site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com JP On 14 Feb 2006, at 14:51, William Riley-Land wrote: So, my main question is where can I find that sort of information? _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... This is definitely possible, and relatively easy* to do. However, it is quite dangerous. You have a couple of options: 1) Load the code into the target application at launch (using some sort of plugin), or inject code into another running application at some later time. To do the first, you should ask the APE or SIMBL people how they do it. WARNING: This is a good way to get a huge number of people to hate your software, since it will potentially damage other unrelated applications. i.e. your code will not be loaded into the target application, but rather into *every* application. 2) Use mach_inject/mach_override. This is where Alex's security hole comes in. the microkernel for Mac OS X/Darwin allows for running applications to start execution threads (mach threads, not posix threads) in a task other than its own (another application). WARNING: This is a good way to totally hose the target application, but won't affect anything else. WARNING: This will break with (more or less) every major Darwin/Mac OS X release. WARNING: This may be a security hole and will be patched eventually. Technically speaking, this is not a security hole since it cannot be used to escalate privileges. All it can do is allow a user to alter his/her/its own processes. Since a user owns his/her/its own processes, this is not security related. It does violate "protected memory", but "protected" means that one application cannot unintentionally corrupt another's workspace, it has nothing to do with security. See http://rentzsch.com/mach_inject and http://rentzsch.com/mach_override for more information. P.S. If any of the above is a security risk (which its not), then keeping it secret (but freely available elsewhere) is totally meaningless. P.P.S. *When I say easy, I mean ridiculously obtuse and prohibitively complex. Hi, I haven't posted here before. So, nice to meet you all and hope this isn't off topic :) I was wondering if it is possible at all for one userland application to access another application's memory space. By "userland" I mean non-kernel code... that's the correct term right? I had a program under OS 9 that could be used to do this (mostly to cheat at games :) I understand that under Darwin memory is "protected" and one application can only use its memory space and/or shared memory (which I have no idea about at all). Anyway, my secondary question is: can one application access another's memory? I am dissapointed that I have to ask this question, but I could not find any sort of in-depth documentation of Darwin's memory management on the Apple site or after doing a bit of Googling... -- -william _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/jpell.lists% 40mac.com This email sent to jpell.lists@mac.com -- "... was it a dream where you see yourself standing in sort-of Sun- God robes, on a pyramid, with a thousand naked women screaming and throwing little pickles at you? ... Why am I the only one who has that dream?" This email sent to site_archiver@lists.apple.com