(lldb) bt
* thread #5, name = '0xffffff8023f43d90', queue = 'cpu-0', stop reason = breakpoint 4.2
* frame #0: 0xffffff80174d0f79 kernel`mac_cred_label_update_execve(ctx=0xffffff807219bd50, new=0xffffff807219b848, vp=0xffffff801ea98aa8, offset=0, scriptvp=0x0000000000000000, scriptvnodelabel=0x0000000000000000, execl=0x0000000000000000, csflags=0xffffff801dd51dd0, macextensions=0x0000000000000000, disjoint=0xffffff807219b9b8, labelupdateerror=0xffffff807219b9bc) at mac_vfs.c:655:12 [opt]
frame #1: 0xffffff801728fd1f kernel`kauth_proc_label_update_execve [inlined] kauth_cred_label_update_execve(cred=0xffffff801e31e560, ctx=0xffffff807219bd50, offset=0, scriptl=0x0000000000000000, execl=<unavailable>, csflags=<unavailable>, macextensions=<unavailable>, disjointp=<unavailable>, labelupdateerror=<unavailable>) at kern_credential.c:4554:2 [opt]
frame #2: 0xffffff801728fccc kernel`kauth_proc_label_update_execve(p=0xffffff8024e3d9b0, ctx=0xffffff807219bd50, vp=0xffffff801ea98aa8, offset=0, scriptvp=0x0000000000000000, scriptl=0x0000000000000000, execl=0x0000000000000000, csflags=0xffffff801dd51dd0, macextensions=0x0000000000000000, disjoint=0xffffff807219b9b8, update_return=0xffffff807219b9bc) at kern_credential.c:4672 [opt]
frame #3: 0xffffff80172afac4 kernel`exec_mach_imgact at kern_exec.c:4831:4 [opt]
frame #4: 0xffffff80172af567 kernel`exec_mach_imgact(imgp=0xffffff801dd51b00) at kern_exec.c:1088 [opt]
frame #5: 0xffffff80172b54d1 kernel`exec_activate_image(imgp=0xffffff801dd51b00) at kern_exec.c:1531:11 [opt]
frame #6: 0xffffff80172b48c7 kernel`posix_spawn(ap=0xffffff8024e3d9b0, uap=<unavailable>, retval=0xffffff801feba178) at kern_exec.c:2864:10 [opt]
frame #7: 0xffffff80173b5b7b kernel`unix_syscall64(state=<unavailable>) at systemcalls.c:381:10 [opt]
frame #8: 0xffffff8016d5a466 kernel`hndl_unix_scall64 + 22
(lldb) breakpoint list
Current breakpoints:
4: regex = '.*_cred_label_update_execve', locations = 2, resolved = 2, hit count = 1
4.1: where = kernel`kauth_proc_label_update_execve + 124 [inlined] kauth_cred_label_update_execve at kern_credential.c:4672, address = 0xffffff801728fccc, resolved, hit count = 0
4.2: where = kernel`mac_cred_label_update_execve + 41 at mac_vfs.c:655:12, address = 0xffffff80174d0f79, resolved, hit count = 1
(lldb)
Created
October 20, 2019 12:48
-
-
Save jmpews/4de0feba40008362d1dafd0678fe2838 to your computer and use it in GitHub Desktop.
debug the amfi
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment