Re: How to get the slide of another process
On 5 Apr 2012, at 23:05, Joseph Ranieri wrote:
On Thu, Apr 5, 2012 at 11:49 AM, Gerriet M. Denkmann <gerriet@mdenkmann.de> wrote:
On 5 Apr 2012, at 15:31, Quinn The Eskimo! wrote:
On 4 Apr 2012, at 12:28, Gerriet M. Denkmann wrote:
Given a normal app (NOT a kext) (which might run as root if necessary) and the pid of another process, how to I get the slide of it?
One way to do it--and I'm certainly not sure that this is the best way--is to find dyld and then use the dyld debug interface to find all the images in the process.
Could you be a bit more specific?
I don't know how to "find dyld". Do you mean find a memory region starting at 'a' where proc_regionfilename( pid, a, ... ) gives: "/usr/lib/dyld" ?
If so, there are typically about half a dozen of those.
And where (in which header file?) is the "dyld debug interface" documented?
Basically you need to find dyld_all_image_infos in the remote process. gdb uses task_info passing in TASK_DYLD_INFO to get the address. lldb also has to find the symbol, but I'm not certain how it does it and couldn't find it quickly in the source code.
I got this (all error checking omitted for brevity): kern_return_t kr; task_name_t target_task = mach_task_self(); task_flavor_t flavor = TASK_DYLD_INFO; task_dyld_info_data_t infoData; mach_msg_type_number_t task_info_outCnt = TASK_DYLD_INFO_COUNT; kr = task_info ( target_task, flavor, (task_info_t)&infoData, &task_info_outCnt ); struct dyld_all_image_infos *allImageInfos = (struct dyld_all_image_infos *)infoData.all_image_info_addr; uintptr_t sharedCacheSlide = allImageInfos->sharedCacheSlide; This of course crashes at the last line, when I replace mach_task_self() with: task_for_pid(..., pid,...) because now infoData.all_image_info_addr will be an address not in my address space but in the address space of process "pid".
Once you've found the address, it's fairly trivial to read from it via the Mach APIs.
Could you tell me what function I should use? It sure might be trivial, but I am quite clueless. Kind regards, Gerriet. _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.... This email sent to site_archiver@lists.apple.com
participants (1)
-
Gerriet M. Denkmann