int main(int argc, const char * argv[]) {
int pid = get_process("csgo_osx");
printf("The pid is %i\n", pid);
uint32_t * imgBase[2];
const char * a[2] = {"/client.dylib", "/engine.dylib"};
task_for_pid(current_task(), getpid(), ¤t);
csgo = get_client_module_info(current_task(), current_task(), pid, imgBase, a, 2);
task_for_pid(current_task(), getpid(), ¤t);
clientBase = * imgBase;
engineBase = * (imgBase + 1);
// collect info
int iTeamNum;
uint32_t glowObjectLoopStartAddress;
localbaseInformation(clientBase, &iTeamNum);
glowInfo(clientBase, &glowObjectLoopStartAddress);
printf("glow loop address is 0x%x", glowObjectLoopStartAddress);
// Apply Glow
while (1) {
localbaseInformation(clientBase, &iTeamNum);
readPlayerPointAndHealth(clientBase, glowObjectLoopStartAddress, iTeamNum);
//break;
usleep(20000);
}
return 0;
}
task_t pid_to_task(int pid) {
static task_t old_pid = -1;
static task_t old_task = -1;
task_t task = -1;
int err;
/* xlr8! */
if (old_task != -1 && old_pid == pid)
return old_task;
err = task_for_pid (mach_task_self (), (pid_t)pid, &task);
if ((err != KERN_SUCCESS) || !MACH_PORT_VALID (task)) {
task = task_for_pid_workaround (pid);
if (task == -1) {
eprintf ("Failed to get task %d for pid %d.\n", (int)task, (int)pid);
eprintf ("Reason: 0x%x: %s\n", err, (char *)MACH_ERROR_STRING (err));
eprintf ("You probably need to run as root or sign the binary.\n"
" Read doc/ios.md || doc/osx.md\n"
" make -C binr/radare2 ios-sign || osx-sign\n");
return -1;
}
}
old_pid = pid;
old_task = task;
return task;
}
static mach_vm_address_t
RegionContainingAddress(mach_vm_address_t aAddress)
{
mach_port_t task;
kern_return_t kr = task_for_pid(mach_task_self(), getpid(), &task);
if (kr != KERN_SUCCESS) {
return 0;
}
mach_vm_address_t address = aAddress;
mach_vm_size_t size;
vm_region_basic_info_data_64_t info;
mach_msg_type_number_t count = VM_REGION_BASIC_INFO_COUNT_64;
mach_port_t object_name;
kr = mach_vm_region(task, &address, &size, VM_REGION_BASIC_INFO_64,
reinterpret_cast<vm_region_info_t>(&info), &count,
&object_name);
if (kr != KERN_SUCCESS || size == 0
|| address > aAddress || address + size <= aAddress) {
// mach_vm_region failed, or couldn't find region at given address.
return 0;
}
return address;
}
static int
kextisloaded(char * kextname)
{
mach_port_t kernel_port;
kmod_info_t *k, *loaded_modules = 0;
int err, loaded_count = 0;
/* on error return not loaded - to make loadsmbvfs fail */
err = task_for_pid(mach_task_self(), 0, &kernel_port);
if (err) {
fprintf(stderr, "%s: %s: %s\n", __progname,
"unable to get kernel task port",
mach_error_string(err));
return (0);
}
err = kmod_get_info(kernel_port, (void *)&loaded_modules,
&loaded_count); /* never freed */
if (err) {
fprintf(stderr, "%s: %s: %s\n", __progname,
"kmod_get_info() failed",
mach_error_string(err));
return (0);
}
for (k = loaded_modules; k; k = k->next ? k+1 : 0)
if (!strcmp(k->name, kextname))
return (1);
return (0);
}
// fG - 10/03/2011
// CLEANME
EXPORT
BOOL StartProcess(DWORD dwProcessId)
{
// int error = 0;
// printf("[DEBUG] Calling PT_CONTINUE %d!\n",(int)dwProcessId);
//// error = ptrace(PT_CONTINUE, dwProcessId, (char *) 1, 0);
// kill(target_pid, SIGCONT);
// if errno printf("Errno: %s\n", strerror(errno));
// fflush(stdout);
// return(error);
//
task_t targetTask;
mach_port_t me = mach_task_self();
thread_act_port_array_t thread_list;
mach_msg_type_number_t thread_count,i;
kern_return_t kr;
task_for_pid(me, target_pid, &targetTask);
kr = task_threads(targetTask, &thread_list, &thread_count);
if (thread_count > 0)
{
i = thread_count;
printf("[INFO] Available threads:\n");
while (i--)
{
printf("[%d] %d\n", i, thread_list[i]);
resume_thread(thread_list[i]);
}
}
return(0);
}
TargetInfo::TargetInfo(pid_t pid, const char *executable)
{
// Process
m_pid = pid;
m_executable = executable;
// Configuration
m_threaded_rts = IsThreadedRTS(executable);
m_profiling_rts = IsProfilingRTS(executable);
m_is_64_bit = IsProcess64Bit(pid);
// Extract name of the executable module
const char *module_name = &executable[std::strlen(executable) - 1];
while (module_name != executable)
{
if (* module_name == '/')
{
module_name++;
break;
}
module_name--;
}
m_module = module_name;
// We need a port for the task to be debugged
if (task_for_pid(mach_task_self(), pid, &m_task_port) != KERN_SUCCESS)
assert(!"Can't get port for task");
}
task_impl::usage_info task_impl::process_task_data()
{
task_t task;
auto ret = task_for_pid( mach_task_self(), m_pid, &task );
if( ret != KERN_SUCCESS )
{
BOOST_THROW_EXCEPTION( err::sys_api_error()
<< err::description( fmt::format(
"task_for_pid({}) failed", m_pid ) )
<< err::mach_error( ret ) );
}
struct task_basic_info_64 ti;
mach_msg_type_number_t count;
count = TASK_BASIC_INFO_64_COUNT;
ret = task_info( task, TASK_BASIC_INFO_64, (task_info_t)&ti, &count );
if( ret != KERN_SUCCESS )
{
BOOST_THROW_EXCEPTION(
err::sys_api_error()
<< err::description( fmt::format( "task_info({}) failed", m_pid ) )
<< err::mach_error( ret ) );
}
m_real_mem_size = ti.resident_size;
m_virtual_mem_size = ti.virtual_size;
return std::make_tuple( to_timeval( ti.user_time ),
to_timeval( ti.system_time ) );
}
static void
readmem(mach_vm_offset_t *buffer, mach_vm_address_t address, mach_vm_size_t size, pid_t pid, vm_region_basic_info_data_64_t *info)
{
// get task for pid
vm_map_t port;
kern_return_t kr;
if (task_for_pid(mach_task_self(), pid, &port))
{
fprintf(stderr, "[ERROR] Can't execute task_for_pid! Do you have the right permissions/entitlements?\n");
exit(1);
}
mach_msg_type_number_t info_cnt = sizeof (vm_region_basic_info_data_64_t);
mach_port_t object_name;
mach_vm_size_t size_info;
mach_vm_address_t address_info = address;
kr = mach_vm_region(port, &address_info, &size_info, VM_REGION_BASIC_INFO_64, (vm_region_info_t)info, &info_cnt, &object_name);
if (kr)
{
fprintf(stderr, "[ERROR] mach_vm_region failed with error %d\n", (int)kr);
exit(1);
}
// read memory - vm_read_overwrite because we supply the buffer
mach_vm_size_t nread;
kr = mach_vm_read_overwrite(port, address, size, (mach_vm_address_t)buffer, &nread);
if (kr || nread != size)
{
fprintf(stderr, "[ERROR] vm_read failed!\n");
exit(1);
}
}
int main() {
mach_port_t process_to_write;
kern_return_t error;
if(getuid() && geteuid()) {
printf("You need to be root to vm_write!\n");
} else{
error = task_for_pid(mach_task_self(), PID, &process_to_write);
if ((error != KERN_SUCCESS) || !MACH_PORT_VALID(process_to_write)) {
printf("Error getting the process!\n");
}
mach_port_name_t task;
vm_map_offset_t vmoffset;
vm_map_size_t vmsize;
uint32_t nesting_depth = 0;
struct vm_region_submap_info_64 vbr;
mach_msg_type_number_t vbrcount = 16;
kern_return_t kr;
if ((kr = mach_vm_region_recurse(process_to_write, &vmoffset, &vmsize,
&nesting_depth,
(vm_region_recurse_info_t)&vbr,
&vbrcount)) != KERN_SUCCESS)
{
printf("Error");
}
printf("%p\n", (void *) (uintptr_t)vmoffset);
}
return 0;
}
// suspend all available threads in a given pid
int
suspend_all_threads(pid_t target_pid)
{
#if DEBUG
printf("[DEBUG] Suspending all threads...\n");
#endif
task_t targetTask;
mach_port_t me = mach_task_self();
thread_act_port_array_t thread_list;
mach_msg_type_number_t thread_count,i;
if(task_for_pid(me, target_pid, &targetTask))
{
fprintf(stderr, "[ERROR] task for pid failed while trying to suspend threads!\n");
fprintf(stderr, "Verify if python has the right procmod permissions!\n");
exit(1);
}
if (task_threads(targetTask, &thread_list, &thread_count))
{
fprintf(stderr, "[ERROR] task_threads failed at %s\n", __FUNCTION__);
exit(1);
}
if (thread_count > 0)
{
i = thread_count;
while (i--)
{
suspend_thread(thread_list[i]);
}
}
return(0);
}
static task_t pid_to_task(int pid) {
task_t task = 0;
static task_t old_task = 0;
static int old_pid = -1;
kern_return_t kr;
if (old_task != 0 && old_pid == pid) {
return old_task;
} else if (old_task != 0 && old_pid != pid) {
//we changed the process pid so deallocate a ref from the old_task
//since we are going to get a new task
kr = mach_port_deallocate (mach_task_self (), old_task);
if (kr != KERN_SUCCESS) {
eprintf ("pid_to_task: fail to deallocate port\n");
return 0;
}
}
int err = task_for_pid (mach_task_self (), (pid_t)pid, &task);
if ((err != KERN_SUCCESS) || !MACH_PORT_VALID (task)) {
task = task_for_pid_workaround (pid);
if (task == MACH_PORT_NULL) {
task = task_for_pid_ios9pangu (pid);
if (task != MACH_PORT_NULL) {
//eprintf ("Failed to get task %d for pid %d.\n", (int)task, (int)pid);
//eprintf ("Missing priviledges? 0x%x: %s\n", err, MACH_ERROR_STRING (err));
return -1;
}
}
}
old_task = task;
old_pid = pid;
return task;
}
//--------------------------------------------------------------------------
int idaapi macbase_debmod_t::get_process_list(procvec_t *list)
{
list->clear();
int mypid = getpid();
int sysControl[4];
sysControl[0] = CTL_KERN;
sysControl[1] = KERN_PROC;
sysControl[2] = KERN_PROC_ALL;
qvector<struct kinfo_proc> info;
size_t length;
int count = 0;
int rc = -1;
for ( int tries=0; rc != 0 && tries < 5; ++tries )
{
// the first call of sysctl() is used to determine the size of the buffer
// will be passed to the second call
length = 0;
sysctl(sysControl, 3, NULL, &length, NULL, 0);
// If the number of processes is greater than the size of the buffer
// sysctl() supplies as much data as fits in the buffer and returns ENOMEM.
// We reserve 100 extra elements for processes started after 1st sysctl
// In case even this number is not sufficient we turn to the next attempt
count = (length / sizeof (info[0])) + 100;
if ( count <= 0 )
return 0;
if ( info.size() < count )
info.resize(count);
length = sizeof(info[0]) * info.size();
rc = sysctl(sysControl, 3, info.begin(), &length, NULL, 0);
if ( rc != 0 && errno != ENOMEM )
return 0;
}
count = (length / sizeof (info[0])); // exact number of processes
for ( int i=0; i < count; i++ )
{
extern_proc &ep = info[i].kp_proc;
pid_t _pid = ep.p_pid;
if ( _pid == mypid )
continue;
mach_port_t port;
kern_return_t result = task_for_pid(mach_task_self(), _pid, &port);
if ( result == KERN_SUCCESS )
{
ext_process_info_t &pi = list->push_back();
qstrncpy(pi.name, ep.p_comm, sizeof(pi.name));
pi.pid = _pid;
pi.addrsize = get_process_bitness(_pid);
build_process_ext_name(&pi);
}
else
{
debdeb("%d: %s is unavailable for debugging\n", _pid, info[i].kp_proc.p_comm);
}
}
return list->size();
}
/*
* Return number of threads used by process as a Python integer.
*/
static PyObject*
get_process_num_threads(PyObject* self, PyObject* args)
{
long pid;
int err, ret;
unsigned int info_count = TASK_BASIC_INFO_COUNT;
mach_port_t task;
struct task_basic_info tasks_info;
thread_act_port_array_t thread_list;
mach_msg_type_number_t thread_count;
// the argument passed should be a process id
if (! PyArg_ParseTuple(args, "l", &pid)) {
return NULL;
}
/* task_for_pid() requires special privileges
* "This function can be called only if the process is owned by the
* procmod group or if the caller is root."
* - http://developer.apple.com/documentation/MacOSX/Conceptual/universal_binary/universal_binary_tips/chapter_5_section_19.html
*/
err = task_for_pid(mach_task_self(), pid, &task);
if ( err == KERN_SUCCESS) {
info_count = TASK_BASIC_INFO_COUNT;
err = task_info(task, TASK_BASIC_INFO, (task_info_t)&tasks_info, &info_count);
if (err != KERN_SUCCESS) {
// errcode 4 is "invalid argument" (access denied)
if (err == 4) {
return AccessDenied();
}
// otherwise throw a runtime error with appropriate error code
return PyErr_Format(PyExc_RuntimeError,
"task_info(TASK_BASIC_INFO) failed");
}
err = task_threads(task, &thread_list, &thread_count);
if (err == KERN_SUCCESS) {
ret = vm_deallocate(task, (vm_address_t)thread_list,
thread_count * sizeof(int));
if (ret != KERN_SUCCESS) {
printf("vm_deallocate() failed\n");
}
return Py_BuildValue("l", (long)thread_count);
}
else {
return PyErr_Format(PyExc_RuntimeError, "task_thread() failed");
}
}
else {
if (! pid_exists(pid) ) {
return NoSuchProcess();
}
// pid exists, so return AccessDenied error since task_for_pid() failed
return AccessDenied();
}
return NULL;
}
static RIODesc *__open(RIO *io, const char *file, int rw, int mode) {
int pid = getpid ();
self_sections_count = 0;
#if __APPLE__
mach_port_t task;
kern_return_t rc;
rc = task_for_pid (mach_task_self(),pid, &task);
if (rc) {
eprintf ("task_for_pid failed\n");
return NULL;
}
macosx_debug_regions (task, (void*)(size_t)1, 1000);
io->va = R_TRUE; // nop
return r_io_desc_new (&r_io_plugin_self,
pid, file, rw, mode, NULL);
#elif __linux__
char *pos_c;
char null[64];
char path[1024], line[1024];
char region[100], region2[100], perms[5];
snprintf (path, sizeof (path)-1, "/proc/%d/maps", pid);
FILE *fd = fopen (file, "r");
if (!fd)
return NULL;
while (!feof (fd)) {
line[0]='\0';
fgets (line, sizeof (line)-1, fd);
if (line[0]=='\0')
break;
path[0]='\0';
sscanf (line, "%s %s %s %s %s %s",
®ion[2], perms, null, null, null, path);
pos_c = strchr (®ion[2], '-');
if (pos_c) strncpy (path, pos_c, sizeof (path)-1);
else path[0] = 0;
int i, perm = 0;
for (i = 0; perms[i] && i < 4; i++)
switch (perms[i]) {
case 'r': perm |= R_IO_READ; break;
case 'w': perm |= R_IO_WRITE; break;
case 'x': perm |= R_IO_EXEC; break;
}
self_sections[self_sections_count].from = r_num_get (NULL, region);
self_sections[self_sections_count].to = r_num_get (NULL, region2);
self_sections[self_sections_count].perm = perm;
self_sections_count++;
r_num_get (NULL, region2);
if (!pos_c)
continue;
}
return r_io_desc_new (&r_io_plugin_self,
pid, file, rw, mode, NULL);
#else
#warning not yet implemented for this platform
#endif
return NULL;
}
static gint64
get_pid_status_item (int pid, const char *item, MonoProcessError *error, int multiplier)
{
#if defined(__APPLE__)
// ignore the multiplier
gint64 ret;
task_t task;
struct task_basic_info t_info;
mach_msg_type_number_t th_count = TASK_BASIC_INFO_COUNT;
kern_return_t mach_ret;
if (pid == getpid ()) {
/* task_for_pid () doesn't work on ios, even for the current process */
task = mach_task_self ();
} else {
do {
mach_ret = task_for_pid (mach_task_self (), pid, &task);
} while (mach_ret == KERN_ABORTED);
if (mach_ret != KERN_SUCCESS)
RET_ERROR (MONO_PROCESS_ERROR_NOT_FOUND);
}
do {
mach_ret = task_info (task, TASK_BASIC_INFO, (task_info_t)&t_info, &th_count);
} while (mach_ret == KERN_ABORTED);
if (mach_ret != KERN_SUCCESS) {
if (pid != getpid ())
mach_port_deallocate (mach_task_self (), task);
RET_ERROR (MONO_PROCESS_ERROR_OTHER);
}
if (strcmp (item, "VmRSS") == 0 || strcmp (item, "VmHWM") == 0 || strcmp (item, "VmData") == 0)
ret = t_info.resident_size;
else if (strcmp (item, "VmSize") == 0 || strcmp (item, "VmPeak") == 0)
ret = t_info.virtual_size;
else if (strcmp (item, "Threads") == 0)
ret = th_count;
else
ret = 0;
if (pid != getpid ())
mach_port_deallocate (mach_task_self (), task);
return ret;
#else
char buf [64];
char *s;
s = get_pid_status_item_buf (pid, item, buf, sizeof (buf), error);
if (s)
return ((gint64) atol (s)) * multiplier;
return 0;
#endif
}
static mach_port_t
gum_kernel_do_init (void)
{
mach_port_t task = MACH_PORT_NULL;
task_for_pid (mach_task_self (), 0, &task);
return task;
}
size_t mem_rss_size()
{
task_t task = MACH_PORT_NULL;
struct task_basic_info t_info;
mach_msg_type_number_t t_info_count = TASK_BASIC_INFO_COUNT;
if (task_for_pid(current_task(), getpid(), &task) != KERN_SUCCESS)
return 0;
task_info(task, TASK_BASIC_INFO, (task_info_t) &t_info, &t_info_count);
return t_info.resident_size;
}
Boolean
SCDynamicStoreNotifySignal(SCDynamicStoreRef store, pid_t pid, int sig)
{
SCDynamicStorePrivateRef storePrivate = (SCDynamicStorePrivateRef)store;
kern_return_t status;
int sc_status;
task_t task;
if (store == NULL) {
/* sorry, you must provide a session */
_SCErrorSet(kSCStatusNoStoreSession);
return FALSE;
}
if (storePrivate->server == MACH_PORT_NULL) {
/* sorry, you must have an open session to play */
_SCErrorSet(kSCStatusNoStoreServer);
return FALSE;
}
if (storePrivate->notifyStatus != NotifierNotRegistered) {
/* sorry, you can only have one notification registered at once */
_SCErrorSet(kSCStatusNotifierActive);
return FALSE;
}
status = task_for_pid(mach_task_self(), pid, &task);
if (status != KERN_SUCCESS) {
SC_log(LOG_ERR, "task_for_pid() failed: %s", mach_error_string(status));
_SCErrorSet(status);
return FALSE;
}
retry :
status = notifyviasignal(storePrivate->server, task, sig, (int *)&sc_status);
if (__SCDynamicStoreCheckRetryAndHandleError(store,
status,
&sc_status,
"SCDynamicStoreNotifySignal notifyviasignal()")) {
goto retry;
}
if (status != KERN_SUCCESS) {
_SCErrorSet(status);
return FALSE;
}
/* set notifier active */
storePrivate->notifyStatus = Using_NotifierInformViaSignal;
return TRUE;
}
int _yr_process_attach(
int pid,
YR_PROC_ITERATOR_CTX* context)
{
kern_return_t kr = task_for_pid(mach_task_self(), pid, &context->task);
if (kr != KERN_SUCCESS)
return ERROR_COULD_NOT_ATTACH_TO_PROCESS;
return ERROR_SUCCESS;
}
mach_port_t get_task(pid_t infoPid) {
kern_return_t kret;
mach_port_t task;
DEBUG_PRINT("[+getstate] Trying pid %d\n", infoPid);
kret = task_for_pid(current_task(), infoPid, &task);
RETURN_ON_MACH_ERROR("[-get_state] task_for_pid failed", kret);
return task;
}
int main() {
kern_return_t kern_return;
mach_port_t task;
int pid = 0;
printf("Enter PID to look-up: ");
scanf("%d", &pid);
// Need to run this program as root (i.e. sudo) in order for this to work
kern_return = task_for_pid(mach_task_self(), pid, &task);
if (kern_return != KERN_SUCCESS)
{
printf("task_for_pid() failed, error %d - %s\n", kern_return, mach_error_string(kern_return));
exit(1);
}
kern_return_t kret;
vm_region_basic_info_data_t info;
vm_size_t size;
mach_port_t object_name;
mach_msg_type_number_t count;
vm_address_t firstRegionBegin;
vm_address_t lastRegionEnd;
vm_size_t fullSize;
count = VM_REGION_BASIC_INFO_COUNT_64;
mach_vm_address_t address = 1;
int regionCount = 0;
int flag = 0;
while (flag == 0)
{
//Attempts to get the region info for given task
kret = mach_vm_region(task, &address, &size, VM_REGION_BASIC_INFO, (vm_region_info_t) &info, &count, &object_name);
if (kret == KERN_SUCCESS)
{
if (regionCount == 0)
{
firstRegionBegin = address;
regionCount += 1;
}
fullSize += size;
address += size;
}
else
flag = 1;
}
lastRegionEnd = address;
printf("Base Address: %p\n",(void *) (uintptr_t)firstRegionBegin);
printf("lastRegionEnd: %lu\n",lastRegionEnd);
printf("fullSize: %lu\n",fullSize);
return 0;
}
static struct task_and_pid launchTest(const char* testProgPath, bool launchOtherArch, bool launchSuspended)
{
posix_spawnattr_t attr = 0;
if ( posix_spawnattr_init(&attr) != 0 ) {
printf("[FAIL] dyld_process_info posix_spawnattr_init()\n");
exit(0);
}
if ( launchSuspended ) {
if ( posix_spawnattr_setflags(&attr, POSIX_SPAWN_START_SUSPENDED) != 0 ) {
printf("[FAIL] dyld_process_info POSIX_SPAWN_START_SUSPENDED\n");
exit(0);
}
}
if ( launchOtherArch ) {
size_t copied;
if ( posix_spawnattr_setbinpref_np(&attr, 1, otherArch, &copied) != 0 ) {
printf("[FAIL] dyld_process_info posix_spawnattr_setbinpref_np()\n");
exit(0);
}
}
struct task_and_pid child = {0, 0};
const char* argv[] = { testProgPath, NULL };
int psResult = posix_spawn(&child.pid, testProgPath, NULL, &attr, (char**)argv, environ);
if ( psResult != 0 ) {
printf("[FAIL] dyld_process_info posix_spawn(%s) failed, err=%d\n", testProgPath, psResult);
exit(0);
}
if (posix_spawnattr_destroy(&attr) != 0) {
printf("[FAIL] dyld_process_info posix_spawnattr_destroy()\n");
exit(0);
}
if ( task_for_pid(mach_task_self(), child.pid, &child.task) != KERN_SUCCESS ) {
printf("[FAIL] dyld_process_info task_for_pid()\n");
kill(child.pid, SIGKILL);
exit(0);
}
#if __x86_64__
//printf("child pid=%d task=%d (%s, %s)\n", child.pid, child.task, launchOtherArch ? "i386" : "x86_64", launchSuspended ? "suspended" : "active");
#endif
// wait until process is up and has suspended itself
struct task_basic_info info;
do {
unsigned count = TASK_BASIC_INFO_COUNT;
kern_return_t kr = task_info(child.task, TASK_BASIC_INFO, (task_info_t)&info, &count);
sleep(1);
} while ( info.suspend_count == 0 );
return child;
}
static task_t pid_to_task(int pid) {
task_t task = 0;
int err = task_for_pid (mach_task_self (), (pid_t)pid, &task);
if ((err != KERN_SUCCESS) || !MACH_PORT_VALID (task)) {
eprintf ("Failed to get task %d for pid %d.\n", (int)task, (int)pid);
eprintf ("Reason: 0x%x: %s\n", err, MACH_ERROR_STRING (err));
eprintf ("You probably need to add user to procmod group.\n"
" Or chmod g+s radare && chown root:procmod radare\n");
eprintf ("FMI: http://developer.apple.com/documentation/Darwin/Reference/ManPages/man8/taskgated.8.html\n");
return -1;
}
return task;
}
int main(void)
{
mach_port_t port;
if (task_for_pid(mach_task_self(), 0, &port))
{
printf("[ERRROR] Can't get task_for_pid() for kernel task!\n");
}
else
{
printf("[INFO] task_for_pid(0) works!\n");
}
return 0;
}
void genProcessMemoryMap(int pid, QueryData& results, bool exe_only = false) {
mach_port_t task = MACH_PORT_NULL;
kern_return_t status = task_for_pid(mach_task_self(), pid, &task);
if (status != KERN_SUCCESS) {
// Cannot request memory map for pid (permissions, invalid).
return;
}
// Create a map of library paths from the dyld cache.
std::map<vm_address_t, std::string> libraries;
if (!exe_only) {
genProcessLibraries(task, libraries);
}
// Use address offset (starting at 0) to count memory maps.
vm_address_t address = 0;
size_t map_count = 0;
uint32_t depth = 0;
while (map_count++ < MAX_MEMORY_MAPS) {
struct vm_region_submap_info_64 info;
mach_msg_type_number_t count = VM_REGION_SUBMAP_INFO_COUNT_64;
vm_size_t size = 0;
status = vm_region_recurse_64(
task, &address, &size, &depth, (vm_region_info_64_t)&info, &count);
if (status == KERN_INVALID_ADDRESS) {
// Reached the end of the memory map.
break;
}
if (info.is_submap) {
// A submap increments the depth search to vm_region_recurse.
// Use the same address to continue a recursive search within the region.
depth++;
continue;
}
genMemoryRegion(pid, address, size, info, libraries, results);
if (exe_only) {
break;
}
address += size;
}
if (task != MACH_PORT_NULL) {
mach_port_deallocate(mach_task_self(), task);
}
}
task_t
getport(pid_t pid)
{
if(our_port == -1)
{
task_t port;
if(task_for_pid(mach_task_self(), pid, &port))
{
//fprintf(stderr, "Cannot get port, are you root?\n");
return -1;
}
our_port = port;
}
return our_port;
}
mach_port_t get_task_by_pid(int pid)
{
mach_port_t task;
kern_return_t rc;
rc = task_for_pid(mach_task_self(), pid, &task);
if (rc)
{
fprintf (stderr, "task_for_pid() failed with error %d - %s\n", rc, mach_error_string(rc));
exit(1);
}
printf ("RC %d - Task: %d\n", rc, task);
return task;
}
int main(int argc, char** argv){
mach_port_t task;
int infoPid;
if(argc < 2){
printf("USAGE [pid]\n");
exit(-1);
}
infoPid = atoi(argv[1]);
task_for_pid(current_task(), infoPid, &task);
printf("Base Address: 0x%lx\n", get_base_address(task));
}
int fpm_trace_ready(pid_t pid) /* {{{ */
{
kern_return_t kr;
kr = task_for_pid(mach_task_self(), pid, &target);
if (kr != KERN_SUCCESS) {
char *msg = "";
if (kr == KERN_FAILURE) {
msg = " It seems that master process does not have enough privileges to trace processes.";
}
zlog(ZLOG_ERROR, "task_for_pid() failed: %s (%d)%s", mach_error_string(kr), kr, msg);
return -1;
}
return 0;
}
static task_t pid_to_task(RIODesc *fd, int pid) {
task_t task = 0;
static task_t old_task = 0;
static int old_pid = -1;
kern_return_t kr;
RIODescData *iodd = fd? (RIODescData *)fd->data: NULL;
RIOMach *riom = NULL;
if (iodd) {
riom = iodd->data;
if (riom && riom->task) {
old_task = riom->task;
riom->task = 0;
old_pid = iodd->pid;
}
}
if (old_task != 0) {
if (old_pid == pid) {
return old_task;
}
//we changed the process pid so deallocate a ref from the old_task
//since we are going to get a new task
kr = mach_port_deallocate (mach_task_self (), old_task);
if (kr != KERN_SUCCESS) {
eprintf ("pid_to_task: fail to deallocate port\n");
return 0;
}
}
int err = task_for_pid (mach_task_self (), (pid_t)pid, &task);
if ((err != KERN_SUCCESS) || !MACH_PORT_VALID (task)) {
task = task_for_pid_workaround (pid);
if (task == MACH_PORT_NULL) {
task = task_for_pid_ios9pangu (pid);
if (task != MACH_PORT_NULL) {
//eprintf ("Failed to get task %d for pid %d.\n", (int)task, (int)pid);
//eprintf ("Missing priviledges? 0x%x: %s\n", err, MACH_ERROR_STRING (err));
return -1;
}
}
}
old_task = task;
old_pid = pid;
return task;
}
