9000     0x9000     com.apple.BootCache (33) <7 6 5 4 3 1>
47    0 0xffffff7f81b46000 0x5000     0x5000     com.apple.AppleFSCompression.AppleFSCompressionTypeZlib (1.0.0d1) <6 4 3 2 1>
48    0 0xffffff7f81b4d000 0x5000     0x5000     com.apple.AppleFSCompression.AppleFSCompressionTypeDataless (1.0.0d1) <7 6 4 3 2 1>
49    1 0xffffff7f807d2000 0x6000     0x6000     com.apple.driver.AppleUSBComposite (4.5.8) <30 4 3 1>
50    0 0xffffff7f807d8000 0x6000     0x6000     com.apple.driver.AppleUSBMergeNub (4.5.3) <49 30 4 3 1>
51    3 0xffffff7f80a43000 0x8000     0x8000     com.apple.iokit.IOUSBHIDDriver (4.4.5) <30 27 5 4 3 1>
52    0 0xffffff7f815de000 0x4000     0x4000     com.apple.driver.AppleUSBTCKeyboard (225.2) <51 30 27 7 6 5 4 3 1>
55    2 0xffffff7f80cc1000 0x76000    0x76000    com.apple.iokit.IOBluetoothFamily (4.0.3f12) <7 5 4 3 1>
56    1 0xffffff7f80d57000 0xe000     0xe000     com.apple.driver.AppleUSBBluetoothHCIController (4.0.3f12) <55 30 7 5 4 3>
57    0 0xffffff7f80d6d000 0x9000     0x9000     com.apple.driver.BroadcomUSBBluetoothHCIController (4.0.3f12) <56 55 30 5 4 3>
58    0 0xffffff7f81632000 0x4000     0x4000     com.apple.driver.AppleThunderboltPCIDownAdapter (1.2.1) <42 9 4 3>
59    0 0xffffff7f815e7000 0x13000    0x13000    com.apple.driver.AppleUSBMultitouch (227.1) <51 30 27 6 5 4 3 1>
60    1 0xffffff7f81650000 0x8000     0x8000     com.apple.driver.AppleThunderboltDPAdapterFamily (1.5.9) <42 9 8 5 4 3>
61    0 0xffffff7f81658000 0x4000     0x4000     com.apple.driver.AppleThunderboltDPInAdapter (1.5.9) <60 42 9 8 5 4 3>
62    0 0xffffff7f815e3000 0x3000     0x3000     com.apple.driver.AppleUSBTCButtons (225.2) <51 30 27 7 6 5 4 3 1>
64    3 0xffffff7f80861000 0x2b000    0x2b000    com.apple.iokit.IOSCSIArchitectureModelFamily (3.0.3) <5 4 3 1>
65    1 0xffffff7f809b8000 0x11000    0x11000    com.apple.iokit.IOUSBMassStorageClass (3.0.1) <64 30 12 5 4 3 1>
67   14 0xffffff7f80c02000 0x38000    0x38000    com.apple.iokit.IOGraphicsFamily (2.3.2) <9 7 5 4 3>
68    0 0xffffff7f817a8000 0x3a000    0x3a000    com.apple.driver.AppleIntelSNBGraphicsFB (7.1.8) <67 9 8 7 6 5 4 3 1>
72    7 0xffffff7f80c3a000 0x12000    0x12000    com.apple.iokit.IONDRVSupport (2.3.2) <67 9 7 5 4 3>
73    1 0xffffff7f81b1c000 0x3000     0x3000     com.apple.driver.AppleBacklightExpert (1.0.3) <72 67 9 5 4 3>
74    0 0xffffff7f81b71000 0x5000     0x5000     com.apple.driver.AppleBacklight (170.1.9) <73 72 67 9 5 4 3>
75    1 0xffffff7f81b0a000 0x3000     0x3000     com.apple.driver.AppleGraphicsControl (3.0.16) <72 67 9 8 7 5 4 3 1>
77    0 0xffffff7f8179b000 0x3000     0x3000     com.apple.driver.AppleLPC (1.5.3) <9 5 4 3>
78    0 0xffffff7f816c9000 0x3000     0x3000     com.apple.driver.AppleSMBusPCI (1.0.10d0) <9 5 4 3>
79    1 0xffffff7f80bcd000 0x13000    0x13000    com.apple.driver.IOPlatformPluginFamily (4.7.5d4) <8 7 6 5 4 3>
80    3 0xffffff7f80be0000 0xc000     0xc000     com.apple.driver.AppleSMC (3.1.1d8) <8 7 5 4 3>
81    0 0xffffff7f80bec000 0x11000    0x11000    com.apple.driver.ACPI_SMC_PlatformPlugin (4.7.5d4) <80 79 9 8 7 6 5 4 3>
82    0 0xffffff7f81b0d000 0xf000     0xf000     com.apple.driver.ApplePolicyControl (3.0.16) <75 72 67 9 8 7 5 4 3 1>
83    2 0xffffff7f8135c000 0x6000     0x6000     com.apple.kext.OSvKernDSPLib (1.3) <5 4>
84    4 0xffffff7f81362000 0x2a000    0x2a000    com.apple.iokit.IOAudioFamily (1.8.6fc6) <83 5 4 3 1>
85    0 0xffffff7f8138c000 0x4000     0x4000     com.apple.driver.AudioIPCDriver (1.2.2) <84 5 4 3 1>
86    0 0xffffff7f812a6000 0x5000     0x5000     com.apple.Dont_Steal_Mac_OS_X (7.0.0) <80 7 4 3 1>
87    2 0xffffff7f81931000 0xc000     0xc000     com.apple.iokit.IOHDAFamily (2.1.7f9) <5 4 3 1>
88    1 0xffffff7f8196c000 0x1a000    0x1a000    com.apple.driver.AppleHDAController (2.1.7f9) <87 67 9 6 5 4 3 1>
89    1 0xffffff7f80d76000 0x5000     0x5000     com.apple.iokit.IOEthernetAVBController (1.0.0d5) <37 5 4 3 1>
90    0 0xffffff7f80d7b000 0x9000     0x9000     com.apple.iokit.IOAVBFamily (1.0.0d22) <89 37 5 4 3 1>
91    1 0xffffff7f80b66000 0xe000     0xe000     com.apple.iokit.IOSerialFamily (10.0.5) <7 6 5 4 3 1>
92    0 0xffffff7f80d49000 0xe000     0xe000     com.apple.iokit.IOBluetoothSerialManager (4.0.3f12) <91 7 5 4 3 1>
93    0 0xffffff7f816c2000 0x5000     0x5000     com.apple.driver.AppleSMCLMU (2.0.1d2) <80 67 5 4 3>
94    0 0xffffff7f80b50000 0x12000    0x12000    com.apple.iokit.IOSurface (80.0) <7 5 4 3 1>
95    0 0xffffff7f809af000 0x6000     0x6000     com.apple.iokit.IOUserEthernet (1.0.0d1) <37 6 5 4 3 1>
96    0 0xffffff7f817e2000 0xe1000    0xe1000    com.apple.driver.AppleIntelHD3000Graphics (7.1.8) <72 67 9 7 5 4 3 1>
97    1 0xffffff7f816cc000 0xe000     0xe000     com.apple.driver.AppleSMBusController (1.0.10d0) <22 9 8 5 4 3>
98    0 0xffffff7f81afb000 0xb000     0xb000     com.apple.driver.AGPM (100.12.42) <72 67 9 5 4 3>
100    0 0xffffff7f8174b000 0x4000     0x4000     com.apple.driver.ApplePlatformEnabler (2.0.4d2) <7 5 4 3>
101    0 0xffffff7f81392000 0x5000     0x5000     com.apple.driver.AudioAUUC (1.59) <84 67 9 8 7 5 4 3 1>
102    0 0xffffff7f81b77000 0xa000     0xa000     com.apple.driver.AppleAVBAudio (1.0.0d11) <5 4 3 1>
103    0 0xffffff7f8176c000 0xa000     0xa000     com.apple.driver.AppleMCCSControl (1.0.26) <67 9 7 5 4 3 1>
104    0 0xffffff7f81601000 0x5000     0x5000     com.apple.driver.AppleUpstreamUserClient (3.5.9) <67 9 8 7 5 4 3 1>
105    0 0xffffff7f8193d000 0x22000    0x22000    com.apple.driver.AppleMikeyDriver (2.1.7f9) <97 8 5 4 3 1>
106    1 0xffffff7f81986000 0xa4000    0xa4000    com.apple.driver.DspFuncLib (2.1.7f9) <84 83 5 4 3 1>
107    0 0xffffff7f81a2a000 0xaf000    0xaf000    com.apple.driver.AppleHDA (2.1.7f9) <106 88 87 84 72 67 6 5 4 3 1>
109    0 0xffffff7f81761000 0x3000     0x3000     com.apple.driver.AppleMikeyHIDDriver (122) <27 7 4 3 1>
110    1 0xffffff7f8134c000 0x5000     0x5000     com.apple.kext.triggers (1.0) <7 6 5 4 3 1>
111    0 0xffffff7f81351000 0x9000     0x9000     com.apple.filesystems.autofs (3.0) <110 7 6 5 4 3 1>
116    3 0xffffff7f80b8a000 0xd000     0xd000     com.apple.iokit.IOCDStorageFamily (1.7) <12 5 4 3 1>
117    2 0xffffff7f80b97000 0xb000     0xb000     com.apple.iokit.IODVDStorageFamily (1.7) <116 12 5 4 3 1>
118    1 0xffffff7f80ba2000 0xa000     0xa000     com.apple.iokit.IOBDStorageFamily (1.6) <117 116 12 5 4 3 1>
119    0 0xffffff7f80bac000 0x1a000    0x1a000    com.apple.iokit.IOSCSIMultimediaCommandsDevice (3.0.3) <118 117 116 64 12 5 4 3 1>
121    0 0xffffff7f81911000 0x5000     0x5000     com.apple.driver.AppleHWSensor (1.9.4d0) <5 4 3>
122    7 0xffffff7f81c20000 0x46000    0x46000    com.apple.iokit.AppleProfileFamily (85.2) <9 7 6 5 4 3 1>
123    0 0xffffff7f81c66000 0x7000     0x7000     com.apple.driver.AppleIntelProfile (85.2) <122 6 4 3>
124    0 0xffffff7f81c6f000 0x4000     0x4000     com.apple.driver.AppleProfileCallstackAction (85.2) <122 6 5 4 3 1>
125    0 0xffffff7f81c73000 0x3000     0x3000     com.apple.driver.AppleProfileKEventAction (85.2) <122 4 3 1>
126    0 0xffffff7f81c76000 0x4000     0x4000     com.apple.driver.AppleProfileReadCounterAction (85.2) <122 6 4 3>
127    0 0xffffff7f81c7a000 0x3000     0x3000     com.apple.driver.AppleProfileRegisterStateAction (85.2) <122 4 3 1>
128    0 0xffffff7f81c7d000 0x4000     0x4000     com.apple.driver.AppleProfileThreadInfoAction (85.2) <122 6 4 3 1>
129    0 0xffffff7f81c81000 0x4000     0x4000     com.apple.driver.AppleProfileTimestampAction (85.2) <122 5 4 3 1>
130    0 0xffffff7f80807000 0xc000     0xc000     com.apple.nke.ppp (1.7) <7 6 5 4 3 1>
313    0 0xffffff7f808ff000 0x2000     0x2000     com.apple.driver.AppleUSBODD (3.0.1) <65 64 30 12 5 4 3 1>
315    0 0xffffff7f8147b000 0x35000    0x35000    com.apple.filesystems.udf (2.2) <7 5 4 1>

XNU is not a microkernel (p. 50) - Windows Internals book also mentions that about itself at the beginning

u-area (p. 52) - in Windows the equivalent can be TEB and PEB structures

UBC (p. 52) - looks like in Windows we have the same unification of file cache and virtual memory subsystems