Hello, i don't agree about APFS: For example, i can't create a 2 Tb empty dmg file with disk utility application. If i create a 64Gb file it takes a lot of time and i think disk utility is writing 64Gb of bytes on disk. Is there another filesystem or tool that can optimize disk space ? Thanks

Thanks for your answer. Are there other files format that can be handled by swift and that can be encrypted ?

You can take this example: Install Arduino IDE application. Don't allow this software to access Documents folder. When you first launch this software, it creates an Arduino folder in Documents folder. I don't think there is a security breach but it is not natural to see an application writing to Documents folder while you did not allow it to access there. My question is why Apple allows a process to write into a TCC restricted folder ?

I am sorry for that. In fact, Virtualization module is not available on iOS and it is really unfortunate...

Thanks for your answer. I think i have an older version of Arduino so the behaviour is not the same, i am sorry. Let's take another example with Terminal: open System Settings/Privacy & Security/Files and Folders; uncheck Terminal for Documents folder; Close Terminal and relaunch it; Try to type "cd Documents", then "ls" -> you will get an error. This is normal because of TCC ; Now try to type "touch Documents/foo" -> it works

Hello, on Silicon, on macOS Sonoma Thanks

Thanks but memory pool is released too for local objects when we leave a function ?

I have seen this sentence in a training. But there are no more details and i do not agree with this sentence. To me, a binary can't be SIP protected. Some folders can be SIP protected but not the binary itself. I would like to know if i am wrong. Thanks

@eskimo my question was not about PIE. I agree with you about PIE but this is not my question ;) My question is about ASLR and lldb: How lldb manages to disable ASLR for a given binary. Thanks

Thanks for your answer. In fact, i want to know how debugger does this. I have inspect lldb source code but i did not found...

Thanks a lot. I have read ton of documentations since yesterday. I have understood Mach APIs. There is one more thing i need: I am able to add/remove an hardware breakpoint with thread_set_state but i am not able to let the program continue, even with thread_resume. Any idea ?

Because I want to comply with Apple standards ;)

Here is my gcc version: Apple clang version 15.0.0 (clang-1500.0.40.1) How can i do a LC_LOAD_DYLIB linking instead of LC_LOAD_WEAK_DYLIB with this version of gcc ? thanks

As I said I know this is not a good practice. I would like to know how I can do that on Sonoma... Thanks anyway

What i've is it will be very hard for and endpoint security software editor to create kernel extensions (kext). Do you agree we need to create a kext when working with ES ? Or is there a way to create hooks without writing a custom kext ? Thanks