macOS 12.5 breaks HookCase
steven-michaud opened this issue · 1 comments
steven-michaud commented
macOS 12.5, released today, triggers the following kernel panic when you try to load a hook library (for example the events example). HookCase 6.0.3 still works fine with macOS 11.6.8 build 20G730, also released today.
panic(cpu 2 caller 0xffffff80097d0773): Kernel trap at 0xffffff80096a1e63, type 13=general protection, registers:
CR0: 0x000000008001003b, CR2: 0xffffffbd913db000, CR3: 0x000000008d40b181, CR4: 0x00000000003606e0
RAX: 0x0000000110795000, RBX: 0x561c8d8400000008, RCX: 0xfffffff2809f4808, RDX: 0x0000000000000000
RSP: 0xfffffff2809f4750, RBP: 0xfffffff2809f4760, RSI: 0xffffff903aa161e0, RDI: 0x561c8d8400000008
R8: 0xffffff903aa161e0, R9: 0x0000000000000013, R10: 0xfffffffeef8428b7, R11: 0x00000000000003a7
R12: 0x561c8d8400000000, R13: 0x00000000000a8000, R14: 0xffffff96a1dadaa0, R15: 0xfffffff2809f4808
RFL: 0x0000000000010282, RIP: 0xffffff80096a1e63, CS: 0x0000000000000008, SS: 0x0000000000000010
Fault CR2: 0xffffffbd913db000, Error code: 0x0000000000000000, Fault CPU: 0x2 VMM, PL: 0, VF: 0
Panicked task 0xffffffa03e6ee380: 1 threads: pid 94749: Safari
Backtrace (CPU 2), panicked thread: 0xffffff96a1dadaa0, Frame : Return Address
0xffffff800950d170 : 0xffffff800967fd6d mach_kernel : _handle_debugger_trap + 0x41d
0xffffff800950d1c0 : 0xffffff80097e1016 mach_kernel : _kdp_i386_trap + 0x116
0xffffff800950d200 : 0xffffff80097d0383 mach_kernel : _kernel_trap + 0x4d3
0xffffff800950d250 : 0xffffff800961fa70 mach_kernel : _return_from_trap + 0xe0
0xffffff800950d270 : 0xffffff800968013d mach_kernel : _DebuggerTrapWithState + 0xad
0xffffff800950d390 : 0xffffff800967f8f6 mach_kernel : _panic_trap_to_debugger + 0x2b6
0xffffff800950d3f0 : 0xffffff8009f14d93 mach_kernel : _panic + 0x84
0xffffff800950d4e0 : 0xffffff80097d0773 mach_kernel : _sync_iss_to_iks + 0x2c3
0xffffff800950d660 : 0xffffff80097d0456 mach_kernel : _kernel_trap + 0x5a6
0xffffff800950d6b0 : 0xffffff800961fa70 mach_kernel : _return_from_trap + 0xe0
0xffffff800950d6d0 : 0xffffff80096a1e63 mach_kernel : _IORWLockWrite + 0x13
0xfffffff2809f4760 : 0xffffff7fa37f06c6 org.smichaud.HookCase : __Z31user_region_codesigned_iteratorP8ipc_portP12vm_map_entryjPv + 0x49
0xfffffff2809f47a0 : 0xffffff7fa37ed6ee org.smichaud.HookCase : __Z22vm_map_iterate_entriesP8ipc_portyyPFvS0_P12vm_map_entryjPvES3_ + 0x150
0xfffffff2809f47f0 : 0xffffff7fa37edcec org.smichaud.HookCase : __Z22user_region_codesignedP8ipc_portyy + 0x59
0xfffffff2809f4830 : 0xffffff7fa37eda7f org.smichaud.HookCase : __Z12proc_copyoutP8ipc_portPKvym + 0x102
0xfffffff2809f48f0 : 0xffffff7fa37f2d56 org.smichaud.HookCase : __Z15maybe_cast_hookP4proc + 0x652
0xfffffff2809f5e20 : 0xffffff7fa37f7317 org.smichaud.HookCase : __Z28thread_bootstrap_return_hookP17x86_saved_state_tP10_kern_hook + 0xa8
0xfffffff2809f5e70 : 0xffffff7fa37e89b5 org.smichaud.HookCase : _kernel_trampoline + 0x25
0xfffffff2809f5fa0 : 0xffffff800961f19e mach_kernel : _call_continuation + 0x2e
Kernel Extensions in backtrace:
org.smichaud.HookCase(6.0.3)[7F4FF788-ABC4-37C3-B850-5ED53A7EC2CB]@0xffffff7fa37e8000->0xffffff7fa37f9fff
Process name corresponding to current thread (0xffffff96a1dadaa0): Safari
Boot args: keepsyms=1 kernel_stack_pages=6
steven-michaud commented
This is fixed by HookCase 6.0.4.
macOS 12.5 changed a member of the vm_map_entry structure (vme_object) from a union of simple pointers to a union of "packed" pointers. I needed to add code to HookCase to deal with this.