-
-
Save bossjones/aaf823b4e03c4733f827c393b6f972e8 to your computer and use it in GitHub Desktop.
Revisions
-
erikng revised this gist
Jul 25, 2017 . 1 changed file with 24 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,14 +1,35 @@ #!/usr/bin/python # Credit to frogor for the objc from Foundation import NSBundle import json import objc import os import plistlib import subprocess IOKit = NSBundle.bundleWithIdentifier_('com.apple.framework.IOKit') functions = [('KextManagerCopyLoadedKextInfo', '@@@'), ] objc.loadBundleFunctions(IOKit, globals(), functions) kernel_dict = KextManagerCopyLoadedKextInfo(None, None) folderpaths = ['/Applications', '/Users', '/System/Library/Extensions', '/Library'] unidentifiedKexts = [] # This just finds all of the currently loaded kexts. identifiedKexts = \ [ { 'Identifier': kernel_dict[kext]['CFBundleIdentifier'], 'KextPath': kernel_dict[kext]['OSBundlePath'], 'Version': kernel_dict[kext]['CFBundleVersion'], } for kext in kernel_dict.keys() if not kext.startswith(('__kernel', 'com.apple')) ] # This checks common folder paths for any unloaded Kexts and attempts to give # the same type of info as above. This can take a really long time to finish, @@ -21,7 +42,7 @@ # locate takes just as long as os.walk if not longer since we are skipping some # of the folders. If we use locate, the db could also be out of date. # # COMMENT THIS OUT IF YOU DON'T CARE ABOUT THIS AND ONLY WANT LOADED KEXTS! # """ for path in folderpaths: for root, dirnames, filesnames in os.walk(path): @@ -40,7 +61,7 @@ identifiedKexts.append(kextinfo) else: unidentifiedKexts.append(root) # COMMENT THIS OUT IF YOU DON'T CARE ABOUT THIS AND ONLY WANT LOADED KEXTS! # """ kextsThatWillMakeAnAdminCry = {'IdentifiedKexts': identifiedKexts, -
Jul 25, 2017 . 1 changed file with 1 addition and 20 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,33 +1,14 @@ #!/usr/bin/python import json import os import plistlib folderpaths = ['/Applications', '/Users', '/System/Library/Extensions', '/Library'] unidentifiedKexts = [] identifiedKexts = [] # This checks common folder paths for any unloaded Kexts and attempts to give # the same type of info as above. This can take a really long time to finish, -
Jul 25, 2017 . 1 changed file with 44 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -5,14 +5,20 @@ from Foundation import NSBundle import json import objc import os import plistlib import subprocess IOKit = NSBundle.bundleWithIdentifier_('com.apple.framework.IOKit') functions = [('KextManagerCopyLoadedKextInfo', '@@@'), ] objc.loadBundleFunctions(IOKit, globals(), functions) kernel_dict = KextManagerCopyLoadedKextInfo(None, None) folderpaths = ['/Applications', '/Users', '/System/Library/Extensions', '/Library'] unidentifiedKexts = [] identifiedKexts = \ [ { 'Identifier': kernel_dict[kext]['CFBundleIdentifier'], @@ -23,4 +29,40 @@ if not kext.startswith(('__kernel', 'com.apple')) ] # This checks common folder paths for any unloaded Kexts and attempts to give # the same type of info as above. This can take a really long time to finish, # and could really piss people off if you run this more than once. # More notes: # mdfind by default doesn't search hidden paths or application bundles # # kextfind can't traverse folders # # locate takes just as long as os.walk if not longer since we are skipping some # of the folders. If we use locate, the db could also be out of date. # # COMMENT THIS OUT IF YOU DON'T CARE ABOUT THIS. # """ for path in folderpaths: for root, dirnames, filesnames in os.walk(path): if root.endswith('.kext'): infoplist = os.path.join(root, 'Contents/Info.plist') if os.path.isfile(infoplist): kextplistpath = plistlib.readPlist(infoplist) if 'apple' in kextplistpath['CFBundleIdentifier']: continue else: kextinfo = { 'Identifier': kextplistpath['CFBundleIdentifier'], 'KextPath': root, 'Version': kextplistpath['CFBundleVersion'], } identifiedKexts.append(kextinfo) else: unidentifiedKexts.append(root) # COMMENT THIS OUT IF YOU DON'T CARE ABOUT THIS. # """ kextsThatWillMakeAnAdminCry = {'IdentifiedKexts': identifiedKexts, 'UnidentifiedKexts': unidentifiedKexts} print json.dumps(kextsThatWillMakeAnAdminCry, indent=4, sort_keys=True) -
Jul 7, 2017 . 1 changed file with 11 additions and 23 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -12,27 +12,15 @@ kernel_dict = KextManagerCopyLoadedKextInfo(None, None) kextsThatWillMakeAnAdminCry = \ [ { 'Identifier': kernel_dict[kext]['CFBundleIdentifier'], 'KextPath': kernel_dict[kext]['OSBundlePath'], 'Version': kernel_dict[kext]['CFBundleVersion'], } for kext in kernel_dict.keys() if not kext.startswith(('__kernel', 'com.apple')) ] print json.dumps(kextsThatWillMakeAnAdminCry, indent=4, sort_keys=True) -
Jul 7, 2017 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,38 @@ #!/usr/bin/python # Credit to frogor for the objc from Foundation import NSBundle import json import objc IOKit = NSBundle.bundleWithIdentifier_('com.apple.framework.IOKit') functions = [('KextManagerCopyLoadedKextInfo', '@@@'), ] objc.loadBundleFunctions(IOKit, globals(), functions) kernel_dict = KextManagerCopyLoadedKextInfo(None, None) kextsThatWillMakeAnAdminCry = [] for x in kernel_dict.values(): if x['CFBundleIdentifier'] == '__kernel__': continue kextInfo = { 'Identifier': x['CFBundleIdentifier'], 'KextPath': x['OSBundlePath'], 'Version': x['CFBundleVersion'], } try: if x['OSBundlePath'].startswith('/Applications'): kextsThatWillMakeAnAdminCry.append(kextInfo) elif x['OSBundlePath'].startswith('/Library'): kextsThatWillMakeAnAdminCry.append(kextInfo) elif x['OSBundlePath'].startswith('/System'): if 'apple' not in x['CFBundleIdentifier']: kextsThatWillMakeAnAdminCry.append(kextInfo) else: continue except: # noqa pass print json.dumps(kextsThatWillMakeAnAdminCry, indent=4, sort_keys=True)