Closed syarragu closed 7 years ago
slavaim
commented
7 years ago The structure offsets has changed for Sierra. I switched the project from hardcoded offsets to a dynamically generated ones on each load by registering a fake FSD, this required to add USE_FAKE_FSD preprocessor definition and a disassembler. You need to pull the updated project.
syarragu
commented
7 years ago Thank you for quick response.
I printed the vNodeHeaderSize and vNodeVopOffset in FltGetVnodeLayout() and in Sierra its given as 224 and 208 where as in Yosemite and Elcapitan the values are 216 and 200.
This cléarly shows that the Vnode structure has changed for sierra. But my question is If I want to define Vnode_sieraa like as Vnode_yosemite, how will i know what was changed?? Any suggestions
Hi Slava,
I tried to run MacOSX-FileSystem-Filter code on mac os Sierra and the system is going on rolling reboot. When i analyse the kernel panic it points to original = (vfs_vctr_opnfunc)((vm_offset_t)v_op + offsetDescEntry->offset); in VNodeHook.cpp.
I checked the XNU code xnu-3789.1.32/ in https://opensource.apple.com/source/xnu/ if any Vnode and Vnodeop_dec has changed but I didn't find any difference...What could be the reason for the system panics in Sierra.
Can you please help me in this regard