Mac OS X Hacking Tools
he Jargon File is a popular lexicographic resource amongst hackers (and non-hackers too). Although it might have some subjective definitions I may not agree with, I have conveniently quoted verbatim the definitions of the terms "hacker" and "tool" as a preface to the contents of this page.
[originally, someone who makes furniture with an axe]
1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. RFC1392, the Internet Users' Glossary, usefully amplifies this as: A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular.
1. n.A program used primarily to create, manipulate, modify, or analyze other programs, such as a compiler or an editor or a cross-referencing program. Oppose app, operating system; see alsotoolchain.
So?
t is eminently debatable whether one (that means me, you or whosoever else) is a "hacker", but such a debate would probably be fruitless anyway, even meaningless. I do enjoy exploring the details of all sorts of things, including operating systems. This page is a compendium of some programs you might come across while tinkering with Mac OS X. Documentation for most of these tools exists, therefore my aim is not to reproduce documentation, but simply to maintain a cache of relevant information. I believe this would be useful to those who are new to Mac OS X, but are interested in exploring the system at a low(er) level. Note that many of the tools listed here are ones that are either new to Mac OS X (as compared to Unix style systems), or are different from their Unix counterparts. In other words, I have avoided listing "standard" Unix/BSD tools. Moreover, do realize that some (like dynamic_pager and various daemons) are not really tools.
he following list has not been fully updated for Panther (10.3.x).
Tools
KernelEventAgent
sr/sbin/KernelEventAgent handles one of the core system services (events such as file systems being mounted and unmounted, low disk space, network connections going down, etc.)
SystemStarter
bin/SystemStarter is run during system initialization to handle "startup items". See "Mac OS X System Startup" for details.
aexml
sr/sbin/aexml forwards XMLRPC and SOAP requests to the AppleEvent manager for further dispatching. More documentation is available on the Apple Developer Web Site.
appleping
sr/bin/appleping exercises the AppleTalk network by sending packets to a named host.
ardbgd
sr/sbin/ardbgd is the daemon for the Apple Remote Debugging Service.
asr
sr/sbin/asr (Apple Software Restore) efficiently copies disk images and volumes, and can also accurately clone volumes.
bless
sr/sbin/bless is used to set volume bootability characteristics for Macintoshes. The command can be used to select a folder on a mounted volume to act as the blessed system folder, and optionally update Open Firmware to boot from that volume. It can also be used to format and setup a volume for the first time. Finally, it can be used to query the folder(s) that are blessed on a volume. Try the following (non-destructive) commands:
% sudo bless -verbose -info / ... % sudo bless -verbose -plist -info /
blued
sr/sbin/blued is the Bluetooth daemon.
cac_*
sr/sbin/cac_* are scripts related to CAC (Common Access Card) support. A CAC can be thought of as a SmartCard that combines multiple cards (functions) into one. A CAC can enable physical access to buildings and controlled places, enable computer network and system access and serve as the primary platform for the PKI token.
cmpdylib
sr/bin/cmpdylib compares two dynamic shared libraries for compatibility.
createhomedir
sr/sbin/createhomedir creates and populates local home directories.
ddb
db is a debugging mechanism that can be compiled into Mac OS X, similar to BSD's kdb. While gdb can be used over Ethernet (through a kernel stub), ddb is compiled into the kernel and is used over a serial line. Most importantly, ddb requires an actual built-in hardware serial line on the debug target. Fortunately, gdb should suffice for almost all debugging needs unless one is trying to debug an Ethernet driver itself, say.
db is not present by default on Mac OS X. It must be compiled from source (xnu/osfmk/ddb in the CVS tree).
defaults
sr/bin/defaults is used to access (read, write and delete) Mac OS X user defaults from the command line. For example, the following will print out Desktop background settings (including the pathname for the desktop background image, if any):
% defaults read com.apple.desktop Background
dev_mkdb
sr/sbin/dev_mkdb creates a hash access method database (based on Berkeley DB) in /var/run/dev.db. This database contains the name of all devices under /dev.
diskarbitrationd
sr/sbin/diskarbitrationd is a daemon that listens for connections from clients, notifies clients of the appearance of disks and filesystems, and governs the mounting of filesystems and claiming of disks amongst clients.
disktool
sr/sbin/disktool is a command line utility for disk arbitration. It can be used to rename, eject, mount or unmount disks and volumes.
diskutil
sr/sbin/diskutil is a utility for managing disks and volumes. It can be used to perform operations such as enabling/disabling HFS+ journaling, verifying and repairing permissions, erasing disks (including optical media), partitioning, creating and managing RAID sets etc. You typically need root access to use this utility.
ditto
sr/bin/ditto copies files and directories to a destination directory. ditto can be used to "thin" "fat" (multiple-architecture) exectuables. It can also copy files selectively based on the contents of a BOM ("Bill of Materials"). One of the most useful features of ditto is that it can preserve resource fork and HFS meta-data information when copying files.
drutil
sr/bin/drutil is a command line tool that uses the DiscRecording framework to interact with attached CD/DVD burning devices.
dscl
sr/bin/dscl is the Directory Service command line utility.
dsperfmonitor
sr/bin/dsperfmonitor is a directory tool for testing plugin performance in Directory Services.
dynamic_pager
bin/dynamic_pager is started during system initialization to manage swap files. See Mac OS X System Startup for details.
fdisk
sr/sbin/fdisk displays or changes the DOS partition table found in the bootsector of x86 bootable disks.
fixPrecomp
sr/bin/fixPrecomp is a tool for "fixing" precompiled header warnings that occur when headers get out-of-sync with their precompiled versions - after a system update, say.
fixproc
sr/bin/fixproc is a Perl script that "fixes" a named process by performing the specified action (which can be check, kill, restart, exist or fix).
fs_usage
sr/bin/fs_usage presents an ongoing display of system call usage information pertaining to file system activity. By default this includes all system processes except the running fs_usage process, Terminal, telnetd,sshd, rlogind, tcsh, csh and sh.
fstat
sr/bin/fstat identifies open files (including sockets).
heap
sr/bin/heap lists all the malloc-allocated buffers in the specified process's heap.
hdiutil
sr/bin/hdiutil uses the DiskImages framework to manipulate disk image files.
hlfsd
sr/sbin/hlfsd is the home-link file system daemon. It implements a file system containing a symbolic link to a subdirectory within a user's home directory, depending on the user which accessed that link.
installer
sr/sbin/installer is the Mac OS X system software and package installer tool.
install_name_tool
sr/bin/install_name_tool changes the dynamic shared library install names recorded in a Mach-O binary.
ioalloccount
sr/sbin/ioalloccount displays some accounting of memory allocated by IOKit allocators, including object instances, in the kernel. This is useful for tracking memory leaks.
ioclasscount
sr/sbin/ioclasscount displays the instance count, offset by the number of direct subclasses that have at least one instance allocated, for the classes specified. This is useful for tracking leaks.
ioreg
sr/sbin/ioreg displays the IOKit registry. Try ioreg -l, for example, and you can see detailed registry information (including object properties) - such as details of various temperature sensors in the system (on the I2C bus).
iostat
sr/sbin/iostat displays kernel I/O statistics on terminal, disk and cpu operations.
ipconfig
sr/sbin/ipconfig can be used to get the number of network interfaces active (the ifcount argument), and also to retrieve various options associated with these interfaces. For example, "ipconfig getoption en1 lease_time" prints the DHCP lease time of en1 if applicable. Finally, ipconfig can also be used to set an interface for BOOTP, DHCP etc.
kdump
sr/bin/kdump displays the kernel trace files produced with ktrace in human readable format.
kextcache
sr/sbin/kextcache creates or updates kext caches, which are used to speed up kernel extension loading operations and to prepare kexts for inclusion in such media as device ROM.
kextload
bin/kextload can be used to explicitly load kernel extensions, validate them to see that they can be loaded by other mechanisms, such as kextd, and to generate symbol files for debugging the kext in a running kernel.
kextstat
sr/sbin/kextstat displays the status of any kernel extensions currently loaded in the kernel.
kextunload
bin/kextunload is used to terminate and unregister IOKit objects associated with a kernel extension and to unload the code and personalities for that kext.
kgmon
sr/sbin/kgmon generates a dump of the operating system's profile buffers for later analysis by gprof.
ktrace
sr/bin/ktrace enables kernel trace logging for the specified processes, causing trace data to be logged to a file. Traced kernel operations include system calls, namei translations, signal processing and I/O.
latency
sr/bin/latency is used for monitoring scheduling and interrupt latency. The tool can also be used to set real time or timeshare scheduling policies.
ld
sr/bin/ld is the (Mach) object file link editor.
leaks
sr/bin/leaks examines a specified process for malloc-allocated buffers which are not referenced by the program.
lipo
sr/bin/lipo creates or operates on multi-architecture ("fat") files. It can list the architecture types in a fat file, create a single fat file from one or more input files, thin out a single fat file to a specified architecture type, and extract, replace and/or remove architecture types from the input file.
lockfile
sr/bin/lockfile can be used to create one or more (conditional) semaphore files, with the provision of waiting for a specified number of seconds and a specified number of retries.
lsbom
sr/bin/lsbom interprets the contents of binary bom (bill-of-materials) files. bom is a file system used by the Mac OS X installer to determine which files to install, remove, or upgrade.
lsof
sr/sbin/lsof lists information about files opened by processes.
lsvfs
sr/bin/lsvfs lists known (currently loaded) virtual file systems.
mDNSResponder
sr/sbin/mDNSResponder (Multicast DNS Responder) listens for and responds to DNS-format query packets sent via Multicast to UDP port 5353.
mach_init
bin/mach_init is a daemon that maintains various mappings between service names and the Mach ports that provide access to those services.
malloc_history
sr/bin/malloc_history inspects a given process and lists the malloc allocations performed by it. It relies on information provided by the standard malloc library when debugging options have been turned on.
mig
sr/bin/mig (Mach Interface Generator) is used to compile procedural interfaces to Mach's message-based APIs, based on descriptions of those APIs.
mkbom
sr/bin/mkbom creates a bom (bill-of-materials) given a directory.
mkextunpack
sr/sbin/mkextunpack extracts the contents of a multikext (mkext) archive.
netstat
sr/sbin/netstat symbolically displays the contents of various network-related data structures.
nibindd
sr/sbin/nibindd is a daemon that is responsible for finding, creating and destroying NetInfo servers.
nibtool
sr/bin/nibtool is used for printing, verifying and updating nib files.
nicl
sr/bin/nicl is a general-purpose utility for operating on NetInfo databases. Its commands allow one to create, read and manage NetInfo data.
nidomain
sr/sbin/nidomain is an interface to nibindd to which it sends all of its requests about the domains served on a given machine. It can also be used to create and destroy NetInfo databases.
nifind
sr/bin/nifind finds a directory in the NetInfo hierarchy.
nigrep
sr/bin/nigrep searches for a regular expression in the NetInfo hierarchy.
niload
sr/bin/niload loads information from standard input into the given NetInfo domain.
nireport
sr/bin/nireport prints tables from the NetInfo hierarchy.
niutil
sr/bin/niutil is used to do arbitrary reads and writes on the given NetInfo domain.
nmedit
sr/bin/nmedit is used to change global symbols to local symbols. It differs from strip in that it also changes the symbolic debugging information for the global symbols it changes to static symbols so that the resulting object can still be used with a debugger.
notifyd
sr/sbin/notifyd is a daemon that facilitates processes to exchange stateless notification events.
nvram
sr/sbin/nvram allows manipulation of Open Firmware non-volatile RAM variables.
objcopy
bjcopy is part of binutils that you can download, compile and install. This utility copies the contents of an object file to another, using the GNU BFD (Binary File Descriptor) library to access the object files.
objdump
bjdump is part of binutils. It displays information (including disassembly, if required) about one or more object files.
open
sr/bin/open is a command line utility to open a file (or a directory or URL), just as if you had double-clicked the file's icon.
open-x11
sr/bin/open-x11 is a wrapper shell script that provides open functionality for X11 applications.
orbd
sr/bin/orbd is the Object Request Broker Daemon. It is a tool to enable clients to transparently locate and invoke persistent objects on servers in the CORBA environment.
osacompile
sr/bin/osacompile compiles the given files, or standard input if non are listed, into a single output script.
osalang
sr/bin/osalang prints information about installed OSA (Open Script Architecture) languages.
osascript
sr/bin/osascript executes the given script file, or standard input if none is given. Scripts may be plain text or compiled scripts.
otool
sr/bin/otool displays specified parts of object files or libraries (similar to ldd on Linux).
pagestuff
sr/bin/pagestuff displays information about the specified logical pages of a file conforming to the Mach-O executable format.
pax
in/pax is a tool for reading, writing, and listing members of an archive file. It is also used to copy directory hierarchies. pax supports various archive formats such as cpio, bcpio, sv4cpio, sv4crc, tar, and ustar.
pbcopy
sr/bin/pbcopy is used to copy standard input to the pasteboard buffer.
pbpaste
sr/bin/pbpaste prints the contents of the pasteboard buffer.
pcscd
sr/sbin/pcscd is a daemon used to dynamically allocate/deallocate Smart Card reader drivers at runtime and manage connections to the readers. Related utilities include /usr/bin/pcsctest and /usr/bin/pcsctool. These tools are taken from the MUSCLE (Movement for the Use of Smart Cards in a Linux Environment) project, a project to coordinate the development of smart cards and applications under Linux.
pdisk
sr/sbin/pdisk is a menu driven program which partitions disks using the standard Apple disk partitioning scheme.
plutil
sr/bin/plutil can be used to check the syntax of property list files, or convert a plist file from one format to another.
pmset
sr/bin/pmset changes and reads power management settings such as idle sleep timing, wake on administrative access, automatic restart on power loss, etc.
pstat
sr/sbin/pstat displays open file entry, swap space utilization, terminal state, and vnode data structures.
redo_prebinding
sr/bin/redo_prebinding is used to redo the prebinding of an executable or dynamic library when one of the dependent dynamic library changes. The input file, executable or dynamic library, must have initially been prebound for this program to redo the prebinding.
say
sr/bin/say uses the Speech Synthesis manager to convert input text to audible speech and either play it through the sound output device chosen in System Preferences or save it to an AIFF file.
screencapture
sr/sbin/screencapture captures the screen (a window selection or a mouse selection) to the clipboard or a file (as PDF).
scselect
sr/sbin/scselect is used to change current network location, or to list defined locations.
sc_usage
sr/bin/sc_usage displays an ongoing sample of system call and page fault usage statistics for a given process.
scutil
sr/sbin/scutil is a tool to communicate with configd, read and write from/to the configuration data store etc.
security
sr/bin/security provides a command line interface to administer Keychains, manipulate keys and certificates, and do most things the Security framework is capable of.
segedit
sr/bin/segedit extracts and/or replaces the named sections from the specified input file and creates an output.
setregion
sr/bin/setregion is the command line utility for setting the DVD drive's "region".
sips
sr/bin/sips is a command line interface to the Scriptable Image Processing Server. The graphical abilities of Mac OS X are exposed through this image processing service. The SIPS architecture contains tools for performing basic image alterations and support various image formats. The goal is to provide quick, convenient, desktop automation of common image processing operations.
slpd
sr/sbin/slpd is the Service Location Protocol daemon that advertises local services to the network.
slp_reg
sr/sbin/slp_reg is a tool to register URLs via the Service Location Protocol in order for remote machines to discover locally registered services.
softwareupdate
sr/sbin/softwareupdate is a command line utility to perform software updates under Mac OS X.
srm
sr/bin/srm securely (by overwriting, renaming, and truncating before unlinking) removes files or directories.
sw_vers
sr/bin/sw_vers prints the product name (such as Mac OS X), version and build number.
sysctl
sr/sbin/sysctl retrieves kernel state and allows processes with appropriate privilege to set kernel state.
system_profiler
sr/sbin/system_profiler is the command line system profiling utility.
tcpdump
sr/sbin/tcpdump dumps traffic on a network.
top
sr/bin/top displays an ongoing sample of system usage statistics (such as cpu utilization, memory usage etc. for each process).
trpt
sr/sbin/trpt interrogates the buffer of TCP trace records created when a socket is marked for debugging (via setsockopt()) and prints a readable description of these records.
update_prebinding
sr/bin/update_prebinding tries to synchronize prebinding information for libraries and executables when new files are added to a system. Prebinding information is pre-calculated address information for libraries used by a given executable or library. By pre-determining where a function in another library is destined to be placed, the dynamic linker does not have to resolve symbols at application startup time.
vm_stat
sr/bin/vm_stat displays Mach virtual memory statistics.
vmmap
sr/bin/vmmap displays the virtual memory regions allocated in a specified process, indicating how memory is being used, and what the purposes of memory at a given address might be.
vpnd
sr/sbin/vpnd is the Mac OS X VPN service daemon.
xcode*
sr/bin/xcode* are Xcode related commands.
xxd
sr/bin/xxd creates a hex dump of a given file or standard input. It can also convert a hex dump back to its original binary form.
3423
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
