Re: How to get the slide of another process
Re: How to get the slide of another process
- Subject: Re: How to get the slide of another process
- From: Joseph Ranieri <email@hidden>
- Date: Thu, 05 Apr 2012 12:05:38 -0400
On Thu, Apr 5, 2012 at 11:49 AM, Gerriet M. Denkmann
<email@hidden> wrote:
>
> On 5 Apr 2012, at 15:31, Quinn The Eskimo! wrote:
>
>> On 4 Apr 2012, at 12:28, Gerriet M. Denkmann wrote:
>>
>>> Given a normal app (NOT a kext) (which might run as root if necessary) and the pid of another process, how to I get the slide of it?
>>
>> One way to do it--and I'm certainly not sure that this is the best way--is to find dyld and then use the dyld debug interface to find all the images in the process.
>
> Could you be a bit more specific?
>
> I don't know how to "find dyld".
> Do you mean find a memory region starting at 'a' where proc_regionfilename( pid, a, ... ) gives: "/usr/lib/dyld" ?
>
> If so, there are typically about half a dozen of those.
>
> And where (in which header file?) is the "dyld debug interface" documented?
>
> Sorry for being so clueless.
>
>
> Kind regards,
>
> Gerriet.
Basically you need to find dyld_all_image_infos in the remote process.
gdb uses task_info passing in TASK_DYLD_INFO to get the address. lldb
also has to find the symbol, but I'm not certain how it does it and
couldn't find it quickly in the source code.
Once you've found the address, it's fairly trivial to read from it via
the Mach APIs. Just keep in mind that you might be inspecting a 32-bit
process from a 64-bit process or the other way around.
-- Joe Ranieri
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden