Category Archives: Mac OSX

OS X mixed

Decrypting TLS data with Wireshark on Mac

This post is about how decrypt TLS data with Wireshark using session key file. The session key file saves combination of secret keys which web browser used to encrypt or decrypt http traffic. Not all browsers may save session key, as I know only Google Chrome and Firefox permit to do this. The example below… Read More »

Remote desktop from Mac to Windows and input control matching.

Recently working from home I needed to use remote desktop connection from Mac to Windows computer. Microsoft remote desktop client is available on the App Store. There was no problem with Microsoft Remote Desktop installation on Mac laptop and connection to Windows PC. The main difficulties appeared with using Mac keyboard with Windows applications. Later… Read More »

Big Sur and built-in dynamic linker cache

On Big Sur Apple made significant changes in OS X file system. System-provided libraries are moved from filesystem to dynamic linker cache. Probably it is done because Big Sur OS X supports 2 different CPUs: Inter and Apple Silicon processors and currently dynamic linker cache contains 2 versions for the both processors: Apple Silicon ARM… Read More »

About dladdr function.

dladdr function from Unix-like OS looks similar as GetProcAddress Win32 API function. However dladdr obtains more information related to requested function than function entry point address as GetProcAddress does. Besides GetProcAddress requires the handle of the DLL module that contains the requested function, dladdr needs only the function name. Definitely in both cases DLL or… Read More »

Apple Silicon Disassembly

The source code of cpubrand_string.cpp presented in “Mac OSX CPU Information. Terminal and Programmatically” post and tested on Mac with Apple Silicon processor works the same when it was compiled on Mac with Apple Silicon or Intel processors as well. Apple announced new Rosetta system that allows users to run applications that contain x86_64 instructions… Read More »

PID File and Process Name

PID file is small file that contains process identification number usually for daemon processes. Typically pid file location is /var/run directory or sub-directories of /var/run. In new Linux versions /var/run is symbolic link to /run directory. The PID file is created when daemon service is started and deleted when the service stops. If daemon process… Read More »

IsDebuggerPresent for Mac OSX

IsDebuggerPresent is Win32 API function which returns boolean value true if calling process is being debugged by debugger. It is the simplest way to restrict reverse engineering activity using Windows debuggers. I did not find something similar for Mac OSX platform so I implemented my own application which does debugger detection. The application is based… Read More »

Building db_dump from sources

The db_dump utility dump Berkeley DB databases into a flat-text representation. Berkeley DB distribution includes source code of db_dump utility and also other useful utilities such as: db_archive, db_checkpoint, b_deadlock, b_dump185, db_load, db_printlog, db_recover, db_stat, db_upgrade and db_verify. All these utilities may be used for database debugging and maintenance. Here is example of Makefile for… Read More »

Programmatically Capture Energy Saver Events on Mac

Mac OS X device may go to sleep by forced or idle events. The force event is related to some action performed by users, such as closing laptop lid or clicking on Sleep menu item. The idle event happens when users did not make any any actions with device for a specific period of time:… Read More »

How to get reboot time on Mac machine programmatically.

It is similar implementation as about reboot time as “How to get reboot time on Linux machine programmatically“, but for Mac OSX devices. The code is based on the same sysctl function described already in “sysctl command and function” and “Get kernel information through command line and programmatically“, but using different management information base (MIB)… Read More »