stek29

#include <objc/runtime.h>

extern void *SubGetImageByName(const char *filename) __asm__("SubGetImageByName");;
void *MSGetImageByName(const char *filename) {
    return SubGetImageByName(filename);
}

extern void *SubFindSymbol(void *image, const char *name) __asm__("SubFindSymbol");
void *MSFindSymbol(void *image, const char *name) {
	return SubFindSymbol(image, name);

stek29

#include <mach/mach.h>
#include <IOKit/IOKitLib.h>
#include <stdio.h>
#include <stdlib.h>

const static uint32_t SELpurgeCachedValidationResults = 4;

int main(void) {
	int rv = EXIT_FAILURE;

stek29

#include <sys/types.h>
#include <sys/sysctl.h>
#include <string.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>

int main(int argc, char* argv[]) {
  if (argc != 2) {
    printf("usage: %s sysctlname\n", argv[0]);

stek29

import lldb
import shlex

FLAGS = [
	['CF', 'Carry Flag'],
	[None, 'Reserved'],
	['PF', 'Parity Flag'],
	[None, 'Reserved'],
	['AF', 'Adjust Flag'],
	[None, 'Reserved'],

stek29

#include "OSContainersVT.h"

DECL_CLASS(IORegistryEntry);
DECL_CLASS(IOService);

typedef OSObject IOWorkLoop; // sigh

typedef OSObject IORegistryPlane;
typedef uint32_t IOOptionBits;
typedef kern_return_t IOReturn;

stek29

#include <sys/types.h>
#include <unistd.h>       // write
#include <fcntl.h>        // open, close
#include <stdio.h>        // fprintf
#include <string.h>       // strerror, strdup, strchr
#include <stdlib.h>       // free, EXIT_*
#include <sys/mman.h>     // mmap, munmap
#include <sys/stat.h>     // fstat
#include <errno.h>        // errno
#include <dirent.h>       // DIR, dirent, opendir, readdir

stek29

#include <mach/mach.h>
#include <xpc/xpc.h>

/* dlsym-like function that uses (private API) CoreSymbolication to get unexported symbols.
   C functions use their C name, without the underscore prefix. C++ functions use their
   demangled names, e.g. "MYClass::function(int, void *)" */
void *get_symbol(const char *name);

kern_return_t bootstrap_look_up3(mach_port_t bp, const char *service_name, mach_port_name_t *sp, int64_t target_pid, const unsigned char *instance_uuid, uint64_t flags);
kern_return_t bootstrap_look_up(mach_port_t bp, const char* service_name, mach_port_t *sp);

stek29

• remove all packages except core ones which are dangerous to remove
• iterate over .list files, build list of all files to be removed
• filter out some critical from those
• remove all files and empty directories which are in that list from disk, pop them from that list on removal
• keep doing previous step until list is empty, or there are no empty directories left in it
• print out list leftovers and ask user to handle them manually

stek29

+-o unknown vendor unknown product Media  <class IOMedia, registered, matched, $
  | {
  |   "Leaf" = No
  |   "Writable" = Yes
  |   "BSD Minor" = 0
  |   "Preferred Block Size" = 4096
  |   "BSD Major" = 14
  |   "BSD Name" = "disk0"
  |   "Size" = 8120172544
  |   "Content Hint" = ""

stek29

#include <spawn.h>
#include <string.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>

int main(int argc, char *argv[], char *envp[]) {
  if (argc < 2) {
    printf("usage: %s program [args...]", argv[0]);