我编写了一些代码来读取另一个进程内存。这是针对 macOS/GNU Mach 的。
#include <stdio.h>
#include <sys/types.h>
#include <mach/mach.h>
#include <mach/mach_vm.h>
int main() {
pid_t pid;
printf("PID: ");
scanf("%d", &pid);
vm_address_t address;
printf("Address: ");
scanf("%lx", &address);
vm_offset_t readMem;
vm_map_read_t task = task_for_pid(mach_task_self(), pid, &task);
mach_msg_type_number_t size = sizeof(int);
kern_return_t result = vm_read(task, address, (pointer_t)sizeof(int), &readMem, &size);
if (result) {
fprintf(stderr, "cant read, result 0x%x\n", result);
}
printf("%lu", readMem);
}
运行它并提供有效的 PID 后,它会返回 MACH_SEND_INVALID_DEST。
我知道这个答案已经晚了,但它可能对遇到同样问题的其他人有用。
问题
task_for_pid()kern_return_t我修改了您的代码以使其更加清晰,添加了一些错误检查并进行了正确的阅读。根据您所做的评论,我相信您正在尝试读取整数,因此我调整了代码以满足该需求。
#include <stdio.h>
#include <sys/types.h>
#include <mach/mach.h>
#include <mach/mach_vm.h>
#include <stdlib.h>
void check_result(kern_return_t kern_res, char * msg)
{
if (kern_res != KERN_SUCCESS) {
if (msg == NULL)
fprintf(stderr, "%s\n", mach_error_string(kern_res));
else
fprintf(stderr, "%s : %s\n", msg, mach_error_string(kern_res));
exit(1);
}
}
int main()
{
pid_t pid;
printf("PID: ");
scanf("%d", &pid);
vm_address_t address;
printf("Address: ");
scanf("%lx", &address);
kern_return_t res;
mach_port_t task_self = mach_task_self();
mach_port_t other_task;
res = task_for_pid(task_self, pid, &other_task);
check_result(res, "Error getting task");
void * data;
mach_msg_type_number_t size = sizeof(int);
vm_size_t size_to_read = (vm_size_t) sizeof(int);
res = vm_read(other_task, address, size_to_read, (vm_offset_t *) &data, &size);
check_result(res, "Error reading virtual memory");
char * char_ptr = (char *) data;
fprintf(stdout, "%d\n", (int) char_ptr[0]);
}
我测试了它,并确保它按预期工作。有任何改进请告诉我!