Kernel Task

The kernel_task is XNU's task object which abstracts the kernel itself. As a task object, it contains the ports used by the kernel: threads, virtual memory, exception and others. Unlike other task objects, however, it does not have a mapping to a BSD process. Thus, the corresponding PID for the kernel is PID 0.

The kernel_task is accessible by a variety of means in OS X's XNU. In iOS, however, Apple do their damnedest to keep anyone from obtaining the task port. This is because, given the kernel_task, various task APIs can be called to manipulate it. Chief amongst those would be virtual memory APIs (e.g. mach_vm_read and mach_vm_write) which compromise system security and allow various forms of injection. Whereas in OS X the processor set APIs can list all tasks, the same APIs in iOS leave out the kernel task.

Using /usr/libexec/stackshot (with the -i command line switch) it is possible to get a snapshot of all tasks on the system, including the kernel_task. Apple is well aware of this, which is likely why the daemon has disappeared from iOS 5. It is possible, however, to copy the iOS 4 daemon to an iOS 5 system, or simply compile stackshot, whose source is fairly simple. The output is similar to the following:

PID: 0 (kernel_task) Thread ID: 0x1 State: 9 - waiting Uninterruptible Continuation: 0x8005aa29 (vm_pageout_continue...) Thread ID: 0x2 State: 132 - running Idling processor Continuation: 0x800228d5 Thread ID: 0x3 State: 9 - waiting Uninterruptible Continuation: 0x8001f3f9 Thread ID: 0x4 State: 9 - waiting Uninterruptible Continuation: 0x80029c9d Thread ID: 0x5 State: 9 - waiting Uninterruptible Continuation: 0x80029e6d Thread ID: 0x6 State: 9 - waiting Uninterruptible Continuation: 0x8002c2c9 Thread ID: 0x7 State: 9 - waiting Uninterruptible Frames:   4 kernel 0 user Return Addr    Frame Ptr 0x80021f61     0xc5a83f48 0x80021623     0xc5a83f70 0x8002eef1     0xc5a83fa8 0x8007b37c     0x0

...