Menu
I've been trying to understand how to read the memory of other processes on Mac OS X, but I'm not having much luck. I've seen many examples online using ptrace with PEEKDATA and such, however it doesn't have that option on BSD [man ptrace].
int pid = fork(); if (pid > 0) { // mess around with child-process's memory } How is it possible to read from and write to the memory of another process on Mac OS X?
359
Processes cannot access other processes' memory in principle. In practice the underlying operating system usually offers this mechanism to privileged processes.
You can see the amount of system memory being used on your Mac. In the Activity Monitor app on your Mac, click Memory (or use the Touch Bar) to see the following in the bottom of the window: Memory Pressure: Graphically represents how efficiently your memory is serving your processing needs.
To read memory, you need the PROCESS_VM_READ and PROCESS_QUERY_INFORMATION rights. To write memory, you need the PROCESS_VM_WRITE and PROCESS_VM_OPERATION rights. Alternatively you could just ask for all rights with PROCESS_ALL_ACCESS , but I prefer to be precise.
With OS X Mavericks, Compressed Memory allows your Mac to free up memory space when you need it most. As your Mac approaches maximum memory capacity, OS X automatically compresses data from inactive apps, making more memory available."
Use task_for_pid() or other methods to obtain the target process’s task port. Thereafter, you can directly manipulate the process’s address space using vm_read(), vm_write(), and others.
169
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
