HC_INSERT_LIBRARY Not working on Mojave with SIP without kext protection
Release-Pre-1668 opened this issue · 14 comments
In High Sierra with SIP(without kext) was well. But Mojave's kernel say "CODE SIGNING: 430[PROCESS NAME] vm_map_protect can't have both write and exec at the same time".
I don't understand your report. All of HookCase's functionality is in its kernel extension (HookCase.kext). If you don't load it, of course it won't work. If system integrity protection (also known as "rootless mode") is turned on, you won't be able to load HookCase.kext. I just confirmed this on both HighSierra and Mojave.
I'm sorry about my English level.
I already load your kext and using "kextstat" can find it. In HS with SIP(just without kext sign protection) it working. I added a LaunchDaemon plist to automatically load your's kext. But when I upgraded Mojave(with SIP) and update your's kext to version 3.0, the kernel say "CODE SIGNING: 430[PROCESS NAME] vm_map_protect can't have both write and exec at the same time".
I wanna enable SIP can be safer and I also using your's kext.Because when enable SIP DYLB_INSERT_LIBRARIES was unavailable for Apple's Binary.
Thanks!
In HS with SIP(just without kext sign protection)
I didn't know this was possible. How do you do it? :-)
Other like your's example, just disable kext sign protection("csrutil enable --without kext") In High Sierra
Interesting, and thanks! Apparently this has been true for years and I didn't know about it (https://forums.developer.apple.com/thread/17452).
Since I didn't know about it, I haven't tested with it. I'll need to do that and get back to you. It may take a while -- I'm busy with other things.
I so appreciate you and your's kext, and I will waiting your good news!
Thanks!
When system integrity protection is enabled without kext protection (csrutil enable --without kext), I'm able to reproduce this bug on Mojave, with Safari but not with Firefox or Google Chrome. Interesting that Apple gives its own apps tighter protection.
Sometimes Safari crashes and sometimes not (I haven't been able to figure out why). But the error (in the Console app) is always something like the following:
CODE SIGNING: 475[Safari] vm_map_protect can't have both write and exec at the same time
Apple seems to be stricter about codesigning on Mojave than on previous versions of their OS, at least with SIP protection enabled, and at least with their own apps. To deal with this I had to partially rewrite HookCase's codesigning code.
I just landed the patch, though I haven't yet tagged it with a version number. I haven't yet finished all of my testing. But it should be safe enough for you to try it, Mianmian1003. Please do so and let me know your results.
You'll need to download the latest version of the master branch. Don't do it by version number.
Oops, I forgot to mention something very important:
In order for HookCase to work on Mojave with SIP almost fully enabled (save for kext protection), you'll need to codesign your hook libraries (using codesign -s "Your Name" hook.dylib). For this you'll need to get a Mac Developer codesigning certificate from Apple. You'll probably need to join Apple's "Apple Developer Program". I pay $99 US per year for my membership. I think it was once possible to join without having to pay anything. I don't know if you still can. Maybe as a student?
OK,I will test and tell you result. I’m Apple Developer Program member($99).
Thanks!
I'm glad to hear it! And you're most welcome.
I probably won't finish my testing until sometime next week, after Thanksgiving. Only then will I bump the version number and tag it. Let me know if you see any other problems.
I will waiting your’s good news.
Thanks!
I was able to do my tests sooner than I thought. Just now I bumped HookCase's version to 3.1.
I'll close this bug, since it seems to be fixed.