Tuesday, August 23, 2016

Mac OS X file system redirector

 I committed a new project in my GitHub repository. A file system requests redirection filter MacOSX-VFS-redirector. The project is based on MacOSX-FileSystem-Filter .

The filter redirects file creation, open requests, rename and data IO (read, write) from an application to a shadow directory where shadow copies for files are created. The shadow directory path can cross mount points. An application under control doesn't aware about redirection and believes it works with original files by using unmodified paths. Applications under control are registered in gApplicationsData array. The array is declared in ApplicationsData.cpp .

The filter employs a user mode client for data modification and shadow file creation. See processing for VFSDataType_PreOperationCallback in user mode client's main.cpp .

The filter's core is VFSHooks.cpp . It contains VFS hooks to intercept file creation and open, redirect IO and call a user client.

The filter was tested on Mac OS X Yosemite (10.10) and Mac OS X El Capitan (10.12).

2 comments:

  1. Hi Slava,

    I tried to run MacOSX-FileSystem-Filter code on mac os Sierra and the system is going on rolling reboot. When i analyse the kernel panic it points to original = *(vfs_vctr_opnfunc*)((vm_offset_t)v_op + offsetDescEntry->offset); in VNodeHook.cpp.

    I checked the XNU code xnu-3789.1.32/ in https://opensource.apple.com/source/xnu/ if any Vnode and Vnodeop_dec has changed but I didn't find any difference...What could be the reason for the system panics in Sierra.

    Can you please help me in this regard

    ReplyDelete
    Replies
    1. Hi,

      The vnode structure definition has changed for Sierra. I have changed the related https://github.com/slavaim/MacOSX-FileSystem-Filter to use dynamic (on load) structure layout inference. I am planning to do this for the redirector as well.

      Delete