• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: IPC Eavesdropping
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPC Eavesdropping

  • Subject: Re: IPC Eavesdropping
  • From: Alastair Houghton <email@hidden>
  • Date: Sat, 15 Nov 2003 21:21:54 +0000
On 15 Nov 2003, at 20:19, Matthew Cox wrote:

> I'm trying to eavesdrop on chatter between a program and a daemon.
> Both of these programs are processes belonging to my user, so its not
> an attempt to bypass security mechanisms. Specifically, I'm trying to
> decode the communication between Microsoft's MSN Messenger application
> and its daemon. I've written a simple man in the middle application
> that monitors and logs launch arguments and communication on the stdio
> channels.
>
> The daemon is being launch with the following arguments:
>
> "/Applications/dMSN Messenger.app/Contents/SharedSupport/MSN Messenger
> Daemon",
> "-psn_0_2621441"
>
> The second argument is variable, but always of the form
> "-psn_0_<seven-digit-decimal-integer>" My instinct is telling me that
> this is probably a mach port address for IPC, but I might be wrong.
> Does anyone have any idea what this represents, and how I can an
> intercept it?

I don't know if it's implemented as a Mach port, but I think it's the
process serial number (as used in Carbon's Process Manager). See e.g.
GetCurrentProcess() for more information.

If you want to intercept communications between the two, you probably
want to inject code into one or other application to hook the functions
(or methods) you are interested in. Take a look at

http://rentzsch.com/mach_inject/
mach_injectAndmach_overrideSupportAtExtendamac

for information on how to do this. Note that you only need to use
mach_override() for functions; you can override ObjC stuff with
-poseAsClass:, categories or just using the ObjC runtime, whichever you
prefer.

Kind regards,

Alastair.

[demime 0.98b removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.
  • Follow-Ups:
    • Re: IPC Eavesdropping
      • From: Matthew Cox <email@hidden>
References: 
 >IPC Eavesdropping (From: Matthew Cox <email@hidden>)

  • Prev by Date: Re: Search Hard Drive
  • Next by Date: Re: Search Hard Drive
  • Previous by thread: IPC Eavesdropping
  • Next by thread: Re: IPC Eavesdropping
  • Index(es):
    • Date
    • Thread