I have a closed-source 3rd party program, and I want to be able to
我有一个闭源第三方程序,我希望能够
- Know what memory is allocated to the program
- Access that memory (read only is fine)
知道为程序分配了什么内存
访问该内存(只读是好的)
Utilities like vmmap(1), heap(1), and leaks(1) seem to have similar functionality to what I need, but I can't find their source anywhere (the OS X versions) and can't figure out how they work. Preferably, this would all be done in user-space, possibly running as root, I don't want to write kernel code for the purpose of bypassing memory protection if I can avoid it.
像vmmap(1),heap(1)和leaks(1)这样的实用程序似乎具有与我需要的功能类似的功能,但是我无法在任何地方找到它们的源代码(OS X版本)并且无法弄清楚它们是如何实现的工作。优选地,这将全部在用户空间中完成,可能以root身份运行,如果我可以避免,我不想编写内核代码以绕过内存保护。
I tried using shared memory passing the address of what I want to read as the 2nd argument to shmat(2), but this was ultimately unsuccessful (and probably not its intended usage and/or bad practice) and still left me without a way to determine what memory I'm looking for anyway (the program who owned the memory had to report its address to me).
我尝试使用共享内存传递我想要读取的地址作为shmat(2)的第二个参数,但这最终是不成功的(可能不是它的预期用法和/或不良做法)并且仍然没有办法确定我正在寻找什么样的内存(拥有内存的程序必须向我报告其地址)。
Is there a way to just disable memory protection for a certain program so that it won't segfault when it tries to read/write memory that is allocated to a different process? Is there a better way that wouldn't enable bugs to seriously corrupt my entire system?
有没有办法只是禁用某个程序的内存保护,以便它在尝试读/写分配给不同进程的内存时不会出现段错误?有没有更好的方法不会使错误严重破坏我的整个系统?
How is this achieved?
这是如何实现的?
2 个解决方案
#1
3
I don't have access to an OS X machine, but this looks very similar to what you're trying to do:
我无法访问OS X计算机,但这与您尝试执行的操作非常相似:
Reading Other Process' Memory in OS X?
在OS X中读取其他进程的内存?
Here's an archive of the link that doesn't work:
这是一个不起作用的链接存档:
#2
3
Basically, this guy is right.
基本上,这家伙是对的。
Go download the source code that accompanies this book and see vm_rw_master.c of example 8-16 for a working implementation.
请下载本书附带的源代码,并参阅示例8-16的vm_rw_master.c以获取有效的实现。
See http://web.mit.edu/darwin/src/modules/xnu/osfmk/man/ for documentation, it's slightly outdated, and questionably correct, but it's the best available.
有关文档,请参阅http://web.mit.edu/darwin/src/modules/xnu/osfmk/man/,它有点过时,并且可疑的是正确的,但它是最好的。
EDIT: Also, see http://lightbulbone.com/2011/05/dumping-process-memory-on-mac-os-x/ (note that the task who owns memory you are trying to read does NOT need to be a child of the process trying to do the reading, you just need to have the proper authorization.)
编辑:另外,请参阅http://lightbulbone.com/2011/05/dumping-process-memory-on-mac-os-x/(请注意,您尝试阅读的拥有内存的任务不需要是尝试阅读的过程的孩子,你只需要有适当的授权。)
EDIT: Also, see http://os-tres.net/blog/2010/02/17/mac-os-x-and-task-for-pid-mach-call/ for a good example of authorization.
编辑:另外,请参阅http://os-tres.net/blog/2010/02/17/mac-os-x-and-task-for-pid-mach-call/以获得授权的良好示例。
#1
3
I don't have access to an OS X machine, but this looks very similar to what you're trying to do:
我无法访问OS X计算机,但这与您尝试执行的操作非常相似:
Reading Other Process' Memory in OS X?
在OS X中读取其他进程的内存?
Here's an archive of the link that doesn't work:
这是一个不起作用的链接存档:
#2
3
Basically, this guy is right.
基本上,这家伙是对的。
Go download the source code that accompanies this book and see vm_rw_master.c of example 8-16 for a working implementation.
请下载本书附带的源代码,并参阅示例8-16的vm_rw_master.c以获取有效的实现。
See http://web.mit.edu/darwin/src/modules/xnu/osfmk/man/ for documentation, it's slightly outdated, and questionably correct, but it's the best available.
有关文档,请参阅http://web.mit.edu/darwin/src/modules/xnu/osfmk/man/,它有点过时,并且可疑的是正确的,但它是最好的。
EDIT: Also, see http://lightbulbone.com/2011/05/dumping-process-memory-on-mac-os-x/ (note that the task who owns memory you are trying to read does NOT need to be a child of the process trying to do the reading, you just need to have the proper authorization.)
编辑:另外,请参阅http://lightbulbone.com/2011/05/dumping-process-memory-on-mac-os-x/(请注意,您尝试阅读的拥有内存的任务不需要是尝试阅读的过程的孩子,你只需要有适当的授权。)
EDIT: Also, see http://os-tres.net/blog/2010/02/17/mac-os-x-and-task-for-pid-mach-call/ for a good example of authorization.
编辑:另外,请参阅http://os-tres.net/blog/2010/02/17/mac-os-x-and-task-for-pid-mach-call/以获得授权的良好示例。