Proof-of-concept code for understanding the allow-jit entitlement on macOS.
Internals:
- multiple-regions - Allocates multiple regions with the
MAP_JITflag to demonstrate that theallow-jitentitlement does not limit the number of JIT regions. - different-threads - Demonstrates that
pthread_jit_write_protect_npis thread-specific. - chained-alloc - Allocation of JIT memory from previously-allocated JIT regions.
Shellcode execution:
- sc-loader - A simple shellcode loader (dylib).
- target - A standalone executable that accepts two arguments: the path to a dylib and an exported function name.
- target-allowlist - A variant of
targetwith thejit-write-allowlistentitlement.
For more information, please see our blog post.