Mac OS® X and iOS Internals -- Contents -- Introduction -- Part I: For Power Users -- Chapter 1: Darwinism: The Evolution of OS X -- The Pre-Darwin Era: Mac OS Classic -- The Prodigal Son: NeXTSTEP -- Enter: OS X -- OS X Versions, to Date -- 10.0-Cheetah and the First Foray -- 10.1-Puma-a Stronger Feline, but . . . -- 10.2-Jaguar-Getting Better -- 10.3-Panther and Safari -- 10.4-Tiger and Intel Transition -- 10.5-Leopard and UNIX -- 10.6-Snow Leopard -- 10.7-Lion -- 10.8-Mountain Lion -- iOS-OS X Goes Mobile -- 1.x-Heavenly and the First iPhone -- 2.x-App Store, 3G and Corporate Features -- 3.x-Farewell, 1st gen, Hello iPad -- 4.x-iPhone 4, Apple TV, and the iPad 2 -- 5.x-To the iPhone 4S and Beyond -- iOS vs. OS X -- The Future of OS X -- Summary -- References -- Chapter 2: E Pluribus Unum: Architecture of OS X and iOS -- OS X Architectural Overview -- The User Experience Layer -- Aqua -- Quicklook -- Spotlight -- Darwin-The UNIX Core -- The Shell -- The File System -- UNIX System Directories -- OS X-Specific Directories -- iOS File System Idiosyncrasies -- Interlude: Bundles -- Applications and Apps -- Info.plist -- Resources -- NIB Files -- Internationalization with .lproj Files -- Icons (.icns) -- CodeResources -- Frameworks -- Framework Bundle Format -- List of OS X and iOS Public Frameworks -- Libraries -- Other Application Types -- System Calls -- POSIX -- Mach System Calls -- A High-Level View of XNU -- Mach -- The BSD Layer -- libkern -- I/O Kit -- Summary -- References -- Chapter 3: On the Shoulders of Giants: OS X and iOS Technologies -- BSD Heirlooms -- sysctl -- kqueues -- Auditing (OS X) -- Mandatory Access Control -- OS X- and iOS-Specific Technologies -- User and Group Management (OS X) -- System Configuration -- Logging -- Apple Events and AppleScript -- FSEvents -- Notifications.

Additional APIs of interest -- OS X and iOS Security Mechanisms -- Code Signing -- Compartmentalization (Sandboxing) -- Entitlements: Making the Sandbox Tighter Still -- Enforcing the Sandbox -- Summary -- References -- Chapter 4: Parts of the Process: Mach-O, Process, and Thread Internals -- A Nomenclature Refresher -- Processes and Threads -- The Process Lifecycle -- UNIX Signals -- Executables -- Universal Binaries -- Mach-O Binaries -- Load Commands -- Dynamic Libraries -- Launch-Time Loading of Libraries -- Runtime Loading of Libraries -- dyld Features -- Process Address Space -- The Process Entry Point -- Address Space Layout Randomization -- 32-Bit (Intel) -- 64-Bit -- 32-Bit (iOS) -- Experiment: Using vmmap(1) to Peek Inside a Process's Address Space -- Process Memory Allocation (User Mode) -- Heap Allocations -- Virtual Memory-The sysadmin Perspective -- Threads -- Unraveling Threads -- References -- Chapter 5: Non Sequitur: Process Tracing and Debugging -- DTrace -- The D Language -- dtruss -- How DTrace Works -- Other Profiling mechanisms -- The Decline and Fall of CHUD -- AppleProfileFamily: The Heir Apparent -- Process Information -- sysctl -- proc_info -- Process and System Snapshots -- system_profiler(8) -- sysdiagnose(1) -- allmemory(1) -- stackshot(1) -- The stack_snapshot System Call -- kdebug -- kdebug-based Utilities -- kdebug codes -- Writing kdebug messages -- Reading kdebug messages -- Application Crashes -- Application Hangs and Sampling -- Memory Corruption Bugs -- Memory Leaks -- heap(1) -- leaks(1) -- malloc_history(1) -- Standard UNIX Tools -- Process listing with ps(1) -- System-Wide View with top(1) -- File Diagnostics with lsof(1) and fuser(1) -- Using GDB -- GDB Darwin Extensions -- GDB on iOS -- LLDB -- Summary -- References and Further Reading.

Chapter 6: Alone in the Dark: The Boot Process: EFI and iBoot -- Traditional Forms of Boot -- EFI Demystified -- Basic Concepts of EFI -- The EFI Services -- NVRAM Variables -- OS X and boot.efi -- Flow of boot.efi -- Booting the Kernel -- Kernel Callbacks into EFI -- Boot.efi Changes in Lion -- Boot Camp -- Count Your Blessings -- Experiment: Running EFI Programs on a Mac -- iOS and iBoot -- Precursor: The Boot ROM -- Normal Boot -- Recovery Mode -- Device Firmware Update (DFU) Mode -- Downgrade and Replay Attacks -- Installation Images -- OS X Installation Process -- iOS File System Images (.ipsw) -- Summary -- References and Further Reading -- Chapter 7: The Alpha and the Omega - launchd -- launchd -- Starting launchd -- System-Wide Versus Per-User launchd -- Daemons and Agents -- The Many Faces of launchd -- Lists of LaunchDaemons -- GUI Shells -- Finder (OS X) -- SpringBoard (iOS) -- XPC (Lion and iOS) -- Summary -- References and Further Reading -- Part II: The Kernel -- Chapter 8: Some Assembly Required: Kernel Architectures -- Kernel Basics -- Kernel Architectures -- User Mode versus Kernel Mode -- Intel Architecture - Rings -- ARM Architecture: CPSR -- Kernel/User Transition Mechanisms -- Trap Handlers on Intel -- Voluntary kernel transition -- System Call Processing -- POSIX/BSD System calls -- Mach Traps -- Machine Dependent Calls -- Diagnostic calls -- XNU and hardware abstraction -- Summary -- References -- Chapter 9: From the Cradle to the Grave - Kernel Boot and Panics -- The XNU Sources -- Getting the Sources -- Making XNU -- One Kernel, Multiple Architectures -- The XNU Source Tree -- Booting XNU -- The Bird's Eye View -- OS X: vstart -- iOS: start -- [i386 rm]_init -- i386_init_slave() -- machine_startup -- kernel_bootstrap -- kernel_bootstrap_thread -- bsd_init -- bsdinit_task -- Sleeping and Waking Up.

Boot Arguments -- Kernel Debugging -- "Don't Panic" -- Implementation of Panic -- Panic Reports -- Summary -- References -- Chapter 10: The Medium Is the Message: Mach Primitives -- Introducing: Mach -- The Mach Design Philosophy -- Mach Design Goals -- Mach Messages -- Simple Messages -- Complex messages -- Sending Messages -- Ports -- The Mach Interface Generator (MIG) -- IPC, in Depth -- Behind the Scenes of Message Passing -- Synchronization Primitives -- Lock Group Objects -- Mutex Object -- Read-Write Lock Object -- Spinlock Object -- Semaphore Object -- Lock Set Object -- Machine Primitives -- Clock Object -- Processor Object -- Processor Set Object -- Summary -- References -- Chapter 11: Tempus Fugit-Mach Scheduling -- Scheduling Primitives -- Threads -- Tasks -- Task and Thread APIs -- Task APIs -- Thread APIs -- Scheduling -- The High-Level View -- Priorities -- Run Queues -- Mach Scheduler Specifics -- Asynchronous Software Traps (ASTs) -- Scheduling Algorithms -- Timer Interrupts -- Interrupt-Driven Scheduling -- Timer Interrupt Processing in XNU -- Exceptions -- The Mach Exception Model -- Implementation Details -- Experiment: Mach Exception Handling -- Summary -- References -- Chapter 12: Commit to Memory: Mach Virtual Memory -- Virtual Memory Architecture -- The 30,000-Foot View of Virtual Memory -- The Bird's Eye View -- The User Mode View -- Physical Memory Management -- Mach Zones -- The Mach Zone Structure -- Zone Setup During Boot -- Zone Garbage Collection -- Zone Debugging -- Kernel Memory Allocators -- kernel_memory_allocate() -- kmem_alloc() and Friends -- kalloc -- OSMalloc -- Mach Pagers -- The Mach Pager interface -- Universal Page Lists -- Pager Types -- Paging Policy Management -- The Pageout Daemon -- Handling Page Faults -- The dynamic_pager(8) (OS X) -- Summary -- References.

Chapter 13: BS"D - The BSD Layer -- Introducing BSD -- One Ring to Bind Them -- What's in the POSIX Standard? -- Implementing BSD -- XNU Is Not Fully BSD -- Processes and Threads -- BSD Process Structs -- Process Lists and Groups -- Threads -- Mapping to Mach -- Process Creation -- The User Mode Perspective -- The Kernel Mode Perspective -- Loading and Executing Binaries -- Mach-O Binaries -- Process Control and Tracing -- ptrace (#26) -- proc_info (#336) -- Policies -- Process Suspension/Resumption -- Signals -- The UNIX Exception Handler -- Hardware-Generated Signals -- Software-Generated Signals -- Signal Handling by the Victim -- Summary -- References -- Chapter 14: Something Old, Something New: Advanced BSD Aspects -- Memory Management -- POSIX Memory and Page Management System Calls -- BSD Internal Memory Functions -- Memory Pressure -- Jetsam (iOS) -- Kernel Address Space Layout Randomization -- Work Queues -- BSD Heirlooms Revisited -- Sysctl -- Kqueues -- Auditing (OS X) -- Mandatory Access Control -- Apple's Policy Modules -- Summary -- References -- Chapter 15: Fee, FI-FO, File: File Systems and the VFS -- Prelude: Disk Devices and Partitions -- Partitioning Schemes -- Generic File System Concepts -- Files -- Extended Attributes -- Permissions -- Timestamps -- Shortcuts and Links -- File Systems in the Apple Ecosystem -- Native Apple File Systems -- DOS/Windows File Systems -- CD/DVD File Systems -- Network-Based File Systems -- Pseudo File Systems -- Mounting File Systems (OS X only) -- Disk Image Files -- Booting from a Disk Image (Lion) -- The Virtual File System Switch -- The File System Entry -- The Mount Entry -- The vnode Object -- FUSE-File Systems in USEr Space -- File I/O from Processes -- Summary -- References and Further Reading.

Chapter 16: To B (-Tree) or Not to Be- The HFS+ File Systems.