Search code examples
c++kernelreverse-engineeringdevice-drivermagic-mouse

Reverse Engineering an Apple Kext - Reconstructing the Class


Greetings!

I am currently attempting to extend the functionality of the Magic Mouse. To do this, I am hoping to write a kext that intercepts events from the multitouch driver, AppleMultitouchDriver.kext, interprets them, and either dispatches new events or forwards the actual event. This approach is similar to the approach used by DoubleCommand.

I have already created a small test kext that intercepts the mouse events (click, motion, etc) as that will be needed also.

The problem I am having now is that I am unable to intercept the events from the AppleMultitouchDevice and/or AppleMultitouchHIDEventDriver objects because there is no class definition for them. I need to be able to reassign the pointer to the callback function as I do in the mouse interceptor and as is done in DoubleCommand. As far as I know, this means I need to reconstruct the AppleMultitouchDevice class. I already am able to get a reference to the instance of the AppleMultitouchDevice object, so I just need to be able to cast it and use it.

Now that you have the background, here are my direct questions:

  • What methods do I need to use in order to reverse engineer the kext or reconstruct the classes in question?
  • What programs are available that will assist me in this effort?
  • Are there any tutorials or e-books that focus on this particular topic that you know of?
  • Is it possible for me to reassign the callback pointer without actually reconstructing the entire class?
  • Anything else I may have missed as I am so very new to this.

Thanks in advance for any advice or assistance!!


Solution

  • I've managed to find what I needed. Now all it will take is time and effort. :)