Book Review: "*OS Internals Volume I: User Space"
"*OS Internals Volume I: User Space" by Jonathan Levin is incredible research in the Apple ecosystem. This text should be considered official Apple documentation at this point, as it is so crucial and sorely needed by the different operating systems. This is a massive tome of missing documentation, which will be life saving if you are doing any kind of deep dive and have run out of existing documentation (which isn't much). All of that is to say, the technical depth and descriptions provided by this book are found nowhere else. This book describes much of the theory, architecture, and technical implementation behind Apple operating systems. That said, it's kind of narrow in it's focus, so make sure it covers the topics you need. Jonathan is incredibly technical and graceful in how he communicates this to his audience, using a plethora of tables, charts, and diagrams to paint a simple picture of complex operating system topics. The book is costly at $75 on Amazon but is kept up to date with small batch prints, and currently sits around 540 pages. Ultimately I give this one 7 out of 10 stars because I think it's slightly less applicable for hackers, compared to volume III. I would use this one more like extra documentation, to look up specific technology or api calls. I recommend this book to hackers and developers taking a deep look at the macOS or iOS operating systems. There aren't enough documents out there and this book is well worth the cost if it can help shed some extra light on a topic you looking into. While this is the first volume of the trilogy, this is the second one I've reviewed. Likewise, I've given this lower marks than the first book as I thought that one was more interesting to hackers, with the security focus. This one felt more like straight operating system documentation, which was a different focus. If your looking to save money, get the other one first to see if you like this style, as there is a ton of content here. Personally I would use this more as a lookup manual as opposed to reading it cover to cover, just because it goes so deep on each topic (Lessons learned after reading it cover to cover). The following are the chapters of the book, so you can see if there are any specific topics you are interested in.
Chapter 1 - Darwinism: The Evolution of *OS
Chapter 2 - E Pluribus Unum: Architecture of *OS
Chapter 3 - Promenade: A tour of the *OS Filesystems
Chapter 4 - Experience Points: UX and System Services
Chapter 5 - Automatic for the People: Application Services
Chapter 6 - Ex Machina: The Mach-O File format
Chapter 7 - In the Darkness, Bind Them: dyld internals
Chapter 8 - Parts of the Process: Threads and the Grand Central Dispatcher
Chapter 9 - In Memoriam: Process Memory Management
Chapter 10 - CFRun - RunLoopRun: The Runtime Environments
Chapter 11 - The Message is the Medium: Mach IPC (the user mode view)
Chapter 12 - Mecum Porto: Mach Primitives
Chapter 13 - The Alpha & Omega: Launchd
Chapter 14 - X is not a Procedure Call: XPC internals
Chapter 15 - Follow Me: Process Tracing and Debugging
Chapter 16 - HeT-Work: Darwin Networking
The first three chapters really help frame the overall picture for how *OS operates. The following chapters deep dive on specific topics, going into extreme depth with the system calls associated with each service or component. This text would have been immensely helpful when I was doing my mach-o research. The chapter on the mach-o file format goes well beyond what is out there publicly, documents that I could have really used, including diagrams that show the LinkEdit segment that I couldn't find documented previously. This was a great litmus test for me, for just how deep this book goes beyond any other documentation out there publicly. Jonathan also has his dedicated site, and hidden OS X forum still, resources you don't want to skip over if your looking for more *OS resources! This review also comes just in time as it looks like he plans on finishing Volume II this upcoming month, which will complete the series. But there really is a ton of content in this book, at 540 pages and it doesn't read quickly despite the tables and graphics. It's deeply technical content and reads slowly, often involving code or obscure system api calls. Below I've included Jonathan's most recent conference talk, which focuses on the history of iOS jail breaking. While the book doesn't have much jail breaking in it (unlike Volume 3), the book does focus on *OS, which is both macOS and iOS, so all of this is very applicable: