• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: How to get the slide of another process
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to get the slide of another process

  • Subject: Re: How to get the slide of another process
  • From: "Gerriet M. Denkmann" <email@hidden>
  • Date: Fri, 06 Apr 2012 15:37:04 +0700
On 5 Apr 2012, at 23:05, Joseph Ranieri wrote:

> On Thu, Apr 5, 2012 at 11:49 AM, Gerriet M. Denkmann
> <email@hidden> wrote:
>>
>> On 5 Apr 2012, at 15:31, Quinn The Eskimo! wrote:
>>
>>> On 4 Apr 2012, at 12:28, Gerriet M. Denkmann wrote:
>>>
>>>> Given a normal app (NOT a kext) (which might run as root if necessary) and the pid of another process, how to I get the slide of it?
>>>
>>> One way to do it--and I'm certainly not sure that this is the best way--is to find dyld and then use the dyld debug interface to find all the images in the process.
>>
>> Could you be a bit more specific?
>>
>> I don't know how to "find dyld".
>> Do you mean find a memory region starting at 'a' where proc_regionfilename( pid, a, ... ) gives: "/usr/lib/dyld" ?
>>
>> If so, there are typically about half a dozen of those.
>>
>> And where (in which header file?) is the "dyld debug interface" documented?
>
> Basically you need to find dyld_all_image_infos in the remote process.
> gdb uses task_info passing in TASK_DYLD_INFO to get the address. lldb
> also has to find the symbol, but I'm not certain how it does it and
> couldn't find it quickly in the source code.

I got this (all error checking omitted for brevity):

kern_return_t kr;
task_name_t target_task = mach_task_self();
task_flavor_t flavor = TASK_DYLD_INFO;
task_dyld_info_data_t infoData;
mach_msg_type_number_t task_info_outCnt = TASK_DYLD_INFO_COUNT;
kr = task_info	(	target_task,
					flavor,
					(task_info_t)&infoData,
					&task_info_outCnt
				);
struct dyld_all_image_infos *allImageInfos = (struct dyld_all_image_infos *)infoData.all_image_info_addr;
uintptr_t sharedCacheSlide = allImageInfos->sharedCacheSlide;

This of course crashes at the last line, when I replace mach_task_self() with: task_for_pid(..., pid,...) because now infoData.all_image_info_addr will be an address not in my address space but in the  address space of process "pid".

>
> Once you've found the address, it's fairly trivial to read from it via the Mach APIs.

Could you tell me what function I should use? It sure might be trivial, but I am quite clueless.


Kind regards,

Gerriet.


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >How to get the slide of another process (From: "Gerriet M. Denkmann" <email@hidden>)
 >Re: How to get the slide of another process (From: "Quinn \"The Eskimo!\"" <email@hidden>)
 >Re: How to get the slide of another process (From: "Gerriet M. Denkmann" <email@hidden>)
 >Re: How to get the slide of another process (From: Joseph Ranieri <email@hidden>)

  • Prev by Date: Re: How to get the slide of another process
  • Next by Date: Re: How to get the slide of another process
  • Previous by thread: Re: How to get the slide of another process
  • Next by thread: Re: How to get the slide of another process
  • Index(es):
    • Date
    • Thread