![]() ![]() Moreover, the fact that WMC tends to strongly predict analytical problem solving and reasoning, but may not correlate with divergent thinking, provides a useful boundary condition for defining WMC’s nomological net. WMC did not correlate with creativity in divergent thinking, whereas only the questionnaire measure of daydreaming, but not probed thought reports, weakly predicted creativity the fact that in-the-moment TUTs did not correlate divergent creativity is especially problematic for claims that mind-wandering processes contribute to creative cognition. Retrospective self-reports of Openness (Experiment 2) and mind-wandering and daydreaming propensity (Experiment 3) complemented our thought-probe assessments of TUT. Three individual-differences studies inserted incubation periods into one or two divergent thinking tasks and tested whether WMC (assessed by complex span tasks) and incubation-period mind wandering (assessed as probed reports of task-unrelated thought ) predicted post-incubation performance. However, unfocused attention and daydreaming should allow mental access to more loosely relevant concepts, remotely linked to commonplace solutions. #xpc_object_sizes_list.Should executive control, as indicated by working memory capacity (WMC) and mind-wandering propensity, help or hinder creativity? Sustained and focused attention should help guide a selective search of solution-relevant information in memory and help inhibit uncreative, yet accessible, ideas. XpcObj_len = last2ins.getRawArgument(1)Įlif last2ins.getRawArgument(0) = 'rdi' and last1ins.getRawArgument(0) = 'rsi': If last2ins.getRawArgument(0) = 'rsi' and last1ins.getRawArgument(0) = 'rdi': Indirect_addr = int(last2ins.getRawArgument(1),16)Įlif last2ins.getInstructionString() = 'lea' and last1ins.getInstructionString() = 'lea': If last2ins.getRawArgument(0) = 'rdi' and last1ins.getRawArgument(0) = 'esi': #xpc_object_sizes_list.append(callerinfo)Įlif last2ins.getInstructionString() = 'lea' and last1ins.getInstructionString() = 'mov': Xpc_object_sizes_dict = xpc_object_sizes_dict + ',' + x_symbol Xpc_object_sizes_dict = '#from ' + x_symbol If callerinfo not in xpc_object_sizes_dict.keys(): Indirect_addr = int(last1ins.getRawArgument(1),16)Ĭallerinfo = '_xpc_base_create('+ doc.getNameAtAddress(indirect_addr)+',' + xpcObj_len+ ') ' If last2ins.getRawArgument(0) = 'esi' and last1ins.getRawArgument(0) = 'rdi': If last2ins.getInstructionString() = 'mov' and last1ins.getInstructionString() = 'lea': Ins1 = seg.getInstructionAtAddress(x - 12) Ins0 = seg.getInstructionAtAddress(x - 5) X_symbol = pname + '+' + hex(x - p_entry_addr) Pname = seg.getNameAtAddress(p_entry_addr) Last2ins,last1ins = get_last2instructions_addr(seg,x) _xpc_base_create_addr = doc.getAddressForName('_xpc_base_create')Įachxrefs = seg.getReferencesOfAddress(_xpc_base_create_addr) Print ' Demonstrating XPC ojbect sizes using a hopper diassembler\'s python script' Print hex(last1ins_addr), last1ins.getInstructionString(), last1ins.getRawArgument(0), last1ins.getRawArgument(1) Print hex(last2ins_addr), last2ins.getInstructionString(), last2ins.getRawArgument(0), last2ins.getRawArgument(1) Last1ins = seg.getInstructionAtAddress(last1ins_addr) Last2ins = seg.getInstructionAtAddress(last2ins_addr) Last2ins_addr = seg.getInstructionStart(last1ins_addr - 1) ![]() Last1ins_addr = seg.getInstructionStart(x - 1) XPC provides its own data types through libxpc.dylib. The APIs themselves are divided into an object API and a transport API. In this blog, we only focus on the low level APIs, which are direct exports of xpc_* functions from libxpc.dylib. ![]() XPC provides public APIs on two levels: the low level and the Foundation wrappers. XPC has a fairly large undocumented portion of its functionality, which includes its implementation (the main project libxpc, for example, is closed source). Since its introduction in version 10.7/5.0, its use has exploded. XPC is the enhanced IPC framework used in macOS/iOS. In this blog, I uncover the XPC internals data types to help researchers (myself included) not only quickly analyze the root causes of XPC vulnerabilities, but to also assist with deep analysis of exploits targeted at those vulnerabilities. I have recently been engaged in deep security research on macOS for FortiGuard Labs focused on the discovery and analysis of IPC vulnerabilities. FortiGuard Labs How-To Guide for Threat Researchers
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |