How do I access memory from one program in another

Question

I have a closed-source 3rd party program, and I want to be able to

• Know what memory is allocated to the program
• Access that memory (read only is fine)

Utilities like vmmap(1), heap(1), and leaks(1) seem to have similar functionality to what I need, but I can't find their source anywhere (the OS X versions) and can't figure out how they work. Preferably, this would all be done in user-space, possibly running as root, I don't want to write kernel code for the purpose of bypassing memory protection if I can avoid it.

I tried using shared memory passing the address of what I want to read as the 2nd argument to shmat(2), but this was ultimately unsuccessful (and probably not its intended usage and/or bad practice) and still left me without a way to determine what memory I'm looking for anyway (the program who owned the memory had to report its address to me).

Is there a way to just disable memory protection for a certain program so that it won't segfault when it tries to read/write memory that is allocated to a different process? Is there a better way that wouldn't enable bugs to seriously corrupt my entire system?

How is this achieved?

Answer 1

Basically, this guy is right.

Go download the source code that accompanies this book and see vm_rw_master.c of example 8-16 for a working implementation.

See http://web.mit.edu/darwin/src/modules/xnu/osfmk/man/ for documentation, it's slightly outdated, and questionably correct, but it's the best available.

EDIT: Also, see http://lightbulbone.com/2011/05/dumping-process-memory-on-mac-os-x/ (note that the task who owns memory you are trying to read does NOT need to be a child of the process trying to do the reading, you just need to have the proper authorization.)

EDIT: Also, see http://os-tres.net/blog/2010/02/17/mac-os-x-and-task-for-pid-mach-call/ for a good example of authorization.