Re: [PATCH v6 0/6] MR6866: ntdll: On macOS x86_64, swap GSBASE between the TEB and macOS TSD when entering/leaving PE code.

On Mon Mar 24 15:18:34 2025 +0000, Jinoh Kang wrote:

We can probably check that the `_thread_set_tsd_base` machine code matches the expected byte sequence. We can either dynamically extract the syscall number, or hard-code it and check against the system value.

Regarding XNU syscalls, they have been historically sort of stable AFAICT and even when a new syscall gets added that supersedes the previous one (like `mach_msg_trap` vs `mach_msg2_trap`) either the previous one stops existing or returns an error value, but they are not recycled and sometimes even kept forward-compatible for a while.

Probably hard-coding and checking at compile time against `sys/syscall.h` will be sufficient here I would guess.