Inspecting kernel memory
Inspecting kernel memory
- Subject: Inspecting kernel memory
- From: email@hidden
- Date: Sun, 06 Mar 2011 03:18:19 +1100
| Hi,
I'm developing a program that needs to inspect kernel memory. I expected to use task_for_pid() and to get the kernel task and then mach_vm_* to access the kernel VM regions, but I'm getting failures from task_for_pid(). I've read a bunch of mailing list posts regarding this and got the impression that maybe I needed to use the Authorization Services API to request the right first, and do all the code-signing stuff, but I'm running this program as root and everything I've read suggests that I shouldn't need to request rights if the process is running as root. Is this the case with accessing the kernel? Have I misunderstood something horribly?
Here's my test case: #include <mach/mach.h> #include <stdio.h> #include <unistd.h> #include <err.h>
int main (int argc, const char * argv[]) { kern_return_t ret; mach_port_name_t kernel_task;
printf("euid: %d\n", geteuid());
ret = task_for_pid(mach_task_self(), 0, &kernel_task); if(ret == KERN_SUCCESS) { printf("success\n"); } else { printf("task_for_pid failed: %s\n", mach_error_string(ret)); }
return 0; }
bash-3.2# ./test euid: 0 task_for_pid failed: (os/kern) failure
Thanks, Snare.
|
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden