In part I of this blog, we discussed how to inspect the sending of Mach messages in kernel-mode perspective. In part II, I will continue to define how to inspect received Mach messages by setting up a kernel inline hook. Let’s get started!

https://www.fortinet.com/blog/threat-research/inspect-mach-messages-in-macos-kernel-mode–part-ii–sniffing-th.html