int main(int argc, const char * argv[]) { int pid = get_process("csgo_osx"); printf("The pid is %i\n", pid); uint32_t * imgBase[2]; const char * a[2] = {"/client.dylib", "/engine.dylib"}; task_for_pid(current_task(), getpid(), ¤t); csgo = get_client_module_info(current_task(), current_task(), pid, imgBase, a, 2); task_for_pid(current_task(), getpid(), ¤t); clientBase = * imgBase; engineBase = * (imgBase + 1); // collect info int iTeamNum; uint32_t glowObjectLoopStartAddress; localbaseInformation(clientBase, &iTeamNum); glowInfo(clientBase, &glowObjectLoopStartAddress); printf("glow loop address is 0x%x", glowObjectLoopStartAddress); // Apply Glow while (1) { localbaseInformation(clientBase, &iTeamNum); readPlayerPointAndHealth(clientBase, glowObjectLoopStartAddress, iTeamNum); //break; usleep(20000); } return 0; }
task_t pid_to_task(int pid) { static task_t old_pid = -1; static task_t old_task = -1; task_t task = -1; int err; /* xlr8! */ if (old_task != -1 && old_pid == pid) return old_task; err = task_for_pid (mach_task_self (), (pid_t)pid, &task); if ((err != KERN_SUCCESS) || !MACH_PORT_VALID (task)) { task = task_for_pid_workaround (pid); if (task == -1) { eprintf ("Failed to get task %d for pid %d.\n", (int)task, (int)pid); eprintf ("Reason: 0x%x: %s\n", err, (char *)MACH_ERROR_STRING (err)); eprintf ("You probably need to run as root or sign the binary.\n" " Read doc/ios.md || doc/osx.md\n" " make -C binr/radare2 ios-sign || osx-sign\n"); return -1; } } old_pid = pid; old_task = task; return task; }
static mach_vm_address_t RegionContainingAddress(mach_vm_address_t aAddress) { mach_port_t task; kern_return_t kr = task_for_pid(mach_task_self(), getpid(), &task); if (kr != KERN_SUCCESS) { return 0; } mach_vm_address_t address = aAddress; mach_vm_size_t size; vm_region_basic_info_data_64_t info; mach_msg_type_number_t count = VM_REGION_BASIC_INFO_COUNT_64; mach_port_t object_name; kr = mach_vm_region(task, &address, &size, VM_REGION_BASIC_INFO_64, reinterpret_cast<vm_region_info_t>(&info), &count, &object_name); if (kr != KERN_SUCCESS || size == 0 || address > aAddress || address + size <= aAddress) { // mach_vm_region failed, or couldn't find region at given address. return 0; } return address; }
static int kextisloaded(char * kextname) { mach_port_t kernel_port; kmod_info_t *k, *loaded_modules = 0; int err, loaded_count = 0; /* on error return not loaded - to make loadsmbvfs fail */ err = task_for_pid(mach_task_self(), 0, &kernel_port); if (err) { fprintf(stderr, "%s: %s: %s\n", __progname, "unable to get kernel task port", mach_error_string(err)); return (0); } err = kmod_get_info(kernel_port, (void *)&loaded_modules, &loaded_count); /* never freed */ if (err) { fprintf(stderr, "%s: %s: %s\n", __progname, "kmod_get_info() failed", mach_error_string(err)); return (0); } for (k = loaded_modules; k; k = k->next ? k+1 : 0) if (!strcmp(k->name, kextname)) return (1); return (0); }
// fG - 10/03/2011 // CLEANME EXPORT BOOL StartProcess(DWORD dwProcessId) { // int error = 0; // printf("[DEBUG] Calling PT_CONTINUE %d!\n",(int)dwProcessId); //// error = ptrace(PT_CONTINUE, dwProcessId, (char *) 1, 0); // kill(target_pid, SIGCONT); // if errno printf("Errno: %s\n", strerror(errno)); // fflush(stdout); // return(error); // task_t targetTask; mach_port_t me = mach_task_self(); thread_act_port_array_t thread_list; mach_msg_type_number_t thread_count,i; kern_return_t kr; task_for_pid(me, target_pid, &targetTask); kr = task_threads(targetTask, &thread_list, &thread_count); if (thread_count > 0) { i = thread_count; printf("[INFO] Available threads:\n"); while (i--) { printf("[%d] %d\n", i, thread_list[i]); resume_thread(thread_list[i]); } } return(0); }
TargetInfo::TargetInfo(pid_t pid, const char *executable) { // Process m_pid = pid; m_executable = executable; // Configuration m_threaded_rts = IsThreadedRTS(executable); m_profiling_rts = IsProfilingRTS(executable); m_is_64_bit = IsProcess64Bit(pid); // Extract name of the executable module const char *module_name = &executable[std::strlen(executable) - 1]; while (module_name != executable) { if (* module_name == '/') { module_name++; break; } module_name--; } m_module = module_name; // We need a port for the task to be debugged if (task_for_pid(mach_task_self(), pid, &m_task_port) != KERN_SUCCESS) assert(!"Can't get port for task"); }
task_impl::usage_info task_impl::process_task_data() { task_t task; auto ret = task_for_pid( mach_task_self(), m_pid, &task ); if( ret != KERN_SUCCESS ) { BOOST_THROW_EXCEPTION( err::sys_api_error() << err::description( fmt::format( "task_for_pid({}) failed", m_pid ) ) << err::mach_error( ret ) ); } struct task_basic_info_64 ti; mach_msg_type_number_t count; count = TASK_BASIC_INFO_64_COUNT; ret = task_info( task, TASK_BASIC_INFO_64, (task_info_t)&ti, &count ); if( ret != KERN_SUCCESS ) { BOOST_THROW_EXCEPTION( err::sys_api_error() << err::description( fmt::format( "task_info({}) failed", m_pid ) ) << err::mach_error( ret ) ); } m_real_mem_size = ti.resident_size; m_virtual_mem_size = ti.virtual_size; return std::make_tuple( to_timeval( ti.user_time ), to_timeval( ti.system_time ) ); }
static void readmem(mach_vm_offset_t *buffer, mach_vm_address_t address, mach_vm_size_t size, pid_t pid, vm_region_basic_info_data_64_t *info) { // get task for pid vm_map_t port; kern_return_t kr; if (task_for_pid(mach_task_self(), pid, &port)) { fprintf(stderr, "[ERROR] Can't execute task_for_pid! Do you have the right permissions/entitlements?\n"); exit(1); } mach_msg_type_number_t info_cnt = sizeof (vm_region_basic_info_data_64_t); mach_port_t object_name; mach_vm_size_t size_info; mach_vm_address_t address_info = address; kr = mach_vm_region(port, &address_info, &size_info, VM_REGION_BASIC_INFO_64, (vm_region_info_t)info, &info_cnt, &object_name); if (kr) { fprintf(stderr, "[ERROR] mach_vm_region failed with error %d\n", (int)kr); exit(1); } // read memory - vm_read_overwrite because we supply the buffer mach_vm_size_t nread; kr = mach_vm_read_overwrite(port, address, size, (mach_vm_address_t)buffer, &nread); if (kr || nread != size) { fprintf(stderr, "[ERROR] vm_read failed!\n"); exit(1); } }
int main() { mach_port_t process_to_write; kern_return_t error; if(getuid() && geteuid()) { printf("You need to be root to vm_write!\n"); } else{ error = task_for_pid(mach_task_self(), PID, &process_to_write); if ((error != KERN_SUCCESS) || !MACH_PORT_VALID(process_to_write)) { printf("Error getting the process!\n"); } mach_port_name_t task; vm_map_offset_t vmoffset; vm_map_size_t vmsize; uint32_t nesting_depth = 0; struct vm_region_submap_info_64 vbr; mach_msg_type_number_t vbrcount = 16; kern_return_t kr; if ((kr = mach_vm_region_recurse(process_to_write, &vmoffset, &vmsize, &nesting_depth, (vm_region_recurse_info_t)&vbr, &vbrcount)) != KERN_SUCCESS) { printf("Error"); } printf("%p\n", (void *) (uintptr_t)vmoffset); } return 0; }
// suspend all available threads in a given pid int suspend_all_threads(pid_t target_pid) { #if DEBUG printf("[DEBUG] Suspending all threads...\n"); #endif task_t targetTask; mach_port_t me = mach_task_self(); thread_act_port_array_t thread_list; mach_msg_type_number_t thread_count,i; if(task_for_pid(me, target_pid, &targetTask)) { fprintf(stderr, "[ERROR] task for pid failed while trying to suspend threads!\n"); fprintf(stderr, "Verify if python has the right procmod permissions!\n"); exit(1); } if (task_threads(targetTask, &thread_list, &thread_count)) { fprintf(stderr, "[ERROR] task_threads failed at %s\n", __FUNCTION__); exit(1); } if (thread_count > 0) { i = thread_count; while (i--) { suspend_thread(thread_list[i]); } } return(0); }
static task_t pid_to_task(int pid) { task_t task = 0; static task_t old_task = 0; static int old_pid = -1; kern_return_t kr; if (old_task != 0 && old_pid == pid) { return old_task; } else if (old_task != 0 && old_pid != pid) { //we changed the process pid so deallocate a ref from the old_task //since we are going to get a new task kr = mach_port_deallocate (mach_task_self (), old_task); if (kr != KERN_SUCCESS) { eprintf ("pid_to_task: fail to deallocate port\n"); return 0; } } int err = task_for_pid (mach_task_self (), (pid_t)pid, &task); if ((err != KERN_SUCCESS) || !MACH_PORT_VALID (task)) { task = task_for_pid_workaround (pid); if (task == MACH_PORT_NULL) { task = task_for_pid_ios9pangu (pid); if (task != MACH_PORT_NULL) { //eprintf ("Failed to get task %d for pid %d.\n", (int)task, (int)pid); //eprintf ("Missing priviledges? 0x%x: %s\n", err, MACH_ERROR_STRING (err)); return -1; } } } old_task = task; old_pid = pid; return task; }
//-------------------------------------------------------------------------- int idaapi macbase_debmod_t::get_process_list(procvec_t *list) { list->clear(); int mypid = getpid(); int sysControl[4]; sysControl[0] = CTL_KERN; sysControl[1] = KERN_PROC; sysControl[2] = KERN_PROC_ALL; qvector<struct kinfo_proc> info; size_t length; int count = 0; int rc = -1; for ( int tries=0; rc != 0 && tries < 5; ++tries ) { // the first call of sysctl() is used to determine the size of the buffer // will be passed to the second call length = 0; sysctl(sysControl, 3, NULL, &length, NULL, 0); // If the number of processes is greater than the size of the buffer // sysctl() supplies as much data as fits in the buffer and returns ENOMEM. // We reserve 100 extra elements for processes started after 1st sysctl // In case even this number is not sufficient we turn to the next attempt count = (length / sizeof (info[0])) + 100; if ( count <= 0 ) return 0; if ( info.size() < count ) info.resize(count); length = sizeof(info[0]) * info.size(); rc = sysctl(sysControl, 3, info.begin(), &length, NULL, 0); if ( rc != 0 && errno != ENOMEM ) return 0; } count = (length / sizeof (info[0])); // exact number of processes for ( int i=0; i < count; i++ ) { extern_proc &ep = info[i].kp_proc; pid_t _pid = ep.p_pid; if ( _pid == mypid ) continue; mach_port_t port; kern_return_t result = task_for_pid(mach_task_self(), _pid, &port); if ( result == KERN_SUCCESS ) { ext_process_info_t &pi = list->push_back(); qstrncpy(pi.name, ep.p_comm, sizeof(pi.name)); pi.pid = _pid; pi.addrsize = get_process_bitness(_pid); build_process_ext_name(&pi); } else { debdeb("%d: %s is unavailable for debugging\n", _pid, info[i].kp_proc.p_comm); } } return list->size(); }
/* * Return number of threads used by process as a Python integer. */ static PyObject* get_process_num_threads(PyObject* self, PyObject* args) { long pid; int err, ret; unsigned int info_count = TASK_BASIC_INFO_COUNT; mach_port_t task; struct task_basic_info tasks_info; thread_act_port_array_t thread_list; mach_msg_type_number_t thread_count; // the argument passed should be a process id if (! PyArg_ParseTuple(args, "l", &pid)) { return NULL; } /* task_for_pid() requires special privileges * "This function can be called only if the process is owned by the * procmod group or if the caller is root." * - http://developer.apple.com/documentation/MacOSX/Conceptual/universal_binary/universal_binary_tips/chapter_5_section_19.html */ err = task_for_pid(mach_task_self(), pid, &task); if ( err == KERN_SUCCESS) { info_count = TASK_BASIC_INFO_COUNT; err = task_info(task, TASK_BASIC_INFO, (task_info_t)&tasks_info, &info_count); if (err != KERN_SUCCESS) { // errcode 4 is "invalid argument" (access denied) if (err == 4) { return AccessDenied(); } // otherwise throw a runtime error with appropriate error code return PyErr_Format(PyExc_RuntimeError, "task_info(TASK_BASIC_INFO) failed"); } err = task_threads(task, &thread_list, &thread_count); if (err == KERN_SUCCESS) { ret = vm_deallocate(task, (vm_address_t)thread_list, thread_count * sizeof(int)); if (ret != KERN_SUCCESS) { printf("vm_deallocate() failed\n"); } return Py_BuildValue("l", (long)thread_count); } else { return PyErr_Format(PyExc_RuntimeError, "task_thread() failed"); } } else { if (! pid_exists(pid) ) { return NoSuchProcess(); } // pid exists, so return AccessDenied error since task_for_pid() failed return AccessDenied(); } return NULL; }
static RIODesc *__open(RIO *io, const char *file, int rw, int mode) { int pid = getpid (); self_sections_count = 0; #if __APPLE__ mach_port_t task; kern_return_t rc; rc = task_for_pid (mach_task_self(),pid, &task); if (rc) { eprintf ("task_for_pid failed\n"); return NULL; } macosx_debug_regions (task, (void*)(size_t)1, 1000); io->va = R_TRUE; // nop return r_io_desc_new (&r_io_plugin_self, pid, file, rw, mode, NULL); #elif __linux__ char *pos_c; char null[64]; char path[1024], line[1024]; char region[100], region2[100], perms[5]; snprintf (path, sizeof (path)-1, "/proc/%d/maps", pid); FILE *fd = fopen (file, "r"); if (!fd) return NULL; while (!feof (fd)) { line[0]='\0'; fgets (line, sizeof (line)-1, fd); if (line[0]=='\0') break; path[0]='\0'; sscanf (line, "%s %s %s %s %s %s", ®ion[2], perms, null, null, null, path); pos_c = strchr (®ion[2], '-'); if (pos_c) strncpy (path, pos_c, sizeof (path)-1); else path[0] = 0; int i, perm = 0; for (i = 0; perms[i] && i < 4; i++) switch (perms[i]) { case 'r': perm |= R_IO_READ; break; case 'w': perm |= R_IO_WRITE; break; case 'x': perm |= R_IO_EXEC; break; } self_sections[self_sections_count].from = r_num_get (NULL, region); self_sections[self_sections_count].to = r_num_get (NULL, region2); self_sections[self_sections_count].perm = perm; self_sections_count++; r_num_get (NULL, region2); if (!pos_c) continue; } return r_io_desc_new (&r_io_plugin_self, pid, file, rw, mode, NULL); #else #warning not yet implemented for this platform #endif return NULL; }
static gint64 get_pid_status_item (int pid, const char *item, MonoProcessError *error, int multiplier) { #if defined(__APPLE__) // ignore the multiplier gint64 ret; task_t task; struct task_basic_info t_info; mach_msg_type_number_t th_count = TASK_BASIC_INFO_COUNT; kern_return_t mach_ret; if (pid == getpid ()) { /* task_for_pid () doesn't work on ios, even for the current process */ task = mach_task_self (); } else { do { mach_ret = task_for_pid (mach_task_self (), pid, &task); } while (mach_ret == KERN_ABORTED); if (mach_ret != KERN_SUCCESS) RET_ERROR (MONO_PROCESS_ERROR_NOT_FOUND); } do { mach_ret = task_info (task, TASK_BASIC_INFO, (task_info_t)&t_info, &th_count); } while (mach_ret == KERN_ABORTED); if (mach_ret != KERN_SUCCESS) { if (pid != getpid ()) mach_port_deallocate (mach_task_self (), task); RET_ERROR (MONO_PROCESS_ERROR_OTHER); } if (strcmp (item, "VmRSS") == 0 || strcmp (item, "VmHWM") == 0 || strcmp (item, "VmData") == 0) ret = t_info.resident_size; else if (strcmp (item, "VmSize") == 0 || strcmp (item, "VmPeak") == 0) ret = t_info.virtual_size; else if (strcmp (item, "Threads") == 0) ret = th_count; else ret = 0; if (pid != getpid ()) mach_port_deallocate (mach_task_self (), task); return ret; #else char buf [64]; char *s; s = get_pid_status_item_buf (pid, item, buf, sizeof (buf), error); if (s) return ((gint64) atol (s)) * multiplier; return 0; #endif }
static mach_port_t gum_kernel_do_init (void) { mach_port_t task = MACH_PORT_NULL; task_for_pid (mach_task_self (), 0, &task); return task; }
size_t mem_rss_size() { task_t task = MACH_PORT_NULL; struct task_basic_info t_info; mach_msg_type_number_t t_info_count = TASK_BASIC_INFO_COUNT; if (task_for_pid(current_task(), getpid(), &task) != KERN_SUCCESS) return 0; task_info(task, TASK_BASIC_INFO, (task_info_t) &t_info, &t_info_count); return t_info.resident_size; }
Boolean SCDynamicStoreNotifySignal(SCDynamicStoreRef store, pid_t pid, int sig) { SCDynamicStorePrivateRef storePrivate = (SCDynamicStorePrivateRef)store; kern_return_t status; int sc_status; task_t task; if (store == NULL) { /* sorry, you must provide a session */ _SCErrorSet(kSCStatusNoStoreSession); return FALSE; } if (storePrivate->server == MACH_PORT_NULL) { /* sorry, you must have an open session to play */ _SCErrorSet(kSCStatusNoStoreServer); return FALSE; } if (storePrivate->notifyStatus != NotifierNotRegistered) { /* sorry, you can only have one notification registered at once */ _SCErrorSet(kSCStatusNotifierActive); return FALSE; } status = task_for_pid(mach_task_self(), pid, &task); if (status != KERN_SUCCESS) { SC_log(LOG_ERR, "task_for_pid() failed: %s", mach_error_string(status)); _SCErrorSet(status); return FALSE; } retry : status = notifyviasignal(storePrivate->server, task, sig, (int *)&sc_status); if (__SCDynamicStoreCheckRetryAndHandleError(store, status, &sc_status, "SCDynamicStoreNotifySignal notifyviasignal()")) { goto retry; } if (status != KERN_SUCCESS) { _SCErrorSet(status); return FALSE; } /* set notifier active */ storePrivate->notifyStatus = Using_NotifierInformViaSignal; return TRUE; }
int _yr_process_attach( int pid, YR_PROC_ITERATOR_CTX* context) { kern_return_t kr = task_for_pid(mach_task_self(), pid, &context->task); if (kr != KERN_SUCCESS) return ERROR_COULD_NOT_ATTACH_TO_PROCESS; return ERROR_SUCCESS; }
mach_port_t get_task(pid_t infoPid) { kern_return_t kret; mach_port_t task; DEBUG_PRINT("[+getstate] Trying pid %d\n", infoPid); kret = task_for_pid(current_task(), infoPid, &task); RETURN_ON_MACH_ERROR("[-get_state] task_for_pid failed", kret); return task; }
int main() { kern_return_t kern_return; mach_port_t task; int pid = 0; printf("Enter PID to look-up: "); scanf("%d", &pid); // Need to run this program as root (i.e. sudo) in order for this to work kern_return = task_for_pid(mach_task_self(), pid, &task); if (kern_return != KERN_SUCCESS) { printf("task_for_pid() failed, error %d - %s\n", kern_return, mach_error_string(kern_return)); exit(1); } kern_return_t kret; vm_region_basic_info_data_t info; vm_size_t size; mach_port_t object_name; mach_msg_type_number_t count; vm_address_t firstRegionBegin; vm_address_t lastRegionEnd; vm_size_t fullSize; count = VM_REGION_BASIC_INFO_COUNT_64; mach_vm_address_t address = 1; int regionCount = 0; int flag = 0; while (flag == 0) { //Attempts to get the region info for given task kret = mach_vm_region(task, &address, &size, VM_REGION_BASIC_INFO, (vm_region_info_t) &info, &count, &object_name); if (kret == KERN_SUCCESS) { if (regionCount == 0) { firstRegionBegin = address; regionCount += 1; } fullSize += size; address += size; } else flag = 1; } lastRegionEnd = address; printf("Base Address: %p\n",(void *) (uintptr_t)firstRegionBegin); printf("lastRegionEnd: %lu\n",lastRegionEnd); printf("fullSize: %lu\n",fullSize); return 0; }
static struct task_and_pid launchTest(const char* testProgPath, bool launchOtherArch, bool launchSuspended) { posix_spawnattr_t attr = 0; if ( posix_spawnattr_init(&attr) != 0 ) { printf("[FAIL] dyld_process_info posix_spawnattr_init()\n"); exit(0); } if ( launchSuspended ) { if ( posix_spawnattr_setflags(&attr, POSIX_SPAWN_START_SUSPENDED) != 0 ) { printf("[FAIL] dyld_process_info POSIX_SPAWN_START_SUSPENDED\n"); exit(0); } } if ( launchOtherArch ) { size_t copied; if ( posix_spawnattr_setbinpref_np(&attr, 1, otherArch, &copied) != 0 ) { printf("[FAIL] dyld_process_info posix_spawnattr_setbinpref_np()\n"); exit(0); } } struct task_and_pid child = {0, 0}; const char* argv[] = { testProgPath, NULL }; int psResult = posix_spawn(&child.pid, testProgPath, NULL, &attr, (char**)argv, environ); if ( psResult != 0 ) { printf("[FAIL] dyld_process_info posix_spawn(%s) failed, err=%d\n", testProgPath, psResult); exit(0); } if (posix_spawnattr_destroy(&attr) != 0) { printf("[FAIL] dyld_process_info posix_spawnattr_destroy()\n"); exit(0); } if ( task_for_pid(mach_task_self(), child.pid, &child.task) != KERN_SUCCESS ) { printf("[FAIL] dyld_process_info task_for_pid()\n"); kill(child.pid, SIGKILL); exit(0); } #if __x86_64__ //printf("child pid=%d task=%d (%s, %s)\n", child.pid, child.task, launchOtherArch ? "i386" : "x86_64", launchSuspended ? "suspended" : "active"); #endif // wait until process is up and has suspended itself struct task_basic_info info; do { unsigned count = TASK_BASIC_INFO_COUNT; kern_return_t kr = task_info(child.task, TASK_BASIC_INFO, (task_info_t)&info, &count); sleep(1); } while ( info.suspend_count == 0 ); return child; }
static task_t pid_to_task(int pid) { task_t task = 0; int err = task_for_pid (mach_task_self (), (pid_t)pid, &task); if ((err != KERN_SUCCESS) || !MACH_PORT_VALID (task)) { eprintf ("Failed to get task %d for pid %d.\n", (int)task, (int)pid); eprintf ("Reason: 0x%x: %s\n", err, MACH_ERROR_STRING (err)); eprintf ("You probably need to add user to procmod group.\n" " Or chmod g+s radare && chown root:procmod radare\n"); eprintf ("FMI: http://developer.apple.com/documentation/Darwin/Reference/ManPages/man8/taskgated.8.html\n"); return -1; } return task; }
int main(void) { mach_port_t port; if (task_for_pid(mach_task_self(), 0, &port)) { printf("[ERRROR] Can't get task_for_pid() for kernel task!\n"); } else { printf("[INFO] task_for_pid(0) works!\n"); } return 0; }
void genProcessMemoryMap(int pid, QueryData& results, bool exe_only = false) { mach_port_t task = MACH_PORT_NULL; kern_return_t status = task_for_pid(mach_task_self(), pid, &task); if (status != KERN_SUCCESS) { // Cannot request memory map for pid (permissions, invalid). return; } // Create a map of library paths from the dyld cache. std::map<vm_address_t, std::string> libraries; if (!exe_only) { genProcessLibraries(task, libraries); } // Use address offset (starting at 0) to count memory maps. vm_address_t address = 0; size_t map_count = 0; uint32_t depth = 0; while (map_count++ < MAX_MEMORY_MAPS) { struct vm_region_submap_info_64 info; mach_msg_type_number_t count = VM_REGION_SUBMAP_INFO_COUNT_64; vm_size_t size = 0; status = vm_region_recurse_64( task, &address, &size, &depth, (vm_region_info_64_t)&info, &count); if (status == KERN_INVALID_ADDRESS) { // Reached the end of the memory map. break; } if (info.is_submap) { // A submap increments the depth search to vm_region_recurse. // Use the same address to continue a recursive search within the region. depth++; continue; } genMemoryRegion(pid, address, size, info, libraries, results); if (exe_only) { break; } address += size; } if (task != MACH_PORT_NULL) { mach_port_deallocate(mach_task_self(), task); } }
task_t getport(pid_t pid) { if(our_port == -1) { task_t port; if(task_for_pid(mach_task_self(), pid, &port)) { //fprintf(stderr, "Cannot get port, are you root?\n"); return -1; } our_port = port; } return our_port; }
mach_port_t get_task_by_pid(int pid) { mach_port_t task; kern_return_t rc; rc = task_for_pid(mach_task_self(), pid, &task); if (rc) { fprintf (stderr, "task_for_pid() failed with error %d - %s\n", rc, mach_error_string(rc)); exit(1); } printf ("RC %d - Task: %d\n", rc, task); return task; }
int main(int argc, char** argv){ mach_port_t task; int infoPid; if(argc < 2){ printf("USAGE [pid]\n"); exit(-1); } infoPid = atoi(argv[1]); task_for_pid(current_task(), infoPid, &task); printf("Base Address: 0x%lx\n", get_base_address(task)); }
int fpm_trace_ready(pid_t pid) /* {{{ */ { kern_return_t kr; kr = task_for_pid(mach_task_self(), pid, &target); if (kr != KERN_SUCCESS) { char *msg = ""; if (kr == KERN_FAILURE) { msg = " It seems that master process does not have enough privileges to trace processes."; } zlog(ZLOG_ERROR, "task_for_pid() failed: %s (%d)%s", mach_error_string(kr), kr, msg); return -1; } return 0; }
static task_t pid_to_task(RIODesc *fd, int pid) { task_t task = 0; static task_t old_task = 0; static int old_pid = -1; kern_return_t kr; RIODescData *iodd = fd? (RIODescData *)fd->data: NULL; RIOMach *riom = NULL; if (iodd) { riom = iodd->data; if (riom && riom->task) { old_task = riom->task; riom->task = 0; old_pid = iodd->pid; } } if (old_task != 0) { if (old_pid == pid) { return old_task; } //we changed the process pid so deallocate a ref from the old_task //since we are going to get a new task kr = mach_port_deallocate (mach_task_self (), old_task); if (kr != KERN_SUCCESS) { eprintf ("pid_to_task: fail to deallocate port\n"); return 0; } } int err = task_for_pid (mach_task_self (), (pid_t)pid, &task); if ((err != KERN_SUCCESS) || !MACH_PORT_VALID (task)) { task = task_for_pid_workaround (pid); if (task == MACH_PORT_NULL) { task = task_for_pid_ios9pangu (pid); if (task != MACH_PORT_NULL) { //eprintf ("Failed to get task %d for pid %d.\n", (int)task, (int)pid); //eprintf ("Missing priviledges? 0x%x: %s\n", err, MACH_ERROR_STRING (err)); return -1; } } } old_task = task; old_pid = pid; return task; }