Fix the crash bug by only unloading kext if all clients are disconnec…

…ted.

Remove unused kernel control functions.

control-gui/control-gui/kernelControl.m

@@ -99,7 +99,7 @@ -(int)connectToKext
         self.kSocket = -1;
         NSLog(@"[ERROR] Connect failed: %s!\n", strerror(errno));
         return -1;
-    }
+    }    
     return 0;
 }
 

kext/README

@@ -45,10 +45,6 @@ I hope it's useful for you. It is for me.
 If you find/know any other gdb anti-debug tricks, please drop me an email with 
 some details so I can add them to the module.
 
-Note: there is a bug where if the kernel extension is unloaded and you click
-disconnect in the Cocoa GUI a kernel panic will occur. It seems to be a bug
-in kernel control because disconnect does nothing more than close the socket.
-
 Have fun.
 fG!
 

kext/kernel_control.c

@@ -82,7 +82,7 @@ static struct kern_ctl_reg g_ctl_reg = {
 	ctl_disconnect,		  /* called when a connection becomes disconnected */
 	NULL,				  /* ctl_send_func - handles data sent from the client to kernel control - not implemented */
 	ctl_set,			  /* called when the user process makes the setsockopt call */
-	ctl_get			 	  /* called when the user process makes the getsockopt call */
+	NULL			 	  /* called when the user process makes the getsockopt call */
 };
 
 #pragma mark The start and stop functions
@@ -125,37 +125,14 @@ remove_kern_control(void)
         }
         case EBUSY:
         {
-            LOG_ERROR("The kernel control has clients still attached.");
+            LOG_ERROR("The kernel control still has clients attached. Please disconnect them first!");
             return KERN_FAILURE;
         }
         default:
             return KERN_FAILURE;
     }
 }
 
-#pragma mark Queue function(s)
-
-/*
- * get data ready for userland to grab
- * XXX: not being used for anything and only enqueuing the PID
- */
-kern_return_t
-queue_userland_data(pid_t pid)
-{
-    errno_t error = 0;
-
-    if (g_client_ctl_ref == NULL)
-    {
-        return KERN_FAILURE;
-    }
-    error = ctl_enqueuedata(g_client_ctl_ref, g_client_unit, &pid, sizeof(pid_t), 0);
-    if (error)
-    {
-        LOG_ERROR("ctl_enqueuedata failed with error: %d", error);
-    }
-    return error;
-}
-
 #pragma mark Kernel Control handler functions
 
 /*
@@ -192,33 +169,6 @@ ctl_disconnect(kern_ctl_ref ctl_ref, u_int32_t unit, void *unitinfo)
     return 0;
 }
 
-/*
- * send data from kernel to userland
- * XXX: not used here
- */
-static int
-ctl_get(kern_ctl_ref ctl_ref, u_int32_t unit, void *unitinfo, int opt, void *data, size_t *len)
-{
-    int		error = 0;
-	size_t  valsize;
-	void    *buf = NULL;
-	switch (opt)
-    {
-        case 0:
-            valsize = 0;
-            break;
-        default:
-            error = ENOTSUP;
-            break;
-    }
-    if (error == 0)
-    {
-        *len = valsize;
-        if (data != NULL) bcopy(buf, data, valsize);
-    }
-    return error;
-}
-
 /*
  * send data from userland to kernel
  * this is how userland apps adds and removes apps to be suspended

kext/kernel_control.h

@@ -44,6 +44,5 @@
 
 kern_return_t install_kern_control(void);
 kern_return_t remove_kern_control(void);
-kern_return_t queue_userland_data(pid_t pid);
 
 #endif

kext/onyx_the_black_cat.c

@@ -91,14 +91,18 @@ onyx_the_black_cat_start (kmod_info_t * ki, void * d)
 kern_return_t 
 onyx_the_black_cat_stop (kmod_info_t * ki, void * d) 
 {
+	// remove the kernel control socket
+    if (remove_kern_control() != KERN_SUCCESS)
+    {
+        return KERN_FAILURE;
+    }
+
     // remove all sysent hijacks
 	cleanup_sysent();
     // remove any patches
     patch_resume_flag(DISABLE);
     patch_task_for_pid(DISABLE);
     patch_kauth(DISABLE);
-	// remove the kernel control socket
-    remove_kern_control();
     // ALL DONE
 	return KERN_SUCCESS;
 }